Post AW82Clq3ZG2UUGWAbY by p@freespeechextremist.com
(DIR) More posts by p@freespeechextremist.com
(DIR) Post #AW6wew5QGZDlUmnBei by p@freespeechextremist.com
2023-05-28T10:35:34.275302Z
73 likes, 39 repeats
:hacker_f::hacker_s::hacker_e::hackerman: And the Case of the Missing Auth Token :hackerman2:I'm late to this party and did not make any kind of writeup (aside from arguing in a thread) because I am on an impromptu trip to visit my grandfather in the hospital, whose kidneys seem to have shut down. But I should probably say a few things about this and how it relates to FSE. If you are unfamiliar, an admin token for graf was exfiltrated through a malicious embed. There has been a confirmed pair of bugs in Pleroma's embedding code for the "rich media" (Twitter cards, link previews) and a fix is on the way. There is also a mitigation: just disable rich media, and ensure you have proper CSP set up for both /media and the /proxy endpoint unless you have disabled media proxying. FSE was never vulnerable to this bug, which will be explained below.What was leaked were a large number of chats, and then media associated with them. The chats were called "DMs" in the alogs.space thread. The same thing happened to bae.st, probably an opportunistic token grab through the media proxy. The same code worked for both because of this line:> JSON.parse(localStorage.getItem('localforage/vuex-lz'));(I don't know how likely it is that this happens or is practical, but future problems could be mitigated by making instance-specific names for the key in the local storage.)Eventually, the script gets around to exfiltrating the token by sending it to mostr.fedirelay.xyz. The script appeared on Poast on the 20th (concurrent with the mass-spamming, which may or may not be a :whiterose: coincidence :phillippricerevenge:), and the dump hit alogs.space on the 25th. The naming conventions and the presentation of the dump make it look like, once the token was grabbed, the same tool that was used to extract the chudbuds.lol dump was used for this one. The chudbuds.lol vector was different (admin's desktop was compromised) and it was a much bigger breach; this was just the admin token for the web interface rather than login credentials for a shell on the server, etc. It may be worth noting, the chudbuds.lol thread mentioned graf/Gleason a few times near the top, and there have been some minor (very recent) attempts at a DDoS of poa.st and poast.tv. Timing for the chudbuds.lol leak seemed much tighter and better coordinated, but this was a little sloppier (a DDoS of Poast starting when the dump landed on alogs.space would have been an obvious thing to do as a distraction; they coordinated the chudbuds.lol dump with the beginning or one of the admin's Twitch streams, and tossed a couple of kids in to spam the chat).Since admins can see chats, they were able to extract all of the chats. It might have been possible to exfiltrate almost anything. Poast uses in-DB config, so compromising an admin's account means you can alter instance-blocks, etc.FSE is immune for a few reasons::elliot: FSE does not use the media proxy feature.:theo: CSP settings on /media are paranoid.:bwksmug: FSE does not use the rich media feature.:venomsnake: FSE has no admin accounts, so my account has no special permissions.:terryno: FSE's aggressive rate-limiting makes attempts at any mass-dump more time-consuming.:tyrellmanic: I cannot die, nor can I ever be killed.(We can go ahead and start the timer on the next ImageMagick exploit that punches a hole in the server: the last one was a big one. Incidentally, the last big one was really big: https://imagetragick.com/ . FSE also does not mangle your uploads, so when the next one hits, we'll be immune to that, also.)Here's a test I did some time in 2020, if timestamps are to be believed: https://freespeechextremist.com/media/3ead00eb-ae12-4737-adc8-2c92d5e86a4f/test.html . That link is safe, the JS doesn't execute (and is innocuous anyway).Finally, I would like to tap the sign again. Do not trust admins: any of them could be malicious. An admin that is not malicious might be incompetent. An admin that is competent can still screw up. An admin that doesn't screw up can still install software that has a bug in it, get their servers seized by the gubbamint, any number of external forces could conspire to fuck it all up. A million things can go wrong and the second a piece of data leaves your computer, you no longer control it. Don't let it leave your computer if it would be a disaster for you to lose control of it.:lain: Here's lain talking about the fix: https://lain.com/objects/02a7a6ad-2514-4055-a1d4-a774bc3f5ea4:teamup: Here's graf's announcement: https://poa.st/objects/23a2d8aa-c72d-488d-b9dd-21d3f3b05521And, aside from sending annoying guys on Poast their own dick pics in lieu of a retort, this is the impact of the hack:nothing.gif
(DIR) Post #AW6xwEeUaoH5x90bpY by sevvie@collapse.pub
2023-05-28T10:49:51.019274Z
5 likes, 0 repeats
@p I find the baest leak bundled in with the rest to be really tasteless. It's one thing to have a problem with graf, it's another to address that problem by attacking sjw.
(DIR) Post #AW70wkwkp20byWUTmS by Humpleupagus@eveningzoo.club
2023-05-28T11:23:35.259790Z
16 likes, 6 repeats
The best security is to have nothing to secure. Be a ghost. Don't say anything in your DMs you wouldn't say publicly. Use a burner email.
