Passkeys seem to be advertised in ways that puts people off:

• TPMs, Secure Enclaves, etc. are deeply closed-source and security by obscurity. Until there is an open TPM implementation available, many users may prefer not to rely on them. It seems like KeepassXC allows circumventing TPM for Passkeys, but most people probably don’t know that.

• Too much “trust me bro, my cloud is safe” advertising from big Passkey advocates like Google.

• A classic hardware key may be indistinguishable from a normal password being entered. But Google has announced they want to push passkeys against user’s wishes here: “Is opting-into passkey mandatory? No, […]. However, over time, as users become more accustomed to passkeys, we might limit where we allow passwords to be used because they’re less secure than passkeys.” Again, not a great look.

• Collecting biometric data is always dangerous. I’m aware that Passkeys can be used without that, but many people may be put off before they realize that.

I think that’s why Passkeys have poor adoption among privacy advocates, even though most problems seem fixable.

Gitlab.com has similar problems, sadly. Meanwhile, I haven’t ever heard of Codeberg doing somethign similar, but who knows I guess.

Gitlab has a horrible UI when you have a smaller screen or lower end device, and I heard also not really great server-side performance compared to forgejo and gitea.

Also, the gitlab.com instance randomly blocks people or demands their credit card data.

It is shocking that this (apparently???) doesn’t seem to be illegal.

AGI talk seems for now to be merely hype to get investors.

LLMs seem likely to be dead end for any logical thought: https://www.forbes.com/sites/corneliawalther/2025/06/09/intelligence-illusion-what-apples-ai-study-reveals-about-reasoning/ This means at the end of the day you just get a sloppy illusion with no useful coherence as soon as it exceeds the complexity of a literal lazy copy&paste job: https://fortune.com/2025/08/18/mit-report-95-percent-generative-ai-pilots-at-companies-failing-cfo/

There is currently no technological innovation to fix this. Instead, AI progress seems to be stalling: https://futurism.com/artificial-intelligence/experts-concerned-ai-progress-wall

LLMs seem likely to be dead end for any logical thought: https://www.forbes.com/sites/corneliawalther/2025/06/09/intelligence-illusion-what-apples-ai-study-reveals-about-reasoning/ This means at the end of the day you just get a sloppy illusion with no useful coherence as soon as it exceeds the complexity of a literal lazy copy&paste job: https://fortune.com/2025/08/18/mit-report-95-percent-generative-ai-pilots-at-companies-failing-cfo/

There is currently no technological innovation to fix this. Instead, AI progress seems to be stalling: https://futurism.com/artificial-intelligence/experts-concerned-ai-progress-wall

Therefore, it’s not naive to assume it may go nowhere until proven otherwise.

Configs are often shared, just to explain my reservations with TOML. For my project, I used INI instead.

I don’t really trust IBM to know what they’re doing, but it’s still a nice sign.

I can’t really decide what extensions my users will face, once they are supported. Therefore too many extensions seems bad to me.

INI can be nicer for non-techies due to its flat structure. However, TOML seems to be in an awkward spot: either I want flat approachable (I’ll pick INI) or not (I’ll pick JSONC). Why would I want a mix?

It’s so good. https://www.youtube.com/watch?v=3400S4qMH6o

The lack of intelligence is inherent for LLMs: https://www.forbes.com/sites/corneliawalther/2025/06/09/intelligence-illusion-what-apples-ai-study-reveals-about-reasoning/

This is likely why Apple is the only big tech company that hasn’t entered the AI race with tons of debt and tons of data centers. They’re likely seeing the writing on the wall.

While there could be a new technique arriving to solve this some day, there also may never be one.

It’ll backfire for any non-trivial code base at some point. LLM plagiarized code is just too inherently lacking any sense of big picture. Gen AI doesn’t have the necessary intelligence. I keep linking it but it keeps being relevant: https://www.forbes.com/sites/corneliawalther/2025/06/09/intelligence-illusion-what-apples-ai-study-reveals-about-reasoning/

I doubt it. https://www.forbes.com/sites/corneliawalther/2025/06/09/intelligence-illusion-what-apples-ai-study-reveals-about-reasoning/ Gen AIs are literally so unable to have any basic logical thought, I think this is merely the hype.

To anybody still being scared, watch this: https://www.youtube.com/watch?v=3400S4qMH6o

I have no Android phones. Just avoid the privacy disaster apps entirely. Switch your banks, buy transport tickets that are printed out. It’s a nuisance but it’s possible.

Available options for mostly open systems among others seem to be the PinePhone, the ClockworkPi uConsole, and the Librem 5. The latter two seem to have significant shipping delays and more technical caveats, however.

While on some level I agree, perhaps it’s time to push Linux phones as well?

For anybody who has any sort of techie knowledge, that could be a better long term option once Linux phones get more momentum and funding.

Seems like part of the problem is that once they identify AI being involved in a contribution, they’re not rejecting it immediately.

I disagree TPM is a good candidate.

And I think many of us reject the premise we should submit to any central id provider for half of the internet in the first place. There are less risky approaches: https://www.politico.com/news/2025/10/13/california-law-online-age-checks-00606115