Oh. You’re right. Well, the rest of the article is a good read. I’ll update the headline. Thanks!

Wine requires Linux knowledge to get the configurations correct. I don’t think many Windows users will be able to get any Windows applications running under Wine. And it’s the same Wine that any Linux user can install for free.

If Zorin came packaged with Crossover, then maybe it would run Windows apps better because Crossover would manage the Wine configurations and the required Windows infrastructure installs.

Maybe.

But not many old machines will have the capacity to run Linux, Wine, and a Windows application. But Zorin’s hype leads one to believe that a 15-year-old machine won’t struggle.

I tried it about a month ago and found it had nothing more than what you get with an Ubuntu install, save for the look of the screen. I couldn’t understand why the media was making a big deal about it. And I saw no reason why anyone should pay for Pro. My conclusions matched what is in the article.

The headline of this post is technically accurate but purposely provocative. The article’s headline is more informative: " Fake 7-Zip downloads are turning home PCs into proxy nodes".

The point is that 7zip.com is not the official website, and this is where many people are going for it, and getting malware.

I’ve been having the same issue on feddit.online (I’m the owner), where I can log in from the UI, curl, and Postman but get 400 errors from login attempts using any phone app and even Photon and Blorp on the desktop. The devs couldn’t help.

However, after waiting 24 hours or so, I was able to suddenly log in.

piefed.zip appears to be, like feddit.online, behind Cloudflare. It would be interesting to see if you can log in after they have Cloudflare entirely clear the cache. There is a potential that Cloudflare is caching a return status. I don’t know if PieFed has temporary blocks.

Could this be related to https://feddit.online/post/1417938 ?

@[email protected]
But the logins from Voyager are returning 400 (Bad Request), although the username and password are correct, and to me, the request looks good.

I posted what is coming into the server. The only anomaly I saw was that the session cookie referrer seemed odd. Can you look at the request I posted? Do you see any reason it would be seen as a bad request?

The odd thing is that while I get an error 95% of the time trying to log into Voyager, twice it did let me log in. I don’t know what was different about those 2 times.

Nothing gets logged to syslog, any nginx logs, pyfedi.log, or journalctl.

Nope. I posted below what is coming into the server. The only thing I can think of is that the referrer is coming in as https://localhost/inbox which might explain the 400 error (Bad Request). Does your nginx configuration drop incoming cookies for the login endpoint?

Help me here. I’m not an expert. Here is the request going into the server. The error code is 400 (Bad Request)

@x..@x..  
18:24:10.580462 IP 127.0.0.1.49126 > 127.0.0.1.5000: Flags [P.], seq 5107:5771, ack 1755, win 8143, options [nop,nop,TS val 1081650450 ecr 1081650382], length 664  
E....3@[email protected]...........  
@[email protected] /api/alpha/user/login HTTP/1.1  
X-Forwarded-For: 162.120.199.186, 172.70.111.121  
X-Forwarded-Proto: https  
Host: feddit.online  
Content-Length: 56  
accept-language: en-US,en;q=0.5  
content-type: application/json  
accept-encoding: gzip, br  
cf-ray: 9c85ae25b9720f65-EWR  
user-agent: Dalvik/2.1.0 (Linux; U; Android 16; Pixel 10 Pro XL Build/BP4A.260105.004.E1)  
cdn-loop: cloudflare; loops=1  
cf-connecting-ip: 162.120.199.186  
cf-ipcountry: US  
cf-visitor: {"scheme":"https"}  
cookie: session=eyJSZWZlcmVyIjoiaHR0cHM6Ly9sb2NhbGhvc3QvaW5ib3giLCJfZnJlc2giOmZhbHNlfQ.aYJgEQ.nMo4SDt0iKOrzFvSItQuquLp4qo  

{"password":"<hidden>","username":"testuser"}  
18:24:10.584409 IP 127.0.0.1.49120 > 127.0.0.1.5000: Flags [P.], seq 8671:10383, ack 2866, win 22123, options [nop,nop,TS val 1081650454 ecr 1081650338], length 1712  
E.....@[email protected].+Ngj..Vk.......  

