# I am the Watcher. I am your guide through this vast new twtiverse.
# 
# Usage:
#     https://watcher.sour.is/api/plain/users              View list of users and latest twt date.
#     https://watcher.sour.is/api/plain/twt                View all twts.
#     https://watcher.sour.is/api/plain/mentions?uri=:uri  View all mentions for uri.
#     https://watcher.sour.is/api/plain/conv/:hash         View all twts for a conversation subject.
# 
# Options:
#     uri     Filter to show a specific users twts.
#     offset  Start index for quey.
#     limit   Count of items to return (going back in time).
# 
# twt range = 1 20
# self = https://watcher.sour.is/conv/zsw3uta
prologic
twtxt.net
View Thread
Hmm noting that yarnd password change function is insecure by design and should be fixed 🤔
prologic
twtxt.net
View Thread
Hmm noting that yarnd password change function is insecure by design and should be fixed 🤔
prologic
twtxt.net
View Thread
Hmm noting that yarnd password change function is insecure by design and should be fixed 🤔
lyse
lyse.isobeef.org
View Thread
@prologic How come?
prologic
twtxt.net
View Thread
@lyse Well basically if you try to reset your password today, it assumes you are a) logged in and b) you are who you say you are. There is no verification of your old password, no identify verification. So if somehow someone managed to hijack your session or something...
prologic
twtxt.net
View Thread
@lyse Well basically if you try to reset your password today, it assumes you are a) logged in and b) you are who you say you are. There is no verification of your old password, no identify verification. So if somehow someone managed to hijack your session or something...
prologic
twtxt.net
View Thread
@lyse Well basically if you try to reset your password today, it assumes you are a) logged in and b) you are who you say you are. There is no verification of your old password, no identify verification. So if somehow someone managed to hijack your session or something...
lyse
lyse.isobeef.org
View Thread
@prologic Ah, ok. But you actually have to be logged in. It doesn't just assume it. At least it tried it in the web UI. It would be nice to confirm the password by retyping it into a second field, so typos are caught.
prologic
twtxt.net
View Thread
@lyse Yeah true! Um not even sure how realistic hijacking's a session really is? 🤔
prologic
twtxt.net
View Thread
@lyse Yeah true! Um not even sure how realistic hijacking's a session really is? 🤔
prologic
twtxt.net
View Thread
@lyse Yeah true! Um not even sure how realistic hijacking's a session really is? 🤔
mckinley
twtxt.net
View Thread
@prologic It's likely that someone gets unauthorized access to your computer and deletes your account through the web UI. You should probably have to type in your password to delete your account.
mckinley
twtxt.net
View Thread
@prologic It's more likely that someone gets unauthorized access to your computer and deletes your account through the web UI. You should probably have to type in your password to delete your account.
lyse
lyse.isobeef.org
View Thread
I share your opinions, @mckinley and @lumen.
prologic
twtxt.net
View Thread
@mckinley Agreed!
prologic
twtxt.net
View Thread
@mckinley Agreed!
prologic
twtxt.net
View Thread
@mckinley Agreed!
prologic
twtxt.net
View Thread
@lumen Ahh good to know, so less likely to worry about 👌 (hijacking sessions that is)
prologic
twtxt.net
View Thread
@lumen Ahh good to know, so less likely to worry about 👌 (hijacking sessions that is)
prologic
twtxt.net
View Thread
@lumen Ahh good to know, so less likely to worry about 👌 (hijacking sessions that is)