#dev 2025-02-21

2025-02-21 UTC
ttybitnik and [benji] joined the channel
# 00:36 
[benji] [gRegorLove] nice! Happy it was a relatively easy fix
[tw2113], btrem, grufwub, CRISPR, geoffo, nemonical, jak2k, parnikkapore_x, GeneticJen, [qubyte], NaomiAmethyst and ttybitnik joined the channel
# 13:11 
[jeremycherfas] Huffduffer front page OK for me, but my tags too are missing.
oodani, nemonical, MyNetAz, jak2k, ttybitnik, jak2k1, doesnm, gRegor, thegreekgeek, [aciccarello] and small_cypress joined the channel
# 21:29 
livebay Hello, I have questions about d3.js... I wanted to add links to the label text,  like this <a><text></a>, but it didn't work. The <a> tag did appear, but I couldn't click on it
ttybitnik joined the channel
# 21:41 
[morganm] Could you post a code snippet of the full code ? Your phone example seemed like a sample
# 21:41 
[morganm] Code example*
# 21:46 
gRegor Do you have `href` attribute on the links?
# 21:46 
gRegor what is d3.js?
# 21:46 
Loqi It looks like we don't have a page for "d3.js" yet. Would you like to create it? (Or just say "d3.js is ____", a sentence describing the term)
# 21:59 
[tantek] what is d3
# 21:59 
Loqi It looks like we don't have a page for "d3" yet. Would you like to create it? (Or just say "d3 is ____", a sentence describing the term)
jak2k and [dave] joined the channel
# 22:16 
livebay I could only click on the link when <a> is surrounding the node, not the label
# 22:17 
livebay [morganm]: I was looking at this one: https://codepen.io/Prakarsha01/pen/JjqymVR, but I want to change it a bit, adding the links and stuff
# 22:22 
livebay gRegor: yes! I have it like <a href="" target=""><text>title here</text></a>
# 22:25 
livebay ```.append("a")
# 22:25 
livebay          .attr("target", "_blank")```
# 22:25 
livebay          .attr("xlink:href", function(d) { return (d.href); })
# 22:30 
gRegor Not familiar with d3, but my first thought would be to try `console.log` in that function to see what `d` is and if `d.href` is what you're expecting
# 22:31 
[tantek] can I get a quick review of https://tantek.com/2025/052/b1/steps-indieweb-cybersecurity for any errors, confusing bits, bad links?
# 22:33 
[Joe_Crawford] Why not just `.attr("xlink:href", d.href)` - I mean the code would be in an SVG right?
# 22:34 
gRegor [tantek], looks good! interested to hear more about the hardware key, though I can venture a guess
# 22:35 
[tantek] yeah the clue is right there with international travel
# 22:39 
[tantek] my goal is to publish every week (that I'm in town) at 13:37 (or create the post by then) and syndicate to IndieNews. Let's see if I can make that next week as well
# 22:41 
gRegor nice
# 22:41 
[tantek] I have LOTS of learnings turned tips to share
# 22:42 
[tantek] My plan is to share them in brief, takes only a few minutes to do, chunks so people stop and do them right away hopefully, rather than filing them away "to do later"
# 22:43 
gRegor Double checking my Gmail account right now
# 22:45 
gRegor Woo, 100% on the checklist for this post :)
# 22:45 
[tantek] gRegor++ congrats! you get a ⭐ 🙂
# 22:45 
Loqi gRegor has 31 karma in this channel over the last year (115 in all channels)
# 22:46 
[tantek] how long did it take you to check the checklist?
sebbu joined the channel
# 22:47 
gRegor Well I knew my Dreamhost and Gmail had 2FA on with the authenticator app, so just a couple extra minutes to double check I didn't have SMS as an option.
