The tone of that comment does sound a bit "dick-ish", but I can't be totally sure without knowing his history with that CEO. Thanks and I'll keep an eye out for more evidence like this. In videos he seems pretty nice to me, although it could of course be a facade.
I ran windows under qemu, with a GPU, and a dedicated soundcard, and multi-monitor for years - even though ostensibly there was a 10-15% "overhead" due to emulation/virtualization. I had exactly zero issues, and to be quite frank i couldn't tell any difference in framerates, especially compared to my windows laptop running the same games with roughly equivalent GPUs.
Could you share a little more about your setup? I assume a linux host, and perhaps 2 GPUs with one per OS? I'm guessing it's a desktop build and not a laptop (iGPU+dGPU)?
I've really wanted to switch fully to linux, but I still use some "power" features in MS Office which apparently don't play nice on linux. Dualbooting Fedora is decent... when I can understand what's happening and don't need to go 4 layers deep every time I have a problem, unfortunately.
ryzen 3700 64GB(total), gentoo on NVME, nvidia 1060; windows on another NVME as a qcow (or whatever), nvidia 1070ti, 8 physical cores no HT, 32-48GB RAM.
you have to disable the specific GPU you want to use for another OS in the kernel command line - this means you need two different spec/brand GPUs, probably. There were some tweaks that i could probably dig out eventually, but most of what i used to troubleshoot were the archlinux wiki and forum posts pointing to blogs. However if you're just needing Office, just installing windows in qemu on literally any GPU will probably be just fine!
you can rsync the qcow to back up the entire windows OS.
for me to run games and audio software in windows my command line was:
you press both ctrl buttons to switch back and forth between host and guest, windows gets its own ip. Running office wouldn't require >60% of that stuff
i should note that command line is probably from the first time i got it working, i'd have to boot that machine to get the latest version
I've been using localsend, mostly without issues. This thread has made me discover pairdrop.net and I have to say it's miles better. I've switched all my devices over now. The iOS integration with the provided shortcut + permanent pairing, in particular, is really good.
Have you tried clearing cache? (I've configured the server to be a bit more aggressive about caching to improve load speeds, but JS bundle updates should be available instantly.)
I've just tested on Chromium 118.0.5993.70, Firefox 118.0.2 and Safari (iOS 17.0.3) and the issue seems to be gone.
I actually have switched to Localsend from Pairdrop. My experience is that is Pairdrop is slow especially compared to Localsend. This is while hosting the application on my local network.
I do prefer the WebApp approach so I don't have to install something on each machine before sharing files, but the bug ticket in Pairdrop does not make me hopeful for a good solution (see: https://github.com/schlagmichdoch/PairDrop/issues/44)
Are you able to achieve similar performance in Pairdrop that you did with Localsend?
I haven't compared performance, as it's not a bottleneck for me. A 70mb file took a few seconds. Localsend could very well be faster, being a native app.
I don't know. After discovering PairDrop too, thanks to comments here, I've been testing it out to see if it could replace Warpinator [1] as a means to send files & directories between my PC and my Android phone when I'm at home.
First impression has been quite disappointing... I installed the PWA to my phone's home screen. Then opened up and paired with my PC as trusted device. Tried to send a PDF file from PC to phone, a dialog shows up with
File Received. PC has sent: file.pdf. Close/Download.
Upon clicking Download, Firefox (which is configured in Android as the default web browser) opens up, on the Homepage tab. Nothing else happens, and the file isn't downloaded. So I'm left pretty much confused about what should have happened vs. what did actually happen.
(EDIT: Turns out installing the PWA from Firefox doesn't work as well as doing the same from Chrome. The latter does actually integrate it as a real Android app, and it then works as expected. The Firefox integration of PWAs with Android is a bit lacking, it seems.)
Good thing about Warpinator (and something I use a lot) is that you can enable accepting files without confirmation, and then you can drag & drop a whole folder to have it appear on the other device as-is. Something extremely useful but that I doubt web apps can achieve.
