this post was submitted on 18 Oct 2023
35 points (94.9% liked)

Fediverse

27910 readers
1 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
 

Hey all, I'm fairly new to the Fediverse.

I'm just wondering what is preventing mallard from being shared on Lemmy, K.Bin, etc. via images or other embeds? Is there some file vetting happening under the hood?

all 17 comments
sorted by: hot top controversial new old
[–] [email protected] 49 points 1 year ago (3 children)

Duck sharing is prohibited

[–] [email protected] 26 points 1 year ago (1 children)
[–] [email protected] 10 points 1 year ago

We've been infiltrated.

[–] [email protected] 16 points 1 year ago

Lemmy is actually full of quack addicts.

[–] [email protected] 7 points 1 year ago

Phew! That's a load off my mind. I've been worried about that for a long time.

[–] [email protected] 13 points 1 year ago

Welcome,

There were issues a while back, which were fixed in security patches.

[–] [email protected] 9 points 1 year ago

Yes, all your mallards should be thoroughly vetted.

[–] [email protected] 9 points 1 year ago (1 children)

Wasn't work done not too long ago with emojis or something?

[–] [email protected] 3 points 1 year ago (1 children)

Custom emoji was one, and another one in July(?) was in sidebars not being sanitized

[–] [email protected] 1 points 1 year ago (1 children)

What do you mean by sanitized?

[–] [email protected] 2 points 1 year ago (1 children)

Stripped of executable code. IIRC the issue in particular was that sidebars observed HTML and you could put an iframe with potentially malicious code into them.

[–] [email protected] 2 points 1 year ago

Interesting. Once the development of Lemmy slows down a couple years from now it would be interesting to see a video detailing the hiccups around its growth

[–] [email protected] 8 points 1 year ago (1 children)

Hopefully you're not using an image reader that's shitty enough to have vulnerabilities like this 🤨

[–] [email protected] 2 points 1 year ago (2 children)
[–] [email protected] 5 points 1 year ago

I wouldn't worry about Chrome having vulnerabilities in its image readers.

[–] [email protected] 1 points 1 year ago

I would say that a zero-day for chrome would be far too valuable. Except you're the target of an entity that has a few millions to spare.