[02:03:19] https://meta.wikimedia.org/wiki/Tech/News/Recently_resolved_community_tasks [05:50:32] yubikey registration going really well [05:50:36] > [1febd49bb4686853ff02e08e] 2024-11-19 05:50:21: Fatal exception of type "InvalidArgumentException" [05:53:23] > [44e484f703906481001a3391] /wiki/Special:Manage_Two-factor_authentication InvalidArgumentException: User already has a key from a different module enabled (totp) [05:53:24] okay. [05:53:36] thanks, oathtool, very helpful [05:57:05] okay chat, i locked myself out of my miraheze account thanks to vanadium [05:59:20] https://discuss.grapheneos.org/d/12056-fido2-security-keys-on-grapheneos-a-summary, oh i need gapps [05:59:37] 1984 [06:04:41] okay, it works \o/ [06:38:52] how do i get the recovery codes when using webauthn for oathauth? or are they not a choice [06:41:00] They should be given to you at setup [06:41:05] But also you have 2 keys [06:41:10] You shouldn't ever need them [06:41:35] they weren't lol [06:41:37] but just making sure :p [06:41:45] plus, i have gpg for reset [08:11:23] that took me like... an hour to do :p [09:18:27] le success? [09:51:22] yeah i changed all my accounts [09:51:50] redone totp for the services that don't support security keys (like forgejo) [16:39:02] oh yeah, WebAuthN doesn't play super well on a CentralAuth setup currently, mainly that if you set it up on meta, you can only use it on miraheze.org subdomains, and not on custom domains [16:44:32] https://phabricator.wikimedia.org/T248339 [16:44:43] they say SUL3 will fix that issue [17:02:48] Last time I tried the use WebAuthn I almost locked myself out during my RfGA [20:15:37] [1/2] > redone totp for the services that don't support security keys (like forgejo) [20:15:38] [2/2] wait a sec, I only use Webauthn on Forgejo 🤔 [20:16:00] i mean, on forgejo i don't use totp just pass+webauthn [20:16:16] reject pass ascend to passwordless [20:16:40] nuuu [20:16:42] scawy [20:16:53] fiiiine [20:17:04] just put the password on the yurikey [20:17:05] ez [20:17:07] but also based tbh, so maybe one day i will [20:17:17] lol [20:17:23] sick party trick [20:17:32] password: the one-time code thingy you get when actuating the key in a text field :3 [20:17:40] TOTP [20:17:41] need to log in? just reset password :3 [20:18:17] ez [20:18:21] wait wait [20:18:25] I can color code my keys??? [20:18:33] https://cdn.discordapp.com/attachments/1006789349498699827/1308526852423417886/txkDN6f.png?ex=673e4418&is=673cf298&hm=8a298ae5000a5bc7a3a05f8693881fcc1c1eeb3bcfa13452b6da9c16e8ece8a6& [20:18:40] https://cdn.discordapp.com/attachments/1006789349498699827/1308526881632555140/IFC7k9D.png?ex=673e441f&is=673cf29f&hm=0f58ca82717aad666d38ed629697d5c1fb9308293d351ebf3038ecd039732b67& [20:18:44] whuh [20:18:51] what should I do for my main and backup keys [20:19:01] purple(main) and red(backup)? [20:19:09] yes [20:19:30] cccccbtgtbvrhflvrutrdnbjhgkrfhdurvvhibguegtb [20:19:54] :FernNote: [20:20:02] whoops [20:20:05] was looking at the key [20:20:12] it has flashy light [20:20:24] [1/2] noice [20:20:24] [2/2] https://cdn.discordapp.com/attachments/1006789349498699827/1308527317458485308/uTE9Hp0.png?ex=673e4487&is=673cf307&hm=c55a516522fd72e47e45cddd32d636357913bcc8d8ed0291e11678f6ef0ff884& [20:20:27] yurikey go blinky [20:21:59] now how do i do this [20:22:01] lets start with [20:22:03] discord! [20:22:38] a:DiscordDance: [20:29:13] alright [20:29:44] set up both TOTP and as a key [20:31:02] cant forget the most important thing [20:31:06] the icon pack! [20:31:24] time for mastodon [20:37:27] @urbanecm / @theresnotime hi, I’m wondering if you could review https://gerrit.wikimedia.org/r/c/mediawiki/extensions/TemplateStyles/+/1088709 and https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CSS/+/1088710 please? [20:44:00] drat [20:44:04] i may need [20:44:09] to re do for the spare key [20:44:11] actually [20:44:20] the secrets are in my clipboard [20:57:53] @rhinosf1 do you enable require touch typically [20:58:08] You should do [20:58:31] i am [20:58:49] the scared part of me wants to save the key secrets too eeeeeeee [20:58:55] No [20:58:57] No [20:59:08] lets not do that then [20:59:48] is it worth also saving the codes to my phone's normal MFA app? [21:00:37] Eh [21:00:40] Maybe [21:00:45] Or just keep your key with you [21:01:33] I want to be conservative with that. I lose things ez. if im on a trip or out of the house for a day or so yeah. but like if im going out for a few hours ill leave it home [21:02:03] Get a fancy