Skip Navigation

User banner

Jerry on PieFed

@ Jerry @feddit.online

Posts
11
Comments
110
Joined
2 yr. ago

Just a techie guy running feddit.online to allow people to communicate, make friends and acquaintances. Odd coming from a happy introvert, right? (https://jerry.hear-me.blog/about)

I also own these publicly available applications:Mastodon: https://hear-me.social/Alternative Mastodon UI: https://phanpy.hear-me.social/Peertube: https://my-sunshine.video/Friendica: https://my-place.social/Matrix: https://element.secure-channel.net/XMPP/Jabber: https://between-us.online/Bluesky PDS: https://blue-ocean.social/ (jerry.blue-ocean.social) Mobilizon (Facebook Events Alt): https://my-group.events/and more...

  • Because pictures are not uploading on piefed, the chain is breaking up.

    Jump

  • I fixed this on feddit.online. It was a firewall issue.

  • YouTube video links embedded in Mastodon are playing perfectly, but the same are not playing in Piefed.

    Jump

  • I'll investigate this more tomorrow

  • Some video links are broken on posts

    Jump

  • I have the same problem in both Firefox and Vivaldi on Linux and Windows. I'm getting a 403 error:

    I see this in Vivaldi:

    video.twimg.com/ext_tw_video/2051274778753781760/pu/vid/avc1/1280x720/DgFq_l1TNDVergoC.mp4:1 Failed to load resource: the server responded with a status of 403 ()

    I saw this in FIrefox:

    The resource at “https://video.twimg.com/ext_tw_video/2051274778753781760/pu/vid/avc1/1280x720/DgFq_l1TNDVergoC.mp4%E2%80%9D was blocked because Enhanced Tracking Protection is enabled.

    So, I turned off Enhanced Tracking Protection and I get the same 403 as in Vivaldi.

    While my Firefox is on a VPN, my Vivaldi is not, so it's not a VPN issue.

    This doesn't help you but it confirms you are not alone.

    However, if I enter this into a private window, it plays: https://video.twimg.com/ext_tw_video/2051274778753781760/pu/vid/avc1/1280x720/DgFq_l1TNDVergoC.mp4

    If PieFed sends a referer header, maybe X rejects it because it doesn't like PieFed. Or maybe it doesn't like the headers passed by PieFed? I'm guessing.

    I ran this curl on my PieFed server and did not get a 403, but rather a 200curl -I "https://video.twimg.com/ext_tw_video/2051274778753781760/pu/vid/avc1/1280x720/DgFq_l1TNDVergoC.mp4"HTTP/2 200

    I ran the curl on my desktop computer, connected to the VPN, and I got a 200.

    So, not my VPN or IP address. If it fails in the browser but works in a curl, maybe it's the referrer related to hotlink protection??

  • Canada arrests three for operating “SMS blaster” device in Toronto

    Jump

  • The most important takeaway in the article:

    To defend against rogue towers, users are recommended to disable 2G downgrades on Android, although this measure is not effective against more advanced setups targeting LTE/5G signaling.

    SMS should be treated as an insecure channel, and users should avoid following links received over this channel.

    What they don't say is that if your phone is forced to 2G, they can also listen to your phone calls and read all your SMS messages. 2G has no encryption.

    I know in the U.S. there are no longer any 2G or 3G towers. But 4G/5G can use a null cipher attack (more expensive equipment) to get your phones to connect with an unencrypted connection to a fake tower, and you then have the same issues.

    In the latest Android version, you can enable warnings when your phone makes an unencrypted connection. Then you should toggle airplane mode to force a tower reconnection.

    iPhone does not have individual protection settings like Android. You need to put your phone into lockdown mode to keep it off 2G. But that setting has wider implications.

  • Scammer Used an AI-Generated MAGA Girl to Grift 'Super Dumb' Men

    Jump

  • He made thousands of dollars a month off MAGA men who believed she was real. But when he tried to create an AI woman for the Democrats, it bombed because they knew it was just AI slop.

    Any questions?

