• 8 Posts
  • 408 Comments
Joined 1 year ago
cake
Cake day: June 2nd, 2023

help-circle








  • I can see both angles of this. Especially since the original disclosure didn’t have the full detail of how it could be exploited to access company systems, and they (the writeup author) never disclosed that update.

    You can see how a large company (Zendesk) could miss this in the multitude of people trying to claim bug bounties. I fully believe that had they understood the issue they should have fixed it, since it’s within their power and basically a service to their clients. But I can understand how the limited detail in the original disclosure demonstrated a much lower level risk than the end exploit that was never reported.



  • They aren’t trying to actually send from that email, they are trying to create an Apple ID that lets them log in using that email effectively as a username. And Slack will add people to the internal Slack if the email is a company email address.

    To open that account, they need to prove to Apple they own the account. They sign up with Apple and say their email address is [email protected], then Apple sends them a code to verify it’s their email.

    They can’t actually receive the verification email, because it’s not their email. That’s where the exploit comes in. It’s very important that this email address is the one that forwards emails to Zendesk. The verification email from Apple goes to Zendesk, then they use the exploit to see the history of the zendesk ticket, which includes the verification code.



  • I’m not gonna subscription my heated car seats but search is a service that costs an ongoing amount to provide. The subscription isn’t significant, it’s $5 a month for 300 searches (or $10 for unlimited).

    I know we’ve been conditioned to expect search for free, but if we want to get away from the “the user is the product” model then I think it’s a good thing to have a subscription to a service that has ongoing costs to provide.





  • Dave@lemmy.nzOPtoSelfhosted@lemmy.worldThoughts on HumHub?
    link
    fedilink
    English
    arrow-up
    2
    ·
    23 days ago

    For the wiki option, perhaps the wiki is just where the posts are made then you share the link in a chat app or something. Then the reactions could be in the chat app?

    Or for the HumHub or Zusam options, maybe you could add the reactions/gifycat integration. The platforms seem like they would work well with them if someone would just contribute that functionality.


  • Dave@lemmy.nzOPtoSelfhosted@lemmy.worldThoughts on HumHub?
    link
    fedilink
    English
    arrow-up
    1
    ·
    24 days ago

    See, I don’t believe this. It’s possible the project would die, but so often have popular projects lost their maintainers, and new people step in. They fork it, or have a peaceful transition of ownership, but the project carries on.

    With Zusam, I don’t think it’s got that much of a following yet. I haven’t heard of anyone on a self-hosted forum actually using it. Plus current development is slow (last release almost a year ago), so I do think it would die if the dev abandoned it.

    Yeah, that was an interesting avenue; I suspect the user client experience will be where that fails for me. It can’t require any technical expertise.

    I’m thinking that most of the non-technical people would be reading only, so it might be ok.

    At this point I’m thinking of setting up a HumHub, a wiki (maybe Dokuwiki), and Zusam, and getting some of my most interested people in as a trial and see which one they prefer.

    None of these options have emoji reactions or gifycat integration, though.


  • Dave@lemmy.nzOPtoSelfhosted@lemmy.worldThoughts on HumHub?
    link
    fedilink
    English
    arrow-up
    1
    ·
    25 days ago

    I think largely we are aligned on what we are looking for in a platform. The private blog idea is interesting. I normally consider blogs as public, are there private blog platforms?

    So much of PhotoPrism is built on free libraries; the project uses something like 120 OSS libraries. How much of their income do you think they contribute to those projects who’s work their taking advantage of?

    I don’t see it like that. OSS is people releasing their work allowing it to be used commercially without limitation (other , it’s what they wanted when they picked the licence, or they would have picked a different one.

    Actually, I don’t have any issue with anyone charging for their software, either; it’s just that I won’t use it, and I don’t trust quasi-free projects. That’s just from experience. Most end badly, either by being bought out and going totally commercial, or just slow enshittification for the non-paying customers.

    On the other hand, projects die when the maintainers lose interest. I would like a platform that I know is going to stick around. That’s a difficult ask though, if it’s a company like HumHub, it’s very possible if the company goes under it will just die. On the other hand, something like Zusam, if the maintainer loses interest it will likely also die. It would be nice to have some confidence in the longevity of the platform before diving full steam onto it. But I guess at this point, finding something that works is hard enough, without worrying about that!

    I do have reservations about HumHub, but it’s the first platform I’ve seen that even comes close to being a familiar feel for users. I’m considering the other idea of using Dokuwiki as well, which I guess comes in as being more similar to your blogging idea.


  • I do see Lemmy.world admins take quick action when it’s raised to then. However, Lemmy does not differentiate between community and admin reports, so using the normal report function may not be enough. Lemmy.world has a separate process for when an admin needs to be contacted.

    I have seen that issues raised on Lemmy.blahaj.zone get raised directly from their admin to to lemmy.world admins, and then there is swift action. Another reason blahaj is a good instance for someone who is gender diverse, the admin doesn’t hesitate to go in to bat for their members