Max_P

Max_P, 10 months ago

The lemmy backend doesn’t have a UI, all it talks is JSON through APIs. That’s what lemmy-ui is for, it’s the UI that goes on top. It’s also why the default setup overlays it on top of the backend: they’re meant to work together where the UI handles browser requests, but if it’s a JSON/API request then it goes to the server instead. They provide the same data in different formats on the same URLs.

Max_P, 10 months ago

You just go directly to the user’s page, and from there you can do things like ban/delete/purge.

As for communities, you can promote users to moderators via the 3 dots overflow menu once they have posted/commented on a community.

Otherwise, there just isn’t really a user management page or system. It’s a bit clunky but that’s how it works at the moment.

Max_P, 10 months ago

I’ve switched to purely gesture navigation and never looked back. Wouldn’t surprise me if they’d remove 2 button too eventually.

Never understood 2 button navigation, it’s just a lot of wasted space for just 2 buttons. Gimme 3-4-5 buttons to do useful stuff if you’re gonna use the space.

Max_P, 10 months ago

I also find the back gesture to be surprisingly convenient. It’s easier to reach, in part because you can reach it from anywhere on either side of the screen. And the gestures from the bottom lets you go back/forward an app, home and also all of the recent apps. And also assistant or an app of your choice by swiping from the bottom corners.

Plus, on top of that, on LineageOS you can also bind a custom action for a second stage for the back gesture if you swipe it further away, like kill app or go back to the previous app. And left/right side from the top for notifications/quick settings, and swipe at the top for brightness.

Zero pixels used for what, 9 different actions? It’s pretty sweet!

Max_P, 10 months ago

I still don’t understand why OEMs are so slow to release updates when LineageOS can ship weekly builds that are more stable than stock ROMs, other than pure negligence.

People claim QA and carrier QA and such, but when it’s a security patch to some core Android thing, you really only need to review it once and just rebuild everything and skip the QA on it. Or, you know, don’t release 50 devices every year.

Max_P, 10 months ago

Patch updates really should be auto install by default for those users (but still let users opt out manually through settings if they want). Probably on home WiFi and while charging, just like Google Play does by default.

With A/B devices, there’s no reason not to. It’s completely invisible to the user, and takes effect next time they reboot or run out of battery. Just needs maybe a single notification when it’s all done to tell the user to reboot when it’s convenient for them, or reboot overnight when the device is idle and charging. Completely transparent.

Max_P, 10 months ago

You are correct, it’s how it works right now. So it’s easier on bigger instances right now to search for communities because someone already searched it and subscribed to it, which makes it available for everyone else.

Best way to search communities right now seems to be through lemmyverse.net.

Max_P, 10 months ago

Instances with public domain names could successfully federate with onion instances, as long as it’s capable of accessing both networks.

Onion instance talks to the public instance through an exit node, public instance can reach back to the onion instances through its hidden service.

But that doesn’t remove the requirement that both ends needs to be on the Tor network, but at least one end doesn’t have to have an onion address. And obviously, the onion instance will have limited ability to interact with non-Tor-enabled instances, and one of them being public renders the usage of Tor somewhat moot.

Max_P, 10 months ago

It works out of the box and completely painlessly with The Lounge.

It web based so some might not be a fan, but for mobile use it’s pretty great. Just install as PWA on Android or iOS and it’s pretty seamless.

Max_P, 10 months ago

It’s an IRC client, so yes everything is plain text. IRC is a very basic protocol, no encryption or anything other than TLS for your connection to the server.

Max_P, 10 months ago

They claim it’s to prevent bots, but we all know it’ll soon become standard in every WAF out there (Cloudflare, Akamai, etc) to just blanket block browsers failing attestation.

All you need to know what will happen is to root an Android phone. You’d expect Netflix and bank apps and other highly sensitive apps to stop working. Okay, I can accept that, it kind of make sense. But the more you use the phone the more you realize a ton of apps also refuse to work. Zoom complains and marks your session as insecure, the Speedtest app refuses to test your speed, even the fucking weather app won’t give you weather anymore. Jira/Confluence/Outlook/Teams also complain about it. It’s ridiculous.

