• 0 Posts
  • 4 Comments
Joined 1 year ago
cake
Cake day: July 3rd, 2023

help-circle
  • I don’t have experience with a sarong, but a saree is basically the same thing.

    The difference is in the shape and size of the piece of cloth. That’s how you can tell a saree, bedsheet and towel apart. There is also usually difference in material (but fine silk towels exist, as do coarse cotton sarees), patterns/weaves (but there are towels and sarees that share pretty similar patterns) and quality of materials used (but again, ridiculously high quality silk bedsheets are a thing). The real difference is the shape and size - sarees are always 5.5m x 1.15 m (‘standard’ 6-yards), or 8.2m x 1.15m (9-yards, worn only on special occasions now, and only in a few specific regions).

    In a pinch, a saree works as a towel or a bed sheet or a cover sheet of any sort, really. However, good luck getting a towel or bedsheet draped onto your body - you’ll look like you’re in a sack. They just don’t have the right shape!


  • You’re on the lemmy.world instance, so you can reach the admins by emailing info@lemmy.world, or posting in the support forum !support@lemmy.world

    Now to answer whether there’s a difference between being promoted and doing it yourself - In this case, it’s suspected that session tokens were compromised. You know how when you enter some events, they vet you/your ticket once at the door and then put a stamp on your hand? If you go out and want to get back in, you don’t have to do the whole verification song and dance again, just show them your stamp? Well, that’s pretty much what a session token is - Lemmy vets your password once when you log in, and gives an unique session token to whatever browser or app you used to log in. That way, when you reopen Lemmy, you don’t have to enter your password again.

    Now that token is compromised, you have to assume a hacker has your unique token. When you logged yourself back in, Lemmy did the whole validation process again and gave your browser/app a new, unique session token - that’s just how logging in works. But the important question is, did it invalidate the old session token when you logged out? Otherwise the hacker can still show the old token and pretend to be you.

    Now if your browser/app prompted you to log-in today, you can be sure that your browser/app tried to get into Lemmy and was denied access. That means you can be sure your old stamp/token is now invalid. Logging out and in yourself doesn’t give you the same guarantee - you will have to check Lemmy code (or run some experiments) to know if logout does actually invalidate the old token. I haven’t validated Lemmy’s code, but I will say most half decent software will invalidate your token when you log out. If you want an extra layer of protection, change your password as well - even the software devs that forget to invalidate tokens on logout usually remember to invalidate them on password changes.


  • I think the original analogy works better.

    If an EU country goes rogue, other EU nations can’t just isolate it and bar it’s citizens from entry. There is no expulsion from the EU AFAIK. But Lemmy instances can block another instance fairly easily and unilaterally - like how nations can refuse visa to citizens of a rogue nation. And Lemmy instanced are expected to federate with most other instances, just like countries are expected to grant visas to most other countries - unlike joining the EU, which is a whole big process and all EU members have to agree (there are no vetoes in Lemmy federation).

    But most importantly, the EU members are required to act as one in many circumstances - most laws apply across all EU members, EU negotiates trade deals as a block, etc. That is not true for Lemmy instances. Each is completely independent and makes its own laws - and must only comply with some very loose principles (which boil down to “don’t be a total jerk”) to not be isolated from other instances. This is much closer to the kind of independence countries have, than EU members.