Using security keys for passkeys

I am moving some accounts to passkeys, and posting some notes about it. Passkeys were standardized in 2018 and adopted by Microsoft, Apple, and Google. Banks have mostly avoided them. Other alternatives are email codes, sms codes, and an authenticator app, such as from Microsoft or Google.

There are different ways to use passkeys. You can put them on your PCs and phones, secured by special memory and whatever biometrics you use to login to those devices.

Or you can put them in a password manager.

Or you can put them on security keys.

You can use passkeys instead of passwords, but then you need to be sure that they are stored in reliable places, and/or backed up. They cannot be memorized like passwords.

If you trust your phone or your password manager, then that is all you need. But the big advantage of passkeys is that you can easily create them on multiple devices such that they never leave the device. That is, you do not need to back them up if you have alternate passkeys to accomplish the same logins.

Passwords have the drawback that an eavesdropper might copy them, or a phisher might trick you. Passkeys solve these problems. You can put the passkey on a security key, and be sure that it never leaves the key, and it will only be used on the intended web site. There is also a pin on the key, to protect against loss or theft.

Here are some security keys I tried.

Yubico 4. There are pre-2018 and now obsolete, but have the advantage that they can be used for an unlimited number of accounts. Google can use it as a 2sv, with a password. The other keys have this feature also, but Google refuses to use the feature if it thinks that the key supports passkeys.

Yubico 5. These are the market leaders, and are the safest bet. Some can use NFC with a phone, and also store Authenticator keys.

uTrust. Mine works most of the time, but is sometimes not recognized properly.

Onlykey. These have the feature that you can store a bunch of site passwords on them, and protect them with a pin that you enter directly on the key. Other keys depend on the OS to control the pin. A drawback is that each only holds 12 passkeys.

Thetis and Trustkey. These are cheap and reliable, and hold a lot of passkeys.

Solo Tap version 1. I had low expectations for this, as the company announced a version 2. I was able to upgrade the firmware by loading an obsolete python library, and it works well with 50 passkeys. That is better than my Yubico keys.

Fetian. These work with bluetooth, but that is more trouble than it is worth. Being wireless seems like an advantage, but they have to be charged, and the pairing is a hassle.

Price varies from $10 to $60. I get the impression that there is not much consumer demand for these, as some of these products have not be updated in years. Paying more does not necessarily get you a better key, as they all implement the same FIDO2 spec.

Using these has some quirks. With a passkey to a Google account, you can login with Mozilla Firefox without entering your username or password. With Google Chrome, you must take the extra step of entering your password. It is odd that logging into a Google account is more smooth on a non-Google browser than a Google browser.

Electric Vehicles still not Economical

The Texas Public Policy Foundation released this report:

Setting aside some of the questionable assumptions used in deriving such favorable economics for EVs, no one has attempted to calculate the full financial benefit of the wide array of direct subsidies, regulatory credits, and subsidized infrastructure that contribute to the economic viability of EVs. In this paper, we show that the average model year (MY) 2021 EV would cost $48,698 more to own over a 10-year period without $22 billion in government favors given to EV manufacturers and owners.

EV advocates claim that the cost of electricity for EV owners is equal to $1.21 per gallon of gasoline (Edison Electric Institute, 2021), but the cost of charging equipment and charging losses, averaged out over 10 years and 120,000 miles, is $1.38 per gallon equivalent on top of that. Adding the costs of the subsidies to the true cost of fueling an EV would equate to an EV owner paying $17.33 per gallon of gasoline.

If this is true, electric vehicles (EV) are being propped up by subsidies.

The EVs continue to be a big disappointment for Detroit car makers. They are nowhere close to making their sales estimates.

Jobs and Ritchie

Wired magazine says:

The tributes to Dennis Ritchie won’t match the river of praise that spilled out over the web after the death of Steve Jobs. But they should.

And then some.

“When Steve Jobs died last week, there was a huge outcry, and that was very moving and justified. But Dennis had a bigger effect, and the public doesn’t even know who he is,” says Rob Pike, the programming legend and current Googler who spent 20 years working across the hall from Ritchie at the famed Bell Labs.

I agree. Jobs convinced a lot of people to buy a lot of products, but he didn't have much influence on anything I use. Ritchie did. His inventions are used everywhere.

Not everyone liked Steve Jobs

Free software guru Richard M. Stallman writes:

Steve Jobs, the pioneer of the computer as a jail made cool, designed to sever fools from their freedom, has died.

As Chicago Mayor Harold Washington said of the corrupt former Mayor Daley, “I’m not glad he’s dead, but I’m glad he’s gone.” Nobody deserves to have to die - not Jobs, not Mr. Bill, not even people guilty of bigger evils than theirs. But we all deserve the end of Jobs’ malign influence on people’s computing.

Unfortunately, that influence continues despite his absence. We can only hope his successors, as they attempt to carry on his legacy, will be less effective.

