Comments

Dirk, 1 year ago to asklemmy in where do you guys register and manage www domains?

I have one (including hosting) at a local German provider and one (dynamic DNS based forwarding to my homelab) at another German provider.

Both are in the market for 20+ years and neither of them had any controversies or major issues.

Dirk, 1 year ago to asklemmy in What happened to the previous meme content/posters?

“X is not a meme”

Dirk, 1 year ago to asklemmy in How fluent do you think one have to be to be considered "bilingual"?

If you can switch mid-sentence to another language and continue the conversation on native speaker level.

Dirk, 1 year ago to memes in Downvotes

This is not Reddit.

Dirk, 1 year ago to asklemmy in What is the least SEO-fucked search engine?

This explains why their results are so much worse than Google’s.

Dirk, 1 year ago to asklemmy in Craziest YouTube Video ID?

You can search that on Google.

• not 88888 but 8888
• Other words work, too.

Dirk, 1 year ago to asklemmy in What can a senior desktop support tech do who is burned out?

With Docker and Linux you could check the opportunities in the field of IT operations.

Dirk, 1 year ago to asklemmy in What password manager do you recommend?

I am pretty sure you can provide reliable sources that are not one blog article by one individual telling their opinion.

If it’s really “way too easy to hack” there should be plenty of souces.

Dirk, 1 year ago to asklemmy in What password manager do you recommend?

Since you don’t want to selfhost anyway just use the one built-in to your browser. Nowadays you can set up synch with a password

Dirk, 1 year ago to asklemmy in what was your first video game/system you played or remember playing?

Mmmh, not sure. Problably Outlaw.

Dirk, 1 year ago to asklemmy in What are these comments on lemmy posts?

but in general, threat actors hope to confuse people into thinking this “.zip” TLDs are only referencing local files instead of web addresses. right?

Exactly!

Dirk, 1 year ago to asklemmy in Dilemma with contributing to niche Communities on Instances federating with Threads

That’s the good thing with federation. You can participate in communities without visiting the instance even once.

Dirk, 1 year ago to asklemmy in What are these comments on lemmy posts?

They can and they do. Using a commonly known and used file extension to “hide” a malicious URL is just easier.

www.youtube.com/watch?v=GCVJsz7EODA

Dirk, 1 year ago to asklemmy in What are these comments on lemmy posts?

Because .zip is a commonly used file extension.

Dirk, 1 year ago to asklemmy in What are these comments on lemmy posts?

To prevent execution of scripts not referenced with the correct nonce:

<pre style="background-color:#ffffff;">
<span style="color:#323232;">script-src 'self' 'nonce-$RANDOM'
</span>

To make it super strict, this set could be used:

<pre style="background-color:#ffffff;">
<span style="color:#323232;">default-src 'self';
</span><span style="color:#323232;">script-src 'nonce-$RANDOM'
</span><span style="color:#323232;">object-src 'none';
</span><span style="color:#323232;">base-uri 'none';
</span><span style="color:#323232;">form-action 'none';
</span><span style="color:#323232;">frame-ancestors 'none';
</span><span style="color:#323232;">frame-src 'none';
</span><span style="color:#323232;">require-trusted-types-for 'script'
</span>

Especially the last one might cause the most work, because the “modern web development environment” simply cannot provide this. Also: form-action ‘none’; should be validated. It should be set to self if forms are actually used to send data to the server and not handled by Javascript.

The MDN has a good overview: developer.mozilla.org/…/Content-Security-Policy