What’s everyone up to? 🤔 Good weekend so far? 🤔
@bender@twtxt.net Or Traefik but yeah 👌
@thecanine@twtxt.net Gotta pay for that ~$250k/day price to run those many thousands of NVIDIA Telsa cards somehow 🤣
@abucci@anthony.buc.ci Can’t use Let’s Encrypt? 🤔
@bender@twtxt.net I didn’t know that, thanks! I generally don’t use the password manager on iOs or macOS even for that matter though, but thanks 👌 I do however recommend it to family/friends (but with iCloud turned off for obvious reasons)
@eapl.me@eapl.me The reason I was asking was specifically @fachex@twtxt.net mentioning another open source OTP app that’s been audited and verified. So was thinking of switching out the OTP app I use on my phone 🤔
@thecanine@twtxt.net Agreed, I find it rather ironic really. First Microsoft stole everyone’s open source works, without asking, without acknowledgement, Now they’re giving CoPilot free to use to all those they stole from?! 🤦♂️ LIke da fuq?!
@abucci@anthony.buc.ci Yeah I feel the same way. On both points 👌 I find it ethically immoral to use CoPilot specifically.
@thecanine@twtxt.net Aren’t they just pretty dumb thougj? 😆
How is everyone finding GitHub CoPilot? 🤔 Good / Bad ? 🤔
@lyse@lyse.isobeef.org Always admire where you live 😍
Is FreeOTP any good? 🤔
@shreyan@twtxt.net Yeah gokrazy is pretty cool 👌
@yakumo_izuru@tsuki.chaotic.ninja Just don’t enable it? 🤔 It’s feature gated.
@yakumo_izuru@tsuki.chaotic.ninja Okay okay 🤣 Are you able to contribute in this at all and help cut some code? 🙏
@eapl.me@eapl.me This is actually pretty cool 🤔
@movq@www.uninformativ.de That is pretty cool 😍
@osnews@feeds.twtxt.net Hah did not know this 😆 But am also not surprised 🤣
@yakumo_izuru@tsuki.chaotic.ninja Which issue in particular? 🤔 The API one?
@cncf@feeds.twtxt.net How about less complexity?! 🤣
@shreyan@twtxt.net It still buggy as hell but I’ll get it working and all the bugs fixed 😆
Huh hey @lumen@tw.lumen.pink I didn’t even notice you run a Yarn pod 👌 Whot! 🥳
@mckinley@twtxt.net Nope.
And done! prologic/objects: Objects is an object storage server (using a directory as backend) with a AWS S3 compatible API written in Go. - objects - Mills 🥳 Simple, but it works, anda very lightweight! 👌
Time to write my own S3-compatible Object Storage server 🤣
@movq@www.uninformativ.de I mean yeah I totally get that syncing the TOTP seeds is a horrible idea. It defeats the point of a second factor and “something you have”. 🤦♂️
@abucci@anthony.buc.ci Can you recommend one?
Of course, never ever use Google Authenticator. All it does is generate TOTP and HOTP codes, which you can do with any OTP app, preferably an open source one that’s been vetted.
I’ve been using Google Authenticator for years, but it never had this “sync” feature until recently 🤦♂️
Also kind of curious how syncing to Google servers made this attack worse? Not that clear from the article 🤔
Wow !!! 😱 Those sneaky little shitheads!!! Google are unconspicious lying sons of notches 😢 When da fuq did they sneak this feature in?! I didn’t even notice this was a thing from a recent upgrade of the app (Authenticator) 🤦♂️
@darch@neotxt.dk Yup 😅
@darch@neotxt.dk It’s called “test in prod”™ 😅
@lumen@tw.lumen.pink Hey! 👋 Welcome back! 👌
yarnd password change function is insecure by design and should be fixed 🤔
@lumen@tw.lumen.pink Ahh good to know, so less likely to worry about 👌 (hijacking sessions that is)
yarnd password change function is insecure by design and should be fixed 🤔
@mckinley@twtxt.net Agreed!
@lyse@lyse.isobeef.org 500 Internal Server Error for me 😢
@lyse@lyse.isobeef.org Oh wow that’s such a lovely shot! 👌
@abucci@anthony.buc.ci Time to build a modern NNTP with a decent interface? 🤔
yarnd password change function is insecure by design and should be fixed 🤔
@lyse@lyse.isobeef.org Yeah true! Um not even sure how realistic hijacking’s a session really is? 🤔
@xavavu@twtxt.net Cool 👌
yarnd password change function is insecure by design and should be fixed 🤔
@lyse@lyse.isobeef.org Well basically if you try to reset your password today, it assumes you are a) logged in and b) you are who you say you are. There is no verification of your old password, no identify verification. So if somehow someone managed to hijack your session or something…
@xavavu@twtxt.net It sure does 👌 Also I haven’t seen you around here before, welcome to my pod 🤗
@bender@twtxt.net I have to agree actually from a use ability perspective 😍
Hmm noting that yarnd password change function is insecure by design and should be fixed 🤔
@lyse@lyse.isobeef.org 😱 I would never have guessed that!!!
302 to send me to https://fit.eapl.me/sign_in.php. Why? It also says nothing about what it is. Finally, my phone does all that, and more, automatically; why would I come to the web to record anything?
It sync via Bluetooth to my iPhone
302 to send me to https://fit.eapl.me/sign_in.php. Why? It also says nothing about what it is. Finally, my phone does all that, and more, automatically; why would I come to the web to record anything?
I use Apple Watch and it record things like this automatically and so much more!
302 to send me to https://fit.eapl.me/sign_in.php. Why? It also says nothing about what it is. Finally, my phone does all that, and more, automatically; why would I come to the web to record anything?
