scsi

@scsi@lemm.ee

• ⁨Comment⁩ on ⁨Cannot load additional pages in Jerboa⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:

  “How long are you willing to wait for the page load” seems to be the intersection; I have the same problems (Jerboa and webUI) and frequently just give up waiting on the webUI. My guess is that the internal Jerboa timeout-wait triggers quicker than a human waiting, so they’re one in the same problem.

  I received a 504 gateway error this morning trying to load lemm.ee front page too, the status.lemm.ee page says everything is OK but… well, shenanigans. Strange things afoot at the Circle-K.

• ⁨Comment⁩ on ⁨How screwed would one be if their email provider shuts down?⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:

  If you have access to some sort of basic Linux system (cloud server, local server whatever works for you) you can run a program on a timer such as isync.sourceforge.io (Debian package: isync) which reads email from one source and clones it to another. Be careful and run it in a security context that meets your needs (I use a local laptop w/encryption at home that runs headless 24/7, think raspberry Pi mode).

  This includes IMAP (1) -> IMAP (2) as well as IMAP -> Local and so on; as with any app you’ll need to spend a bit learning how to build the optimum config file for your needs, but once you get it going it’s truly a “set and forget” little widget. Use an on-fail service like healthchecks.io in your wrapper script to get notified on error, then go about your life.

• ⁨Comment⁩ on ⁨Seeking feedback: how should lemm.ee move forward with external images? (related to frequent broken images)⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:

  Option 3

  Reasoning:

  • Upside 2: 100% best for lemm.ee health; lowest legal risk, lower cost to run.
  • Downside 1: I think it comes down to what lemm.ee is trying to provide as a user experience; in my use and expectation, it’s not for masking my IP, making me anonymous or similar. It’s for reading and interacting with people, looking at memes and reading lots of news stories. I have no expectation my IP is masked from remote sites - I open all external news links in a Private tab anyways (to stop cookies and other junk) so they’re already getting my IP anyway. “why should images be any different, really?” There are other lemmy instances out there catering to extreme privacy.
  • Downside 2: this could be, should be, whatever handles by better page loading threading in the code; the content surrounding an image is just HTML, the load of the image is a secondary task. If the rendering of the view of the page is reliant upon 200 OK image loads, that feels like a deficiency in design and it needs to be async threaded to “lazy load” and not block.

  At a high level, many other solutions - Mastodon, even Nostr webapps and phone apps which is all about being anonymous for some folks - do direct content load from the source and do not proxy loading. The switch back to option 3 falls in line with what every other generic service/solution does in the social web space.

• ⁨Comment⁩ on ⁨What is a passkey, in practice? Is it a file? A token? Can I keep it in an USB drive? How can I save it in case of device loss?⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:

  To try and bake down the complex answers, if you are basically familiar with PGP or SSH keys the concept of a Passkey is sort of in the same ballpark. But instead of using the same SSH keypair more than once, Passkeys create a new keypair for every use (website) and possibly every device (e.g. 2 phones using 1 website may create 2 sets of keypars, one on each device) - and additionally embeds the username (making it “one-click login”):

  • creating a passkey is the client and server establishing a ring of trust (“challenge”) and then generating a public and private pair of keys (think ssh-keygen …)
  • embedded in the keypair is the user ID/username and credential ID, which sort of maps to the three fields of a SSH keypair (encryption type, key, userid optional in SSH keys) but not really, think concept not details
  • when using a passkey, the server sends the client a “challenge”, the client prompts the user to unlock the private key (device PIN, biometric, Bitwarden master password, etc.)
  • the “challenge” (think crypto math puzzle) is signed with the private key and returned to the server along with the username and credential ID
  • the server, who has stored the public key, looks it up using the username + credential ID, then verifies the signature somewhat like SSH or PGP does
  • like SSH or PGP, this means the private key never leaves the device/etc. being used by the client and is used to only sign the crypto math puzzle challenge

  The client private key is stored hopefully in a secure part of the phone/laptop (“enclave” or TPM hardware module) which locks it to that device; using a portable password manager instead such as Bitwarden is attractive since the private keys are stored in BW’s data (so can be synced across devices, backed up, etc.)

  They use the phrase “replay” a lot to mean that sending the same password to a website is vulnerable to it being intercepted and used n+1 times (hacker); in the keypair model this doesn’t happen because each “challenge” is a unique crypto math puzzle generated dynamically every use, like TOTP/2FA but “better” because there’s no simple hash seed (TOTP/2FA use a constant seed saved by the client but it’s not as robust crypto).

• ⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

  As a sort of historical side comment regarding your concern about misinformation - “how much does it cost to register one?” has been the litmus test to use for a long time (I’m of an age). More specific to .info, it was one of the very first “new” TLDs introduced in 2002/2003 and the owners basically gave away millions of domains for free to gain market share.[1]

  This led to a lot of scammers, hackers, malware and whatnot infecting the entire .info TLD and it was in trouble by having the entire thing blocked even around 2012, almost 10 years after introduction.[2] It was troubled with new “crackdowns” (enforcement rules) as well due to it’s overwhelming use for nefarious purposes.[3]

  Ad-hoc data from my own employment experience, in 2024 it’s still 100% blocked (like ref[2]) by corporate firewalls who leverage strict rules along with many others who had the same troubled history (.xyz to name one) and the whole list of “free” domains. However, .info now generally costs $20 USD/yr (with many places offering first year discount for less than $5 USD) so I think it’s trying to turn itself around.

  Point being, “unrestricted” TLDs which are super cheap have had the historical tendency to attract scammers, phishers, malware and other nefarious entities because the cost of doing business at scale (these guys register hundreds of domains to churn through for short periods of time - “keep moving, don’t get caught” i.e.). Having lived through this whole saga, I open all TLDs I know to be cheap/free in private/incognito tabs and treat them with suspicion at first.

  • [1] dnjournal.com/columns/50million.htm
  • [2] …com.au/…/parliament-quietly-blocks-info-domains-…
  • [3] domainincite.com/12744-afilias-blames-security-cr…
• ⁨Comment⁩ on ⁨Good PS5 controller?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:

  I have successfully sent back a PS5 controller (the original from the box) within the 1-yr warranty; they sent me a brand new controller. You comment “every quarter”, those controllers should be under warranty. Here is the US based link to get started: repairs.playstation.com/s/request-repair?id=2&loc…

• ⁨Comment⁩ on ⁨What to do with glassware that is impossible to clean⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:

  At the quantity the OP might use, buying by the gallon might make more sense - having a look to Amazon, the popular concentrations in gallon+ sizes are 70% and 99.9% (about the same price, $25 USD/gal) - it probably makes more logistical sense to go with 70% here to reduce evaporation and increase usable liquid on these tall, thin objects (so let’s say “sloppy use” of oddly shaped hard to handle glass).

  I’ll leave my update at 70% concentration as the more economical choice - I’d presume based on their comment a soak in ZAP ($18 USD/gal) first is needed, then followed by the iso method… so it’s a little expensive no matter what for something they might not care about that much.

• ⁨Comment⁩ on ⁨What to do with glassware that is impossible to clean⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:

  There are ways to clean glass passively, it sounds like your residue is organic.

  • acetate, the pure kind you buy in a tin can at the hardware store. it will require some form of sealed container to put the glass in (acetone evaporates quickly and eats almost all organic matter) - finding a container big enough for your glass might be the hard part of this but it works (soak for days, and do not touch acetate with hands or use organic gloves - internet search for proper gloves)
  • ZAP heavy duty citrus cleaner, comes in a gallon jug. soak the glass in it for days or longer, doesn’t need a sealed container. This is the same stuff you can use to clean your sink drain and is pretty safe to handle but still, wear basic gloves just in case.
  • high-purity (like say 90%) iso alcohol with table salt as an abrasive (standard grocery store things). This is more of for the inside, where you can put in alcohol + salt and seal with your hand and vigorously shake to let the salt scrub the residue and the alcohol to eat it. Uses a lot of alcohol due to it’s evaporation, so buy a bigger jug.
  • specialty products found on 420-friendly websites or your local 420-friendly store; weed residue is a thing for bongs, bubblers, pipes and any other sort of smoking apparatus and they need cleaned and are hard to get inside; products are made to soak the glassware in to try and get the junk out. generally expensive and hit or miss on quality but they exist

  Hope this helps.

• ⁨Comment⁩ on ⁨Why is DNS often joked about in the I.T. Industry?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:

  In addition to the other comments which more directly address your question, DNS has been / can be used to exfiltrate data from “secure” networks. Search “dns data exfiltration” in your favourite search engine and you’ll get several high quality articles. Typical mitigations might be to limit which DNS servers your network can contact, restrict packet sizes to the bare minimum which valid use would have and so forth.

