C33

Bret Taylor, whose career in tech can only be described as prolific, has stepped down as co-CEO of Salesforce.

Salesforce said Wednesday that Bret Taylor will step down as co-CEO on Jan. 31, leaving Marc Benioff alone again at the top of the cloud software company he co-founded in 1999.

Benioff closely embraced Taylor, who joined the company in 2016, when he sold his productivity software startup Quip to Salesforce. … His departure is surprise considering how rapidly he climbed the ranks and gained the trust of Benioff and the board. Two months ago, Benioff and Taylor were speaking together on stage at the company’s Dreamforce conference in San Francisco. … The announcement also calls into question Benioff’s ability to work alongside someone with an equal title.

I Gotta Feeling that Benioff is already working on his next co-CEO: Will.i.am. Does that make any sense? Of course not! But that rarely stops any technology company getting involved with Will.i.am, so why start now?

David Sparks, of MacSparky, is wondering where his passkeys are now that iOS 16 and macOS Ventura are out.

With Apple’s latest round of updates, we’ve got a new password feature that lets your computer manage passwords for you in the background. … I’m curious, however, as to when Passkey websites will start showing up. So far, I’ve seen none. For this to work, websites must adopt some new backend technologies, and everyone is now waiting for that to happen. Are website developers untrusting of the new technology? Do they want to see others figure it out first? Do they need the budget for these changes? I expect it is all of the above.

I don’t think developers as a whole are distrusting or in need of inspiration when it comes to implementing passkeys (aka WebAuthn), but there are good reasons why we didn’t see the market flooded with passkey announcements.

Here are my theories speaking as both a developer, and someone who is responsible for a product pipeline:

1. Security is hard and should be adopted slowly.

Every app has password authentication code, and rarely does anyone want to mess with it if it’s working and secure and that’s a good thing. Security should move slowly so it’s been vetted and is ready to go before it’s out there in the world protecting your banking account.

That’s not to say that PassKeys / WebAuthn is some new bleeding edge tech. It’s not. In fact how it works is very familiar to developers who use SSH keys, but the web or app implementations are new and it’s good that no one is rushing it.

2. Waiting on libraries and browser support.

It sucks to release a feature that isn’t supported everywhere. It’s huge that Apple has gone all in on this, but they aren’t the only player and there needs to be some catch up with other browsers, platforms, and apps for things like passkey synching.

Same with web and app libraries that developers use to implement technologies like this. Libraries are important as you can’t expect every small app or web site to write their own implementation. There are some WebAuthn libraries, actually there are a ton, but once the community rallies around one or more of them and polishes them to the point where implementation is easier you’ll see adoption rise.

3. It doesn’t replace legacy password code.

Let’s say you and your development team spend some time and implement a fantastic implementation of PassKeys for your app. Can you get rid of the old password code? No because of people with legacy accounts…or because some people don’t want to use PassKeys…or even more people have never heard of PassKeys. That means you need to have the old password code, and the new PassKey code, along with a new flow so that users can use either route, and probably some UI to explain PassKeys, oh and you’ll need a path to convert a password user to a PassKey user. Anything else? Probably!

The point is that PassKeys are additive for every app out there and that means even more work and more support than just adding PassKeys.

4. It’s the end of the year.

PassKeys are cool, but do you know what’s cooler? That feature that your users are dying for that might make you more money. PassKeys aren’t going to the the focus because of all the other reasons above, but especially because right now the devs are crunching to the new feature that someone wants out “by the end of the year”.

–

Don’t worry, David. PassKeys and WebAuthn are coming, but it’s going to be slow and that’s a good thing for everyone.

No Starch Press has once again worked with Humble Bundle to release a Hacking bundle which is a hell of a deal and raises money for a good cause.

We’ve teamed up with No Starch Press for our newest bundle! Get ebooks like Hacking APIs, Bug Bounty Bootcamp, and The Hardware Hacking Handbook. Plus, your purchase will support National Coalition Against Censorship!

On a side note, how does every one collect, search, and read ebooks? I’m a sucker for these bundles, but I haven’t found ebook software that really works for me to curate my ebook collection and read them across my devices.

Going forward there will be a new post type on C33: The Link Post.

This change won’t make much of a difference to readers, but will allow me to post more frequently and comment on various items that aren’t worthy for a full post.

Link posts will show on the home page (but not in related or featured story lists) and their headlines will link out to the external referenced source. For example, this post links out to the excellent, but still on sabatical, Kottke.org’s link archive.

That is all. Expect more of these kinds of posts going forward!