Are there any paid services for either Lemmy or Mastodon? Something where, given it is a subscription service, you would expect them to stick around long-term?

you are viewing a single comment's thread
view the rest of the comments

[–] skadden@ctrlaltelite.xyz 1 points 1 year ago (1 children)

Exactly. I went one step further and decided not to use my admin account as my main. I don't run around as root on servers so I try not to do that with apps. It's easier with Lemmy because once it's set up all the admin tasks hit my email.

I also wanted to avoid that vulnerability that hit Lemmy World a few weeks ago that was only possible because the server admin got their jwt stolen, which wouldn't have been so impactful if they weren't on the admin account.

[–] daq@lemmy.daqfx.com 0 points 1 year ago (1 children)

I didn't read the story about how exactly he lost the jwt, but is it still as big of an issue since 2fa was introduced?

I guess existing jwt hashes will bypass 2fa, but I'm not super worried since my instance has 3 users.

[–] skadden@ctrlaltelite.xyz 1 points 1 year ago

2fa was in at the time. IIRC the jwt was granted after 2fa so it didn't matter.

You've got a point though, small instances aren't gonna be nearly as useful as a giant one to threat actors. Assuming you don't give them a reason to go after you specifically they wouldn't have a reason to target such a tiny server.

Still though, I don't need that shiny A next to my name so I'm good with how I have it set up.