Discussions related to Infosec.pub

Hi all. As requested, I just added the mlmym interface to infosec.pub. It approximates the old style reddit interface.

So far, it has some.... quirks. For example, as far as I can tell, you cannot post with an "undetermined" language.

Hi all. Lemmy 0.19.9 released today and it has some fixes I want to get in place sooner rather than later. I will be installing the upgrade in about an hour. The downtime should be minimal, but it’s also possible it goes horribly wrong and I have to run a recovery.

Edit: the upgrade is complete. It was quite painless.

Hey @jerry@infosec.pub and everyone else,

Would it be possible to have mlmym installed for Infosec.Pub?
It's a front-end that perfectly replicates the classic, old.reddit.com interface.

Besides the familiarity being nice for many, as well as it being more compact than even the compact-style themes we currently have available, I think the most important feature is that, unlike most other offerings, including the default that we're using, mlmym works perfectly without javascript enabled.

A bunch of other instances already have it installed. If you want to try it out, SDF is one such instance.

I don't know how big of a hassle it is to install, but I know I would appreciate it a lot!

The pact is a declaration of intent to block any Meta-governed instances that try to federate. There are some useful stats here about which, and how many instances have already committed to the pact. All types of Fediverse instances have signed, including some Lemmy instances, though it seems to be especially Mastodon instances that have signed it.

Is this something you have an opinion on, or already made a decision about, @jerry@infosec.pub? Is it something we should discuss as a community?

Hi all!

On reddit I'm the main moderator for a cryptography subreddit, https://www.reddit.com/r/crypto and I'm considering migrating it.

There's a few cryptography subreddits (one named cryptography which is the main option), the main difference with the one I run is we're a bit stricter about being on topic and thus maintaining higher quality discussions (in part because we're under a heavy flood of spam bots, so we need to filter strictly). We got plenty of people over there who are professional cryptographers

I see there's also a cryptography forum on this instance, but it's very scattered and doesn't really have very high quality posts. I wouldn't want to just take over an existing forum here, if I move the reddit community I'd like to recreate /r/crypto as a new forum here and establish it with all the same rules, etc.

Is there interest from the admins for that here? And how dedicated are the admins to maintaining this instance in the long term? (I don't want to have to move the forum multiple times)

And how much interest is there from the lemmy community?

(sidenote - this time around I'd handle moderation from a separate account, not from my main)

The following instances will be offline briefly on Saturday, December 14 from 9am ET / 2pm UTC for approxmately 10 minutes: infosec.exchange infosec.town infosec.pub pixel.infosec.exchange books.infosec.exchange matrix/element.infosec.exchange relay.infosec.exchange meetup.infosec.exchange video.infosec.exchange infosec.press infosec.place fedia.io fedia.social elk,.infosec.exchange infosec.space convo.casa

The servers supporting these instances require a reboot. The Dell servers these instances run on take a very long time to boot, so I am estimating 10 minutes of downtime. It could be more, could be less.

We use live patches to minimize reboots needed for patching, however Ubuntu only provides livepatch support for a year, which is how long most of these systems have been running for.

The upgrade went smoothly and took less time than I expected. Let me know if any problems. And yes, tuxbot is still suspended.

Hello everyone. Lemmy 0.19.6 was released today. I am going to apply the update Sunday, November 10 at 2am UTC. Downtime should not be more than one hour.

Images that have been proxied by another instance break when I try to view them on here. As far as I could gather lemmy tries to proxy them again and that doesn’t work creating broken links like:

https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Flemm.ee%2Fapi%2Fv3%2Fimage_proxy%3Furl%3Dhttps%253A%252F%252Fi.ibb.co%252FBGzbmXH%252F5f838e188876c0c9.png

Source: https://infosec.pub/post/19061593

“there were no email addresses in the social security number files*. If you find yourself in this data breach via HIBP, there's no evidence your SSN was leaked, and if you're in the same boat as me, the data next to your record may not even be correct”

https://www.troyhunt.com/inside-the-3-billion-people-national-public-data-breach/

#infosec #privacy

A novel Linux Kernel cross-cache attack named SLUBStick has a 99% success in converting a limited heap vulnerability into an arbitrary memory read-and-write capability, letting the researchers elevate privileges or escape containers.

