Readit News logoReadit News
theschmed commented on KeePassXC Integration with Rclone and Secret Service API   lshnk.me/2025/12/02/arch-... · Posted by u/vldmr
theschmed · 2 months ago
Be very careful with bisync, it is experimental and perhaps the most fragile part of rclone. Carefully read the limitations[1] and monitor your logs!

I personally use mount, I have never had problems with locking.

[1] https://rclone.org/bisync/#limitations

theschmed commented on PSF has withdrawn $1.5M proposal to US Government grant program   pyfound.blogspot.com/2025... · Posted by u/lumpa
theschmed · 4 months ago
Read to the end. Ways to financially support this important work can be found there.
theschmed commented on Nginx introduces native support for ACME protocol   blog.nginx.org/blog/nativ... · Posted by u/phickey
andreashaerter · 6 months ago
CNAMEs. I do this for everything. Example:

1. Your main domain is important.example.com with provider A. No DNS API token for security.

2. Your throwaway domain in a dedicated account with DNS API is example.net with provider B and a DNS API token in your ACME client

3. You create _acme-challenge.important.example.com not as TXT via API but permanent as CNAME to _acme-challenge.example.net or _acme-challenge.important.example.com.example.net

4. Your ACME client writes the challenge responses for important.example.com into a TXT at the unimportant _acme-challenge.example.net and has only API access to provider B. If this gets hacked and example.net lost you change the CNAMES and use a new domain whatever.tld as CNAME target.

acme.sh supports this (see https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mo... this also works for wildcards as described there), most ACME clients do.

I also wrote an acme.sh Ansible role supporting this: https://github.com/foundata/ansible-collection-acmesh/tree/m.... Example values:

  [...]
  # certificate: "foo.example.com" with an additional "bar.example.com" SAN
  - domains:
    - name: "foo.example.com"
      challenge:  # parameters depend on type
        type: "dns"
        dns_provider: "dns_hetzner"
        # CNAME _acme-challenge.foo.example.com => _acme-challenge.foo.example.com.example.net
        challenge_alias: "foo.example.com.example.net"
    - name: "bar.example.com"
      challenge:
        type: "dns"
        dns_provider: "dns_inwx"
        # CNAME _acme-challenge.bar.example.com => _acme-challenge.example.net
        challenge_alias: "example.net"
  [...]

theschmed · 6 months ago
Thank you for this clear explanation.
theschmed commented on Emailing a one-time code is worse than passwords   blog.danielh.cc/blog/pass... · Posted by u/max__dev
Lukas_Skywalker · 6 months ago
I have added what I think they call login alias to my account. This blocks logins using the normal account username (which is my public email address), and only allows them via the alias (which is not public and just a random string). Not a single foreign login attempt since I enabled the alias.

You can enable it on account.microsoft.com > Account Info > Sign-in preferences > Add email > Add Alias and make it primary. Then click Change Sign-in Preferences, and only enable the alias.

theschmed · 6 months ago
I hadn't thought of this use case for aliases.

I had to make my Outlook email primary again on my Microsoft account, unfortunately, because of how I use OneDrive. I send people share invitations and there are scenarios (or at least there were the last time I checked) where sending invitations from the primary account email is the only way to deliver the invite. If your external email alias is primary, they'll attempt to send an email from Outlook's servers that spoofs the alias email :/

theschmed commented on US Supreme Court Upholds Texas Porn ID Law   wired.com/story/us-suprem... · Posted by u/mikece
pyuser583 · 8 months ago
I have kids and try very hard to keep them from inappropriate material online.

The real dangers aren’t dedicated porn sites, but poorly managed social media sites. You can’t just block the domain.

In many cases, the bad material comes from peers. Kids have always talked about “bad” things, but the internet super charges it.

I generally support these efforts, but I’m also very cynical they help.

Politicians focus on the problems they control, like rules for sites that rigorously follow the laws and fit in a clear category. They care far less about the grey areas where the most harm is often done.

I think this is a good thing. I’d feel a lot better if these efforts were combined with rigorous privacy protections.

For example, third party identity verification services should be civilly liable for privacy breeches, and required to carry insurance to meet the obligations.

theschmed · 8 months ago
I tend to think that this challenge posed by "mixed" domains, partly unobjectionable but partly inappropriate, will only become more prevalent. A couple of thoughts:

1. Filtering at the DNS level will never be enough. You'll always need to have the capability for the browser or user agent to do filtering, since the user agent has the context to know the full URI as well as other things needed for filtering. The OS admin (parent, school IT admin etc) will need to be able to block all user agents except the ones that have the reporting and filtering capabilities tuned to the admin's requirements. This is the direction Windows is heading, but it is very rough.

2. I wonder if more domains could do what Google, Bing, Youtube etc do and permit a safe version to be requested at the DNS level. I personally would like to be able to do so with Reddit, Twitter and more.

theschmed commented on Changes (deprecations) coming in Power Platform   learn.microsoft.com/en-us... · Posted by u/theschmed
theschmed · 8 months ago
As mentioned there, anyone using Power Automate to automate their personal Outlook.com/Hotmail email, OneDrive, etc can try migrating to a free Power Apps Developer plan (https://learn.microsoft.com/en-us/power-platform/developer/p...). I have not yet tried this myself.
Posted by u/theschmed 8 months ago
Changes (deprecations) coming in Power Platformlearn.microsoft.com/en-us...
theschmed commented on LibriVox   librivox.org/... · Posted by u/bookofjoe
theschmed · 8 months ago
Another site, which includes a smaller but more professionally curated set of recordings, is Lit2Go (https://etc.usf.edu/lit2go/books/). My children and I for example have greatly enjoyed Lorraine Montgomery’s recording of “Curly and Floppy Twistytail”, a series of delightful nonsense stories performed with gusto. (https://etc.usf.edu/lit2go/183/curly-and-floppy-twistytail-t...) They’re not all aimed at children either, high quality recordings of Dracula, David Copperfield, etc
theschmed commented on Authorization Bypass in Next.js Middleware   github.com/advisories/GHS... · Posted by u/nilsbunger
theschmed · a year ago
More details here: https://zhero-web-sec.github.io/research-and-things/nextjs-a...

Hat tip ash: https://news.ycombinator.com/item?id=43451485

theschmed commented on Important 2025 Plex Updates   plex.tv/blog/important-20... · Posted by u/AndrewDucker
theschmed · a year ago
One important note:

> Does this affect content from music and photo libraries?

> The announced changes for remote streaming of personal content from a Plex Media Server apply only to movie/TV/video media. This does not affect music or photo streaming to our dedicated Plexamp and Plex Photos apps.

If I'm reading right, users like me who primarily use it for music and audiobooks (via the Prologue app) are not affected.

t

u/theschmed

KarmaCake day176March 14, 2020
About
About me: https://davidsmedberg.me

My PGP key: https://davidsmedberg.me/.well-known/openpgpkey/hu/ij4dwniq3d57xexontbfyqkz6um4fitw?l=david

View Original