#indieweb 2019-05-29

2019-05-29 UTC
[kimberlyhirsh] joined the channel
#
GWG
Did you read that site back when it was active?
#
GWG
I recall some interesting articles
#
GWG
Again, moving from a site to Twitter. Sad
[tantek], [chrisaldrich], electronicmaji, rEnr3n, benwerd, KempfCreative, KempfCreative1, [Rose], KartikPrabhu and chrisaldrich joined the channel
#
Loqi
ok, I added "https://wptavern.com/new-github-sponsors-tool-draws-concerns-from-open-source-community" to the "See Also" section of /payment https://indieweb.org/wiki/index.php?diff=61748&oldid=59600
#
Loqi
ok, I added "https://help.github.com/en/articles/about-github-sponsors" to the "See Also" section of /payment https://indieweb.org/wiki/index.php?diff=61749&oldid=61748
#
[Rose]
I presume there is no hosted version of ownyourresponses?
todrobbins, wolftune, [Rose], maze[m], jnoh and snarfed joined the channel
#
snarfed
[Rose]: no, no hosted ownyourresponses, sorry. that would require multi-user support and UI. PRs welcome though!
#
[Rose]
Haha, I think I got it deployed
Guest48409, astrojuanlu[m], afrogeek[m], Salt[m], dazinism, M0x1C3B00DA[m], camb[m], is0x3F, BeS, pniedzielski[m], faulteh, plindner[m], edrex, Dan[m], ejfox, hotzeplotz[m], zoglesby, Matthew[m], maze[m]1, PierreOzoux[m], Guest22714, myfreeweb, grantcodes[m], wakest[m], jgmac1106[m], perflyst[m], ketudb[m], Rixon, taoxvx, jamietanna[m], jee[m], ElMago[m], jaduncan[m], adamz[m], wjh[m], jfkimmes[m], isgy[m], mnzaki[m], kir0ul, nellkate1[m], Xananax[m], steven[m]1, ketudb[m]1, glenn[m]2, infominer[m], Marjon[m], jbove and [tantek] joined the channel
#
sebsel
[Rose] just deploys everything :p
#
sebsel
!meme deploy all the things
cweiske, jihaisse, AkyRhO, swentel and [Rose] joined the channel
#
[Rose]
Of course! I am fearless. And more importantly, I like playing with things.
#
[Rose]
At least, fearless when it comes to installing random stuff on Google's servers.
gRegorLove and sl007 joined the channel
#
[Rose]
Something Sknebel said on Monday has me thinking. Has anyone made a bookmarklet for PESOS?
#
[Rose]
Specifically so you can share highlighted text plus the current URL back to your site via MicroPub.
#
[tantek]
Rose, the /Instagram bookmarklet I wrote and used to use (needs updating) did part of that with getting the image out and creating a post
#
[tantek]
then I stopped PESOSing from IG
#
[Rose]
Ooh, do you have a codebase to share?
#
[Rose]
Because I would be up for rewriting that to be more general.
#
[tantek]
it needs updating since IG last changed their frontend
#
jamietanna[m]
I'm looking at making my h-feed better as for some post types it just has the URL and name
#
jamietanna[m]
However I'm wondering how to do this with long posts ie >500 words, with code snippets, pictures
#
[tantek]
what is a composite stream
#
Loqi
A composite stream is a stream that interleaves multiple types of posts, such as notes and articles https://indieweb.org/composite_stream
#
jamietanna[m]
Would you recommend having the HTML present but hidden, or shown in full?
#
Ruxton
[Rose]: to get all the way to micropub from Bookmarklet might be 'difficult' as bookmarklets have a maximum length
KartikPrabhu, [Ana_R] and jeremych_ joined the channel
#
jeremycherfas
Good morning all
jjuran joined the channel
#
[Rose]
It might be Ruxton! But I want a proof of concept. (And more details are #dev territory)
#
strk
success stories of migration out of WordPress ? (but wordpress is considered Kosher isn't it ?)
jjuran, anotheryou and ejw joined the channel
#
Ruxton
strk: I've been trying to get from WP to Known for a while, but I've been in WP for a loong time and nothing has got me auto-imported well
#
Ruxton
I wouldn't say that WordPress is considered Kosher though
#
infominer[m]
Burn it!
