• 0 Posts
  • 29 Comments
Joined 1 year ago
Cake day: June 18th, 2023
  • DrWeevilJammer@lm.rdbt.notoChat@beehaw.orgBeehaw Update Tip: You can now enable 2FA on your beehaw account!English
    1·
    1 year ago

    Yes. Lemmy 2FA uses SHA256 TOTP digests, which are newer (and better) than the SHA1 digests used as default by most authenticator apps.

    Critically, Lemmy will not have you verify that the generated TOTP code works before locking it in, nor will it give you backup codes.

    You should check the documentation of your authenticator app to see if any changes need to be made in the app prior to adding Lemmy 2FA.

    If your app only supports SHA1, or you fail to follow your app’s procedures to add an SHA256 digest, and you add the 2FA token generated by Lemmy, you’re not getting back into that account.

    Link to GitHub issue about this

  • DrWeevilJammer@lm.rdbt.notoSelfhosted@lemmy.worldIt's a really fun time to self-host todayEnglish
    2·
    1 year ago

    The easiest way to think about docker is to consider it a type of virtual machine, like something you’d use VirtualBox for.

    So let’s say you run Windows, but want to try out Linux. You’d could install Ubuntu in a VirtualBox VM, and then install software that works on Ubuntu in that VM, and it’s separate from Windows.

    Docker is similar to this in that a docker container for a piece off software often includes an entire operating system within it, complete with all of the correct versions of drivers that the software needs to function. This is all in a sandbox/container that does not really interact with the host operating system.

    As to why this is convenient: Let’s say that you have a computer running Ubuntu natively/bare metal. It has a certain version of python installed that you need to run the applications you use. But there’s some new software you want to try that uses a later version of python that will break your other apps if you upgrade.

    The developer of that software you want to try makes a docker version available. There’s a docker-compose.yml file that specifies things like the port the application will be available on, the time zone your computer is in, the location of the docker files on dockerhub, etc. You can modify this file if you like, and when you are done, you type docker compose up -d in the terminal (in the same directory as the docker-compose.yml file).

    Docker will then read the compose file, download the required files from the repository, extract them, set up the network and the web server and configure everything else specified in the compose file. Then you open a browser, type in the address of the machine the compose file is on, followed by the port number in the compose file (ex: http://192.168.1.100:5000), and boom, there’s your software.

    You can use the new software with the newer version of python at the same time as the old stuff installed directly on your machine.

    You can leave it running all the time, or bring it down by typing docker compose down. Need to upgrade to a new version? Bring the container down, type docker compose pull, which tells docker to pull the latest version from the repository, then docker compose up -d to bring the updated version back up again.

    Portainer is just a GUI that runs docker commands “under the hood”.

  • DrWeevilJammer@lm.rdbt.notoGaming@beehaw.orgI HATE “boomer shooter”
    5·
    1 year ago

    Which probably lifted it from the 1992 movie “Army of Darkness”, starring Bruce Campbell:

    Ash: Alright you primitive screw heads, listen up. You see this?

    This…is my boomstick! It’s a twelve-gauge double barrel Remington. S-Mart’s top of line. You can find this in the sporting goods department.

    That’s right, this sweet baby was made in Grand Rapids,Michigan. Retails for about $109.95. It’s got a walnut stock, cobalt steel barrel, and hair trigger. Shop smart, shop S-Mart.

  • DrWeevilJammer@lm.rdbt.notoFree and Open Source Software@beehaw.orgPolitics of libre software
    8·
    1 year ago

    if someone changes my code and doesn’t give back, it does not harm me or injury me in any way.

    In my opinion, the point of many open source licensing models is not to protect the author, it’s to ensure that useful modifications to the code are able to be incorporated back into the original software. The licenses accomplish this by requiring those who fork/modify the original code to make their code/modifications public.

    This improves the source code and makes it better for everyone.

    You can’t take an open source project protected by a GPL license, make improvements, pretend that you did all the work yourself (i.e. not acknowledge the source project on which yours is based), and then attempt to monetize the original code + your improvement.

    For example, take Truth Social. Not understand (and/or caring) about the license attached to the Mastodon project, they forked the code, made changes, and then did not acknowledge that they did so. Mastodon had to threaten to sue before they acknowledged that they’d built their platform on open source software.

    It’s not about protection of a single developer or even a group. It’s about cooperation to build on the work of others in a fair way.

    Open source licensing is responsible for a lot of really useful things that are integral to the daily lives of billions of people. The Linux kernel alone is a massive example. Without that license, there would be no Android, or SteamDeck. Without the BSD license, they would be no OSX/macOS. Without GPL, there would be no AdBlock, no uBlock Origin, no Git, no MySQL, no Ansible, no ProtonMail, and millions of other projects. Most internet servers would probably still be running Windows.

    Most of these licenses explicitly say that you can even sell products based on the code - all you have to do is acknowledge the source project, and make your own source code public and available under the same license.

    Here’s what Linus Torvalds said about people making money from Linux back in 1993:

    The fact that others make money by selling Linux is something that I find mostly amusing, and something which does my ego no end of good. Frankly, I wouldnt want to bother personally, so if somebody else does it, it doesnt hurt me. Its also quite legal by the copyright, and so far I havent seen any major developer stand up and say he doesnt like his code being sold, so I dont see the problem.

  • DrWeevilJammer@lm.rdbt.notoTechnology@beehaw.orgAdmins, we're about to have a really bad SPAM problem when Lemmy removes captcha support in v.0.18 - You ALL have a responsibility to communicate back to lemmy devs to try to stop it.English
    12·
    1 year ago

    Someone has already submitted a PR with the changes the dev recommended. The captcha stuff is in a new db table instead of in-memory at the websocket server.

    However, from one of the devs:

    One note, is that captchas (and all signup blocking methods) being optional, it still won’t prevent people from creating bot-only instances. The only effective way being to block them, or switch to allow-only federation.

    Once people discover the lemmy-bots that have been made that can bypass the previous captcha method, it also won’t help (unless a new captcha method like the suggested ones above are implemented).

    The root of the issue seems to be that they’ve removed websockets, for the following reasons:

    Huge burden to maintain, both on the server and in lemmy-ui. Possible memory leaks. Not scalable.

    I can understand them wanting to make their lives a bit easier (see "huge burden to maintain) - Lemmy has exploded recently (see “not scalable”) and there are far bigger issues to fix, and an even larger number of bad actors (see “possible memory leaks”) who have learned about Lemmy at the same time as everyone else and want to exploit or break it.