Even if it’d trust Google to not misuse the feature and genuinely use it to reduce ad fraud, the problem is the rest of the developers and companies. Those, they absolutely cannot be trusted to not abuse the feature to block everyone. Security “consultants” will start mandating its use to pass security audits, government websites will absolute use it, and before you know it, half the web refuses to work unless you use Chrome, Edge or Safari.

Max_P, 10 months ago

It’s even worse without Google apps, but I was talking about SatetyNet/PlayIntegrity specifically.

The mere act of unlocking the bootloader, without even modifying anything, will cause all the problems I outlined, and it’s the same API that Google is proposing to use by browsers to check for device integrity.

Stuff depending on Google libraries, eh, that annoying but people can and will reimplement those, be it microG or Wine/Proton. Not being able to see the weather I literally could get just looking out the window because my bootloader is unlocked? That’s insane.

Max_P, 10 months ago

It’s a bit worse than just Google libraries, apps can use Play Integrity which uses hardware attestation to validate it’s bootloader lock status and that it’s running a vendor signed and Google approved ROM.

Current bypasses emulate older devices without the necessary hardware, but those will eventually stop working and there won’t be bypasses unless someone leaks some master keys or finds TPM exploits to trick it into signing the integrity request. It’s very bad.

Max_P, 10 months ago

It’s TPM based on Android yes from the look of it, their article mentioned the Play Integrity API. So at least on phones it can potentially require a locked bootloader running the vendor’s OS completely unmodified.

Max_P, 10 months ago

That was fast following right after the complaints blog post: jvns.ca/blog/…/why-is-dns-still-hard-to-learn/

Max_P, 10 months ago

How are you accessing Jellyfin? By its internal IP, or your public IP?

That’s weird but maybe the way you have set it up (especially if you use your public IP), it may go through the ISP’s rate limiter on the router/modem before looping back to you.

You definitely should be getting full local speed if you’re using the private IP unless your ISP’s router is configured horribly wrong.

Max_P, 10 months ago

What Matrix does is inherently pretty complicated, and from what I heard E2E is something that’s been bolted on after the fact. Managing proper safe E2E in an entire chat room is also far from a trivial task, much more than between two users.

Just like Lemmy, it mostly works great but it’s got some pain points and some UX issues, and some questionable design decisions.

For the exact reasons you’d probably need to ask a more Matrix-specific place where people familiar with the internals might be able to chime in, or determine if a bug report needs to be filed.

Max_P, 10 months ago

Where is that DHCP server? Are you sure they get actual DHCP leases?

Typically Docker’s internal resolution is basically just injecting the hostnames in /etc/hosts, but Docker also supports macvlan and macvtap networks too which can expose a container network directly on the network.

But I think 99% of containers just use the default bridge network. I never heard of a Docker container running a DHCP client, most containers run the app process directly and don’t do a full boot.

Max_P, 11 months ago

The author is basically going like “I registered an E-Mail address and used my usual username. I don’t know which provider I picked, I just picked one in the middle of a list. People can’t seem to find me with just my username! It’s too complicated!”

Max_P, 11 months ago

Thunder doesn’t support uploading images yet it seems.

Max_P, 11 months ago

That’s essentially an extremely subjective question. Arch is well-liked but not for everyone.

When you boot up the ArchLinux ISO to install it, what you get on the screen is:

<span style="color:#323232;">root@archiso ~ #
</span>

That’s it. It doesn’t ask you what language you want to speak or which keyboard layout you want to use. You get a zsh shell, and that’s it. Go figure out what you want to install, how you want to install it, where you want to install it to. That’s how basically all of Arch works: if you install something, it comes barebones with sometimes the default starting configuration shipped by whoever made the software and nothing else.

