Welcome to our virtual third place, The Café.
Come on in and make a new human connection over a cup of coffee (or Teh Tarik). This is a casual community, do whatever you want, share your oyen pics, your frustrations, and even organize a weekend picnic with the community. The world is your oyster.
Rules are simple, be kind and civil with each other. As with any other café, rude patrons will be kicked out.
Downloaded a mobile version and now it sits next to my Reddit.
Also tried Threads. Immediately got a bunch of Muslim accounts on For You. I don't follow any on Instagram neither am I Muslim.
Will wait till my feed stabilizes back to my usual diet of left wing shitposts and music memes.
You are lucky. I got half naked thirsty bros
I wanna share my latest poem I made 2 weeks ago
I eat myself full of dirt
Of the Dirt I thought I conquered
The dirt I thought I won over but in truth
It was nothing but an obvious case of denial and an overinflated ego
It is dirt borne of half baked resolve and clown juice
When will I learn to take things seriously
When will this dirt be the true works of my labour
Here I lay, reigning over these piles of dirt I've convinced myself I have
My magnum opus, the greatest king of all
My king of dirt
Shiet, sad that i have to work, reading the saucy stuff of lemmyworld hack is entertaining and educational.
Anyone got saucy summary?
Did not expect my post to promote the Kdrama community to provoke anti-Lemmy posts, but this is Mastodon 🤣
Keep promoting anyway. The more the merrier I say, any engagement is a good engagement when we're this small.
looks like today's theme for me is search engines, already found:
you might like marginalia search as well!
hi, welcome to our humble community.
just curious, how did you find my post? was it through the lemmy search engine?
i found this community on browse.feddit.de and just happened to see this post c:
welcome to all contents being federated everywhere!! :D
I'm still contemplating whether to buy a yukata for bon odori. But I don't think I will wear it much 😞
I saw a bunch of really nice ones in JJJ! If you're not against thrifting, do consider it!
What's JJJ? Sorry I never heard of that before 😂
Jalan jalan japan
Thanks, let me check it out after work... Assuming I don't K.O.
how much for one set? o.o
I found one on shopee for 50+, but only one colour choice. I like the design tho. Most yukatas on shopee Lazada average about RM70 from what I see
Shit, lemmy world got hacked, click on that Israel will lead you to explicit picture of a bunch of naked old man sucking each other, and also pop's up lead to porn site.
Avoid at all cost.
this is bad. rumour has it this is due to an admin's json web token being leaked.
so I would advise all admins here not to log into 3rd party web apps (mobile apps should be okay) with their admin accounts, as the web apps usually proxy your requests (hence, they have your token), and they proxy not due to nefarious purposes, but due to some problem with cors (in other words, being forced to proxy your request isn't really their fault, and once the cors problem is fixed in the lemmy backend, they can stop doing that).
Thanks Zen, you're a lifesaver. Brb pressing the emergency button
is it the lemon party picture?...........feels old.
welcome to pre-rickroll internet.
Ahh, that's what it called, no wonder it's somehow familiar.
now I'm hearing that the hack is being spread through direct messages as well.
as this seems to be a javascript hack, all admins logged on through any web ui (even the official one) are advised to not open dm's from unknown users.
as mobile apps differ from browsers, and shouldn't execute javascript directly, they should be less affected, but please take caution anyway for the time being.
edit: it seems lemmy.blahaj.zone has been hacked too. the malicious javascript has been detected in custom emojis and community description sidebars, so admins must watch out for new users who signup and immediately start posting custom emojis or opening new communities.
Merely open the dm? Or do we have to click the link for it to happen?
I think it is better to not open it at all (at least in the web browser, mobile apps seem to be okay, but nothing is really certain atm), as the malicious javascript seem to be connected to custom emojis and community descriptions in the sidebar (see my latest edit), so no clicking required.
damn, i feel like we can check off one success criteria: suddenly so attractive for hacks.
Alright, got it. Thanks!
https://github.com/LemmyNet/lemmy-ui/issues/1895 has more information on mitigations, which may not be necessary if no custom emojis were added.
it also has something for invalidating all json web tokens by changing the signing key (all users will need to re-login after doing that), which may be necessary depending on whether the tech team believes any of them (especially any of the admin's) have been compromised (there is currently no expiry date on the tokens).
Thanks, i'm giving it a read but i'm not coding literate so may need some time to parse 😂
In "Aladdin" (1992), Jaafar has a great nugget of wisdom:
"You've heard of the Golden Rule, haven't you? Whoever has the gold, makes the rules."
He also has a misogynistic but witty quote: