Comment

Comment on YSK: If you set up a Lemmy instance, and follow the Docker setup instructions to the letter, it will send lemmy.ml your admin password during the setup process

<- View Parent

PhilipTheBucket@ponder.cat ⁨5⁩ ⁨days⁩ ago

The longer I look at it the more suspicious I am of it, to be honest. I’m just kind of generally a paranoid and accusatory person, so take that into account, but… the files are pretty carefully set up. They have variable substitutions for everything, including a bunch of places where there’s a template substitution to change a string around when setting cache keys so that it’ll still work out-of-the-box right away, even in complex configurations like multiple domains on a single server. It all works out-of-the-box right away, they’ve clearly been attentive to making sure it’s all set up right and keeps working cleanly as things have been evolving forward. Except for that one place.

source

Sort:hotnew top

aubeynarf@lemmynsfw.com ⁨5⁩ ⁨days⁩ ago
this is how those Marxist Leninst nation state actors work

source
lorty@lemmy.ml ⁨5⁩ ⁨days⁩ ago
If we are entertain this idea, what could they possibly gain from this? Stealing passwords isn’t effective if the victim knows it’s been stolen.

source
- PhilipTheBucket@ponder.cat ⁨5⁩ ⁨days⁩ ago
  I think it would be very rare that people would put two and two together to realize that their password had been “stolen” by this event. Like I say, I have no real idea even if it is being stolen, just that it would be trivial for .ml to decide that they wanted to start keeping a little cache of everyone’s admin email addresses and passwords.
  
  Like someone else said, if it was anyplace other than lemmy.ml, I wouldn’t give it a second thought, it would just be “whoa you gotta fix this.” I sort of agree with you that there’s not even really any strong indication that there’s anything all that bad they could do with it. It’s only because lemmy.ml moderation actions already have such a pattern of authoritarian dishonesty that I get to any degree paranoid or alarmed about it.
  
  source
- TachyonTele@piefed.social ⁨5⁩ ⁨days⁩ ago
  Entertaining the idea... Lol
  
  Do you think OP is making it up?
  
  source
  - paraphrand@lemmy.world ⁨5⁩ ⁨days⁩ ago
    I assume they just mean the idea that is malicious and not just stupidity.
    
    source
    hemmes@lemmy.world ⁨5⁩ ⁨days⁩ ago
    Neither is good
    
    source
    -> View More Comments
- otacon239@lemmy.world ⁨5⁩ ⁨days⁩ ago
  That’s just it. Someone might not realize that all that info was passed to the server when it failed if they weren’t thinking about it. They’d just correct their mistake and move on with their day, especially if they’re new to server administration as I’m sure many Lemmy admins would be.
  
  source
- MotoAsh@lemmy.world ⁨5⁩ ⁨days⁩ ago
  “What could they possibly gain from having keys to the kingdom?”
  
  rofl! Continue proving how absolutely brainless bootlickers are… It’s a good fit for you.
  
  source
- otter@lemmy.dbzer0.com ⁨5⁩ ⁨days⁩ ago
  
  if the victim knows it’s been stolen.
  
  You daft, mate? Or, just high as giraffe balls?
  
  source