Forest @forestjohnson@pixie.town

@filippo but that doesn't work under this assumption that everything is using passkeys -- how to reset via email when you lose the passkey to log into your email ?

Because otherwise, can't the email still be phished ?

People need to be able to _back up_ thier creds in a system they control, like a paper notebook or a password manager that they can access independently of their device.

Not everyone has two devices -- some people dont even have their own device at all!

This is not a theoretical thing, it has real consequences for people... My mother can't log into her apple account or social security account anymore because her device hardware failed. The helpful folks at the apple store just had her create a new account....

She did NOT lose access to the accounts whose cress she wrote down on paper.

@filippo

Sure, but... Allowing people to log in with a pass key without them having first set up a backup of thier passkeys that they understand and control..

Taken to its logical conclusion, it just means that instead of phishing being possible, keeping any account for longer than the average duration between mistakes will become impossible, You will see accounts die permanently on a regular basis and people will have to recreate their entire digital lives constantly. The same thing happened with 2FA before the introduction of backup codes.

If you want to have safe browsing, I don't think that you get to just punt and push all the hard work onto everyone else. People are just going to turn safe browsing off and stop trusting you when you start gaslighting them, telling them that their very own thing that they created must be a scam.

@aeva @aras

One new KDE user I met instantly closed kwallet when it opened because they thought it was a cryptocurrency thing!! 🫣

@aeva @aras

Yeah this is a place where Ubuntu/gnome is much better out of the box, the secret store thingy and associated APIs (like keyring on Mac OS) "just works" whereas when I tried KDE on Debian, I had a similar experience. The api key thing may be new or unique to fedora, I just remember having to make an account to submit a bug report. But at least d-bus wasn't broken.

Fedora is kind of bleeding edge new, that's why I prefer Debian, its far behind and thus more polished at least imo.

KDE is kind of more flamboyant and has seemingly more bugs than gnome, but I like its developers attitudes a lot more and most of the UI feels better to me except for certain issues w/ file chooser. Nice thing about KDE is they will actually accept contributions if u wanna fix issues w/ ui design.

And I will second or third the ppl who said to install the proprietary GPU driver from nvidia.

@alisynthesis you forgot to mention that basically his journey went..

1. Physics PhD
2. I will help create a fusion reactor to save the world from peak oil and global warming
3. Actually fusion is really hard. It will be easier to save the world by simply re-inventing the entire industrial civilization economy based on open tech

@gcvsa I'm not sure what kind of solutions you are looking for, but... If you're interested in the more fancy option, I would maybe start by looking into Libvirt and Virt-manager.

This may vary depending on the hardware that you're using, but I know that the gaming community has come up with lots of ways to run virtual machines on Linux hosts at full speed so that they aren't slowed by virtual frame buffers and what not. I think its called GPU passthrough ?

@gcvsa

If I understand correctly, typically the challenge associated w/ setting up computers for public is all about Data privacy, making sure that everything is wiped after the person stops using the computer.

Is that what you are concerned with?

There is an operating system called Tails, (The amnesic incognito live system) which is privacy centric and already does this stuff by default. However, tails won't prevent users from administering the computer, for example, installing a different operating system on it or breaking it in a way where you would have to re-image it.

But maybe you don't have to worry about that until people who are very technical start coming into this space and messing with the computers, which may never even happen. Tails on its own could probably prevent accidental data exposure and that could provide a lot of value to begin with since it works out of the box.

I think the best way to do this would be with virtual machines. There probably is already a thing built to make this somewhat easy to set up, but I don't know what it's called and I don't know if it would be applicable to your use case.

But basically, you would separate the operating system on the computer into two categories, the host and the guest. The host would be locked down and only you the admin would be able to log into it. Then when a person who wants to use the internet comes in and turns the computer on, they have to follow instructions to enter into a secondary mode. Like maybe they just log in as a user called guest with the password guest. Then the login script for the guest user will run and it will automatically start up a new virtual machine.
Now they won't be able to modify anything on the host that would cause maintenance issues.

When they shut down that machine all the data inside will be lost.

And if there are some programs that your users frequently want to use, and they're always downloading them every time before they can start their work, then you could preload all that software onto the image that the virtual machine spawns from to streamline things.

@joshsusser According to Apple, it's his fault because he didn't pay for the subscription service. But I would much rather blame Apple because they made it nearly fucking impossible to back up without paying for the subscription service. They hide all the photos away and don't tell you where on the file system the files are located.