Was just gonna say. Exactly what some authoritarian boot lickers would do.
Semi_Hemi_Demigod@lemmy.world 5 days ago
That’s so on-character for .ml
BroBot9000@lemmy.world 5 days ago
Semi_Hemi_Demigod@lemmy.world 5 days ago
“Of course the Central Committee would have access to your instance. Why is that a problem? Are you doing something counter-revolutionary?!”
TachyonTele@piefed.social 5 days ago
Im loving that there are ml users coming in and defending it lol
PhilipTheBucket@ponder.cat 5 days ago
Yeah, don’t they realize they could have just spent that time productively by making a pull request, instead?
TachyonTele@piefed.social 5 days ago
Honestly, you found the fault. I agree that you should put the request in.
PhilipTheBucket@ponder.cat 5 days ago
I mean probably I should. There are a bunch of people accusing me of being dick headed and petty and they’re not completely wrong. Honestly, I just don’t feel like helping the Lemmy devs. Dessalines, at least, is totally unapologetic about being a dickhead to people he has power over. That puts me in a mindset where, mostly, I want to talk to other people about potential harm he’s in a position to do, and not really in a mindset where I want to do even a small amount of extra work on his behalf.
I’m going to tell other people that he’s in a position to take their passwords. If he wants to see that and put himself not in that position anymore? Great, I think he should. If he gets his feelings hurt because I’m not being super friendly about it? Well… okay. I’m not trying to be malicious about it or do anything other than clearly communicate the problem. But it seems like the lemmy.ml “in charge” crew in general has a lot of a mentality that’s kind of like, “Well, I’m in charge, and you’re not, so fuck what you think and fuck your rights. Ban.” (or whatever). The way I operate is that really makes me not want to be extra friendly or courteous to people. I used to have a regular donation to Lemmy development set up, I used to take it seriously the idea of getting involved in contributing to the code, and then I observed how they operate, and … like I say I’m mostly talking to the other people involved who I think should be aware of this. If the devs want to react, fix it, or get involved in the conversation, then sure, sounds good.
The fix is in the comments below, if someone else wants to contribute it and do the very small amount of work of getting it in.
Ephera@lemmy.ml 5 days ago
The devs have access to the source code. Why would they put something like this two layers deep into the documentation? It’s like those people that think Mozilla is evil, because Mozilla openly talks about what they’re doing. If they wanted to be evil, you would know jackshit about it.
PhilipTheBucket@ponder.cat 5 days ago
- “This isn’t even malicious, just look at it, it’s perfectly innocent”
- “Besides, if they wanted to do something, they could disguise it way better than this”
Pick a lane, .ml.
Ephera@lemmy.ml 5 days ago
I’ll let the hivemind know that we’re supposed to have only one opinion.
lorty@lemmy.ml 5 days ago
Why are you assuming malice when this is probably just a mistake/oversight?
socsa@piefed.social 5 days ago
Because of the way Dessalines and Nutomic consistently act?
Watch. They won't apologize or admit wrongdoing here. They never do.
eugenevdebs@lemmy.dbzer0.com 5 days ago
They did patch it just now.
InternetCitizen2@lemmy.world 5 days ago
I wonder what their answer for this will be in the coming days.
TachyonTele@piefed.social 5 days ago
Everyone here will be ml banned for five months.
lorty@lemmy.ml 5 days ago
They fixed it.
Semi_Hemi_Demigod@lemmy.world 5 days ago
Because “when someone shows you who they are, believe them the first time .”
lorty@lemmy.ml 5 days ago
All I see here is a mistake. If that’s unforgivable to you then so be it.
Semi_Hemi_Demigod@lemmy.world 5 days ago
If it wasn’t .ml I would not assume malice
DeathByBigSad@sh.itjust.works 5 days ago
Redjard@lemmy.dbzer0.com 5 days ago
This issue here is very different to the xz backdoor.
