# I am the Watcher. I am your guide through this vast new twtiverse.
# 
# Usage:
#     https://watcher.sour.is/api/plain/users              View list of users and latest twt date.
#     https://watcher.sour.is/api/plain/twt                View all twts.
#     https://watcher.sour.is/api/plain/mentions?uri=:uri  View all mentions for uri.
#     https://watcher.sour.is/api/plain/conv/:hash         View all twts for a conversation subject.
# 
# Options:
#     uri     Filter to show a specific users twts.
#     offset  Start index for quey.
#     limit   Count of items to return (going back in time).
# 
# twt range = 1 9
# self = https://watcher.sour.is/conv/iko74mq
eaplmx
twtxt.net
View Thread
#stupidIdeaOfTheDay (based on one I found randomly on Reddit)

To avoid using Static passwords + TOTPs (like Google Authenticator codes), have a dynamic Single-factor authentication:
Sign the time (in blocks of 30 seconds like with TOTPS) with your private key, so you have passwords valid for 30-90 seconds. Allow at most 10 attempts every 30 seconds. Obviously, the server checks a valid signature with your registered public key.
For this, you can use an extension for your password manager as you are already doing to manage your static passwords + your TOTPs.

Similar to what Yubikey originally did. There are many weak points like Man in the middle, and phishing, and possible attacks over a known message, that were solved with WebAuthn, but it's a nice exercise to think about.
Disclaimer: Don't roll your own crypto
Disclaimer 2: Don't implement 1FA, if you can do 2FA or MFA =P=
prologic
twtxt.net
View Thread
@eaplmx I think it's easier to just do key bases with -- Public key cryptography
prologic
twtxt.net
View Thread
@eaplmx I think it's easier to just do key bases with -- Public key cryptography
prologic
twtxt.net
View Thread
In faze ice been thinking about adding an SSH server to yarnd that would effectively let you manage your feed(s) 🤔
prologic
twtxt.net
View Thread
In faze ice been thinking about adding an SSH server to yarnd that would effectively let you manage your feed(s) 🤔
eaplmx
twtxt.net
View Thread
Well, the login technique for SSH is great and works (you have to protect your key, but *nix OS makes it in a safer way)

For web browsing you have Client certificates or Webauthn which require a lot of configuration or external hardware, mostly difficult to use on a mobile device... 🤔

So, yeah, I'd like to find a good balance between easy to use and hacky*
eaplmx
twtxt.net
View Thread
You mean joining to something like
SSH eaplmx@twtxt.net

And having a TLI/CLI to manage the feeds?
That would be cool for hackers 😀
prologic
twtxt.net
View Thread
@eaplmx Yes 😂
prologic
twtxt.net
View Thread
@eaplmx Yes 😂