• 3 Posts
  • 134 Comments
Joined 4 years ago
cake
Cake day: January 21st, 2021

help-circle

  • I don’t think it is that simple. I think that outline is about the “focus”. So if I press enter it will activate that tab, if I press tab it will move the focus to the “Entire Screen” tab.

    The UX issue is that there are two concepts of focus in this UI. There is “which tab is active” and “what UI element will pressing enter activate”. These two are not sufficiently differentiated which leads to a confusing experience.

    Or maybe there can just be no keyboard focus indicator by default, but that may be annoying for keyboard power users. But this is generally how it works on the web, you have to press tab once to move keyboard focus to the first interactive element.




  • There are a few reasons. Some of them are in the users’ interest. Lots of people phrase their search like a question. “How do I turn off the wifi on my blue windows 11 laptop?”

    While ignoring stopwords like “the” and “a” has been common for a while there is lots of info here that the user probably doesn’t actually care about. “my” is probably not helping the search, “how” may not either. Also in this case “blue” is almost certainly irrelevant. So by allowing near matches search engines can get the most helpful articles even if they don’t contain all of the words.

    Secondly search engines often allow stemming and synonym matching. This isn’t really ignoring words but can give the appearance of doing so. For example maybe “windows” gets stemmed to “window” and “laptop” is allowed to match with “notebook”. You may get an article that is talking about a window of opportunity and writing in notebooks and it seems like these words have been ignored. This is generally helpful as often the best result won’t have used the exact same words that you did in the query.

    Of course then there are the more negative reasons.

    1. Someone decided that you can’t buy anything if your product search returns no results. So they decided that they will show the “closest matches” even if nothing is anywhere close. This is infuriating and I have stopped using many sites because of it.
    2. If you need to make more searches or view more pages you also see more ads.



  • kevincox@lemmy.mlMtoOpen Source@lemmy.mlELI5: What is RISC-V?
    link
    fedilink
    arrow-up
    25
    ·
    edit-2
    5 months ago

    For software to run on a computer it needs to speak the computer’s “language”. This is typically called “machine language” but differs across different hardware. For example most modern Intel and AMD processors speak x86_64. This language has ways to express different operations such as “add these two numbers” or “put this CPU core into a low power mode”. This is the fundamental way that software works, but running in this language.

    There are languages that are completely different, such as ARM which is very common on mobile devices and is the language used by Apple’s new M chips. These have basically nothing in common with x86_64.

    These languages also evolve over time. For example x86_64 is a significant extension to the older x86 language. For the most part this is fine, it is like the CPU now knows more words, if you use those new words the new CPU will understand them, but older CPUs won’t.

    RISC-V is a new machine language. What makes it interesting is that it is a free and open specification. This means that anyone can create a new RISC-V CPU, unlike x86_64 where you need to buy a license from Intel or ARM where you need to buy a license from the ARM corporation. Most people think that this openness has major benefits, for example now anyone can create a new processor which may be better, rather than having innovation being stifled by licensing costs (if you can even get a license) or needing to create their own machine language and require huge amounts of effort to migrate software to it.

    Note: It is important not to confuse “machine language” with “programming language”. When people write software they very rarely write code in machine language directly. Usually they use a programming language which is then converted into the machine language of the CPU it will run on.





  • The problem with Yubikey is that it doesn’t have a good enough management story for broad use. I do use it for a few core sites (like GitHub) but if I lose a key I need to get a replacement and register that replacement with every site I have set up U2F 2FA on. This is ok with a few core accounts but doesn’t scale to the hundreds of sites that I have an account with. I am sure to miss a few and then either I can’t log in with the new key or get completely locked out when I lose that key and get a second replacement.



    1. Salt doesn’t matter if your password is unique.
    2. If they can download data via SQL injection having them log in probably doesn’t matter that much.
    3. If they can dump your password/hash they can likely also dump the TOTP secret.
    4. A lot of website security expert attention is focused on raising the minimum security level. If you are using randomly generated passwords + auto-fill you are likely above their main target audience.

    So yes, it is slightly better, but in practice that difference probably doesn’t matter. If you use U2F then you may have a meaningful security increase but IMHO U2F is not practical to use on every site due to basically being impossible to manage credentials.

    So yes, it is better. But for me using random passwords and a password manager it isn’t worth the bother.