  • Got message about suspect activity on my Mastadon account, whatever that is? And the msg says only the post i can only view. The link it gives to do whatever comes back as 500 Internal Errror

    Jump

  • It sounds like you were targeted by a scammer, and the 500 error may have saved you some misery. Never click on a random link.

    I run a Mastodon server, and there is no mechanism to notify anyone about suspicious activity, let alone any link that would point back to the server to provide any such information to a user.

  • Quantum Computers Are Not a Threat to 128-Bit Symmetric Keys

    Jump

  • I think the article basically says current symmetric key encryption, even 128-bit, but especially 256-bit, is safe from quantum computers, maybe forever. It's the asymmetric encryption that's going to be easily broken, and this is what Google says needs to be addressed by 2029.

  • WireGuard VPN developer can't ship software updates after Microsoft locks account

    Jump

  • Welcome to Microsoft's co-pilot dream.

  • PieFed gets /r/random, like reddit used to have

    Jump

  • Working on feddit.online

  • I am in the fediverse now!

    Jump

  • We're glad you are here!

  • White House App Found Tracking Users' Exact Location Every 4.5 Minutes via Third-Party Server

    Jump

  • According to the Google Play Store, there are 467 reviews (4.8 stars) but "0+" downloads. Like everything else about the White House, it doesn't add up.

    And maybe most people know to keep it off their phones.

  • Newish to Fediverse - do I use one account across all services?

    Jump

  • You are asking a reasonable question that many ask.

    Each account will be a unique and separate account on each instance. Instances do not share accounts.

    Although you can, on some applications, authenticate with a federated account, like Google or even a Mastodon account, you still will have an entirely different account on the server.

  • A refreshing Zorin review. No, it doesn't match the hype.

    Jump

  • Wine requires Linux knowledge to get the configurations correct. I don't think many Windows users will be able to get any Windows applications running under Wine. And it's the same Wine that any Linux user can install for free.

    If Zorin came packaged with Crossover, then maybe it would run Windows apps better because Crossover would manage the Wine configurations and the required Windows infrastructure installs.

    Maybe.

    But not many old machines will have the capacity to run Linux, Wine, and a Windows application. But Zorin's hype leads one to believe that a 15-year-old machine won't struggle.

  • A refreshing Zorin review. No, it doesn't match the hype.

    Jump

  • I tried it about a month ago and found it had nothing more than what you get with an Ubuntu install, save for the look of the screen. I couldn't understand why the media was making a big deal about it. And I saw no reason why anyone should pay for Pro. My conclusions matched what is in the article.

  • Linux @programming.dev
    Jerry on PieFed @feddit.online

    A refreshing Zorin review. No, it doesn't match the hype.

  • 7zip.com Is Serving Malware

    Jump

  • The headline of this post is technically accurate but purposely provocative. The article's headline is more informative: " Fake 7-Zip downloads are turning home PCs into proxy nodes".

    The point is that 7zip.com is not the official website, and this is where many people are going for it, and getting malware.

  • Mlem and Voyager can't connect anymore? API changes or something specific to PieFed.zip?

    Jump

  • I've been having the same issue on feddit.online (I'm the owner), where I can log in from the UI, curl, and Postman but get 400 errors from login attempts using any phone app and even Photon and Blorp on the desktop. The devs couldn't help.

    However, after waiting 24 hours or so, I was able to suddenly log in.

    piefed.zip appears to be, like feddit.online, behind Cloudflare. It would be interesting to see if you can log in after they have Cloudflare entirely clear the cache. There is a potential that Cloudflare is caching a return status. I don't know if PieFed has temporary blocks.

  • Deleted

    Permanently Deleted

    Jump

  • @rimu@piefed.socialBut the logins from Voyager are returning 400 (Bad Request), although the username and password are correct, and to me, the request looks good.

    I posted what is coming into the server. The only anomaly I saw was that the session cookie referrer seemed odd. Can you look at the request I posted? Do you see any reason it would be seen as a bad request?

    The odd thing is that while I get an error 95% of the time trying to log into Voyager, twice it did let me log in. I don't know what was different about those 2 times.

    Nothing gets logged to syslog, any nginx logs, pyfedi.log, or journalctl.

