I understand that. But I what way is someone phishing a code that is available for 30 seconds? That would still allow it to be useable
Sent from my iPhone
> On Feb 26, 2020, at 11:34 AM, Jeffrey Paul <sneak(a)sneak.berlin> wrote:
>
> The phished credentials are generally used immediately to take over the account.
>
> --
> Jeffrey Paul
> sneak(a)sneak.berlin
>
>> On Wed, Feb 26, 2020, at 10:26 AM, deepend wrote:
>> Would be interested in hearing more information on how someone is
>> phishing a code that is only valid for like 30 seconds? Is there more
>> to that story then just phishing?
>>
>> Thanks
>>
>>
>>>> On Feb 26, 2020, at 11:09 AM, Jeffrey Paul <sneak(a)sneak.berlin> wrote:
>>>
>>> Note that for U2F you also need ssh client support, so this would require a lot of people to recompile their ssh client.
>>>
>>> Due to the fact that those six digit numeric 2FA codes (TOTP) are phishable, I recommend sticking with a split-key system like U2F or plain ol’ ssh keys. The latter is widely supported, even on things like iPads and the like, and needs no special client support.
>>>
>>> If you are using a full Yubikey for U2F (and not the cheaper blue U2F-only Yubikey), you can use the Yubikey in a smart card mode to generate and store an old-style SSH keypair. This is what I do and it works great.
>>>
>>> Best,
>>> -sneak
>>>
>>> --
>>> Jeffrey Paul
>>> +1 312 361 0355 (voice, sms, Signal)
>>> This message content should be treated as confidential, and if you are an attorney, should be handled as privileged.
>>>
>>>
>>>>> On Feb 26, 2020, at 09:58, ngp <ngp(a)tilde.club> wrote:
>>>>>
>>>>> On Wed Feb 26, 2020 at 10:50 AM, deepend wrote:
>>>>> Found a file mentioning that Fido/U2F auth being available in 8.1. But
>>>>> some websites say it came in 8.2. Not sure who to believe.
>>>>>
>>>>> Tilde club currently runs Fedora 30.
>>>>
>>>> Fedora 30 appears to be up to OpenSSH 8.0p1, so either way it's not
>>>> available :/
>>>
>>
Would be interested in hearing more information on how someone is phishing a code that is only valid for like 30 seconds? Is there more to that story then just phishing?
Thanks
> On Feb 26, 2020, at 11:09 AM, Jeffrey Paul <sneak(a)sneak.berlin> wrote:
>
> Note that for U2F you also need ssh client support, so this would require a lot of people to recompile their ssh client.
>
> Due to the fact that those six digit numeric 2FA codes (TOTP) are phishable, I recommend sticking with a split-key system like U2F or plain ol’ ssh keys. The latter is widely supported, even on things like iPads and the like, and needs no special client support.
>
> If you are using a full Yubikey for U2F (and not the cheaper blue U2F-only Yubikey), you can use the Yubikey in a smart card mode to generate and store an old-style SSH keypair. This is what I do and it works great.
>
> Best,
> -sneak
>
> --
> Jeffrey Paul
> +1 312 361 0355 (voice, sms, Signal)
> This message content should be treated as confidential, and if you are an attorney, should be handled as privileged.
>
>
>>> On Feb 26, 2020, at 09:58, ngp <ngp(a)tilde.club> wrote:
>>>
>>> On Wed Feb 26, 2020 at 10:50 AM, deepend wrote:
>>> Found a file mentioning that Fido/U2F auth being available in 8.1. But
>>> some websites say it came in 8.2. Not sure who to believe.
>>>
>>> Tilde club currently runs Fedora 30.
>>
>> Fedora 30 appears to be up to OpenSSH 8.0p1, so either way it's not
>> available :/
>
Hey ~clubbers.
I know some people are not fans of public key authentication. So here is a poll I’d like to see if we can improve things since password only auth will not be returning.
http://www.strawpoll.me/19445663
Look forward to the result :)
Hello Everyone!
I will first like to welcome everyone that has joined since we brought tilde.club back from idle. As well would like to welcome back many users that have returned.
We have been working hard in the background to keep things going in a positive direction and hopefully users like the direction things are going. (Feedback is always good and welcome if any of you have thoughts on this)
This was mostly a post to let you know that for awhile now we have had a mastodon account and up to this point it has been fairly quiet. I am going to start posting more information and updates regarding the state of tilde.club and things we add or improve. If you would like to follow and keep informed please go to
https://tilde.zone/@tildeclub
Otherwise I will also try to post on the mailing list for those who don’t want mastodon.
