My bootstraps broke when I pulled them harder.

Turns out the local company that made bootstraps for 125 years was bought out by a hedge fund, which promptly fired all of the workers and subcontracted manufacturing to a company in Sri Lanka who could make them much cheaper by using inferior materials and by paying the Sri Lankan workers in 6 months what a fired local worker made in a day.

Ironically, the hedge fund CEO with the MBA he received as a legacy admission to Cornell only wears slippers because fuck you, I’m the boss.

Borgbackup to Borgbase

Mine is running on a €2.49 Hetzner VM. I already have a domain, so Lemmy is just set up on a subdomain. I secured it myself (that sort of thing is my day job). I don’t think I’ll need to upgrade, because it’s a closed instance with only 2 users.

All told, it would be maybe €50/year if you’re starting from nothing.

Yes. Lemmy 2FA uses SHA256 TOTP digests, which are newer (and better) than the SHA1 digests used as default by most authenticator apps.

Critically, Lemmy will not have you verify that the generated TOTP code works before locking it in, nor will it give you backup codes.

You should check the documentation of your authenticator app to see if any changes need to be made in the app prior to adding Lemmy 2FA.

If your app only supports SHA1, or you fail to follow your app’s procedures to add an SHA256 digest, and you add the 2FA token generated by Lemmy, you’re not getting back into that account.

Link to GitHub issue about this

Or run your own, if you know how

Don’t worry about Phoenix - they’re always blue

lemmygrad would like to know your location

Rapunki, when he joined the Seven

After those, the only logical destination is TempleOS

CSS: Myhammy

“I blue myself at the BJs in PJs party!”

I.E. Daddy IBM wants more

Thanks for the thorough writeup! It’s worth noting that the captcha will be back in the next version, but not exactly sure when it will be released.

They removed it during the switch from web sockets (which apparently took a lot of time and effort to keep updated), but someone submitted a pull request for a non-web socket version of the captcha code, which was accepted.

So hopefully we’ll all be able to update to the new version soon.

The dev apparently used the RedReader app to test a “spoofing” method of access for a proof of concept, but they don’t want to use that method either, because it would potentially cause problems for RedReader, which they didn’t want to do:

If we do that, and cause a huge traffic boost under RedReader’s name, it might lose them their exempt status. I’d like to avoid that if I can - there’s no reason to paint a target on RedReader’s back unnecessarily (an independent, non-commercial app), especially since the equivalent can be done with the official app without the same risks.

The real problem for Libreddit instance operators is going to be acquiring an API key. It doesn’t look like it’s an automated process like most other services - you have to fill out a form, which opens a ticket, and wait for someone from Reddit to get back to you.

I run an instance, and I’m not sure I want to go to the trouble. But I’ll wait and see what happens.

At least Fark has a squirrel. A geriatric squirrel, but a squirrel nonetheless.

It looks like the method they’ll be going with for legal reasons is to allow instance operators to use their own API keys. This might be a good solution if you self-host your own private instance (easy with docker on a home network, no domain name required) with low traffic, but the Reddit API change will probably kill the larger public instances with many users, as those will definitely have traffic over the API limits.

So you’re saying that soon the goggles will do nothing?

If I found out the admin of the Lemmy instance I’m using was hosting it on Oracle I would delete my profile immediately without a second thought.

Agreed. I still feel dirty for taking Google’s side in that ridiculous lawsuit Oracle filled after buying Sun. Only Oracle would try to make money from licensing fees for APIs…wait a minute…has Spez been talking to Elon Musk AND Larry Ellison?

Yes, but you’re not hurting the employer when you don’t tip, you’re hurting the server.

Or they’ll just shut it down with no explanation whatsoever, even if you’ve met all of their weird criteria.

There are two classic blunders. The most famous is “never get involved in a land war in Asia”, but only slightly less well-known is this: “Never go into business with Oracle when anything of value is on the line”.