Agreguesi i feed

Hashicorp co-founder Mitchell Hashimoto says GitHub's frequent outages have made it "no longer a place for serious work," prompting him to move his Ghostty terminal emulator project elsewhere after 18 years on the platform. The Register reports: "I've been angry about it. I've hurt people's feelings. I've been lashing out. Because GitHub is failing me, every single day, and it is personal. It is irrationally personal," he wrote. The reason for his ire is the service has become unreliable. "For the past month I've kept a journal where I put an 'X' next to every date where a GitHub outage has negatively impacted my ability to work," he wrote. "Almost every day has an 'X'. On the day I am writing this post, I've been unable to do any PR review for ~2 hours because there is a GitHub Actions outage." Hashimoto penned his post a few days before an April 28 incident that saw pull requests fail to complete due to an Elasticsearch SNAFU. Incidents like that mean Hashimoto has decided GitHub "is no longer a place for serious work if it just blocks you out for hours per day, every day." "It's not a fun place for me to be anymore," he lamented. "I want to be there but it doesn't want me to be there. I want to get work done and it doesn't want me to get work done. I want to ship software and it doesn't want me to ship software." The developer says he wants GitHub to improve, but "I also want to code. And I can't code with GitHub anymore. I'm sorry. After 18 years, I've got to go." He's open to a return if GitHub can deliver "real results and improvements, not words and promises." But for now, he's working to move Ghostty to another collaborative code locker. "We have a plan but I'm also very much still in discussions with multiple providers (both commercial and FOSS)," Hashimoto wrote. "It'll take us time to remove all of our dependencies on GitHub and we have a plan in place to do it as incrementally as possible." He's doing the equivalent of leaving a toothbrush at a former partner's house by leaving a read-only mirror of Ghostty on GitHub, and by keeping his personal projects on the Microsoft-owned service. But Hashimoto's moving his day job somewhere new. "Ghostty is where I, our maintainers, and our open source community are most impacted so that is the focus of this change. We'll see where it goes after that," he concluded.

Read more of this story at Slashdot.

Tony Isaac shares a report from NPR: Federal survey data shows that the amount of math homework assigned to fourth and eighth grade students, in particular, has been steadily declining for the past decade. Some educators and parents say this is a good thing -- students shouldn't spend six or more hours a day at school and still have additional schoolwork to complete at home. But the research on homework is complicated. Some studies show that students who spend more time on homework perform better than their peers. For example, a longitudinal study released in 2021 of more than 6,000 students in Germany, Uruguay and the Netherlands found that lower-performing students who increased the amount of time they spent on math homework performed better in math, even one year later. Other studies, however, suggest homework has minimal outcomes on academic performance: A 1998 study of more than 700 U.S. students led by a researcher at Duke University found that more homework assigned in elementary grades had no significant effect on standardized test scores. The researchers did find small positive gains on class grades when they looked at both test scores and the proportion of homework students completed. More homework was also associated with negative attitudes about school for younger children in the study. "The best educators figured out a long time ago that we can control what we can control," and that's what happens during the school day, Superintendent Garrett said, not homework. "There has been a shift away from it naturally anyway, and I felt like this made it equitable across our entire school system." "The best argument for homework is that mathematical procedures require practice, and you don't want to waste classroom time on practice, so you send that home," said Tom Loveless, a researcher and former teacher who has studied homework. Ariel Taylor Smith, senior director of the Center for Policy and Action at the National Parents Union, said: "The thing they point to is that it's an equity issue, and not all parents have the same availability and ability to support their students. I would make the argument that if a kid is really far behind in school, that's an equity issue. They need the additional time to practice." Kids, she said, "need more practice ... Sometimes, you do have to practice the boring stuff, like math." "The interesting issue for folks to consider is not should there be more homework, but should there be better homework," said Joyce Epstein, who has studied homework and is the co-director of the Center on School, Family, and Community Partnerships at the Johns Hopkins University School of Education. "Better homework in math might be knowing the fact that kids don't have to be practicing for hours, 10 to 20 examples," when they could establish mastery in less time.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Humanoid robots are getting a new gig as baggage handlers and cargo loaders at Tokyo's Haneda Airport -- part of a Japan Airlines experiment to address a human labor shortage as airport visitor numbers have surged in recent years. The demonstration, set to launch in May 2026, could eventually test humanoid robots in a wide range of airport tasks, including cleaning aircraft cabins and possibly handling ground support equipment such as baggage carts, according to a Japan Airlines press release. The trials are scheduled to run until 2028, which suggests that travelers flying into or out of Tokyo may spot some of the robots at work. [...] Japan Airlines is interested in testing whether humanoid robots powered by some of the latest AI models can adapt more readily to human work environments -- such as airports -- without requiring dedicated work stations or other significant workplace modifications. The airline's subsidiary, JAL Ground Service, has teamed up with GMO AI & Robotics Corporation to oversee the demonstration. The Japanese companies will test the G1 robot and Walker E robot from Chinese companies Unitree Robotics and UBTECH Robotics, according to The Asia Business Daily. Humanoid robots still typically cost tens of thousands of dollars per unit despite Chinese robotics manufacturers scaling up mass production, although the Unitree G1 robot costs as low as $13,500 for the baseline model. A new video from an apparently staged demonstration in an aircraft hangar shows one of the humanoid robots tottering up to a large, metal cargo container and making a vague pushing gesture. But the cargo container only begins to move once a human worker starts the conveyor belt to move the container toward the aircraft. Presumably, the robots will need to put in much more effective work if they're to prove as productive as human airport workers. Having robots working directly alongside humans will also introduce new safety considerations for airports like Haneda Airport, which is Japan's second-largest airport, with flights arriving approximately every two minutes. The first step in the pilot program will involve identifying which airport areas will be safest for humanoid robots.

