#dev 2024-12-22

2024-12-22 UTC
MyNetAz joined the channel
# 00:16 
capjamesg[d] aaronpk I am implementing OTP right now using https://pyauth.github.io/pyotp/. Are there attack vectors should I keep in mind w/r/t brute forcing?
# 00:16 
capjamesg[d] [edit] aaronpk I am implementing OTP right now using https://pyauth.github.io/pyotp/. Are there attack vectors should I keep in mind w/r/t brute forcing?
# 00:41 
[snarfed] capjamesg enrollment is important! when you enroll a user, make sure you have them enter at least one code and check it. also consider generating and accepting backup codes
# 00:41 
[snarfed] (feel free to ignore all of that if this is only for you yoursef)
# 00:42 
capjamesg[d] Wait...
# 00:42 
capjamesg[d] Does this apply for email-based OTP too?
# 00:42 
capjamesg[d] The flow is a user types in their password and if they are successful are prompted for a code emailed to them.
# 00:44 
aaronpk is there a reason you don't want to use passkeys instead of OTP? it's a much better UX
# 00:46 
capjamesg[d] It looks more complex to implement?
Kupietz joined the channel
# 00:49 
Kupietz Hey aaronpk, is there a particular reason the chat entry is 400px? I'm going to put in a pull request with a minor change to limit the max width to 95vw so it doesn't run off the right side of the screen on small old phones, but, is there a reason you don't want it to take up most of the horizontal width of the window on bigger screens?
# 00:51 
Kupietz Sorry, coming out of nowhere with that... just talking about my question the other day about the width of the entry field on these web chat screens.
# 00:58 
aaronpk it's been so long since i've touched any of that, feel free to tweak as needed
# 00:58 
Kupietz Check. Thanks.
MyNetAz, Nova_Guy, bterry, grufwub, gRegor, AcesAndEights, Kupietz, ttybitnik, nemonical, lucas1, sebbu2 and Hoinkas joined the channel
# 22:52 
capjamesg[d] I got TOTP implemented!
# 22:58 
GWG When talking to [tantek]2 earlier I suddenly want a simple micropub checkin app
# 23:21 
GWG  aaronpk: How do you end up with a repo for an iOS check-in app?
Kupietz joined the channel
# 23:38 
Kupietz capjamesg[d] Awesome! Congrats!
# 23:40 
Kupietz Authentication schemes are always challenging/frustrating/fun. I got oAuth implemented in a FileMaker app once, and, while it was fun, I was also glad that's the sort of thing you only really need to do once.
# 23:46 
GWG gRegor: What is the php framework that you were playing with?
# 23:48 
aaronpk GWG: I'm not sure I understand the question
# 23:50 
GWG aaronpk: Sorry, still have a headache. Story behind https://github.com/aaronpk/checkie
# 23:50 
Loqi [preview] [aaronpk] Checkie: A lightweight foursquare client for the iOS