If you think this post would be better suited in a different community, please let me know.


Topics could include (this list is not intending to be exhaustive — if you think something is relevant, then please don’t hesitate to share it):

  • Moderation
  • Handling of illegal content
  • Server structure (system requirements, configs, layouts, etc.)
  • Community transparency/communication
  • Server maintenance (updates, scaling, etc.)

Cross-posts
  1. https://sh.itjust.works/post/27913098
    • Kalcifer@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 month ago

      Yeah, that was poor wording on my part — what I mean to say is that there would be unvetted data flowing into my local network and being processed on a local machine. It may be overparanoia, but that feels like a privacy risk.

      • db0@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        I don’t see how it’s a privacy risk since you’re not exposing your IP or anything. Likewise the images are already uploaded to your servers, so there’s no extra privacy risk for the uploader.

        • Kalcifer@sh.itjust.worksOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          “Security risk” is probably a better term. That being said, a security risk can also infer a privacy risk.

            • Kalcifer@sh.itjust.worksOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 month ago

              For clarity, I’m not claiming that it would, with any degree of certainty, lead to incurred damage, but the ability to upload unvetted content carries some degree of risk. For there to be no risk, fedi-safety/pictrs-safety would have to be guaranteed to be absolutely 100% free of any possible exploit, as well as the underlying OS (and maybe even the underlying hardware), which seems like an impossible claim to make, but perhaps I’m missing something important.

              • db0@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                1 month ago

                You mean an exploit payload embedded in an image, and pwning a system parsing that image through python PIL? While there’s never a 100% chance of anything, you’re more likely to be struck by lightning than this coming to pass and at that point you’re at more security risk at using the internet altogether.

                • Kalcifer@sh.itjust.worksOP
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  27 days ago

                  I will preface by saying that I am not casting doubt on your claim, I’m simply curious: What is the rationale behind why it would be so unlikely for such an exploit to occur? What rationale causes you to be so confident?

                  • db0@lemmy.dbzer0.com
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    27 days ago

                    Image processing libraries are used at the forefront of almost all web services, including lemmy and are extraordinarily robust. I really don’t have the time to go at this in depth, but if you are familiar with this stuff you will know how extraordinary such an exploit would be and its existence would be causing massive chaos all over the world.