Hope to see you all on the server and continue this journey forward.
Thanks
~deepend
Dear ~club:
Just to give myself some breathing room, I'm going to reduce these
workshops to one ever two weeks. I hope at least some of you are enjoying
them. They're moderately fun to write, in any case.
I have a different sort of idea for this workshop. Rather than all going
off and doing our own thing on our own pages, let's use this mailing list
to work collaboratively on something.
Yesterday's xkcd[0] was about putting some effort into a response to a pun
or similarly repellent joke by forming a sentence out of place names and
linking them together with driving directions. (And if you think that was
easy to explain in text, then you're wrong.) I think this is a great idea,
but I don't happen to have a list of word-to-place-names ready at hand.
How am I supposed to make witty comebacks without a list?
(Incidentally, you might call this list that links words to place names
a... map.)
My first thought was to try to come up with this list myself, but that's a
lot of work. Then I thought that lots of other readers of xkcd might want
a list, too. Why not distribute the work amongst us so that we all may
benefit? I'm sure there are already groups out there who are doing this
exact thing, but I say we give it a shot anyway.
~club, your challenge this bi-week is to reply to this message with some
common words or phrases expressed as place names. I'll start:
friend ---> Friend, Nebraska[1]
I'll keep track of the mappings we come up with---feel free to do the
same---and I'll post them on my tilde.club page. Also: bonus points if
you've been to any of the places you reply with or know something neat
about them!
If you're looking for ideas on what words to use, consider drawing from
the most common English words[2]. They'll be the most useful.
Good luck, ~club, and happy mapping,
Bradley
[0]: https://xkcd.com/2260/
[1]: https://en.wikipedia.org/wiki/Friend,_Nebraska
[2]: https://en.wikipedia.org/wiki/Most_common_words_in_English
Dear ~club:
I hope you had fun folding---or at least trying to fold---a paper crane.
As I mentioned last week, it's a surprisingly calming activity, and I
recommend it if pixels (or any other things) are getting you down. You can
take a look at my first somewhat successful attempt [here][0]. (The
numeral "1" printed on its wing means that it's my first passable crane.)
That was a decently interesting excursion in meatspace, but now it's time
to return to a more familiar region. In fact, let's go all the way home
and talk about tilde.club.
I can only assume that if you're reading this, you've been to the
tilde.club website. It stands in striking contrast to the gelatinous
blobules of JavaScript that we call modern websites and acts as a reminder
of the simplicity of the early Web. It's enough to bring a tear to my eye.
But perhaps you, like me, have noticed that the water in your eyes
actually has less to do with nostalgia and more to do with the...
"striking" appearance of the website. It is---and let's be fair about
this---a bit orange.
~club, by special and specific request of the administrators of this
here tilde.club server, your task this week is to redesign the website. At
least one user (~maz)[1] has made a wonderful attempt which features 30%
less eye-searing orange, but don't let that stop you from using other
design features like "other colors" and "non-fixed width fonts".
I have reason to believe that particularly good designs will be considered
as potential replacements for the current one, so take that as motivation,
if you like. Just remember that whatever you design should contain the
same basic information as the current site. Other than that, it's up to
you.
Have fun,
Bradley
[0]: https://tilde.club/~bradley/assets/img/paper-crane.jpg
[1]: https://tilde.club/~maz/tilde.club/
Dear ~club:
I do hope you had some fun setting up or updating your blog. I wrote a
little thing myself to satisfy the criteria of this challenge, which you
can find [here][1]. If you want to, go ahead and reply with your own shiny
new blog or post on the previous thread. I didn't get a chance to see many
of them, and I'd like to check them out if I can.
Let's try something different. Up to now, pretty much all of the
challenges I've presented here have been to do a thing right here on
tilde.club. I have quite a few more of this kind listed in a file in my ~,
so don't you worry about that, but this week I want to go rogue and
challenge you to do something in meatspace.
Some weeks ago---quite on a whim---I decided to learn how to fold a paper
crane. Or, at least I *tried* to learn. I still haven't quite succeeded,
although the attempts I've made to date have come closer and closer to the
proper article. Anyway, I've been enjoying the sensation of folding and
the pride of completing something I didn't know how to do. These aren't
new sensations, really, but they're novel for me since they came from
something so simple and analog.
