HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ghancock

no profile record

comments

ghancock
·hace 2 años·discuss
It’s real but depends on the issuer. I see it with Amex but not Citibank for example.
ghancock
·hace 3 años·discuss
This isn’t the sort of thing I expect people to “get in trouble” for at the time of filing. I expect that years later, if the startup turns out to be worth something and the taxpayer is audited, the auditors will go through old paperwork and discover a very large amount of taxes they can collect.
ghancock
·hace 3 años·discuss
This was on an iPad. My experience before had been that I was able to register an iCloud passkey for Google 2SV when using Safari on iOS/iPadOS, but I was unable with Chrome.

At that time, I inspected the registration request Google sent to Chrome and found it was passing a private option that Chrome recognized. According to what I found in web searches for it, the option created a legacy U2F key, and they needed to do that because there were existing Android devices that they could not upgrade and that would not support log-in with WebAuthn keys.
ghancock
·hace 3 años·discuss
I wrote about my experience with passkey support on other services here: https://news.ycombinator.com/item?id=35758918. That experience was mostly negative. For anyone implementing this, the user experience matters and requires usability testing of a lot of combinations.

In comparison to those, Google’s support seems better. It worked, was transparent about what was going on, and gave me the option to create the key on either the device I was using or another one if I wanted. The one hitch was that when I already had a 2FA key on the same platform authenticator, it just said I already had a registered key on this device and didn’t do anything. I would have expected some sort of upgrade flow for people who previously registered their devices for 2FA, or at least to more directly tell me to delete the existing security key on the device (which is what I did, and which worked).
ghancock
·hace 3 años·discuss
Update: I decided to go back and look at the settings pages for the two that worked.

Kayak shows a "Set up passkey" button with no indication that I already have one or any apparent way to revoke the existing one. Very bad.

Shop Pay does clearly show what passkeys exist, and allows revocation and addition. However, when I try to add one on Chrome on macOS, it only lets me set up a Chrome passkey. (These don't sync between devices. It should have let me set up whatever kind I wanted.) Also, the list just indicates passkeys by what browser type last used them, like "Chrome on macOS." So according to the list I have two passkeys that are just described as "Chrome on macOS" and they are indistinguishable.

I can't imagine recommending anyone try this unless they are consciously an early adopter.
ghancock
·hace 3 años·discuss
I want to be enthusiastic about this technology and at first I was, but it's getting harder. I tried to set up passkeys with the sites listed here that I already have accounts on. Results:

1. PayPal: I could not find an option to do it on either a phone or a web browser even after reading the linked instructions. Perhaps it thinks neither device is compatible (they are).

2. Microsoft: After eventually I found an option inside its settings to go "Passwordless" which sounds right, it instead tries to ram an app called Microsoft Authenticator down my throat. On passkeys.directory I check the instructions for insight and I see it says "All you’ll need is a device running Windows 11 and the Microsoft Edge browser." So much for cross-platform standards. If I had been using Windows 11, I assume I would have still needed my password to log in on my phone or anywhere else.

3. Kayak: Works fine, although the log in option is not as discoverable as it could be (I had to click to log in via email, and then click in the email field, and then an option appeared).

4. Shop Pay: Works fine, the only one about which I have no complaints.
ghancock
·hace 4 años·discuss
I think that’s reasonable if you are on a recent JVM version and expect to upgrade very regularly. Many are in organizations where that’s not the case.
ghancock
·hace 4 años·discuss
> On the other hand, I've not seen a rigorous set of axioms for category theory that didn't presuppose a notion of set or category or "collection".

I never worked through the details, and I'm not a category theory partisan, but I think that's what this is: https://ncatlab.org/nlab/show/fully%20formal%20ETCS
ghancock
·hace 4 años·discuss
knaekhoved your comment is dead which I think is unfortunate because it seems better to inform you than bury your comment so I'll reply here: the page did mean N -> N, given the context of the previous paragraph. You may have thought what you did if you did not know that Card(N)^Card(N) is equal to 2^Card(N) by the laws of arithmetic for cardinal numbers. If you have not encountered those before there are enough on Wikipedia to show that equality https://en.wikipedia.org/wiki/Cardinal_number#Cardinal_arith....