erre 1y ago • 100%
I like that imgur removes exif data, any recommendations that do that too?
I took a look at a few posted and they don't appear to do so.
erre 1y ago • 100%
I hope they'll finally give the player career mode some love. Pleaseeeeeee.
erre 1y ago • 100%
Looks like the instance is on the latest RC which includes the fix for the vulnerability.
erre 1y ago • 100%
erre 1y ago • 100%
The one reserved for residential usage is home.arpa
.
erre 1y ago • 100%
I think the lemmy.world admin posted on his official Mastodon.
erre 1y ago • 100%
If you run the instance only for yourself then I'd say it makes you an unattractive target. Why do a lot of work to hack an instance with one user?
But yeah, since Lemmy's code is not super mature there'll be some pains in the short term.
erre 1y ago • 100%
Oops indeed. Lemmy needs a security audit 😬
erre 1y ago • 100%
Looks like lemmy.blahaj.zone is back
erre 1y ago • 100%
Thanks for sharing! Forgot to look this up, tuned into the match late. That was a brutal hit. First time I see a ref injured.
erre 1y ago • 100%
Realizing this blew my mind. Definitely more interesting than following people.
erre 1y ago • 100%
I'd wager you're likely fine if you're using a mobile app when the affected image loads. Also, it appears they're stealing auth tokens.. not passwords or anything. At worst they could impersonate you until your token expires.. but you're not a high value target unless you're an admin of an instance.
erre 1y ago • 100%
What kind of terrible markdown editor allows adding onload scripts to images though.. it's insane.
erre 1y ago • 100%
If it's onload
then simply viewing the image runs that script. Yikes.
erre 1y ago • 100%
This is hilariously timed considering the current panic at the hacked instances.
erre 1y ago • 100%
Tough call, probably for the best. Hopefully it's resolved soon.
erre 1y ago • 100%
I think that's right on the money.
erre 1y ago • 77%
The sophistication is impressive, using emojis. Are people getting paid to find the vulnerabilities or are they just bored??
erre 1y ago • 100%
I think they're stealing auth tokens, not sure if 2fa would help. It looks like there may be a vulnerability in the markdown editor and being able to insert JavaScript. The JS being able to access your cookies to share them is the second issue.
erre 1y ago • 100%
Curl didn't return anything. They're likely just using it to log requests since the request path contains the data they need.
When scrolling and reaching the end of the currently-loaded posts, Connect starts loading more posts but there is no visual indication of this. A user must keep trying to scroll down until they're loaded. It would be nice if a loading bar, spinner, etc. would display to inform the user that posts are loading. TY!
Tapping the post form submit button results in an error that says to pick one of the ten communities listed which I guess are those that horizontally scroll under the "community name" form field. So I guess I can only post to those.. not sure why it's limited. It's a bug unless I missed a new setting. I had to create this post using Jerboa 😞 Connect version 1.0.69. Also applies to 1.0.71.
My instance restarted while browsing Lemmy. The error message output is raw html rather than a user-friendly message. Not a huge deal but wanted to point it out. Version 1.0.69
She's a little sweetheart.
I'm getting old and the morning coffee isn't doing anything for the crash after midday. It's also getting hot and I don't want an afternoon hot cup of coffee. I want to try making cold brew and it seems simple enough. Any tips? So far I've seen 1:8 coffee to water recommended. 24 hours steeped and 2:1 water to concentrate. Sound ok? Any extra steps to make it twice as good?
cross-posted from: https://beehaw.org/post/911506 > Turns out my passion flower plant _is_ gonna give me fruit this year 🙂🙃🙂🙃
Turns out my passion flower plant _is_ gonna give me fruit this year 🙂🙃🙂🙃
For me at least. Looks like they enforced rate limits an hour before midnight UTC.
Thought this might be an interesting read for some.
Really thorough review of the latest traffic AI video released. I hadn't noticed there were no rain effects in the video which I also hope is included when released.
cross-posted from: https://lemmit.online/post/35832 > ##### This is an automated archive made by the [Lemmit Bot](https://lemmit.online/). > The original was posted on [/r/soccer](https://old.reddit.com/r/soccer/comments/14kq6lz/o_keefe_leicester_and_tottenham_have_reached_the/) by [/u/TomasRoncero](https://old.reddit.com/u/TomasRoncero) on 2023-06-27 21:30:27+00:00. > > **Original Title**: [O Keefe] Leicester and Tottenham have reached the final stages in negotiations for James Maddison. Payment structure / bonus structure expected to be finalised then the player will travel for a medical. > Exciting!
cross-posted from: https://lemmit.online/post/32924 > ##### This is an automated archive made by the [Lemmit Bot](https://lemmit.online/). > The original was posted on [/r/soccer](https://old.reddit.com/r/soccer/comments/14kdjz1/bild_tottenham_are_demanding_100m_for_harry_kane/) by [/u/nutelamitbutter](https://old.reddit.com/u/nutelamitbutter) on 2023-06-27 13:17:50+00:00. > Looks like it might not happen.
cross-posted from: https://lemmit.online/post/27502 > ##### This is an automated archive made by the [Lemmit Bot](https://lemmit.online/). > The original was posted on [/r/soccer](https://old.reddit.com/r/soccer/comments/14jndyg/percy_tottenham_to_make_james_maddison_move_as/) by [/u/try-D](https://old.reddit.com/u/try-D) on 2023-06-26 17:21:57+00:00. >
cross-posted from: https://beehaw.org/post/790495 > This is the first year it flowers, hoping to get fruit this year.
This is the first year it flowers, hoping to get fruit this year.
cross-posted from: https://feddit.win/post/28256 > Hadn't seen this rumor before.