malloc

joined 1 year ago
[–] malloc@programming.dev 1 points 1 year ago

In consulting, that’s called “after work”. Got to pump those billables

Honestly though, unless it’s a feature that is completely outside the domain of the application. If you have to re-write your entire app then your app was probably dog shit to begin with

[–] malloc@programming.dev 1 points 1 year ago

Based. Thanks for sharing these PRs. Will look over them.

 

Would be cool if we can upload short videos to a peertube instance and embed them into posts rather than relying on reddit, YT, or Vimeo.

I use the browser versions of lemmy and it’s painful to see some posts link to these sites.

[–] malloc@programming.dev 0 points 1 year ago (1 children)

I just want to add a quick note:

From OPs screenshot, I noticed the JS code is attempting to extract the session cookie from the users that click on the link. If it’s successful, it attempts to exfiltrate to some server otherwise sends an empty value.

You can see the attacker/spammer obscures the url of the server using JS api as well.

May be how lemmy.world attackers have had access for a lengthy period of time. Attackers have been hijacking sessions of admins. The one compromised user opened up the flood gates.

Not a sec engineer, so maybe someone else can chime in.

[–] malloc@programming.dev 0 points 1 year ago (2 children)

Lemmy.world instance under attack right now. It was previously redirecting to 🍋 🎉 and the title and side bar changed to antisemitic trash.

They supposedly attributed it to a hacked admin account and was corrected. But the instance is still showing as defaced and now the page just shows it was “seized by reddit”.

Seems like there is much more going on right now and the attackers have much more than a single admin account.