terribleplan

joined 1 year ago
MODERATOR OF
[–] [email protected] 2 points 1 year ago

I think it would need to be a mechanism similar to how user moves are handled where the old thing sticks around forever but has a field that says "the new one is over here" and then the new one has a field that says "yes, I am the same as that old one". At least I think that's how e.g. mastodon handles moves of users (just the person/actor, not any of their content. AFAIK nothing in the fediverse can do something like this with anything other than a person/actor at the moment)

[–] [email protected] 1 points 1 year ago (3 children)

The problem is the thing has already been federated. Changing the ID in the db will appear to the rest of the fediverse as new things, not as those same things.

[–] [email protected] 1 points 1 year ago

Snappymail is simple and awesome if you want better webmail than roundcube, I switched and didn't look back. I am also a big fan of native apps, I'm using thunderbird on my PCs and and Fair Email on Android, both of which I am quite happy with.

[–] [email protected] 4 points 1 year ago

Laptops/desktopes: no real naming scheme, they use non-static DHCP leases anyway.

Physical servers: NATO phonetic alphabet. If I run out of letters something has gone terribly ~~wrong~~ right.

VMs: I don;t have many of these left, but they are named according to their function and then a digit in case I need more. e.g. docker1, k3s1. This does mean that I have some potential oddities like a k3s cluster with foxtrot, alpha, and k3s1 as members, but IMO that's fine and lets me easily tell if something is physical or virtual. I am considering including the physical machine name in the VM name for new things as I no longer have things set up such that machines can migrate... though I haven't made a new VM in some time.

Network equipment: Named according to location and function. e,g, rack-router, rack-10g, rack-back-1g, rack-ap, upstairs-10g, upstairs-ap. If something moves or is repurposed it is likely getting reconfigured so renaming at that point makes sense.

[–] [email protected] 2 points 1 year ago

Quoted because those were the first paragraphs from Wikipedia, just sucked to try to credit properly on mobile.

[–] [email protected] 5 points 1 year ago (2 children)

Identified by their distinctively grotesque costumes, Gwar's core thematic and visual concept revolves around an elaborate science fiction-themed mythology which portrays the band members as barbaric interplanetary warriors, a narrative which serves as the basis for all of the band's albums, live shows and media. With over-the-top violent, sexual, and scatological humor typically incorporating social and political satire, Gwar has attracted both acclaim and controversy for its music and stage shows, the latter of which notoriously showcase enactments of graphic violence that result in the audience being sprayed with fake blood, urine, and semen. Such stagecraft regularly leads Gwar to be labeled a "shock rock" band by the media.

Tiny Desk Concerts is a video series of live concerts hosted by NPR Music at the desk of All Songs Considered host Bob Boilen in Washington, D.C.

Magic.

[–] [email protected] 3 points 1 year ago

I switched to Fogejo just by swapping out the image. So far gitea hasn't been malicious with its trademarks now being owned by a private company, but I feel better using software that is more closely tied to a nonprofit. I see no reason to switch back.

[–] [email protected] 1 points 1 year ago (1 children)

Pretty sure it needs to be https://$user:[email protected]/username/repo.git#branch.

[–] [email protected] 9 points 1 year ago (2 children)
  1. You host it yourself
  2. You can get a cool domain name
  3. It's pretty low maintenance
[–] [email protected] 1 points 1 year ago

I have owned and otherwise dealt with a few different Startech 4-post open racks and have been very happy with them. I currently use one of their 25U racks for my lab, but am running out of space...

[–] [email protected] 12 points 1 year ago (3 children)

I started on Gitlab, which was a monster to run. I moved to Gitea, until the developers started doing some questionable things. Now I'm on Forgejo (a fork of Gitea).

[–] [email protected] 0 points 1 year ago

Yeah, all I know is that I am definitely seeing images loaded in from domains other than that of my instance as I load/scroll pages, which I want to be loaded via my instance for privacy reasons.

 

A checkpoint? From Mk. VI? And they mention the fediverse? (Well, Mastodon at least). It must be Christmas.

 

I tried what another user reported and it worked. I submitted a github issue as the security email seems to be unmonitored based on me trying to contact it (regarding a different issue) for over a week now.

Be careful about links you click in Lemmy, I guess.

cross-posted from: https://sh.itjust.works/post/774797

What is XSS?

Cross-site scripting (XSS) is an exploit where the attacker attaches code onto a legitimate website that will execute when the victim loads the website. That malicious code can be inserted in several ways. Most popularly, it is either added to the end of a url or posted directly onto a page that displays user-generated content. In more technical terms, cross-site scripting is a client-side code injection attack. https://www.cloudflare.com/learning/security/threats/cross-site-scripting/

Impact

One-click Lemmy account compromise by social engineering users to click your posts URL.

Reproduction

Lemmy does not properly sanitize URI's on posts leading to cross-site scripting. You can see this working in action by clicking the "link" attached to this post on the web client.

To recreate, simply create a new post with the URL field set to: javascript:alert(1)//

Patching

Adding filtering to block javascript: and data: URI's seems like the easiest approach.

 

Crank up "Crab Rave" and put your claws in the air, but with guns in them.

 

Escape! With Art!

 

I was a bit distracted with the whole LRRMans thing, have some highlights.

 

Apparently someone on lemmy.ca feels the need to make clickbait out of a very short wikipedia article. And they didn't even answer their clickbait in the post body. smh.

For added fun archive.org seemingly breaks the Lemmy UI, indicating that the community lives @web.archive.org for some reason.

Created: 9th century

"This is the most exciting piece of excrement I've ever seen ... In its own way, it's as irreplaceable as the Crown Jewels"

 

The operator of the plant is confident it is safe, some say there are other risks that make not releasing the wastewater worse, most opposition is limited to saying hasn't been enough study, one scientist in particular says it is unsafe. We'll see what ends up happening later this month.

“a lack of adequate and accurate scientific data supporting Japan’s assertion of safety”.

“The risk of another earthquake or a typhoon causing a leak of a tank is higher, and they’re running out of space.”

“The concept of dilution as the solution to pollution has demonstrably been shown to be false, [...] [t]he very chemistry of dilution is undercut by the biology of the ocean.”

“I think it is important to evaluate the long-term environmental impact of these radionuclides,”

“We have confirmed that the tritium concentrations in the bodies of marine organisms reach equilibrium after a certain period of time and do not exceed the concentrations in the living environment,” [...] The tritium concentrations then decrease over time once the organism is returned to untreated seawater.

The IAEA [...] is expected to release a final report on the site and the plan for the wastewater release later in June.

 

On today's episode of Tap Tap 100...

 

Yay, an early CheckPoint! Let's hope heather takes an early lunch more often!

 

Wow, RNA came out in Jan. 2019... Time has been wonky...

 

The names have been changed to protect the unusual. Crapshots will return in August.

 

For a defendant with no prior criminal convictions, an offense level of 37 yields 210 to 262 months (17 1/2 to almost 22 years). A defendant who accepted responsibility could reduce that range to 151 to 188 months if the prosecution agreed to deduct the third point.

view more: next ›