The “responsibility” part of responsible disclosure goes both ways

It absolutely does, it also means following up, not “They didn’t reply in a week so instead of trying other ways to contact them, I’m just going to post about it”. They didn’t even try to open an issue because they “don’t use github” all while coming here talking about how bad the vulnerability is.

It’s poor (lack of) judgement on OP’s part.

Typical reasonable disclosure is in terms months usually, not “nearly a week”. OP is being irresponsible at best by posting this before giving time to the developers to see, and act on it.

Thank you, I was going to write one up tonight for it. You emailed security @ correct? https://github.com/LemmyNet/lemmy/security/policy

OP doesn’t seem interested in that. They state they “sent a vulnerability a week ago” and didn’t hear back so they are being completely irresponsible and posting about it publicly on a community instead.

If you find a way to disclose vulnerabilities without being ghosted by Lemmy developers: update me.

How have you been “ghosted by Lemmy developers” especially if you “do not use GitHub”

lemmy.world is probably overloaded.

On my instance, everything from them floods through all at once, filling my first couple of pages with hours or even days worth of stuff, then I’ll get nothing from them for a while again.

I mean, maybe it’s because I’m not overly paranoid or live in the US, but this doesn’t seem like a big deal at all.

As for the “drama” of them telling someone they can unfollow, it’s true. It’s again, not a big deal.

This screams people trying to make a mountain out of a molehill.

Do we know the domains they are going to use for federation yet?

My favorite part is when it finally becomes somewhat less overloaded, and my instance gets flooded with a bunch of posts from there filling the entirety of my front page, and the second page…

Thank you I’ll look into it.

That’s great news! Hopefully it releases soonish.

l.dustybeer.com

I’m the only one here.

Not only annoyingly slow, but I tend to get a massive influx of posts from one community all at once. It fills my entire page with that single community. It’s been my biggest annoyance so far.

I just wanted to say thank you for this, hopefully it helps to clean up the clutter from this community.

Do reports come across from my instance to yours? I attempted to create an account on Beehaw, but apparently didn’t answers the questions properly because they denied me.

At this point, I’m begging users and the mods. Use the correct communities. This is /c/Technology, not /c/LatestRedditDrama

This community is over-run by this drama, which has multiple communities dedicated to whatever the latest crap reddit is pulling. Please use one of those instead.

The vast majority of people that watch youtube, are most likely not using an ad block and won’t be affected by this at all. Just like the vast majority of reddit users use the official app, and the vast majority of people on twitter stayed.

It will take a lot more than this to make something else the next big thing. Just like lemmy is nowhere near as popular as reddit, mastadon is nowhere near as popular as twitter. Yes those of us technical enough or that care enough will use an ad block or similar, but we are in the minority, and always will be.

For me it’s fantasy. Stuff like Dungeon Crawler Carl, Joe Abercrombe or R A Salvatore etc… If you have a suggestion for an active community that’s not on discord I’d love to hear it.

I personally despise yotuube shorts. I use rules in my ublock origin to block them so I don’t see them on my youtube page.

I’m using a cloudflare tunnel for it. I also have crowdsec installed, only allow ssh keys and only from my IP (I have a static from my ISP), and no ports open other than the ones needed.