To me, that’s what makes Arch so good compared to something like Linux Mint: I’m an advanced user, I don’t want training wheels, and I want to build my system entirely from scratch, with only what I want on it installed and running. And it comes with excellent documentation, is a rolling release (meaning, you get the latest version of everything fairly quickly). Since Arch pretty much only ships packages for you to install, it’s not nearly as important to make sure that they work and there isn’t any incompatibility with other packages. Oh the newer version of X doesn’t work with Y anymore? Too bad, go figure out how to downgrade it or figure out a workaround.

Is this useful to you, a beginner? It depends. If you want to go into the deep ends and learn everything about how a Linux system is built and works, sure, it’s going to be great for that. Lots of people do that and love it! If you’re coming from Windows, all you’re used to is clicking next next finish, and you like things to just work out of the box, eehh, probably not great for you.

---

Distributions like Linux Mint does a lot of the work for you: first of all, it has a graphical installer. It boots up and asks you about your language, your keyboard, where you want to install it. And it installs a system that’s ready to be used out of the box. When you install Linux Mint, you get a desktop, a web browser, you get drivers configured for you. It detects what’s the best graphics drivers and prompts you to install them automatically.

Most distributions, especially Debian/Ubuntu derived ones, are all about providing a curated experience. It comes with a whole bunch of stuff installed and configured to reasonable defaults. Need to print something? Yeah it comes with printer support by default, just plug in your printer and it’ll configure it for you. Some distributions even comes with Steam and Discord and everything needed to game ready to go right out of the box. Log in and play.

To provide such a reliable and out of the box experience, these distributions typically work with a release cycle, or delay updates to have time to properly test them out and make sure they work correctly before they ship it out to users. This means you may be a few versions behind on your desktop environment, but you also get the assurance you won’t update and your desktop doesn’t work anymore.

---

I personally picked Arch a long time ago because I’m fundamentally a tinkerer, I want the newest version of everything even if it means breaking things temporarily, and I do kind of whacky things overall. One day my laptop is there for working and browsing the web, another day it’s an iPXE server to install 20 other computers, another day it’s a temporary router/WiFi access point, another day it’s a media center/TV box, another day it’s an Android tablet. Arch gives me the freedom to make my computer do whatever I need my computer to do at the moment, and because it doesn’t make any assumptions about what I want to do with my computer, I can easily make it do all of those things on a whim. On Linux Mint, I’d be fighting an uphill battle to tear down everything the developers spent so much time building for me and my convenience.

Max_P, 11 months ago

Not really the appropriate community for that, you may want !general or !casualconversation and most likely !autism .

Otherwise, welcome to the fediverse!

Max_P, 11 months ago

There’s been some research and basically those products are unregulated and a good amount of them have zero or negligible actual CBD in them.

Some claim like, grams of CBD and they have zero in them it’s just oil. It’s basically homeopathic CBD.

Max_P, 11 months ago

Yeah if they want to update system packages it’s where things end up in dependency hell. You want newer X, it needs newer Y, it needs newer Z and it’s a a library half the packages of the system depends on and the rest of the system goes boom.

It’s actually why I went to Arch, I need to hold back packages way more rarely than I want newer everything else.

Max_P, 11 months ago

Why not download the APK from F-Droid?

F-Droid already acts like CI and builds the app for the developer, it’s as close to an APK from the repo as you can get. F-Droid even has the tarball of what it built and the build log if you want to inspect it for transparency. You don’t even need the F-Droid app to download it.

If you don’t trust F-Droid, the next best step for you is to build it yourself. Not sure why you’d trust Codeberg to host the APK but not F-Droid.

Max_P, 11 months ago

You should be able to fastboot boot TWRP which will let you decrypt your data. The LineageOS recovery just doesn’t decrypt data nor prompt for pin/password to decrypt it.

I think you should be able to just LOS again as if it was an update from the recovery (make sure to also flash Gapps and other addons you had, as flashing from recovery does NOT preserve anything and booting without Gapps if you had them will permanently wreck some state.

I’d use TWRP to decrypt and pull out the data for safety, then you can try flashing LOS again.

Max_P, 11 months ago

Is it a powered hub? I don’t have a Deck yet, but it sounds like it might hit some power limits and disconnect USB devices as a result.