#
infominer[m]
Wordpress i hear is like click of a button to enable indieweb
#
Ruxton
blinks
#
Ruxton
naaah
#
Ruxton
click 10 buttons, step left, pray to W3C, turn right, hope on one foot and you should be almost there ;P
#
infominer[m]
But ive started my webwork journey w static sites and for whatever reason am prejudiced agains WP
#
Ruxton
WP is a great publishing platform, but imo Indieweb methods are really being shoe-horned into it's prcess
#
infominer[m]
Rn trying to understand hugo, coming from jekyll
#
Ruxton
and that's just because WP are doing there own thing all the time
#
infominer[m]
There are a few hugo indieweb themes, and a few dead jekyll themes that have a new life in hugo
#
infominer[m]
Serious work to find a working jekyll theme... seems jekyll was much more popular a few years ago
[grantcodes] joined the channel
#
[grantcodes]
[Rose] omnibear + copy and paste isn't a huge number of steps. Although it is probably not set up for adding the mf2 you might want
#
strk
I'm considering jekyll and hugo, would prefer staying away from Ruby (so Hugo) but need to make sure feeds for the blog are correctly published and URLs stay the same
#
infominer[m]
Well, w jekyll Minimal Mistakes is the gold standard for a modern theme... but github pages supports the feed and redirect plugins, so that stuff can go on any of them you can make work
#
infominer[m]
If im lucky i can tell you how a hugo deploy is in an hour or so
#
infominer[m]
Jeykyll is baked into ghpages tho... so need ci or manual build every change for hugo
#
infominer[m]
Im just a newb that’s found their way to the deep end, tho
#
jeremycherfas
!tell strk I happily moved my personal site from WP first to Octopress (SSG) and then to Grav, and while I still have legacy posts to bring in, it worked fine and I prefer it.
#
Loqi
Ok, I'll tell them that when I see them next
neceve and [Rose] joined the channel
#
[Rose]
Good idea [grantcodes]
[kevinmarks786], mauz555, catsup and [jgmac1106] joined the channel
#
[jgmac1106]
Strk I migrated from WP. I use a mix of pages on my main Domain and Known on a subdomain.... To do all the stuff that I can't build yet
#
[jgmac1106]
Trying out Kirby now and trying to learn to make all the templates for different post types now.
#
[jgmac1106]
... But I did not migrate... Too hard... Just through my old site on a subdomain and then failed to write working redirects
gareppa and [tonz] joined the channel
#
[tonz]
I’m ok with WordPress. Very useful for ‘not first indieweb generation’ type of person like me. (As in happy to tinker a bit, but not into bootstrapping stuff.) Big diff between wp.com (wp as a service) and wp.org (self hosted wp). self hosted wp for me is more or less my sweet spot. Works out of the box, but I can tinker as much as I want. Previously I used Movable Type when that was still a thing. Before that I hand coded static pages in notep
#
[Rose]
If I'd known you used Moveable Type I'd have picked your brains in Utrecht more 😛
#
[tonz]
MT is mostly repressed memories these days 😄
#
[tonz]
I used MT because I met the Trott couple at a blogger conf when they first started building it. Same with WP, got Matt drunk in Vienna when he wasn’t yet of legal drinking age in US, then started looking into his WP which he pitched with a Jazz metaphor at a blogger conf we both attended. Full switch to WP years later, when MT stalled.
#
strk
I'm self-hosting but having to maintain a mysql db just for WP annoys me
#
Loqi
strk: jeremycherfas left you a message 1 hour, 12 minutes ago: I happily moved my personal site from WP first to Octopress (SSG) and then to Grav, and while I still have legacy posts to bring in, it worked fine and I prefer it.
#
strk
jeremycherfas: is Grav still a dynamic one or static only ? I'm after static site...