key ring / fon [21:02:05] Fob [21:02:18] You can do merch research on miraheze key fobs [21:02:34] lol [21:02:40] i only have one other key though [21:02:41] my house [21:03:02] Or do what work did and find a like 10cm x 30cm bit of metal and attach that so you don't loose it [21:03:03] do you save passkeys? [21:03:15] I have passkeys on my yubikey [21:03:16] every time i open the passkey menu it glitches [21:03:37] everything goes spinny loady death spiral til i un and replug [21:03:45] Is there a help option [21:03:50] Or do you need an email [21:04:14] I can pull my laptop out and check on my key [21:05:12] ill prob try restarting and checking [21:05:26] it needed to confirm privledge escalation first so maybe that bugged [21:05:57] yea seems so [21:05:59] lets try again [21:06:50] mastodon is dumb [21:06:55] if it's still buggy, get the version, log and diagnostics from settings and email me [21:06:57] every time i try to add the key [21:06:59] it thinks [21:07:00] oh [21:07:01] and I'll raise it with program [21:07:12] they wanna add a passphrase to their browser [21:07:21] nah restarting the app fixed it [21:07:26] now its mastodon being dumb [21:07:27] ok cool [21:07:42] if it breaks again, feel free to email me and I can raise with program [21:07:43] let me see if apple is smarter [21:09:02] okay think apple worked [21:09:08] let try on pc if its on the key [21:10:23] so [21:10:25] the yubikey [21:10:39] works to login on my phone via the key for mast [21:10:42] but not firefox [21:10:43] bleh [21:10:46] whatever [21:11:08] oh yea [21:11:09] github [21:11:11] almost forgot [21:11:33] how do i mark my keys til i get a cover hmmm [21:12:29] putting main on my house key [21:13:06] i just use a sharpie lol [21:13:33] tru [21:13:45] my backup is gonna live in The Box once im done here [21:13:57] also yeah mobile firefox needs google services or microG, or at least Fennec does. Works fine with those on ime [21:14:27] with other critical stuff like my passport, SSN card, and my controversial anime rankings [21:14:47] `The Box` dun dun dunn [21:15:16] Ugh [21:15:31] I have like 3 boxes [21:15:34] I hate relying on open source repos to update to newever versions of software [21:15:41] Passport lives in the draw though [21:17:26] this is desktop [21:18:10] do i need to use another browser ugh [21:18:28] strange [21:18:30] :WorksOnMyMachine: [21:18:42] [1/2] hmmm [21:18:42] [2/2] https://cdn.discordapp.com/attachments/1006789349498699827/1308541989851107378/ebzZJVE.png?ex=673e5231&is=673d00b1&hm=647617ced723bf4a6e16702ff286601f3208782da675a9f4695da8ff9a84ffff& [21:20:11] so i add a passkey on my phone [21:20:14] does behave oddly for you? [21:20:22] and (when the passkey menu of the app works) [21:20:24] dont show [21:20:52] o i haven't tried passkeys, just FIDO2. I'd imagine it would work on firefox, but i haven't tried that specifically [21:22:18] [1/2] well GH is awesome and worked flawlessly [21:22:18] [2/2] https://cdn.discordapp.com/attachments/1006789349498699827/1308542897036984400/8k1Krer.png?ex=673e530a&is=673d018a&hm=1760b82231114a520f249adaf4d5d20392f4453e3c9f4f182c285b36a357ddac& [21:22:23] and its even password less [21:22:28] sick [21:22:41] might be the site being weird and ff not handling that right or smth [21:24:23] only windows hello [21:24:47] let me try [21:24:53] idk whats less bad chrome or edge [21:25:31] define bad ig [21:26:13] i use ungoogled-chromium when i need that engine, but might be extra [21:26:31] [1/2] anyways [21:26:31] [2/2] https://cdn.discordapp.com/attachments/1006789349498699827/1308543957009039444/rZxtvrU.png?ex=673e5406&is=673d0286&hm=0f4794400f57f7fdb47db3d809fd7be97e5ee19cb8d796ecf2af7758ad282e61& [21:26:37] good idea [21:26:52] im a creature of spite [21:27:19] -# some websites are silly, y no use standard web APIs instead they rely on chrome-only behaviors and break otherwise aaa [21:27:20] but also lazy so edge [21:27:28] creature of sprite [21:27:31] savages [21:27:37] i dont drink sprite [21:27:46] fair [21:29:30] well the key works to login on edge [21:30:06] main doesnt [21:30:08] let me fix [21:30:41] okay so edge too [21:30:47] its a windows skull momen [21:31:50] wait [21:31:53] no im just stupid [21:32:14] @avghelper you need to go through windows hello to get to the add key menu i think [21:32:19] :Facepalm: [21:32:56] aaa [21:33:06] worked [21:33:45] not showing in the app though [21:34:20] https://cdn.discordapp.com/attachments/1006789349498699827/1308545926587088906/4iyfNAr.png?ex=673e55dc&is=673d045c&hm=244c52c313414f1b11da1c559fb728a1bd9032591ec7ee1d58b82b19a7c679c9& [21:41:33] @rhinosf1 