terribleplan

joined 1 year ago
[–] terribleplan@lemmy.nrd.li 1 points 1 year ago

Snappymail is simple and awesome if you want better webmail than roundcube, I switched and didn't look back. I am also a big fan of native apps, I'm using thunderbird on my PCs and and Fair Email on Android, both of which I am quite happy with.

[–] terribleplan@lemmy.nrd.li 4 points 1 year ago

Laptops/desktopes: no real naming scheme, they use non-static DHCP leases anyway.

Physical servers: NATO phonetic alphabet. If I run out of letters something has gone terribly ~~wrong~~ right.

VMs: I don;t have many of these left, but they are named according to their function and then a digit in case I need more. e.g. docker1, k3s1. This does mean that I have some potential oddities like a k3s cluster with foxtrot, alpha, and k3s1 as members, but IMO that's fine and lets me easily tell if something is physical or virtual. I am considering including the physical machine name in the VM name for new things as I no longer have things set up such that machines can migrate... though I haven't made a new VM in some time.

Network equipment: Named according to location and function. e,g, rack-router, rack-10g, rack-back-1g, rack-ap, upstairs-10g, upstairs-ap. If something moves or is repurposed it is likely getting reconfigured so renaming at that point makes sense.

[–] terribleplan@lemmy.nrd.li 2 points 1 year ago

Quoted because those were the first paragraphs from Wikipedia, just sucked to try to credit properly on mobile.

[–] terribleplan@lemmy.nrd.li 2 points 1 year ago (2 children)

Identified by their distinctively grotesque costumes, Gwar's core thematic and visual concept revolves around an elaborate science fiction-themed mythology which portrays the band members as barbaric interplanetary warriors, a narrative which serves as the basis for all of the band's albums, live shows and media. With over-the-top violent, sexual, and scatological humor typically incorporating social and political satire, Gwar has attracted both acclaim and controversy for its music and stage shows, the latter of which notoriously showcase enactments of graphic violence that result in the audience being sprayed with fake blood, urine, and semen. Such stagecraft regularly leads Gwar to be labeled a "shock rock" band by the media.

Tiny Desk Concerts is a video series of live concerts hosted by NPR Music at the desk of All Songs Considered host Bob Boilen in Washington, D.C.

Magic.

[–] terribleplan@lemmy.nrd.li 3 points 1 year ago

I switched to Fogejo just by swapping out the image. So far gitea hasn't been malicious with its trademarks now being owned by a private company, but I feel better using software that is more closely tied to a nonprofit. I see no reason to switch back.

[–] terribleplan@lemmy.nrd.li 1 points 1 year ago (1 children)

Pretty sure it needs to be https://$user:$pat@github.com/username/repo.git#branch.

[–] terribleplan@lemmy.nrd.li 9 points 1 year ago (2 children)
  1. You host it yourself
  2. You can get a cool domain name
  3. It's pretty low maintenance
[–] terribleplan@lemmy.nrd.li 1 points 1 year ago

I have owned and otherwise dealt with a few different Startech 4-post open racks and have been very happy with them. I currently use one of their 25U racks for my lab, but am running out of space...

[–] terribleplan@lemmy.nrd.li 12 points 1 year ago (3 children)

I started on Gitlab, which was a monster to run. I moved to Gitea, until the developers started doing some questionable things. Now I'm on Forgejo (a fork of Gitea).

[–] terribleplan@lemmy.nrd.li 0 points 1 year ago

Yeah, all I know is that I am definitely seeing images loaded in from domains other than that of my instance as I load/scroll pages, which I want to be loaded via my instance for privacy reasons.

[–] terribleplan@lemmy.nrd.li 1 points 1 year ago (3 children)

I believe the Pictrs is a hard dependency and Lemmy just won't work without it, and there is no way to disable the caching. You can move all of the actual images to object storage as of v0.4.0 of Pictrs if that helps.

Other fediverse servers like Mastodon actually (can be configured to) proxy all remote media (for both privacy and caching reasons), so I imagine Lemmy will move that way and probably depend even more on Pictrs.

[–] terribleplan@lemmy.nrd.li 7 points 1 year ago (7 children)

IIRC Lemmy preloads all thumbnails for posts in communities you subscribe to into pictrs to be cached for like a month or something. So, yeah...

 

I tried what another user reported and it worked. I submitted a github issue as the security email seems to be unmonitored based on me trying to contact it (regarding a different issue) for over a week now.

Be careful about links you click in Lemmy, I guess.

cross-posted from: https://sh.itjust.works/post/774797

What is XSS?

Cross-site scripting (XSS) is an exploit where the attacker attaches code onto a legitimate website that will execute when the victim loads the website. That malicious code can be inserted in several ways. Most popularly, it is either added to the end of a url or posted directly onto a page that displays user-generated content. In more technical terms, cross-site scripting is a client-side code injection attack. https://www.cloudflare.com/learning/security/threats/cross-site-scripting/

Impact

One-click Lemmy account compromise by social engineering users to click your posts URL.

Reproduction

Lemmy does not properly sanitize URI's on posts leading to cross-site scripting. You can see this working in action by clicking the "link" attached to this post on the web client.

To recreate, simply create a new post with the URL field set to: javascript:alert(1)//

Patching

Adding filtering to block javascript: and data: URI's seems like the easiest approach.

 

KNOWER is currently one of my favorite bands. Anyone else dig their vibe?

view more: next ›