Lemmy.world instance under attack right now. It was previously redirecting to 🍋 🎉 and the title and side bar changed to antisemitic trash.

They supposedly attributed it to a hacked admin account and was corrected. But the instance is still showing as defaced and now the page just shows it was “seized by reddit”.

Seems like there is much more going on right now and the attackers have much more than a single admin account.

There’s something weird about “protesting” a site by continuing to use their site. Hopefully it’s just bot traffic flooding /r/place rather than real people coordinating in real time.

I just want to add a quick note:

From OPs screenshot, I noticed the JS code is attempting to extract the session cookie from the users that click on the link. If it’s successful, it attempts to exfiltrate to some server otherwise sends an empty value.

You can see the attacker/spammer obscures the url of the server using JS api as well.

May be how lemmy.world attackers have had access for a lengthy period of time. Attackers have been hijacking sessions of admins. The one compromised user opened up the flood gates.

Not a sec engineer, so maybe someone else can chime in.

Honestly, once it reaches critical mass. It will mean the end of PayPal, Venmo et al AND the credit card industry as a whole.

In consulting, that’s called “after work”. Got to pump those billables

Honestly though, unless it’s a feature that is completely outside the domain of the application. If you have to re-write your entire app then your app was probably dog shit to begin with

Probably questions that can be answered by RTFM

You might have something here. Development would be easy but maintenance and moderation is another beast.

Intel had something like this as well (side channel attack?). I remember it because Linus Torvalds (creator of Linux kernel) ripped Intel a new one.

Older scrum masters during the daily standup and trying to do live updates to the JIRA board

Turned 15 minute meeting into 30 minutes at times lol.

Kind of cool if your production infrastructure can match. But for most companies (ie, Fortune 500 and some medium companies) implementing this would need a force majeure.

Decades of software rot, change in management, change in architecture, waxing and waning of software and hardware trends, half assed implementations, and good ole bottom tier software consultation/contractors brought into the mix make such things impossible to implement at scale.

Once worked at a company where their onprem infra was a mix of mainframe, ibm / dell proprietary crap, Oracle vendor locked, and some rhel/centos servers. Of course some servers were on different versions of the OS. So it was impossible to setup a development environment to replicate issues.

For the most part, that’s why I still use docker for most jobs. Much easier to pull in the right image, configure app deployment declaratively, and reproduce the bug(s). I would say 90% of the time it was reproducible. Before docker/containerization it was much less than that and we had to reproduce in some non production environment that was shared amongst team.

Also a reminder for me to add IPv6 support for my personal site. I think most cloud providers are able to offer dual ipv4/v6 support if you ask for it/configure it.

Wow you actually get logs from the other devs? I get fucking screenshots of abbreviated stack traces. Often not even the relevant portion of the stack trace or log.

True story. Next car I own will be a manual. Won’t even bother setting up the electronic junk if it comes with it.

So 2013-2014? Lol

I quickly looked through the #news tag, not seeing this. I guess those bots were active at the time?

It’s all in prep for the pump and dump when it IPOs.

Is the service you are using allow you to download the music DRM free, or is it only streamable?

If it’s the latter, might want to reconsider. Just like movies purchased on these platforms (Apple, Amazon, Microsoft, …), the license holder of the intellectual property (IP), usually the record/music company, can pull their content from these platforms at any time and you will not be reimbursed.

First time user of firefish. Kind of like the UI. “Global” section is kind of chaotic. Guess that’s just the fediverse for ya

Long time ago, it was probably due to overcrowding. Very easy to get shit quality of service once it hits a certain time of day.

But with advances in wireless technology (backhaul, 5Ghz, MIMO, …) I think that’s no longer the case.

Reminds me of “The Password Game” 😂

Hygieia — the goddess of cleanliness

Based. Thanks for sharing these PRs. Will look over them.

This is what banking looks like if you are poor, unfortunately.

Those cash checking places are fucking evil. Then the payday loan companies with usury…

Honestly, many of my colleagues need to use this instead of the balls of mud they manage to create.

In a way, cooking still has that “deprecation” feel. Like when you use a kitchen tool that is like 2 orders of magnitude above what you are currently using.

For me it was knives. It was a serrated knife set that was a gift and got me through college. Once I got a real job and could get something of quality. A friend recommended I change out my knives for a chef quality knives. Started out with some Global knives and have never went back to my old set. Been slowly adding over time (ie, bread knife, cleaver, paring).

Also, switched from non-stick to stainless steel because fuck PFOA. Also picked up a quality rice cooker from Zojirushi.

Technique can get you very far in cooking, but to make that dish perfect got to have the right tools.

Been using the Apple Watch for the past 3 years (currently on the Ultra) and have been loving it. I’m not a serious athlete but use it to track my daily walks/runs. It keeps me honest and active.

Plus I have a data line for my watch so I can ditch my phone and still talk, text, and check emails as needed. I hate to admit it but I have completed many meetings with just my Apple Watch + AirPods while on a run/walk.

Also, it acts as a wallet replacement for the most part. ~8 out of 10 times I can tap and pay with my watch. I only keep 1 physical card and my state ID on me.

Credit card rewards are really not worth it. These programs are largely funded by the fees that are charged to merchants which are ultimately passed on to you at time of purchase.

I would much rather have reduced costs of goods rather than have paltry credit card reward programs.

Processing transactions with credit cards incurs fees from middlemen and unnecessarily complicates the merchant-buyer relationship. The merchant ends up paying these fees and ultimately passes this cost to the consumer in the form of a 3-5% or more markup of goods. In some cases, even cash customers are paying the hidden markup as well.

With FedNow, this has the potential to bypass all of this messiness and severely undercut debit and credit card processing networks. Thus slowly bleeding them out of market share.

I can definitely see a new market segment of payment processing which disrupts the existing status quo. Could very easily cover expenses of running the operation on a shoe string budget, charge 1-2 cents per transaction, and become profitable in just under a year (assuming high adoption).

In the end, smaller merchants are able to compete or in some cases undercut bigger stores since they are saving money on CC fees. Consumer has the benefit of more competition in the market and getting that better price. Overall decreased cost of living.

Only in read only mode.

My work place is doing something similar. RTO (return to office) by some date near the end of the year. Failure to comply will result in some penalty or termination.

I don’t understand it. WFH has proved to be the same if not more productive than working in some stupid office. Company revenues and profits at highest point ever.

What’s even more fucking stupid is that the company is retiring some of their real estate in an attempt to save on costs yet they push this forced RTO.

The email they sent out was also a fucking joke — citing “tO pReSeRvE oUr UnIqUe CuLtUrE” bullshit that I have seen at other companies. It’s like they all hire the same PR firm to do their copywriting.

Makes you wonder if these executives are also well invested in corporate real estate. Thus the push towards RTO across the board.

This is the only way. Except some services don’t even accept those randomly generated ones. Only a slight inconvenience to add whatever special character they want or to trim the length.

Chromium should be gucci though