• 0 Posts
  • 19 Comments
Joined 1 year ago
cake
Cake day: June 18th, 2023

help-circle
  • My bootstraps broke when I pulled them harder.

    Turns out the local company that made bootstraps for 125 years was bought out by a hedge fund, which promptly fired all of the workers and subcontracted manufacturing to a company in Sri Lanka who could make them much cheaper by using inferior materials and by paying the Sri Lankan workers in 6 months what a fired local worker made in a day.

    Ironically, the hedge fund CEO with the MBA he received as a legacy admission to Cornell only wears slippers because fuck you, I’m the boss.



  • Yes. Lemmy 2FA uses SHA256 TOTP digests, which are newer (and better) than the SHA1 digests used as default by most authenticator apps.

    Critically, Lemmy will not have you verify that the generated TOTP code works before locking it in, nor will it give you backup codes.

    You should check the documentation of your authenticator app to see if any changes need to be made in the app prior to adding Lemmy 2FA.

    If your app only supports SHA1, or you fail to follow your app’s procedures to add an SHA256 digest, and you add the 2FA token generated by Lemmy, you’re not getting back into that account.

    Link to GitHub issue about this





  • Which probably lifted it from the 1992 movie “Army of Darkness”, starring Bruce Campbell:

    Ash: Alright you primitive screw heads, listen up. You see this?

    This…is my boomstick! It’s a twelve-gauge double barrel Remington. S-Mart’s top of line. You can find this in the sporting goods department.

    That’s right, this sweet baby was made in Grand Rapids,Michigan. Retails for about $109.95. It’s got a walnut stock, cobalt steel barrel, and hair trigger. Shop smart, shop S-Mart.




  • Someone has already submitted a PR with the changes the dev recommended. The captcha stuff is in a new db table instead of in-memory at the websocket server.

    However, from one of the devs:

    One note, is that captchas (and all signup blocking methods) being optional, it still won’t prevent people from creating bot-only instances. The only effective way being to block them, or switch to allow-only federation.

    Once people discover the lemmy-bots that have been made that can bypass the previous captcha method, it also won’t help (unless a new captcha method like the suggested ones above are implemented).

    The root of the issue seems to be that they’ve removed websockets, for the following reasons:

    Huge burden to maintain, both on the server and in lemmy-ui. Possible memory leaks. Not scalable.

    I can understand them wanting to make their lives a bit easier (see "huge burden to maintain) - Lemmy has exploded recently (see “not scalable”) and there are far bigger issues to fix, and an even larger number of bad actors (see “possible memory leaks”) who have learned about Lemmy at the same time as everyone else and want to exploit or break it.






  • It’s a lot easier and cheaper than you might imagine. A used Dell 7040 for $120, a ZigBee controller for $30, install Home Assistant OS on the Dell, plug in the controller, and you’ve got a really powerful smart home hub that can control any ZigBee device you have locally without ever needing any “cloud” services.

    Since you don’t need cloud services, you don’t need to worry about firewalls or networking or VLANS, because the controller replaces the “required” hubs that manufacturers say you need, that force you to use their servers.

    With the controller, Home Assistant becomes your hub, and the ghost of Orwell will smile and nod at you approvingly, maybe even give you a cheeky thumbs up.



  • No, I am currently using a TubesZB Ethernet controller, but before that I used a Deconz ConBee II. There are others available as well.

    I used the hue bridge before setting up HA, but after setting up and configuring the other controller, you can unpair your hue bulbs from the hue bridge and pair them with the new controller instead. You can then unplug the hue bridge, because the new controller is now handling the hue bulbs.

    This is possible because devices that comply with the ZigBee protocol specs must accept properly formatted commands from a hub/controller after a successful pairing.

    So if you have one of these controllers, AND the ZigBee device you purchase is compliant with the protocol AND the device is supported by the controller, the controller will be able to control the device locally, and you can throw out the “required” hub from the manufacturer that sends your data to that company’s servers. This is why you need to plan things out ahead of time, to ensure that what you get will work with what you have. Every controller has a list of what devices are supported. For example, here are the devices supported by the ConBee II, and here are the devices supported by the TubesZB device, which uses Zigbee2MQTT.

    Bonus: with one of these controllers, your smart home stuff will now work just fine if your internet goes out. As long as your local network is up and running, all of your HA stuff will work as well.



  • Everything became very easy for me once I decided to go all open source. In my opinion, the problem is all of the different proprietary “hubs”. I got a ZigBee controller that can control all ZigBee devices without requiring a hub (there are several options available).

    Lights: ZigBee Hue. Plugs: ZigBee Innr. Motion sensors: ZigBee Aqara. Cameras: Ethernet Amcrest. NVR: Frigate.

    Everything is local, no data leaves my network, and everything is controlled directly from Home Assistant dashboards via the ZigBee controller, and I never have to open any proprietary apps.

    Care does need to be taken to plan the network at least somewhat in advance, but that doesn’t take too long, and everything is very stable and super reliable.