Read more of this story at Slashdot.

Version:next-20260429 (linux-next) Released:2026-04-29

An anonymous reader quotes a report from NBC News: The Food and Drug Administration on Friday granted a quick review of three experimental psychedelic drugs meant to treat major depression and post-traumatic stress disorder. It's the latest move by the Trump administration signaling a shift in policy toward treatments that also give users a high -- coming a day after the Justice Department said it would ease restrictions on state-licensed medical marijuana. UK-based biotech company Compass Pathways said Friday it has received an expedited review for its experimental form of synthetic psilocybin for treatment-resistant depression. In a press release the company cited two large, phase 3 studies that had "generated positive data." Usona Institute, headquartered in Wisconsin, also said it's received a voucher for its work with psilocybin to treat major depressive disorder. In an email, a Usona spokesperson said the company expects the review process to last one to two months after it submits its application. "The voucher expedites the timeline only; it does not alter scientific or regulatory standards," the spokesperson wrote. New York-based Transcend Therapeutics has also been granted a priority review voucher for its experimental drug methylone for PTSD, Blake Mandell, the company's chief executive officer, said. "There's a battle still raging in their mind that we don't fully understand biochemically," FDA Commissioner Marty Makary said. "When you see something that looks promising for a community that is suffering with mental health illness, despair and suicidal ideation, you can't help but recognize that." Makary told NBC News that with the priority voucher program, the agency could potentially approve the first psychedelic drug by the end of summer.

Read more of this story at Slashdot.

fjo3 shares a report from The Times: More than two-thirds of babies under two use screens, a report has found, and some are exposed for up to eight hours a day. Nearly a third of newborns were found to be watching screens for more than three hours a day, while almost 20 percent of infants of four to 11 months used screens for more than an hour a day. The report comes after the government issued guidance that children under two do not use screens at all, apart from communal activities such as video-calling relatives. In a review of the current research, researchers found evidence linking screen time to poorer outcomes for children, including an increased risk of obesity, short-sightedness, sleep and behavioural difficulties, and later challenges with friendships. [...] The research also revealed why children and parents use screens, with families reporting children doing so for educational purposes, entertainment, play and to communicate and bond with others. Parents, meanwhile, used screens to occupy or distract children, which helped caregivers to complete domestic duties, paid employment and other caring responsibilities. Nearly a quarter of parents -- 23.6 percent -- either had no childcare or were not aware of the government's early years offer.

