Alt account of @Badabinski

Just a sweaty nerd interested in software, home automation, emotional issues, and polite discourse about all of the above.

  • 0 Posts
  • 62 Comments
Joined 5 months ago
cake
Cake day: June 9th, 2024

help-circle
  • Man, that’s cool! Concrete is a heck of a lot cheaper than epoxy granite resin and is perfectly suitable for a low-precision tool like this lathe.

    I do hope that he finds a way to shield those bearings. You really don’t want metal chips or sawdust making its way in there. Any damage they sustain will cause runout, which will lead to increased chatter and parts that are out of spec. Plus, a matching pair of tapered roller bearings can be quite expensive!

    EDIT: to be clear, I mean no disrespect when I say low-precision. Not every lathe needs to have slides and handwheels. I have a little Sherline lathe that I’ve used like this in the past (using gravers, not tools in a tool holder). It’s great to quickly turn something or to put nice decorative details on a part. Precision is possible with a lathe like this, but it requires fairly strenuous effort.




  • Right, but I can’t require a second factor on a different device that operates outside of my primary device’s trust store. I’m sure there is some way to make my desktop hit my phone up directly and ask for fingerprint auth before unlocking the local keystore, but that still depends on the security of my device and my trust store. I don’t want the second factor to be totally locked to the device I’m running on. I want the server to say, “oh, cool, here’s this passkey. It looks good, but we also need a TOTP from you before you can log in,” or “loving the passkey, but I also need you to respond to the push notification we just sent to a different device and prove your identity biometrically over there.” I don’t want my second factor to be on the same device as my primary factor. I don’t know why a passkey (potentially protected by local biometric auth) + a separate server-required second factor (TOTP or push notification to a different device or something) isn’t an option.

    EDIT: I could make it so a fingerprint would decrypt my SSH key rather than what I have now (i.e. a password). That would effectively be the same number of factors as you’re describing for a passkey, and it would not be good enough for my organization’s security model, nor would it be good enough for me.


  • I just don’t get why I can’t use something like TOTP from my phone or a key fob when logging in with a passkey from my desktop. Why does my second factor have to be an on-device biometrically protected keystore? The sites I’m thinking of currently support TOTP when using passwords, so why can’t they support the same thing when using passkeys? I don’t want to place all my trust in the security of my keystore. I like that I have to unlock my phone to get a TOTP. Someone would have to compromise my local keystore and my phone, which makes it a better second factor in my opinion.

    EDIT: like, at work, I ssh to servers all over the damn place using an ssh key. I have to get to those servers through a jump box that requires me to unlock my phone and provide a biometric second factor before it will allow me through. That’s asymmetric cryptography + a second factor of authentication that’s still effective even if someone has compromised my machine and has direct access to my private key. That’s what I want from passkeys.


  • This is a bad take. Several cities in my state banded together to create a municipal fiber network called UTOPIA. The fiber is owned by the cities that bought in and is used by several different ISPs. The ISPs pay UTOPIA for access, and then they have to compete with each other for subscribers based on performance, features, and cost. Like, there’s genuine market competition for internet! If the state owns the infrastructure and then forces the playing field to be level, then everyone benefits. People in the cities with UTOPIA got fast fiber internet waaay faster than anyone else, they have a plethora of choices (want a static IP and a business plan in your residence? There’s an ISP that sells that!) at great prices, ISPs get access to subscribers without having to maintain fiber, and the cities who bought in get to make money from this and attract residents and businesses who benefit from the service.

    My city didn’t buy in. Google Fiber eventually came to town so I was able to kick Comcast out, but I am uneasy about what’ll happen if Google decides to drop their ISP business. If I was in a city with UTOPIA, it would just be one ISP folding and I’d be able to pick a new one and switch over right away.

    EDIT: cool, Cory Doctorow wrote a blag post about it: https://doctorow.medium.com/https-pluralistic-net-2024-05-16-symmetrical-10gb-for-119-utopia-347e64869977
    UTOPIA users have access to 18 different ISPs. I feel like that speaks for itself right there. This is the future we all should have had.




  • I just wish that companies enabling passkeys would still allow password+MFA. There are several sites that, when you enable passkeys, lock you out of MFA for devices that lack a biometric second factor of authentication. I’d love to use passkeys + biometrics otherwise, since I’ve often felt that the auth problem would be best solved with asymmetric cryptography.

