overview for melroy

Google is switching the Pixel 9 to an ultrasonic fingerprint reader in c/android

[-] melroy@kbin.melroy.org -5 points 2 days ago* (last edited 2 days ago)

sorry I can still here it.. I sometimes needs to go to the hospital for a check-up on my heart, and I can hear the ultrasound if the device is going over my head.

Google is switching the Pixel 9 to an ultrasonic fingerprint reader in c/android

Microsoft's Weather app now shows more ads in c/technology@lemmy.world

[-] melroy@kbin.melroy.org 4 points 5 days ago

Try GNU/Linux

The Wine development release 9.12 is now available. in c/linux@programming.dev

[-] melroy@kbin.melroy.org 2 points 5 days ago* (last edited 5 days ago)

You can also mean Windows Is Not Essential..

Wine 9.12 · Released in c/linux@lemmy.ml

[-] melroy@kbin.melroy.org 3 points 5 days ago

Great!

EU Council has withdrawn the vote on Chat Control in c/technology@lemmy.world

[-] melroy@kbin.melroy.org 67 points 2 weeks ago

Indeed, until the next time, where it doesn't have enough news coverage. China 2.0 here we come.

EU Council has withdrawn the vote on Chat Control in c/technology@lemmy.world

[-] melroy@kbin.melroy.org 35 points 2 weeks ago

Damn.. this was almost China 2.0 in EU. This was a close call people... this is not good.

I found a worm on my USB in c/privacy@lemmy.ml

[-] melroy@kbin.melroy.org 113 points 1 month ago

Try to clean your USB stick. Remove the worm and maybe use a cloth to remove the dirt.

Mm.. can someone help? in c/linux@lemmy.ml

[-] melroy@kbin.melroy.org 37 points 3 months ago

What is a backup?

Boiling tap water can remove 90 percent of microplastics in c/science@beehaw.org

[-] melroy@kbin.melroy.org 37 points 4 months ago

uh... it seems like it.. if that is the case, the whole article is misleading at best.

38

I saw today the infamous pop-up of YouTube again that they will block the video player after 2 more videos if I keep using uBlock Origin. ** Google. (kbin.melroy.org)

submitted 8 months ago by melroy@kbin.melroy.org to c/privacy@lemmy.ml

34 comments fedilink

I saw today the infamous pop-up of YouTube again that they will block the video player after 2 more videos if I keep using uBlock Origin. ** Google.

1

Use env variables in Docker Compose file (kbin.melroy.org)

submitted 8 months ago by melroy@kbin.melroy.org to c/til@kbin.melroy.org

0 comments fedilink

Some people might think you can only use or set environment variable of the service in docker compose eg.:

my-service:
  image: lts-alpine
  environment:
    MY_SECRET_KEY: ${MY_SECRET_KEY}

But the same ${} syntax can be used to set a version of Docker image of PostgreSQL, like in this example below:

my-service:
  image: postgres:${POSTGRES_VERSION:-13}-alpine

If nothing is set, version 13 is the fallback value. Now you can set POSTGRES_VERSION environment via your shell. Or leverage the .env file of Docker:

POSTGRES_VERSION=16

When running: docker compose --env-file .env up, Docker should now use PostgreSQL v16 Alpine as Docker image.

Bonus: The docker-compose.yml filename is an old filename, use compose.yml from now. Same for other Compose files like compose.override.yml.

More info: https://docs.docker.com/compose/environment-variables/set-environment-variables/ and https://docs.docker.com/compose/environment-variables/set-environment-variables/

[News, Call for Action] The U.K. Government Is Very Close To Eroding Encryption Worldwide in c/technology@beehaw.org

[-] melroy@kbin.melroy.org 32 points 11 months ago

I doubt that E2E services will care. Matrix will not change. Just like many other services. They are just insane. You can't also just break TLS in UK only. haha they are crazy.

RIP Twitter’s iconic bird logo in c/technology@beehaw.org

[-] melroy@kbin.melroy.org 30 points 11 months ago

The real x logo is of course from Xorg. Never forget that.

3

Fediverse Observer Map View (kbin.fediverse.observer)

submitted 11 months ago by melroy@kbin.melroy.org to c/kbinMeta@kbin.social

0 comments fedilink

You can also use the map feature of fediverse.observer to pick your new kbin instance.

1

TIL Lemmy.world got hacked - Details (kbin.melroy.org)

submitted 1 year ago by melroy@kbin.melroy.org to c/til@kbin.melroy.org

0 comments fedilink

Lemmy was/is vulnerable for XSS attacks.

Hackers try to inject JavaScript code that tries to steal your (ideally admin) cookie credentials. It seems that the admin account of lemmy.world was compromised this way (MichelleG). Other instances aren't safe either. Which could point to the custom emojis feature in the federate comments, meaning a lot of external instances could be effected by now.

Incorrect escaping of user input data could lead to these issues. Kbin just recently discovered a similar regression issue and which has been solved by now. But it seems that Lemmy was or still is vulnerable to this attack factor.

Mitigation action Lemmy users: You might want to disable JavaScript in the meanwhile.

Mitigation action for Lemmy server owner: Disable custom emoji:

DELETE FROM custom_emoji_keyword;
DELETE FROM custom_emoji;

Clean-up the exploit content:

UPDATE comment SET content = '<REMOVED BY ADMIN>' WHERE content LIKE '%![" onload%';
UPDATE private_message SET content = '<REMOVED BY ADMIN>' WHERE content LIKE '%![" onload%';
UPDATE post SET body = '<REMOVED BY ADMIN>' WHERE body LIKE '%![" onload%';
UPDATE post SET name = '<REMOVED BY ADMIN>' WHERE name LIKE '%![" onload%';

Rotate your JWT secret (invalidates all current login sessions):

UPDATE secret SET jwt_secret = gen_random_uuid();

Note: Even just opening a link to a vulnerable Lemmy instance could allow hackers to steal your cookies or sessions credentials. Therefore I will not share or allow people to share URLs of comprised / vulnerable instances.