This protects the database from a breach, but someone can set up an instance and collect the passwords from the logs:
As far as I can tell with my very limited experience, back-end encryption is the standard. One trusts the host not to steal their passwords from the logs, so protecting the data in the case of a breach is good enough. I think that it would make sense for the standard in the Fediverse to be different. Passwords should be encrypted by the client by default, and then re-hashed back-end.
It is also possible that what I am saying does not make sense in practical grounds - this is just something that surprised me while looking through the logs. I was under the wrong impression that plain text passwords were never accessible before looking into this topic.
I would be happy to see client-side password hashing implemented.
I understand that responsibility of using unique passwords falls on the user, and maybe a truly malicious instance would be able to remove the hashing (although I think that it would be possible to check if non-hashed passwords leave the client). However, the reality is that many people still re-use their password for many websites and do not use 2FA when not required. Password hashing would reduce the level of trust required of the instance makers.
On a similar vein, it would be nice to anonymize the ip addresses that are printed to the docker logs if possible, similar to the nginx logs. I think that this would be easier to undo for a malicious instance, but at least they would need to have a bit more technical knowledge to get to this information.
I have looked a bit into it. In case anyone is curious, I believe that the authorities found the e-mail in question (jmm18@protonmail.com) here:
https://paris-luttes.info/occupation-d-un-local-du-petit-14575?lang=fr
And/or here:
https://radar.squat.net/fr/event/paris/local-du-h/2021-02-24/ag-publique
Thanks! I installed 0.10.2 successfully.
EDIT: /instances does not show up anymore. It seems to also not be working for lemmy.ml
Cool, thanks. I meant the file that is linked in the tutorial on how to update:
https://raw.githubusercontent.com/LemmyNet/lemmy/main/docker/prod/docker-compose.yml
I will wait a bit longer for 0.10.2 then.
Aha, thanks. This might explain the gateway errors I experienced when trying to build using the 10.0.0 image.
I also notice that the docker-compose file still points to the lemmy-ui 0.9.9 - should I build using that version, or should I upgrade my UI image to the 10.0.1?
Last thing - if I pull the released lemmy and lemmy-ui tags (10.1.1) from github now and build my images from those, should those work fine? Or are these untested development versions?
Interesting perspective!
For me the dislike is not so much about the socialization, but rather the demand for immediate attention that the call requests. I always happen to get calls during work hours in the middle of experiments. I just let it ring and text back later, but I always make sure to take a bit longer than if they had just texted, hehe.
- @Zalamander@lemmy.ml to Lemmy instances@lemmy.ml
- •
- mander.xyz
- •
- urte bat
- •
A massive news aggregator that uses AI to be able to categorize news from all around the world in a way that allows one to filter through news articles with specific biases. This would make it easier to get a more balanced picture of world events, and would be an excellent research tool to study propaganda.
Do you know about Project Euler? https://projecteuler.net/
It contains a mixture of math and programming problems, and a similar name to the one you propose! :-)
- @Zalamander@lemmy.ml to
- •
- urte bat
- •
You can take a look at the lemmymap: https://lemmymap.feddit.de/
Click on “instance 30d” or “growth” so that the size of the points is proportional to their users or growth.
Originally posted here: https://feddit.de/post/184