💾 Archived View for bbs.geminispace.org › u › stack › 14160 captured on 2024-05-10 at 11:24:01. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-03-21)
-=-=-=-=-=-=-
A few years back, when Microsoft took over github, i figured it was time to go. I copied all my repos to gitlab (is it any better? I don't know, it still seems i am the product...), but then I stopped short of deleting my github account. I still felt kind of attached...
And then years went by, and I kind of forgot about it. I've even created some private repos for work-in-progress projects, out of habit.
But now I am getting messages that I must enable 2FA authentication or lose control of my repos. I am really not concerned about the security of my BSD-licensed opensource code, so this is really about information collection. They want my phone number, or at least know they can buy it from google. That really eats.
I've been procrastinating, but tomorrow I will really go in and delete my stuff, I think.
Jan 21 · 4 months ago · 👍 gritty, jeang3nie, coderwx, scops, leoperbo, gamma, taichara, ed
I still use GitHub since it's the only interface to a lot of projects, but I do try to stay away from it where I can. If you find yourself wanting to keep your account, I'd suggest using Yubikeys or TOTP 2FA so you don't have to give a phone number. SMS 2FA is awful in terms of privacy, and it's not even all that secure. It's amazing to me that SMS 2FA is the only option offered by most banks.
🚀 stack [OP] · Jan 21 at 04:17:
@gamma: how does one get TOTP? And yeah, banks are ridiculous. I routinely have to use a special unsecured browser because anything remotely safe does not work with banks. And if anything goes wrong, to authenticate you they ask questions based on information publically available, according to them, like what kind of a car you've owned and what city youve lived in, multiple choice. It's really absurd.
TOTP is often listed on websites as "Google Authenticator" but it's a generic standard for generating time-based codes. There's a non-exhaustive list of clients here: https://en.wikipedia.org/wiki/Comparison_of_OTP_applications
For CLI clients there is oathtool or just search GitHub for TOTP for a number of alternatives. OTPClient is a decent one: https://github.com/paolostivanin/OTPClient
To enable it on GitHub you just set up "authenticator app" as your 2FA type.
👤 AnoikisNomads · Jan 21 at 07:25:
if you're able to selfhost a docker container, I can HIGHLY recommend gitea. i migrated anything I had on github to a gitea instance quickly and totally hassle free.
"they can buy [my phone number] from google" ... that's not a thing that happens; google doesn't sell data.
i use FreeOTP (via f-droid) on my android for 2fa on github f/e :)
I can recommend Aegis as an authenticator app. I installed it from f-droid. It's simple, looks good, and is free software. GPL-3.0 license
🚀 stack [OP] · Jan 21 at 19:39:
@Morgan: I was a bit dramatic, although what Google does with my data ('sharing' with advertisers to solicit bids on targeted ads) is akin to Bill Clinton not inhaling, or arguing over what the word 'is' is.
🚀 stack [OP] · Jan 21 at 19:59:
Thank you! I installed FreeOTP (just worked) and enabled 2FA; will continue procrastinating.
I've been avoiding 2FA because of it being called "Google Authenticator"; -- as soon as I see the dreaded name Google I stop, duck and cover.
@stack in the specific case of whether giving your phone number to google will cause it to be given to lots of other companies ... the answer is no. There are plenty of other reasonable questions to ask and reasonable reasons to not use google, of course.
I wish I did know who shared my number, spam calls are annoying. I guess it only takes one and you've lost. I bet it's probably even written in someone's TOCs that they're going to share it, and who reads those? Sigh.
🖥️ zetamacs · Jan 22 at 15:02:
@stack Have you considered sourcehut? It's ended up being my preferred software forge partly because of how fundamentally different it is in philosophy and the commitments of its founder.
It won't always be free of charge, but in my opinion it's money well-spent.
🚀 stack [OP] · Jan 22 at 18:30:
@zetanacs: Yes, I am planning to use sourcehut as I like everything I hear about it. I don't mind paying for something that works well and helps me. Better paying with cash than by selling your data and your soul to a bunch of ***holes.
🖥️ zetamacs · Jan 22 at 20:50:
@stack Amen to that.
Here's how I've been coping: https://lethallava.land/notes/9n6csntosgec6xfk