This is how I've come to understand it. I welcome any and all corrections.

Passkeys are a cryptographic key stored in a Secure Element. This is usually a private key inside a small cryptographic engine. You feed it some plaintext along with the key ID, and it encrypts it using that key. The outer software then decrypts the ciphertext using the public key. If the decrypted text matches the original plaintext, then that proves you're holding a valid private key, and authentication proceeds.

The private key can be written to and erased from the Secure Element, but never read back out. All it can do is perform operations using the secret key to prove that it is indeed holding the correct secret key.

On phones, the Secure Element is in the hardware of your handset. On PCs, this is most often the TPM (Trusted Platform Module) chip. In both cases, the platform will ask for your PC's/phone's password/fingerprint/whatever before forwarding the request to the Secure Element.

Yubikeys can also serve as a Secure Element for Passkeys; the private key is stored in the Yubikey itself. Further, the Yubikey's stored credentials may be further protected with a PIN, so even if someone steals your Yubikey, they'll still need to know the PIN before it will accept and perform authentication checks. You get eight tries with the PIN; after that, it bricks itself.

The latest series 5 Yubikeys can store up to 100 Passkeys, and Passkeys may be individually deleted when no longer needed. Older series 5 Yubikeys can store only 25 Passkeys, and can only be deleted by erasing all of them.

Theoretically, you can have multiple Passkeys for a given account (one for everyday access; others as emergency backups). Not all sites support creating these, however.

Is there some reason the write-up didn't include a link to the store?

$50 million? That is a good tee shirt budget! Like “spot something evil, report it and get a fancy tee shirt!” If it were $500mil it could be spot bonuses...

Google’s email (when I was there, I was a layoff victim ~2 years back) has something like a year long self delete policy, and anything you apply an archive tag to gets kept “forever”. So it is modestly durable. Plus of corse if Google gets sued and you or a work area you are involved in gets identified as a discoverable asset you get to be on discovery hold and all the mail gets retained until that process is over (and it can last years or decades).

Google’s chats self deleted in more like 45 to 90 days. Seldom long enough to survive into a litigation hold. The chats didn’t have an archive hold tag you could apply (one of the chat systems had a possibly accidental loophole, groups had their own retention policies settable per group, so if you had stuff you wanted to save you could make a group to discuss a document or design and set a year retention policy or whatever).

Google also quite deliberately had internal communications about “communicate with care” and pushed employees to discuss things in person and via chat and not email if it was business related as opposed to purely technical. It was very obvious we were being told to communicate anything that might be the topic of a lawsuit over chat (or in person) and never email. Durability of the messages and discoverability was mentioned. It wasn’t “do all the illegal stuff in chat”, it was “be aware that business practices can be very legally sensitive and are best conducted in person or if by electronic means in chat and never in email”, very nudge-nudge-wink-wink.

I mean nothing strictly illegal about reminding people what forms of communication work how, and all the documents had a retention policy, it just happened that the policy was generally “burn in a month and a half” which for a typical business would be very very suspicious.

To give Google a little break though with the volume of business Google use to conduct via email it is extremely different from companies that one would accuse of being shady with a 45 day burn policy: most traditional companies have “some” email, Google like many tech companies and especially tech companies where most of the management layers were ex-technical did communications relentlessly by email. At most phone companies if it would have been a phone call it would be an email chain. Meetings well, google still has way too many, but meetings got summarized in email (frequently by several people). If it happened it was probably in at least 8 if not 300 emails.

Post chat change though, things got memory holed. If it happened maybe there is an email, maybe. Likely lots of chat about it, all vanished into the mists go time (45 days back). Aruments about the 300th time a button name got changed? Chat, maybe a little email. Discussions about who a “target audience” for a product was? Absolutely in chat, never in email. Never never, never ever in email. What kind of user does a proposed feature appeal to? All chat, never email...

A vital part of alcohol production.

The problem is the shareholders want Google to be profitable. They are owners, and generally owners with the hopes that the value of the shares will go up, and they can sell at a profit.

An admission of guilt is a legal artifact that can be discovered in other lawsuits and used as a bludgeon. So having a “yeah, we totally admit we violated a whole bunch of laws” document signed by the CEO and board means Google is going to all but automatically lose lawsuits that turn on those facts. Like “please skip the guilt phase and proceed directly to the penalty phase -- how big a check do we need to write”. This is fantastic if you were impacted by some illegal behaviour of Google’s and are currently suing them and would like to skip the least certion 90% of the process and skip directly to the part where you convince judge and jury that a multibillion dollar company should write you a check big enough that they can feel it and will stop doing this to others.

It is pretty awful if you are a shareholder and absolutely don’t want Google to write any checks bing enough to notice let alone feel. You want huge profit piled into more R&D or advertising, or dividends, not the pockets of harmed parties suing Google!

So no, no way the shareholders want this at all. It isn’t a matter of letting them get away with it, it is a matter of making sure they don’t get punished in the future for it. The most reliable way to not get punished for a thing is to not do it a bunch more, and to not brag about having done it in the past, and to not get caught checking to see if the bodies are still securely buried. Google’s share holders absolutely don’t want it marching into court and yelling “I did it! I did it judge! I killed them all! It was me! It was me all along!”

Google’s shareholders are better served by a coverup and future improvements (either not being as evil in the future, or merely hiding it better). Google’s shareholders are not your ally for justice, don’t look at them to improve things for you except by accident.

Congratulations, you feckless imbeciles. You've "innovated" general software package management a mere three $(GOD)-damned decades after Redhat and Debian did it.

While you're at it, why don't you "invent" a tiling window manager that can be driven entirely from the keyboard... Oh, wait...

Honestly... Why is anyone still voluntarily giving money to these chowderheads?

OpenSSH is the best known OpenBSD project, but they also makes pf (used in pfSense, OPNSense, etc.), OpenBGP, OpenNTPD, OpenSMTPD, OpenIKED, LibreSSL, etc.

Came for this comment.

Was 'Star Wars' an American film? You'd think so.

Star Wars filiming locations

I learned a thing today (on Slashdot, no less!). Thank you very kindly.

Perhaps I'm ignorant of the underlying biology involved, but is anyone besides me having difficulty seeing how "antibodies" can be effective against hemotoxins or neurotoxins?

Sixty billion dollars?

Is there any breakdown of this figure? Even if you paid up front for 100,000 headsets, you might only get to $0.1 billion. Where did all the money go? How many prototypes did they make? Were the optics made out of DeBeers diamonds? Did they use AWS or something?

Indeed, when the first SSDs appeared, I cynically observed at the time that the only reason they existed was to make Micros~1's shitty filesystem seem faster than it was. Thus, it was no surprise when Micros~1 started heavily promoting them -- especially those weird "hybrid" drives that bolted an SSD on the side of a traditional hard drive to use as an extended cache.