Back in college (~2008) we implemented this with a 7 foot tall back-projected screen and a couple of Wii remotes after seeing Johnny Lee’s video. The nice thing with that screen was that you could stand so close to it you couldn’t really see the edges.
We had as many people come test as we could, and we found that 90% of them didn’t get a sense of depth, likely because it lacked stereo-vision cues. It only worked for folks with some form of monocular vision, incl myself, who were used to relying primarily on other cues like parallax.
However, DBSC as an API and protocol is similarly agnostic about key storage. There is no attestation and the User Agent is fully responsible for selecting key storage that provides the best protection.
> why they don't have TLS try and always create a client certificate per endpoint to proactively register on the server side
That is effectively what Token Binding does. That was unfortunately difficult to deploy because the auth stack can be far removed from TLS termination, providing consistency on the client side to avoid frequent sign outs was very difficult, and (benign) client side TLS proxies are a fairly common thing.
Services can certainly make this safer by providing means to get more restricted credentials, so that users can deputize semi-trusted delegates, such as agents vulnerable to injection.
The important point being made in this discussion is that this is already a common thing with OAuth, but mostly unheard of with web sessions and cookies.
This is a very good point, and one the DBSC team thinks about a lot.
In the short term it's about economics: Infostealer malware today scales really well because it can a) exfiltrate cookies quickly and clean it self up, mostly evading any client based detection, and b) sit on large stashes of long-lived cookies and carefully "cash them in" in ways that evade server side detections.
A short-lived cookie forces different behavior for b, which we think will make it more detectable server side, and binding in general will force malware to act more locally, which will make it (far) more detectable locally.
In the long term, DBSC also is designed so that the session management and key registration is somewhat decoupled from that short-term cookie business. If and when we can sign more often (perhaps every request), I believe the DBSC API will still be useful for websites to manage the session key and lifetime.
There are many sailing schools around SF, but one that stands out is https://www.cal-sailing.org/ - as it's by far the least expensive and low-commitment option to get on the water, and they have dinghies in which you'll learn very fast (but also get wet). Instructors are regular volunteer club members and mileage may vary, so make sure to go out with a few different ones.
Another good way to get started is to find crewing opportunities for casual racing on https://www.latitude38.com/crew-list-home/. Many skippers will take no-experience folks out for fun. (It may take a couple of attempts to find a skipper/crew you enjoy hanging out with)
I found CSC friendly but basically the boating equivalent of opening the encyclopedia at random and reading -- whichever instructor I ended up with would just decide what he wanted to teach/do that day, no structured curriculum. Presumably one could eventually learn enough to pass the test and be able to take dinghies out yourself, but I didn't have the patience--I bought my own and learned more in 30 minutes than I ever did at CSC
If you want to learn how to sail and actually how to sail as the person in charge, you need to be in a dinghy. Its small enough that every thing you do will affect the course and speed, you can feel every little difference and nobody else will confuse the issue by moving or changing anything without you noticing. Sure, having instructors around giving you tips is necessary but you are doing it and the feedback is immediate.
TL;DW: The apparent tone shift is a result of interference from a bounce-path echo (from the ground) to the listener of the white noise emission of the aircraft, rather than expected doppler effect. This can be experimentally verified several ways, e.g., changing the bounce length (by moving closer or further from the ground) or by monitoring similar noises of known origin near an acoustically-reflective surface.
Garfield is certainly (meant to be) real, but I've never seen a strip that confirms that Jon can actually hear Garfield's thoughts. I think that's why Garfield minus Garfield works so well.
We had as many people come test as we could, and we found that 90% of them didn’t get a sense of depth, likely because it lacked stereo-vision cues. It only worked for folks with some form of monocular vision, incl myself, who were used to relying primarily on other cues like parallax.