since mw dont support OPT is there a way to have it paste in the timed code to a site? since logging into meta and clicking the key pastes the one time password [21:43:08] Not sure [21:44:49] do you just use the app for it? [21:45:11] doesnt that defeat part of the anti phishing bit of i [21:48:50] ahh is this about icloud webauthn keys on mediawiki [21:48:59] I tried this on my wikimedia account [21:49:12] safe to say I very nearly got locked out and had to email t&s [21:49:32] they are very buggy [21:49:36] would not recommend [21:52:40] I did learn that [21:52:43] But no [21:52:47] This is windows [21:53:00] During my RfGA! [21:53:02] No joke [21:53:18] I was still logged in so OA removed it for me [21:53:19] windows is also very buggy [21:53:30] Linux laptop when [21:53:31] I have major objections to windows unless absolutely necessary [21:53:36] chromebook :trol: [21:53:52] either way I just use a mac lol [21:54:00] I have a windows computer for running solidworks but that's the only time I use windows [21:54:07] Rather kms [21:54:14] I have a locked down school one [21:54:18] :grrr: not very nice [21:54:53] I have one of them and I have one that I got for school, then left said school and now I use it as my lightweight laying in bed laptop [21:54:53] I think I'd almost pick a chromebook over a mac, almost [21:54:58] but I'd throw them both in the dustbin [21:55:09] if I couldn't reflash the chromebook with something more flexible [21:55:10] chromebooks aren't even that bad for basic web browsing tasks [21:55:26] chromebook is a google honeypot, that's bad enough for me [21:55:30] not great for special software [21:55:34] but it just about works [21:55:43] windows is a microsoft account shitty mess [21:55:43] raw basic tasks I could probably use it if I had literally no other device at my disposal [21:55:52] nope [21:56:01] you do not need a microsoft account whatsoever even on 11 [21:56:07] but they go out of their way to make that harder to pull off [21:56:12] in w11 don't you need a microsoft account to go through the basic obe [21:56:15] part of why I've dumped windows [21:56:21] not necessarily [21:56:27] if you do the 'normie' setup then probably [21:56:30] without doing nerdy hacker type shit [21:56:42] flash with rufus doesn't sound especially nerdy to me [21:57:06] it does to me when I literally use a mac lmfao [21:57:09] granted, the normal user probably won't [21:57:14] technically on a mac it's all linked to apple accounts [21:57:14] I blame the mac [21:57:19] but you don't need to use an apple id [21:57:25] so, same shit different company [21:57:35] no because you don't need it in the oobe [21:57:50] worse, in that microsoft still lets you bypass, still has a vast non ms ecosystem available, still lets you do kinda whatever [21:58:09] tbh we need a new operating system [21:58:19] I vote for amogOS [21:58:27] support linux or, imo the more sane, bsd ecosystem [21:58:36] all you're going to get on that without surrendering to apple [21:58:52] also expect a ping from me somewhere else within 3 mins once I compose that message and then pop back here [21:59:07] may or may not be watching immediately at that point [21:59:52] ok back [22:00:17] can't lie I now want to switch my chromebook into debian mode and try and install amogOS lmao [22:00:46] iirc chromebooks do weird shit that make it harder than usual to install over and hope it works nicely [22:01:10] if it's an arm processor I'd forget it, if intel the hope is there but I believe there's a dedicated distro (think it's debian based) that tries to bridge the gap [22:01:24] any 'amogos' is going to be mostly theme anyway so whatever does the job [22:03:40] @rhinosf1 thoughts on if i should add the key to my microsoft as passwordless or just a key? [22:05:10] [1/2] ..pardon? sir its a mobile key [22:05:10] [2/2] https://cdn.discordapp.com/attachments/1006789349498699827/1308553684359053343/dpydaiX.png?ex=673e5d16&is=673d0b96&hm=fef9648decfd5d7f08ff5831013033c7b68901446fefc7f05c81b6cfc5b03775& [22:05:34] [1/2] > This passkey can only be used on the device where it was created. [22:05:34] [2/2] oh i think its confused [22:08:29] or not [22:08:35] dont show up on other devices [22:08:36] huge L [22:20:29] Chromebooks ❤️ [22:31:10] I use a mac, but I have a windows VM (in VMWare) when needed [23:17:22] I'll take a look, but neither of those are extensions I really 'look after'