toastal @ toastal @lemmy.ml

https://toast.al/

---

Read more

Posts

5

Comments

1,342

Joined

5 yr. ago

These passkeys want to be unique per site/services & many hardware tokens only have a handful of slots for storage which means such dedicated don’t really work & storing them on say your laptop with your other passwords probably isn’t ideal with Keypass. Many security experts don’t see the advantage over a good hardware token + unique password. Like Big Tech trying to reinvent XMPP with RCS, I feel they are trying to do the same with passkeys so they benefit them.

Based on FIDO Alliance and W3C standards, passkeys replace passwords with cryptographic key pairs. These key pairs profoundly improve security. -- https://developer.apple.com/passkeys/

Based on FIDO2/WebAuthn but unlike them, passkeys are those things Apple & Google have been pushing that live on their servers + one specific device in its secure enclave you as as a user aren’t allowed to look into. FIDO2 is usually tied to some USB security token.

What is wrong with good ol’ TOTP & FIDO2?

Then seed it on Soulseek as a webrip

I don’t mind a ‘phone call’ so long as it isn’t actually using a phone number where ISPs can spy, but using some encrypted service.

I’m always a sucker for a Philly cheesesteak, but a Midwest-style stromboli is something I haven’t had in years & have been craving.

Doesn’t help that those low-quality ingredients are the ones that line the freedom section in foreign supermarkets fueling the stereotype… not that it isn’t a warranted stereotype since this is what they feed the folks in public schools

Early 90’s what? You mean early ’90s?

The $2 meal deal, kept me alive in college. Sounds like I couldn’t even get the tiny Doritos bag for $2 now.

I wrote a TamperMonkey script. 😅 I needed to so I could use my password manager. How dare I.

Should be a general web dev usability note: always aim to make your code to be friendly for scraping & userStyles/userScripts. If a client isn’t updating shit, at least users can easily fix things. This is also another point against this Tailwind-only trend since you tend to lose anything semantic in the DOM & have nothing to select on.

Software dev was nicer & easier + digital art tools being more than servicable (where Adobe had just moved to a subscription service in 2013) while the philosophy matches my own for privacy & freed. I don’t like compromising on that philosophy unless absolutely necessary or being cost-prohibitve (where convenience is a low priority). In 2016 after seeing the Nvidia 10 series GPU numbers (still primary GPU ha), I built a new PC & vowed that this wouldn’t be a dual-boot machine, & the rest was history.

All the code is hosted on GitHub. Clone it, build it, and join our Discord if you want to collaborate on it! We're looking forward to seeing you there.

So much for freedom when everything is done thru proprietary services under US jurisdiction.

skill issue

I don’t understand how. Snikket is fully boxed up & preconfigured for the lazy, & offers straight-up hosting for the the even lazier.

I say lazy since setting up ejabbered is already easy to set up with sane defaults, a web admin UI, & availability in like every package manager.

My bank disables paste as has code checking if the browser is greater than Netscape Navigator 4.

Snikket exists for this type of user. If money is an issue, since XMPP is actually lightweight unlike Matrix, you can host multiple things even on the cheapest VPSs so it isn’t dedicated to one taskl or self-host out of your home (which is what I do, but also with some small sites, a feed aggregator, Mumble, terminal sharing, Darcs/Pijul version control systems, & Nix remote builder).

Honestly that was the initial appeal. Grandma didn’t notice or care that the old SMS app was hidden & just thought there was an update. That ignorance meant she was talking in an encrypted fashion where possible even if accidentally. And since you will need a SMS app anyhow for OTP & other one-off notifications, might as well have it all in one spot. The fact it is different is probably more confusing to some users.

And without that appeal, the missing server code history, the US government funding, centralized service, the requirement of a SIM card (which many places now require ID to get so they can register you in a database), as well as the requirement of bowing to the mobile duopoly (can’t use the service if you have a KaiOS, Linux, or other phone—or without a phone), I don’t know there is much of an appeal. In hindsight, I wish I hadn’t gotten my family on it since I would love to ditch Android.

Depends. Since this is seen as an out-of-band coms option for work, there is a good chance you will want encryption for only folks in the room either for accidental company secrets leaked or to shit talk folks outside the room. IRC, the best you get is TLS.

…to which for privacy reasons your team shouldn’t like SMS, Discord, Telegram, Slack, and probably even Signal (somewhat for privacy, & more for accessibility)

Also, if this comment looks wrong, your app’s comment parser is incorrect. (Also Markdown sucks)

You won’t find my filter list on there for obvious reasons: github-less-social The https://git.sr.ht/~toastal/github-less-social/blob/trunk/aggressive.txt file really cuts a lot of the crap out of Microsoft GitHub.