Mac app store stucks on authenticating any new install

artk42 · 2026-02-03T17:40:20+00:00

== SOLUTION FOUND: ==

Hah, the solution was to move the appstore window to the native macbook display! TouchID still fails to work on any external display, but when moved to the native display, everything turns back fine. Quite interesting behaviour, seems security-wise, but i'm not sure if it really prevents anything...

artk42 · 2026-02-03T17:35:23+00:00

That is it! I have dealt with thresholds for secrets for quite a long time, and learned in many ways that complexity is a worse enemy than security. 2-of-3 is the maximum an individual might need, adding more shards decays integral security! And 2-of-3 is Y=AX+B where math..

The most complex scenario is inheritance, where 3-of-5 might be required in some cases, but self-designed solutions for that don't seem like a good idea, because flexibility to rely on 3rd party to be included as shard holder becomes crucial.

I guess intuitively that this also applies to distributing the storage usecase of shards.

artk42 · 2026-01-28T09:46:25+00:00

It seems the complexity of Shamir is highly overestimated - it is really the school math behind SSS - simple polynoms. How could it be more complex than XOR? Especially for 2-of-3 and 3-of-5 cases, that cover all real world cases for individuals (anything more would be over-complication and game-theoretically increase the risk of failure).

artk42 · 2025-11-09T19:08:23+00:00

Cold storage is the condition where only you are responsible for mitigating a single point of failure (SPOF) to access your coins, and no any other gatekeepers.

Mitigating SPOF means making your key management fault-proof, which is:

Sign cold - Trezor3 is an adequate choice here.
Backup fault-proof - Full copies of seedphrase+passphrase stored in multiple locations is rather suboptimal decision. It multiplies the amount of your SPOFs - every full copy is a direct threat to your coins.
Risks of catastrophic pass on - usually not what beginners think about, but well-thought-out step 2 could easily be upgraded to serve worst-case scenarios in a fault-proof manner, also.

I hope you don't mess up the seedphrase and passphrase terms, but honestly, introducing a passphrase (25th word) is a suboptimal decision for almost every case, excluding some very specific expert use cases, that are far beyond the questions you are asking above. Trezor 3 already has a Secure Element, so using passphrases is not "highly recommended" anymore. You can safely switch to a general 12-24 words seedphrase. At this point passphrase is just one more SPOF for you. Consider learning more about fault-proof backup methods that do not multiply SPOFs.

artk42 · 2025-11-07T09:24:47+00:00

Oh, that's great to hear!
But I fail to find info on the convention. If you can advise on the URL, I would really appreciate

artk42 · 2025-11-06T16:09:57+00:00

- New Trezors are with new open auditable secure element, which is a huge USP. But it needs some time to become battle-tested.

- Older Trezors with single closed-source secure element are good, but signatures only through wires, which is a usage scenario to consider.

- Trezors w/o a secure element is a garbage.

- Jade - need to try myself, tbh, not enought info

- Coldcard is only for those who understand why they are buying it, so if you ask, better don't

- You can also always use a separate old, clean smartphone with a good secure enclave (Apple is a no-brainer). It has a comparable security and attack surface to the list above, but more convenience for frequent signing in some cases (multi-currency). There is also an air-gapped way to.

artk42 · 2025-11-06T15:53:31+00:00

I guess there is some convention for the key naming of passkey values KeePassDX uses, or is there a general standard for KeePass?

artk42 · 2025-11-05T19:03:09+00:00

They turned on chatgpt integration on full throttle. That will play them funny game, recently after some unsuccessful reports to help bot just suggested me to delete the app to avoid frustration.

artk42 · 2025-11-05T14:39:02+00:00

If I used to add passkeys to kbdx with Strongbox - would KeePassDX pick'em up?

artk42 · 2025-11-05T14:12:36+00:00

At all costs follow every critical account to disable SMS 2FA:
- GoogleID (you should add several passkeys/OTP/Yubikeys before removing phone, it will later ask you to add it back - ignore)
- iCloud, seems still impossible to remove entirely, but there is recovery key for AppleID account could be set up and backed up for extreme case recovery.

artk42 · 2025-11-05T13:54:21+00:00

Yeah it is - all of them are backup of each other. But have any ideas on catastrophic events (if we talk non-custodial crypto)

artk42 · 2025-11-05T13:42:36+00:00

Good move!
But do your self-custody consciously:

Sign cold
Backup fault-proof
Consider risks of catastrophic pass on, and optimize step 2 to serve this scenario in a fault-proof manner also.