You should know that WebRTC is not ideal for this use-case, it has inherent performance and discovery issues. All web-based solutions are flawed until hypothetically the browsers and/or WebRTC step up their game. Fine for a pdf or something, but try it with large files and you’ll very likely have a bad time.
I must say LocalSend seems pretty great (even though they’re a “direct competitor” to my app https://payload.app/ )
Lots of reasons to self host things for this privacy is a big one but owning a service instead of renting means you don’t need to worry about the landlord or service provider raising prices or kicking you out.
Correct me if I'm wrong but isn't it fair to say that passkeys secured on your phone are more secure than 1FA (password) but less secure than "traditional" 2FA?
Passkey 2FA: unlock your phone and the passkey on your phone can log you in.
Traditional 2FA: remember a password AND unlock your phone (where your TOTP is stored) and you can login
If I were to rate all 3 methods on a scale of 1 to 10, for convenience and security, I'd say:
The reason being is the secret used to authenticate you is non-portable (since it's based on asymmetric crypto, it doesn't need to be shared). On the other hand, portable credentials, like TOTP/HOTP code AND passwords are responsible for almost all compromise today.
Bearer token based authentication will always be inferior to FIDO/U2F - it's not even the same ballgame.
No, if you break into a site using passkeys, it gives you literally zero information that can be used to authenticate as any of the users. Think about the prevalence of data breaches in the past decade, and the sharp rise in the effectiveness of password stuffing, and think about why this change might be a good idea.
WebAuthn almost entirely eliminates phishing risk (at least with respect to credential harvesting), and Passkeys are a really nice, clean UX for using WebAuthn.
>No, if you break into a site using passkeys, it gives you literally zero information that can be used to authenticate as any of the users. Think about the prevalence of data breaches in the past decade, and the sharp rise in the effectiveness of password stuffing, and think about why this change might be a good idea.
An implication of that is passkeys let you use the same authenticators across multiple services safely. Instead of keeping track of unique passwords across all those services (or worse, reusing passwords), you can just have a passkey-registered phone and one or two Yubikeys for backups/convenience. You'd be a very hard target for account compromise. That setup is highly phishing-resistant and immune to credential-stuffing, without the cognitive load of passwords.
> Nobody should be using a remembered password anymore.
Nobody is a strong number, why?
I don't want to use biometrics for logging in to my SSH terminal. I dislike having to use my phone for authentication methods.
I go many places without my phone. Even tempted to gon on holiday without it. Maybe I'm just one of the few who actually enjoys turning it off when coding, developing or whatever.
Not wanting to use biometrics directly for over-the-web authentication is one thing. Not taking the time to understand the technology being employed by Passkeys is entirely another. That’s your fault.
There are plenty of posts in this thread that are misrepresenting the technology, in a few cases deliberately. If you feel strongly enough to comment, you owe it to yourself and the discussion to go to the source and understand what it's about - that's what I mean by that's your fault. You clearly understand enough to A) argue against biometrics over the wire and B) feel you can comment on Passkeys.
Most, if not all (I've not read every post) of the 'flaws' mentioned generally exist in computer security; for example, no one is impervious to a thug and a weapon. The implementation is as simple as generating a key pair; the private key is stored in a secure enclave, either on device or in a secure location, and the public key is shared with the 3rd party. All services provide some recovery method upfront, clearly stating the importance of a backup. There is only so much they can do before you accept the responsibility for managing your security and privacy online. Resorting to "won't someone think of the children" doesn't help either. My mother, who is 74, has no problem with passkeys.
Is it perfect? No. There are 'better' competing standards, but they don't have anywhere near the consensus of the broader security field. Is it better than the current status quo? Definitely. Public key cryptography is significantly better than username/password combinations, even with TOTP or HTOP second factors, though ultimately, it will be a while before they disappear.
Right, in which case passkeys would be equally secure. But if you DO memorize the password (for example for your most sensitive account), then it feels like traditional 2FA is more secure.
That being said passkeys win if you also take convenience into account. I've updated my original comment with convenience scores to reflect that.
Would this work as a tool to sync a central server's parts of your postgres data to your distributed webapp backends local-copy, as opposed to all the way to user front-end. i.e. nodejs instead of the browser.
