Dark Arc

Video posts are something I kind of miss, particularly for gaming communities to share clips of gameplay

It’s called Voyager now

In a selfish way… I’d like for the UK to do this and for it to go horribly horribly wrong for them. Maybe that would finally get the US reps to get their heads out of their butts so l don’t have to keep signing petitions and writing essays about why weakening encryption is a horrible idea.

If you vote in it or open it, it’s marked read in most apps.

Yeah, it just got me on lemmy.world with a post that had no replies (prior to mine): https://lemmy.world/comment/1225371

Whoa, that’s pretty funny… It was near the top of my feed under the hot algorithm. 😂 Maybe this was upvoted by somebody recently…?

Also makes the question make more sense, that might be a new(er) feature.

Yes? There’s an icon for it on every community’s page (bottom right of the screenshot).

Yeah, it would be nice if they let people buy storage at a reasonable rate.

Same, I was on world when it got hacked, rotated the simple login email, and rotated the password post hack (and deactivated the old email) just to be on the safe side.

The safest option would be for Lemmy to implement OAuth and apps that aren’t in some “official front end for xyz website mode” to authorize via OAuth with the backend instead of via credentials.

I’m using one for myself and one for my grandpa (who gets tons of landline spam calls).

I haven’t noticed a lot that’s different for either of us. I think the real reason to use one of these sites is if you want your contact information to be a bit harder to find.

I don’t know enough about Lemmy’s JWT design, but some JWT designs don’t store the JWT in a database at all, so the only correct response is to regenerate the secret and kill all the sessions by them failing the validity checks.

No, you said you can’t generate valid tokens within the database. I just told you this is the secret, not the tokens (that is present in the database).

This is the secret, not the tokens.

Hm… They could’ve edited the config or just exit(1) if the credential is the default, but very fair.

Oof, okay well that’s not how I would’ve done it. The JWT secret in the database itself could be a vulnerability (e.g., someone that gains read only access to the database could then use that as a wedge to create any JWT they wanted). I’m not sure if that’s actually worth bringing up or not (it’s a bit of an odd case).

JWT secret keys are not in the DB (speaking typically, maybe for Lemmy they are, but that would be very surprising), that’s typically an environment variable or configuration file sort of thing.

In any case, this isn’t the part that’s broken, it doesn’t need fixed.

It’s really starting to feel like a legitimately good Reddit alternative around here, not just “Reddit like” or “Reddit light” and that’s really awesome 😊

Just an FYI, looks like you double commented

No, you can set up PGP encryption to send PGP encrypted mail to non-proton customers via Proton. They’ve also been trying to work on standards that would make retrieving public keys/knowing the recipient accepts PGP automatic.

You’re blatantly misinformed, and it’s irritating.

Edit: I’ve blocked this person following their reply, but to their last point, “via Proton” literally means you use their service as a standard PGP mail client no strings attached, that can interact with any other PGP, and with no vendor lockin. That is literally the definition of using an open standard. There’s no insidious plot here.