(DIR) Post #AW71uGrhnEVI3QVYDA by Eiregoat@nicecrew.digital
2023-05-28T11:34:21.784161Z
1 likes, 0 repeats
> Don't say anything in your DMs you wouldn't say publiclyWouldn't you get in trouble for showing your eggplant to ladies in public 🤔Oh right elephant! You guys get away with everything.
(DIR) Post #AW72j8eI6JpDLAUNBg by Zergling_man@birds.garden
2023-05-28T11:43:32.038216Z
2 likes, 1 repeats
@roboneko @sjw @Humpleupagus I have no fucking idea what thread this is meant to be. You bitch but I can't even see what you're replying to, and I don't remember being in a thread with hump and sjw recently.
(DIR) Post #AW72qG2J284MHM7HLU by Humpleupagus@eveningzoo.club
2023-05-28T11:44:50.087466Z
3 likes, 0 repeats
Women come to the Zoo just to see it. 👀
(DIR) Post #AW73KorW7EPmyedv7Y by dcc@annihilation.social
2023-05-28T11:50:15.335083Z
1 likes, 0 repeats
@p i really should turn off in db config lol
(DIR) Post #AW74T5BJQOVZrTPEjw by sevvie@collapse.pub
2023-05-28T12:03:01.124293Z
5 likes, 0 repeats
@roboneko @p There's been extra paranoia recently; reports of feds and general bad-actors have had admins on alert. Plus, not everyone uses media proxy, or rich media links, or allows javascript files to be executable in the uploads folder -- there's a ton of variation in how pleroma instances are set up.There's an old meme, "every pleroma is a fork of pleroma" or something to that effect, that played into our favour.
(DIR) Post #AW7Q9avdsT1jWXBmaG by r000t@ligma.pro
2023-05-28T16:06:02Z
7 likes, 2 repeats
@pWhen I grow up, I wanna be just like p.
(DIR) Post #AW7VS4mc7MvT6Bb91M by graf@poa.st
2023-05-28T17:05:22.947235Z
7 likes, 0 repeats
@sevvie @roboneko @p we use media proxy mostly to be good neighbors. you don't want 10,000 people online fetching a video file you post. especially not people using digital ocean or similar hosts where bandwidth is metered.
(DIR) Post #AW7WI3zqHtYdiXZibY by meowski@fluf.club
2023-05-28T17:14:47.763242Z
7 likes, 0 repeats
@p sorry to hear about your grandpa man
(DIR) Post #AW7WPAB3hnyCukCtAu by graf@poa.st
2023-05-28T17:16:04.260292Z
7 likes, 0 repeats
@p funny jpeg. none of us are really rattled by it. the biggest problem I have with all of this is I feel like I let users down. they have a certain expectation of me not only as an admin but when it comes to technical shit and security but there really wasn't much I could do using all of the features we do to prevent a vulnerability in the code. i am taking steps to limit surface area of any supplemental attacks and we have had poast audited
(DIR) Post #AW7Xu6oINH2FP0saIa by Hoss@shitpost.cloud
2023-05-28T17:32:52.149504Z
3 likes, 0 repeats
I never really understood why an instance owner would turn that on but I guess it makes sense if you're really big.
(DIR) Post #AW7Ysd0Pnk6Qd7PF68 by sevvie@collapse.pub
2023-05-28T17:43:47.635304Z
2 likes, 0 repeats
@graf @roboneko @p Oh I'm not throwing shade; I'm a tiny little half-the-time-registrations-closed server admin. Also, not everyone is as paranoid as me.
(DIR) Post #AW7a3pwo7lD9uLcx96 by Shadowbroker2135@poa.st
2023-05-28T17:57:03.608697Z
8 likes, 1 repeats
@p >Pictured: Alogs about to open the Poast vault.
(DIR) Post #AW7bTEOSTIbsv4EXS4 by p@freespeechextremist.com
2023-05-28T18:12:51.713555Z
4 likes, 0 repeats
@sevvie Yeah, seriously. But the whole idea of leaking is to hurt graf by violating the users' privacy, so not a surprise if they tossed on more collateral. I figure the bae.st dumps are probably just shitposting, I don't think there's gonna be a scandal that comes out of there.
(DIR) Post #AW7fdxw6OpnsscLPRQ by colonelj@freespeechextremist.com
2023-05-28T18:59:37.309419Z
4 likes, 0 repeats
@p was the solution proposed by alex and co even close to addressing the real issue that got poast hacked?
(DIR) Post #AW7frPjsLBZUsD2QAi by momo@mk.absturztau.be
2023-05-28T19:01:58.708Z
3 likes, 0 repeats
@Humpleupagus@eveningzoo.club Even better, use an email service that allows for aliasing (I think iCloud and Fastmail allow them), and use a different one for each site. If you start getting unsolicited email to an alias, you know that service has been compromised, perhaps sooner than the system administrators.And if a service doesn't let you use an alias? That tells you all that you need to know.
