@mattly Get a Yubikey (U2F/Webauthn). It's super convenient to use: makes 2FA a quick tap. It's worth getting one anyway for all your accounts, as it's automatically phishing-proof. Instead of being contrarian you can solve the problem well.
Top-level
16 comments
@mattly so fuck anybody who'd ask you to take basic table-stakes measures to secure your account? 🙄 Delete your account @kornel You’re still missing my point. Jan got it in one: https://narrativ.es/@janl/113196980067238490 I am not a “supplier” or part of a “supply chain”: https://www.softwaremaxims.com/blog/not-a-supplier The post is doing enough numbers to attract people like you, so obviously the sentiment is resonating. Maybe it’s worth examining why you’re championing a capitalistic model in the name of open source? @stonebear @mattly To me account security in shared environments is like hygiene. When one person's security stinks, it affects others. To me the real rudeness is in doubling down on bad hygiene when told that your security stinks. Supply chain security in OSS is already a hot mess, and doesn't need even more worrying about impersonation just because someone *wants* to have poorer security to show a computer who's the boss. @kornel @stonebear also if you actually read my post instead of inventing a straw man you’d see that I’m not actually ADVOCATING for removing 2FA; it’s the sentiment of “something you did in the past makes you a threat to a system you didn’t consent to be a part of” “Supply Chain” security in OSS is going to continue to be a hot mess until it has the properties of a supply chain the actual real world, primarily the exchange of money. https://softwaremaxims.com/blog/Not-A-Supplier @mattly @stonebear I'm just talking about 2FA. It's perfectly reasonable to require 2FA on all accounts. It's safer to err on the side of requiring unimportant accounts to have 2FA, than risking an important user to have an account compromised. That is entirely orthogonal to the funding structure. The risk and responsibility exists due to code sharing and trust structures, regardless whether people are paid for it or not. On Star Trek they'd require you to have 2FA too. @kornel @stonebear And my post is not about 2FA. The point is not that, and you continue to see past it. @mattly @stonebear I've just responded to a single toot that @janl boosted where you wanted to disable 2FA in a tantrum. It's just not a sensible reaction to a reasonable requirement. There are much bigger problems, but your defiance isn't solving them, and would just create more if 2FA wasn't mandatory. @mattly @stonebear @janl As for your post: The fact that you don't fit a definition of a "supplier" doesn't mean you're not involved in this software-thing, only that the label given to it doesn't properly describe who the participants are. @mattly @stonebear @janl 2. And you've used "FOSS" term for what is OSS, but that's not surprising, since it was designed to be confused. @kornel @mattly @stonebear for the love of god, please accept that you misread the post and stop. |
@kornel congratulations on missing the point