Notices by rugk (rugk@social.wiuwiu.de), page 22

@justelex Du darfst deine Fallen doch nicht so offensichtlich stellen… so wird das doch nix… 😜

@jalcine @freakazoid @nextcloud yeah, would like that. Nextcloud is a good example, BTW. They show it very transparently and you can control all the details in a fine-graned way.

jaa… und es nervt auch total, dass das niemand ausstelt, wenn er auf Beiträge antwortet – die Antworten sind ja meist okay.

Gut evt kann man dieses auto-fill Verhalten auch verändern. Evt. mal einen Issue aufmachen…

@datenkanal Kann man da bei euch eigentlich Addons vorschlagen oder so? 😃

@justelex der musstte ja jetzt sein…

@flo V.a. bei den Jahren bzw. sehr alten Sicherheitslückwen wie #DirtyCow – wie alt iost das Update? Oder ist das etwa wirklich ein 2018er Update??
Wtf…

@jomo Yeah, okay, lol. 😃

Real #infosec story:

"Hey, we use these new #U2F #2FA #FIDO security keys to protect our data!"

"Yeah, that will increase our security very much!"

What they end up using: http://sdm.sourceforge.net/

#DES #MD5

@Gargron And, uhm… I am totally gonna doing this: (cc @ButterflyOfFire)

@Gargron Add your comment here, if you think that is not okay: https://github.com/2factorauth/twofactorauth/pull/3550

/cc @Gargron

See here how they removed #Mastodon(!): https://github.com/2factorauth/twofactorauth/pull/3446

With the very meaningful reason: "Self-hosted service so it shouldn't be listed here" 😡

In short: #2FA website twofactorauth.org does discriminate self-hosted services like #Mastodon and promote only centralized services. 😠

https://social.wiuwiu.de/@rugk/101065678953268739

@ButterflyOfFire Yeah, also consider upvoting things in https://github.com/2factorauth/twofactorauth/pull/3550 or sop they like or taking part in the discussion.

Maybe we can show them that decentralized services are important and must not be "discriminated".

@thomas nach GNOME extensions sollte man da doch als erstes ausprobieren 😉

When the favorite list of #2FA providers (https://twofactorauth.org/) does not want to include self-hosted service, because <no idea>.

So I've created a PR to be at least honest about that and prevent waste of contributor's time:
https://github.com/2factorauth/twofactorauth/pull/3550
(obviously, I would much more like it, if they just include services like #Mastodon and #Nextcloud etc.)

Also, notice https://www.dongleauth.info/ does it better: they already list #Mastodon (but not #Nextcloud: https://github.com/Nitrokey/dongleauth/pull/167)

/cc @Gargron

@thomas #tryBeforeYouCry 😜

@thomas It's the "alternative tab" GNOME extension. AFAIK now there is already an update with a fix out, so just update that.

Or just disable that extension. 😃

@jomo @gwenn yep, it's possible, but AFAIK hard. By default the authentication is also still done on Mozilla servers though, AFAIK, but all your data is stored on your own… (selfhosting the authentication server is harder, they say)