Discussions related to Infosec.pub

It seems like Lemmy took off 2 years ago with the announcement of Reddit's API blocking 3rd party apps. Many instances popped up, and some disappeared equally fast. More people have now moved over since the actual announcement becoming alive.

I'm a bit new to the decentralized hosts with federation/mesh social networks on the web, and are wondering if anyone with long time experience using something like Mastodon would shine a perspective on how these services usually operate? Does popular instances suddenly disappear, resulting in people losing contact with each other? losing progress, reputation, communities and their history? Since it's open source, and it's meant to be run by the people, for the people. How is the stability and long-term plan for Infosec.pub? I would like to stick around this service for hopefully many years.

Most of the instances in the instance section (https://infosec.pub/instances) is gone. I would be interested to see the statistics on how long all these instances lived before they were shut down, and compare those numbers to the big instances people are signing up to.

Lastly, there seems to be no way to migrate your account to another instance [1], so long-term reliability is indeed important.

I am attending a webinar in a few days, and to get credit for attending I need to participate in the pulling questions. The application is Zoom, and I do not know when or how many pulling questions there will be. Does anyone know of a way to auto respond to the pulling questions? I have time, and am totally willing to slap something together in python, so if you have an idea of where to start that would be amazing

Hi all. As requested, I just added the mlmym interface to infosec.pub. It approximates the old style reddit interface.

So far, it has some.... quirks. For example, as far as I can tell, you cannot post with an "undetermined" language.

Hi all. Lemmy 0.19.9 released today and it has some fixes I want to get in place sooner rather than later. I will be installing the upgrade in about an hour. The downtime should be minimal, but it’s also possible it goes horribly wrong and I have to run a recovery.

Edit: the upgrade is complete. It was quite painless.

Hey @[email protected] and everyone else,

Would it be possible to have mlmym installed for Infosec.Pub?
It's a front-end that perfectly replicates the classic, old.reddit.com interface.

Besides the familiarity being nice for many, as well as it being more compact than even the compact-style themes we currently have available, I think the most important feature is that, unlike most other offerings, including the default that we're using, mlmym works perfectly without javascript enabled.

A bunch of other instances already have it installed. If you want to try it out, SDF is one such instance.

I don't know how big of a hassle it is to install, but I know I would appreciate it a lot!

The pact is a declaration of intent to block any Meta-governed instances that try to federate. There are some useful stats here about which, and how many instances have already committed to the pact. All types of Fediverse instances have signed, including some Lemmy instances, though it seems to be especially Mastodon instances that have signed it.

Is this something you have an opinion on, or already made a decision about, @[email protected]? Is it something we should discuss as a community?

Hi all!

On reddit I'm the main moderator for a cryptography subreddit, https://www.reddit.com/r/crypto and I'm considering migrating it.

There's a few cryptography subreddits (one named cryptography which is the main option), the main difference with the one I run is we're a bit stricter about being on topic and thus maintaining higher quality discussions (in part because we're under a heavy flood of spam bots, so we need to filter strictly). We got plenty of people over there who are professional cryptographers

I see there's also a cryptography forum on this instance, but it's very scattered and doesn't really have very high quality posts. I wouldn't want to just take over an existing forum here, if I move the reddit community I'd like to recreate /r/crypto as a new forum here and establish it with all the same rules, etc.

Is there interest from the admins for that here? And how dedicated are the admins to maintaining this instance in the long term? (I don't want to have to move the forum multiple times)

And how much interest is there from the lemmy community?

(sidenote - this time around I'd handle moderation from a separate account, not from my main)

The following instances will be offline briefly on Saturday, December 14 from 9am ET / 2pm UTC for approxmately 10 minutes: infosec.exchange infosec.town infosec.pub pixel.infosec.exchange books.infosec.exchange matrix/element.infosec.exchange relay.infosec.exchange meetup.infosec.exchange video.infosec.exchange infosec.press infosec.place fedia.io fedia.social elk,.infosec.exchange infosec.space convo.casa

The servers supporting these instances require a reboot. The Dell servers these instances run on take a very long time to boot, so I am estimating 10 minutes of downtime. It could be more, could be less.