Some people may assume that Stallman just doesn't like Apple selling proprietary software. But it goes much deeper than that. He does not like:

1. Digital rights management. While Amazon and others sold digital music that could be played on any device, Apple built its music empire on the concept that music should have special DRM restrictions that prevent playing the music on non-Apple devices.
   
2. Anti-consumer-choice. Other computers can be bought with whatever ports, peripherals, and options that the consumer wants. Jobs has always stood for forcing these choices on the user.
   
3. Privatizing the web. Instead of the world wide web being open to everyone with a browser, Jobs has worked to make his devices require special apps to view popular web sites, and to restrict apps to what Apple approves.
   
4. Crippled gadgets. Other smartphones and tablet computers allow the user to run whatever applications he wants. The Iphone and Ipad are unique in that they can only run apps from the Apple store.

Jobs was certainly a marketing genius, but Android phones consistently outsell Apple phones, and they do not have Apple's limitations.

Monopoly business tactics

This confirms monopolistic behavior by Apple:

Apple also allegedly told Sony that the app couldn’t access content purchased on other Sony Reader devices, which is where most of the outrage was focused. Amazon’s Kindle app and Barnes & Noble’s Nook app are both popular mechanisms for users to download and read books that they have purchased from the respective stores. Many feared that this supposed change in Apple policy would take their e-books away from their iPads, iPhones and iPod touches. Apple’s second statement indicates that this is indeed the case ...

and by Google:

Google has punished e-commerce sites, including J. C. Penney, for inflating its rankings by paying for links from unrelated sites.

In both cases, the company is trying to extend its monopoly in one market to another.

If I buy my own Apple iphone/ipod/ipad, and I buy my own ebooks and ebook reader, then I should be able to read my ebooks as I please without a veto from Steve Jobs. But he is saying that he will forbid it, because he did not get his 30% cut of the ebook sale.

Likewise, if I am doing a Google search, I should not be blocked from finding JC Penney just because PC Penney bought ads from a rival.

Apple and Google admit to these monopolistic practices. I recommend using alternative products.

Biggest Threat to Humanity

The biggest threat is the Singularity, according to this futurist, and this NPR piece.

Texting teens are troublemakers

Here is a new study:

19.8 percent of teens reported "hypertexting," or sending more than 120 messages a day, while 11.5 percent of teens were "hypernetworking," spending more than 3 hours a day on their preferred social network sites. The authors found that the hyper-texters and -networkers were more likely to be minority students, female, and come from a lower socioeconomic status.

The hyper-texters and -networkers also tended to engage in much more at-risk behavior: higher levels of sexual activity with more sex partners, smoking, and drinking. They also were more likely to be obese and display a tendency toward eating disorders. As if that weren't enough, they had more stress and suicidal thoughts; they also got less sleep and felt less safe at school.

Wow. Liberals used to complain about a "digital divide" in which poor people lack computer access. Now the digital divide is the opposite, and the disadvantages ones have the most computer access.

The Apple koolaid

Wired mag gives 5 Reasons the Media Cover Apple So Much, but they all boil down to reporters being brainwashed. Look at this AP article that raves about Apple new products:

And the $49 price tag — $10 lower than the previous Shuffle — can’t be beat. Sure, it only has room for about 500 songs, and Apple is no longer offering a 4 GB Shuffle, but it’s more than enough to get you through.

Yes, the price can be beat. By several companies. This ipod does not even have a display to show what it is playing. You can pay less and get a player that not only has a display, but shows movies, has an FM radio, has more memory, takes memory cards, has a recorder, and an be loaded with just a usb connection. The Apple product lacks all of these features. The reporters are Apple fanboys.

New Apple iphone

If trends continue, the new Apple iphone will be marketed like this.

Lousy car sound system

A current GM Buick car ad brags that it has a 40-gigabyte hard drive.

I wonder if anyone is impressed by this. The current market value for such a drive is about $6. It would be far more useful if GM made a system that allowed us to plug in our own electronic devices and use them the way we please. Even when some fancy $50k luxury car supports an Apple ipod, it is often so crippled as to be nearly useless.

Still no iphone multitasking

The Apple iphone users are all excited because the new iphone-4 has some sort of limited multitasking. But it still just approximates what DOS users had back in the 1980s.

DOS did not get true multitasking until DOS version 6, or versions that had the ability to load a Windows kernel. But long before those, it had the terminate-and-stay-resident command. That allowed user apps to continue to reside in memory and to service interrupts. The best known such app was the Sidekick text editor, but you could also do downloading, CD music playing, print spooling, and other tasks in the background. You could keep text in your editor and paste it into other apps.

You cannot do any of these things with the iphone 1, 2, or 3. There are certain system functions that give an illusion of multitasking, such as a system program that allows you to browse the internet and listen to music at the same time, but you cannot acquire a music-playing app like Pandora and run that at the same time as another app. Worse, you cannot even suspend an app, and later return to its previous state.

