I will preface by saying that I am not casting doubt on your claim, I'm simply curious: What is the rationale behind why it would be so unlikely for such an exploit to occur? What rationale causes you to be so confident?
Kalcifer
Looks like a Fractal Node 304?
Yep! I've found that the case is possibly a little too cramped for my liking — I'm not overly fond of the placement of the drive bay hangars — but overall it's been alright. It's definitely a nice form factor.
It wasn't a deliberate choice. It was simply hardware that I already had available at the time. I have had no performance issues of note as a result of the hardware's age, so I've seen no reason to upgrade it just yet.
Main Server
Services
- Jellyfin
- FreshRSS
- Borg
- Immich
- Nextcloud AIO
- RSS-Bridge
Hardware
- CPU: Intel Core i5-4460
- GPU: Nvidia GeForce GTX 760
- Memory: Kingston KHX1600C10D3/8G (8GB DDR3-1600)
- Motherboard: ASUS H81I-PLUS
OS
- Ubuntu 22.04.5 LTS
Reverse Proxy
Services
- Caddy
Hardware
- Rasbperry Pi 4 Model B Rev 1.5 (2GB)
OS
- Debian 12
Router
Hardware
- TP-Link Archer C7 AC1750
OS
- OpenWRT 23.05.5
For clarity, I'm not claiming that it would, with any degree of certainty, lead to incurred damage, but the ability to upload unvetted content carries some degree of risk. For there to be no risk, fedi-safety/pictrs-safety would have to be guaranteed to be absolutely 100% free of any possible exploit, as well as the underlying OS (and maybe even the underlying hardware), which seems like an impossible claim to make, but perhaps I'm missing something important.
"Security risk" is probably a better term. That being said, a security risk can also infer a privacy risk.
Yeah, that was poor wording on my part — what I mean to say is that there would be unvetted data flowing into my local network and being processed on a local machine. It may be overparanoia, but that feels like a privacy risk.
You're referring to using only fedi-safety instead of pictrs-safety, as was mentioned in §"For other fediverse software admins", here, right?
One thing you’ll learn quickly is that Lemmy is version 0 for a reason.
Fair warning 😆
One problem with a big list is that different instances have different ideas over what is acceptable.
Yeah, that would be where being able to choose from any number of lists, or to freely create one comes in handy.
create from it each day or so yo run on the images since it was last destroyed.
Unfortunately, for this usecase, the GPU needs to be accessible in real time; there is a 10 second window when an image is posted for it to be processed [1].
References
- "I just developed and deployed the first real-time protection for lemmy against CSAM!". @db0@lemmy.dbzer0.com. !div0@lemmy.dbzer0.com. Divisions by zero. Published: 2023-09-20T08:38:09Z. Accessed: 2024-11-12T01:28Z. https://lemmy.dbzer0.com/post/4500908.
- §"For lemmy admins:"
[...]
- fedi-safety must run on a system with GPU. The reason for this is that lemmy provides just a 10-seconds grace period for each upload before it times out the upload regardless of the results. [1]
[...]
- §"For lemmy admins:"
Imo, this is your answer. I'm not sure exactly what other solution you want. Content will not appear on Lemmy without someone first posting it. Advertising the platform to help draw people in is also important.