(DIR) Post #AW7gMihrryH2g41j1M by MisterRogersSnapped@seal.cafe
2023-05-28T19:07:42.242456Z
4 likes, 0 repeats
Chudbuds was extreme because they pwned poor Claire's personal ride. This is way more like the September 11, 2019 hack of KF, sort of embarrassing but not as big a deal as it looks like.I've driven my bait car through multiple shady fedi neighborhoods and all I got was this t shirt. Thanks for the info, Pistol Pete.
(DIR) Post #AW7tF61WamRA56urLM by enoch@pleroma.phorophyte.org
2023-05-28T21:31:57.947621Z
1 likes, 0 repeats
@p how would one go about hardening their own instance against this sort of shit? Haven't administered a fedi instance in a significant amount of time.
(DIR) Post #AW7vAHzwqMBVgF0wsK by fcktheworld587@social.linux.pizza
2023-05-28T21:53:30Z
3 likes, 0 repeats
@Humpleupagus @p I mean, w/ E2EE I won't say anything I'm not comfortable being public knowledge within a decade
(DIR) Post #AW7vdVdxBpFYOkeyA4 by p@freespeechextremist.com
2023-05-28T21:58:49.188827Z
3 likes, 0 repeats
@dcc Yeah, I never used it. ed/vi/acme/whatever are all way faster than the stupid web UI, I can search for stuff instead of trying to guess the submenu, I can comment out the previous value for something instead of trying to remember if I increased it or decreased it (and put notes in the comments), and it's code so I can type `32*1024*1024` instead of `33554432`. In-DB config is fine for people that like to click on stuff and don't use a text editor (or maybe big sites that want to give people admin access without giving them a shell), but if you can use a text editor, there's no reason to prefer in-DB config.
(DIR) Post #AW7yFtDqAkaiRHsHFQ by Humpleupagus@eveningzoo.club
2023-05-28T22:28:08.412203Z
4 likes, 0 repeats
1. I just assume that regardless of patching exploited vulnerabilities, breaches will occur again in the future. 2. The primary purpose of recent breaches seems to be for the purposes of data extraction and exposure, not direct destruction or manipulation of instances or the settings / database.3. GIven the structure of the fediverse, even if an instance goes down, users can easily pop back up on other instances. Thus, attacking instances for anything other than data extraction and exposure is like swatting flies that you can't kill.4. Therefore, be unassailable. It really defeats the entire purpose of the hacks. "Oh no, you got a DM of a stupid cat I sent to another user. BFD." 5. Nonethless, admins should of course secure their instances as best possible. I am not discounting that by stating 1 through 4.
(DIR) Post #AW82Clq3ZG2UUGWAbY by p@freespeechextremist.com
2023-05-28T23:12:25.356135Z
4 likes, 0 repeats
@r000t :youreprettygood:
(DIR) Post #AW83EWsCHPYSbcvCFs by Soy_Magnus@detroitriotcity.com
2023-05-28T23:23:55.181376Z
4 likes, 0 repeats
@Humpleupagus @p I've said before, the real technological revolution won't be figuring out how to keep everything private, but when people stop sharing data and using technology. The only way to keep it hidden is to never put it out there
(DIR) Post #AW84LFzzW4bKFiL5Tk by fcktheworld587@social.linux.pizza
2023-05-28T23:36:20Z
2 likes, 0 repeats
@Humpleupagus @p ohhhhh fedi DMs? Yeah, never say anything private
(DIR) Post #AW84dycOMSZNqjE8Nk by p@freespeechextremist.com
2023-05-28T23:39:44.969355Z
2 likes, 0 repeats
@graf @sevvie @roboneko Yeah, but I think it's more like people scrolling past it without looking at it, and a browser might not load the whole thing but the stupid media proxy does, then it's evicted from cache long before the next person scrolls past it without looking at it. I think it's worse than just putting in the image as-is.
(DIR) Post #AW85T9JeLZv1nRrTBw by graf@poa.st
2023-05-28T23:48:57.833577Z
3 likes, 0 repeats
@p @roboneko @sevvie ours has a very high retention but I will try to tweak it more. I think for most edge it's 7 days or longer. I will check the media subdomain configs shortly
(DIR) Post #AW85ZGgnqUdOP0boOm by p@freespeechextremist.com
2023-05-28T23:50:06.191730Z
6 likes, 1 repeats
@meowski Thanks, man. He's tougher than he got credit for, I guess. His creatinine levels were at 3.91 Wednesday; me mum was an RN and spent a few years as a dialysis nurse, she says she's never seen a person live long enough to go over 3.2. So they took him off the furosemide, like no point in kidney meds if you're gone any day, they started giving him morphine to stop him from screaming all night. Then, like...the levels started dropping, like his kidneys started back up, so it's at 3.6, then 3.2, and 2.7 today. He was conscious, he had half a milkshake. Thought I was coming to town for a funeral, not sure what the hell is going on now.
(DIR) Post #AW85hXEWDhpE1qJy2C by p@freespeechextremist.com
2023-05-28T23:51:35.846799Z
10 likes, 1 repeats
@graf Can't avoid screwups, can handle them properly. I think Poast handled it properly.
