I've seen people have similar issues on my issue tracker. Turns out it was caused by Cloudflare's JS minimization or rocket-loader being enabled. Something changed in 0.18.3 that made it incompatible with those Cloudflare features. If you use the Cloudflare proxy to serve your site, you will need to turn those off.
No. It's very likely. Not every company is run like a FAANG company with everything under a microscope. At your average company, it's extremely common for individual teams to just have their own cloud service accounts for internal team use, not as tightly controlled as a company's production cloud services account. I'd argue most of them are very loosely managed by a single person, letting said person do pretty much whatever they want.
And if those accounts have thousands of dollars in AWS credit or something, this could run under the radar for up to 6 months uninterrupted, depending on when the credits expire. Most credits are handed out for free from the cloud service provider with no cost auditing or anything of the like.
I'm in a position where I could do this myself at work with very low risk of getting caught. I just have no interest in doing so, and I'd rather not be fired if I did get caught. But it's definitely possible.
No one is calling you a cheapskate. It's just that when you said this:
its not a noble cause to pay some dude who made an app we dont need
...in context, it comes off as "Sync is not necessary to exist, therefore no one should pay him."
I understand what you mean now, but you worded it terribly.
And by the way, going around in the comments being unnecessarily hostile and calling people "dumbfuck" or "asshole," when they were just as confused at your poor phrasing, makes you come off as an asshole, so maybe work on that :)
its not a noble cause to pay some dude who made an app we dont need
Do you think professional independent developers shouldn't be paid for their work? Do you think this kind of development is effortless?
I don't understand why people keep parroting this. The app is free. It's a professionally developed app, where the quality tradeoff is either ads (which can be blocked) or your choice of ad removal payments.
This isn't some company trying to exploit the community here, this is a full time app developer who just had his livelihood completely cut off. People begged him to make a version for Lemmy, and he did. He deserves to be paid for the hours and work he put in to make it happen. You can't make an app if you can't buy food or pay rent.
And if you don't like that, then don't use it. He's never pressured users into paying, and he's never suggested everyone on Lemmy should just send him money. He isn't even spamming posts advertising the app, enthusiastic users are.
As it turns out, the issue I was having earlier was due to CloudFlare blocking my login due to activity that looked like a bot. I cleared that rule and I'm all good now
I'm trying to figure out how it's trying to log in, but log parsing in Lemmy is so hard when the server is shooting 2,000 lines per second. Other apps work fine with the same password.
I love seeing all the CrossCode recommendations, and on Lemmy of all places. Here I thought no one knew about it!
Easily my favorite game of all time. I don't think it ever drops the ball, the combat is awesome, the story is incredible, and the characters are so well written that you'll think they're actually real people.
The biggest criticism is the game's puzzles, but they aren't really as bad as some (very impatient) people make them out to be, and there are options to decrease the difficulty of the puzzles.
I'm not advocating for running containers as root, I was correcting your suggestion that container breakouts are trivial and easy to perform. But let's walk through those 2022 breakout vulns shall we? I even found one more.
CVE-2022-0847 - DirtyPipe, a Linux kernel vulnerability, and one of the most major and prolific Linux kernel vulns to date. In addition, it wouldn't have mattered if the container ran as root or not, this was a significant Linux kernel flaw. In fact, the PoC runs the container as an unprivileged user.
CVE-2022-0492 - Needed CAP_SYS_ADMIN to be exploitable, isn't exploitable anymore, and falls under my remark of "the user doing something stupid."
CVE-2022-0492 - Vulnerability due to cgroups, and wouldn't be exploitable as a root container user unless a very specific set of 5 prerequisites were met. "Just being root" was not enough for exploitation.
CVE-2022-23648 - Was a read-only vulnerability relating to volume mounts, root vs non-root was not relevant to the vulnerability, and it only allowed for "breakout" in situations where you're running in a Kubernetes cluster and the container can read service account tokens. Running as a non root user would not have prevented this.
I'm not saying "running as root doesn't matter," running as a non root user is a best practice, yes. But breakout vulns are more rare and harder to exploit than even your response to me is trying suggest.
ubergeek77 @ ubergeek77 @lemmy.ubergeek77.chat Posts 3Comments 168Joined 2 yr. ago
Does the missing comment show up in the Lemmy web UI?
I think this just happens when a comment gets deleted. Sync can show the child comments, but the Lemmy UI just hides the entire thread.