zabadoh

joined 1 year ago
[–] zabadoh@lemmy.ml 12 points 6 days ago* (last edited 6 days ago) (1 children)

I understand what you're saying, and that in the real world, bad security practices abound among average users who are likely to have passwords like "12345678" or "password"

But in this fictional scenario, my advice is directed at someone who has something valuable enough to protect behind a 121 character passphrase against a very determined adversary who has a Planck Cruncher at their disposal and is willing to run it for 100 years to crack that someone's data.

A little extra security protocol might be worth the extra effort.

I can see how that would be unclear, and I apologize for the misunderstanding.

[–] zabadoh@lemmy.ml 34 points 6 days ago* (last edited 6 days ago) (9 children)

You're describing the best case scenario for the person wishing to protect their password, where the Planck Cruncher guesses the password on the very last possible combination, taking 100 years to get there.

The Planck Cruncher might guess the password correctly on the first try, or it might guess correctly on the last possible combination in 100 years.

What we really want to measure are the odds of a random guess being correct.

The most "realistic" scenario is the Planck Cruncher guessing correctly somewhere between 0 and 100 years, but you want to adjust the length of the password to be secure against a powerful attack during the realistic life of whatever system you're trying to protect.

On average, assuming the rate of password testing is constant, it'll take the Planck Cruncher 50 years to guess the 121 character password.

And that assumes the password never changes.

If the password is changed while the Planck Cruncher is doing its thing, and it changes to something that the PC has already guessed and tested negative, the PC is screwed.

~~Hint: Change your password regularly.~~ edit: The user should change their password regularly during the attack.

Each password change reduces the risk of a lucky guess by that many years of PC attack.

[–] zabadoh@lemmy.ml 3 points 6 months ago (1 children)

Sooo, who wants to develop the open source hookup app based on the Fediverse?

[–] zabadoh@lemmy.ml 4 points 6 months ago (1 children)

It's fear of calcification. Lemmy is tiny, in terms of our user base.

If we don't get fresh blood, and most importantly the rare active contributors, we'll just get used to talking to each other, we'll get bored or burned out and leave.

[–] zabadoh@lemmy.ml 0 points 6 months ago* (last edited 6 months ago) (1 children)

You'd be surprised.

I have a RL friend who's on Reddit all the time, and he didn't even hear about the shutdown, much less /r/place, or anything like lemmy. I've been trying to sell it to him...

Re: The "We're elite" becomes "We're bored talking among the same old people" or "We're burned out", leading to users leaving and formerly thriving communities dying.

I've been around long enough to see this happen on multiple forums.

38
submitted 6 months ago* (last edited 6 months ago) by zabadoh@lemmy.ml to c/lemmy@lemmy.ml
 

User count has plateaued at about 420K

Active user count rose significantly between 2/24 37K to 3/24 51K

Hopefully users who signed up last year are coming back to use their accounts.

Maybe because they're tired of ads on reddit?

Should we put together a collection and and buy an ad campaign on Reddit?

I can see it now:

"Ads suck. We're ad-free forever. Join Lemmy."

and

"He'll never get us. Join Lemmy." or "Don't let him get you. Join Lemmy"

15
submitted 7 months ago* (last edited 7 months ago) by zabadoh@lemmy.ml to c/lemmy_support@lemmy.ml
 

When I search for communities about animation on the web interface, I see one called !animation@lemmy.film

There has been no activity in the /c for 6 months.

It's not my native instance, but I can read posts and comments in the /c, and I can even create a post in the /c.

But when I try to visit http://lemmy.film in a browser, I get a "Web Server Is Down" page.

Is the content in !animation@lemmy.film a ghost of cached content on my native instance?

[–] zabadoh@lemmy.ml 1 points 7 months ago

Or anything the devs can do to make it not look goofy.

 

A new post with 1 deleted comment shows as "comment symbol 0 (-1 New)"

... which looks goofy.

But not in this /c, maybe there's some kind of /c setting that shows quantities of new comments?

Maybe I made and deleted the comment too soon after I created this post?

[–] zabadoh@lemmy.ml 1 points 7 months ago (1 children)

It's part of the ol' Big Tech playbook:

If a promising emerging competitor emerges:

  1. Acquire the emerging competitor for cheap when it's still small
  2. Copy the competitor's best features to make them irrelevant
  3. Co-opt them with integration so the competitor's users won't see any advantage to staying with them
  4. Pollute the competitor's content to make your own offering look better
  5. Steal the competitor's best talent
[–] zabadoh@lemmy.ml 6 points 7 months ago (1 children)

Image rendering attacks and download tracking are well known, so it's not paranoid at all.

[–] zabadoh@lemmy.ml 8 points 7 months ago (3 children)

I'm not sure how extensive the spam wave was, nor how quickly the user was able to create an account, make the comments.

