When examining studies of 8 weeks minimum they needed .5kgs of weight loss per week for the amount lost to be considered clinically relevant.. This sounds like an explanation of the mathematics of the rule system experts have agreed on to define clinically relevant amount of weight loss.

I would presume a metastudy of studies that averages twice as long would show half the amount of exercise needed per week for clinical relevance.

> That compression is excellent but its shortcomings are evident to trained ears listening via decent playback hardware.

Sounds like the kind of training that should come with compensation for life long costs.

I doubt even the premise. Hydrogenaudio users (ie. audiophiles) can barely notice any flaws with 96 kbps lossy[1]. On a rating where 5 means "imperceptible" and 4 means "perceptible but not annoying", 96 kbps AAC scored 4.4, and 96 kbps ogg (vorbis) scored 4.2. Spotify premium uses 320 kbps ogg, which should firmly put it in "imperceptible" territory.

[1] https://listening-test.coresv.net/results.htm

I doubt the premise too, but assuming you believed it, how low would music appreciation have to be in your priorities to be willing to develop that skill?

If China were to stay exactly the same it would be dropping relatively at a pretty fast rate..

I don't think I could name more than a dozen countries that openly fight delusional thinking of a mystical nature, there's China, Cuba, Vietnam.

The quiet billionaires put up something they care a great deal about. Musk's nonsenses in the US can be interpreted many ways but his screwing Germany and the UK with his incoherent stoner thoughts is basically letting off steam at everyone's expense because a lot of people are too stupid to understand how compartmentalized success is and that he doesn't necessarily even know who he is talking about.

I think the elephant in the room is the total lack of website/framework/library support Fido has. Trying to implement support on any random site is about as insane as rolling your own crypto and having the single sign on bolt on is sort of how people selling FOSS+enterprise want it.

The end result is that it was more a standard for them more than for direct use by the little sites, and password managers getting involved only furthers that enterprise industry standard feel.

It's rather simple actually: https://developer.mozilla.org/en-US/docs/Web/API/Web_Authent..., no crypto involved

on the client side, it seems like it should be simple. in the time i allowed myself, i was not able to figure out how to integrate it server-side in my python app. you're not implementing your own crypto, but you are having to interact with and understnad crypto.

there doesn't seem to be a standard python implementation, and there's no feedback at all about what went wrong if your challenges/responses are not accepted by the client-side APIs. the error if your server-side implementation sends anything unexpected is essentially "no, that's wrong".

This doesn't look all that hard: https://github.com/mkalioby/django-passkeys but I guess it depends on how low-level your backend is.

I would personally separate auth and the application. Configuring something like Keycloak or Authelia or one of the many other alternatives to do all the difficult work for you and just logging in through SSO/SAML seems much easier than having to keep track of your own authentication rules/security hashes/salting/etc. without making a mistake.

if the solution is introducing a whole new third-party authentication provider to my existing app, i'd say that definitely counts as hard.

i spent a few minutes looking into it again, and remembered what i really found frustrating - it's all a weird mix of JSON, and byte arrays. some functions want json, and some functions want json encoded as a byte array. and some of the items in the json structure are supposed to be byte arrays?

it seems like they've gone out of their way to make it purposefully difficult to communicate between the client and the server. there's client examples to follow, and server examples to follow, but getting something between the two of them is a mystery. json doesn't have a byte array type, so making an api that depends on byte arrays in json seems needlessly obtuse. it's a standard that doesn't work without client-server communication, and it hasn't bothered to define a client-server communication method or use a datatype that can be natively communicated to the server?

Unfortunately, that's probably way too technical for most developers nowadays, who are almost proud of not being able to read a manual.

That's just the browser client part of the equation, this says nothing about the server side. The `challenge` part of the API, as well as storing and maintaining the necessary public keys and doing the actual validation of credentials, are left for the reader to implement in the backend.

The browser API makes it easy to program a client against passkeys, but that doesn't necessarily hold up for doing the server implementation. For that, you need to either find a library that matches your requirements, or read through guides like these: https://developers.google.com/identity/passkeys/developer-gu... that skim over a lot of details.

Yeah right, its easy to write a PAM module too, but configuring an authentication registration and flow is not actually a similar skill set.

Yeah, it has been frustrating me lately that there isn't a simple drop-in Passkeys-only library/framework yet. Right now the best advice is "use Auth0/Okta or competitor and configure them in Passkey-only" which adds a vendor where you shouldn't need a vendor.

The other day I just wanted to store passkeys in Deno KV without feeling like I was rolling my own crypto library. I did not succeed in the limited amount of free time I had on that personal project, and that seemed a shame and a half.

Cigarettes are the only form that is relatively easy to tax as they come with a standard dose of non nicotine that needs to ship with them to be accepted. Places that have tried to limit the volume of disposables or ban all nicotine liquid have found that it easy to smuggle a huge amount of value in a small space and/or to add purer nicotine at the last moment.

The tax wouldn't need in the nicotine though but on the devices since that's what we are disposing. How high would the tax need to be to make up for the cost of disposal? Would it be high enough to make smuggling attractive? AFAIK products in Germany (and the EU?) already have a recycling tax built-in for things like plastic packaging and it seems to work. Would this tax need to be that much higher to the point that smuggling is encouraged?

I think these are businesses development directions everyone talks about but are almost guaranteed to be a flop for any company that isn't already known in them. A few years ago everyone talked about big data hires even if they had about a GB of relevant data.

This article seems like a baseless assertion to me. There are lots of fast track like systems that are basically equivalent to a return to the earlier practices of using licenses at borders. That wasn't anywhere near a viable replacement to the issuance of all passports back then and the same issues are present now.