hawkwind

joined 2 years ago
MODERATOR OF
[–] [email protected] 1 points 1 year ago (1 children)

I love the idea of taking on a monopoly, but I don’t like that, without regulation, it has a low chance of success, and the consumer gets to suffer as the monopoly fights back.

[–] [email protected] 5 points 1 year ago

Entwistle boo.

[–] [email protected] 3 points 1 year ago

The pricing scheme here is designed to gouge businesses for equal or more than the traditional non-cloud equivalent. Which happens to be completely unaffordable. Imagine buying a new enterprise grade server for your home setup.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

What’s a one chunk city?

Nevermind. I’m dumb.

[–] [email protected] 1 points 1 year ago (1 children)

You understand that global economic stability relies on people gambling their lives on a dream, right? Well, that and pure willful ignorance.

What would the journalists do? Try to explain that to people, and that nobody has figured out a way to fix it yet?

[–] [email protected] 9 points 1 year ago

I know your joking but in case people don’t get it: rich comes from luck, not from hard work.

Don’t work any harder than you have to, thinking it helps. It doesn’t change the statistical chance of you becoming rich.

Many people will say you can help along the luck. Those people are dumb.

[–] [email protected] 2 points 1 year ago (1 children)

So I guess if I want to pay for my VPS with crypto I am a criminal? Good work cyber sleuths, you solved the problem!

This is the hosting equivalent of racial profiling and this firm in Texas should be ashamed. It is not good cyber security work.

At best they’ve identified something everyone else already knew and witch hunting Cloudzy (even if they are 100% malicious,) provides zero value.

[–] [email protected] 5 points 1 year ago (1 children)

Lol. They all look the same. I think maybe AI has a bias toward pictures online?

[–] [email protected] 21 points 1 year ago (2 children)

Monopoly busting. Ecosystem lock-in. Right to repair. Software patent reform. Privacy and AI regulation.

What do lawmakers even do these days anyway?

[–] [email protected] 1 points 1 year ago

RIP Bill Paxton

[–] [email protected] 10 points 1 year ago

Resume field would get an api endpoint that only returns a json resume, and only if the request header is application/json. And the json resume would have embedded json.

[–] [email protected] 54 points 1 year ago (6 children)

We should just use second notation for everything.

I’ll be there in 5 min? I’ll be there in 2 or 3 hundo!

See you tommorow? See you in in 86K!

Next week? About half a Megasec!

Doesn’t Megasecond sound better than Fortnite?

 

Disclaimer. I'm doing it anyway.

Long time hacker, and ambi-os user. Latest sexyness is my new macbook. After getting everything setup the way I want it, I start seeing buzz for Nix and got excited, but also bummed out that I didn't start from scratch.

I like new stuff, figuring it out and solving problems, but I also hate broken and unstable stuff. Doubly so when you go to use something you spent time setting up and it fails. Triply on having to switch your daily driver or setup any new system with all of your crazy custom setup.

  • How much pain will I suffer trying to replace brew with nixpkg?
  • Currently I use podman to build containers, should i switch to nix?
  • I use whatever virtual environment is appropriate for the task. Venv, etc. Seems like nix can do a better job?
  • What's the experience like with VSCode?

I am most excited at the prospect of using home-manager. The 'idea' of portability for my profile is pretty nice. I'd like to see it work across osx/win/linux and all the things be the same up to my browser and maybe some other cross-platform common things.

Don't roast me for not being hyper-specific here. I am not an uber-dev. I'd say I lean more into security and dev-ops. Happy to elaborate on anything.

I really want to hear others' experiences. I see the upside and, like I said, I'm going to take on the challenge anyway, but will I end up regretting it?

 
2
Worblahgate 2023 FAQ (lemmy.management)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

What happened?

Due to a vulnerability in lemmy-ui, an attacker was able to steal authentication tokens (not passwords, but same consequences in this case) from lemmy users in certain circumstances allowing them to effectively impersonate those users access.

The attacker was able to get tokens for admin accounts for lemmy.world and blahaj.zone and deface the sites.

Anyone that accessed those instances using the web (supposedly, most third party apps did not show defaced content) were greeted with nasty things until the instance owners were able to reverse the damage and remove the attackers access.

Is my instance vulnerable?

Only if you have custom emojis enabled. We think.

Is there a fix?

The offending code has been identified and those changes are in the repository. There is no stable release as of posting this, but release 0.18.2-rc.2 contains the fix.

Here is the detailed write-up for admins on what's best to do! Following this advice is your best course of action, along with communicating with your users, IMO.

My users info?

Probably safe to assume it is all compromised even if you're site did not get defaced, or even if it didn't use custom emojis. There is some work being done to detect if any users tokens were taken.

Ironically, the hashing used to store users passwords is about as robust as you can make a modern application. Clear-text passwords are very likely not at risk.

How did this happen?

There are about 50 different wider discussions about this right now. Here are some of the most relevant:

What about my VPS, server?

It is very unlikely this particular attack led to root compromise of the underlying software. No admin has come forward from this event claiming anything more than compromised admin credentials and unease about how long an attacker may have been able to gather users tokens and for what purpose.

GDPR, etc?

Your legal (agreed to, or jurisdictionally) responsibilities and liability are outside the scope of any group of admins. Talk to a real lawyer / solicitor. I am not being funny. This is the one and only recommendation if you are worried or concerned about this.

 

v.0.0.6

v0.0.4 - Per requests and concerns: Defaults changed and options added to prevent overloading servers, hitting rate-limiting, filtering to top x communities, etc!

Thanks for your support!

 

I made this tool to help self-hosters, new admins, or smaller instances have more global and updated content on their instances.

This is the similar to Lemmy Community Seeder but is designed to be run periodically to capture new communities, and include EVERYTHING by default.

EDIT: As noted in the comments, this is an admin tool. Please do not run it as a user if you don't know what you are doing. If you want a better "All," ask your admin first! That said, lemmony in no way constitutes abuse! You can cause a DOS with curl, but that's not what curl was written for. This tool is to legitimately use an API to enhance our experience. Admins that desire to accommodate high volume on a public service will not know this tool is running against, or on their instances. If it causes performance issues, that is unfortunate. They are free to throttle, ban or block API access to their instance in a multitude of ways.

EDIT 2: Donate to your instance/admin if you like Lemmy!

126
Federation Lag-o-meter (aftershock.lemmy.management)
 

I made this based on the gripe about some of the silent failures with federation. Might help users choose other servers. Might help admins troubleshoot. Open to comments and criticisms!

1
alas poor your (lemmy.management)
 

@[email protected] make love not wor wonton soup

1
a picture of awesome (lemmy.management)
submitted 2 years ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

view more: next ›