Git security tip!

You might know that you can use a Yubikey or similar hardware key to store your SSH key... but forges like GitHub identify you by your public key, so you can only secure access to one GitHub account with a single key... not!

If you use ed25519-sk keys, you can have as many as you want!

The traditional OpenPGP Card setup can only store a few keys per YubiKey (only one of which is usually set up for signing/authentication), but using the newer FIDO2 ed25519-sk flow, the keys are stored "wrapped" outside your token so you can have an unlimited number.

There's a small catch though: With OpenPGP you can secure your key with a PIN/password verified on the token, and enter the PIN once to unlock it on first use, then just touch it for every authentication (until disconnect or reboot).

With ed25519-sk you can either require a PIN every time, or not at all.

You can still encrypt the "wrapped" key on your computer (that's what the new passphrase that ssh-keygen asks for does), but then that passphrase is checked on the computer so there's no attempt limit.

My personal hack is to use both. Encrypt the ed25519-sk private token with OpenPGP, cache it only in RAM when loading it into ssh-agent.

I wish FIDO2 had a "cached PIN/persistence" mode though! ;;

Edit: I'm being told resident mode can do what I want but it didn't work when I tried it... will update if I figure it out!

universities in the 1980s: writing the majority of internet standard RFCs and their implementations

universities now: moving away from Microsoft cloud is really hard okay? 🥺

We've just released Ardour 9.0 with pianoroll windows, cue recording and editing, region effects, a realtime perceptual analyzer, mixer strips importing and exporting, various quality-of-life improvements, and many more changes

Check out the full release notes: https://ardour.org/whatsnew.html

*looks up*
*looks down*
*looks up*
*looks down*
*turns blueprints over*

“Shit.”

Folks selling Kindle books, you should know that Amazon now offers the option to allow EPUB and PDF downloads of DRM-free books.

The option is presented when adding new books to Kindle, but for existing titles you have to opt-in for each of them to allow these new file formats.

(Amazon isn’t great, but when a rare customer-friendly option arrives, please take advantage of it!)

https://kdp.amazon.com/en_US/help/topic/GDDXGH9VR22ACM8U

#Kindle #Ebook #IndiePub

The robot apocalypse hasn't happened yet, but still I can't escape the feeling that something has gone horribly wrong... Cartoon for Dutch newspaper Trouw.

More of my work for Trouw: https://www.trouw.nl/cartoons/tjeerd-royaards~bcb45712/

#ArtificialIntelligence #creativity #work #GenerativeAI