Philippines @lemmy.world the_yaya @lemmy.world 1y ago

Daily random discussion - Jul 10, 2023

Welcome to the RD thread!

This is a place for casual random chat and discussion.

A reminder for everyone to always follow the community rules and observe the Code of Conduct.

Mobile apps:

Android: Jerboa ‣ Connect ‣ Liftoff ‣ Lemming ‣ Summit
iOS: Mlem ‣ Memmy ‣ Remmel
Cross-platform: Thunder ‣ Wefwef
Coming soon: Boost ‣ Sync ‣ Artemis

Quick tips:

Use Teddit.net when posting Reddit links
Upload videos to Streamable
Miss the old.reddit look? Go to user Settings and set Theme to "xx Compact".

Footnotes:

Daily pixel art by Paul Sabado
Report inappropriate comments and violators
Message the moderation team for any issues

121

You're viewing a single thread.

121 comments

I am liking lemm.ee more and more.

This is the lemm.ee admin's response when asked about the vulnerability used to attack lemmy.world and lemmy.blahaj.zone:

Hey folks! I have spent this morning helping lemmy.world mitigate the issue. I have also sent out mitigation instructions to other admins as well.

For the particular exploit that was used on lemmy.world:

It does not spread through federation

lemm.ee was not vulnerable in the first place

As mentioned above, it has already been mitigated on lemmy.world

So there should not be any reason to defederate [from lemmy.world]. I will continue monitoring and investigating, if further vulnerabilities pop up then I will adjust accordingly.
- Shame lemm.ee wasn't around when I first propped up the community. It was literally just the big three (ml, grad, beehaw) and world was barely a week old but I had faith in their background. One hopes this is just a minor blip in their radar.
  
  Oo nga eh.
  
  Events like this make me more and more convinced that communities are better off dispersed among different instances, perhaps a bunch of related communities being bundled together in a themed/geographical instance. However, it's unfortunate that events like this also highlights the importance of knowledgeable and competent instance admins (on top of other technical requirements for running an instance, as well as the legal responsibilities of the choice of hosting location), thus establishing an instance, and administrating it is a heavy responsibility.
- Judging from the github ticket, it seems like it's a vulnerability on all lemmy instances. But the attack can only happen on instances where the markdown editor has generated the sidebar etc with vulnerable HTML code. The devs still needs to patch the vulnerability to ensure it won't happen again.
  
  Admittedly, this stuff is way over my head, but given the quick action I've seen thus far, I'm hopeful that it won't be long before this vulnerability would be patched.
- Hey, it's me again, PancitCantot
  
  Hello there, fellow Lemeeng!
  
  Lemeeng Ho!!
- Same here
  
  I'll stick to my lemm.ee version of anaralah_belore223
  
  Yeah, balak ko pa man din sanang bumalik sa lemmy.world (despite my misgivings), but I‌ think I'll be using this as my main account from now on.
  
  Gagamitin ko lang siguro yung lemmy.world account ko for dealing with communities I might be making over there.

121 comments