Have you tried limiting the power the CPU/GPU can use and see if the disconnects still occur?

Max_P, 11 months ago

There’s patches for QEMU that bypasses anticheats and hides the virtualization and even makes Windows’ use its own virtualization based protection.

Max_P, 11 months ago

Just my two cents as the admin of my own private instance: I’ve been on the fence about defederating lemmynsfw and other NSFW instances for a while.

People might not agree with the decision on a personal basis, but we’re all liable here as admins for any content that can be accessed from our instances, because when you browse remote communities, it’s presented from your domain and from your systems. We understand how it works and how we shouldn’t be responsible for it, but the courts might not. Try explaining the fediverse to boomer judges and a jury, especially when CSAM is potentially involved.

I can 100% understand why they’d err on the side of caution. There’s a reason there’s so few NSFW instances: it’s legal hell. Some countries are a lot more strict on that stuff too, maybe lemmynsfw has the means to deal with lawsuits and keep the sketchy stuff like loli/shota/child-looking, maybe blahaj don’t.

And that’s fine, you probably should make an account just for lemmynsfw anyway.

Max_P, 11 months ago

Wasn’t Voat super alt-right?

Max_P, 11 months ago

That’s really what’s going on.

Back in the days, people took the time it was necessary to write the software. And managers trusted the engineers to say when it’s ready or not.

Nowadays, the software world is managers going “yes we know the database’s gonna blow up over the weekend without the query optimizations, but we want to build this new feature before the end of the week. We can deal with the database when it blows up over the weekend, that’s why you guys are on-call.”

I did not make this up, I’ve actually heard this. This is why modern software is so fucked up, not because we can’t handle the complexity, because reliability and quality just isn’t prioritized at all anymore. Gotta dish out new features every day and you’re not allowed to work on fixing known critical bugs.

Max_P, 11 months ago

Yep, it’s all about selling features now and not caring about the actual product itself at all anymore. Nearsightedness took over the whole industry: boost this quarter’s metrics, heck, boost this week’s numbers above anything else.

Max_P, 11 months ago

Adding to that, all content from other instances not on the allow list posted to instances on the allowlist also gets dropped.

So both our comments wouldn’t show up on an instance that only allows lemmy.world.

Max_P, 11 months ago

From discussions on Matrix I’d say the admin seems to care, but it’s not necessarily easy to monitor and detect these users without reports.

Report report report. The admins are all pretty busy just keeping the thing going.

I don’t see reasons to defederate unless it really becomes out of hand, but that stuff can really originate from any instance.

Max_P, 11 months ago

Everyone I’ve ever met that were into polyamory did so entirely by choice, including myself. I don’t see how it’s misogynistic either, you realize all parties can have multiple partners of the entire gender spectrum right?

Max_P, 11 months ago

I would switch to certificate based SSH authentication.

All the server keys gets signed by your CA, all clients also gets signed by your CA. Everyone implicitly trust eachother though the CA and it’s as safe as regular SSH keys.

You can also sign short lived client keys if you want to make revocations easier, the servers don’t care because now all it cares is that it’s a valid cert issues by the CA, which can be done entirely offline!

HashiCorp Vault can also help managing the above, but it’s also pretty easy to do manually.

Max_P, 11 months ago

It’s such an underrated feature. It baffles me how people immediately turn to overly complicated solutions solving a problem they don’t really have to solve, just because everyone assumes the only way is the default commonly known way. Like OP, people immediately jump to the conclusion you need extra software to manage the keys, rather than using another authentication method natively supported, and keep filling their known_hosts file with junk, making the whole validation process useless because everyone just accepts whatever key the host presents.

It’s amazing how simple it is. Developer needs temporary access to debug a web server? Sure, here’s your 2h valid cert to log in as the web user on the server, don’t even need to actually log into the server to put their key in and then remove it. I mint a cert and it’s ready to go on whichever users and servers I specified in the cert. Can’t even gain persistence because regular authorized_keys is disabled and we have limited session durations.

