@jerry
@infosec.pubI am going to be disabling image uploads and image serving, moving to moderated signups, and instituting some extensive block lists on infosec.pub due to the pervasive problems with CSAM attacks on lemmy instances.
No, it’s not happened to any of our instances yet, but I don’t need that headache. And if anyone does, I promise you that I will make it my life’s mission to see that those responsible are convicted and rotting in prison where they belong. ❤️
Edit: h/t to @infosec_jcp for pointing out the problem to me.
2FA in lemmy doesn’t work reliably yet. Please don’t enable it or you will almost certainly get locked out.
Note: it makes me sad to post this.
Hi all. I am going to implement a block for sh.itjust.works. I am going to need years of therapy from all the nasty crap coming from that instance.
Hi all. I’ve disabled new community creation and federation until there is a fix for the latest vulnerability
As some have pointed out, there was a serious xss vulnerability in lemmy disclosed yesterday. The Lemmy team released a fix a bit ago and I've since patched infosec.pub.
Lemmy and kbin have been... exciting to set up and debug.
There is a new version of lemmy in RC right now that should fix most of the issues we've been seeing, or at least give error messages that indicate what is going on.