Welcome to the RD thread!

This is a place for casual random chat and discussion.

A reminder for everyone to always follow the community rules and observe the Code of Conduct.

Image

Mobile apps:

Quick tips:

Footnotes:

  • Daily pixel art by Paul Sabado
  • Report inappropriate comments and violators
  • Message the moderation team for any issues
  • megane-kun
    link
    fedilink
    English
    71 year ago

    I am liking lemm.ee more and more.

    This is the lemm.ee admin’s response when asked about the vulnerability used to attack lemmy.world and lemmy.blahaj.zone:

    Hey folks! I have spent this morning helping lemmy.world mitigate the issue. I have also sent out mitigation instructions to other admins as well.

    For the particular exploit that was used on lemmy.world:

    1. It does not spread through federation
    2. lemm.ee was not vulnerable in the first place
    3. As mentioned above, it has already been mitigated on lemmy.world

    So there should not be any reason to defederate [from lemmy.world]. I will continue monitoring and investigating, if further vulnerabilities pop up then I will adjust accordingly.

    • decadentrebel
      link
      fedilink
      English
      51 year ago

      Shame lemm.ee wasn’t around when I first propped up the community. It was literally just the big three (ml, grad, beehaw) and world was barely a week old but I had faith in their background. One hopes this is just a minor blip in their radar.

      • megane-kun
        link
        fedilink
        English
        21 year ago

        Oo nga eh.

        Events like this make me more and more convinced that communities are better off dispersed among different instances, perhaps a bunch of related communities being bundled together in a themed/geographical instance. However, it’s unfortunate that events like this also highlights the importance of knowledgeable and competent instance admins (on top of other technical requirements for running an instance, as well as the legal responsibilities of the choice of hosting location), thus establishing an instance, and administrating it is a heavy responsibility.

    • theyawner
      link
      English
      51 year ago

      Judging from the github ticket, it seems like it’s a vulnerability on all lemmy instances. But the attack can only happen on instances where the markdown editor has generated the sidebar etc with vulnerable HTML code. The devs still needs to patch the vulnerability to ensure it won’t happen again.

      • megane-kun
        link
        fedilink
        English
        51 year ago

        Admittedly, this stuff is way over my head, but given the quick action I’ve seen thus far, I’m hopeful that it won’t be long before this vulnerability would be patched.

      • megane-kun
        link
        fedilink
        English
        51 year ago

        Yeah, balak ko pa man din sanang bumalik sa lemmy.world (despite my misgivings), but I‌ think I’ll be using this as my main account from now on.

        Gagamitin ko lang siguro yung lemmy.world account ko for dealing with communities I might be making over there.