Sitwon @sitwon@librem.one
Joined Jun 2019
I just completed "Trebuchet?!" - Day 1 - Advent of Code 2023 #AdventOfCode https://adventofcode.com/2023/day/1
Embarrassingly slow solve time, especially for the second part. I'm getting rusty.
@yogthos Voting works. It just isn't enough to _only_ vote. The minority interest groups who consistently show up to the polls benefit when we disenfranchise ourselves with this kind of defeatism.
@IAmDannyBoling The "it was stolen from you." part feels particularly dangerous.
It was "normal" for many Christian white families. Also, one member of the family was a full-time, highly skilled, unpaid domestic laborer.
The rhetoric of the far right is that this lifestyle was stolen by people of color (especially black and immigrant) and women who gained footholds in the workplace since that time. Further, they allege that it was the coastal liberal elites who conspired to enable this theft.
@drwho I think for the most part those books fall victim to survivor bias. The author is someone who allegedly "made it", and they account the things the author credits for their success, but not based on any critical (let alone scientific) analysis.
The rich benefit from systems we have built in our society (like taxes and banking) that favor them and funnel wealth upwards. But that's a less compelling story than, "adopt my values and watch the wealth roll in."
@mkennedy
> That's my complaint is that I have to constantly 2FA something that should be trusted.
The longer the TTL on the cookie, the more exposed you are to that cookie being stolen and your 2nd factor being bypassed. Google's cookies last too long, which is why YT accounts (like LTT's) can be taken over even when 2FA is enabled.
@mkennedy That's 1) incorrect, and 2) super disingenuous.
1) The Yubikey failure there wasn't a FIDO U2F failure. He was using it as a smartcard for his GPG key and that's what failed. Even if it was the hardware that failed (always possible), you literally cannot enroll a hardware 2FA token without also creating backup codes or having some other alternate.
2) It wouldn't have failed the release, just delayed the signing. They could have released anyway without signing with that specific key.
These are two separate complaints I have about your 2FA rants. (#327, #293)
1) You have been dismissive and perpetuated fear and misconceptions about how hardware 2FA works and how safe/easy/effective it is.
2) In #327 specifically you were additionally complaining about short expiration times on session cookies.
2FA and session expiration work together to mitigate the risk of stolen credentials.
It's challenging to have a nuanced convo in this format.
@pythonbytes @brianokken @mkennedy In regards to the rant about 2FA, checkout LTT's recent video about the rash of YT account takeovers using stolen session cookies. These attacks bypass 2FA, because they impersonate your "trusted" browser.
I would also recommend Shannon Morse's hardware 2FA playlist for a deeper dive. She debunks a lot of the myths you've cited in the past.
https://www.youtube.com/watch?v=xalg8a3eIy4&list=PLeYHKbaShxTH0GV0jMstXygTRowCnAWiJ
@drwho they're not the only ones who ping me, but they sure are the most aggressive
@lertsenem Fossil or Veracity are git alternatives that can track and distribute issues as part of the repo.
Hello, world.
Joined Jun 2019
