Not going to lie, Twitter killing off free API access hits me in the feels. I remember with great affection the flood of creativity that happened after we opened up the API, and it's heartbreaking to see that unceremoniously strangled.
I'm relieved that we've got better alternatives, though. While this is perhaps the final straw for many bots on Twitter, it's been a long time coming and the API has long been hobbled compared to the early days. Open protocols or bust. ✊
@bmann I assume they're not going to be charging for *logins*. That'd be really dumb and I would laugh at their incompetence. 😂 Restricting access to eg the post API (or even any API access, eg for reader apps) makes marginally more sense.
My thought here is more: switch the "twitter.com" const to "birdbrainsformastodons.com" and all the old bots (and maybe even client apps) just work again?
@blaine re: logins, since it requires an “app” to be created and API credentials, at this point… 🤷♂️
And yes, totally get your point. With @moaparty we don’t really have a bunch of other people running instances so I would expect the same from this.
An initial API shim instance gets collectively managed. Work to have people host some of their own.
I often find myself wanting to use a metaphor based on the 1997 John Woo film Face/Off to explain my worries about decisions made inside organizations If you haven't seen it this likely won't make much sense to you, but my mental model of a "Face/Off situation" is when the last person inside an organization who understands the rationale for a particular decision has left, leaving a gap in institutional knowledge that results in terrible decisions being made (Yes this is about the bird site)
@lucid00 @jonoabroad @blaine @bmann I see Passkeys as mainly being about the fact that passwords are just a TERRIBLE form of authentication for the vast majority of people
They either forget them or they use the same password for every account. Password managers are a useful solution for a tiny fraction of the overall user-base
@simon @lucid00 @jonoabroad @blaine let me rephrase before Blaine twitches more: password managers are a necessary blight for super users.
Passkeys as a mass market passwordless solution that increases security by default is what we’re betting on at @fission
@jonoabroad @simon @lucid00 @blaine @fission a mass market friendly brand for WebAuthN that uses “software keys” rather than like Yubikeys, supported by Apple / Amazon / Google / Microsoft etc
Here’s Apple https://support.apple.com/en-us/HT213305
@bmann @jonoabroad @simon @lucid00 @blaine @fission I did some reading about passkeys, but couldn't find any information about handling certain real-world problem scenarios. Namely:
"Someone just stole my phone!"
Okay, are there solutions offering support for:
1) Having backup passkeys on secondary devices?
2) Remote invalidation of the lost phone's passkey?
How do passkeys support redundancy and key management? I couldn't find information on that.
@todd_smith @jonoabroad @simon @lucid00 @blaine @fission the major platforms are backing up / syncing passkeys across devices and in their respective cloud storage.
There is a growing directory of sites where you can try it https://passkeys.directory
And the WebAuthN demo site is likely the most obvious https://webauthn.io
Attached image is the success message after register / authenticate
#passkeys really are just getting started, so I put together a page on @fission’s public wiki with links to some resources https://talk.fission.codes/t/passkeys/4086 We’re working on adding passkey support to our #UCAN and #WebnativeSDK libraries which currently use the browser WebCryptoAPI for passwordless logins https://webnative.dev
blaine
Boris Mann
bengo
Simon Willison
Jono Ferguson
Lucid00
Todd Smith
Dick Hardt 
Robin Berjon