Read more of this story at Slashdot.

I heard the news about Seth Nickell’s passing last week, and have been in a bit of a funk ever since.

Seth was brilliant, iconoclastic, fearless.

It’s been a long while since Seth was an active part of the GNOME Community, but his influence on the project can still be seen in its DNA if you know where to look. He arrived on the GNOME scene while still in school with hundreds of ideas on how to improve things. It was an interesting time: We had just launched GNOME 1.5 and were searching for a new path towards GNOME 2.0. The Sun usability study had been published and the community had internalized the need to change directions. Seth rolled up his sleeves and did the work needed to help light that path.

Seth championed radical proposals such as instant apply, button ordering, message dialog fixes, and more. He cleaned up the control-center proposing some of the most visible changes from GNOME 1 to 2. He also did the initial designs for epiphany, pushing for a cleaner browser experience during an era of high browser complexity. He had a vision of desktops as a democratic tool, as easy and natural to use as any other tool in the human experience.

As a designer, Seth was focused on trying to understand who we were designing for and making sure we were solving problems for them. While he wasn’t beyond fixing paddings / layouts, he wanted to get the Big Picture right. He wasn’t beyond rolling up his sleeves writing code to move things forward, but was at his best as a champion and visionary, arguing for us to take risks and continue to innovate.

Spending time was Seth was a hoot. He had such a flair for the dramatic. I remember…

• …the time he sold the design for what would become NetworkManager to a bunch of engineers. He got up on the stage and announced: “We are going to make this [holding an ethernet cable] as easy to use as this [producing a power plug]!” It’s hard to describe how many steps it took to set up networking back then.
• …his vision of an improved messaging system — Project Yarrr. He used (U+2620) as the SVN repo name partially to see how many internal tools weren’t UTF-8 clean.
• …him breaking out into an operatic rendition of “Tradition” when  developers were pushing back on a change he was proposing.
• …the time he changed everyone’s background in the RH office to have crop circles over night. He showed up the next morning in a robe dressed as an old-testament prophet, beating a drum and carrying a “RHEL5 IS NIGH” sign.
• …hanging  printouts of hate mail he got for various design choices outside of the Mega Cube (a group activity)!
• And everyone who was around for the Dark Princess Incident will always remember it.

Being one of the public faces of GNOME2 was hard, and he moved on. Later, he worked on OLPC and Sugar, and made his mark there. After that, he seemed to travel a lot. We lost touch, though he’d reappear every couple of years to say hi. I hope he found what he was looking for.

Farewell, my friend. The world now has less color in it.

Elon Musk testified on day two of his trial against OpenAI, saying he helped create the company as a nonprofit counterweight to Google and would not have backed it if the goal had been private profit. CNBC reports: Musk on Tuesday was the first witness called to testify in the trial. He spoke about his upbringing, his many companies, his role in founding OpenAI and his understanding of its structure. Musk said in his testimony that he was not opposed to the creation of a small for-profit subsidiary, "as long as the tail didn't wag the dog." Musk said he was motivated to start OpenAI to serve as a counterweight to Google. He got the idea after an argument he had with Google co-founder Larry Page, who called Musk a "speciesist for being pro-human," he testified. "I could have started it as a for profit and I chose not to," Musk said on the stand. Earlier, attorneys for Musk and OpenAI presented their opening arguments to the jury. Musk's lead trial lawyer, Steven Molo, delivered the opening statement for the Tesla and SpaceX CEO. OpenAI lawyer William Savitt gave the opening statement for the AI company, Altman and Brockman. OpenAI has characterized Musk's lawsuit as a baseless "harassment campaign." The company said Monday in a post on X that it "can't wait to make our case in court where both the truth and the law are on our side." During his testimony on Tuesday, Musk repeatedly emphasized that he founded OpenAI to serve as a counterweight to Google. He said he got the idea after an argument about AI safety with Google co-founder Larry Page, who Musk said called him "a speciesist for being pro-human." Musk said he was concerned Page was not taking AI safety seriously, so he wanted there to be an nonprofit, open source alternative to Google. "I could have started it as a for profit and I chose not to," Musk said on the stand. Further reading: Elon Musk and OpenAI CEO Sam Altman Head To Court

