Skip Navigation

Iced Raktajino

@ IcedRaktajino @startrek.website

Posts
239
Comments
1054
Joined
8 mo. ago

I'm beautiful and tough like a diamond...or beef jerky in a ball gown.

  • Is Nevada (the state) pronounced "Ne-vaugh-da" or "Neh-VA-da"?

    Jump

  • Thanks!

    Veep is, obviously, about D.C. and I'm from Maryland which is not far from there, so the eastern dialect "vah" is what everyone uses here. So I guess Kent is correct.

  • Forgive me, Doctor, for I have sinned: I haven't watched anything Trek in almost 2 months

    Jump

  • I'm similar but it's a side effect of my general gluttony. I'll watch one episode and immediately want more. I didn't intend to wait until the season was over to binge it all, but it just sort of happened because of life being hectic right now.

  • Either the aliens have listed Earth as a no-contact planet or we are probably alone in the universe.

    Jump

  • If it turns out to be the former, I don't blame them.

  • Tuya devices popularity

    Jump

  • I used to buy their stuff and use tuya-convert to flash Tasmota onto them. But they kept updating the firmware to lock that out, and I ended up returning a batch of 15 smart plugs because none of them would flash. They were too much of a PITA to try to crack open and flash the ESP8266 manually so I returned the whole batch as defective, left a scathing review, and blackballed the whole brand.

  • Risa @startrek.website
    Iced Raktajino @startrek.website

    Forgive me, Doctor, for I have sinned: I haven't watched anything Trek in almost 2 months

  • Aferiy P280 review: A multifunctional power station that I'd use for emergency backup

    Jump

  • Nice. I've got the Anker version but it's half the capacity at 1 KWh. It charges exclusively from 800W of PV input (though it can only handle 600W input) and can push out 2,000 W continuous and 3000 peak.

    I've got a splitter from the PV that goes to both the Anker and a DC-DC converter which then goes to a few 12v -> USB power delivery adapters. Those can use the excess from the PV to charge power banks, phones, laptops, etc while the rest goes to the Anker (doesn't seem to affect the MPPT unless there's basically just no sunlight at all). Without the splitter, anything above 600W is wasted until I expand my setup later this spring.

    All I can say for it is that it absolutely rocks! On sunny days, I run my entire homelab from it, my work-from-home office, charge all my devices, and run my refrigerator from it if I feel like running an extension cord). It's setup downstairs, so I also plug my washing machine into it and can get a few loads of laundry done as well.

    All from its solar input.

  • Best practice for resetting a user's MFA?

    Jump

  • Solutions that work for a corporate application where all the staff know each other are unlikely to be feasible for a publicly available application with thousands of users all over the world

    This is something of a hybrid. There will be both general public users as well as staff. So for staff, we could just call them or walk down the hall and verify them but the public accounts are what I'm trying to cover (and, ideally, the staff would just use the same method as the public).

    Figure if an attacker attempts the 'forgot password' method, it's assumed they have access to the users email.

    Yep, that's part of the current posture. If MFA is enabled on the account, then a valid TOTP code is required to complete the password reset after they use the one-time email token. The only threat vector there is if the attacker has full access to the user's phone (and thus their email and auth app) but I'm not sure if there's a sane way to account for that. It may also be overkill to try to account for that scenario in this project. So we're assuming the user's device is properly secured (PIN, biometrics, password, etc).

    If you are offering TOTP only,

    Presently, yes, but we're looking to eventually support WebAuthn

    or otherwise an OTP sent via SMS with a short expiration time

    We're trying to avoid 3rd party services, so something like Twilio isn't really an option (nor Duo, etc). We're also trying to store the minimum amount of personal info, and currently there is no reason for us to require the user's phone number (though staff can add it if they want it to show up as a method of contact). OTP via SMS is also considered insecure, so that's another reason I'm looking at other methods.

    "backup codes" of valid OTPs that the user needs to keep safe and is obtained when first enrolling in MFA

    I did consider adding that to the onboarding but I have my doubts if people will actually keep them safe or even keep them at all. It's definitely an option, though I'd prefer to not rely on it.

