You share public keys when registering the passkey on a third party service, but for the portability of the keys to other password managers (what the article is about) the private ones do need to be transferred (that's the whole point of making them portable).

I think the phishing concerns are about attackers using this new portability feature to get a user (via phishing / social engineering) to export/move their passkeys to the attacker's store. The point is that portability shouldn't be so user-friendly / transparent that it becomes exploitable.

That said, I don't know if this new protocol makes things THAT easy to port (probably not?).

Yeah, it protects Jimmy from having to unconditionally contribute to society & its many organizations.

It allows Jimmy to set conditions and control who can use it and who cannot. For example, he can ally with one particular big corpo (or even start building one himself) so they can hold that thing hostage and require agreements/fees for the use of that thing for a long long time.

So now, instead of all people, including big (and small) corpos, having free access to the idea, only the friends of Jimmy will.

The reality is that if it wasn't for Jimmy, it's likely that Tommy would have invented it himself anyway at some point (and even improved on it!). But now Tommy can't work on the thing, cos Jimmy doesn't wanna be his friend.

So not only does it protect Jimmy from having to contribute to society without conditions, it also protects society from improving over what Jimmy decided to allow (some) people access to. No competition against Jimmy allowed! :D

Even without patents, if the invention is useful I doubt the inventor will have problems making money. It would be one hell of a thing to have in their portfolio / CV. Many corpos are likely to want Jimmy in their workforce. Of course, he might not become filthy rich.. but did Jimmy really deserve to be that much more richer than Tommy?

That's ok if we are talking about malware publicly shown in the published source code.. but there's also the possibility of a private source-code patch with malware that it's secretly being applied when building the binaries for distribution. Having clean source code in the repo is not a guarantee that the source code is the same that was used to produce the binaries.

This is why it's important for builds to be reproducible, any third party should be able to build their own binary from clean source code and be able to obtain the exact same binary with the same hash. If the hashes match, then you have a proof of the binary being clean. You have this same problem with every single binary distribution, even the ones that don't include pre-compiled binaries in their repo.

Content curated by "the core geeks and nerds" might appeal to "geeks and nerds", not to those consumers.

They want "consumer" content. And if one day they get tired of it then I doubt any amount of "steak" would have stopped them leaving anyway, since that was never what they were looking for. It's not like reddit has to be the only place they visit in the internet, nor is the internet their only source of consumption. Just because you go to a snack bar does not mean that's the only place you go for meals.

If you are into open source, give Remnants of the precursors a try, it's a modern spiritual successor of the oldie Master of Orion.

Which is why you should only care about the personal opinion of those people when it actually relates to that reliability.

I don't care whether Linus Torvalds likes disrespecting whichever company or people he might want to give the middle finger to, or throw rants in the mailing list or mastodon to attack any particular individual, so long as he continues doing a good job maintaining the kernel and accepting contributions from those same people when they provide quality code, regardless of whatever feelings he might have about whatever opinions they might hold.

You rely on the performance of the software, the clarity of the docs, the efficiency of their bug tracking... but the opinions of the people running those things don't matter so long as they keep being reliable.

I have contributed to other projects without really needing to get involved in their community in any personal/parasocial level, though.

I just make a pull request and when the code was good it was accepted, when not it got rejected. Sometimes I've had to make changes before it getting merged, but I had no need to engage in discussions on discord or anything like that. I've been in some mailing lists to keep track on some projects, but never really engaged deeply, specially if it goes off-topic.

If I find that a good code contribution is rejected for whatever toxic reason, then the consequence of that is the code would stop being as good as it could have (because of the contributions being rejected/slowed down), so it's then that forking might be in order. Of course the code matters.

The average Windows user would easily be put off by the project if they tried it this early. I feel it'd actually be better if they don't release on Windows until they are ready. That way they can get better press when it finally releases on Windows.

The thing is that being "willfully ignorant" has served them well, so it makes it the smart move when the goal is "line go up".

Give me money and call me stupid, why would I care what a few "smart" people think when millions of "stupid" people give me all I want?

I think it's more that executives think the average consumer is stupid and cares too much about IP branding. And I feel they are not completelly wrong. Though I think the OGL fiasco showed the D&D fanbase might be smarter than that ...hopefully.

Wouldn't it be easier and more direct to simply impose a tax to those external big tech services?

I don't understand why using protection against "bad actors" as an excuse is necessary at all if getting money from big tech were the ultimate goal. A lot of people within the EU would happily support such a tax targeting big US companies, it's the privacy problems what we are pushing against, not the fees. So I'd expect a more direct and honest fee for external companies making business within the EU would be easier to pass if that were what they actually wanted, wouldn't it?

Why not just go for Tox or some other P2P serverless communication system? They can't ban / go after a system that has no central servers, can they?