this post was submitted on 10 Nov 2024
84 points (98.8% liked)

Selfhosted

40347 readers
297 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

If you think this post would be better suited in a different community, please let me know.


Topics could include (this list is not intending to be exhaustive — if you think something is relevant, then please don't hesitate to share it):

  • Moderation
  • Handling of illegal content
  • Server structure (system requirements, configs, layouts, etc.)
  • Community transparency/communication
  • Server maintenance (updates, scaling, etc.)

Cross-posts

  1. https://sh.itjust.works/post/27913098
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 2 weeks ago (3 children)

Not all web traffic, just the images to check. With any decent bandwidth, it shouldn't be an issue for most. It also setup in such a way as to not cause a downtime if the checker goes down.

[–] Kalcifer 1 points 1 week ago (1 children)

With any decent bandwidth, it shouldn’t be an issue for most.

It's not only the bandwidth; I just fundamentally don't relish the idea of public traffic being directed to my local network.

[–] [email protected] 2 points 1 week ago (1 children)

You don't get public traffic redirected. It's not how it works

[–] Kalcifer 1 points 1 week ago* (last edited 1 week ago) (1 children)

Yeah, that was poor wording on my part — what I mean to say is that there would be unvetted data flowing into my local network and being processed on a local machine. It may be overparanoia, but that feels like a privacy risk.

[–] [email protected] 1 points 1 week ago (1 children)

I don't see how it's a privacy risk since you're not exposing your IP or anything. Likewise the images are already uploaded to your servers, so there's no extra privacy risk for the uploader.

[–] Kalcifer 1 points 1 week ago (1 children)

"Security risk" is probably a better term. That being said, a security risk can also infer a privacy risk.

[–] [email protected] 1 points 1 week ago (1 children)

Why would it be a security risk?

[–] Kalcifer 1 points 1 week ago (1 children)

For clarity, I'm not claiming that it would, with any degree of certainty, lead to incurred damage, but the ability to upload unvetted content carries some degree of risk. For there to be no risk, fedi-safety/pictrs-safety would have to be guaranteed to be absolutely 100% free of any possible exploit, as well as the underlying OS (and maybe even the underlying hardware), which seems like an impossible claim to make, but perhaps I'm missing something important.

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago) (1 children)

You mean an exploit payload embedded in an image, and pwning a system parsing that image through python PIL? While there's never a 100% chance of anything, you're more likely to be struck by lightning than this coming to pass and at that point you're at more security risk at using the internet altogether.

[–] Kalcifer 1 points 3 days ago (1 children)

I will preface by saying that I am not casting doubt on your claim, I'm simply curious: What is the rationale behind why it would be so unlikely for such an exploit to occur? What rationale causes you to be so confident?

[–] [email protected] 2 points 2 days ago

Image processing libraries are used at the forefront of almost all web services, including lemmy and are extraordinarily robust. I really don't have the time to go at this in depth, but if you are familiar with this stuff you will know how extraordinary such an exploit would be and its existence would be causing massive chaos all over the world.

[–] Kalcifer 1 points 1 week ago

Not all web traffic, just the images to check.

Ah, yeah, my bad this was a lack of clarity on my part; I meant all image traffic.

[–] Kalcifer 1 points 1 week ago (1 children)

It also setup in such a way as to not cause a downtime if the checker goes down.

Oh? Would the fallback be that it simply doesn't do a check? Or perhaps it could disable image uploads if the checker is down? Something else? Presumably, this would be configurable.

[–] [email protected] 2 points 1 week ago

It stops doing checks. Iirc you can configure it yes