full caps, 'screaming@littlefox AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
@MarkAssPandi@doskel@errant Inbound traffic can only connect if a program is listening on that port and the local firewall is open. Something like SSH should be fine; barring any bugs it will only let authorized connections.
Problem I guess is either something legitimate exposing an unsecured service, like if you were running telnet, or malware listening for commands. I'm not sure how much of a problem NAT provides to malware. Maybe NAT traversal is too much effort, but having it call back to your server protected by cloudflare seems popular anyway. IPv6 address space is so large you may need to do that anyway rather than scan the entire internet(?). Idk, I'm not an expert here
@futurebird For all the "think of the children", youtube is terribly hostile to older folks too. Well, everybody really, but young folks and elderly seem especially susceptible.
@lunareclipse@solonovamax Thanks, so I don't think I was missing anything. I still feel fine not using them personally then. A password manager browser extension can do domain based matching which makes phishing more difficult on the web while also making login easier. So the main benefit is that passkeys always do this, and oauth sessions may be more easily revoked or expired.
Passkey shaped things also means that server side they can't be storing passwords in plaintext or hashed with md5 without a salt or anything, so there's that too.
@lunareclipse@solonovamax I do wonder how the phishing resistance would work for anything that has multiple legitimate clients. Anything like IRC, xmpp, matrix, or even third party clients to closed silos. OAUTH isn't phishing resistant if the client logs in with that, but may be able to scope the impact. It's entirely possible I'm missing something fundamental.
Really the main benefit IMO is that it makes bad passwords not possible/effectively forces using a password manager, but then unfortunately it's hard to say the rollout is anything but a disaster.
@futurebird@secretsloth Yeah, my second thought was how it could be done without, but that's much more difficult and still less effective at directly answering the question without some guessing. Still, not a huge fan.
My current best idea is to have a maze between two areas they care about with a straight section in the middle of the correct path. The straight section can be swapped out with a longer connecting piece, so the correct turns don't change but the distance does, and seeing if that causes any observable hesitation.
