PSA: Lemmy.world has been compromised! (Edit: Multiple Instances are down)
I’m finding issues with communities not loading posts, comments or general sync issues.
Lemmy's Rust code uses an ORM called Diesel that masks the SQL statements and you really have to watch the PostgreSQL server independently to verify that the SQL isn't doing wild things like loading thousands of records when you only needed 3. Just today people are finally sharing some information out of the big servers (lemmy.world) as to what PostgreSQL side says is actually happening. Hopefully the biggest mistakes are going to get cleaned up quickly.
And I would like to see a federation-wide policy that all bots must be clearly identified as bots (an attribute on their account). And features in the site code to block all bots as a user preference.
The interesting thing about Snowden to me after 10 years is how few times I see the public think about how low-level staff with hardware-level access can bypass all command and control decisions. He was a contractor who just wholesale scooped data off the servers. Nearly 10 years later... Jack Teixeira leaks documents because he has server access to documents outside his immediate need too.
I think a lot of organizations really don't see how vulnerable they are to deliberate attacks and theft - if the NSA can't protect their data 10 years ago, do you really think your mobile phone network provider or these VPN companies are not subject to internal staff selling off data, etc?
image here ![] (https://lemmy.ml/pictrs/image/0332b83a-ab01-4c99-9155-2a08b02fb652.png)
among several others