moseschrute

@moseschrute@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Hmm this "unisex" bathroom seems biased...⁩ ⁨⁨16⁩ ⁨hours⁩ ago⁩:
Ok this is actually a great point, and I’d like to pose another question. If you’re gonna pee standing up with the lid open, what’s the optimal angle to minimize splatter? I would love to see an experiment or simulation to find the optimal angle.
⁨Comment⁩ on ⁨Hmm this "unisex" bathroom seems biased...⁩ ⁨⁨22⁩ ⁨hours⁩ ago⁩:
I have. Men with bad aim. Skill issue.

One possible fix is adding a urinal target. I’m sure you could implement a similar concept in a regular toilet.

A urinal target, sometimes known by the specific types urinal fly or urinal bee, is an image or mark placed inside a urinal to encourage users to aim in a particular place so as to avoid messes and reduce cleaning costs.
⁨Comment⁩ on ⁨Hmm this "unisex" bathroom seems biased...⁩ ⁨⁨23⁩ ⁨hours⁩ ago⁩:
This is a shit take literally. Why would I sit down to pee if I don’t have to? That’s more contact with the gross toilet.
⁨Comment⁩ on ⁨Mastodon is bringing quote posts to the fediverse⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
Yes! There would be a spec written for blocklists that could be applied to Lemmy or PoeFed. You can quickly toggle on/off a blocklist. For example, I can subscribe to a “US Politics” blocklist, and toggle it on/off when I need a break from news.
⁨Comment⁩ on ⁨User "threelonmusketeers@sh.itjust.works" is banning users for downvoting his posts.⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
How would it work in your opinion?
⁨Comment⁩ on ⁨ActivityPub vs RSS Atom etc. Why Federate instead of aggrigate?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Web 1.0 was great. Why Web 2.0?
⁨Comment⁩ on ⁨What are best practices for browsing lemmy.zip?⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
Blorp dev here. If you list out the bugs you see I’m happy to address them. Feature requests are also welcome.
⁨Comment⁩ on ⁨How come butthole scratches doesn't get infected with poop bacteria ?⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
Is that toilet paper?
⁨Comment⁩ on ⁨Plex got hacked.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I wonder how that works. The point of password hashing is to uniquely scramble your password. So userOneHash(“password”) should give a different output than userTwoHash(“password”) even if they use the same password. So your password manager shouldn’t really be able to generate the same password hash since an infinite number of hashes can be generated from the same password.
⁨Comment⁩ on ⁨Plex got hacked.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Can you also use a list of common passwords and a ruleset you apply to those common passwords, and then hash(applyRule(commonPassword)) == compromised hash ?
⁨Comment⁩ on ⁨Plex got hacked.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I actually didn’t realize pepper was a thing. I mostly do frontend. But that’s really interesting!
⁨Comment⁩ on ⁨Plex got hacked.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
But if you use a salt that is global to your site/server, you still have this problem: If a hacker cracks “p@ssword” in your database, they immediately know all users that also use “p@ssword”. Imo the biggest benefit of using salts is two users with the same password get different hashes. Right?

I’m not saying using a global salt isn’t better than no salt, but I do think you’re missing out on a huge benefit of using a per hash salt.
⁨Comment⁩ on ⁨Plex got hacked.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

even if someone brute forces an offline copy of the hashes they wouldn’t result in actual useable passwords

I think maybe I misunderstood this part. I thought you were suggesting that salted hashed passwords were uncrackable but maybe I misunderstood this
⁨Comment⁩ on ⁨Plex got hacked.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I don’t think that’s how salts work. I might be wrong, but I think it works like this

Password + Salt -> Hash
- “p@ssword” + “hakf” -> “hifbskjf”
- “p@ssword” + “jkjh” -> “gaidjshj”
- “p@ssword” + “afgd” -> “afgdufj”
Notice how those 3 users use the same password, but the different salts results in 3 different hashes. That doesn’t make it any harder to crack a single hash, but it means I have to crack the same password 3 times.
⁨Comment⁩ on ⁨Plex got hacked.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
But if you can solve the hash by generating password guesses, hashing them, and comparing them to the hashed passwords in the database. Say I hash “p@ssword” using the salts sorted in my database. I find that jon@example.com uses “p@ssword”. I then go to Amazon, com, login with Jon’s account, and order a bunch of stuff to my address.

Salt just makes it so I can’t hash “p@ssword” once and find everyone with that password the database. It really only slows me down.

