eekrano

joined 1 year ago
MODERATOR OF
[–] [email protected] 12 points 3 months ago (2 children)

CrowdStroke

[–] [email protected] 3 points 1 year ago (3 children)

Some people have reported being able to add TOTP from mobile. Most people that reported on desktop have the same issue. It's a lemmy thing, not just the instance. Lemmy needs to have you validate your TOTP before committing it to your account so you don't get locked out for turning it on but not being able to actually add it.

 
[–] [email protected] 2 points 1 year ago (1 children)

@[email protected] you are tasked with securing your network, please list all websites that should be blocked by default.

[–] [email protected] 2 points 1 year ago

Thanks for the insight, that's good to know. What do you do if you need to move from one organization to another (it seems to be only allowed to move from personal vault to organization, not org -> personal or org -> org)

[–] [email protected] 1 points 1 year ago (1 children)

Same here. I added it to Keepass, then opened a private browser and tried to log in and it wouldn't take it. So one of 2 things:

  1. Most sites have you enter a code to validate that you have it right before applying the changes to your account - I did not get this in Lemmy
  2. They simply don't validate that you have 2FA set up correctly by asking you for a code prior to actually enabling it on your account and the log in with 2FA is broken.

I went ahead and removed 2FA so I wasn't locked out of my account if I get logged out somehow until this is fixed.

12
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

Hi All, Recently set up VW and imported my Keepass DB. All the folders went to "Collections" (200+ top level folders, multiple levels beneath that for some folders, about 1500 entries total) and handing out permissions to users seemed like a horrible manual experience.

Looking into this, it seems like Bitwarden has had open tickets for 5+ years for:

  • Inherited ACLs
  • Shared folders

5 years is long enough to make me think they're never coming or Bitwarden doesn't really care about these features enough to ever implement them. Of course, if they don't implement them, VW won't either as they mimic BW.

The best workaround I found was to move everything multiple people should have access to into its own vault and add users as managers to that vault. But you can't move items from one vault to another, only from a personal to a company vault- arg.

I see so much love for this app and I WANT to love it, but these (IMO) make it almost unusable for multiple users.

So how are you all handling what seems to be a serious usability issue? I want to like VW/BW, but it seems like it's missing basic functionality that every other password manager has - and even more worrying that BW don't seem to care about implementing it.

Please let me know how you're getting around these issues in a sane way that can be easily managed in the future- or if you're all just "dealing with it" or what. Thank you.

[–] [email protected] 1 points 1 year ago (2 children)

Catch the error and dump the response body to see what you're getting. Might just be the server is overloaded and not responding with the expected JSON. The full body should give you more clues

[–] [email protected] 1 points 1 year ago

I don't know of any formal roadmap for all major upcoming changes/features, no. Sorry!

[–] [email protected] 8 points 1 year ago (2 children)

Ability to block instances at the user level should be coming in one of the next updates

[–] [email protected] 2 points 1 year ago

Fair points. I guess I'd assumed mods (being forced to "open back up or lose mod status") may go along with it.

As for reach, I'd just figured one person being curious about a comment and clicking the link (going to a pastebin-like site with the content) may also be encouraged to install the extension. Then from there it's just a game of "infected" where it spreads. But yes, the mobile browsers would be very inconvenienced having to click a link to read each users posted content.

Ty

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

I posted another way to (potentially) fight back here as well (something to make for users, not just mods to use to fight back): https://lemmy.world/post/212583 Looking for thoughts on if it would be effective.

 

cross-posted from: https://lemmy.world/post/212576

As we've seen in the past week, a large amount of users don't care why subreddits are blacked out or why, they just want their timeline back to normal.

It's understandable, most users just want something to "work" when they want to use it and don't give any thought to what that means. We've already seen mods be replaced, deleted histories come back to life, whatever it takes for Reddit to make it seem "normal" so they don't lose users. Heck, even some of those who have left Reddit may be tempted to go back and read / comment on things they see there, because Reddit obviously isn't going to die overnight. So how do we continue the fight in the current environment Reddit has put us in while still getting a message across the users?