#
sknebel
Grav is somewhat hybrid from what I understand. Dynamic, but caching aggressively and file-backed
#
petermolnar
Grav is dynamic with files for data storage
#
petermolnar
it's an ideally simple thing
#
petermolnar
but comes at a price of being fairly complex to set up and customize
#
[Rose]
It only gets a DB if you use the TNTsearch plugin which builds an SQLite DB for the search
#
petermolnar
that is fine, I use sqlite for search on my "static" site as well
#
sknebel
(full static of course also means you need to rely on external components for Indieweb features, which WP and others can provide natively)
#
infominer[m]
that's the kicker, 'aint it
#
petermolnar
strk: though it's not for generic public use: https://github.com/petermolnar/nasg
#
Loqi
[petermolnar] nasg: Not Another Static Generator
#
petermolnar
warning though, it's made completely for my own sake
#
infominer[m]
"not for general public use" hehe
#
sknebel
(I'd also ask people to somewhat tone down the dunking on projects, especially if it is just a "I have a feeling it is bad" - detailed factual criticism is of course fine)
#
petermolnar
infominer[m]: I mean there's no install process, the settings file has hardcoded stuff for my own self, etc
#
infominer[m]
did you have some special purpose, or more of a passion project?
#
petermolnar
both; there were things nothing of the existing stuff addressed, eg. geo and lens data from EXIF from files, plain text alternative, gophermap (this one is only for fun though), and a set of other things
#
infominer[m]
it seems like so much work to be skilled enough to have the motivation to do that much work
#
[jgmac1106]
Yeah just as much passion and hobby as it is skill
#
[jgmac1106]
Many have the skill but still enjoy a more out of the box experience... Others lack skills but have drive (and privilege of time) to keep hacking away at almost working solutions on their site
#
infominer[m]
I'm on the second team
#
[jgmac1106]
I am enjoying my experiments with Kirby last two weeks but for me more about upping my PHP skills
#
[jgmac1106]
Kirby is neat at its like Grav not an SSG but no database with everything saved in text files
#
[jgmac1106]
Not as many IndieWeb Building Blocks... I do enjoy using Known. As a CMS it just works
#
infominer[m]
does gitlab or anyone else have a service competitive with gh-pages, with SSG enabled code repos?
#
[jgmac1106]
jgregorymcverry.com is my main domain.. One day I hope to fold in all the building blocks there but I need way more skills
#
infominer[m]
that helped a lot I think, to start... since it was just some files in a repository I had to figure out, before i ever had to consider how the application works on the CL
#
[jgmac1106]
Not familiar with GitLab. How different is a repo owned by Microsoft and another company hosting all their repos on Microsoft Azure? Seems like a choice between 12 donuts or a dozen
#
infominer[m]
i don't know what you mean
#
infominer[m]
I was just saying that the jekyll integration w github made it a lot easier for me to figure out
#
[jgmac1106]
Sorry... Many people rejecting GitHub since Microsoft bought them and then heading to GitLab... Which hosts all their data on Microsoft Azure... If it was a philosophical choice about ownership
#
[jgmac1106]
Ahhh yes that is nice
#
[jgmac1106]
You might want to check out microblog then as well
#
infominer[m]
yeah, I get that the concern w MS
#
[jgmac1106]
A it is turnkey so it just works but you can customize to hearts content
#
infominer[m]
but they are one of the nicest huge scary tech companies we got right now
#
[jgmac1106]
Yeah loving new Microsoft
#
[jgmac1106]
Now that they include a native Linux kernel won't be long till they simply drop the windows kernel.....
#
Zegnat
GitLab does have a Pages feature. But it may just be available on their paid plan? Not actually sure.
