My bootstraps broke when I pulled them harder.

Turns out the local company that made bootstraps for 125 years was bought out by a hedge fund, which promptly fired all of the workers and subcontracted manufacturing to a company in Sri Lanka who could make them much cheaper by using inferior materials and by paying the Sri Lankan workers in 6 months what a fired local worker made in a day.

Ironically, the hedge fund CEO with the MBA he received as a legacy admission to Cornell only wears slippers because fuck you, I’m the boss.

Yes. Lemmy 2FA uses SHA256 TOTP digests, which are newer (and better) than the SHA1 digests used as default by most authenticator apps.

Critically, Lemmy will not have you verify that the generated TOTP code works before locking it in, nor will it give you backup codes.

You should check the documentation of your authenticator app to see if any changes need to be made in the app prior to adding Lemmy 2FA.

If your app only supports SHA1, or you fail to follow your app’s procedures to add an SHA256 digest, and you add the 2FA token generated by Lemmy, you’re not getting back into that account.

Link to GitHub issue about this

That extra .04 makes all the difference.

That’s what she said

Is it, though?

lemmygrad would like to know your location

Rapunki, when he joined the Seven

Gender reassignment surgery

Don’t threaten me with a good time!

CSS: Myhammy

Hamblurghler likes this

So you’re saying that soon the goggles will do nothing?

THAT LUMP IS A CAT AND IT HAS A NAME

First, thanks for putting your instance out there! We need more open servers.

Second, lemmygrad is straight-up Marxist, which is about as far left as you can get - pretty much the opposite of “alt-right”.

Which probably lifted it from the 1992 movie “Army of Darkness”, starring Bruce Campbell:

Ash: Alright you primitive screw heads, listen up. You see this?

This…is my boomstick! It’s a twelve-gauge double barrel Remington. S-Mart’s top of line. You can find this in the sporting goods department.

That’s right, this sweet baby was made in Grand Rapids,Michigan. Retails for about $109.95. It’s got a walnut stock, cobalt steel barrel, and hair trigger. Shop smart, shop S-Mart.

Someone has already submitted a PR with the changes the dev recommended. The captcha stuff is in a new db table instead of in-memory at the websocket server.

However, from one of the devs:

One note, is that captchas (and all signup blocking methods) being optional, it still won’t prevent people from creating bot-only instances. The only effective way being to block them, or switch to allow-only federation.

Once people discover the lemmy-bots that have been made that can bypass the previous captcha method, it also won’t help (unless a new captcha method like the suggested ones above are implemented).

The root of the issue seems to be that they’ve removed websockets, for the following reasons:

Huge burden to maintain, both on the server and in lemmy-ui. Possible memory leaks. Not scalable.

I can understand them wanting to make their lives a bit easier (see "huge burden to maintain) - Lemmy has exploded recently (see “not scalable”) and there are far bigger issues to fix, and an even larger number of bad actors (see “possible memory leaks”) who have learned about Lemmy at the same time as everyone else and want to exploit or break it.