The xz backdoor was well obfuscated, planned out, and inserted by another actor.This here is easy to notice, can reasonably be explained as a mistake, and can only benefit the og main devs of lemmy.
A “huh this is odd, also change yalls admin passwords” is appropriate here. Even if we got further indication it was malicious, it would still be far less crazy than the xz backdoor.
InternetCitizen2@lemmy.world 5 days ago
Both a strength and weakness of FOSS. There is also the solar winds hack for a proprietary analog in case anyone is curious.
cm0002@lemmy.world 5 days ago
Uh huh, just like how the instance/user block being horribly implemented to where it’s just a barely functional mute is just a (4 year) “oversight”
OpenStars@piefed.social 5 days ago
We are using their tools though...
Well, you are, while I am on PieFed:-P If you do not like what you've heard here, then consider switching to Piefed.World (Lemmy.World's recently-announced PieFed replacement for Lemmy)
tal@lemmy.today 5 days ago
Oh, that’s interesting. Didn’t know about that.
I don’t think that there’s a way to list instances that a PieFed instance has defederated from, unlike Lemmy; while both have a list of instances at /instances, only Lemmy indicates which ones have been defederated from. It was a helpful tool to help me guess the sort of content an instance had.
Like:
klu9@piefed.social 5 days ago
Try asking in !piefed_meta@piefed.social , !piefed_help@piefed.social or https://codeberg.org/rimu/pyfedi/issues
I've only been on PieFed a month or so and they've already dealt with half a dozen things I've mentioned, from bugs to feature requests.
umbrella@lemmy.ml 5 days ago
also on character for .world
Bloomcole@lemmy.world 5 days ago
They are more anti - ml than their beloved ww2 nazi examples.
You can feel them foaming at the mouth.
PhilipTheBucket@ponder.cat 5 days ago
The longer I look at it the more suspicious I am of it, to be honest. I’m just kind of generally a paranoid and accusatory person, so take that into account, but… the files are pretty carefully set up. They have variable substitutions for everything, including a bunch of places where there’s a template substitution to change a string around when setting cache keys so that it’ll still work out-of-the-box right away, even in complex configurations like multiple domains on a single server. It all works out-of-the-box right away, they’ve clearly been attentive to making sure it’s all set up right and keeps working cleanly as things have been evolving forward. Except for that one place.
aubeynarf@lemmynsfw.com 5 days ago
this is how those Marxist Leninst nation state actors work
lorty@lemmy.ml 5 days ago
If we are entertain this idea, what could they possibly gain from this? Stealing passwords isn’t effective if the victim knows it’s been stolen.
PhilipTheBucket@ponder.cat 5 days ago
I think it would be very rare that people would put two and two together to realize that their password had been “stolen” by this event. Like I say, I have no real idea even if it is being stolen, just that it would be trivial for .ml to decide that they wanted to start keeping a little cache of everyone’s admin email addresses and passwords.
Like someone else said, if it was anyplace other than lemmy.ml, I wouldn’t give it a second thought, it would just be “whoa you gotta fix this.” I sort of agree with you that there’s not even really any strong indication that there’s anything all that bad they could do with it. It’s only because lemmy.ml moderation actions already have such a pattern of authoritarian dishonesty that I get to any degree paranoid or alarmed about it.
TachyonTele@piefed.social 5 days ago
Entertaining the idea... Lol
Do you think OP is making it up?
paraphrand@lemmy.world 5 days ago
I assume they just mean the idea that is malicious and not just stupidity.
otacon239@lemmy.world 5 days ago
That’s just it. Someone might not realize that all that info was passed to the server when it failed if they weren’t thinking about it. They’d just correct their mistake and move on with their day, especially if they’re new to server administration as I’m sure many Lemmy admins would be.
MotoAsh@lemmy.world 5 days ago
“What could they possibly gain from having keys to the kingdom?”
rofl! Continue proving how absolutely brainless bootlickers are… It’s a good fit for you.
otter@lemmy.dbzer0.com 5 days ago
You daft, mate? Or, just high as giraffe balls?