The session string is: eyJSZWZlcmVyIjoiaHR0cHM6Ly9sb2NhbGhvc3QvaW5ib3giLCJfZnJlc2giOmZhbHNlfQ
This decodes to a referrer of: https://localhost/inbox

I wonder if this is the issue. Will Piefed accept a session claiming to be from localhost? Will it see this as a potential attack or misconfiguration? Should I reconfigure nginx to drop incoming cookies for the login endpoint?

I’m grasping at straws.

Very odd thing. Sometimes I am able to log in via Voyager. Mostly not.

At one point I put a space after the user name, and then it logged me in. Once I didn’t, and it logged me in. But it isn’t consistent. The server is complaining that there’s a problem in the request format. i don’t see anything different that allowed the log in those 2 times.

The Cloudflare WAF log shows that it allowed the login request to go through. I’ll have to look more this evening.

deleted by creator

I have to look again because it was a while ago, but I do block some user agent strings, but if I’m blocking Voyager this way, I really screwed up.

Another possibility is that Cloudflare is presenting a managed challenge during sign up.

This is helpful. Thanks.

Can you share the curl command? Seems like something worth keeping in my notes and will help me in looking more closely at the firewall rules.

I used to be able to log in via Voyager. I don’t know what changed. I get a message that Voyager doesn’t support signups via Piefed. Is this what you see?

I’ll have to look at this tonight. Maybe it’s a firewall issue? Rimu, @[email protected], any suggestions on where to start?

I knew someone was going to bring this up. So read this:

https://medium.com/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305e

Small piece from the article:

Under Yen’s leadership, Proton donates a sizeable amount of cash, and the benefactors are easy to find since non-profits must disclose donations. In total, I’ve identified over 30 organizations that received grants from Proton, and you can find a partial list here. Interestingly, they also made a few donations not publicized on that page (one was to a Hong Kong democracy org, which might explain why it was hidden).

Findings:

Not a single organization has ties to Republicans or conservatives.
Many of them are known to be liberal, for example, Access Now and Fight for the Future in the US.
There were at least 10 that also received funding from Soros’ Open Society Foundations.

In my research, I discovered that under Andy’s leadership, Proton has a giving pattern similar to George Soros, one of the Democratic Party’s mega-donors.

Also, look who’s getting the next round of financing from Proton: https://proton.me/blog/2025-lifetime-account-charity-fundraiser

He’s not a tankie. He’s very liberal. There’s no evidence he ever supported Republicans, let alone Trump.

Always getting better, by leaps and bounds. Thank you, devs, for all the hard work and great ideas!

I get a gateway error. I’m in the U.S.

Another reason to use a VPN

This is definitely the best protection. If the provider drops you, you move your domain to another provider. But, as far as I know, while almost all email providers will host your personal domain, none that I know of will do it on the free plans. But your email is your identity. You should be willing to pay for it, especially if you host it on a provider that otherwise won’t make any money on you.

There are a couple of downsides. If you forget, or are unable, to renew your domain, you lose it and your emails. Make sure another family member or friend can pay the renewal for you if, for some reason, you cannot.

While your own domain makes it far less likely that your email will be canceled (because you can move it), abuse of your domain can result in your losing your domain name and your email, especially before it has earned a reputation.

Which brings up another IMPORTANT point. If you use your own domain name, then you must set up your DNS records to protect your domain from spoofers and spammers so it doesn’t get blacklisted or, worse, doesn’t cause cancellation of your domain name. Scammers and spammers WILL try to send email using your domain name. You need to tell email clients to toss these rogue emails and give them the means to determine spoofing and unauthorized use. Read this: https://www.valimail.com/blog/dmarc-dkim-spf-explained/

Also, be aware that SpamAssassin considers .com, .net, and .org TLDs to be far safer than .world, .online, .blog, and most others. Using one of these newer TLDs results in a higher spam score, and your email is more likely to end up in the spam folder if it reaches the magic score of 5. A new age TLD can add as much as 1 point to the spam calculation depending on the email provider receiving your email.

So your own domain name is safer but costs money and requires more work.