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: University of Oregon chemist Christopher Hendon loves his coffee -- so much so that studying all the factors that go into creating the perfect cuppa constitutes a significant area of research for him. His latest project: discovering a novel means of measuring the flavor profile of coffee simply by sending an electrical current through a sample beverage. The results appear in a new paper published in the journal Nature Communications. [...] The coffee industry typically uses a method for measuring the refractive index of coffee -- i.e., how light bends as it travels through the liquid -- to determine strength, but it doesn't capture the contribution of roast color to the overall flavor profile. So for this latest study, Hendon decided to focus on roast color and beverage strength, the two variables most likely to affect the sensory profile of the final cuppa. His solution turned out to be quite simple. Hendon repurposed an electrochemical tool called a potentiostat, typically used to test battery and fuel cell performance. Hendon used the tool to measure how electricity interacted with the liquid. He found that this provided a better measurement of the flavor profile. He even tested it on four different samples of coffee beans and successfully identified the distinctive signature of a batch that had failed the roaster's quality-control process. Granted, one's taste in coffee is fairly subjective, so Hendon's goal was not to achieve a "perfect" cup but to give baristas a simple tool to consistently reproduce flavor profiles more tailored to a given customer's taste. "It's an objective way to make a statement about what people like in a cup of coffee," said Hendon. "The reason you have an enjoyable cup of coffee is almost certainly that you have selected a coffee of a particular roast color and extracted it to a desired strength. Until now, we haven't been able to separate those variables. Now we can diagnose what gives rise to that delicious cup." Outside of his latest electrical-current experiment, Christopher Hendon's coffee research has shown that espresso can be made more consistently by modeling extraction yield -- how much coffee dissolves into the final drink -- and controlling water flow and pressure. He also found that static electricity from grinding causes fine coffee particles to clump, which disrupts brewing. The solution: adding a small squirt of water to beans before grinding (known as the Ross droplet technique) to reduce that static, cut clumping and waste, and lead to a stronger, more consistent espresso.

Read more of this story at Slashdot.

Apple's Vision Pro has been used in what's described as the world's first cataract surgery performed with the headset. MacRumors reports: [New York opthalmologist] Dr. Eric Rosenberg of SightMD completed the initial procedure in October 2025 and has since performed hundreds of additional cases using ScopeXR, a surgical platform he co-developed for Apple's mixed reality device. ScopeXR streams live feeds from 3D digital surgical microscopes directly into the Vision Pro, which lets the surgeon view the operative field in stereoscopic 3D while overlaying preoperative diagnostic data. The platform also supports real-time remote collaboration, allowing surgeons to virtually join procedures and see exactly what the operating surgeon sees. "We are now able to bring the world's best surgeon into any operating room, at any hour, from anywhere on the planet," said Dr. Rosenberg in a company press release. "From residents performing their first cases to surgeons facing unexpected complications, this technology democratizes access to expertise and that will save vision."

Read more of this story at Slashdot.

Sony is reportedly rolling out a 30-day online check-in requirement for some digital PS4 and PS5 games, meaning players could temporarily lose access if their console does not reconnect to renew the license. Tom's Hardware reports: In the info page of an affected game, you'd see a new validity period and a "remaining time" deadline. At first, this seemed like a software bug, but now PlayStation Support has confirmed its authenticity to multiple users. PlayStation owners are furious about the change. From what we've seen, this DRM is intended for digital game copies. It works by instating a mandatory online check-in where you have to connect to the internet within a rolling 30-day window or risk losing access to the game. Afterward, you can still restore access, but you'll need an internet connection to renew the game's license first. So far, it seems like only games installed after the recent March firmware update are affected. Affected customers report that setting your PS4 or PS5 as the primary console doesn't alleviate this check-in policy either. No matter what, any game you download from now on will feature this new requirement, effectively eliminating the concept of offline play for even single-player titles.

