Category Archives: Internet

Anything related to the Internet. Yes, that’s going to be a lot of stuff.

Enabling a U2F security key on Github with Firefox (even if Github tries to stop you)

So, there’s this cool thing called U2F, for Universal 2nd Factor, a dead simple second authentication method in the form of a physical token (I’m using a Yubikey Neo, but that’s not specially relevant to we’ll be talking about here as it should apply to any security key).

By Tony Webster from Minneapolis, Minnesota, United States – Hardware Authentication Security Keys (Yubico Yubikey 4 and Feitian MultiPass FIDO), CC BY 2.0,

To put in simpler term: with U2F to log in to a website you need the password and a physical doodad plugged in the computer. No doodad, no access. Sorry evildoers.

The idea being that while it’s possible to steal credentials (login and password), if you need also a physical thing, then just the credentials on their own are not useful.

With “we run a super advanced global scale Internet infrastructure” Facebook storing hundreds of millions of credentials in the clear (good job Facebook, really), it makes sense to use something that can’t just be stolen over the Internet.

I mean, you wouldn’t download a car, right?

So enabling U2F wherever you can is a good idea (as is having multiple physical security keys, as you will lose one or have it stolen).

Just show me how and stop blabbering

Fair enough. Let’s look at how to enable U2F security keys on Github in April 2019.

First of all, you’ll need to go to your Github account’s security settings and enable Two Factor Authentication (or 2FA as we cool kids call it, yo.). Github currently forces you to enable another 2FA method first, either SMS (erk) or TOTP (yes), so you’ll have to do that first. (Hint: you can use decent, FOSS apps to do TOTP on your phone).

Unfortunately for us, U2F is not enabled by default in current versions of Firefox (66.0.1 as i write this).

Luckily, it’s very simple to enable however, visiting `about:config`, searching for “U2F” and toggling “Security.webauth.U2F” to “true” is enough.

More disheartening is the fact that even with this setting enabled, Github won’t let you add a key to your account, insisting instead that you “update to the latest version of Google Chrome”.

Not going to do that.

Instead, you can simply use Firefox’s developer tools to unhide the button that lets you add a security key.

To do so, open the Developer Tools (hitting F12 will do nicely) and in the Inspector, search html for “new-u2f-registration”. You should find a div element with a CSS display set to “none”, as shown in the CSS viewer (located to the bottom or to the right of the main inspector pane, depending on if your dev tools ar docked to the right or to the right, respectively).
Then, just untick the box next too “display: none;” and the “Register new device” button will appear.

The following screenshot might help:

Unhiding the Register new device button using Firefox’s Dev Tools

After that, everything works as you’d expect: you click the button, plug your key in, touch its button if it has one, give it a name to recognise with on Github, and you’re done.

Good, one less website to authenticate to without 2FA.

I tried Netflix for two months. Then I cancelled.

Even though I have some strong reservations about Netflix’s model¹,  I thought I should give it a go and test it, as most of my friends use it.

It also happened that my Kodi box was messed up and it was taking me too long to get my act together and re-install it, so this was a good occasion to try Netflix.

What I find was a service that was quite far from my expectations. And on the whole, not very enjoyable.

Continue reading I tried Netflix for two months. Then I cancelled.

A modern & private chat system (XMPP with Prosody and Conversations)

Here is a(n unfinished) recipe for a modern chat server using XMPP (which you may recall I like). It needs polishing but I’m publishing it right now to make sure it can start being useful to anyone who needs it.  I hope there are no glaring security mistakes, please let me know if you see any.

What do we get?

The users will use Conversations while on the server-side we use prosody.

We will be able to get our messages on all connected devices at the same time, share pictures, audio clips and files simply and instantly, retrieve more chat history from the server and, once we go down in the metro and lose connectivity, get our messages when we regain access to the Internet.

Continue reading A modern & private chat system (XMPP with Prosody and Conversations)

Back on track

It’s 2016 and I realised I hadn’t updated this site in a long time.