The new iphone-4 promises some new features that allow apps to be written so that some limited set of functions can proceed in the background. This reminds me of DOS in the 1980s. Except of course that you could write any DOS apps you wanted, and you never had to get Microsoft's approval. The iphone only allows apps that Apple approves as being consistent with its business strategy. It has even rejected a political cartoonist on the grounds that a politician might be offended. Meanwhile, all the smart phones on the market allow true multitasking. You can have two or more user apps running at the same time, and the system automatically switches among them.

Crime to report on the cops

The Wash. Post reports:

In early March, Anthony Graber, a 25-year-old staff sergeant for the Maryland Air National Guard, was humming a tune while riding his two-year-old Honda motorcycle down Interstate 95, not far from his home north of Baltimore. On top of his helmet was a camera he often used to record his journeys. The camera was rolling when an unmarked gray sedan cut him off as he stopped behind several other cars along Exit 80. ...

A week later, on March 10, Graber posted his video of the encounter on YouTube. What followed wasn't a furor over the police officer's behavior but over Graber's use of a camera to capture the entire episode.

On April 8, Graber was awakened by six officers raiding his parents' home in Abingdon, Md., where he lived with his wife and two young children. He learned later that prosecutors had obtained a grand jury indictment alleging he had violated state wiretap laws by recording the trooper without his consent.

Here is the Maryland wiretap law:

§ 10-402.
(a) Except as otherwise specifically provided in this subtitle it is unlawful for any person to:

(1) Wilfully intercept, endeavor to intercept, or procure any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication;

(2) Wilfully disclose, or endeavor to disclose, to any other person the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subtitle; or ...

The law is critisized here and elsewhere.

It should be obvious that this is a wiretap law, and someone wearing a video camera on his head is not doing an "intercept". He is also not "wilfully" violating the law.

It also should be unambiguously legal to videorecord a cop making an arrest or issuing a citation in a public. Posting the recording on YouTube ought to be a free speech right. Many cops now have their own videorecorder to document their actions, including all Maryland state troopers. This motorcyclist has a legitimate complaint against Maryland police procedure, and the only way that he can make his point is to post the video.

Apple is evil

Google's motto used to be Don't Be Evil. More and more, it means Don't Be Like Apple.

Even the NY Times says that Apple has lost its cool. No other company uses the law to intimidate its media critics, as Apple does. No other company tries to restrict what you can do with its products, as Apple does. No other company is as hostile to open source software, as Apple is.

Apple products are overpriced and crippled. Apple has a loyal customer base, but it is a bit like AOL's customer base. People sign up because they think that the service limitations will make the product easier to use. But it is only easier if you are willing to be locked into to the company's business model. It is not easier if you want some flexibility in your use of the product.

Update: Pres. Obama is now a critic:

With iPods and iPads and Xboxes and PlayStations--none of which I know how to work--information becomes a distraction, a diversion, a form of entertainment, rather than a tool of empowerment, rather than the means of emancipation.

The new Philips ipod

I got a Philips GoGear Aria 16GB portable MP3 player. It has a 2-inch screen for pictures and videos, and is much nicer than the ipods made by Apple. Much cheaper also.

It is much easier to use than an Apple ipod because you can just plug it into a computer and it looks like a disc drive. You can just copy your music on, unplug it, and play it. No need to use Apple iTunes or anything like that. It can use MSC or MTP mode.

The one odd thing about it is the behavior of one of its buttons. The player has seven buttons in front, and the one in the middle is used for Select, Play, and Pause. It must be operated with a very brief tap. A slow press does nothing. I thought that the button was defective, so I called Philips tech support, and the guy advised me to return the product. He was not aware of the problem. So I got another one, and it works the same way.

Now that I know that the button works this way, it is not really a problem. I tested the player on two friends of mine, and one of them thought that the button was defective. I don't know whether the Philips engineers intended this behavior or not. I think that they should either change the firmware or put some warnings in the manual, or else they will get a lot of returns. On most devices with a Pause button, you can press Pause as slowly as you wish. And even on this Philips player, a slow Pause works just fine to pause watching a movie.

I am posting this to notify others that the Philips ipod is not really defective, but it just requires a quick tap on the Select/Play/Pause button. It might save someone else from returning it.

iPhone monkeys

Here is an amusing cartoon. The reference is to the movie 2001, where apes are inspired to fight with weapons by discovering a monolith.

As far as I can tell, the Apple iPhone only offers one novel feature -- the ability to listen to voicemail message out of order. Everything else has been available from other vendors for years. Some phones offer fancier features like GPS, much better cameras, keyboards, Java, Flash, 3rd-party apps, extra memory, etc. And of course the iPhone is crippled, like other Apple products.

There is someone claiming to have figured out how to unlock the iPhone so that it can be used with T-Mobile's network, and he wants to sell unlocked iPhones. But even if you could get such a phone, you would not be able to listen to your voicemail messages out of order, so I doubt that it would interest the typical Apple customer.