  • Deleted

    Permanently Deleted

    Jump

  • Nope. I posted below what is coming into the server. The only thing I can think of is that the referrer is coming in as https://localhost/inbox which might explain the 400 error (Bad Request). Does your nginx configuration drop incoming cookies for the login endpoint?

  • Deleted

    Permanently Deleted

    Jump

  • Help me here. I'm not an expert. Here is the request going into the server. The error code is 400 (Bad Request) 

       
        
@x..@x..  
18:24:10.580462 IP 127.0.0.1.49126 > 127.0.0.1.5000: Flags [P.], seq 5107:5771, ack 1755, win 8143, options [nop,nop,TS val 1081650450 ecr 1081650382], length 664  
E....3@.@...............kz.....n...........  
@x..@x..POST /api/alpha/user/login HTTP/1.1  
X-Forwarded-For: 162.120.199.186, 172.70.111.121  
X-Forwarded-Proto: https  
Host: feddit.online  
Content-Length: 56  
accept-language: en-US,en;q=0.5  
content-type: application/json  
accept-encoding: gzip, br  
cf-ray: 9c85ae25b9720f65-EWR  
user-agent: Dalvik/2.1.0 (Linux; U; Android 16; Pixel 10 Pro XL Build/BP4A.260105.004.E1)  
cdn-loop: cloudflare; loops=1  
cf-connecting-ip: 162.120.199.186  
cf-ipcountry: US  
cf-visitor: {"scheme":"https"}  
cookie: session=eyJSZWZlcmVyIjoiaHR0cHM6Ly9sb2NhbGhvc3QvaW5ib3giLCJfZnJlc2giOmZhbHNlfQ.aYJgEQ.nMo4SDt0iKOrzFvSItQuquLp4qo  

{"password":"<hidden>","username":"testuser"}  
18:24:10.584409 IP 127.0.0.1.49120 > 127.0.0.1.5000: Flags [P.], seq 8671:10383, ack 2866, win 22123, options [nop,nop,TS val 1081650454 ecr 1081650338], length 1712  
E.....@.@.CB.............BO.+Ngj..Vk.......

    The session string is: eyJSZWZlcmVyIjoiaHR0cHM6Ly9sb2NhbGhvc3QvaW5ib3giLCJfZnJlc2giOmZhbHNlfQThis decodes to a referrer of: https://localhost/inbox

    I wonder if this is the issue. Will Piefed accept a session claiming to be from localhost? Will it see this as a potential attack or misconfiguration? Should I reconfigure nginx to drop incoming cookies for the login endpoint?

    I'm grasping at straws.

  • Today I Learned @lemmy.world
    Jerry on PieFed @feddit.online

    TIL that in 1820 some 20,000 pigs roamed NYC to clean up the streets

    www.nypl.org /blog/2024/07/17/views-digital-collection-milestones-nycs-trash-revolution
  • Today I Learned (TIL) @lemmy.ca
    Jerry on PieFed @feddit.online

    TIL the guillotine was named after a man who neither invented it nor believed in the death penalty

  • Today I Learned @lemmy.world
    Jerry on PieFed @feddit.online

    TIL the Guillotine was named after a man who neither invented it nor believed in the death penalty

  • Facepalm @lemmy.world
    Jerry on PieFed @feddit.online

    Hackers got Clorox passwords by simply asking for them?

  • Facepalm @lemmy.world
    Jerry on PieFed @feddit.online

    Chicago Sun-Times Ripped For AI Summer Reading List - Comic Sands

    www.comicsands.com /sun-times-ai-list
  • Fediverse @lemmy.world
    Jerry on PieFed @feddit.online

    Short video that show what Friendica can do

  • memes @lemmy.world
    Jerry on PieFed @feddit.online

    The elf in the swamp

  • memes @lemmy.world
    Jerry on PieFed @feddit.online

    Different perspectives on dogs

  • memes @lemmy.world
    Jerry on PieFed @feddit.online

    My Nose At Night When I'm Trying To Sleep

  • memes @lemmy.world
    Jerry on PieFed @feddit.online

    Prevention is the best cure