DrWeevilJammer

My bootstraps broke when I pulled them harder.

Turns out the local company that made bootstraps for 125 years was bought out by a hedge fund, which promptly fired all of the workers and subcontracted manufacturing to a company in Sri Lanka who could make them much cheaper by using inferior materials and by paying the Sri Lankan workers in 6 months what a fired local worker made in a day.

Ironically, the hedge fund CEO with the MBA he received as a legacy admission to Cornell only wears slippers because fuck you, I’m the boss.

Canadian confirmed, eh.

Yes. Lemmy 2FA uses SHA256 TOTP digests, which are newer (and better) than the SHA1 digests used as default by most authenticator apps.

Critically, Lemmy will not have you verify that the generated TOTP code works before locking it in, nor will it give you backup codes.

You should check the documentation of your authenticator app to see if any changes need to be made in the app prior to adding Lemmy 2FA.

If your app only supports SHA1, or you fail to follow your app’s procedures to add an SHA256 digest, and you add the 2FA token generated by Lemmy, you’re not getting back into that account.

Link to GitHub issue about this

Rapunki, when he joined the Seven

Thanks for the thorough writeup! It’s worth noting that the captcha will be back in the next version, but not exactly sure when it will be released.

They removed it during the switch from web sockets (which apparently took a lot of time and effort to keep updated), but someone submitted a pull request for a non-web socket version of the captcha code, which was accepted.

So hopefully we’ll all be able to update to the new version soon.

THAT LUMP IS A CAT AND IT HAS A NAME

Which probably lifted it from the 1992 movie “Army of Darkness”, starring Bruce Campbell:

Ash: Alright you primitive screw heads, listen up. You see this?

This…is my boomstick! It’s a twelve-gauge double barrel Remington. S-Mart’s top of line. You can find this in the sporting goods department.

That’s right, this sweet baby was made in Grand Rapids,Michigan. Retails for about $109.95. It’s got a walnut stock, cobalt steel barrel, and hair trigger. Shop smart, shop S-Mart.

“The customer is always right” mindset, except that doesn’t work with open source when they’re using something they downloaded for free.

You’ve put your finger on the thing that was bothering me about the tone of the original post - it’s very similar to a Nextdoor post.

We had a good solution…

Did we? Do you know why it was removed in the first place?

Someone has already submitted a PR with the changes the dev recommended. The captcha stuff is in a new db table instead of in-memory at the websocket server.

However, from one of the devs:

One note, is that captchas (and all signup blocking methods) being optional, it still won’t prevent people from creating bot-only instances. The only effective way being to block them, or switch to allow-only federation.

Once people discover the lemmy-bots that have been made that can bypass the previous captcha method, it also won’t help (unless a new captcha method like the suggested ones above are implemented).

The root of the issue seems to be that they’ve removed websockets, for the following reasons:

Huge burden to maintain, both on the server and in lemmy-ui. Possible memory leaks. Not scalable.

I can understand them wanting to make their lives a bit easier (see "huge burden to maintain) - Lemmy has exploded recently (see “not scalable”) and there are far bigger issues to fix, and an even larger number of bad actors (see “possible memory leaks”) who have learned about Lemmy at the same time as everyone else and want to exploit or break it.

Is this a collective undertaking by a community of multiple stakeholders or is this the Dev’s individual project and they don’t have to listen to anyone?

Devs, especially extremely busy ones “listen” via pull requests. Instead of badgering the devs, put together some devs of your own, get some code working, and submit it as a PR.

If they don’t accept it, you now have code that does what you want, and it would be easy to create your own fork.

The easiest way to make an ignorant person feel special is to identify an “other” for the ignorant person to look down on/blame for their problems.

1. Manufacture a scapegoat
2. Charismatic speaker blames the scapegoat
3. Get power/money

Oldest trick in the oldest of books.

Their task failed successfully…for you!

Really glad to hear it! Feel free to ping me if you have questions.

Edit: The Deconz is a good starter device, but it doesn’t support nearly as many devices as Z2M. I got an Aqara Pet Feeder that Deconz doesn’t support, but Z2M does, which is why I switched. You can’t use Z2M with the ConBee.

This is the video I used to set up Z2M to work with the new controller.

It’s a lot easier and cheaper than you might imagine. A used Dell 7040 for $120, a ZigBee controller for $30, install Home Assistant OS on the Dell, plug in the controller, and you’ve got a really powerful smart home hub that can control any ZigBee device you have locally without ever needing any “cloud” services.

Since you don’t need cloud services, you don’t need to worry about firewalls or networking or VLANS, because the controller replaces the “required” hubs that manufacturers say you need, that force you to use their servers.

With the controller, Home Assistant becomes your hub, and the ghost of Orwell will smile and nod at you approvingly, maybe even give you a cheeky thumbs up.

Have you looked into what Home Assistant has been doing with voice lately? This is what I’ll be using to finally turn my Echos into muted speaker targets:

https://www.home-assistant.io/voice_control/using_voice_assistants_overview/

You can even turn old analog phones into HA “microphones” - just pick up the BatPhone/hamburger/banana phone, say “It’s movie time” and hang up, and HA will convert your voice to text and run your “movie time” automation.

It’s not a jetpack, but it certainly FEELS like living in the future…

No, I am currently using a TubesZB Ethernet controller, but before that I used a Deconz ConBee II. There are others available as well.

I used the hue bridge before setting up HA, but after setting up and configuring the other controller, you can unpair your hue bulbs from the hue bridge and pair them with the new controller instead. You can then unplug the hue bridge, because the new controller is now handling the hue bulbs.

This is possible because devices that comply with the ZigBee protocol specs must accept properly formatted commands from a hub/controller after a successful pairing.

So if you have one of these controllers, AND the ZigBee device you purchase is compliant with the protocol AND the device is supported by the controller, the controller will be able to control the device locally, and you can throw out the “required” hub from the manufacturer that sends your data to that company’s servers. This is why you need to plan things out ahead of time, to ensure that what you get will work with what you have. Every controller has a list of what devices are supported. For example, here are the devices supported by the ConBee II, and here are the devices supported by the TubesZB device, which uses Zigbee2MQTT.

Bonus: with one of these controllers, your smart home stuff will now work just fine if your internet goes out. As long as your local network is up and running, all of your HA stuff will work as well.

Maybe that’s just how you’re supposed to play a skelephone

Everything became very easy for me once I decided to go all open source. In my opinion, the problem is all of the different proprietary “hubs”. I got a ZigBee controller that can control all ZigBee devices without requiring a hub (there are several options available).

Lights: ZigBee Hue. Plugs: ZigBee Innr. Motion sensors: ZigBee Aqara. Cameras: Ethernet Amcrest. NVR: Frigate.

Everything is local, no data leaves my network, and everything is controlled directly from Home Assistant dashboards via the ZigBee controller, and I never have to open any proprietary apps.

Care does need to be taken to plan the network at least somewhat in advance, but that doesn’t take too long, and everything is very stable and super reliable.