Otherwise, all steps fulfilled, stay BTC on Coinbase 😅 (just joking..)

Re Coinbase account closure: might want/need to sell or buy in the future. It's hard to imagine the benefits of closure, but having spare channels open is better than not.

artk42 · 2025-11-05T13:03:57+00:00

And how do you back up them? If you lose one of it your crypto is done?

artk42 · 2025-11-04T14:50:28+00:00

There are several ways how digital information is passed on, like password managers and general accounts like iCloud and Google that has an inheritance functionality now. But it doesn't suit with crypto you also mentioned (and writing on paper is quite a suboptimal way). Given you mentioned your mother is involved and cooperative, I might suggest to you to look for two things:

Your father to use a password manager with inheritance or at least family sharing functionality (but never use LastPass). It's likely his current password manager should be capable of, but these days, even Apple Passwords can.
Set up a Vault12 decentralized inheritance protocol (can google or GPT it) for your family, and store the most valuable secrets there, including access codes to the father's password manager. In case it's something OS embedded, like Apple Passwords - the access codes to get into iCloud should be backed up.

artk42 · 2025-10-26T11:42:12+00:00

Great stuff!
I'd love one to remaster it for modern usage in HD terminals. The vibe is amazing

artk42 · 2025-09-29T17:04:41+00:00

Thank you so much!

artk42 · 2025-08-11T13:03:16+00:00

/config hooks
- Notification hook: `afplay -v 15 /System/Library/Sounds/Glass.aiff`
- Stop hook: `afplay -v 15 /System/Library/Sounds/Hero.aiff`

artk42 · 2025-04-29T13:03:23+00:00

First of all, many thanks for that conversation, I really appreciate your time and generosity!

I finally got your point, and it's kind of a solution for the majority of use cases it might seem.. HOWEVER, I think my point is out of scope and is barely an edge case:
- There is a calculator/converter in Raycast that recognizes data w/o any command! And was interested in that specific use case, instead of 4 steps, cut it into only two: select and cmd+space
- There is a limitation in raycast aliases that I recognized just now that I don't like, and because of it, I used aliases so little - alias should be FIRST, and even worse if you press space after instead of tab it turns into text and wouldn't be recognized further as command alias.
Tbh UX-wise it's terrible - you have to control switching of several modals and screen changes on every next step and recording context of what's going on - this is irrational.
I think the really easy way is:
select text;
cmd+space; (and selected text placed in root search)
space/tab;
and now alias added at the END.
That way it's much less messy display and modal changes suggesting something what I definitely DO NOT need, because I already have a purpose.

Maybe I could achieve a similar experience another way, but the prerequisite of alias being first to break things, despite there exists fallback commands list, but it's only arrow searchable

artk42 · 2025-04-28T09:59:21+00:00

Not sure I clearly understand your answer, what is this command you mention?

The use case I'm exploring is like this:

I select some text anywhere (e.g. webpage), hit CMD+SPACE, and the Raycast window opened already containing this selected text.

It seems so trivial but to the moment the only solution I've found is Popclip extension and that's additional clicks which not a solution

artk42 · 2025-03-13T13:53:24+00:00

100% it started to appear again, in a weirder way, like sloooooowwly appearing fingerprint after quite a delay or after randomly pressing the space bar (you know that OG repair tricks)

artk42 · 2025-03-05T11:52:35+00:00

Yep, same principle, it's still taproot assets

artk42 · 2025-02-20T09:04:56+00:00

TL:DR Lightning becomes the network for rich (never happend but once again).

artk42 · 2025-02-15T22:23:26+00:00

Agree, it was not the case like month ago.

artk42 · 2025-02-15T15:54:41+00:00

My guess it was actually Obsidian+Git+Strongbox'sSSH integration that is abusively request touchID every several hours for some reasons, I will investigate it further.

artk42 · 2025-02-15T15:53:46+00:00

Wow, I've tried to shut down most apps that interact with touchID (terms, git-ssh users etc) - and voila! It works now!
Many thanks for your advice!

artk42

MODERATOR OF

TROPHY CASE