FIDO2 / WebAuthn & Google, Oracle, AWS IPv4, PWA, CACHE.TAG

1. Google, Security -> FAIL! I love when engineers make something cool, which is then so shitty that it just ends up enraging people and hindering all normal operations. As example the FIDO2 stuff on Google's side is just ridiculously sucky. I try to login with my device, it says, there's a problem. Then I remove the device, and then try to add it back. First of all I don't have any devices on the list. And when I try to add the device, it says that it's already registered. I just can't stop loving these developers. - Where do you guys find these so called engineers and developers? It's not really that hard or complex operation, right? - Code is garbage, error messages are garbage, debug info is garbage. Excellent work guys! - FIDO2 logins to Goole have been now broken probably around an year. But the sunny side is that Microsoft fixed their s.it and how Firefox & Linux login works on Outlook / Office365 as a charm! - The key management is absolute mess and it's totally broken. When I added my passkey hardware device, why did my other keys get lost. So, if I had any backup devices (as I do) now those are gone, in the Security Key section. - Bleep! - One thing I agree with their engineers, if you want highly secure system, it's best to prevent users ever accessing it. That improves security in a very remarkable and proven way! - Highly recommended, do not use 2FA, because it's so badly implemented with Google that it ends up just causing constant trouble. - And even now, the keys that are present, aren't working. - GG

2. Google Sites keeps working as it's normal. It still probably has some kind of race condition or other ultra garbage code. When you create a new page, you'll never know if it got some preexisting styling, header section with a headline, or if it's created as completely empty page. - This shht has been going on for years as well. One thing is that they could have some kind of lamer working as stylist changing those defaults weekly. But more likely is that the code is just so bad, that it doesn't work consistently and logically. - Sorry if I sound angry, I am. This kind of incompetence is just ridiculous. - Just found more bugs again, when adding link the new link can get misplaced. Reload and retry helps. - GG

3. Google login flow is absolutely ridiculous. First it suggest logging in with PassKeys, it fails. Then it suggests entering password, fine. Then it asks for U2F key, it fails. And then you'll need to enter TOTP code. -> Finally in. Who designed this? - Is the only intention to troll users? - At least they're good at it. Haha.

4. Based on that, Oracle just recommended using 2FA for everyone, and sent separate email about it. I'm kind of waiting similar sh.t show because their control panel is probably even worse than Google's. Anyway, Oracle services have been really nice in general. Excluding that bad login / control panel experience, and the enraging IPv6 networking issues.

5. AWS is starting to charge USD 0.005 / hour per IPv4 address (@ aws.amazon.com) . We're slowly moving into direction where IPv6 starts to make more and more sense. Some people are still resisting hard. But that's just like with the 32 -> 64 bit shift. Tip over will happen at sometime and then rest is going to be quite quick. There are already many users whom complain about everything not working with IPv6. And every service should work with IPv6 nowadays.

6. I'm slightly saddened that Progressive Web Apps (PWA) (@ Wikipedia) aren't used more often. Instead some bloated s..t is being served. Especially this annoys me when the services provided by the app could be filled with PWA without any problems. Meaning that there aren't any technical reasons not to use PWA.

7. CACHE.TAG Cache Directory Tagging Specification (@ bford.info) - I didn't know about that. But sure, having easy way to exclude something from backup is highly useful. It's so common that people complain backups being slow and large, and then when you check what the problem is that they're backing up all the temp, cache and other totally useless crap in the backups. 

8. Long discussion about virt-manager (@ Wikipedia) and how great it's for Linux users. No need for VirtualBox or Hyper-V. And sure, it can also run Windows, no problem!

2024-06-23