(DIR) Post #AW85j72WZsSdN1Slwe by meowski@fluf.club
2023-05-28T23:51:50.708098Z
2 likes, 0 repeats
@p ah wow, that is rough. hope he gets better.
(DIR) Post #AW85qtbcPOve1RabZ2 by Kirino@seal.cafe
2023-05-28T23:53:16.742232Z
1 likes, 0 repeats
u can't avoid dis beating im about to dish out loser
(DIR) Post #AW86PhKY2XWI5QCRYu by enoch@pleroma.phorophyte.org
2023-05-28T23:59:33.024038Z
1 likes, 0 repeats
@p @graf what did poa.st do differently?
(DIR) Post #AW87jfJtKCd7b2yg64 by p@freespeechextremist.com
2023-05-29T00:14:23.556189Z
1 likes, 0 repeats
@Hoss @graf @sevvie @roboneko I'll believe it when I see metrics on total size fetched, total size served, and percentage of re-fetches. My suspicion is that it's a net drag on bandwidth and doesn't accomplish that goal, but there's no internal accounting as far as I know; in either case, from my perspective, enabling media proxy is a superstition until there are numbers.
(DIR) Post #AW88MEqrfOhCnhnGwi by meticore@sneed.social
2023-05-29T00:21:19.322346Z
1 likes, 0 repeats
@Hoss @roboneko @sevvie @p @graf >I never really understood why an instance owner would turn that on, but I guess it makes sense if you're really big.Lots of people turned it on after graf made threats about grabbing people's IP from other instanceshttps://archive.ph/Nx1V9
(DIR) Post #AW88fFNXvmmjwC90Qy by Hoss@shitpost.cloud
2023-05-29T00:24:43.830319Z
2 likes, 0 repeats
Shitty, but also why everyone should have shields up at all times. I can only have so much sympathy for people rawdogging it on this corner of the Internet in currentyear+8.
(DIR) Post #AW892EFgHqCh6SQLVw by meticore@sneed.social
2023-05-29T00:28:54.385814Z
1 likes, 0 repeats
@Hoss @roboneko @sevvie @p @graf not just shitty, but glowniggertier, he does worse shit to his own users, tracks them offsite malicious cookies<2023-02-12T09:18:02.000Z> graf: justicereport.news/articles/2022/12/15/prolific-antifa-doxing-account-anonymous-comrade-collective-revealed-ex-journo-hilary-elizabeth-sargent-of-roslindale-ma/<2023-02-12T09:18:09.000Z> graf: I figured out exactly who she ws<2023-02-12T09:18:14.000Z> graf: she is STILL melting down about this to this day <2023-02-12T09:18:17.000Z> Kaspa: Omg your MOTHER????<2023-02-12T09:19:12.000Z> Kaspa: That was your work??? <2023-02-12T09:19:19.000Z> Kaspa: Fetal alcohol syndrome skank<2023-02-12T09:19:32.000Z> graf: not my *work* per se but I gave them the identifiers (ip, location, times) <2023-02-12T09:19:45.000Z> graf: this person had a very specific way of searching for shit which made it super easy to find her<2023-02-12T09:20:13.000Z> graf: so she moved to another instance -- freespeechextremist -- whos' admin im great friends with and we often work toghether on shit, like this -- which continued tracking her<2023-02-12T09:20:13.000Z> graf: lol<2023-02-12T09:20:51.000Z> graf: we planted a tracking cookie that recorded her steps after leaving poast until she came back to poast and she would frequently namesearch herself on twitter and come back to poast. it was really sad<2023-02-12T09:21:17.000Z> Kaspa: I saw it posted but took it with a big grain of salt at first because kike Enoch and all his groupie speds are retarded, and because I was so out of the loop with all that I didn't know if they were guestimating or had something behind the declaration<2023-02-12T09:21:32.000Z> Kaspa: HHAHAHAAHAHAHAH<2023-02-12T09:21:39.000Z> Kaspa: Did she really <2023-02-12T09:22:13.000Z> graf: yeah im confident in the findings enough when I am in the US in the summer I am going to file a lawsuit against her<2023-02-12T09:22:17.000Z> graf: dead serious <2023-02-12T09:25:53.000Z> graf: this is me they are referring to "Thanks to a tip submitted to us by a protected source in the IT industry, the Justice Report was able to track a verified Comcast IP address of Anoncommie to a physical location in Burlington, MA. The address—which was independently confirmed that it couldn’t be spoofed by a 3rd party VPN service—was tracked to a very specific two-mile radius around an area of North Boston that contained Hilary Sargent’s office park. "<2023-02-12T09:26:00.000Z> graf: we had been tracking her for a while and someone approached me about it
(DIR) Post #AW89Hs4YW7f4wqg9qK by Hoss@shitpost.cloud
2023-05-29T00:31:42.513526Z
1 likes, 0 repeats
Creepy, although I can't say I feel all that bad about the cunt who got got by that trick.
