In both Lemmy 0.19.4 and Lemmy 0.19.5, you click the magnifying glass to open the search dialog. If you enter a search query and tab out of the field, whatever you typed is cleared. Even if you simply hit <enter> without tabbing out of the query field, the search form is refreshed and it tells you enter a query, as if you had not done so already.

Both versions have this problem with Ungoogled Chromium. The problem does not manifest on Tor Browser.

cross-posted from: https://sopuli.xyz/post/14184367

Lemmy version 0.19.4 introduces 3 relatively intolerable bugs, and 0.19.5 only fixes one of them.

• cannot post, risk of data loss
• cannot cross-post, but no data loss.
• can only visit the default timeline view

This bug was introduced with version 0.19.4 and still persists in 0.19.5: There are four possible timeline views:

• subscribed
• local
• all
• moderator view

That selector is broken in Ungoogled Chromium 112.0 but not in Firefox-based browsers. In UC, clicking “moderator view” highlights the button, the page refreshes, but the selector does not stick. It snaps back to whatever view is the default and remains trapped on that timeline.

This problem is replicated in both 0.19.4 and 0.19.5 instances.

If I use the cross-post feature to copy the post elsewhere, the form is populated just fine but then I have to search for the target community at the bottom of the form. As soon as I select the target community, the whole rest of the form clears. If another field is re-populated, the target community field clears. So only one field at a time can be populated.

Tested with Tor Browser.

Untested in Lemmy 0.19.5.

Lemmy 0.19.4 introduced a quite serious defect whereby if you are using Ungoogled Chromium (and perhaps stock Chromium), the form to create a new post accepts input but then the instant you tab out of the field, the whole field is cleared. Poof… just like that, all your work vanishes and no way to get it back.

Firefox-based browsers have no issue.

~~Lemmy 0.19.5 seems to have fixed it.~~ But there are other problems with both 0.19.4 and 0.19.5, so I suggest not upgrading past 0.19.3.

(edit) actually the problem manifests differently in 0.19.5. The form can be filled out and there is no data loss, but the “create” button is insensitive. It remains gray and behaves as if the form is still empty.

In the US, consumers can freeze their credit worthiness records and receive a code. When the records are frozen, the only orgs that can access the records are those already doing business with the consumer. If a consumer wants to open up a new account, they share the code with the prospective creditor who uses it to see the credit report.

So the question is, how are access controls on credit histories done in various EU nations? Do any use unlock codes like the US, or is it all trust based?

cross-posted from: https://sopuli.xyz/post/14006758

Yikes.

“In the adequacy decision, the European Commission estimated that the U.S. ensures a level of protection for personal data transferred from the EU to U.S companies under the new framework that is essentially equivalent to the level of protection within the European Union.” (emphasis added)

Does the EU disregard the Snowden revelations?

And what a missed opportunity. California state specifically has some kind of GDPR analogue, so it might be reasonable if CA specifically were to satisfy an adequacy decision, (still a stretch) but certainly not the rest of the country. Such a move could have motivated more US states to do the necessary.

I must say I’ve lost some confidence and respect for the #GDPR.

A national central bank that keeps track of bank accounts, credit records, delinquency, etc for everyone in the country has their website on Cloudflare. People are instructed to check their credit records on that site.

The question is: suppose you don’t use the site. Suppose you only request your records offline. What are the chances that Cloudflare handles your sensitive records?

I guess this might be hard to answer. I assume it comes down to whether to central bank itself uses their own website to print records to satisfy an offline request. And I assume it’s also a question of whether the commercial banks use the website of the central bank to feed it. Correct?

I’m just noticing this instance for the first time. Judging by the hostname, it’s a node that’s devoted to #XMPP chatter. But I cannot reach it. Getting timeouts from Tor. This could mean that they are down, or it could be that they block Tor in the rudest possible way (dropping packets).

To me, it’s a ghost node because I can reach a tiny cache of posts from !infosec@community.xmpp.net locally:

https://sopuli.xyz/c/infosec@community.xmpp.net

cc: @wintermute@feddit.de

cross-posted from: https://sopuli.xyz/post/13489053

In the onion v2 days we had underwood2hj3pwd.onion. There were half a dozen other onion email providers but Underwood was the only one that did not have a clearnet email alias (IIRC). That was a useful feature because you could distribute an onion address to a MS Outlook or Gmail user and they could not use it to share their correspondence to you with Google or MS in the loop. They had just two options: step off the ad surveillance platform or not contact you at all. That option died with Underwood.

