Skip Navigation

User banner

Tiff

@ ticoombs @reddthat.com

Posts
87
Comments
20
Joined
3 yr. ago

Self Proclaimed Internet user and Administrator of Reddthat

  • sysadmin community on different instances

    Jump

  • Subscribe to all of them. It isn't an issue. In the next Lemmy version should have Multi community support too. Which should help solve things a little. (So then you can group them all into one).

    Also with it on different domains, it means that there is a benefit for the longevity of the sysadmin (or any) community. As if one domain goes dark the others will work :)

  • Wholesome

    Jump

  • If catbox wasn't down, I'd be able to comment more on it, but let's try to keep things Wholesome. Including comments please?

    Thanks

  • Fake ‘One Battle After Another’ torrent hides malware in subtitles

    Jump

  • No/yes. in a text file, there are commands to run, and then made a script to run those commands. They then make the script look like a "double click this to get it to work". Nothing new

  • Photo issue

    Jump

  • Thanks. We sorted it!

  • TechSploits @reddthat.com
    Tiff @reddthat.com

    Discord Data Breach - 1.5 TB of Data and 2 Million Government ID Photos Extorted

    cybersecuritynews.com /discord-data-breach-sensitive-data/
  • TechSploits @reddthat.com
    Tiff @reddthat.com

    APT Down - The North Korea Files

    phrack.org /issues/72/7_md
  • TechSploits @reddthat.com
    Tiff @reddthat.com

    Red Hat confirms security incident after hackers breach GitLab instance

    www.bleepingcomputer.com /news/security/red-hat-confirms-security-incident-after-hackers-claim-github-breach/

  • Would anyone have any issues to switch to !wholesome@reddthat.com ? Thay way we ensure communities are spread across different instances

    Jump

  • <3

  • TechSploits @reddthat.com
    Tiff @reddthat.com

    Modchipping a fridge – Kennedn's Blog

    kennedn.com /blog/posts/fridgepwn/
  • TechSploits @reddthat.com
    Tiff @reddthat.com

    Wanted to spy on my dog, ended up spying on TP-Link – Kennedn's Blog

    kennedn.com /blog/posts/tapo/
  • TechSploits @reddthat.com
    Tiff @reddthat.com

    Identity 4 - 2025 | Racintosh Plus

    www.identity4.com /2025-racintosh-plus/
  • TechSploits @reddthat.com
    Tiff @reddthat.com

    ssh into hypervisor root shell no password = JunOS

    social.hackerspace.pl /@patryk/115192387402327939
  • Deleted

    Permanently Deleted

    Jump

  • It's been sorted on our side! Thanks for the pings

  • What are You Working on Wednesday

    Jump

  • Fixing all of my Devs PHP8 code which linted fine but in practise isn't working. :)

  • TechSploits @reddthat.com
    Tiff @reddthat.com

    iOS 18.6.1 0-click RCE POC CVE-2025-43300.md - b1n4r1b01/n-days

    github.com /b1n4r1b01/n-days/blob/main/CVE-2025-43300.md
  • TechSploits @reddthat.com
    Tiff @reddthat.com

    Copilot Broke Your Audit Log, but Microsoft Won’t Tell You

    pistachioapp.com /blog/copilot-broke-your-audit-log
  • TechSploits @reddthat.com
    Tiff @reddthat.com

    How We Exploited CodeRabbit: From a Simple PR to RCE and Write Access on 1M Repositories

    research.kudelskisecurity.com /2025/08/19/how-we-exploited-coderabbit-from-a-simple-pr-to-rce-and-write-access-on-1m-repositories/
  • TechSploits @reddthat.com
    Tiff @reddthat.com

    Newly discovered WinRAR exploit linked to Russian hacking group, can plant backdoor malware — zero day hack requires manual update to fix

    www.tomshardware.com /tech-industry/cyber-security/newly-discovered-winrar-exploit-linked-to-russian-hacking-group-can-plant-backdoor-malware-zero-day-hack-requires-manual-update-to-fix
  • TechSploits @reddthat.com
    Tiff @reddthat.com

    I spent 6 years building a ridiculous wooden pixel display

    benholmen.com /blog/kilopixel/

  • Vulnhuntr: Open-source tool to identify remotely exploitable vulnerabilities

    Jump

  • Only for python codebases :(

    If only there was a nice php version

  • TechSploits @reddthat.com
    Tiff @reddthat.com

    How I hacked my washing machine - Nex's Blog

    nexy.blog /2025/07/27/how-i-hacked-my-washing-machine/
  • TechSploits @reddthat.com
    Tiff @reddthat.com

    SharePoint 0-day uncovered (CVE-2025-53770)

    research.eye.security /sharepoint-under-siege/
  • Deleted

    Permanently Deleted

    Jump

  • Oops! Sometimes we admins like to joke around!

  • Deleted

    Permanently Deleted

    Jump

  • Hey! Sorry for the joke, I didn't expect it to be seen by a real user!

    As we are one of the very few instances that has a no email policy there is very few ways in which we can determine if a person signing up is a bot or a regular user.

    Recently a very very specific person or group of people have been abusing Reddthat to create accounts, then ask interesting questions (let's just say that), and then proceed to delete their account (which deletes all of their posts and comments). This makes it impossible to figure out what they have done unless someone quotes the reply or reports it before they delete it.

    I'm sorry you got caught up in the little bit of fun us admins have with writing little anecdotes or fun catch phases!

    You are welcome to come say hi on Reddthat any time!

