The one reserved for residential usage is home.arpa
.
Looks like lemmy.blahaj.zone is back
Realizing this blew my mind. Definitely more interesting than following people.
Tough call, probably for the best. Hopefully it’s resolved soon.
I think that’s right on the money.
The sophistication is impressive, using emojis. Are people getting paid to find the vulnerabilities or are they just bored??
Curl didn’t return anything. They’re likely just using it to log requests since the request path contains the data they need.
I’d be willing to bet they’re using the API to make all the changes. The cookie has the jwt token. I don’t believe you need the username (at least judging by the js API docs).
Looks like it’s issuing a GET to https://zelensky.zip/save/{ENCODED_JWT_TOKEN_AND_NAV_FLAG}
.
The ENCODED_JWT_TOKEN
is from btoa(document.cookie+nav_flag)
where nav_flag
is essentially 'navAdmin'
if the account hit is an admin or ''
if the user hit is not an admin (it checks if the admin button in the nav exists). Their server is likely logging all incoming requests and they just need to do a quick decoding to get jwt tokens and a flag telling them if it’s an admin account.
I’d be hesitant to visit Lemmy on a browser atm 😓
Yep, Lemmy is filling a Reddit-shaped hole. It’s a bit different but nice.
Hopefully there’s more research done. It doesn’t sound like it’s “absolutely carcinogenic”.
The “radiofrequency electromagnetic fields” associated with using mobile phones are “possibly cancer-causing”. Like aspartame, this means there is either limited evidence they can cause cancer in humans, sufficient evidence in animals, or strong evidence about the characteristics.
That’s awesome, glad you were able to find a solution!
r/latinopeopletwitter
Maybe an issue with ram? Could be loose, dusty, going bad.
It sounds pretty awesome. Just wondering if adding additional complexity to the setup is worth it to obfuscate my home IP. Easily setting up redundancy is a good feature in that regard though.
Oooh thanks for the tip about frp
. Interesting.
It really depends on the company that you use to manage the domain’s DNS. As long as they have an API to update DNS records…
For example, I can have my domain at Porkbun and have its DNS managed at Cloudflare. Cloudflare allows updating DNS records via API…so there’s programs to update it. Some routers even support it.
Worst case, you can set up a service like duckdns and have your domain, via cname, point to the duck DNS subdomain.
There’s options.
Looks like the instance is on the latest RC which includes the fix for the vulnerability.