Keep in mind, still discussing the underlying fundamentals and not the user experience.

MitM attacks are frequently covered in white hat hacking, often after an actual event takes place. It is considered a third party attack, and it does break trust. It is a security threat, and to claim it doesn’t count is absurd. I’ve seen a few reports personally from internal, but I’m not at liberty to speak specifics about them. On the topic of replay attacks, TOTP is vulnerable, but passkeys are not (yet, I’ve seen people try though). This isn’t the only type of MitM attack, and, again, both are somewhat vulnerable.

TOTP is nothing, nowhere similar to passkeys in any way. You do NOT generate codes with passkeys. Passkeys are a form of public/private keys that are used to create a challenge/response request and used to generate a digital signature. The keys are not passwords (aka “shared secrets”). Digital signatures are also not passwords. The only other thing I can think you mean by “code generation” is that you’re using it as a generic catch-all, but that happens with…well everything (even passwords), depending on context.

I don’t want to sound too much like a die hard passkey fan - and you are right - passkeys are extremely overkill if you use anything above a plain old password. In some cases, layered security can be just as effective. The problem is that most people do only use plain old passwords. If we can get any kind of extra security, even TOTP, then all the better. There are also some cases passkeys are not feasible, so it’s good to have alternatives.

That’s false, TOTP can and has been the target of man in the middle attacks, successfully. The implementation of passkeys makes man in middle attacks more difficult, but it could still happen. So both are susceptible to third parties to some degree.

As far as point of view, I was assuming we were talking about the process, since the goal of passkey UX is to be largely the ‘same as’. Which, to be frank, is way less dedicated since both the implementation of passwords and passkeys can vary widely (2fa, email, id, otp, etc). If we exclude those, the UX is the same - some users might be even using passkeys and not know it.

TOTP is based on shared secrets, just like passwords. As such, it’s susceptible to many of the issues passwords are and is much closer to passwords than passkeys. Passkeys on the other hand, don’t have shared secrets and operate completely differently under the hood.

Perhaps he means the process of setting it up. Or when it doesn’t work. Or when passkeys are lost. Or using another device. A lot of people’s complaints about passkeys aren’t really about when it works.

It’s valid I think, but also some people forget passwords can have similar experiences. For one, there seems to be this idea that if you lose your passkey you get locked out of your account forever. The recovery process should be no different than losing your password.

No. It’s a completely different process. It’s a bad name for what it actually does. (Unless you’re talking about how computers do things, then EVERYTHING is numbers)

Look up public/private key pair encryption. It’s the process that has changed.

The problem with all these “what are passkeys” guides is that it’s difficult to convey the differences between password and passkeys if you don’t have a deep understanding of encryption or authentication systems.

Listen. If ICE can tell the difference between a citizen and an immigrant, then you can tell the difference between ICE and imitators. Right? …right?

This is a case of 'it depends '. The damage isn’t caused by something being on or off. It’s everywhere. Disconnecting can isolate damage from small storms, but world ending storms have enough energy to jump air gaps and the surges would be faster than most breakers can react to. You’d physically have to rip the cables from your house to be safe. Smaller, battery powered devices would be more susceptible regardless if they were on/off. Batteries are a concern because you don’t want them to incur damage/blow up due to an electric surge.

If this sounds overblown remember that during the Carrington Event, telegraph lines continued to operate for hours even after batteries were removed. In some cases, lines sparked and damaged equipment or personnel. These are very powerful storms that naturally induce electric current in circuitry.

Something to note, some AF ACT operations can be contracted out. This means that even the AF doesn’t have enough even for its own operations, and that number probably reflects the available number of ‘wartime’ operators available.

Also, the military operates under a huge umbrella of tasks, where a 1C1 wouldn’t ‘just be’ ACT - that would be your ‘wartime’ job (specifically when you first enter), and you are ever becoming more generalized to handle a broader scope of tasks and responsibilities. If every 1C1 were used, you’d lose a lot of managers, support, training and etc to put people who are 1C1 who may not have done ATC work in years. Think First Sergeants and the like, they could do it - but you’d lose someone who has the knowledge of all 1C operations and go back to just doing ATC. That’s a heavy ask.

So the outlook is even worse than you suggest.

Yes, but the military cannot just quit and find another job. They are not told to “go home and wait until a budget is passed.” And they must bear the associated costs of operation that they would typically get reimbursed for.

It’s not that people in other agencies aren’t suffering, it’s that most those in the military would be the first to have problems that both affect the individual and the government’s power.

As another (but silly) counterpoint, the government shutdown affects every citizen, nay, the world itself. Since the USA is such an important world power, the act of shutting down has wide consequences if it goes on long enough. So won’t you think of the billionaires?

Schools are meant to teach. Change my mind. /s

I feel that a lot of discussion is by people who have never taken ozempic or have and are successful with its treatment. For what it’s worth, I’d like to give some insight to my own experience with it and why I’m not on it.

I won’t talk about all my medical issues, but to make it very broad - I have type 2 and a genetic disorder regarding my ability to metabolize. I was put on a trial of ozempic because of its apparent effectiveness.

While on it, one of the first things I noticed that no one seems to talk about (so I don’t know if it’s just me or not): the feeling of being sated and hungry are two different feelings. It was weird being hungry and full all the time. A bit torturous, but something I felt was manageable.

Unfortunately, even on the lowest dosage, the sated feeling was so strong I felt nauseous all the time. It eventually became a problem when I started becoming dehydrated because I couldn’t even keep a glass of water down.

I was removed from the medication and I had persistent side-effects afterwards. It’s been years now and while the side effects have diminished, I still get random bouts of nausea for no apparent reason. It’s unrelated to when I eat or drink, but it’s something I’ve never experienced prior to being on ozempic.

As weird as it sounds, there are some days I wish I could go back on ozempic. It is effective, but now doctors know I retained some side effects, they won’t let me try it ever again.

And I guess that’s it. Nothing too horrible I guess, but even miracle drugs have side effects. Everyone is built differently, so there will always be outliers.

I like to think that whenever we discover something new, the universe just got an update and we discovered the patch notes.