  • TechSploits @reddthat.com
    Tiff @reddthat.com

    Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack

    www.securityweek.com /millions-of-cars-exposed-to-remote-hacking-via-perfektblue-attack/
  • TechSploits @reddthat.com
    Tiff @reddthat.com

    CVE-2025-48384: Breaking git with a carriage return and cloning RCE

    dgl.cx /2025/07/git-clone-submodule-cve-2025-48384

  • Weekly thread - How is everyone doing with their communities? Has everyone with a lemm.ee community settled to a new location yet?

    Jump

  • Single user? We have 300+ users who actively call Reddthat home and we won't be going anywhere. We are nearly cash flow positive thanks to our amazing users and recurring donations.

    I've seen your posts and as your mod on !aom i'd be happy to make you mod of our !rts community to help grow it!

    Edit: I know @reddthat@reddthat.com would love the help

  • TechSploits @reddthat.com
    Tiff @reddthat.com

    Finding an SOQL Injection 0-Day in Salesforce

    mastersplinter.work /research/salesforce-sqli/
  • TechSploits @reddthat.com
    Tiff @reddthat.com

    Root Shell on Credit Card Terminal

    stefan-gloor.ch /yomani-hack
  • TechSploits @reddthat.com
    Tiff @reddthat.com

    Beating the kCTF PoW with AVX512IFMA for $51k

    anemato.de /blog/kctf-vdf

  • Lemmy AMA March 2025

    Jump

  • Federation between Onion and Standard Domains that way tor users would not be isolated

    This is the hardest part as you would need to be both have an onion and have a standard domain, or be a tor-only Federation.

    You can easily create a server and allow tor users to use it, which unless a Lemmy server actively blocks tor, you'd be welcome to join via it. But federation from a clearnet to onion cannot happen. It's the same reason behind why email hasn't taken off in onionland. The only way email happens is when the providers actively re-map a cleanet domain to an onion domain.

    This is what Lemmy would need to do. But then you would have people who could signup continuously over tor and reek havok on the fediverse with no real stopping them. You would then have onion users creating content that would be federated out to other instances. & User generated content from tor users also is ... Not portrayed in the best light.I'm sure someone will eventually create an onion Lemmy instance, but it has it's own problems to deal with.This is especially true for lack of moderation tools, automated processes, and spammers who already are getting through the cracks.

  • Lemmy AMA March 2025

    Jump

  • I can confirm the sections around downvotes as Reddthat has the stance exact what you are talking about (re your child comments)

    A downvote disabled instance creates it's own algorithm/feed/ranking based purely on all other metrics, because as far as the data is concerned, it sees every post having 0 downvotes. It does not take into account external instances.

  • Lemmy AMA March 2025

    Jump

  • I can answer the first point.We've already tackled part of that problem with the Parallel Sending feature that can be enabled on instances with a tremendous amount of traffic. Currently the only instance that makes sense to enable that is LemmyWorld and the only reason is so servers in geographical far away can get more than 3-4 activities/second.

    With that feature, servers that eventually house and generate the biggest amounts of traffic will be able to successfully communicate all of those activities to everyone else who needs them.

    I predict a 10x increase is well in our grasp of easily accessible by all of our current systems. 1000x? That's a different story which I don't have the answers too.

  • Alright, so what is the current recommended way to share pictures on Lemmy?

    Jump

  • Lemmy is still saving thumbnails and (previously) sometimes the whole image! The majority of image issues have been cleared up in my opinion and it works very well. Nearly all of our hosts allow hotlinking as it's basically required for our use cases.

    Lemmy also knows when the image is another Lemmy instance (through "magic", or just cross posting). So if you upload once and then use that same link on all other posts then that would still be the same.

    The problem I think you have is your usecase also includes posting externally to Lemmy. & to some extent, you don't want those images tied to your Lemmy account. If my users post via my instance then they are welcome to also hotlink the images externally. This is only possible because Reddthat uses a CDN and caches the images as much as possible.

    Even if we didn't use a cdn there are plenty of VPS' and proxy software that we could use which would transparently function in the same way. You could even setup your own VPS, some image hosting software like https://chibisafe.moe/ or https://github.com/nokonoko/Uguu or https://github.com/hauxir/imgpush

    To sum up:

    • post once to Lemmy instance and then use that image everywhere
    • use a random image host that allows hotlinking to do the same
    • get your own VPS, setup an image upload and use that (and maybe get a domain too!)

    The 3rd option you can do completely anonymously via crypto.

  • Consolidation of electric vehicle communities on Lemmy?

    Jump

  • Having a list of all alternatives in the sidebar of alternative places to find people is my recommendation. Thus if people wish to keep a backup community on Reddthat I'm sure to let them.

  • Lemmy Development Update 2024-09-20

    Jump

  • This is sso support as the client. So you could use any backend that supports the oauth backend (I assume, didn't look at it yet).

    So you could use a forgejo instance, immediately making your git hosting instance a social platform, if you wanted.Or use something as self hostable like hydra.

    Or you can use the social platforms that already exist such as Google or Microsoft. Allowing faster onboarding to joining the fediverse. While allowing the issues that come with user creation to be passed onto a bigger player who already does verification. All of these features are up for your instance to decide on.The best part, if you don't agree with what your instance decides on, you can migrate to one that has a policy that coincides with your values.

    Hope that gives you an idea behind why this feature is warranted.

  • PSA: Alternatives for the most popular lemmy.ml communities

    Jump

  • PSA: Alternatives for the most popular lemmy.ml communities

    Jump

  • 2nd best reporting in.

  • Featured

    Welcome to !selfhosted@lemmy.world - What do you selfhost?

    Jump

  • What a hero!