#
infominer[m]
i was looking at taht microblog site.. but faded away at a monthly sub.. then faded back in when I realized I wasn't required to subscribe
#
Zegnat
Part of me seems to recall you can auto-deploy to Heroku from both GitHub and GitLab. So if you can get that working, it doesn’t matter what repo hosting you wish to use
#
Zegnat
But you’d have to look that up, or ask people who know more about Heroku. voxpelli might know, he runs a public service on there
#
infominer[m]
yeah, that was pretty dumb, imo.. "lets run linux on top of windows" unless thats a segue to replacing windows core
#
[jgmac1106]
Yes subscription model versus ad supported... Developers have to eat. Do wish there was annual pricing
#
infominer[m]
yeah, I'm not mad about it... i'm just really frugal, and can't do subs
#
[jgmac1106]
But microblog also evolving into a great social reader and you get a well curated community for $5 a month
#
[jgmac1106]
Me too... I miss my subscription... Also why I haven't done paid Kirby yet. I need to save up the $115., take a month or two
#
infominer[m]
I will keep tinkering away, for now... speaking of which... ;)
#
infominer[m]
cool lookin' site tho
#
infominer[m]
built by hand w your built by hand ssg?
#
[jgmac1106]
Kind of. I wrote all the HTML and CSS but use Glitch as kind of a CMS
#
infominer[m]
I'm struggling w that foliage in your profile picture
#
infominer[m]
az\ca looking mountains
#
infominer[m]
I guess those plants could b cali or nm\az even..
#
[jgmac1106]
Kuaui actually
#
infominer[m]
yeah, I was figuring something more along those lines
#
[jgmac1106]
Should update image that's a 12 year old pic from my honeymoon
#
infominer[m]
heh
#
[jgmac1106]
Best of luck. If you can't make summit in person show up as a remote attendee
#
infominer[m]
oh cool!
#
infominer[m]
idk even about it
#
[jgmac1106]
What is summit?
#
Loqi
IndieWeb Summit 2019 is June 29-30, 2019 (Saturday & Sunday), in Portland, Oregon; the ninth annual gathering for independent web creators of all kinds, graphic artists, designers, UX engineers, coders, hackers, to share ideas, create & improve their personal websites, and build upon each others creations https://indieweb.org/Summit
#
GWG
Think of it like the mother of all Indiewebcamps.
#
infominer[m]
cool stuff! I should have a couple web-pages talking back and forth to eachother by then
#
Zegnat
talkingwebpages++
#
Loqi
talkingwebpages has 1 karma over the last year
#
infominer[m]
hopefully...
#
infominer[m]
indieweb solves a few real problems for me, cause I keep building all these websites.. for now they all live on the same domain...
#
infominer[m]
but it will be super to send info from one to the other. "on the go" so to speak
#
[jgmac1106]
If you like node.js check with [grantcodes] that's how he rolls (I think), jacky does Elixir, Dimitri uses Go, Jeremy on Grav, Marty on Hugo, and then those who write a CMS, pretty much a direction for any learning path
#
[jgmac1106]
You can go to #dev and ask about micropub then to send content between sites
#
[jgmac1106]
Morning Zegnat
#
Zegnat
Hellow
#
[jgmac1106]
Always welcome folks to Team Known.. But sounds like you want something more static(ish) with no database
#
infominer[m]
yeah i'm sticking close to the ground... and am lost at that part where I click the heroku button and life is supposed to happen haha...
#
infominer[m]
oh wait, it was not heroku, I remember, but I didn't have the right html snippets.. but for real I followed instructions on 20 different sites, and had so many code snippets and rel=me everywhere
#
infominer[m]
so that's why I'm hoping to find a theme that "just works" so that I can dig in and figure it out in a working implementation
#
[jgmac1106]
Okay when you need specific help head to #dev and people smarter than me can offer advice
eli_oat joined the channel
#
infominer[m]
Well, ive been trying to figure out if i can use freenode w my vpn somehow... because i havent been ablr to access the dev channel via riot
#
Zegnat
We have people in the dev channel using the Matrix bridge. Do you get any specific errors?