(DIR) Post #AW89P0RBoYOYv2fTUG by p@freespeechextremist.com
2023-05-29T00:33:04.137979Z
1 likes, 0 repeats
@colonelj I don't know what Gleason proposed, and I iron-domed him because that stopped the spamwave from landing here (and besides, Gleason claims to have done free work for a child-trafficking ring). The fix lain proposed seems to close the hole. If what Gleason has said is similar to what graf and lain said, then yes.
(DIR) Post #AW89TfuxXAvWj3opVo by meticore@sneed.social
2023-05-29T00:33:52.667474Z
1 likes, 0 repeats
@Hoss @roboneko @sevvie @p @graf if you read those messages, this is not the first time he's done this, considering how mad he gets at literally nothing, its fair to assume he's been tracking more people
(DIR) Post #AW89Uo8WSjMwVOheN6 by p@freespeechextremist.com
2023-05-29T00:34:07.049936Z
1 likes, 0 repeats
@MisterRogersSnapped :bigbosssalute:
(DIR) Post #AW8AJTXcnIm9OpbY4u by lunarised@whinge.town
2023-05-29T00:43:08.707477Z
2 likes, 0 repeats
@p fse really be looking like the fort Knox of fedi servers.
(DIR) Post #AW8BtcZ6owYzlY69hY by p@freespeechextremist.com
2023-05-29T01:01:00.695974Z
2 likes, 0 repeats
@enoch What I did with FSE is listed; that's what I'd recommend. It looks like there are a handful of other bugs and they all rely on CSP executing.Serving media from a different domain is probably a good plan as well.
(DIR) Post #AW8C6XszWtPL1AYqOm by ringo@talk-here.com
2023-05-29T01:03:16.775661Z
0 likes, 0 repeats
@p @meowski hope he's going to be okay, regardless.
(DIR) Post #AW8CdCepTeIajeVcxs by dcc@annihilation.social
2023-05-29T01:09:10.801194Z
1 likes, 0 repeats
@p i am the only person with that access (forever) and i dont like the button either kek, the real thing is mov-- (i just remembered you can transfer out the config :alex_lol: )
(DIR) Post #AW8F2ZUPvPh6hBrZz6 by Earmuffs@bae.st
2023-05-29T01:36:13.798286Z
3 likes, 0 repeats
@p @sevvie The only ones affected are those whose extremely unflattering dick picks got leaked, it's a nothing burger all in all thanks to god :0180: I'm sorry to hear about your grandpa P, I'll pray for him
(DIR) Post #AW8FKPGqeo0SDO1MO0 by dcc@annihilation.social
2023-05-29T01:39:25.407350Z
1 likes, 0 repeats
@p and its done :pepe_like:
(DIR) Post #AW8Fj5gcblioiNqXya by Earmuffs@bae.st
2023-05-29T01:43:54.889922Z
4 likes, 0 repeats
@meticore @roboneko @sevvie @p @graf @Hoss The same cunts that criticise graf for silly stuff like this are also the same that hate him merely because he exists without recognising any of the good things he has done for fediIn fact I'm pretty sure I saw you on bird site cheering when the leaks got posted, so go fuck yourself and get a life, because this ain't it
(DIR) Post #AW8FvZsQBf3dp7JtpI by meticore@sneed.social
2023-05-29T01:46:08.698674Z
0 likes, 0 repeats
@Earmuffs @roboneko @sevvie @p @graf @Hoss >The same cunts that criticise graf for silly stuff like this are also the same that hate him merely because he exists without recognising any of the good things he has done for fedi>silly stuffokay dude<2023-02-12T09:20:51.000Z> graf: we planted a tracking cookie that recorded her steps after leaving poast until she came back to poast and she would frequently namesearch herself on twitter and come back to poast. it was really sad>In fact I'm pretty sure I saw you on bird site cheering when the leaks got posted, so go fuck yourself and get a life, because this ain't itNope, this my only twitterhttps://twitter.com/jayletrump
(DIR) Post #AW8FvbyAPGqGJW1W3k by Earmuffs@bae.st
2023-05-29T01:46:10.777694Z
2 likes, 0 repeats
@meticore @roboneko @sevvie @p @graf @Hoss Wow how dare he be aware of bad actors, how fucked up wow
(DIR) Post #AW8GLzZbGrH1356ztw by meticore@sneed.social
2023-05-29T01:50:54.791827Z
0 likes, 0 repeats
@Earmuffs @roboneko @sevvie @p @graf @Hoss >Wow how dare he be aware of bad actors, how fucked up wowits one thing to be aware of them, its another thing to plant malicious cookies my man
(DIR) Post #AW8GTVnXrFJj1HDiKm by Hoss@shitpost.cloud
2023-05-29T01:52:16.511498Z
3 likes, 0 repeats
On one hand, I get how sketch that is. On the other hand, no bad tactics, only bad targets.
