Email or username:

Password:

Forgot your password?
All posts lainoid the omniscient's posts Back to profile
161 posts total
lainoid the omniscient
lainoid the omniscient
People who talked for years about "if you don't pay you're the product" when a formerly ad-supported service tries to charge money: wow I hope it fucking crashes and burns
20 Sep 2023 at 18:42 | Open on lain.com
lainoid the omniscient
lainoid the omniscient
lainoid the omniscient
lainoid the omniscient
A new Pleroma security release is out that you should install immediately. If you can not do so for some reason, activate filename anonymization.

Thanks to @feld and @lanodan for handling this so quickly!

https://pleroma.social/announcements/2023/08/04/pleroma-security-release-2.5.3/
4 Aug 2023 at 11:20 | Open on lain.com
lainoid the omniscient
Me eating a pizza in front of my gluten + lactose intolerant wife
14 Jul 2023 at 18:55 | Open on lain.com
lainoid the omniscient
lainoid the omniscient
lainoid the omniscient
lainoid the omniscient
lainoid the omniscient
PLEROMA ADMINS READ THIS, AKKOMA TOO

Another important pleroma security post: @alex and @graf found ANOTHER injection bug, and this one was probably used for the attack. I think that single user instances are probably not affected, but I wouldn't want to risk it. Move your media and proxy to a subdomain as alex initially recommended, it's not complicated and takes 15 minutes, and eliminates this whole class of bugs.

Fix is being worked on, but just do the media/proxy thing now so you'll never have to worry about this again.

https://webb.spiderden.org/2023/05/26/pleroma-mitigation/
PLEROMA ADMINS READ THIS, AKKOMA TOO

Another important pleroma security post: @alex and @graf found ANOTHER injection bug, and this one was probably used for the attack. I think that single user instances are probably not affected, but I wouldn't want to risk it. Move your media and proxy to a subdomain as alex initially recommended, it's not complicated and takes 15 minutes, and eliminates this whole...
29 May 2023 at 9:28 | Open on lain.com
lainoid the omniscient
lainoid the omniscient

Just to be clear, if you run a pleroma server, it’s a very good idea to add this to your nginx config immediately:

location ~ ^/(media|proxy) {
        add_header Content-Security-Policy "sandbox;";

Most people will already not be vulnerable to this for a variety of reasons, but this will absolutely stop it.

26 May 2023 at 9:35 | Open on lain.com
lainoid the omniscient
lainoid the omniscient
lainoid the omniscient
lainoid the omniscient
lainoid the omniscient
lainoid the omniscient
Go Up