Since 2020, OpenSSH has supported using widely-available FIDO2 security tokens as the basis for private-key based authentication. This is supported by the popular Git forges (GitHub, Forĝejo/Codeberg, etc.). Hardware-based keys have several desirable security properties not shared by private key files: they can't be copied, and they can be configured to require a PIN and a physical touch in order to authenticate. It's possible to configure Git to require these steps only when pushing (ie: not increasing the friction of clone/fetch/pull). Many people are still using file/software-based SSH keys because they don't know how easy it is to set this up. An introduction.

Kids love music, and love making music. Sheet music is hard for kids to read. Chromatic is a small hobby project for printing out music in a colorful simplified kid-friendly notation which pairs nicely with widely-available stickers that you can stick to many instruments.

GitHub is proprietary software. I attended an excellent talk at FOSDEM this year from the Software Freedom Conservancy crew about how we should all be using free alternatives, which started me down the path of exploring Forĝejo and Codeberg as potential platforms for developing the Cockpit project (my day job). Chromatic was an ideal test project. It was already a couple of weeks old when I attended FOSDEM, but on the train ride home, I made the "Initial commit" and pushed it to Codeberg.

This is a story about music, math, colour theory, and rediscovering the importance of using Free software to create Free Software. We'll briefly explore Codeberg and Forĝejo, and their feature set compared to GitHub.