Varbin  ​

@varbin@infosec.exchange
229 Followers
350 Following
3.9K Posts

Just an arctic fox doing infosec. Also doing DIY electronics and photography.

I may talk your ear off if I know you, or something about the matter. While I do I work on it, don't say I didn't warn you!

Posts may be in English or sometimes German.

See also my Pixelfed account @varbin for pictures of fursuting, DIY electronics and macro shots of flora.

Treasurer of @Port39 — the hackerspace in Stralsund.

“We can disagree and still love each other unless your disagreement is rooted in my oppression and denial of my humanity and right to exist.” — James Baldwin

I used ⁂ before it was cool.

Background image FN2A3630 is CC-BY-SA 4.0 licensed by Nixette at Wikimedia Commons (https://commons.wikimedia.org/wiki/File:FN2A3630.jpg)

Pronounshe/him, they/them, *
SpeciesArctic Fox (vulpes lagopus)
Bloghttps://blog.varb.in
Pixelfedhttps://pixel.infosec.exchange/varbin
Githubhttps://github.com/varbin
Links / Contacthttps://links.varb.in/
Varbin  ​4h ago
Things I found in a Makefile of a telephony engine.
Varbin  ​6h ago

RE: https://chaos.social/@HonkHase/115750253314850066

Chef, das ist gar kein Problem das unser ERP heute nicht richtig funktioniert. Das ist nur ein Schritt Richtung autonomer KI.

Varbin  ​2d ago
1.3.6.1.4.1.615132d ago
Why am I getting prompted to use a passkey without user action the vicroads website. What is wrong with all of you
Show threadVarbin  ​2d ago
By the way, this is the interface of Discord.
Varbin  ​2d ago

RE: https://infosec.exchange/@firstyear/115732757007000830

I have to wholeheartedly agree.

While I do like passkeys, I do like Webauthn & CTAP – the user experience sucks. On my new Android phone I would like to just login again - most of my passkeys are stored on my Yubikey.

Yet most apps randomly do or do not allow me to use it. Sometimes they want to force the password manager. For logging into my Microsoft mail account I was only allowed to select my password manager, although I only have registered my Yubikey. After log in (with password+TOTP) it started the registration flow to store a passkey in my password manager twice.

The only app that did it right is Discord: It asks of you want to use a password manager, the system native implantation (Google, I guess?) or a hardware key for registration and login. Yet I have no idea why this dialogue is not offered by the OS itself.

#Passkey #webauthn #fido2

Varbin  ​3d ago
Anne Roth3d ago

„Policymakers need to understand that AGI is a contested term.“

https://www.techpolicy.press/most-researchers-do-not-believe-agi-is-imminent-why-do-policymakers-act-otherwise/

Most Researchers Do Not Believe AGI Is Imminent. Why Do Policymakers Act Otherwise? | TechPolicy.Press

Tech Policy Press fellow Eryk Salvaggio says it is dangerous to the public interest for policymakers to center the pursuit of AGI in AI policy.

Tech Policy Press
Varbin  ​3d ago
Firstyear3d ago
I have been avoiding this for a long time, but once again I have written about the state of passkeys - https://fy.blackhats.net.au/blog/2025-12-17-yep-passkeys-still-have-problems/
Yep, Passkeys Still Have Problems

Firstyear's blog

Varbin  ​4d ago
Varbin the Fox, MSc
(Masterarbeit verteidigt!)
Varbin  ​4d ago
thunfisch4d ago

Und auch dieses Jahr ein PSA aus Erfahrungswerten: Solltet ihr die Zeit und Löffel dafür freimachen können, putzt doch noch vor dem #39c3 die Wohnung einmal auf Hochglanz durch.

Zumindest ich bin meinem past-me jedesmal extrem dankbar, wenn ich nach Hause komme und beim Post-Congress Stimmungsloch zumindest in einer ordentlichen Bude sitze, mit ein paar simpel zubereitbaren Essensvorräten.

Varbin  ​4d ago
Royce Williams4d ago
"Let us be the repository of your passkeys" and "We may terminate your account at any time and permanently refuse to communicate with you" ... seems like a bad combination?