Skip Navigation

PhilipTheBucket

@ PhilipTheBucket @ponder.cat

Posts

58
Comments

564
Joined

1 yr. ago

5mo ago

YSK: If you set up a Lemmy instance, and follow the Docker setup instructions to the letter, it will send lemmy.ml your admin password during the setup process (Edit: Not anymore, it’s fixed now)
Jump
PhilipTheBucket @ponder.cat 5mo ago
https://github.com/LemmyNet/lemmy-docs/blob/main/assets/docker-compose.yml

5mo ago

YSK: If you set up a Lemmy instance, and follow the Docker setup instructions to the letter, it will send lemmy.ml your admin password during the setup process (Edit: Not anymore, it’s fixed now)

Jump

PhilipTheBucket @ponder.cat 5mo ago

Yeah, don't they realize they could have just spent that time productively by making a pull request, instead?

5mo ago

YSK: If you set up a Lemmy instance, and follow the Docker setup instructions to the letter, it will send lemmy.ml your admin password during the setup process (Edit: Not anymore, it’s fixed now)

Jump

PhilipTheBucket @ponder.cat 5mo ago

The relevant repo is:

https://github.com/LemmyNet/lemmy-docs

If you wanted to submit a PR, I think that would be a good idea. I've posted the patch elsewhere in the comments.

5mo ago

YSK: If you set up a Lemmy instance, and follow the Docker setup instructions to the letter, it will send lemmy.ml your admin password during the setup process (Edit: Not anymore, it’s fixed now)

Jump

PhilipTheBucket @ponder.cat 5mo ago

    
--- a/docker-compose.yml	2025-07-12 00:17:33.050443300 +0000
+++ b/docker-compose.yml	2025-07-12 00:18:21.038972526 +0000
@@ -37,7 +37,7 @@
     image: dessalines/lemmy-ui:0.19.12
     environment:
       - LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy:8536
-      - LEMMY_UI_LEMMY_EXTERNAL_HOST=lemmy.ml
+      - LEMMY_UI_LEMMY_EXTERNAL_HOST={{ domain }}
       - LEMMY_UI_HTTPS=true
     volumes:
       - ./volumes/lemmy-ui/extra_themes:/app/extra_themes

Edit: From https://github.com/LemmyNet/lemmy-docs/tree/main/assets

5mo ago

YSK: If you set up a Lemmy instance, and follow the Docker setup instructions to the letter, it will send lemmy.ml your admin password during the setup process (Edit: Not anymore, it’s fixed now)

Jump

PhilipTheBucket @ponder.cat 5mo ago

    
--- a/docker-compose.yml	2025-07-12 00:17:33.050443300 +0000
+++ b/docker-compose.yml	2025-07-12 00:18:21.038972526 +0000
@@ -37,7 +37,7 @@
     image: dessalines/lemmy-ui:0.19.12
     environment:
       - LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy:8536
-      - LEMMY_UI_LEMMY_EXTERNAL_HOST=lemmy.ml
+      - LEMMY_UI_LEMMY_EXTERNAL_HOST={{ domain }}
       - LEMMY_UI_HTTPS=true
     volumes:
       - ./volumes/lemmy-ui/extra_themes:/app/extra_themes

Edit: Just to be clear, this applies to https://github.com/LemmyNet/lemmy-docs/tree/main/assets which is linked to from https://join-lemmy.org/docs/administration/install_docker.html

5mo ago

YSK: If you set up a Lemmy instance, and follow the Docker setup instructions to the letter, it will send lemmy.ml your admin password during the setup process (Edit: Not anymore, it’s fixed now)

Jump

PhilipTheBucket @ponder.cat 5mo ago

I am not typing here in the hopes that they will fix it. I am typing here to communicate to other users what's up with it. Whether or not to fix it is up to them. You're welcome to your opinion.

5mo ago

YSK: If you set up a Lemmy instance, and follow the Docker setup instructions to the letter, it will send lemmy.ml your admin password during the setup process (Edit: Not anymore, it’s fixed now)

Jump

PhilipTheBucket @ponder.cat 5mo ago

I think it would be very rare that people would put two and two together to realize that their password had been "stolen" by this event. Like I say, I have no real idea even if it is being stolen, just that it would be trivial for .ml to decide that they wanted to start keeping a little cache of everyone's admin email addresses and passwords.

Like someone else said, if it was anyplace other than lemmy.ml, I wouldn't give it a second thought, it would just be "whoa you gotta fix this." I sort of agree with you that there's not even really any strong indication that there's anything all that bad they could do with it. It's only because lemmy.ml moderation actions already have such a pattern of authoritarian dishonesty that I get to any degree paranoid or alarmed about it.

5mo ago

YSK: If you set up a Lemmy instance, and follow the Docker setup instructions to the letter, it will send lemmy.ml your admin password during the setup process (Edit: Not anymore, it’s fixed now)

Jump

PhilipTheBucket @ponder.cat 5mo ago

Within the last hour, dessalines has posted three things about communism that are longer than the fix for this issue.

Edit: Everyone's got the right to do whatever they want to do. I'm not trying to accuse anyone of not spending enough time making software for me, just because occasionally they might want to do some other things with their life. The thing I'm trying to emphasize with this is how short the fix is. It's seconds. It's not one of those "but you have to recompile, what about this other branch" or anything like that. It's literally a fairly critical security fix with 100% of the fix in a one-line change to a documentation file.