    So for technical, human, and logistical reasons, I'm down to the following options to reset the MFA:

    1. User must contact a staff member during business hours to verify themselves. Most secure, least convenient.
    2. Setup security questions/answers and require those after the user receives an email token (separate from the password reset token). Moderately secure, less convenient, and requires us to store more personal information than I'd prefer.
    3. Similar to #2 except provide their current password and a short-term temporary token that was emailed to them when they click "Lost my MFA Device". Most convenient, doesn't require unnecessary personal info, possibly least secure of the 3. Note that password resets require both email token and valid TOTP token, so passwords cannot be reset without MFA.

    I'm leaning toward #3 unless there's a compelling reason not to.

  • Mmmm devil's lettuce wrap

    Jump

  • Life Pro Tip: Cannabutter on your pancakes.

  • Best practice for resetting a user's MFA?

    Jump

  • I thought about generating a list of backup codes during the onboarding process but ruled it out because I know for a fact that people will not hold on to them.

    That's why I'm leaning more toward, and soliciting feedback for, some method of automated recovery (email token + TOTP for password resets, email token + password for MFA resets, etc). I'm trying to also avoid using security questions but haven't closed that door entirely.

  • Web Development @programming.dev
    Iced Raktajino @startrek.website

    Best practice for resetting a user's MFA?

  • Dad Jokes @lemmy.world
    Iced Raktajino @startrek.website

    Why did everyone keep asking the duck to pull up his pants?

  • Market efficiency

    Jump

  • If you're gonna repost stuff from ml at least re-upload it so I don't have to connect to it.

  • Removed

    It would be easy to introduce a "political" tag in all major Lemmy communities so that users can decide for themselves whether they want to see such content or not.

    Jump
    • Not every <input type="text"> is suitable for political opinions.
    • Political opinions are like assholes: we all have them, they all stink, we all think our own doesn't stink, and the world is a better place when everyone doesn't have them on constant display.
    • People who inject politics into everything are generally insufferable and there's a reason major communities have rules prohibiting politics.

  • What should I buy?

    Jump

  • To give perspective with a 3000 mah battery I am still lasting days.

    Is that connected via bluetooth or just running the LoRA radio? Curious if the V4 is any less power hungry than the V3. I never did a rundown test with one of my 3,000 mah V3 units, but my daily driver had a 2000 mah battery and barely made it 14 hours before it was throwing the battery low warning. I kept it connected to my phone the whole time under most conditions.

    Same conditions but with the nRF-based T1000e, it runs for about 2 days on a 700 mAh battery AND has GPS (I didn't have GPS on my daily driver node). The difference is amazing.

  • Location "Spoofing"

    Jump

  • Could be any or all of that, yeah. You can also set the level of precision for your reported location, but I don't think even the lowest precision settings would put it 1,000 miles away.

    I live near-ish to an airport, and I'll occasionally see nodes that are 1 or 2 hops and 100-200+ miles away. Best I can tell, the airborne node is legit relaying those which I think is pretty cool. Not really useful, but cool.

  • What should I buy?

    Jump

  • LoRa is a proprietary radio interface, so I don't how how FOSS you can go with it, but the Meshtastic firmware itself is FOSS.

    What are your use-cases? Are you looking for something to use as an everyday carry? An outdoor solar node to relay messages in your area? A node to use as a base station? All of the above?

    For everyday carry, I semi-recently bought the SenseCap T1000e and I love it. I did a post about it here: https://startrek.website/post/34105873

    Seeed (the company that makes the T1000e) also makes a nice outdoor, solar powered node: https://www.seeedstudio.com/SenseCAP-Solar-Node-P1-Pro-for-Meshtastic-LoRa-p-6412.html

    They've also got a lot of options for various other configurations as well: https://www.seeedstudio.com/LoRa-and-Meshtastic-and-4G-c-2423.html

    Those are all "turnkey" devices, but I've heard good things about the Heltec V4 if you want to go a more DIY route and make your own case and add your own accessories (GPS, accelerometer, etc).

  • Spaceflight @sh.itjust.works
    Iced Raktajino @startrek.website

    Practice Makes Perfect: The Wet Dress Rehearsal

    hackaday.com /2026/02/12/practice-makes-perfect-the-wet-dress-rehearsal/

  • What were some short-lived tropes?

    Jump

  • Pluribus does that, but also bounces around, so not sure if it fits.

    I don't think it ever fully went away, though. I've seen it as recently as 2018.