So it’s back up and running, with a fresh coat of paint and an updated backend. I finally moved away from lighttpd and to nginx (after all the cool kids did, 4 years ago) and the site is now secured thanks to a Letsencrypt certificate.

It might not seem like much, but it’s nice to feel like things are moving forward.

Google Hangouts and the all but likely death of Jabber

I like Jabber¹. It’s simple. It works.
I can use to chat from my home computer, from my office computer, from my phone. Or all three at once.
I can use to chat privately by adding some end-to-end encryption (such as OTR).
I’ve used to call a friend when he was in Africa.
I use it to chat with my mum. Privately too.
I use it to chat with my friends.

Correction, I used to be able to use it to chat with my friends.
Lately, I don’t see some of them online anymore. Including some long distance friends with whom it has become an important way of staying in contact.

See, it may come as a surprise to you, but most of my friends aren’t übergeeks. In fact, most of them aren’t geeks at all.
They just use what everyone uses. And what everyone uses these days is Google, and thus Gmail.
So they have a Jabber account, which they call a Gtalk account.
I’ve tried telling them their Gtalk account is really a Jabber account, in the same way their their Gmail account is really an email account. Most of the time it didn’t stick but hey, what the hell, at least we could chat.

Now Google has decided to move all their users away from Jabber and towards Hangouts, their new instant messaging platform.

Now before we go any further, of course I understand the need for Google to clean up their multiple instant messaging apps. Of course I understand that most Gtalk users only have Gtalk users in their contact lists. And from what I understand, you can still log in to your Gtalk account, as the Gtalk service is being maintained for the foreseeable future, whatever that means.

But while, Google is selling this a an upgrade they are passing over the fact that Hangouts is really only compatible with Hangouts, and nothing else.
As if users’ Gmail accounts could only send email to other Gmail accounts.

Continue reading Google Hangouts and the all but likely death of Jabber

A year with La Quadrature du Net

It’s hard to believe I joined la Quadrature a little over a year ago.

The lack of updates on this website is a clear testament of the fact, though.

It feels as if it has been a lot longer, and some of my friends have also told me so. As one can imagine, it has been an intense ride, with many dossiers unfolding at the same time: the Net Neutrality debate, the French HADOPI law and similarly-named administration clinging on to dear life, the revision of the European IPRED directive, the dangerous and infamous ACTA agreement, and the many and ongoing attempts to control and censor the Internet.

But many positive things have also happened: positive proposals for the future of creation funding were synthesised, wonderful projects such as RespectMyNet, a citizen Net Neutrality monitoring and reporting platform, the Political Memory, or the Pi Phone came to fruition. Furthermore, many, many citizens learned of what is looming over the Internet as we know it and our freedoms in this space, and decided not only to keep track of these issues but also to act on them.

To imagine over 2.5 million people have watched a two-minute video trying to synthesise the dangers about ACTA is quite incredible, and to see how in a post-SOPA setting this translated into literally thousands of phone calls to European elected representatives  makes one realise that citizen involvement, beyond being heart-warming, is also vastly efficient.

I can hardly sum up everything I’ve learned, the insight I’ve gained into politics and policy-making at the European level, the understanding of organisations and volunteer communities, the wonderful people I’ve met and the knowledge and expertise they’ve shared with me.

But I will attempt to do so in a few posts in the near future.

Joining la Quadrature!

I’ve recently joined la Quadrature du Net as a full time campaigner.

My role will be to coordinate the community, help build citizen campaigns directing grassroots energy towards existing institutions (both French and European) and assist with fundraising and support.

It’s quite an honour to join one of the most dedicated group of people in Europe fighting for a free Internet and for the protection of civil and fundamental rights online, and I expect to learn many things and gain insight as much as I hope to be efficient in defending our freedoms.

Le Web 2010: day 2

Here is a quick summary of what happened at day 2 of Le Web 10.

A fascinating presentation by Salim Ismail of the Singularity University about the brain, how it controls stuff, what we know and especially don’t know about it.