5mo ago

YSK: If you set up a Lemmy instance, and follow the Docker setup instructions to the letter, it will send lemmy.ml your admin password during the setup process (Edit: Not anymore, it’s fixed now)

Jump

PhilipTheBucket @ponder.cat 5mo ago

Did you use a different admin password when you did the new setup after fixing it? If not, I think you should change your admin password.

5mo ago

YSK: If you set up a Lemmy instance, and follow the Docker setup instructions to the letter, it will send lemmy.ml your admin password during the setup process (Edit: Not anymore, it’s fixed now)

Jump

PhilipTheBucket @ponder.cat 5mo ago

The longer I look at it the more suspicious I am of it, to be honest. I'm just kind of generally a paranoid and accusatory person, so take that into account, but... the files are pretty carefully set up. They have variable substitutions for everything, including a bunch of places where there's a template substitution to change a string around when setting cache keys so that it'll still work out-of-the-box right away, even in complex configurations like multiple domains on a single server. It all works out-of-the-box right away, they've clearly been attentive to making sure it's all set up right and keeps working cleanly as things have been evolving forward. Except for that one place.

5mo ago

YSK: If you set up a Lemmy instance, and follow the Docker setup instructions to the letter, it will send lemmy.ml your admin password during the setup process (Edit: Not anymore, it’s fixed now)

Jump

PhilipTheBucket @ponder.cat 5mo ago

I cannot imagine any responsible dev who would read this notification and say anything other than "Oh shit, yeah, that's really bad," and fix it on the spot before they continue with whatever they had visited Lemmy to do. Like I say, it's relevant that it takes literally seconds to grasp the issue and fix it.

I don't fully disagree with you, I get it, github issues is where issues with the software belong. I wasn't trying to be a jerk by suggesting that you do it. Anyone from these comments is welcome to. But, also, I am sort of curious about what their reaction will be. Finding out that kind of thing is interesting to me.

If they are actively uninterested in fixing it, however they get made aware of it, then that's really interesting.

5mo ago

YSK: If you set up a Lemmy instance, and follow the Docker setup instructions to the letter, it will send lemmy.ml your admin password during the setup process (Edit: Not anymore, it’s fixed now)

Jump

PhilipTheBucket @ponder.cat 5mo ago

It would literally take me longer to make the github issue than it would take them to fix it, by quite a big margin. You can make one for it, if you still feel super-strongly about it though.

5mo ago

YSK: If you set up a Lemmy instance, and follow the Docker setup instructions to the letter, it will send lemmy.ml your admin password during the setup process (Edit: Not anymore, it’s fixed now)

Jump

PhilipTheBucket @ponder.cat 5mo ago

I think it should be more public knowledge than just people who peruse the github issues. Also, it's so trivial to fix that it will save them some time if they don't have to close the issue after they spend literally 10-15 seconds fixing it.

5mo ago

Payment Processors Are Pushing AI Porn [based on real people] Off Its Biggest Platforms | 404 Media

Jump

PhilipTheBucket @ponder.cat 5mo ago

They might actually just care about the moral issues involved (or at least be worried enough about pushback to fake it).

They’re going to make a river of money regardless, and so maybe it’s not worth taking a reputational hit or risking some kind of legislation, just to preserve the 0.00000001% of their revenue stream that is deepfake porn based.

5mo ago

What's your favorite thing that anyone has done out of pure spite?

Jump

PhilipTheBucket @ponder.cat 5mo ago

Tito smoking Cuban cigars in the White House while sitting down with Nixon is also hilarious.

Nixon told him, “Mr. President, we don’t smoke in the White House.”

Tito laughed and said, “Lucky you!” and finished his cigar and no one attempted again to make him stop.

5mo ago

Internet extremists want to make all AI chatbots as hateful as Grok just was

Jump

PhilipTheBucket @ponder.cat 5mo ago

Grok responded to X users’ questions about public figures by generating foul and violent rape fantasies, including one targeting progressive activist and policy analyst Will Stancil. (Stancil has indicated he may sue X.)

When you fine-tune a coding AI on code that has deliberate flaws in it, and then switch it back to having conversations in English, it starts praising Hitler and constructing other deliberately hateful content. It wouldn’t surprise me if fine-tuning Grok to be Nazi also led it to “generalize” some additional things that weren’t intended by the operators.

5mo ago

What are your favorites? How do you like them?

Jump

PhilipTheBucket @ponder.cat 5mo ago

All of you in this thread are fucking psychopaths

Kalamata olives and similar little food objects are fine, they are often delicious

Eating the rest of these unflavorful little saltpellets on purpose is a ridiculous thing though

5mo ago

The Mineral Mind

Jump

PhilipTheBucket @ponder.cat 5mo ago

Him who mountain crush him noHim who sun him stop him noHim who hammer him break him noHim who fire him fear him noHim who raise him head above him heartHim diamond

5mo ago

Anyone have the experience registering a domain name with false personal information?

Jump

PhilipTheBucket @ponder.cat 5mo ago

They definitely do check. I don't know how detailed the checks are or how major a crime it is to use someone else's info, but there are enough checks in place, you can't just type in Porky Pig or made-up nonsense or anything.

5mo ago

The Weathered Rover

Jump

PhilipTheBucket @ponder.cat 5mo ago

I wonder what that indicates about its data set and the general use of image gen

I think you know.

On a more serious note, it's interesting to put in pure nonsense as the prompt (just strings of syllables with no meaning), and see what it comes up with. It likes misshapen heads, which makes sense because it's trained on a lot of human features, but it also likes houses, fish, and hot air balloons quite a lot for some reason. The images are in my opinion a lot more interesting than a lot of what it comes up with if you give it words.