I’m not a security expert, can someone tell me if I got that right?
⁨Comment⁩ on ⁨Plex got hacked.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I’m not a security expert, but password hashing is mostly to slow down someone from getting all the passwords. You can’t reverse the hash, but you can generate hashes until you find a match. When hashing, you can dial in how much compute it would take someone to try and solve all the hashes in your database. If you used a good password, it will be more difficult to solve your hashed password. But it’s best to change your password as Plex suggests.

So it depends on how secure a password is and how strong of hashing Plex used when storing the hashed passwords. I have no idea if this is like a “this will take a year” or “this will take a billion years” to solve all the hashes. Maybe someone with a security background could chime in.
New community for the Lemmy/PieFed client, Blorp
Submitted ⁨⁨1⁩ ⁨week⁩ ago⁩ to ⁨newcommunities@lemmy.world⁩ | ⁨2⁩ ⁨comments⁩
⁨Comment⁩ on ⁨It turns out there is a Lemmy alternative with categories - anyone got stories about it?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Only thing I’ll add is Blorp is a Lemmy and PieFed client. No mbin support currently.

I’m the developer behind Blorp.
⁨Comment⁩ on ⁨It turns out there is a Lemmy alternative with categories - anyone got stories about it?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Lemmy, PieFed, and mbin/kbin all provide APIs that let you pull data (communities, posts, users) from their backend. A client knows how to connect to the API, pull the data, and present it to the user. Lemmy, PieFed, and mbin all have a default client they ship with, but the Lemmy client only speaks Lemmy, the PieFed client only speaks piefed, etc.

Blorp, among other multi platform clients, speaks Lemmy and PieFed. Blorp can be self hosted, but it’s not a backend like Lemmy, PieFed, etc. Blorp reads/writes data via these APIs, but it doesn’t store any data on a server.

Idk if I explained that well. Does that make any sense?

Other way to think about it is email. Gmail is both a email server and a client. Blorp is like using a 3rd party email client that connects to Gmail and Yahoo.
⁨Comment⁩ on ⁨It turns out there is a Lemmy alternative with categories - anyone got stories about it?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I’m working on a Lemmy/PieFed client called Blorp that allows you to login to multiple accounts at once. However I don’t yet implement any PieFed specific features that Lemmy doesn’t have (e.g. categories).

PieFed has only recently had a stable v1 release, but based on my interactions with there devs, I’m very optimistic about their future.
⁨Comment⁩ on ⁨Loops - short form video with ActivityPub - is now open source!⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
There were 15 stakeholders, 1 full time developer and 20 contracted developers with a 12 hour time zone difference from the full time dev.
⁨Comment⁩ on ⁨Loops - short form video with ActivityPub - is now open source!⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Pretty sure Google+ only made it to 7
⁨Comment⁩ on ⁨Mommy, Why is There a Server in the House?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:

But you have a Daddy and Mommy who love you!

And, a Windows Home Server! Does that make you happy?

They had me until windows
⁨Comment⁩ on ⁨Jeez, it's like there's no appeasing you tyrants⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Boring straight white man here, except with a piercing. I agree with other straight white man that your opinion is shitty. I was just thinking this week that I should get some pride bumper stickers to support my friends.
⁨Comment⁩ on ⁨Who is the enemy?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
That does sound nice, but in writing this from my work from home location right near to the beach. But my second choice would be someplace with a lot of woods.
⁨Comment⁩ on ⁨Mastodon says it doesn't 'have the means' to comply with age verification laws⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I have absolutely no idea what any of that is after tor
⁨Comment⁩ on ⁨Who is the enemy?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
And technology
⁨Comment⁩ on ⁨Fediverse Report – #131⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Interesting. I run a Threadiverse client on iOS and Android. I haven’t run into any issues with Google, yet.

Apple has this rule I had to comply with:
- You must be able to delete your account from the app
- Lemmy delete account via the API requires password entry, even if you’re already logged in
- Apple however, claims password entry is too much friction for the user to delete their account
- A workaround is to link out to Lemmy website to delete your account. Even if you have to enter your password on the website, in Apple’s mind, this is somehow allowed despite being more friction?
I get the sense Apple wrote these rules to improve user experience, and they’re applied without anyone really considering what effect they’re having on the UX.
⁨Comment⁩ on ⁨fediverse/activitypub based linktree alternative⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Federated only fans
⁨Comment⁩ on ⁨Do I need the ISPs home router?⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Is getting an ONT with Ethernet output normal? The comments were making me think that’s more of best case but maybe not standard.