Remember sites like stumble-upon? I want the Internet that enabled THAT back.

I still see it.

Fair point. I know that I don’t have the answers. I do think that admin actions need to be more stringently scrutinized. Maybe something like a “sudo” model where your a normal acct 99% of the time and admin actions require a temporary elevation.

It’s a checkbox in the setting for your account. You should be able to change it.

To be clear I’m not talking about separate mod accounts. I’m talking just admin.

I mean. You could still be a normal user and have a separate admin account.

I get your point. But it’s a huge risk.

I still wouldn’t use the admin account as my daily driver. Leave it open in another browser/private tab specifically to perform admin actions (as noted) but not for browsing/posting/community modding. I understand how that’s a pain but given how early days we are with this platform and the high probability of more issues surfacing, it’s a necessary pain.

I’d really like to see the devs add some tools to mitigate future risk and further protect admin accounts. The least of which being that admin actions require stronger validation than a browser side cookie, and frequent re-validation to perform admin actions.

Agreed. I’m pointing it out in hopes that becomes one of the takeaways of this incident.

(Unrelated, why are you marked at a bot account?)

I don’t pretend to know the demographics of lemmy server admins, but my gut says it’s predominantly hobbyists and devops types, rather than grizzled system admins.

It seems to me that the scope of this could have been mitigated with a simple privilege separation policy for admin server accounts but I see a lot of (what looks like) server admins using that account as their daily driver.

Also, lemmy-ui should post a security advisory to their github.