#
infominer[m]
no channel found when i type for it
#
infominer[m]
uploaded an image: ima_5617d8b.jpeg (77KB) < https://matrix.org/_matrix/media/v1/download/matrix.org/ufkgHQbUQPelbbHnVXyruaYK >
#
infominer[m]
Wheel of doom (ios)
[Rose] joined the channel
#
Zegnat
Does that search field actually search through all the Freenode-bridged channels? Note that matrix runs a special bridge towards IRC that enables the cross-network chats
#
infominer[m]
Idk, i just clicked a link and appeared tada
#
infominer[m]
But im guessing that is the problem
#
[jgmac1106]
Yeah I have the worst luck searching for channels in matrix
#
infominer[m]
uploaded an image: ima_7ee5058.jpeg (39KB) < https://matrix.org/_matrix/media/v1/download/matrix.org/FWPBqgTitceVqrzSKcJhHOJO >
#
infominer[m]
Idk if that helps
#
[jgmac1106]
Have to go to wiki for direct link... Even when I type the exact name no channel is found
#
Zegnat
[jgmac1106]: the problem is we only have a direct link for the main channel. And it doesn’t look like anyone has done a write-up on how to join the other channels
#
infominer[m]
Yeah i have the same problem on desktop
#
[jgmac1106]
[tonz] speaking of BloggerCon would love to bring back some of the research to Summit... Maybe just posters on open data and blogging/social media topics
#
[jgmac1106]
[Zegnat] I will work on it as I need to redo all my channels since they released an emergency new app due to security concerns
#
[jgmac1106]
It's an interesting historical tidbit to watch BloggerCon go from research from start to 2004 and then come back in 2006 and just be about SEO and facebook
#
infominer[m]
I didnt find the answer there, not specifically for connecting to dev via riot
#
Zegnat
[jgmac1106]: if you can document using chat over Matrix/Riot that would be sweet! Just add to /discuss. Also nice for new people showing up to events when they do not have to install IRC if they do not like the experience.
#
Zegnat
infominer[m]: yeah, that’s what I mean, we do not have any information there. There is only the 1 Matrix link that supposedly takes you straight to this channel
#
infominer[m]
Yeah and i shudder at moving to sl###
#
infominer[m]
But i would if thats what must be
#
infominer[m]
Im glad we had this talk, i was kinda embarrased to say i dont know how to use this chat app
#
[jgmac1106]
I kind of have to infominer as my wireless blocks IRC and could not find an IRC client that wasn't a resource hog when looking for a connection
#
[jgmac1106]
Trying to use matrix more as I set communities up with that as chat...
#
[jgmac1106]
@schmarty is big matrix user... I think...
#
[jgmac1106]
But then Slack (and too many other chat clients) open for work or other Open Source communities so I hop back and forth between activite windows
#
infominer[m]
just gonna throw this out there... I came across this:
#
infominer[m]
really simple way to make a github portfolio\blog...
#
infominer[m]
it would be so cool to see some indieweb contributions
#
infominer[m]
would love to get indieweb code in more "default solutions" like Minimal Mistakes is a super popular jekyll theme
#
infominer[m]
that will be my mission once I figure this stuff out... if no-one beats me to it, try and get integrated w some widely used themes
#
Loqi
[indieweb] blank-gh-site: Setup a simple new indieweb site on a domain name in mere minutes with this project.
#
Loqi
[indienews/de] New post: "The rise of the IndieWeb" https://notiz.blog/2013/06/18/the-rise-of-the-indieweb/
ejw and [kevinmarks786] joined the channel
#
[kevinmarks786]
I have set up Hugo on GitHub pages a couple of times - make the generated folder the shared one
#
[kevinmarks786]
So generate the site in /docs then make that the gh pages origin eg https://github.com/kevinmarks/stopbrexit?files=1
KempfCreative joined the channel
#
infominer[m]
thx! at least I know what my directory structure should look like
#
infominer[m]
a lot less files than I'm used to
#
infominer[m]
I don't get how that all turns into a web-page... seems like hugo has a lot more going on behind the scenes
#
Zegnat
infominer[m]: more Matrix bridge links have been added to https://indieweb.org/discuss#Join_Discussions by [jgmac1106], let us know if you can get them to work!
