this post was submitted on 10 Jul 2023
379 points (93.2% liked)

Selfhosted

39435 readers
7 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

This issue is already quite widely publicized and quite frankly "we're handling it and removing this" is a much more harmful response than I would hope to see. Especially as the admins of that instance have not yet upgraded the frontend version to apply the urgent fix.

It's not like this was a confidential bug fix, this is a zero day being actively exploited. Please be more cooperative and open regarding these issues in your own administration if you're hosting an instance. 🙏

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 20 points 1 year ago* (last edited 1 year ago) (1 children)

This issue is already quite widely publicized and quite frankly “we’re handling it and removing this” is a much more harmful response than I would hope to see.

Hi, mod of a community on the instance in question here. Why is this response harmful? What should we have done instead?

[–] [email protected] 27 points 1 year ago (1 children)

I feel like it's up for discussion here and you very well may stand by the response there, but IMO with how prevalent this issue is, a specific response of "we've disabled custom emoji" or "we're upgrading to 0.18.2-rc.1 today" would have been more constructive and reassuring to users. Removal of the question and lack of details gives me a lot less confidence that the issue and fix are understood and doesn't leave any room for that discussion.

[–] [email protected] 13 points 1 year ago (1 children)

Ahh, ok. That's helpful, thanks!

This is going to seem silly in the context of such a severe exploit but one quirk about our instance is that we literally do not have a "general discussion" /c/. The biggest one is scoped to Star Trek and so a Lemmy exploit is obviously outside the scope of ... Star Trek. I would wager that's the main reason the mod removed the post, but I will admit that just pointing this out, I feel like the forum mod from the short story Wikihistory.

I'm in contact with the admins who manage the hosting, they are coordinating an update 0.18.2-rc1 as we speak. Also, there's already been some discussion about setting up a general discussion /c/ on our instance and so I'll include instance security in the scope of that /c/.

You mentioned elsewhere in this thread there is a Lemmy admins Matrix room. Is my instance big enough for my admins to be invited? If yes, who can I point them at to get in?

[–] [email protected] 10 points 1 year ago (1 children)

That's definitely good to hear! Timely upgrades for the bigger communities will be important.

Afaik the Lemmy Matrix rooms are all public. I wasn't invited myself; just found them via Matrix search and jumped in.

[–] [email protected] 12 points 1 year ago

And we're updated! Thank you for your advice, we really appreciate it.