Technology

84302 readers

5265 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

I Do Not Recommend Bitwarden (xn--gckvb8fzb.com)

submitted 1 day ago* (last edited 17 hours ago) by mesamunefire@piefed.social to c/technology@lemmy.world

34 comments fedilink hide all child comments

A review of my experience with Bitwarden after several years of self-hosting it, and why I decided to move away from the password manager.

Note: this is not my article.

you are viewing a single comment's thread
view the rest of the comments

[–] ccunning@lemmy.world 24 points 1 day ago* (last edited 1 day ago) (4 children)

What’s with the sketchy domain name? Doesn’t really instill trust enough for me to click on let alone listen to their opinion.

ETA: TIL about punycode. Thanks all 🙏

[–] elvith@feddit.org 49 points 1 day ago (2 children)

If the domain starts with xn- it's a telltale sign, that it's a punycode domain name. Read: it does contain characters that are not ASCII characters. This is done as domains need to be ASCII only. The format of these domains is usually xn--allASCIIcharacters-allNonASCIIcharactersEncoded.tld. Example: täst.com is xn--tst-qla.com.

If you manually type such a domain (containing characters like äöüéèçč...), many browsers will still display what you entered, but convert the domain into punycode in the background before connecting.

You can decode the domain of this post and it results in マリウス.com.

[–] YoFrodo@lemmy.world 4 points 1 day ago

Thats interesting! And my translation addon says it translates to "Marius"

[–] MonkderVierte@lemmy.zip 3 points 1 day ago (1 children)

This is done as domains need to be ASCII only

They don't need to, but a punycode-attack is done by using a letter of another language that looks almost identical. I think you still have to actively enable the defense against it (some about:config setting), the poster did.

[–] elvith@feddit.org 8 points 1 day ago (1 children)

DNS is ASCII only and so this conversion is done. It is not needed to display the "technical" domain name that results when you enter a domain name with non ASCII chars in apps, but yes, this prevents character confusion.

https://en.wikipedia.org/wiki/Internationalized_domain_name

In the Domain Name System, these domains use an ASCII representation consisting of the prefix xn-- followed by the Punycode translation of the Unicode representation of the language-specific alphabet or script glyphs. For example, the Cyrillic name of Russia's IDN ccTLD is рф. In Punycode representation, this is p1ai, and its DNS name is xn--p1ai.

[–] MonkderVierte@lemmy.zip 1 points 4 hours ago

TIL, thanks!

[–] Glitchvid@lemmy.world 26 points 1 day ago* (last edited 1 day ago)

It's just a punycode domain, it ought be rendered in Japanese:

マリウス.com

Edit: I swear those replies weren't there when I typed mine.

[–] celia@lemmy.blahaj.zone 13 points 1 day ago

This is puny code, and allows for non ascii characters to be used as a domain name. Your lemmy client probably does not convert it to unicode and displays it as a random looking text https://en.wikipedia.org/wiki/Punycode

[–] TerHu@lemmy.dbzer0.com 5 points 1 day ago

they even have a blog post telling you to never click domains that look like the domain of the blog :D