My thought is the following, and I'm putting it here because I think recent migrants are/were more than semi-casual reddittors, and it's clear we've got some development talent out there. I'm a developer as well but I'm looking for:

  1. Thoughts on the approach I'm suggesting
  2. Thoughts on implementation / usage
  3. Overall feelings regarding this in general

The idea

Make browser plugin(s) and / or a website that [knowingly to the user] intercept comment post requests for reddit and stores the post content elsewhere. In its place, all that is submitted to reddit is a link to a website (where people can click to view users intended comment text) along with a blurb about "reddit owning your comment data".

The browser plugin can also find these comments within posts and automatically query and get the raw text and replace it within a reddit page to make viewing these posts easier for everyone.

The idea being that the more users install the extension to easily read these posts, the more users obfuscate their posts so that other users also need the extension to more easily read comments on reddit.

Not only does this protect user data from being owned by Reddit, it makes it so Google searches will not find content on reddit.

Example post before and after:

(Unencrypted, or viewed with the browser extension installed)

(The posted content stored in reddit)

There's my idea. A few thoughts / notes:

  • Is this possible? I haven't checked out manifest V3 or made a browser extension in a long time, but with what RES already does I assume this would be doable.
  • Is it worth it? Will enough people want to read comments stored in this manner to "join the fight"? Who knows
  • Should it store the comment data elsewhere, or just store encrypted text in the reddit comment itself?

Anyway. I know we've got a lot of ex-redditors here, a lot of very talented developers, and a fight still going on that deserves a next step from the users.

Open to any and all thoughts from. This is just a musing on a potential next step - I haven't decided if I'm going to start developing anything yet.

 

As we've seen in the past week, a large amount of users don't care why subreddits are blacked out or why, they just want their timeline back to normal.

It's understandable, most users just want something to "work" when they want to use it and don't give any thought to what that means. We've already seen mods be replaced, deleted histories come back to life, whatever it takes for Reddit to make it seem "normal" so they don't lose users. Heck, even some of those who have left Reddit may be tempted to go back and read / comment on things they see there, because Reddit obviously isn't going to die overnight. So how do we continue the fight in the current environment Reddit has put us in while still getting a message across the users?

My thought is the following, and I'm putting it here because I think recent migrants are/were more than semi-casual reddittors, and it's clear we've got some development talent out there. I'm a developer as well but I'm looking for:

  1. Thoughts on the approach I'm suggesting
  2. Thoughts on implementation / usage
  3. Overall feelings regarding this in general

The idea

Make browser plugin(s) and / or a website that [knowingly to the user] intercept comment post requests for reddit and stores the post content elsewhere. In its place, all that is submitted to reddit is a link to a website (where people can click to view users intended comment text) along with a blurb about "reddit owning your comment data".

The browser plugin can also find these comments within posts and automatically query and get the raw text and replace it within a reddit page to make viewing these posts easier for everyone.

The idea being that the more users install the extension to easily read these posts, the more users obfuscate their posts so that other users also need the extension to more easily read comments on reddit.

Not only does this protect user data from being owned by Reddit, it makes it so Google searches will not find content on reddit.

Example post before and after:

(Unencrypted, or viewed with the browser extension installed)

(The posted content stored in reddit)

There's my idea. A few thoughts / notes:

  • Is this possible? I haven't checked out manifest V3 or made a browser extension in a long time, but with what RES already does I assume this would be doable.
  • Is it worth it? Will enough people want to read comments stored in this manner to "join the fight"? Who knows
  • Should it store the comment data elsewhere, or just store encrypted text in the reddit comment itself?

Anyway. I know we've got a lot of ex-redditors here, a lot of very talented developers, and a fight still going on that deserves a next step from the users.

Open to any and all thoughts from. This is just a musing on a potential next step - I haven't decided if I'm going to start developing anything yet.

view more: next ›