@nay f

why are payment-related things always like this?

my bank requires an online banking PIN (separate from the ordinary one) and a password to log in, but instead of asking for the whole thing they ask for random access to individual characters. this both makes it inconvenient to use and implies they are storing them in plain text

@elly @domi @toast works great for QCNFA222 (that spams dmesg with ASPM errors and also has broken 5GHz)

@toast @domi

@bagder oh no. I guess I might have to get a USB-C power bank capable of 20V to charge my thinkpad

paypal silently truncated my 26-character password to 20 characters (but not in the login field, so I couldn't log in until I thought to look up the paypal password length limit and truncate it to 20 characters). why does that limit even exist? bcrypt has a much higher limit. I hate paypal

new tech warcrime

ppl always complain that the clock on my microwave never shows the right time bcs i cant be assed to set it manually

so now i have an unfuck-microwave.sh cronjob which briefly kills its power every day at midnight

@julia @Gargron @txtx

Namely, I’ve seen at least 3 people claim that they need to move off of Sharkey because of the US’ instability

…why? Is Sharkey even US-based other than some maintainers being in the US?

I wonder what these people are doing about Linux (which actually has a US-based Linux Foundation and complies with US sanctions).

@benjojo my preference would be a way of configuring exactly which ports can be bound to by which users (which I've been told is possible with eBPF), but I don't think CAP_NET_BIND_SERVICE is any more of a security risk than setting net.ipv4.ip_unprivileged_port_start to 0 (arguably it is more of a security risk than setting it to 23 though)

@benjojo

just because I don’t trust multi user boundaries does not mean that I’m going to actively give away surface for free

Exactly. It’s still worth restricting which users can bind to which ports just like it’s still worth using separate users for separate services, even if the security of multi-user boundaries is imperfect.

@cwebber @jfred @vagrantc this also has the advantage that it wouldn't be as slow as GRUB to decrypt your disk, and if you wanted to you could avoid entering your disk encryption password twice by either putting the key into the second (encrypted) initramfs (although this has security implications for LUKS2 because it makes the key accessible from userspace) or possibly using kexec handover (which I'm not sure how to do, or if it would require kernel modifications, but that is a thing)

@cwebber @jfred @vagrantc you could have another minimal kernel + initramfs that decrypts /boot and then loads guix's kernel with kexec (something like u-root, except u-root doesn't support LUKS (but if disk space isn't an issue you could probably include a cryptsetup binary with u-root if you wanted to use that))

@kemona_halftau @nyanpasu64 what’s the lowest common bio length limit to be accepted from remote instances? akkoma’s default seems to be 5000 (and the same limit is used for both local and remote, which I did not know when I set mine to 65535), and your bio is only 3029 characters (in HTML, according to select length(bio) from users where ap_id = 'https://sharkey.skydevs.me/users/afjv12aww6ae01kq';)

@kemona_halftau @nyanpasu64 (convince your instance admin to) increase the limit?

@mjg59 some people fetch Debian repos over Tor specifically to avoid this

good night

@seabass @neil I think reply controls of the kind that’s actually implementable without changing how every implementation does replies (that is, just reject them locally) are already partially possible on Pleroma/Akkoma using MRF (the Message Rewrite Facility). Rejecting replies to a certain user is certainly possible with an MRF filter, the only thing missing is a way for the user to specify this per-post.

@mossfet I am