I doubt that the quantity in that I came across would be enough to take down a server, but that may be the point: To test lemmy's collective defenses and response without drawing too much attention.

A common IP address or address range ban file that's frequently updated and downloaded by each instance might be another way to boost security.

If this is actually an org attack, I'm guessing that we'll see botnet DDOS comment and post attacks next.

[–] zabadoh@lemmy.ml 1 points 7 months ago* (last edited 7 months ago) (1 children)

It looks like some kind of fix was implemented after my post, so I can't replicate the problem for you.

Whenever I edit one of my cross-instance posts, the language defaults to English, and I can save my edits with no issues.

Now whether the fix was on an instance basis, i.e. config changes, or in some Lemmy-system update, I can't tell you.

edit: Maybe my issue was solved along with the fix for the default languages: https://lemmy.ml/post/13410320

102
submitted 7 months ago* (last edited 7 months ago) by zabadoh@lemmy.ml to c/lemmy@lemmy.ml
 

There have been a number of comment spam attacks in various posts in a couple of /c's that I follow by a user/individual who uses account names like Thulean*

For example: ThuleanSneed@lemmy.tf in !coffee@lemmy.world

and ThuleanPerspective2@eviltoast.org in !anime@ani.social

edit: Also ThuleanSneed@startrek.website in !startrek@startrek.website

The posts have been removed or deleted by the respective /c's mods, and the offending accounts banned, but you can see the traces of them in those /c's modlogs.

The comments consist of an all-caps string of words with profanities, and Simpsons memes.

An attack on a post may consist of several repeated or similar looking comments.

This looks like a bored teenager prank, but it may also be an organization testing Lemmy's systemic and collective defenses and ability to respond against spam and bot posts.

 

After I've saved a post to a /c hosted by another instance than the one that I'm logged into, I can open that post for editing, but I'm unable to save my edits to that post.

For example: I made a post to !ukraine@sopuli.xyz, while logged in elsewhere. Something or other in the webpage link is forcing a download, so I tried to edit the URL in the post, but I can't save it.

This also happened to a post I made to !coffee@lemmy.world where I was trying to edit the text in the post's Body after saving the post.

I can save edits to my posts to /c's on my native instance just fine.

 

Before I begin, I have to say that this post includes links to an instance, ani.social, that has been defederated from this instance, lemmy.ml, because that's where I discovered this problem.

But in this case, I hope the admins understand that this is worth reporting and investigating, and don't insta-delete this post, because this problem appears to happen with more than that one instance, including sopuli.xyz, which is not defederated from here at lemmy.ml

Let us begin:

With Lemmy account setting “Auto Expand Media” turned on, when I’m viewing community https://ani.social/c/ukraine@sopuli.xyz on my desktop browser, Firefox on Windows, one particular post, https://ani.social/post/1923262 , causes the /c view to ask me to download an .mp4 video from streamable.com:

After declining the download, the space where the thumbnail for the expanded media goes is just blank.

This doesn’t happen when viewing the same /c on .ml https://lemmy.ml/c/ukraine@sopuli.xyz

On .ml, I just get a clickable thumbnail of the video.

It’s just that one post.

On other earlier and later posts of links to streamable.com videos in the same /c, I just get the expected clickable thumbnail.

Maybe some kind of corrupted data as that particular post was transferring over?

When I asked about this on ani.social's meta /c, another user reported the auto-download request on ani.social, sopuli.xyz (the /c's home!) but not on lemmy.ml and lemmy.world

 

CGDCT with mahjong.

Just a generic start.

There's nothing really standing out for me except the art: Those eyes look like they take ages to draw.

The comedy bits where they're imagining things while seated around the table aren't as funny as those in say "Sabagebu!"

 

Web interface, on Windows Firefox

I was trying to create a post with the title:

"Sokushi Cheat ga Saikyou Sugite, Isekai no Yatsura ga Marude Aite ni Naranaindesu ga. • My Instant Death Ability Is So Overpowered, No One in This Other World Stands a Chance Against Me! - Episode 1 discussion"

It let me paste this much into the title box:

"Sokushi Cheat ga Saikyou Sugite, Isekai no Yatsura ga Marude Aite ni Naranaindesu ga. • My Instant Death Ability Is So Overpowered, No One in This Other World Stands a Chance Against Me! - Episode 1 d"

Then, when I created the post, a red dialog saying "Error: invalid_post_title" popped up in the lower left of my browser.

I suspected that the pasted title was too long, so I removed some of the text, and sure enough, I was able to create the post.

  1. If it's going to automatically truncate the pasted text, it should truncate the text to an acceptable length.

  2. The error message should be more specific.

Probably obvious to anyone encountering this, and an easy workaround.

Thanks for your attention devs!

view more: next ›