Then change the title of the post to something open-ended like “How vulnerable is Lemmy to DDOS attacks?”. Taking out a major node which hosts many key communities is going to have an adverse impact.

Jimmy clearly ripped off my website. His website even has my name in the contact information at the bottom! The gall of some people…

It looks really good, just like one I set up recently myself…

The TOTP feature in Bitwarden works, if you paste in the whole otpauth:// URI to Bitwarden’s Authenticator Key (TOTP) field. The URL specifies that the hashing algorithm should be SHA256. If you just import the secret= value into Authy, it probably defaults to using the SHA-1 algorithm, which may be why the codes generated by Authy don’t work.

SHA256 is more secure than SHA-1, which I guess is why Lemmy has chosen to use it for its 2FA feature.

It would have to be Gödel’s Incompleteness Theorem. Such a beautiful proof that shakes mathematics to its core.

The science communicator Veritasium made a nice video about it: https://youtu.be/HeQX2HjkcNo

I first learned about it in Douglas Hofstaedter’s masterpiece Gödel Escher Bach: An Eternal Golden Braid

Ah, the nouveau “landed gentry” has arrived… :-)

just goes to show: size is relative :-)

When I compiled that program, the executable was around 10MB. I wrote the same program in C, and the executable was 15kB. That’s about 3 orders of magnitude difference. Is Rust really 1000 times better than C? :-)

Very good. I think a feature where a user can revoke all their cookie sessions is still worthwhile, and maybe I’ll look at raising a feature request for that, but it is good to know that cookies stolen during the recent hack have already been addressed.

It seems there is no way in Lemmy to invalidate all your session cookies? Without that, how can you secure an account which has a stolen session cookie?

Makes sense. Clearly it was TL;DW for me :-)

what, no Obtanium?

Presumably they mean that the CPU resources are over-provisioned, meaning that the virtual CPUs allocated to VMs have to share a smaller pool of physical CPUs. If the VMs have a lot of idle time, this can work well, but if your VM suddenly needs more CPU, the processes on your VM might need to wait for a physical CPU, as physical CPU cycles that would normally be available to you have been “stolen away” by processes running on other VMs.

Well, corporations don’t care about your data, they only care about protecting your own :-D Having a separate phone for work stuff is just generally good practice anyway.

InTune is mobile device management that allows a company to enforce policies on your phone such as pin code length/screen locking policies, and ability to remotely wipe your phone. Since these privacy ROMs are about giving control back to the user, I suspect that there will be problems with MDM enforcement software like InTune. I no longer work for a company that uses that software though, so no chance to test it out.

Aurora is still working. Google was doing things like rate-limiting and shutting down the accounts used by Aurora for anonymised downloads. You can create your own google account and use that with Aurora. That way, if Google decides to shut down that throw-away account for some reason, the main Google account won’t be affected (there was some information floating around that google had been deactivating accounts found to be used with Aurora).

The guy at the centre of much of this drama has stepped back, and is letting the GrapheneOS foundation take the lead. While Daniel clearly has some challenges in the people skills department, I think Louis may have over-reacted a little in his video when he claimed that Daniel might at some point act in bad faith.

If I had more time, I would have written a shorter comment…