  • Television @piefed.social
    Iced Raktajino @startrek.website

    What were some short-lived tropes?

  • PROFS: The Office Suite Of The 1980s

    Jump

  • Yeah, I hadn't even heard of PF keys and naively assumed that was a different term for the function keys I knew.

  • Retro Technology @lemmy.ca
    Iced Raktajino @startrek.website

    PROFS: The Office Suite Of The 1980s

    hackaday.com /2026/02/11/profs-the-office-suite-of-the-1980s/

  • Why google don't have social media?

    Jump

  • I’m sure we’d be forced to use it if we own an android phone or Gmail account

    That's part of why Google's attempt failed so hard. They did force you to use it if you used several of their products. Comment on a YT video? Now you have a Google+ profile with that in its feed.

    They basically created a social media profile of your activity, automatically, any time you interacted with a handful of their products. Like, WTF were they thinking?

  • cables

    Jump

  • Personally, I love that layout.

    I'm always at a loss for what to put up as wall decorations, and I hate rats nests of cables. Win-win!

  • The [US] car industry is racing to replace Chinese code

    Jump

  • New U.S. rules will soon ban Chinese software in vehicle systems that connect to the cloud

    Seems to me that the easiest way to get into compliance would be to not make the car connect to the cloud/internet. I'm gonna drive my 2017 model until I can buy a new car that isn't a smartphone on wheels.

  • Technology @lemmy.world
    Iced Raktajino @startrek.website

    The [US] car industry is racing to replace Chinese code

    www.msn.com /en-us/news/technology/the-car-industry-is-racing-to-replace-chinese-code/ar-AA1VMPmy

  • SpaceX prioritizes lunar 'self-growing city' over Mars project, Musk says

    Jump

  • SpaceX @sh.itjust.works
    Iced Raktajino @startrek.website

    SpaceX prioritizes lunar 'self-growing city' over Mars project, Musk says

    www.reuters.com /science/musk-says-spacex-prioritise-building-self-growing-city-moon-2026-02-08/
  • Clicks Communicator @thelemmy.club
    Iced Raktajino @startrek.website

    Just Reserved Mine 😁

  • Spaceflight @sh.itjust.works
    Iced Raktajino @startrek.website

    Well, Astronauts Won’t Be Going Back to the Moon This Month

    gizmodo.com /well-astronauts-wont-be-going-back-to-the-moon-this-month-2000717181
  • RetroGaming @lemmy.world
    Iced Raktajino @startrek.website

    How Resident Evil 2 For The N64 Kept Its FMV Cutscenes

    hackaday.com /2026/02/03/how-resident-evil-2-for-the-n64-kept-its-fmv-cutscenes/
  • Cybersecurity @sh.itjust.works
    Iced Raktajino @startrek.website

    Feds skipping infosec industry's biggest conference, RSAC

    www.theregister.com /2026/01/24/cisa_skipping_rsa_exclusive/
  • Television @piefed.social
    Iced Raktajino @startrek.website

    Catherine O'Hara, Star of Beetlejuice, Schitt's Creek, and Home Alone, Has Died

    gizmodo.com /catherine-ohara-star-of-beetlejuice-and-home-alone-has-died-2000716080
  • Fediverse memes @feddit.uk
    Iced Raktajino @startrek.website

    Straight to "The Bad Place" with you.

  • Technology @lemmy.world
    Iced Raktajino @startrek.website

    Comcast keeps losing customers despite price guarantee and unlimited data

    arstechnica.com /tech-policy/2026/01/comcast-keeps-losing-customers-despite-price-guarantee-and-unlimited-data/
  • Frasier @lemmy.world
    Iced Raktajino @startrek.website

    Me every time a big chunk of ice slides down the roof and crashes loudly onto the patio.

  • Linux Phones @lemmy.ca
    Iced Raktajino @startrek.website

    Pi Compute Module Powers Fully Open Smartphone

    hackaday.com /2026/01/27/pi-compute-module-powers-fully-open-smartphone/
  • Fediverse memes @feddit.uk
    Iced Raktajino @startrek.website

    We did this to ourselves here

  • Fediverse @lemmy.world
    Iced Raktajino @startrek.website

    Fediverse Challenge: Prove there's still good in the world