this post was submitted on 18 Oct 2023
33 points (92.3% liked)

Fediverse

28380 readers
1032 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
 

Hey all, I'm fairly new to the Fediverse.

I'm just wondering what is preventing mallard from being shared on Lemmy, K.Bin, etc. via images or other embeds? Is there some file vetting happening under the hood?

all 17 comments
sorted by: hot top controversial new old
[–] bernieecclestoned@sh.itjust.works 48 points 1 year ago (3 children)

Duck sharing is prohibited

[–] 9point6@lemmy.world 26 points 1 year ago (1 children)
[–] kakes@sh.itjust.works 10 points 1 year ago

We've been infiltrated.

[–] SatanicNotMessianic@lemmy.ml 15 points 1 year ago

Lemmy is actually full of quack addicts.

[–] Karlos_Cantana@sopuli.xyz 6 points 1 year ago

Phew! That's a load off my mind. I've been worried about that for a long time.

[–] Blaze@discuss.tchncs.de 13 points 1 year ago

Welcome,

There were issues a while back, which were fixed in security patches.

[–] Carighan@lemmy.world 9 points 1 year ago

Yes, all your mallards should be thoroughly vetted.

[–] CorrodedCranium@leminal.space 9 points 1 year ago (1 children)

Wasn't work done not too long ago with emojis or something?

[–] ram@bookwormstory.social 3 points 1 year ago (1 children)

Custom emoji was one, and another one in July(?) was in sidebars not being sanitized

[–] CorrodedCranium@leminal.space 1 points 1 year ago (1 children)

What do you mean by sanitized?

[–] ram@bookwormstory.social 2 points 1 year ago (1 children)

Stripped of executable code. IIRC the issue in particular was that sidebars observed HTML and you could put an iframe with potentially malicious code into them.

[–] CorrodedCranium@leminal.space 2 points 1 year ago

Interesting. Once the development of Lemmy slows down a couple years from now it would be interesting to see a video detailing the hiccups around its growth

[–] Synthead@lemmy.world 8 points 1 year ago (1 children)

Hopefully you're not using an image reader that's shitty enough to have vulnerabilities like this 🤨

[–] KinNectar@kbin.run 2 points 1 year ago (2 children)
[–] Synthead@lemmy.world 5 points 1 year ago

I wouldn't worry about Chrome having vulnerabilities in its image readers.

[–] llii@feddit.de 1 points 1 year ago

I would say that a zero-day for chrome would be far too valuable. Except you're the target of an entity that has a few millions to spare.