Wily raconteur

hardware review CTAP2.0 SKU: do check the note below April 2026  ·  Arch Linux 6.18.21-1-lts  ·  libfido2 1.16.0  ·  systemd-cryptenroll  ·  Security & authentication The ATKey.Pro from AuthenTrend is a FIDO2 hardware security key with an onboard capacitive fingerprint sensor. This review tests the device thoroughly on Linux and is quite explicit about what was verified by direct command output, what was confirmed by manufacturer documentation, and what remains genuinely unknown. Important: two distinct SKUs share the ATKey.Pro name The device tested here reports AAGUID e1a96183-5016-4f24-b55b-e3ae23614cc6 , which the FIDO passkey developer registry identifies as ATKey.Pro CTAP2.0 . A separate, newer product (AAGUID e416201b-afeb-41ca-a03d-2281c28322aa ) is the ATKey.Pro CTAP2.1 , which AuthenTrend now sells and markets as "CTAP2.1 compliant." These are distinct devices with distinct firmware beh...

  On Linux, the hard part of building a per-session firewall is not the firewall. It's deciding what "session" means in a way the kernel can match against later, without trusting anything in userspace to have told the truth. pam_authnft is the smallest concrete experiment I could build to poke at that question. It's a PAM session module that binds nftables rules to an authenticated session using the session's cgroupv2 inode as the identity. SSH in, your firewall rules appear; log out, they're gone. No setuid helper, no dedicated shell, no kernel patches. The framing I keep coming back to has four verbs. To give a session, a workload, or any other unit of activity a kernel-visible identity, you have to create it somewhere store it in something durable transport it through whatever subsystem boundaries the packets cross and verify it where the policy decision lives Most of the interesting failure modes come from one of those four steps be...