# 22:48 
aaronpk google keeps bothering me to add sms, and i'm like no
# 22:48 
gRegor And I guess a couple more minutes now to check I have my backup codes offline
# 22:48 
gRegor No hardware keys yet, though I've been curious to look into those
# 22:53 
aaronpk hmm, i have too many hardware keys, i should probably do an audit
# 22:54 
[tantek] 😬
# 22:55 
aaronpk i already had 2fa authenticator codes on my email/registrar/web host, and no SMS ✅
# 22:56 
[tantek] ⭐
# 22:57 
capjamesg[d] aaronpk Is it worth having a second hardware key?
# 22:59 
aaronpk yes, in case you lose one
# 22:59 
aaronpk most places that you can enroll a hardware key will let you enroll more than one
[snarfed] joined the channel
# 22:59 
[snarfed] ...or at least, some backup plan that's as secure as the hardware key
# 22:59 
[snarfed] often that's another hardware key, but it can be something else
# 22:59 
capjamesg[d] That was my impression but I didn't know for sure.
# 23:01 
aaronpk true
# 23:01 
[tantek] I'd flip it around, use an Authenticator app first, and then consider a hardware key you keep somewhere physically VERY "safe" as a backup plan
# 23:01 
aaronpk ultimately it depends on which types of authenticators the services support, but yes that's the more practical version
# 23:15 
[snarfed] the benefit of a hardware key that you lose from an authenticator app is phishing resistance
# 23:16 
[snarfed] you can get that from other methods too - password manager (if you only let it autofill!), phone/app prompt, passkey, etc
# 23:17 
[tantek] yeah phishing resistance is another aspect I agree. IMO browser pw manager autofill is the preferred way to do that
# 23:17 
[tantek] passkey-- for all the proprietary / centralization pressures it has placed upon the ecosystem
# 23:17 
Loqi passkey has -1 karma over the last year
bterry joined the channel
# 23:18 
capjamesg[d] It has gotten more confusing to use hardware keys.
# 23:19 
capjamesg[d] 1Password intercepts the webauthn call asking if I want to use a passkey in their software.
# 23:19 
capjamesg[d] But I don't! I want to use a hardware device.
# 23:19 
capjamesg[d] I have to click on an icon in 1Password to let the browser handle it.
# 23:20 
capjamesg[d] I recall that sometimes it goes to Apple though and they ask me to use a passkey with Touch ID, then I can click 'Other options' or whatever and select hardware key.
# 23:20 
[snarfed] hmm! 1pw doesn't do that to me. wonder if I turned off a setting somewhere
# 23:23 
aaronpk yeah i don't mind that because most of the time i want to set up a passkey in 1password, not a security key
# 23:26 
aaronpk i think the passkey rollout was a bit bumpy, but it's already better now and is heading the right direction, and solves more problems than it creates
[schmarty] joined the channel
# 23:27 
[tantek] The more pieces you introduce, the more confusing you make it, and the more you increase the chances of a security failure
# 23:27 
[tantek] aaronpk, I am not convinced that passkey solves more problems than it creates
# 23:28 
[tantek] I think, on the margins, its marginal costs in complexity and long term centralization (control/leverage) risks outweigh any marginal benefits it brings
# 23:41 
aaronpk gotta stop using the centralization argument, the credential exchange protocol was published in october last year https://fidoalliance.org/specifications-credential-exchange-specifications/
# 23:41 
aaronpk phishing-resistant authenticators are good, hardware keys are phishing resistant but cumbersome to use, passkeys are easier to use phishing resistant authenticators
# 23:47 
[snarfed] or, maybe another angle on that is, the initial passkey rollout hasn't been ideal either UX or decentralization wise, but there's nothing technical blocking us (everyone) from improving on both of those
# 23:47 
[snarfed] so hopefully we don't give up on the whole idea because it wasn't perfect out of the gate
# 23:50 
aaronpk yes that
# 23:58 
[tantek] yeah I'm ok with that telling folks "wait and see" for passkey
# 23:59 
[tantek] also fine opting out of the beta-test focus group, and certainly telling everyone I know who does not work in tech for a day job to similar let others sort out a better UX and high multivendor ecosystem and passkey portability across systems, devices etc.