• ⁨Comment⁩ on ⁨US Email Providers - Other then Google, MS, Apple, ...⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:

  To your multiple IMAP concept, I have been using isync / mbsync (name change, package isync in Debian) for years running via cron script to pull email from one domain at one provider and push it to a subfolder of another domain at another provider. You have to be aware of one specific gotcha but it’s otherwise been working all by itself forever without issues. Take note of the PipeLineDepth 1 for IMAP service providers which throttle your speed, I have to use it on the destination side provider config.

• ⁨Comment⁩ on ⁨US Email Providers - Other then Google, MS, Apple, ...⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:

  Two tips having worked in the corporate world (strict controls):

  • Create a basic non-spam web page for it that has something that doesn’t look like SEO garbage or whatever. Nothing more than “hey this is a personal domain of the flatbield family” is fine, maybe a link to something (links enhance rep - put a picture of your dog up or link to a wikipedia article or something) and let it rest for at least 30 days. The 3rd party filtering services used by corporate players severely limit, block or distrust a domain newer than 30 days (or longer, depending). Set up a SSL cert on it for another +1 to it’s rep value, HTTPS is looked at by these services and ensure the CA record is in your DNS for that SSL issuer.

  • Ensure you use the Providers’ setup for DKIM, SPF and so forth (many like Fastmail have a DNS-check wizard to get you all set up) as many modern providers will instantly downvote you if anything is missing or wrong with these controls (I’ve heard GMail and O365 particularly). In 2024 these are a must-have, not a nice-to-have, for getting your email received by anyone and everyone.

  If you chose a domain at a TLD which has/had been used by the bad buys (dot-xyz, info, zip, etc.) you may wish to reconsider - there are TLDs which are wholescale blocked or downvoted in rep based on this (by the same services used above). Ensure someone working at a bank (strict egress controls for their employees) can visit your domain as a good litmus test as to it’s validity for use in email reputation.

  A company such as Fastmail spends a lot of time ensuring their IP address space for sending and receiving mail is clean - getting spammers off their service, getting IP rep cleaned off blacklists and so forth. So your task is to focus on the same thing for your domain - if someone had previously owned the name they could have gotten it on blacklists long ago, a handy way to check old history is looking it up at web.archive.org for captured snapshots (and I’ve walked away from domain names because of this once I discovered previous content I didn’t like).

• ⁨Comment⁩ on ⁨US Email Providers - Other then Google, MS, Apple, ...⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:

  Fastmail has one feature many others lack (which is hard to research unless you want/need it and have go down the rabbit hole) - scope limited login tokens for specific uses. Specifically, you can set up one for “read only IMAP” (to archive emails using scripts etc.), “SMTP only” (to send emails from scripts like backup reports etc.) and so forth. Many,if not most, other providers either don’t have it, ir if they do it’s very limited like one token only with no scope control. $0.02 hth

• ⁨Comment⁩ on ⁨Trying to use PayPal to do a Ko-fi donation...⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

  Might I recommend liberapay.com ? As a user, I can donate with PayPal and they minimize vendor fees by collecting up front from me and performing recurring donations to you (lemm.ee) and it allows me to retain personal privacy if so desired (per the other reply). Here is the core Lemmy developer using the platform for example: liberapay.com/dessalines/ | liberapay.com/Lemmy/

• ⁨Comment⁩ on ⁨Thumbnail Preview Links Broken?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:

  On my Subscribed view on lemm.ee sorted by Hot which very recently upgraded lemmy-ui to 0.19.4 (your lemmy.sdf.org instance has not upgraded yet, just checked), of 14x news items/links which should have thumbnails - 8x of them are broken/missing, just over 50%.

• ⁨Comment⁩ on ⁨Thumbnail Preview Links Broken?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:

  It’s possible what you are seeing is more visible than before due to issue #2433 which is:

  When images are broken, a blank space is all that is shown. A fallback image for broken images would make this more apparent.

  With the 0.19.4 update I notice it a lot more now and see a lot from apnews.com causing this, on my Subscribed view with news@lemmy.world and world@lemmy.world (and others) this morning I count:

  • 3x missing from apnews.com
  • 2x missing from www.theguardian.com
  • 1x missing from www.aljazeera.com
  • 2x “link-icon only” to www.reuters.com

  Sites that are fine: www.cnbc.com, www.nbcnews.com, www.bbc.com, www.cbsnews.com, newrepublic.com and a bunch of fediverse instances and other “not mainstream” sites from around the internet. it would appear that whatever has changed in code is interacting badly with certain mainstream news sites and the ability to get a thumbnail - I browsed the lemmy-ui commits and a metric ton of 3rd party dependencies were updated, gave up looking for the cause.