Crickets, of course, referring to the sound this mailing list has been
making lately.
Are you folks still out there? Still want to make awesome webpages and
shit on the internet? Who wants to <verb> an <object> with me? Yay!
Alright sorry I'll let you go back to your cryosleep chamber.
-Travis
The wiki has been updated with...information on how to contribute to
the wiki!
https://tilde.club/wiki/wiki.html
Wiki about wiki. Very meta.
The basic gist (no pun intended) is that you have to get your Markdown
file into Github somehow, but also I'm willing to Markdown your article
and post it for you if you like.
Would love to see some new articles. And if you want to hack on the wiki
"software" itself, I'd be happy to chat in IRC about it. I've got some
experience now.
-Travis
Dear all,
Hello, world! I'm the new guy on tilde.club. Thank you very much for a great platform and all the hard work and time you invest into it! I have been reading the Wiki pages and I would like to suggest a few improvements:
* It may be a good idea to start grouping articles under the topics: command line, terminal multiplexers, security, text editors...
* The link to the SSHFS tutorial doesn't work. It seems the file has been deleted.
* The SSH tutorial from Ben Harri could benefit from a better colour for showing terminal commands. Currently it is dark blue. On a black background it is very hard to read.
Thank you for your attention and have a wonderful day ahead!
--
Best wishes,
Maxim
I hope everybody is faring well through the uncertainty of this COVID-19
pandemic. If you're stuck at home and looking for something fun and new
to do, try out the new tildeverse space we set up on yourworldoftext.com:
https://www.yourworldoftext.com/~tildeverse/
As with all things in the tildeverse, keep it positive!
cmccabe
Hello all,
Google auth wasn’t the highest on the poll that I ran. However I do feel 33% in favour of google auth or options like it is enough for me to implement the feature.
To use google auth you also need to enter your password for your account on login.
Information on getting google auth setup you can go on our wiki.
https://tilde.club/wiki/googleauth.html
If you’d like to see more options reply to this email with suggestions and I may look at implementing them.
Thank you to everyone that participated in our poll.
~deepend
Just looked. From what I read the phishing attack would really only work for accounts that someone would have to goto a web page for login (which could be faked) and get the details. But for ssh login there is not the same risk.
Thanks
> On Feb 26, 2020, at 11:34 AM, Jeffrey Paul <sneak(a)sneak.berlin> wrote:
>
> The phished credentials are generally used immediately to take over the account.
>
> --
> Jeffrey Paul
> sneak(a)sneak.berlin
>
>> On Wed, Feb 26, 2020, at 10:26 AM, deepend wrote:
>> Would be interested in hearing more information on how someone is
>> phishing a code that is only valid for like 30 seconds? Is there more
>> to that story then just phishing?
>>
>> Thanks
>>
>>
>>>> On Feb 26, 2020, at 11:09 AM, Jeffrey Paul <sneak(a)sneak.berlin> wrote:
>>>
>>> Note that for U2F you also need ssh client support, so this would require a lot of people to recompile their ssh client.
>>>
>>> Due to the fact that those six digit numeric 2FA codes (TOTP) are phishable, I recommend sticking with a split-key system like U2F or plain ol’ ssh keys. The latter is widely supported, even on things like iPads and the like, and needs no special client support.
>>>
>>> If you are using a full Yubikey for U2F (and not the cheaper blue U2F-only Yubikey), you can use the Yubikey in a smart card mode to generate and store an old-style SSH keypair. This is what I do and it works great.
>>>
>>> Best,
>>> -sneak
>>>
>>> --
>>> Jeffrey Paul
>>> +1 312 361 0355 (voice, sms, Signal)
>>> This message content should be treated as confidential, and if you are an attorney, should be handled as privileged.
>>>
>>>
>>>>> On Feb 26, 2020, at 09:58, ngp <ngp(a)tilde.club> wrote:
>>>>>
>>>>> On Wed Feb 26, 2020 at 10:50 AM, deepend wrote:
>>>>> Found a file mentioning that Fido/U2F auth being available in 8.1. But
>>>>> some websites say it came in 8.2. Not sure who to believe.
