The TOTP feature in Bitwarden works, if you paste in the whole otpauth:// URI to Bitwarden’s Authenticator Key (TOTP) field. The URL specifies that the hashing algorithm should be SHA256. If you just import the secret= value into Authy, it probably defaults to using the SHA-1 algorithm, which may be why the codes generated by Authy don’t work.
SHA256 is more secure than SHA-1, which I guess is why Lemmy has chosen to use it for its 2FA feature.
It would have to be Gödel’s Incompleteness Theorem. Such a beautiful proof that shakes mathematics to its core.
The science communicator Veritasium made a nice video about it: https://youtu.be/HeQX2HjkcNo
I first learned about it in Douglas Hofstaedter’s masterpiece Gödel Escher Bach: An Eternal Golden Braid
Ah, the nouveau “landed gentry” has arrived… :-)
He called Zuck a cuck?
Very good. I think a feature where a user can revoke all their cookie sessions is still worthwhile, and maybe I’ll look at raising a feature request for that, but it is good to know that cookies stolen during the recent hack have already been addressed.
It seems there is no way in Lemmy to invalidate all your session cookies? Without that, how can you secure an account which has a stolen session cookie?
Lenny is a national treasure, taking on the telemarketers and bringing them yo tears: https://www.kaspersky.com/blog/35c3-lenny-voice-chatbot/25275/
Makes sense. Clearly it was TL;DW for me :-)
what, no Obtanium?
Presumably they mean that the CPU resources are over-provisioned, meaning that the virtual CPUs allocated to VMs have to share a smaller pool of physical CPUs. If the VMs have a lot of idle time, this can work well, but if your VM suddenly needs more CPU, the processes on your VM might need to wait for a physical CPU, as physical CPU cycles that would normally be available to you have been “stolen away” by processes running on other VMs.
Well, corporations don’t care about your data, they only care about protecting your own :-D Having a separate phone for work stuff is just generally good practice anyway.
InTune is mobile device management that allows a company to enforce policies on your phone such as pin code length/screen locking policies, and ability to remotely wipe your phone. Since these privacy ROMs are about giving control back to the user, I suspect that there will be problems with MDM enforcement software like InTune. I no longer work for a company that uses that software though, so no chance to test it out.
Aurora is still working. Google was doing things like rate-limiting and shutting down the accounts used by Aurora for anonymised downloads. You can create your own google account and use that with Aurora. That way, if Google decides to shut down that throw-away account for some reason, the main Google account won’t be affected (there was some information floating around that google had been deactivating accounts found to be used with Aurora).
The guy at the centre of much of this drama has stepped back, and is letting the GrapheneOS foundation take the lead. While Daniel clearly has some challenges in the people skills department, I think Louis may have over-reacted a little in his video when he claimed that Daniel might at some point act in bad faith.
If I had more time, I would have written a shorter comment…
You can. For email, DNS serves a similar purpose to the telcos’ mobile number portability databases. If you want to move your email domain to a new server, you just need to update its DNS MX record.
Then change the title of the post to something open-ended like “How vulnerable is Lemmy to DDOS attacks?”. Taking out a major node which hosts many key communities is going to have an adverse impact.