#dev 2024-04-26

2024-04-26 UTC
ttybitnik, evert1, geoffo, barnabywalters, barnaby and starrwulfe joined the channel
# 09:53 
starrwulfe Came back to webchat just to do this -- [snarfed]++
# 09:53 
Loqi [snarfed] has 55 karma in this channel over the last year (98 in all channels)
# 09:54 
starrwulfe Now where can I complain about Bluesky not giving him a dev award for trying to link up with them and create a bridge Re: https://docs.bsky.app/blog/atproto-grants-recipients
barnaby joined the channel
# 10:54 
[KevinMarks] Tech silos (Google, Apple) have broken the passkey protocols https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/
Guest6, barnaby, [Jan_Tuomi] and gruetzhaxe_ joined the channel
# 12:54 
aaronpk 2 things
# 12:55 
aaronpk The author capitalizes passkeys in the article all over, which is incorrect, and I can't tell if it's intentional or a mistake but either way it's sloppy
# 12:55 
aaronpk they also mention there's no export of passkeys, which is also incorrect since the major vendors are working on passkey export formats
# 13:06 
sknebel "are working on" is not "there is"
okCiel joined the channel
# 13:15 
sknebel (some of the open-source implementations do have exports, in non-standard ways due to lack of standards, which seems to have mostly resulting in vendors complaining about them offering exports...)
Gaspartame joined the channel
# 13:20 
aaronpk The leap from "this thing isn't perfect right now" to "this is the end of x" is not super productive
# 13:22 
aaronpk and yes exporting passkeys in unencrypted plain text defeats the purpose and will absolutely lead to phishing attacks on password/key managers as well as new opportunities for malware
Yami joined the channel
# 13:26 
Gaspartame Hello, I'm looking for a service that would redirect requests to my home server through zerotier-one, does anyone knows if that exists ? (I think it is more or less what is called a reverse proxy) If not, what would be the cheaper VPS to do that, knowing it will use very little bandwith/ressources ?
# 13:29 
sknebel aaronpk: of course its not super productive, otoh "your new fancy auth solution just lost my identity for a service and didnt give me a backup, because backups are a thing for the future" is exactly the kind of failure that makes people not trust it
# 13:29 
sknebel and the industry has generally done a pretty bad job of explaining what exactly is going on with passkeys anyways, outside the "use Apple and trust us" happy paths
# 13:32 
sknebel (and e.g. for most of my devices, the open-source apps would be my path to use, and seeing people involved in the spec more or less threaten that the app I would use will be banned by RPs because it allows exports is ... not increasing my confidence in ever trying to use passkeys)
# 13:35 
sknebel Gaspartame: if you insist on zerotier I'm not aware of anything, over other transports there are probably a few services. VPSes mostly depends where you are and what your tolerance for problems is (ultra-cheap generally means higher risk of random failures, otoh expensive doesnt necessarily mean better)
# 13:59 
Gaspartame @Loki From what I found, Cloudflare offers pretty much this, except with its own client instead of zerotier, and for free (lol I wonder why it's free). Zerotier is not requiered, it's just that it does the well very well, it is free software and I know how to use it, but you know other possible solutions (other than cloudflare ofc) ?
[manton], geoffo, [asuh], gRegor, gRegorLove_, [Joe_Crawford], [pfefferle], btrem, [contact898], sebbu, [qubyte] and barnaby joined the channel
# 20:44 
aaronpk GWG: [pfefferle]: since you are the ones behind the wordpress indieauth plugin, can we chat in the next week or two about what it might look like to experiment with the new FedCM API for IndieAuth?
ttybitnik joined the channel
# 20:57 
GWG aaronpk: I'm happy to. Any prerequisite reading?
# 21:01 
aaronpk Google has a good guide of the feature in general, but it's mainly for the Google use case of a centralized API https://developers.google.com/privacy-sandbox/3pcd/fedcm-developer-guide
# 21:01 
aaronpk This issue has some background and details on the specific feature in question, which is IdP registration https://github.com/fedidcg/FedCM/issues/240
# 21:04 
aaronpk [manton] actually I wonder if micro.blog could add this as a login
# 21:04 
aaronpk as a login mechanism
# 21:04 
aaronpk so people could sign in to their micro.blog account with their own IndieAuth server, without having to type in anything! Want to try it out?
[aciccarello] and [0x3b0b] joined the channel