(DIR) Post #AW8Gh6Np98deFcfZmS by Earmuffs@bae.st
2023-05-29T01:54:44.513956Z
2 likes, 0 repeats
@meticore @roboneko @sevvie @p @graf @Hoss He should do the same to you and let us know how sad your life is, how many hours a day do you waste trying and failing to get one on terry? How much of your life do you dedicate to hyper niche ecelebs nobody but losers like you know?You already doxxed yourself but he should also make your chubby virgin face public for fucks sake you shouldn't even speak if you look like someone whose only love interests could be his mum or a shortsighted pedophile Let's not leave aside all the eceleb merchandise you own, LOSERHusky_1685325267853_MA59AOFTPA.png
(DIR) Post #AW8GkCyJ6hu9YNDQIq by Earmuffs@bae.st
2023-05-29T01:55:19.529489Z
3 likes, 0 repeats
@meticore @roboneko @sevvie @p @graf @Hoss Spoken like a true gay faggot
(DIR) Post #AW8GnrPlCM9LqxnXTE by meticore@sneed.social
2023-05-29T01:55:57.203290Z
0 likes, 0 repeats
@Hoss @Earmuffs @roboneko @sevvie @p @graf graf and the NJP constantly accuse kiwifarms of information laundering or dox laundering, yet here we find out he laundered dox info thru justicereport/NJP
(DIR) Post #AW8GsXXwUj0XgJrAUC by p@freespeechextremist.com
2023-05-29T01:56:50.457862Z
3 likes, 0 repeats
@graf @roboneko @sevvie Yeah, but a couple of things, like what is actually the max size it keep before evicting, and how do you even know what it's doing without metrics?One thing I'm saying, say there's a 60MB video. Browser loads part of it (say a meg) then waits until you hit play. Say you don't. Instance doesn't know that, so media proxy asks for the whole 60MB, serves 1MB. Say that person has 20 followers on Poast. 20 people ask for the first meg and don't watch it, so that's 40MB wasted bandwidth. If it gets evicted during that period, then add 60MB wasted bandwidth per eviction.Or say the issue that started this, someone leaning on the page-down key, and their browser is requesting images, then they get to the media proxy, it's not aborting shit, it just keeps asking for new images because no one rate-limited outgoing reqs in this cursed media proxy, but their browser actually is not loading all these images...but Poast, with it's fat datacenter pipe, loads all these images fast enough to saturate my upstream. The guy doing it could not, with his residential cable (or whatever) connection, but Poast's server can. His browser will crash, at some point he's gonna run out of memory, but Poast is just flooding the reqs and dumping it to disk. The normal bottlenecks aren't there. The media proxy has been nothing but trouble for me.
(DIR) Post #AW8Gxt0m7DkHhatMsi by Hoss@shitpost.cloud
2023-05-29T01:57:45.388982Z
0 likes, 0 repeats
I've never understood how the farms is laundering any information when they literally just post it on their threads.
(DIR) Post #AW8GyJ2RLeWgQHs45Q by graf@poa.st
2023-05-29T01:57:51.802220Z
2 likes, 0 repeats
@p @roboneko @sevvie yeah its half baked. you have my word ill make sure its fleshed out properly
(DIR) Post #AW8H2kHrynGi5mCloe by p@freespeechextremist.com
2023-05-29T01:58:41.152748Z
1 likes, 0 repeats
@meowski Thanks, friend. It didn't look like he was gonna; I was bummed. But seems like he has a shot.
(DIR) Post #AW8H3MQMBgdWN6T5Jw by meticore@sneed.social
2023-05-29T01:58:44.710575Z
1 likes, 0 repeats
@Hoss @Earmuffs @roboneko @sevvie @p @graf its feds using the farms posting it or giving dox info to posters or some gay schizo shit like that
(DIR) Post #AW8H6mM6ERCJfI6g7M by p@freespeechextremist.com
2023-05-29T01:59:24.903193Z
2 likes, 1 repeats
@Kirino @graf I cannot die, nor can I ever be killed.
(DIR) Post #AW8HGEnJrjA6TPLgu0 by Kirino@seal.cafe
2023-05-29T02:01:07.074630Z
1 likes, 0 repeats
u will survive but not without some lumps, chump!