>>>>>
>>>>> Tilde club currently runs Fedora 30.
>>>>
>>>> Fedora 30 appears to be up to OpenSSH 8.0p1, so either way it's not
>>>> available :/
>>>
>>
I understand that. But I what way is someone phishing a code that is available for 30 seconds? That would still allow it to be useable
Sent from my iPhone
> On Feb 26, 2020, at 11:34 AM, Jeffrey Paul <sneak(a)sneak.berlin> wrote:
>
> The phished credentials are generally used immediately to take over the account.
>
> --
> Jeffrey Paul
> sneak(a)sneak.berlin
>
>> On Wed, Feb 26, 2020, at 10:26 AM, deepend wrote:
>> Would be interested in hearing more information on how someone is
>> phishing a code that is only valid for like 30 seconds? Is there more
>> to that story then just phishing?
>>
>> Thanks
>>
>>
>>>> On Feb 26, 2020, at 11:09 AM, Jeffrey Paul <sneak(a)sneak.berlin> wrote:
>>>
>>> Note that for U2F you also need ssh client support, so this would require a lot of people to recompile their ssh client.
>>>
>>> Due to the fact that those six digit numeric 2FA codes (TOTP) are phishable, I recommend sticking with a split-key system like U2F or plain ol’ ssh keys. The latter is widely supported, even on things like iPads and the like, and needs no special client support.
>>>
>>> If you are using a full Yubikey for U2F (and not the cheaper blue U2F-only Yubikey), you can use the Yubikey in a smart card mode to generate and store an old-style SSH keypair. This is what I do and it works great.
>>>
>>> Best,
>>> -sneak
>>>
>>> --
>>> Jeffrey Paul
>>> +1 312 361 0355 (voice, sms, Signal)
>>> This message content should be treated as confidential, and if you are an attorney, should be handled as privileged.
>>>
>>>
>>>>> On Feb 26, 2020, at 09:58, ngp <ngp(a)tilde.club> wrote:
>>>>>
>>>>> On Wed Feb 26, 2020 at 10:50 AM, deepend wrote:
>>>>> Found a file mentioning that Fido/U2F auth being available in 8.1. But
>>>>> some websites say it came in 8.2. Not sure who to believe.
>>>>>
>>>>> Tilde club currently runs Fedora 30.
>>>>
>>>> Fedora 30 appears to be up to OpenSSH 8.0p1, so either way it's not
>>>> available :/
>>>
>>
Would be interested in hearing more information on how someone is phishing a code that is only valid for like 30 seconds? Is there more to that story then just phishing?
Thanks
> On Feb 26, 2020, at 11:09 AM, Jeffrey Paul <sneak(a)sneak.berlin> wrote:
>
> Note that for U2F you also need ssh client support, so this would require a lot of people to recompile their ssh client.
>
> Due to the fact that those six digit numeric 2FA codes (TOTP) are phishable, I recommend sticking with a split-key system like U2F or plain ol’ ssh keys. The latter is widely supported, even on things like iPads and the like, and needs no special client support.
>
> If you are using a full Yubikey for U2F (and not the cheaper blue U2F-only Yubikey), you can use the Yubikey in a smart card mode to generate and store an old-style SSH keypair. This is what I do and it works great.
>
> Best,
> -sneak
>
> --
> Jeffrey Paul
> +1 312 361 0355 (voice, sms, Signal)
> This message content should be treated as confidential, and if you are an attorney, should be handled as privileged.
>
>
>>> On Feb 26, 2020, at 09:58, ngp <ngp(a)tilde.club> wrote:
>>>
>>> On Wed Feb 26, 2020 at 10:50 AM, deepend wrote:
>>> Found a file mentioning that Fido/U2F auth being available in 8.1. But
>>> some websites say it came in 8.2. Not sure who to believe.
>>>
>>> Tilde club currently runs Fedora 30.
>>
>> Fedora 30 appears to be up to OpenSSH 8.0p1, so either way it's not
>> available :/
>
