Please, please, please stop using #passkeys to encrypt user data.

@timcappalli I think it’s even worse than this! Your do a great job explaining why it’s problematic for users who -don’t- know what’s happening (and also the increased risk of loss for everyone)

But there are second order affects on -security-. A user who -knows- their passkey is encrypting their data must now keep that key much longer than they would otherwise need to. Auth keys should be safe for frequent rotation and replacement, which means keeping their scope tight.

@rmondello love it!

I do think I’ve encountered an edge case but having trouble getting it accepted as a bug with support, though.

Is there another avenue I could share more details? The tldr is that the bug is specific to when an sms 2fa code is sent to Google voice, then forwarded as email to Mail app. I strongly suspect the bug is with the Mail parsing.

@airtower love this.

Versioning the empty dirs is a bandaid that addresses the symptom, not the root cause!!

@lattera @nedbat I must admit to liking the readme idea more.

But I do wish subdir .gitignore was the default convention for templates and scaffolding than .keep files.

@b0rk one thing that I don’t think gets enough attention:

If I go on the web I have to worry about versioning. Is my version too old? This doc might not apply to me. Or maybe the online post is too old and my version has newer/better options or features. Man page and -help are locked to my actual version.

@jcoglan and the swipe keyboard has been for a year