jard

U2F on Bitwarden, in principle, doesn’t guard against attackers breaching into your accounts, as the Yubikey serves as a second factor during the authentication stage when the Bitwarden app retrieves the encrypted vault. Unless you combine a static secret from the Yubikey into the master password of the vault, an attacker could, in theory, steal your encrypted vault from the central Bit/Vaultwarden server or any device that’s already downloaded it (note that if this device is your phone, all conventional TOTP is thwarted anyways, so in general phones are the most lucrative target here.) From there, the strength of your master password becomes the only thing separating an attacker from access to all of your online accounts.

I’m not saying that it’s a bad practice and you absolutely shouldn’t do it — I do it myself, as I trust the security of Bitwarden’s servers and my devices in keeping my vault safe. The salient point here is the burden lies on online services upgrading their outdated security options to support U2F, not on us settling with an objectively inferior 2FA option because these services are too lazy and slow.

Apps can implement their own form of push notifications – most privacy-respecting ones already do. However, it’s an endeavor that’s too much effort for the average dev, so they default to using the existing FCM service instead.

I think you might be overthinking things. “Apple devices you use on a regular basis” just generically means whatever you use and plan to enable hardware 2FA for.

Maybe it’s to emphasize that you’re now going to have to use your hardware keys to regularly use Apple services on your phone, in addition to things like passwords, Face ID, etc.

In my personal experience this is blatantly untrue, because now I can’t even log into my Google/YouTube account on Librewolf anymore. I get a prompt saying “this browser may be insecure” and requesting that I use Chrome instead. This is exactly what the Web Environment Integrity API was intended for — maybe they did decide to shelve it for general use, but Google is still absolutely trying to push this bullshit for their own services.

I never had this issue for the past 2 years I’ve used Librewolf until, coincidentally, Google “decided” to “sunset” its browser DRM.

Fair enough, it’s definitely not for everyone. It’s a great learning experience though!

In that case, Joplin and something like Syncthing + Git (so that you remain in control of your data) would fit your need, since in essence you’d just be securely and privately passing around all your notes/files over a decentralized network.

If you’re comfortable with self hosting, I recommend SilverBullet: it’s a Markdown-based knowledge management solution that runs as a PWA in any modern browser. It automatically syncs to a hosted SilverBullet server during use when you have an internet connection, and otherwise can run completely offline (provided that you use a browser that supports offline PWAs)

The author of this article has pages on “the dirty tricks of conspiracy deniers” (???) and cites another site as his inspiration that purports to debunk skeptics of “conspiracies, extrasensory perception, [quantum consciousness] and life after death.” He also cites another nutjob who claims that humans are the product of chimpanzee and pig breeding.

Dude’s easily got several loose screws up there.

I don’t think many people here are genuinely interested in Apple hardware and technology; a lot of them are active in predominantly Android or Windows communities and their responses essentially boil down to “Apple bad, incremental upgrades bad, consooming bad, enshittification bad, anti repair bad” without actually understanding the topics at hand, and spew out some pretty egregious and erroneous shit as a result.

The people who do very trivial research of these topics then become easy targets as now they seem like they’re “Apple bootlickers.” Case in point: your recent comment about calibration/Asahi Linux. Or a trivial debunking of the statement that “there is enough bandwidth in 2.4GHz [Bluetooth]” attracting the negative attention of tech geeks who think they know everything. Or the complaint that “Apple is locking USB3.0 to the more expensive iPhone 15 Pro”, despite that being the result of a process they’ve been doing for years now (current gen base models have the previous gen Pro chip).

It’s sad to see for Lemmy, who I’d expect would be composed of knowledgable tech enthusiasts, but what can we really do about it when nonsense is so easy to churn out?

That’s fair, and the article doesn’t explain exactly how Elon was able to “cut off connectivity” to the drones, but regardless I think his own stance on how Starlink should be used can be reasonably interpreted as him favoring one form of traffic (‘Netflix and chill’, ‘online school’, ‘good peaceful things’) over another (‘war’, ‘drone strikes’).

Not really…? They’re probably trying to see how others integrated gym equipment into a (WFH) office space. That’s a far cry from being an odd inquiry.

I can’t hold others who shill for Google in good faith, not after what the business has been doing for years, and especially recently. They’re several orders of magnitude worse than Apple at this point.

Blind faith in a monopoly who controls the ads on almost half of all Internet websites, 70% of the browser market (and the phone OS market for that matter), basically the entirety of online video sharing, etc… is precisely why Google is able to force anti-web bullshit like attestation-based DRM. And there’s nothing we can do about it; their engineers doubled down on WEI and liken us to criminals.

Intel isn’t buying SiFive. That deal fell through almost 2 years ago.

Despite the anecdotal N=1 example, which of course can’t be reproduced and corroborated because the OP felt the need to omit the search query they used for some reason, Google results have generally been garbage for years — yes, to an extent that it becomes useless.

Hell, one of the suggestions for “google results” on Google itself is “google results are getting worse”, with lots of articles explaining why when you search it.

That fits the textbook definition of targeted ads, which is the use of personally identifying data to select who to deliver specific ads to. Google is selling not data directly, but rather the promise to advertisers that they can deliver that baking ad to the right audience (bakers who watch youtube). It’s a disguised form of indirectly selling your identity.

If you have 1st gen Airpods Pro and aren’t afraid of a little DIY, you can always do the USB-C swap.

Meh, it’s an eggs in one basket situation for me because I’m desperately waiting for more services to adopt WebAuthn. =)

You have to set the hash algorithm to SHA256 (that’s what the URI asks for.) Apparently, Google Authenticator and anything based on that ignores the algorithm parameter, causing them to generate the wrong codes anyways.

This Firefox plugin and Bitwarden’s TOTP are some authenticators that handle the URI correctly and generate the right codes.

It’s scuffed but it does work. The problem is that Lemmy hands you a TOTP Key URI directly; what you have to do is manually enter the information from that URI into an authenticator app that supports advanced parameters (you need to be able to set the issuer, hash algorithm, and secret, which are all present in the URI).

Once you do that then the authenticator app should generate the correct TOTPs, which is what I currently have with Bitwarden. Why it’s like this instead of the normal 2FA flow everyone’s used to… nobody knows.

I’ve been so scared I don’t trust protonmail either.

I mean, compared to what you’ve been dealing with before (the biggest adware company in the world) Proton is an angelic saint. You’ll be fine in their hands.