Contact e-mail address no longer makes sense

[tobiasvl]

This (from https://gbdev.io/gb-asm-tutorial/help-feedback.html) no longer makes sense with the new domain:

If you prefer email, my address is tutorial@, where you replace with this website’s domain name (it ends with .fr).

[avivace]

Related to https://github.com/gbdev/gb-asm-tutorial/issues/18

[ISSOtm]

Should we keep the contact email under my domain, or set up something under @gbdev.io? I don't know whether we currently have a mail server for that domain?

[tobiasvl]

Perhaps an e-mail address isn't really required as an alternative for contacting the authors of the tutorial anymore?

[pinobatch]

Email is required if a user does not have a GitHub account. As of second quarter 2023, signing up for GitHub requires three things: an email address, a web browser capable of running the non-free CAPTCHA, and a supported second factor of authentication. The last of these involves owning a FIDO U2F key such as YubiKey ($50) or a phone or tablet capable of running a TOTP authenticator app (maybe about $100 at a pawn shop). See "Raising the bar for software security: GitHub 2FA begins March 13".

[tobiasvl]

Email is required if a user does not have a GitHub account

Or a Discord, IRC or Matrix account. The chat channels are mentioned at the top of the same page.

a supported second factor of authentication [which] involves owning a FIDO U2F key such as YubiKey ($50) or a phone or tablet capable of running a TOTP authenticator app (maybe about $100 at a pawn shop).

SMS is still a supported 2FA method. I can also use my laptop for 2FA with Windows Hello (Face ID or PIN), but that obviously requires Windows; I assume other OSs have similar capabilities?

[aaaaaa123456789]

oathtool on Linux is perfectly capable of generating TOTP codes. But I'm going to predict @pinobatch will now say it requires a computer!

[tobiasvl]

To be clear, I'm not against still supporting e-mail, but that either requires setting up a new e-mail address (which someone also needs to monitor) or, at the very least, adding @ISSOtm's actual e-mail address to the page so it can continue to be used (since it's mildly obfuscated in its current form, and is no longer compatible with the new URL, as it refers to the old one). Currently nobody can use e-mail to contact the authors unless they can figure out where the tutorial used to be hosted.

[pinobatch]

@tobiasvl IRC or Matrix can work so long as Discord users tolerate reports in the bridged channel.

As for SMS, in my experience, it's not available on landlines because most SMS auth providers won't fall back to a text-to-speech over a voice call. Nor is it available in countries not on a list that happens not to include Argentina. I haven't tested to see whether two people in a household who share a cell phone can use SMS.

@aaaaaa123456789 I wasn't aware of oathtool.

[aaaaaa123456789]

TOTP is a rather simple standard protocol and you could implement your own tool if it came to that.

[pinobatch]

Now we have three questions.

• Do we want to update the email address?
  I see three ways forward: change how ISSOtm's address is presented, give someone an email address at gbdev.io, or drop email and rely on GitHub and chat.
• Do we want to encourage use of chat as one means of reporting problems?
  Probably yes.
• Do we want to link to a guide for signing up on GitHub?
  Wait and see. Once the 2FA requirement goes into effect for all accounts near the end of 2023, if onboarding failure ends up inconveniencing many users, I would expect the IT news media to report on this.

[avivace]

I will create an address @gbdev.io