We use live patches to minimize reboots needed for patching, however Ubuntu only provides livepatch support for a year, which is how long most of these systems have been running for.

The upgrade went smoothly and took less time than I expected. Let me know if any problems. And yes, tuxbot is still suspended.

Hello everyone. Lemmy 0.19.6 was released today. I am going to apply the update Sunday, November 10 at 2am UTC. Downtime should not be more than one hour.

Images that have been proxied by another instance break when I try to view them on here. As far as I could gather lemmy tries to proxy them again and that doesn’t work creating broken links like:

https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Flemm.ee%2Fapi%2Fv3%2Fimage_proxy%3Furl%3Dhttps%253A%252F%252Fi.ibb.co%252FBGzbmXH%252F5f838e188876c0c9.png

Source: https://infosec.pub/post/19061593

“there were no email addresses in the social security number files*. If you find yourself in this data breach via HIBP, there's no evidence your SSN was leaked, and if you're in the same boat as me, the data next to your record may not even be correct”

https://www.troyhunt.com/inside-the-3-billion-people-national-public-data-breach/

#infosec #privacy

A novel Linux Kernel cross-cache attack named SLUBStick has a 99% success in converting a limited heap vulnerability into an arbitrary memory read-and-write capability, letting the researchers elevate privileges or escape containers.

The discovery comes from a team of researchers from the Graz University of Technology who demonstrated the attack on Linux kernel versions 5.9 and 6.2 (latest) using nine existing CVEs in both 32-bit and 64-bit systems, indicating high versatility.

https://www.bleepingcomputer.com/news/security/linux-kernel-impacted-by-new-slubstick-cross-cache-attack/

I noticed our instance got updated to lemmy 0.19.5 which means image proxying is now available. Since it‘s a privacy preserving measure and also (in case of catbox) really helps with loading times I would really like this feature. I am not quite sure but as far as I can tell it is not enabled at the moment. Does anyone know if it is planned to be used in the future?

Also I don’t know where instance related announcements and news are posted so I‘d appreciate it if someone could point me in the right direction.

cross-posted from: https://sopuli.xyz/post/14184367

Lemmy version 0.19.4 introduces 3 relatively intolerable bugs, and 0.19.5 only fixes one of them.

• cannot post, risk of data loss
• cannot cross-post, but no data loss.
• can only visit the default timeline view

Infosec.pub will be down for maintenance on Monday, July 1 2024, from approximately 10am until 1pm Eastern Time. I will be upgrading to the latest version of Lemmy, which requires an upgrade to postgres.

We have a #ZeroDay in #Chrome's browser, just in case you're still using it.

This is likely a Lemmy bug but infosec.pub is related because there are so many Android communities that are federated from bad places so I thought I would mention it here as well.

cross-posted from: https://infosec.pub/post/11060800

The cross-post mechanism has a limitation whereby you cannot simply enter a precise community to post to. Users are forced to search and select. When searching for “android” on infosec.pub within the cross-post page, the list of possible communities is totally clusterfucked with shitty centralized Cloudflare instances (lemmy world, sh itjust works, lemm ee, programming dev, etc). The list of these junk instances is so long [email protected] does not make it to the list.

The workaround is of course to just create a new post with the same contents. And that is what I will do.

There are multiple bugs here:
① First of all, when a list of communities is given in this context, the centralized instances should be listed last (at best) because they are antithetical to fedi philosophy.
② Subscribed communities should be listed first, at the top
③ Users should always be able to name a community in its full form, e.g.:

• [[email protected]](/c/[email protected])
• hilariouschaos.com/android

④ Users should be able to name just the instance (e.g. hilariouschaos.com) and the search should populate with subscribed communities therein.

Is infosec.pub going to federate with or block meta? Sorry if this is a duplicate post, I couldn't find an answer.