Read more of this story at Slashdot.

Apple is adding a new App Store subscription option that lets developers offer lower monthly prices in exchange for a 12-month commitment. "This model will allow developers to offer discounted rates to customers in exchange for more predictable long-term revenue," reports TechCrunch. "This also caters to how many developers have already been marketing their annual subscriptions in their apps." From the report: Often, app developers will display the lower monthly price to highlight the discount the customer would receive if they purchase the annual subscription instead of the monthly option. If the user is on the fence about a longer-term commitment, the notion that they're getting a better deal can help to push them toward the annual option. Now, Apple is essentially formalizing what these developers were already doing, which allows it to also craft a set of policies around how these subscription offers are to be displayed so as not to mislead customers about the true cost of the deals. However, the option will not be available to developers in the United States or Singapore at launch. While Apple didn't offer an explanation for this, it's still in App Store litigation in the U.S. around the specifics of the court's ruling in its case with Epic Games around how Apple can charge for subscriptions. Apple likely doesn't want to complicate the matter further until that matter is finalized. Singapore, meanwhile, also has a sophisticated payments market with strong consumer rules, which is why it may have been left out of the initial release.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Wired: For its famous intractability, the Bloomberg Terminal has long inspired devotion, bordering on obsession. Among traders, the ability to chart a path through the software's dizzying scrolls of numbers and text to isolate far-flung information is the mark of a seasoned professional. But as a greater mass of data is fed into the Terminal -- not only earnings and asset prices, but weather forecasts, shipping logs, factory locations, consumer spending patterns, private loans, and so on -- valuable information is being lost. "It has become more and more untenable," says Shawn Edwards, chief technology officer at Bloomberg. "You miss things, or it takes too long." To try to remedy the problem, Bloomberg is testing a chatbot-style interface for the Terminal, ASKB (pronounced ask-bee), built atop a basket of different language models. The broad idea is to help finance professionals to condense labor-intensive tasks, and make it possible to test abstract investment theses against the data through natural language prompts. As of publication, the ASKB beta is open to roughly a third of the software's 375,000 users; Bloomberg has not specified a date for a full release. Wired spoke with Edwards at Bloomberg's palatial London headquarters in early April, where he shared several examples of what ASKB can do. "With ASKB, I can create workflow templates. I can write a long query, and say, 'Hey, here's all the data I'm going to need. Give me a synopsis of the bull and bear cases, what the Street is saying, what the guidance is.' Now, I want to schedule [the workflows] or trigger them when I see this or that condition in the world." As for what separates mediocre traders from the best, assuming both have access to the same data, Edwards said: "These tools are not magical. They don't make an average [employee] all of a sudden great. The difference will be your ideas. In the hands of experts, it allows them to do better analysis, deeper research -- to sift through 10 great ideas when they might have only had time for one. If you're a mediocre analyst, they'll be 10 mediocre ideas."

Read more of this story at Slashdot.

Google has reportedly signed a classified agreement allowing the Pentagon to use its AI models for "any lawful government purpose." While the deal is said to discourage domestic mass surveillance and autonomous weapons without human oversight, it apparently does not give Google the power to block how the government actually uses its models. The Verge reports: The agreement was reported less than a day after Google employees demanded CEO Sundar Pichai block the Pentagon from using its AI amid concerns that it would be used in "inhumane or extremely harmful ways." If the agreement is confirmed, it would place Google alongside OpenAI and xAI, which have also made classified AI deals with the US government. Anthropic was also among that list until it was blacklisted by the Pentagon for refusing the Department of Defense's demands to remove weapon and surveillance-related guardrails from its AI models. Citing a single anonymous source "with knowledge of the situation," The Information reports that the deal states that both parties have agreed that the search giant's AI systems shouldn't be used for domestic mass surveillance or autonomous weapons "without appropriate human oversight and control." But the contract also says it doesn't give Google "any right to control or veto lawful government operational decision-making," which would suggest the agreed restrictions are more of a pinky promise than legally binding obligations.

