There’s a follow up by the author:
https://dustri.org/b/follow-up-to-carrot-disclosure-forgejo.html
Including this:
So I ended up sending and email to Forgejo security team, containing: an apology, a bit about my reasoning for proceeding with carrot disclosure, recommendations about what to harden/review, and a bunch of commented exploits/proof-of-concepts as attachment. We’ll see how it goes.
I have wireguard, it’s supported by my router (Fritzbox).
You’re right, I added a question mark.
Thanks for posting, what a wild ride.
The screenshot is supposedly from a Nazi forum and they claim to have infiltrated db0 and possibly other instances by becoming admins.
This screenshot is passed around a lot today. It’s hard to prove it’s authencity because it’d be very easy to just pretend you have infiltrated something and create a chat like this just to stir shit up and damage db0’s “reputation” and the trust between admins.
The mentioned instance’s main admins should look real hard if their other admins are actually doctoring opinions by abusing their admin powers/authorities and check how they’re recruiting their admins. I would imagine it’s not super hard to get into there when moderation in the fediverse is pretty tiring and you appreciate any help.
I don’t follow db0 or the other instances closely so idk how likely it is in this case. Just saying it’s absolutely possible but the screenshot doesn’t prove anything.
I always enjoy the weekly, I’m not using the database admittedly
I forgot about KillTheNewsletter! That’s pretty much what I’m looking for I think, thanks!
The articles are behind non-basic auth, the cookie possibility sounds interesting, but KTN sounds more straightforward for my use case. (Not on FreshRSS)
That sounds pretty good! I can’t be selfhosters apparently though.
You can transport the cargo bike with it!
Yeah I like it a lot. Didn’t use anything else so I don’t have a comparison, but I found most things very straightforward.
It’s getting messy when you have to do non-standard tasks like removing some entries from the database
It’s been a while, but I think I used this: https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#LUKS_on_a_partition
Yes, the dual partition approach is what I usually do with LUKS
It’s not that the scale of greenhouse farming is enormous in Europe. To my knowledge, it’s mostly the Netherlands, and also “niche” crops (compared to the big ones like wheat and corn). Also my guess would be that the structures are more complicated to integrate with PV since greenhouse covers can be switched open/shut.
Europe also mostly has open farming and also usually grows crops that used to be fine with being in the sun all day. The issue is that the summers getting hotter and hotter with the climate change and they are struggling and need a lot of additional watering - or some kind of shade they didn’t need before. I’d assume that’s the same in NA.
The main difference I see between Europe and NA is how densely packed Europe is. Every square cm of land is already used for something, what’s left of natural habitats has to be protected. There’s real competition for space. Land is way more available in NA if I’m not mistaken.
Oh that’s great, thanks! It’s s bit disheartening to see how many fields are covered in PV without doing agri-pv, effectively competing with farming, at least in my area. It seems like agri pv is a purely academic thing for now, at least I haven’t ever read about productive usage. My best guess, aside from steep investment costs, would be that the laws are different for farming and pv (I’m in Germany).
I’m not sure about the no trace part, wouldn’t the higher structures need concrete foundations?
Well they targeted the biggest instance. Their attack didn’t stop mastodon as a whole, but many users were impacted
Depends on what your goal is. .social has half a million active users every month, so it certainly had some impact
Who do you mean with them?
I think they know what they’re doing, bit of a troll. Framed like this in the article: