In consulting, that’s called “after work”. Got to pump those billables
Honestly though, unless it’s a feature that is completely outside the domain of the application. If you have to re-write your entire app then your app was probably dog shit to begin with
Probably questions that can be answered by RTFM
Intel had something like this as well (side channel attack?). I remember it because Linus Torvalds (creator of Linux kernel) ripped Intel a new one.
Also a reminder for me to add IPv6 support for my personal site. I think most cloud providers are able to offer dual ipv4/v6 support if you ask for it/configure it.
Honestly, once it reaches critical mass. It will mean the end of PayPal, Venmo et al AND the credit card industry as a whole.
There’s something weird about “protesting” a site by continuing to use their site. Hopefully it’s just bot traffic flooding /r/place rather than real people coordinating in real time.
You might have something here. Development would be easy but maintenance and moderation is another beast.
.io, .org, and .app are pretty good.
.xyz for fun ideas.
.dev for the obvious
.corp if you are an incorporated company in the US.
Kind of cool if your production infrastructure can match. But for most companies (ie, Fortune 500 and some medium companies) implementing this would need a force majeure.
Decades of software rot, change in management, change in architecture, waxing and waning of software and hardware trends, half assed implementations, and good ole bottom tier software consultation/contractors brought into the mix make such things impossible to implement at scale.
Once worked at a company where their onprem infra was a mix of mainframe, ibm / dell proprietary crap, Oracle vendor locked, and some rhel/centos servers. Of course some servers were on different versions of the OS. So it was impossible to setup a development environment to replicate issues.
For the most part, that’s why I still use docker for most jobs. Much easier to pull in the right image, configure app deployment declaratively, and reproduce the bug(s). I would say 90% of the time it was reproducible. Before docker/containerization it was much less than that and we had to reproduce in some non production environment that was shared amongst team.
I just want to add a quick note:
From OPs screenshot, I noticed the JS code is attempting to extract the session cookie from the users that click on the link. If it’s successful, it attempts to exfiltrate to some server otherwise sends an empty value.
You can see the attacker/spammer obscures the url of the server using JS api as well.
May be how lemmy.world attackers have had access for a lengthy period of time. Attackers have been hijacking sessions of admins. The one compromised user opened up the flood gates.
Not a sec engineer, so maybe someone else can chime in.
Lemmy.world instance under attack right now. It was previously redirecting to 🍋 🎉 and the title and side bar changed to antisemitic trash.
They supposedly attributed it to a hacked admin account and was corrected. But the instance is still showing as defaced and now the page just shows it was “seized by reddit”.
Seems like there is much more going on right now and the attackers have much more than a single admin account.
Wow you actually get logs from the other devs? I get fucking screenshots of abbreviated stack traces. Often not even the relevant portion of the stack trace or log.