Read more of this story at Slashdot.

fjo3 writes: The United Arab Emirates announced Tuesday that it would exit the Organization of the Petroleum Exporting Countries (source paywalled; alternative source), or OPEC, along with the wider group of partners known as OPEC+, effective May 1, in what could be a blow to control over prices by the group, long led in practice by Saudi Arabia. The move "reflects the UAE's long-term strategic and economic vision and evolving energy profile" read an official statement carried by a UAE state news agency, as disruptions "in the Strait of Hormuz continues to affect supply dynamics." [...] The UAE is the second Persian Gulf country to leave the group after Qatar terminated its membership in 2019. The UAE has been a member of OPEC since 1971. The latest departure leaves in place 11 core members: Algeria, Congo, Equatorial Guinea, Gabon, Iran, Iraq, Kuwait, Libya, Nigeria, Saudi Arabia and Venezuela.

Read more of this story at Slashdot.

Think about Linux security like the structural integrity of a building. Most information security best practices focus on the front door''locks, cameras, and ID badges. That's the "policy" layer. It's great for keeping people out, but it doesn't address what happens to the foundation if those locks fail.

Bay Area homeowner and investment banker Storm Duncan is trying to swap a 13-acre Mill Valley property for Anthropic equity instead of cash. He created a LinkedIn page for the home, describing the move as a "diversification play" because he is "under-concentrated in AI investments relative to the importance of AI in the future, and over-concentrated in real estate." A young Anthropic employee, Duncan says, might be "in the exact opposite scenario." TechCrunch reports: Duncan is asking potential buyers to email him to discuss deal specifics, but he said it would be a private transaction that doesn't require the buyer to sell their stock outright. On LinkedIn, he also said the homebuyer would "continue to retain 20% of the upside value of the shares exchanged for the duration of the lockup period." Duncan, who described himself as a longtime Bay Area resident who moved to Miami during the pandemic, bought the property in 2019 for $4.75 million. It's currently occupied by "a high-profile VC," he said, but he declined to identify the VC.

Read more of this story at Slashdot.

An anonymous reader quotes a report from NPR: A divided U.S. Supreme Court on Monday heard a dispute over labels on the popular Roundup weed killer, which thousands of people blame for their cancers. How the Supreme Court rules could have implications for tens of thousands of lawsuits against Roundup maker Monsanto, which is now owned by Bayer. The case centers on who decides about warning labels on chemicals: the federal government -- or states or juries. [...] The justices will not be evaluating whether glyphosate causes cancer. Rather, they'll consider who should decide what appears on warning labels and whether states have a role to play after the EPA weighs in. The current U.S. solicitor general backed Monsanto. Sarah Harris, his principal deputy, said the Environmental Protection Agency is in the driver's seat, not anyone in Missouri. "Missouri thus requires adding cancer warnings but federal law requires EPA to approve new warnings and tasks EPA with deciding what label changes would mitigate any health risks," Harris argued. "State law must give way." Several justices, including Brett Kavanaugh, appeared to agree with Monsanto's argument about the need for a single, uniform standard across the country. But others, like Chief Justice John Roberts, wondered what would happen if the federal government moved more slowly than states did, who wanted to act quickly on information about new dangers. "Well, it does undermine the uniformity," Roberts said. "On the other hand, if it turns out they were right, it might have been good if they had an opportunity to do something, to call this danger to the attention of people while the federal government was going through its process," he said about states. Justice Ketanji Brown Jackson asked about the emergence of new science, and the EPA's reviews. "There's a 15-year window between when that product has to be re-registered again and lots of things can happen in science, in terms of development about the product," she said. Bayer, which now owns Monsanto, only sells Roundup that contains glyphosate to farmers and businesses these days. Bayer has been pushing to resolve scores of the residential cases through a sweeping settlement, trying to put the costly claims behind it.