#
infominer[m]
rn I just have a spinny wheel...
#
infominer[m]
also, you listed dev twice
#
infominer[m]
this is the same thing that happened when I clicked a linkk from the phone earlier
#
infominer[m]
hmm
#
infominer[m]
eventually it took me to a login page
#
infominer[m]
but didn't just pop open the app like I hoped
#
[kevinmarks786]
I run Hugo on my own machine, then check it all in when it's done
#
infominer[m]
yeah, I get that.. I was just saying there are far fewer configuration files\includes etc visible compared w jekyll
[eddie] joined the channel
#
[jgmac1106]
thanks will check the links again...I really can't figure out why some work and others do not
todrobbins joined the channel
#
infominer[m]
yeah, I'm running out of steam or I'd offer a bit more QC feedback
#
[jgmac1106]
i get the spinning wheeel but then I am asked to sign in...using FF DeV
#
[jgmac1106]
checked all the links working for me
#
infominer[m]
that's where I fizzled out cause the thought of typing my password into the manager seemed overwhelming...
#
infominer[m]
even on my phone I probably just needed to wait
#
[jgmac1106]
you do the set up in matrix once and you are done...too many chat clients, now aI need Slack, Matirx, Signal, Telegram, Microsoft Teams all open
#
infominer[m]
yeah... well, I'm using the riot app.. and it didn't grab the link.. so having a browser session in addition to the app was where my too many pulled the stop this am
#
Zegnat
has a full display dedicated to just Slack, IRC, and Outlook
#
infominer[m]
why can't discord just be open source?
#
[jgmac1106]
good idea, then I feel like I could ignore better rather than having umpteen chat windows stacked on top of each other
#
infominer[m]
I would never leave
KapiX, [Rose], [jgarber], KartikPrabhu, [calumryan], gareppa, todrobbins, snarfed, swentel, snarfed1, jackjamieson, wolftune, fourtonfish, [tantek], benwerd, rosemaryorchard, [sebsel], benwerd_, [tonz], [grantcodes] and jnoh joined the channel; strk and rosemaryorchard left the channel
#
[tantek]
[tantek] set the channel topic: Homebrew Website Club TODAY! Next meetups: https://indieweb.org/next-hwc, Code of conduct: https://indieweb.org/code-of-conduct, log http://chat.indieweb.org/today
#
[tantek]
sknebel++ for “somewhat tone down the dunking on projects, especially if it is just a "I have a feeling it is bad" - detailed factual criticism is of course fine” - thank you for that good reminder ❤
#
Loqi
sknebel has 4 karma in this channel over the last year (113 in all channels)
benwerd, snarfed and [kevinmarks786] joined the channel
[Ana_R], [eddie], sl007, benwerd, wolftune, electronicmaji and gxt joined the channel
#
snarfed
jamietanna[m]: looks like that's his micropub endpoint, not webmention
#
jamietanna[m]
snarfed: yep, that's embarrassing, I've been reading it but not seeing that, thanks!
[frank] joined the channel
#
jamietanna[m]
Yeah that's getting better, but now seeing `{"error":"source_not_supported","error_text":"Could not interpret source as a comment."}`
sl007, jnoh, [grantcodes], [schmarty] and [Ana_R] joined the channel
#
[Ana_R]
Hi everyone, I hope this is the right channel.
#
[Ana_R]
So i’m quite aware that I may not contribute much “tech wise” but I realised that there are no translations into Portuguese (https://indieweb.org/other-languages) and I can help with that! - is there any formal process I need to do? I’m a bit afraid of messing up
#
aaronpk
oo cool!
#
aaronpk
The main thing is to use the right language identifier for the page name, and some more tips are here: https://indieweb.org/how-to-start-new-translation Probably better to discuss more of the details in #meta!
fourtonfish, snarfed and leg joined the channel
#
gRegorLove
[Ana_R]++ awesome!
