If you've got a minute, give https://try.manyfold.app/ a go, I want to see how often it crashes due to resource limits on the very very small node I'm running it on.
@Floppy yeah, I mostly ignore those in favour of git[hub|lab] and @MCQN_Ltd's self-hosted #Gitlab instance too 😀
I guess I'm staying that version control and issue trackers are an integral part of my workflow. Maybe that just means that easy integration to @manyfold from a collection of git repos so that it could be a read-only sharing front is how I might use it?
Setup backups for my #GitLab instance this evening. I also fixed an issue I had with my #Healthchecks instance and its upgrade to 3.x. And finally I updated my #Plex to #Mastodon script so it strips anything which isn't 'a-zA-Z0-9' from the title tag.
J'ai été victime d'un piratage de mon instance GItlab. J'ai l'impression que la personne a utilisé la vulnérabilité CVE-2023-7028 pour changer le mot de passe du compte admin de l'instance (j'étais en version 16.3.6). D'après les logs, il s'est pas connecté ensuite. L'attaque provient de 3.142.114.26 et whois me dit que c'est Amazonaws. Mais je vois pas d'email d'abuse? Est-ce qu'il y a une procédure de signalement? #sysadmin#gitlab
Hm. It seems I cannot create a hierarchy of teams and projects in #forgejo the way I can in #gitlab. In the forgejo/gitea world you have organisations and teams. But you cannot have teams under teams. Which is a bit limiting, IMHO. Or am I missing something?
VulnCheck wrote about 7777-Botnet with the following information:
7777-Botnet remains active, and VulnCheck used co-located services to theorize the botnet is infecting TP-Link, Xiongmai, and Hikvision devices using CVE-2017-7577, CVE-2018-10088, CVE-2022-45460, CVE-2021-36260, and/or CVE-2022-24355.
The botnet also appears to infect other systems like MVPower, Zyxel NAS, and GitLab, although at a very low volume.
The botnet doesn’t just start a service on port 7777. It also spins up a SOCKS5 server on port 11228.
Sounds like it can replace/augment those with experience levels #lmgt4y#StackOverflow#StackExchange
But actual specialists? Have -1 incentive now to write down their experience. 📉trends ensue.
I'm moving away from #gitlab on my #homelab. It's not that I don't like it, I do. A lot. But it's way too much for my humble needs, so I moved all my local repos to #forgejo with #woodpecker for CI/CD.
I just finished the pipeline that builds and publishes my blog and it's working nicely.
So, in case anyone still thinks that patching and security in general is not so important nowadays: Found already several tries of exploiting the recent critical CVE-2023-7028 vulnerability in the logs of my GitLab instance although it was only published a few days ago.
Conclusion:
✅ Install security updates literally ASAP.
✅ Turn on mandatory 2FA for all users.