cron

@cron@feddit.org

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Decreasing Certificate Lifetimes to 45 Days⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
The maintainers of the big web browsers have pretty strict rules for CAs in this list. If any one of them gets caught issuing only one certificate maliciously, they are out of business.

And all CAs are required to publish each certificate in multiple public, cryptographically signed ledgers.

Sure, there is a history of CAs issuing certificates to people that shouldn’t have them (e.g. for espionage), but that is almost impossible now.
⁨Comment⁩ on ⁨Decreasing Certificate Lifetimes to 45 Days⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
For 3 more months or so, you can’t buy them in april 2026 anymore
⁨Comment⁩ on ⁨Decreasing Certificate Lifetimes to 45 Days⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Short lifespans are also great when domains change their owner. With a 3 year lifespan, the old owner could possibly still read traffic for a few more years.

When the lifespan ist just 30-90 days, that risk is significatly reduced.
⁨Comment⁩ on ⁨Decreasing Certificate Lifetimes to 45 Days⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
No, these are completely separate issues.
- CRL: protect against certificates that have their private key compromised
- CT: protect against incompetent or malicious Certificate Authorities.
This is just one example why we have certificate transparency. Revocation wouldn’t be useful if it isn’t even known which certificates need revocation.

The National Informatics Centre (NIC) of India, a subordinate CA of the Indian Controller of Certifying Authorities (India CCA), issues rogue certificates for Google and Yahoo domains. NIC claims that their issuance process was compromised and that only four certificates were misissued. However, Google is aware of misissued certificates not reported by NIC, so it can only be assumed that the scope of the breach is unknown.

Source
⁨Comment⁩ on ⁨Decreasing Certificate Lifetimes to 45 Days⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
There are some nameserver providers that have an API.

When you register a domain, you can choose which nameserver you like. There are nameservers that work with certbot, choose one that does.
⁨Comment⁩ on ⁨Decreasing Certificate Lifetimes to 45 Days⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
The only disadvantage I see is that all my personal subdomains (e.g. immich.name.com and jellyfin) are forever stored in a public location. I wouldn’t call it a privacy nightmare, yet it isn’t optimal.

There are two workarounds:
- do not use public certificates
- use wildcard certificates only
⁨Comment⁩ on ⁨Decreasing Certificate Lifetimes to 45 Days⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
The best approach for securing our CA system is the “certificate transparency log”. All issued certificates must be stored in separate, public location. Browsers do not accept certificates that are not there.

This makes it impossible for malicious actors to silently create certificates. They would leave traces.
⁨Comment⁩ on ⁨⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
The “accepted anwer” feature seems very nice, i would love to see this implemented in other fediverse projects too.
⁨Comment⁩ on ⁨Rustdesk's lesser known features⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I think its a completely different use case. MobaXterm is a fancy ssh/rdp tool with some extra features, while rustdesk is an alternative to teamviewer or anydesk - tools for remote support.

Disclaimer: I haven’t used rustdesk yet, I have no need for this use case.
⁨Comment⁩ on ⁨Set desktop mode screen resolution⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Didn’t help. Still thanks
⁨Comment⁩ on ⁨Set desktop mode screen resolution⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Thank you. I found the option now with your help, but it doesn’t allow any change. The field is just greyed out.
Set desktop mode screen resolution
Submitted ⁨⁨1⁩ ⁨week⁩ ago⁩ to ⁨askandroid@lemdro.id⁩ | ⁨5⁩ ⁨comments⁩
⁨Comment⁩ on ⁨Should I replace NPM?⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Yes, that is exactly what I meant.
⁨Comment⁩ on ⁨Should I replace NPM?⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Personally, I would try to avoid publishing nginx proxy manager’s management web ui to the general public.
⁨Comment⁩ on ⁨Should I replace NPM?⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Please don’t confuse the nginx proxy manager (npm) with the node.js packet manager (npm). The latter is frequently in the news regarding security vulnerabilities.
⁨Comment⁩ on ⁨fireTv⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
There is no content in this post.

@taher12@lemdro.id I see this is your first post, welcome here :) If you need help, feel free to ask.
⁨Comment⁩ on ⁨Which operating system should I choose?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
For selfhosting, I would advise against installing a desktop environment and rather suggest to install a server version without GUI.
⁨Comment⁩ on ⁨Why would I buy this?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
True. According to protondb, it is not possible to even start the game.
⁨Comment⁩ on ⁨Why would I buy this?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Take a look at the reviews, and find this insanity on the top:

need to be connected to online services even when you just want to play singleplayer campaign, and keep getting connection errors.

Thanks, I’m out.
⁨Comment⁩ on ⁨VoidAuth Release v1.4.0 - SQLite Support 🗃️⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Does anyone know any important difference between voidauth and authentik? The latter seems to be a far more mature product, but the feature set looks similar.
⁨Comment⁩ on ⁨Immich mobile app sync V2⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
I don’t think this feature is live yet, looks like it still needs some internal refinement. At least nothing like this was mentioned in the last few changelogs.
⁨Comment⁩ on ⁨We Built It, Then We Freed It: Telemetry Harbor Goes Open Source⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
It has a grafana integration, so it probably doesn’t include dashboards natively.
⁨Comment⁩ on ⁨Where is Immich going to be in 1 year? What's your prediction?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I would add file types to the list. JPEG is easy to rotate, but what about other image filetypes, images with embedded video, different video file formats etc.
⁨Comment⁩ on ⁨Where is Immich going to be in 1 year? What's your prediction?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I disagree.

Yes, there is some editing capability in the app, but it doesn’t edit the image, it stores a new file in your local (non-immich) gallery. As I don’t sync this particular folder on my phone, I had to reupload it - and now have this image twice in immich, and one version with the wrong timestamp (now).

That’s barely any more helpful than downloading the image and editing it with another app.
⁨Comment⁩ on ⁨Where is Immich going to be in 1 year? What's your prediction?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I know nothing avout coding, but its probably not trivial in a project the size of immich to add “one simple one-liner”.

Think of the Web UI, the mobile apps, the internal API, the filesystem handling, preview generation etc.

I’m sure it can be done, but it probably takes a couple of days.
⁨Comment⁩ on ⁨Where is Immich going to be in 1 year? What's your prediction?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Just an idea: Maybe a simple photo editor would fit in nicely? Crop, rotate and adjust the colors/brightness/contrast.

And … please let me rotate videos that are accidentally 90 degrees off.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I’ve run caddy and traefik. Personally, I prefer caddy, but both are likely completely fine for your use case.

Traefik has the advantage that it can be configured with docker compose files, while caddy needs its Caddyfile as a seperate configuration.
⁨Comment⁩ on ⁨What a shocker!⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Maybe spending 600 bucks on microtransactions?
⁨Comment⁩ on ⁨My first post ever – life in a tent⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Welcome here! Lemmy has lots of different communities, you will surely find some content you like.
⁨Comment⁩ on ⁨how do i federate and see upvotes and comments on community posts?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Old content is not (fully) synced - you will get new posts, comments and votes.