#
Loqi
[Ana_R] has 1 karma over the last year
jackjamieson and [kevinmarks786] joined the channel; leg left the channel
#
[kevinmarks786]
Hm. That site is legacy hosted known, so may have some bitrot
gareppa, todrobbins, [jgmac1106], wolftune and [arush] joined the channel
#
[tantek]
This captures what I had suspected about a lot of FB quits but had not quite figured out the reasons yet: https://twitter.com/lindseywiebe/status/1103722338422583296
#
[tantek]
silo-quit << ORLY (not quite quits, staying in touch via spouse as FB proxy) https://twitter.com/lindseywiebe/status/1103722338422583296 https://pbs.twimg.com/media/D1E1eWcX0AEla5w.jpg
benwerd, jnoh, [eddie] and wolftune joined the channel
#
Loqi
ok, I added "https://security.googleblog.com/2019/05/new-research-how-effective-is-basic.html" to the "See Also" section of /security https://indieweb.org/wiki/index.php?diff=61827&oldid=50712
#
[tantek]
ugh not really interested in "security keys"
electronicmaji joined the channel
#
snarfed
to be fair, they are meaningfully more secure than app-based 2FA like Google Authenticator
#
snarfed
specifically they prevent phishing, which app-based 2FA doesn't
#
[tantek]
snarfed, I would consider a "security key" for *only* the "account recovery" use-case
#
[tantek]
I believe they call it the "break the glass" scenario
#
snarfed
then you're foregoing meaningful phishing protection. but that's your prerogative!
#
[tantek]
no I'm saying I'd rather not pay the inconvenience of carrying a specific physical object
#
[tantek]
and frankly, vulnerability. e.g. expect that CBP could use such a "key" break into all your things
#
[tantek]
frankly, I see that as more likely than phishing
#
snarfed
many people use a small yubikey that they leave in a USB slot in their laptop permanently. i do. that way there's no extra physical thing to carry
#
[tantek]
also that blog post completely ignorant of or deliberately ignores all the folks who are being compromised by SMS account recovery
#
snarfed
and usually you need to use it in addition to a password, not to bypass password, so i don't know that it opens you to CBP significantly more than 2FA
#
snarfed
but for the vast majority of people, hackers on the internet are way more of a threat in practice than CBP
#
snarfed
not everyone, but definitely most people
#
[tantek]
given that other 2FA systems (e.g. SMS) allow account recovery via that second factor, I'd expect yubikey to allow that too
#
[tantek]
usually SMS second factor allows account recovery
#
snarfed
no. yubikey is a device. account recovery is per service. they're orthogonal
#
[tantek]
that's the problem
jbove joined the channel
#
snarfed
regardless, that's speculation
#
[tantek]
I may just happen to know people with targeted accounts (e.g. short usernames on various services) who have been SIMjacked
#
[tantek]
which is speculation?
#
snarfed
that many services let you do account recovery with just security key, no password etc
#
[tantek]
I know for a fact that default SMS 2FA setup on Twitter, IG, and even iOS *also* enables SMS account recovery
#
snarfed
yes, SMS is bad. we know. :P we were talking about security keys.
#
[tantek]
the Google Security post doesn't mention "SIM" at all.
#
[tantek]
but they do admit depending on SMS as single factor: "SMS code sent to a recovery phone number"
#
snarfed
right. again, this is all unrelated to security keys
#
snarfed
i'm talking about security keys in general, not that post in particular. not sure i've read it. checking
#
[tantek]
got it.
#
snarfed
ah, i have, but a couple weeks ago, not fresh in my mind
#
[tantek]
yes the post was May 17 - pretty recent
#
snarfed
anyway, replacing app-based 2FA with security keys adds real protection against phishing. which is meaningful and good. all your other points stand :P
#
[tantek]
and if you're on mobile without security key? sorry if I'm asking an obvious q
#
snarfed
security keys can do USB-C and bluetooth, or if you don't want to carry the thing, you can still use app-based 2FA on phone
#
snarfed
so mobile is no less secure and computer is meaningfully more secure
#
snarfed
(also many auth phone is often in-app and much longer lived or permanent these days, so login happens less often. for most people.)