The other onion email services all have a clearnet translation. So if (for example) I give a gmail user this address:

foo@yllvy3mhtamstbqzm4wucfwab57ap6zraxqvkjn2iobmrtxdsnb37dqd.onion

and they are motivated to reach me, they can figure out that the corresponding clearnet alias is foo(/at/)onionmail.info and then they can use that address to send me a msg that is then shared with their surveillance advertiser. And worse, that’s less effort for them than obtaining an onion email account.

So what I do now is give an XMPP account. Since Google has abandoned jabber and MS never partook, XMPP avoids Google and MS. But XMPP is not a drop-in replacement for email. OMEMO is glitchy/buggy with pitfalls.

I would like to offer an email option. Ideally, an onion email service would offer a clearnet alias that cannot be determined from the onion address, which implies a different userid string.

The “disobey”¹ onionmail server has been accepting my POP3 logins without issue for months/years. There has been “no new messages” for as long as I can remember and I have also not sent mail for a long time. Then I tried sending myself a message and I get “500 Mailbox full”. Yet my inbox is empty.

It’s quite disturbing because I have no idea when the admin apparently decided out of the blue to delete my account. It might have an automated removal, perhaps due to such sparse/rare traffic. But regardless, it makes it hard to trust any #onionmail server because they all run the same code. This same scenario occurred on another onionmail server as well.

Does anyone here use onionmail?

¹ a5dkbvgakon2lxmauleiizkv6i3s36wp6w3i32a3buc4xmtdnbttmryd.onion

cross-posted from: https://sopuli.xyz/post/13133455

It used to be that you could insert a coin into a washing machine and it would simply work. Now some Danish and German apartment owners have decided it’s a good idea to remove the cash payment option. So you have to visit a website and top-up your laundry account before using the laundry room.

Is this wise?

Points of failure with traditional coin-fed systems:

1. your coin gets stuck
2. you don’t have the right denomination of coins

Points of failure with this KYC cashless gung-ho digital transformation system:

1. your internet service goes down
2. the internet service of the laundry room goes down
3. the website is incompatible with your browser
4. the website forces 3rd party JavaScript that’s either broken or you don’t trust it
5. you cannot (or will not) solve CAPTCHA
6. the website rejects your IP address because it is a shared IP
7. the payment processor rejects your IP address because it is a shared IP
8. the bank rejects your IP address because it is a shared IP
9. the payment processor is Paypal and you do not want to share sensitive financial data with 600 corporations
10. the accepted payment forms do not match your payment cards
11. the accepted payment form matches, but your card is still rejected anyway for one of many undisclosed reasons:
    • your card is on the same network but foreign cards are refused
    • the payment processor does not like your IP address
    • the copy of your ID doc on file with the bank expired, and the bank’s way of telling you is to freeze your card
    • it’s one of these new online-only bank cards with no CVV code printed on the card so to get your CVV code you must install their app from Google’s Playstore (this expands into 20+ more points of failure)
12. your bank account is literally below the top-up minimum because you only have cash and your cashless bank does not accept cash deposits; so you cannot do laundry until you get a paycheck or arrange for an electronic transfer from a foreign bank at the cost of an extortionate exchange rate
13. you cannot open a bank account because Danish banks refuse to serve people who do not yet have their CPR number (a process that takes at least 1 month).
14. you are unbanked because of one of 24 reasons that Bruce Schneier does not know about
15. the internet works when you start the wash load, but fails sometime during the program so you cannot use the dryers; in which case you suddenly have to run out and buy hanging mechanisms as your wet clothes sit.
16. (edit) the app of your bank and/or the laundry service demands a newer phone OS than you have, and your phone maker quit offering updates.

In my case, I was hit with point of failure number 11. Payment processors never tell you why your payment is refused. They either give a uselessly vague error, or the web UI just refuses to move forward with no error, or the error is an intentional lie. Because e.g. if your payment is refused you are presumed to be a criminal unworthy of being informed.

Danish apartment management’s response to complaints: We are not obligated to serve you. Read the terms of your lease. There is a coin-operated laundromat 1km away.

Question: are we all being forced into this shitty cashless situation in order to ease the hunt for criminals?