Read more of this story at Slashdot.

I got myself a Yubikey recently, and I wanted to use it as a nice convenience to:

1. Grant me sudo privileges
2. Unlock my session
3. Decrypt my LUKS-encrypted disk

I've only managed to do the first two, since they both rely on Linux Pluggable Authentication Modules (PAM). Luckily for me, one of PAM's modules supports U2F, the standard Yubikeys rely on.

First I need to install pam-u2f to add U2F support to PAM, and pamu2fcfg to configure my key.

$ sudo rpm-ostree install pam-u2f pamu2fcfg

Since I'm running an immutable OS I need to reboot, and then I can create the correct directory and file to dump an U2F key into it.

$ mkdir -p ~/.config/Yubico $ pamu2fcfg > ~/.config/Yubico/u2f_keys

Then I make sure to have a root session open in case I lock myself out of sudoers.

$ sudo su #

In a different terminal, I can edit the sudoers file to add this line

#%PAM-1.0 auth sufficient pam_u2f.so cue openasuser auth include system-auth account include system-auth password include system-auth session optional pam_keyinit.so revoke session required pam_limits.so session include system-auth

I save this file and open a new terminal. I type in sudo vi and it asks me to touch my FIDO authenticator before opening vi! If I touch the Yubikey, it indeed opens vi with root privileges.

Let's break down the line:

• auth for authentication
• sufficient passing this authentication challenge is enough (it's not an additional factor of authentication)
• pam_u2f.so the module we load is for U2F, the standard Yubikeys use
• cue print "Please touch the FIDO authenticator." when the user needs to authenticate
• openasuser to fetch the authentication file without root privileges

It's also possible to use it to unlock my session, but it would be a bit reckless to allow anyone with my Yubikey to log into my laptop. If my backpack gets stolen and it has both my Yubikey and my laptop, anyone can log in.

It's possible to make the login screen require either my user password, or all of

• The Yubikey itself
• The PIN of the Yubikey
• Me to touch the Yubikey

If someone fails more than three times to enter the correct PIN, the Yubikey will lock itself and require a PUK to be unlocked. This gives me an additional layer of security, and it's more convenient than having to type a full length passphrase.

I've added the following line to /etc/pam.d/greetd (the greeter I use):

#%PAM-1.0 auth sufficient pam_u2f.so cue openasuser pinverification=1 userpresence=1 auth substack system-auth [...]

[!warning] I can lose my Yubikey

I use my Yubikey as a nice convenience to set up a weaker PIN while not compromising too much on security. I use it instead of a password, no in addition to it.

Since I can lose or break my Yubikey and I don't want to buy two of them, I make the U2F login sufficient but not required. This means I can still fallback to password authentication if I lose my Yubikey.

Finally, DankMaterialShell uses its own lockscreen manager too. I still want to be able to fallback to password authentication if need be, so I'll configure it to accept U2F OR the password, not both.

This means that the lockscreen will call /etc/pam.d/dankshell-u2f to know what to do when the screen is locked. Since this file doesn't exist, I can create it with the following content.

#%PAM-1.0 auth sufficient pam_u2f.so cue openasuser pinverification=1 userpresence=1

I need a fallback for when I don't have my Yubikey, so I also create the one for this occasion

#%PAM-1.0 auth include system-auth

Finally, I have a consistent setup where both my login and lock screen require me to plug my key, enter its PIN and touch it, or enter my full password. When it comes to sudo, I can only touch my key without requiring an PIN.

My next quest will be to use my Yubikey to unlock my LUKS-encrypted disk.

Most information security best practices are built on a single, comfortable assumption: that the "root" gate is locked and only the administrator holds the key. We assume that unless we explicitly hand over credentials, the core of the system is off-limits.