anyone know a reason that chrome would refuse (as in "service is unreachable") to connect to the synology GUI on port 5000 (either by ip address or hostname) when every other browser and telnet work just fine

synologynas:5000 doesn't work in incognito mode either so it's not a problem with any state or extensions

chrome doesn't seem to have a problem with port 5000 in general, I can start a local web app on localhost:5000 and chrome connects to it, doesn't try to force https, etc

I can access it in chrome on my phone, but not on my computer

chrome just says "http://<ip>:5000/ is unreachable." when every other tcp/ip capable program on this laptop has no problem with it

anyone know a reason that chrome would refuse (as in "service is unreachable") to connect to the synology GUI on port 5000 (either by ip address or hostname) when every other browser and telnet work just fine

@blaine @darius @evan right, product development does not consist of someone having an idea and giving the blueprints to a developer, it is conversational and both parties push it in different directions, can both tell each other they're solving the XY problem, etc

@blaine @evan @darius part of this is that programming, like a lot of other things, has the property that if you get good at it, the scope and complexity of your ideas for what to do with it grow

you also find out that growing and maintaining programs is a different sort of problem that writing the first draft

you also find out that a lot of the effort of making software is not in writing code, it's in thinking and talking to other people about it

@blaine @evan @darius the fallacy at the core of a lot of this stuff is the idea that the hard part of making software is writing the first draft of it. which... it's not that programming isn't difficult and making it more accessible isn't good, but once you become passably ok at it you just start finding lots of other problems you previously weren't aware of

the really baffling thing about a lot of "security" design is that it doesn't account for the fact that it is an extremely common event to have one's phone stolen. my phone is the most vulnerable thing I own, stop tying my credentials to it

passwords are very problematic but people do understand what they are and what it expected from them. asking the user to adopt passkeys without explaining their obligations if they want to retain account access is just offering to lock them out of their account

my current password scheme: has no essential state, requires storing nothing, cannot be breached by stealing my phone, its keys can be written down on paper, I cannot be physically compelled to reveal any of it

passkeys+biometrics: the opposite of all these

given the opaque nature of the essential state, it requires a ux solution that boils down to "the user must retain a particular physical device, or access to a vault where the keys are stored, which is secured with a password"

I actually don't understand how you can look at the ux and security problems with passwords and conclude that making users retain a set of private keys, a concept that is completely opaque to most people, will help at all

you're replacing passwords with "the user has to retain a set of private keys or else they lose access to their accounts", which implies stealing a physical device with said keys gets you into the victim's accounts

ok now I've remembered the rest of how passkeys work and they're *really* stupid

replacing passwords with biometrics is a terrible idea, sorry

do they replace passwords, do they perform some auxiliary function, am I responsible for retaining them, what happens if they get lost, how do they work across devices

I am finding them absolutely impenetrable to understand which bodes poorly for them actually helping users

e.g. are biometrics an essential part of passkeys, and if so: A. that is really silly and B. how does this work when I am not using a phone

I am a software developer with some understanding of security and cryptography and *I* have found passkeys hard to understand from existing available information

I see the great history of educating users on security continuing as a website offers to save a "passkey" on my computer with no explanation of what a passkey is