~club, I challenge you to fold a paper crane, or if you prefer, just
do an origami. When you're finished---or have had enough---post a photo of
what you made to your tilde.club page, or drop a link or path in IRC.
(Photos of failed attempts and franken-paper are welcomed and encouraged.)
[This site][2] was a good resource for me, but feel free to go above and
beyond (or stay below and well-within, if you like). Just have fun, and
let us all know how it goes.
Get foldin',
Bradley
[1]: https://tilde.club/~bradley/2020/01/09/rodents-snakes-and-adhesive.html
[2]: https://origami.me
Dear ~club:
Don't forget: the next biweekly IRC party is tomorrow night EST, or about
a day from now. Let's try to kick things off around 5:00, and we'll see
how far we get.
To quote Ben:
> You should be able to run "chat" from your shell to open weechat and
> connect to our network. You can reach our network on localhost port 6667
> from tilde.club itself or by connecting to irc.tilde.chat on port 6697
> with ssl externally.
>
> There's also a webchat at https://web.tilde.chat/
>
> Join the #club channel!
>
> Info on our wiki: http://tilde.club/wiki/chat.html#irc
Bring your finest keystrokes and casseroles to share. See you tomorrow
night!
Bradley
Dear ~club:
Did you successfully infiltrate the gopherhole? I didn't realize just how
fun gopher can be, and it was really nice to have a tiny fraction of the
feeling I got when I first learned basic HTML. I managed to write some
Python glue to translate my Jekyll blog to a gophermap. My script doesn't
support the Liquid templating that I sprinkle into some of my posts, and
the links and images are still to places on the Web, but the majority of
the content is there. I'm also looking for OC images of literal gophers to
post there. If you have any, please send them to me.
Speaking of blogs, have you got one? I run one on my personal site and
mirror it over here on ~club, and it's proven to be a nice place to put
words. It's a cute little static site, and it's just as minimal and
single-purpose as I want it to be. I don't even like writing that much,
but there's something nice about getting some of my thoughts out
somewhere.
This week, ~club, your challenge is to make a blog. Take that any way you
want to (long-form posts with Jekyll, Hugo, et. al., microblogs with some
other platform, homemade system, etc.). I've noticed that some of you have
your own versions of blogs and microblogs running here, and I think that's
great. In that case, your challenge is to update it. Make a new post,
change up the theme, whatever makes you happy.
In your excitement, don't forget the ~club rules: don't run a server or do
anything that takes up too much of any shared resource (disk, network,
memory). Shoot for a static site with optional JS and you'll be fine.
Once you've got something set up, please let us all know by replying here
with a link.
Happy blogging,
Bradley
Dear ~club:
I saw that many of you made (or are even currently making) it snow on your
pages. Well done. I wasn't sure I was going to be able to make it happen,
being that I approach CSS in much the same way a ferret approaches a game
of shuffleboard---that is, incoherently and more or less according to
chance---but at the last moment I managed to find a post online that was
simple enough for me to understand. The results are about as bad as
expected (complete illegibility), but alas, it's only exactly what I asked
for. I doubt it will last through the week on my page.
Well, ~club, here we are. The year of middle-distance predictions is upon
us. How many of us will turn out to have been wrong about what we thought
we'd be doing with ourselves in 2020? I remember reading an article in a
magazine about 15 years ago that claimed we'd all be rid of cables by now
because long-distance wireless charging would be ubiquitous. This and
similar drivel will fall to the slowly-advancing bulldozer blade of time
this year. A shame, really, since the only thing 2020 did wrong was be a
round number for futurists to pluck out of the timeline.
But! It's not all bad. New years mean new opportunities for learning,
growing, and all that stuff you learned on PBS. This week, I propose that
we look forward into the new year by pulling something out from the past
and taking it with us.
I'm not familiar with gopher, but some light reading has revealed that
it's a way of organizing information on the Internet that sort of got its
lunch eaten by the Web. Many of you have more grey in your beards than me
(visible or not) and know first-hand what gopher is like. In any case,
~club, your task this week is to do something with your gopher space here
on tilde.club. A "hello world" will suffice, but I encourage you to do
what you can to make it interesting. When you do, be sure to post it here
so we can all check it out!
Since I don't personally know much about gopher, I haven't even checked to
see if anyone is using it on this server. I haven't seen anyone mention
it, but that doesn't necessarily mean anything. If you've already got
something going over there, great! I'll see you there. If not, then I
encourage you to take this small step with me.
To the gopherhole!
Bradley