GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    ??? 妛彁 :xf_nyxsigil: :xf_nyxdisapproving: (nyx@social.xenofem.me)'s status on Wednesday, 07-May-2025 23:58:28 JST ??? 妛彁 :xf_nyxsigil: :xf_nyxdisapproving: ??? 妛彁 :xf_nyxsigil: :xf_nyxdisapproving:
    every time I look into webauthn I'm reminded that programmers are the definition of a useful idiot. having a cryptographic authentication standard should not rely on a user needing to have a goddamn yubikey (a thing that no one besides tech ppl own) or having their creds locked into a proprietary OS's TPM API. yes, it's technically more secure to do this, but if you can't implement something in software and have turbo-autism maximum security be an opt in feature, then you're effectively ensuring that we remain stuck with the classic email/password "standard" forever, which is not a standard and basically not secure in addition to then tying authentication to a user's identity via an email service provider

    we could live in a world where software is written to solve problems and make people's lives easier but no every single fucking thing is kneecapped by tech corporations and useful idiot technocrats who never think for a single fucking second about the social ramifications of what they're doing. this is a really benign example of the torture nexus phenomenon but like holy shit the tech industry can't even fucking just do things that would be a net positive and should be entirely apolitical

    after the revolution techbros will be thrown in a mass grave
    In conversation about 3 days ago from social.xenofem.me permalink
    • Embed this notice
      ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Wednesday, 07-May-2025 23:58:27 JST ✧✦Catherine✦✧ ✧✦Catherine✦✧
      in reply to

      @nyx (keepass supports webauthn without special hardware, this is a misunderstanding)

      In conversation about 3 days ago permalink
    • Embed this notice
      ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Thursday, 08-May-2025 07:23:40 JST ✧✦Catherine✦✧ ✧✦Catherine✦✧
      in reply to

      @nyx they inject javascript into every page that overrides browser's normal webauthn flow lol

      In conversation about 3 days ago permalink
    • Embed this notice
      ??? 妛彁 :xf_nyxsigil: :xf_nyxdisapproving: (nyx@social.xenofem.me)'s status on Thursday, 08-May-2025 07:23:41 JST ??? 妛彁 :xf_nyxsigil: :xf_nyxdisapproving: ??? 妛彁 :xf_nyxsigil: :xf_nyxdisapproving:
      in reply to
      • ✧✦Catherine✦✧
      @whitequark you're right, I forgot about that although I have never once seen any information on how to actually implement webauthn in software so unless the keepassx team just figured it out from the specification (which tbf I can't into reading RFCs so maybe that's what they did) I have only ever seen it done by emulating the authenticator hardware lmao. but I'll have to look at their code I suppose and see what they did
      In conversation about 3 days ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.