In-reply-to » @lyse I am part of the selective “can’t-watch-videos” generation 😅. It has to be something truly exceptional for me to watch it, otherwise I prefer reading.

@bender I agree. For learning, reading is heaps better. There’s also the very powerful Ctrl+F that I do not want to miss.

⤋ Read More
In-reply-to » Can't watch this. What the hell, why would you put a silly chat on the screen!? Distracting af.

@lyse@lyse.isobeef.org I am part of the selective “can’t-watch-videos” generation 😅. It has to be something truly exceptional for me to watch it, otherwise I prefer reading.

⤋ Read More
In-reply-to » Oh come on. The waffle fell off the plate and hit the door and then the floor. Of course with the apple sauce side each.

@prologic Absolutely! I sure ate it after cleaning up the giant mess from door and floor. The good homemade apple sauce! :-(

⤋ Read More
In-reply-to » @bender Hmmmm I'm not sure about this... 🧐 Does anyone have any other opinions that know this web/session security better than me?

@prologic I do NOT claim to be an expert in that realm. I’ve seen different things being implemented in the guise of “remember me”. But I reckon the most common scheme, when this checkbox is activated, is to issue a dedicated, long-lived refresh token in a login cookie. I’m sure it is known under several different names. This “remember me” login cookie is separate from the actual short-lived session cookie.

Part 2 of this answer explains it fairly well: https://stackoverflow.com/a/477578 Also, this was a nice read: https://web.archive.org/web/20180819014446/http://jaspan.com/improved_persistent_login_cookie_best_practice

It depends on your threat model, but the use of public computers in libraries, internet cafés or similar is probably the most relevant here, when arguing against activating “remember me”. These days, shared computer use is declining I’d assume. With twtxt being a niche for more computer-affine folks, I’d reckon this threat is not that high up the list. On the hand, you want to bring yarnd to the average non-nerd user, so this threat might actually rank more important.

It’s probably okay and safe enough to remove “remember me” entirely and just issue a long-lived session cookie and be done with that. Optionally, power users or the administrator could benefit from configurable cookie lifetime(s).

⤋ Read More
In-reply-to » @eldersnake I just installed 127.0.1 (64-bit) tonight and tested and it worked just fine. Try upgrading and roll that commit back and see if it still repros? 🤔 I'm almost willing to bet this is a bug 🐛

@prologic Haha, my brain thought, that loopback address is missing a zero. :-D

⤋ Read More
In-reply-to » @prologic It's weird though cos I could reproduce it on any of my browsers on either my laptop or phone 🤔

@prologic@twtxt.net Yes very very strange! I truly don’t know where to start on that one 🤣 Must be one of those really weird edge cases. Thanks for your help on this, I can at least post normally now.👌

I’ll check logging in etc tomorrow, time for bed lol 😴

⤋ Read More