Before that, Ariel Garten from Interaxon talked about thought controlled computing, using the brainwaves.
The presentation was insightful but felt a little too prepared and unnatural. The opposite from Dennis Crowley of Foursquare.

Talking of which, he came back for an extra Q&A and answered candidly questions from the audience.

Later during the day, it was good to see Mitchell Baker from Mozilla and Matt Mullenweg from WordPress talk and remind the participants of the importance of Free Open Source Software on the web.
I sometimes wonder if they realise most of their infrastructure runs in no small way thanks to FOSS. It seems most of the start-ups are very happy to take advantage of the Free Software offerings, but most don’t practice that approach themselves.
Save for WordPress, whose Matt had this good wording of the situation:

We are one of the only companies here today that makes a living by giving away our intellectual property.

Given the success of WordPress (it powers 10% of all websites according to them), it may have given a bit of food for thought to a few participants.

Matt Mullenweg also called people to pay more attention to the hidden social network, the vast network of loosely federated blogs that still contain more people on or around them than Facebook. If they were to actually federate, one can only imagine the result. But I’m sure some smart people are already thinking about that and working on it.

As for Mozilla, they did a very cool demonstration of an real-time animated city with video rendered on the skyscrapers, all in HTML5. And Mitchell Baker talked about how they plan to make one’s identity a bigger part of the browser. The future sure looks interesting for the web.

The day ended with possibly the best talk (and did he talk) by Kurt Vaynerchuk.

Unrelenting, unabashed, whole, he spoke before a delighted and fascinated audience about the importance of finding what really motivates you in life and follow that as a professional path. His message is a really positive one and his delivery makes it even more honest and interesting to listen to.

All in all an interesting 2 days, some interesting people, some not-so-interesting food (but maybe it’s just France that spoils us) and lots of interesting insight, be it on the web/tech start-up scene or more general perpectives.

Well worth it.

Le Web 2010: day 1

So far, most of the presentation from companies have been a little bland.
Well maybe bland is the wrong word, but not that exciting nor disruptive, which is what we’ve come to expect from web players that often skyrocketed to success.

Seeing the MySpace CEO struggle to convince the audience that they could turn around the “plane in mid-crash”, in the words of the interviewer, was a little painful. Hard to think they will manage to stay relevant, especially considering how tainted is their brand name.

TechCrunch’s Arrington was a refreshing interviewer, he pressed Facebook’s Ethan Beard on some answers and seemed unimpressed when Beard’s answers became too diplomatic.

Microsoft refused to give any real numbers on Windows Phone 7 sales, but assured us that they were planing on re-becoming a large player in the mobile landscape.

Ignite Talks (10 five minute presentations) were interesting.

  • Japanese geek culture and how not over-protecting your copyrighted content and letting people remix and re-distribute it is actually profitable.
  • Protecting kids from bad search results and bad side-effects from tech, how important it is to think about it and much harder it is becoming with the rise in mobile devices.
  • How teen entrepreneurs need to be taken more seriously by the tech community and investors. Considering how they can change things thanks to their ingenuous and not money-centred approach.
  • A fun and witty presentation by Matthias Läkens from the World Economic Forum (Davos) about Twitter Diplomacy and how World leaders (or their team at least) are becoming reachable via Twitter. Interesting graphing of who follows who and doesn’t follow others, with a little jab at the French Presidency which doesn’t follow anyone and doesn’t tweet during the summer, as everyone on the team is on holiday.

And not long ago, Marissa Mayer, VP of Google, announced a few Android evolutions (3D vectorial maps, some offline caching of maps). Arrington (again) was a better interviewer than others, but the answers were still a little too distant and PR-like.
Gingerbread is considered to have been released, the Nexus S is coming really soon (some before Xmas, a lot more in January… this is the Nexus One all over again) and Chrome OS is gearing up, but won’t really be available before sometime next year.
Also, an interesting announcement it “contextual search”. Search is changing: already 1 in 4 mobile searches are now voice searches in the US.
Contextual search takes the “don’t type to search” mantra further by searching (and finding) relevant stuff as you walk around in an unknown city, for instance.
Likely to be very popular.