A brief update on happenings
So this semester went generally well - strung together all a's and b's! Since then I've been focused mostly on the house we've taken over from my grandmother. It's been an endless stream of shenanigans across the yard... The drainage field for the property was covered over time and clogged out. Fortunately no more, and R.I.P. to my evolve shoes. Clearing out the last of the previous tenants detritus and construction materials has been achieved as well. If any reader of this space has never been to a Habitat for Humanity Restore, you're missing out. Please consider volunteering too!!!
One fun thing I've poked around at this summer has been the Microslop method for authentication over hardware security tokens. They've made hardware tokens first class citizens by including them in the passkey process... but have decided to exploit corporate risk aversion against privacy rights via Attestation Enforcement by weaponizing deployment scenarios outlined in the Security Considerations of the FIDO Key Attestion Format specification. Microslop pushes "packed" as the default option for Attestation Statements. This is the message that cryptographically confirms who an entity is during the authentication process. The "packed" method generates and sends a by-device-by-user fingerprint (are/know) with available authentication materials (have) to the authentication server. Ironically per the specification the recommended algorithm for verifying attestation statements, independent of attestation type. It's hilarious that they would go so far as to openly abuse risk aversion to implement wholesale tracking of end-users that have no other option but to employ their forced solutions or risk being ostracized from their jobs and/or society.
Track me fucking harder daddy.