I regularly leave people baffled at work because I come up with a clever and built-in super simple solution to something they expected to just slap more scripts and software to work around the only way they know to use the software. Read your manpages in full folks, it’ll save you so much work. Know what your software is capable of.

Max_P, 11 months ago

Does she need a GUI VM?

If not, multipass from Canonical is pretty great to spin up quick headless Ubuntu VMs on macOS.

Otherwise, UTM is definitely my second choice.

Max_P, 11 months ago

I guess also depends what they’ll be doing. She could in theory install XQuartz and run GUI apps over SSH but that might become more complicated.

If they’re gonna do networking and stuff I’d maybe also get into VirtualBox just because networking in VirtualBox is easier to deal with. UTM is kind of like using libvirt on Linux, it relies on the host to do a bunch of stuff like bridges and firewalls whereas VirtualBox just handles most of it internally and has a nicer GUI for it.

Max_P, 11 months ago

VirtualBox is tried and true and a safe bet. Not the fastest, Oracle hasn’t particularly been interested in maintaining it, but everyone knows how to use it, and you won’t run out of tutorials on how to use it.

Max_P, 11 months ago

I’m not sure that can really be considered antitrust even though it is an issue. Even if Chrome adds new features for themselves, the specs are open and there’s nothing preventing competitors from implementing them, unlike IE back in the days with ActivX applets and all the proprietary undocumented Windows-only features. Those were intentionally designed to be proprietary and hard to match by competitors. Many Chromium derivatives will also keep manifest v2 alive as well.

It would be antitrust if they made sure that you have to use Chrome for sites to work, like many sites would only work on IE back then and not even IE-compatible implementations. Google’s been pretty reasonable implementing fallbacks for their own services, everything Google works just fine on Firefox. Sometimes not optimally, but they do make an effort to at least keep it fairly compatible and they don’t do user agent tests, they do feature tests so competing browsers are never outright excluded. And nothing stopping developers from making sure everything works fine on Firefox for their own website.

And unlike IE, Chromium is open-source. Competitors can easily take Chromium and change it to their liking like Microsoft did with Edge. The engine has market share dominance sure, but there’s no locking down forcing you to use Google Chrome specifically. You can use Brave, Edge, Bromite, Opera and any other Chromium forks if you want and give nothing to Google.

Otherwise Windows is a much worse antitrust violation purely for being the most popular OS and therefore people write software mostly for Windows. Some would argue it should, and I would agree, but again there’s nobody forcing you to make your software Windows-exclusive other than laziness.

Max_P, 11 months ago

Bad applications full of security flaws can be written in basically every language.

The thing with PHP is there’s still extremely old apps that just haven’t been updated to modern standards, because PHP itself is much older and thus predates more modern JavaScript/Ruby/Python apps. Wordpress in particular hasn’t changed all that much, and insists on using a wildly outdated database layer on the name of remaining compatible with old plugins, because those plugins is what people turn to Wordpress for.

As with any app you don’t completely trust, the solution is to restrict what they can do as much as possible. Run with minimum privileges, sandbox it in a container, whatever is needed.

Max_P, 11 months ago

Automatic feature. Anything that looks like a valid domain gets autolinked

Max_P, 11 months ago

I mean, how much of those Ubuntu guides do you really need anyway? Most of them are just “install these packages” and the rest is pretty generic.

10 years on Arch and I don’t think I’ve ever ran into something so Ubuntu-specific I couldn’t make it work. If anything it’s often easier because Arch doesn’t do stupid shit that gets in your way. Absolute worst case… you can run an Ubuntu container for the oddball thing that insists on Ubuntu.

Ubuntu’s been pissing me off since like 10.10/11.04. Preserve your sanity, join the dark side.

Max_P, 11 months ago

CyanogenMod user since the 6.x days, currently running LineageOS 20.

I like my phones to work and be usable. I stayed on the stock ROM for my OnePlus 8T for 2 years and went right back to LineageOS.

Manufacturers just can’t make ROMs that work correctly without bullshit.