So if you do the Docker setup, obeying the instructions and substituting everything that needs to get substituted, but don’t proofread the files in detail and so miss that line 40 of docker-compose.yml doesn’t have the variable {{domain}}
like in every other location you need to write your domain, but instead just says LEMMY_UI_LEMMY_EXTERNAL_HOST=lemmy.ml
and so fail to change it away from lemmy.ml… then, everything will work, except that when you type in your admin password for the first time, your browser will send a request to lemmy.ml which includes your admin username, your email address, and the admin password you’re trying to set. And, also, of course the home IP address of the admin setting up the server.
I have no reason at all to think the Lemmy devs have set their server up to log this information when it comes in. nginx will throw it away by default, of course, but it would be easy for them to have it save it instead, if they wanted to. And my guess is most people won’t use a different admin password once they figure out why creating their admin user isn’t working and fix it.
@dessalines@lemmy.ml I think you should fix the docker-compose.yml file not to do this.
Semi_Hemi_Demigod@lemmy.world 3 weeks ago
That’s so on-character for .ml
PhilipTheBucket@ponder.cat 3 weeks ago
The longer I look at it the more suspicious I am of it, to be honest. I’m just kind of generally a paranoid and accusatory person, so take that into account, but… the files are pretty carefully set up. They have variable substitutions for everything, including a bunch of places where there’s a template substitution to change a string around when setting cache keys so that it’ll still work out-of-the-box right away, even in complex configurations like multiple domains on a single server. It all works out-of-the-box right away, they’ve clearly been attentive to making sure it’s all set up right and keeps working cleanly as things have been evolving forward. Except for that one place.
aubeynarf@lemmynsfw.com 3 weeks ago
this is how those Marxist Leninst nation state actors work
lorty@lemmy.ml 3 weeks ago
If we are entertain this idea, what could they possibly gain from this? Stealing passwords isn’t effective if the victim knows it’s been stolen.
BroBot9000@lemmy.world 3 weeks ago
Was just gonna say. Exactly what some authoritarian boot lickers would do.
Semi_Hemi_Demigod@lemmy.world 3 weeks ago
“Of course the Central Committee would have access to your instance. Why is that a problem? Are you doing something counter-revolutionary?!”
TachyonTele@piefed.social 3 weeks ago
Im loving that there are ml users coming in and defending it lol
PhilipTheBucket@ponder.cat 3 weeks ago
Yeah, don’t they realize they could have just spent that time productively by making a pull request, instead?
Ephera@lemmy.ml 3 weeks ago
The devs have access to the source code. Why would they put something like this two layers deep into the documentation? It’s like those people that think Mozilla is evil, because Mozilla openly talks about what they’re doing. If they wanted to be evil, you would know jackshit about it.
lorty@lemmy.ml 3 weeks ago
Why are you assuming malice when this is probably just a mistake/oversight?
socsa@piefed.social 3 weeks ago
Because of the way Dessalines and Nutomic consistently act?
Watch. They won't apologize or admit wrongdoing here. They never do.
Semi_Hemi_Demigod@lemmy.world 3 weeks ago
Because “when someone shows you who they are, believe them the first time .”
DeathByBigSad@sh.itjust.works 3 weeks ago
en.wikipedia.org/wiki/XZ_Utils_backdoor
cm0002@lemmy.world 3 weeks ago
Uh huh, just like how the instance/user block being horribly implemented to where it’s just a barely functional mute is just a (4 year) “oversight”
lemmy.world/post/29072279
OpenStars@piefed.social 3 weeks ago
We are using their tools though...
Well, you are, while I am on PieFed:-P If you do not like what you've heard here, then consider switching to Piefed.World (Lemmy.World's recently-announced PieFed replacement for Lemmy)
tal@lemmy.today 3 weeks ago
Oh, that’s interesting. Didn’t know about that.
I don’t think that there’s a way to list instances that a PieFed instance has defederated from, unlike Lemmy; while both have a list of instances at /instances, only Lemmy indicates which ones have been defederated from. It was a helpful tool to help me guess the sort of content an instance had.
Like:
lemmy.world/instances
piefed.world/instances
umbrella@lemmy.ml 3 weeks ago
Bloomcole@lemmy.world 3 weeks ago
They are more anti - ml than their beloved ww2 nazi examples.
You can feel them foaming at the mouth.