(DIR) Post #AW8HJdaAA50iDhofBo by sevvie@collapse.pub
2023-05-29T02:01:41.170706Z
1 likes, 0 repeats
@p @graf @Kirino what did God mean by this
(DIR) Post #AW8HLdr87CGFeEhxqq by meticore@sneed.social
2023-05-29T02:02:03.308666Z
1 likes, 0 repeats
@Earmuffs @roboneko @sevvie @p @graf @Hoss >You already doxxed yourself but he should also make your chubby virgin face public for fucks sake you shouldn't even speak if you look like someone whose only love interests could be his mum or a shortsighted pedophile Go ahead I don't mind if you dawks me I am not against doxing or pretend to be unlike @graf
(DIR) Post #AW8HV55uDGg2jT7WbI by Earmuffs@bae.st
2023-05-29T02:03:47.510231Z
3 likes, 0 repeats
@meticore @roboneko @sevvie @p @graf @Hoss So now it's about morals? Lmao kys cunt
(DIR) Post #AW8Hh5g7rnio1FmxLk by graf@poa.st
2023-05-29T02:05:57.034158Z
5 likes, 0 repeats
@Earmuffs @roboneko @sevvie @p @Hoss @meticore this nigger moves goalposts to suit his argument while using whataboutisms. you should just block him tbh
(DIR) Post #AW8Hk0ua2vpa6UwYVc by meticore@sneed.social
2023-05-29T02:06:27.957029Z
0 likes, 0 repeats
@graf @Earmuffs @roboneko @sevvie @p @Hoss you are a pedophile fed
(DIR) Post #AW8HtMkiDCYyRqmreS by p@freespeechextremist.com
2023-05-29T02:08:11.760981Z
3 likes, 0 repeats
@enoch @graf Differently from FSE? They enabled link previews and media proxy, CSP on /media and /proxy too permissive I think. graf's doing his thing, Poast has somewhat different parameters from FSE: Poast is pulling nontechnical users from Twitter and trying to provide a reasonably safe place for them to shitpost, FSE is probably more comfortable for technical users than nontechnical ones, like we have PleromaFE and bloat, Poast has Soapbox, FSE doesn't strip EXIF (the server faithfully follows the users' orders, even if they order it to do something stupid like serve a geo-tagged photo), Poast strips EXIF, FSE blocks a lot of VPN traffic and I tell people to use Tor, Poast blocks Tor but not most VPNs. Like that.So, I run FSE a little more paranoid, graf runs Poast a little more accommodating.
(DIR) Post #AW8JicH4MTCXJMvLLU by p@freespeechextremist.com
2023-05-29T02:28:39.797807Z
0 likes, 0 repeats
@meticore @Hoss @graf @roboneko @sevvie It's on by default.
(DIR) Post #AW8K3wN8phZFj1vrLk by p@freespeechextremist.com
2023-05-29T02:32:31.028368Z
0 likes, 0 repeats
@meticore @Hoss @graf @roboneko @sevvie Oh, that emoji thing? That doesn't require tying an IP to a person. There are accounts that do that in the bio.
(DIR) Post #AW8KeaekXFdR5Ze0EC by Earmuffs@bae.st
2023-05-29T02:39:07.170817Z
3 likes, 0 repeats
@graf @roboneko @sevvie @p @Hoss @meticore I think it's funny, I see him malding with terry quite often, a lolcow that actually deserves the status :0160:
(DIR) Post #AW8KlpR7ysWixLixpg by enoch@pleroma.phorophyte.org
2023-05-29T02:40:25.180926Z
1 likes, 0 repeats
@p other than serving media from a different domain that's pretty much 100% doable for me. Cheers.
(DIR) Post #AW8LhptURDtVAeeOI4 by p@freespeechextremist.com
2023-05-29T02:50:55.939426Z
5 likes, 0 repeats
@meticore @Hoss @graf @roboneko @sevvie Who do you think identified that account, tracked it down in the log files, and also pulled it from FSE's logs? There's only one person with a shell on FSE, that same guy has a shell on Poast, and one of the reasons for that is to do shit like this.Someone's responsible for a breach, do you look through your logs or not? It's not glowie shit, it's basic shit, and besides that, tearing up 20GB of text with awk is fun. "If I do some evil shit to your server, you're not allowed to look at your logs to figure anything out, you're not allowed to know which hosts have connected to your box"? Seriously, man? Same thing I did when pedos signed up on FSE, same thing I did when we got DDoS'd: figure out problem, figure out source of the problem, kill the source or stop the behavior from having the intended effect. Same thing you do to your log files if you have a problem.
(DIR) Post #AW8MY4dAtMOtw0vb2u by p@freespeechextremist.com
2023-05-29T03:00:22.383651Z
2 likes, 0 repeats
@Hoss @meticore @roboneko @sevvie @graf It's not really a trick, it's like, how did this nutjob dox, do they have an account, all that. I figured out what, where; I don't know who figured out it was Sargent. Since all of the screenshots included at least one gamer word, I figured she was that she was probably just spamming the search for that stuff, so I just looked for that, and only one person was spamming the search for that stuff. At the time, Poast kept longer logs than nowadays; graf wanted to block the IP, I wanted to just watch the logs to see when they came back.
(DIR) Post #AW8N0wlDEUPtvISI5Y by p@freespeechextremist.com
2023-05-29T03:05:35.469078Z
3 likes, 0 repeats
@meticore @Hoss @graf @roboneko @sevvie Since I was the one that did that, I can say he's only asked for help finding the journos that are doxxing people on Poast and writing those long articles about him. That seems like a little more than "literally nothing" but your call.
(DIR) Post #AW8NC6C2VDSKMbJyL2 by p@freespeechextremist.com
2023-05-29T03:07:36.398453Z
2 likes, 0 repeats
@lunarised :tedksmug:
(DIR) Post #AW8NksKQ2lDTUvp6jA by p@freespeechextremist.com
2023-05-29T03:13:53.497985Z
1 likes, 0 repeats
@ringo @meowski :bigbosssalute:
(DIR) Post #AW8OK3EpTNenTAywJU by p@freespeechextremist.com
2023-05-29T03:20:14.931408Z
2 likes, 0 repeats
@Earmuffs @sevvie You gotta make sure your dong is framed up, warm lighting, and then you gotta draw Rei hair on it.Here's hoping grandpa pulls through. I'm here because it looked like he wouldn't, but he's doing all right today. Still not good, but the situation has been steadily improving and no one expected it to.