    EDIT: I meant to say “would still allow passkeys+MFA.” hooray for sleep deprivation lol.





  • I think they’re all top-level responses too. I took a random sampling of their comments, and they never respond to anyone else’s comment. That smells like someone being lazy and not bothering to iterate through comments when writing their dumb AI commenting script.

    Like, just, what the fuck is this shit? There’s one comment from 8 months ago that looks real. Everything else is from the past week and reads like LLM drivel. Why would you bother? Is it just someone who is bored and wanted to see how long they could convince people?


  • Thank god for projects like Valetudo thar let you break your stuff away from the cloud.

    Semi-related story time. I bought a Midea Cube dehumidifier for my laundry room. My dryer has been broken for years, and I’ve found that air drying clothes makes them last a lot longer. It’s hard to air dry inside, hence the dehumidifier. My plan was to control the dehu automagically with Home Assistant along with some fans, so people could just click a button to turn all the shit on to dry their clothes.

    After buying it, I realized that the dehumidifier could only be controlled via the cloud, and the cloud control was unreliable as fuck. With the exception of tech people, nobody is willing to deal with my flaky bullshit. If the button doesn’t work consistently, my partner, her other partner, and my FIL aren’t going to bother. Luckily, a very industrious person made this thing that let me rip out the hardware responsible for cloud connectivity and replace it with a cheap microcontroller. Now, my dehumidifier talks to my Home Assistant server directly via MQTT and it just fucking works.

    Give me local-only control or fuck off, I’ll take control myself. It’s not much to demand, and shit like what this article describes absolutely deepens my conviction around local-only control.




  • Ah, okay, that’s what I was referring to with NIF. They absolutely have generated more power than they put in, but only in a way that is scientifically interesting. If you only consider the energy flowing into the hohlraum, then more energy was produced, which is crazy cool! They also achieved true ignition which is great. We’ve never been able to get things hot enough and squozed enough for long enough to be able to directly observe that in a controlled setting. The fact that they can now just do that means they can experimentally probe where the boundaries are and find the cheapest way for us to get to ignition.

    However, they got the energy to the hohlraum using lasers. Those lasers (and all of the equipment around them) required (I think) three orders of magnitude more power to generate the laser impulse that triggered fusion. A productive fusion reaction did occur, but it absolutely wasn’t productive enough to make up for all the power required to generate the laser pulse. Making lasers that can output at the required power levels and frequencies without all of the waste (i.e. 2.5 MJ of electricity to laser results in 2 MJ laser output) is a Hard Problem™ and is probably impossible with our current understanding of physics.

    When you made your comment, I wondered if someone had achieved breakeven using a tokamak or some other form of magnetic confinement setup. Inertial confinement fusion is great for research but not practical for power generation, whereas magnetic confinement fusion is probably where the future is.

    ICF is really good at putting the squoze on stuff, because the things you want to fuse are all stuffed in a tiny hohlraum and you’re zorching it with a shitload of giant friggin lasers. Magnetic confinement fusion used in tokamaks occurs much more gradually by magnetically heating and containing plasmas. The nice thing about tokamaks is that they just constantly generate heat. With modern superconducting magnets, the infrastructure efficiency is also pretty decent, giving them a chance at truly generating more power than they use when you take the entire reactor into consideration.

    Jesus that’s a lot of words. I should go do my damn job instead of distracting myself talking about fusion. Sorry for the brain dump.


  • Question for you, when you say that we’ve accomplished fusion, do you mean fusion that produces more power than took to generate it? Or simply the act of fusing atoms together in a reactor (vs the uncontained fusion present in thermonuclear bombs)? If it’s the former, then like, holy shit, that’s actually been accomplished‽ Like, I know NIF had their whole thing with breakeven fusion a couple of years ago, but that was only counting the energy that made it to the hohlraum, not all the energy that was lost powering the lasers and shit. When you factor all of that in (like you’d need to for realistic power generation) then it’s very far away from breakeven generation. It’s still an incredible breakthrough and will help us figure out fusion energy, but it’s not a practical means of energy generation at this time. Did something else happen that I missed‽

    If it’s the latter, then we’ve actually been fusing atoms together in reactors since the 1950s. In fact, there’s a community of people who build small fusion reactors as a hobby! I learned about this a few years ago when a 16 year old made the news by being the youngest person to build their own reactor. The main site I know of is https://www.fusor.net/