@sheogorath @wiktor I missed the thread there, what kind of tool are you thinking of?

We did a practice pitch this week. It was cool. Do you know any grant funders we should be speaking to?

Weeknotes from @ian The future, customers and funders 🔮 fluidkeys.com/weeknotes/week-3

❔Collect less
🔒 Encrypt more
❌ Delete often

A simple but uncommon recipe for a safer, more respectful way of running an organisation.

@sheogorath I like the idea of calling them. How do you (personally) check if they support encrypted email?

@wiktor It was @ian trying to log in: I made him use my number as a recovery method instead of his own, as mine is a little better protected against sim swapping.

@Alastair Indeed! Turns out I made @ian use my number on his account (it has better protection against sim swapping than his own number)

Puzzled (and initially alarmed) why I got a Github 2-factor SMS out the blue yesterday. I don’t have SMS 2-factor on any of my accounts...

I can feel the pressure of the last few weeks subsiding. Released Fluidkeys 1.0 yesterday and appeared on FLOSS weekly podcast today. Quite a few sleepless nights! But we did it! And we get a (sunny) change of scene at the Internet Freedom Festival in Valencia next week ☀️

@sheogorath Yeah totally, well in this I didn't read the article because it was easier to hit "back" than dismiss the popups, so perhaps people will just stop reading it naturally :)

I thought it was quaint that our members of parliament physically walk through a counting area, and are physically counted, until I watched it in realtime. FFS, get an electronic vote counting system like everyone else.

@wiktor Thanks for pointing our way Wiktor! @zerok I'd be really up for a chat to understand your use case (regardless of whether it fits Fluidkeys.) Are you up for a quick call sometime?

@wiktor Yes indeed! I'm thinking about this too.

If I'm only concerned about *read-only* mitm then we could host the pins online somewhere rather than bake them into the app

@wiktor I was musing whether our login / challenge endpoint could provide more than just a signed token, but a session key that's *also* used to encrypt the whole session *inside* TLS

@wiktor Tunnelling: from the 1Password security whitepaper, page 45 "Transport Security":

@wiktor Yeah JWT is a great approach. Maybe we forget the tunnelling bit for now...

Show more
Open social media for the UK

A social media community hosted in the UK; part of the Mastodon/ActivityPub federated social network, which allows you to follow users on other communities. It's a bit like Twitter but without a single company in control.

If you use this server, you are required to abide by our Code of Conduct. If you don't like it, there are plenty of other communities you can use.

If you're coming here from Twitter, there are some very useful services to help you find friends and automatically crosspost toots that you might like to set up once you're signed in.


This is a volunteer-run community administered by @floppy, and hosted by Mastohost in the UK. Please support our running costs by joining the Open Collective and becoming a backer. Thanks go to our existing backers - this place exists because of them!

Service status is available from our status page and the @status account.