The discovery comes from a team of researchers from the Graz University of Technology who demonstrated the attack on Linux kernel versions 5.9 and 6.2 (latest) using nine existing CVEs in both 32-bit and 64-bit systems, indicating high versatility.

https://www.bleepingcomputer.com/news/security/linux-kernel-impacted-by-new-slubstick-cross-cache-attack/

I noticed our instance got updated to lemmy 0.19.5 which means image proxying is now available. Since it‘s a privacy preserving measure and also (in case of catbox) really helps with loading times I would really like this feature. I am not quite sure but as far as I can tell it is not enabled at the moment. Does anyone know if it is planned to be used in the future?

Also I don’t know where instance related announcements and news are posted so I‘d appreciate it if someone could point me in the right direction.

cross-posted from: https://sopuli.xyz/post/14184367

Lemmy version 0.19.4 introduces 3 relatively intolerable bugs, and 0.19.5 only fixes one of them.

• cannot post, risk of data loss
• cannot cross-post, but no data loss.
• can only visit the default timeline view

Infosec.pub will be down for maintenance on Monday, July 1 2024, from approximately 10am until 1pm Eastern Time. I will be upgrading to the latest version of Lemmy, which requires an upgrade to postgres.

We have a #ZeroDay in #Chrome's browser, just in case you're still using it.

This is likely a Lemmy bug but infosec.pub is related because there are so many Android communities that are federated from bad places so I thought I would mention it here as well.

cross-posted from: https://infosec.pub/post/11060800

The cross-post mechanism has a limitation whereby you cannot simply enter a precise community to post to. Users are forced to search and select. When searching for “android” on infosec.pub within the cross-post page, the list of possible communities is totally clusterfucked with shitty centralized Cloudflare instances (lemmy world, sh itjust works, lemm ee, programming dev, etc). The list of these junk instances is so long !android@hilariouschaos.com does not make it to the list.

The workaround is of course to just create a new post with the same contents. And that is what I will do.

There are multiple bugs here:
① First of all, when a list of communities is given in this context, the centralized instances should be listed last (at best) because they are antithetical to fedi philosophy.
② Subscribed communities should be listed first, at the top
③ Users should always be able to name a community in its full form, e.g.:

• [!android@hilariouschaos.com](/c/android@hilariouschaos.com)
• hilariouschaos.com/android

④ Users should be able to name just the instance (e.g. hilariouschaos.com) and the search should populate with subscribed communities therein.

Is infosec.pub going to federate with or block meta? Sorry if this is a duplicate post, I couldn't find an answer.

Images do not get mirrored from one Lemmy instance to another. Understandably so. But there is a harmful side effect: if SourceNode is behind an access-restricted walled-garden and an image from that node is cross-posted to a DestinationNode that is not inside the same access-restricted walled-garden, then some readers on DestinationNode see posts where the image is inaccessible.

All variants of walled gardens are can trigger this problem but the most common is Cloudflare. So posts that contain images coming from instances like sh.itjust.works and lemmy.world are exclusive and do not include all people who infosec.pub includes.

How can this be fixed?

1. infosec.pub could defederate from all Cloudflare nodes. This would prevent CF pawns from pushing exclusive content onto infosec.pub, but infosec.pub users could probably still post links to the exclusive venues.
2. infosec.pub could block just cross-posts from CF nodes that contain images.
3. infosec.pub could mirror images when the image is in a known exclusive walled garden.
4. infosec.pub could accept posts that contain images in walled gardens and then immediately hide those posts. Perhaps a bot could populate a community designated for exclusive walled gardens with links to hidden posts so users not excluded by the walled garden can still reach the content.

Some of those options might require changes to lemmy code.

This may be an instance-specific problem because I’ve had no problem editing posts on other instances. When I try to exit the title and body of this post, I click save (or whatever) and without error it behaves as if my change was accepted.

Most instances take a minute or two to re-render the screen to show my updates. If the wait is long, I sometimes do a hard refresh to make sure the change got accepted (and if I don’t do that and I do another update, the old content populates the form and causes the recent edit to be lost).

Anyway, with infosec.pub my edits on the above-mentioned post just take no effect, confirmed by a hard-refresh showing no change.