> "Even if there were explanatory text, Erika, like most users, doesn’t typically read through every dialog box, and they certainly can’t be expected to remember this technical detail a year from now."
Passkeys are a step in the right direction, ironically for the exact reason the author advises caution. We've been telling people to "store your backup key somewhere safe" for the best part of a decade now, and your average Erika hasn't got on well with that at all. Locking themselves out and losing data left, right and centre.
If you've worked at any kind of scale you'll know well that a certain percentage of users will lose their data with E2EE, full stop. It's just different from everything else they've ever used. These are the same people who'd be lost without the "forgot password" link, and there's no shame in that. That's just the reality of it. And passkeys can help people like this to not lose their keys.
If the product is truly E2EE, the best options right now are the passkey implementations baked into Chrome or Apple. Windows, as ever, needs a bit of work, but the password managers seem to be picking up the slack well enough. We also need to educate people that with true E2EE there is no "forgot password" email. Passkeys and the tooling around them still have a ways to go, but we're getting there.
> "Effective immediately, no contractor, supplier, or partner that does business with the United States military may conduct any commercial activity with Anthropic."
Does this mean Azure & AWS will have to stop offering Claude as a model?
You would have to assume it will be immediately challenged and an injunction filed to suspend the order until it makes it to court.
AWS Bedrock has deployed Anthropic models under an interesting structure. It is fully hands off - the models are copied into the AWS infrastructure and don't use anything from Anthropic. I think if push came to shove, Anthropic could cut ties with Amazon and AWS could probably still keep serving the models it has with Anthropic forgoing revenue until this is resolved, while asserting they are not "conducting commercial activity" between each other.
I wonder, can't Amazon create a new legal entity to split AWS into "AWS-for-DoD" and "AWS-for-everyone-else"? So one can work with Anthropic and the other can't. Not sure how it works in the US.
> In practical terms, this replaces a lot of the awkward machinery behind encrypted systems. End-to-end messaging usually requires long-lived identity keys, recovery phrases, or some form of server-assisted key escrow. Encrypted SaaS products often rely on password-derived keys or server-stored wrapped keys for recovery. Using passkeys and the WebAuthn PRF shifts that root of trust into hardware-backed credentials that already exist on user devices, reducing both system complexity and the number of high-value secrets stored on servers.
I hope that makes the reason for my post clearer? Thank you for your comment, I'm pretty new to writing blog posts and your comment identified that I clearly hadn't properly communicated why I though the approach was novel or exciting. It might have been obvious to some, but having Moxie do it in a product makes it much easier to justify by coping his approach.
Agree that the idea of using passkeys for encryption isn’t Moxies or novel, since it’s explicitly in the spec. MaybeI failed to get at what Moxie’s implementation replaces and how that’s novel, and moving the ecosystem forward. I could see a similar system being used for E2EE messaging too.
I would guess there's not enough volume due to limited use-cases of the tech compared to more traditional screens.
The typical e-ink uses cases boil down to e-readers, dumb-phones, and hobbyists, which is not a huge market. Anything niche or specialized tends to carry a higher cost.
The prices on Ali Express for e-ink are not that bad, but certainly can't get anything as big as the Mira Pro. The Boox premium is plug and play compatibility, high fidelity/refresh rate and support.
It is complex. The early patents have expired, so a bunch of companies wouldn't surprise me. I can't follow the chains, but it appears that there are not really a bunch of companies, it is one company (maybe two) that makes just the displays and sells to others.
Careful if you're still on MacOS Sequoia, Apple has hidden Tahoe as a default under updates. If you click updated now it automatically upgrade you to Tahoe.
I believe it is new. I’ve never seen them:
- put a upgrade os version under “updates”
- then select the upgrade os version instead the current version when there are multiple updates ( os patch, safari or xcode)
Not yet. My focus was getting the computer locked. I hope to add that or similar functionality that will remove the disk keys in the future.
Right now it looks difficult to implement. There's no instant "purge keys from RAM" command and shutdown is slow. Maybe aiming for a similar state to logout might be a good middle ground? Logout locks the keychain and kills apps.
Built this after the FBI raided a Washington Post reporter's home last month. The search warrant had a section called "Biometric Unlock" giving agents permission to use her face and fingers to get into her devices.
On iOS you can squeeze the side buttons and Face ID's gone. Two seconds, works in your pocket. macOS has nothing like it.
PanicLock sits in your menu bar. One click (or keyboard shortcut)locks the screen but asks for a password. When you log back in Touch ID will still be active. Free, notarized and no data collection.
There's good reasons to keep Touch ID on day-to-day. It stops people watching you type your password, cameras catching it, that sort of thing. This is just for when you need it off sharpish.
More on the legal side of things (circuit split on compelled biometrics, border searches, etc.): https://paniclock.github.io
reply