(DIR) Post #AW8OZSBeznZBBtqOSe by p@freespeechextremist.com
2023-05-29T03:23:01.948953Z
1 likes, 0 repeats
@meticore @Earmuffs @Hoss @graf @roboneko @sevvie What are the rules? No one ever gave me a copy.
(DIR) Post #AW8OuLOXRcKmCqpSpE by p@freespeechextremist.com
2023-05-29T03:26:48.473966Z
3 likes, 2 repeats
@Hoss @meticore @Earmuffs @roboneko @sevvie @graf > no bad tactics, only bad targets. I disagree with that, but you know, someone hits below the belt, there's no ref to hand him a yellow card, what do you do? No rules of engagement that you can rely on.
(DIR) Post #AW8PEVOlxbFX1YYIjY by p@freespeechextremist.com
2023-05-29T03:30:27.086268Z
0 likes, 0 repeats
@graf @roboneko @sevvie You'll have better luck tweaking it to use IPFS or something. feld is amenable, saw a post the other day.
(DIR) Post #AW8PkIxJl313hSsDiq by p@freespeechextremist.com
2023-05-29T03:36:11.902586Z
2 likes, 0 repeats
@Kirino @graf Not if I try to remember the basics of CQC.alwayrembercqc.jpg
(DIR) Post #AW8PnnsBGUqQSN8gLI by sevvie@collapse.pub
2023-05-29T03:36:48.101948Z
1 likes, 1 repeats
@p @graf @Kirino
(DIR) Post #AW8PpCcwiNLtWJgFAu by p@freespeechextremist.com
2023-05-29T03:37:05.024757Z
1 likes, 0 repeats
@sevvie @Kirino @graf What a grand and intoxicating innocence!
(DIR) Post #AW8PqI4vvqY8iWI2bI by Kirino@seal.cafe
2023-05-29T03:37:16.260548Z
2 likes, 0 repeats
O shoot me can no fight da biggest of da bosses
(DIR) Post #AW8Q77CnbxZduwzYAK by p@freespeechextremist.com
2023-05-29T03:40:19.262675Z
1 likes, 0 repeats
@enoch :cheers:
(DIR) Post #AW8QE4BzDE14bEvUEi by graf@poa.st
2023-05-29T03:41:32.420147Z
3 likes, 0 repeats
@p @roboneko @sevvie feld has had poast blocked for like ever
(DIR) Post #AW8QKUT6QoBzpZzmAi by meticore@sneed.social
2023-05-29T03:42:41.386509Z
1 likes, 0 repeats
@p @roboneko @sevvie @graf @Hoss >Someone's responsible for a breach, do you look through your logs or not? It's not glowie shit, it's basic shitGraf, and other poast users, think that "laundering information/dox" is what glowniggers do, but in these logs we find out that he launders dox materials using justicereport.news
(DIR) Post #AW8QdAOXHybR4klTpA by p@freespeechextremist.com
2023-05-29T03:46:06.815099Z
1 likes, 0 repeats
@sevvie @Kirino @graf hiimdaisy was a delight.
(DIR) Post #AW8QgrWbOA7fi5Iegq by p@freespeechextremist.com
2023-05-29T03:46:46.885778Z
1 likes, 0 repeats
@Kirino @graf I saw him shoot a guy in the nuts with a tranq dart.
(DIR) Post #AW8RABEjBE35F6v3EO by p@freespeechextremist.com
2023-05-29T03:52:04.784817Z
1 likes, 0 repeats
@graf @roboneko @sevvie I mean there might be efforts underway or a branch, and if not, a patch would probably get accepted. There's an IPFS header, so that allows you to fetch the resource and if the header is present, abort the request and fetch from IPFS. I played a little with allowing IPFS URLs, but didn't do that kind of thing. One benefit is that anyone using Brave to look at Poast will already fetch it from there.
(DIR) Post #AW8RGTuieRMwuHZ5pQ by graf@poa.st
2023-05-29T03:53:11.387022Z
2 likes, 0 repeats
@p @roboneko @sevvie okay but i cant work with feld when he has all of poast blocked
(DIR) Post #AW8RScITJDC6NiSgFs by Kirino@seal.cafe
2023-05-29T03:55:24.046247Z
1 likes, 0 repeats
U CAN WORK THIS DICK, NIGGAAAAAAAAAAAAAAAAAAAAAAAAA
(DIR) Post #AW8RezbSTz7U8iFAps by p@freespeechextremist.com
2023-05-29T03:57:38.910445Z
2 likes, 1 repeats
@meticore @Hoss @graf @roboneko @sevvie I see "feds do that kind of thing" and it's accurate, feds do that. Then the other post says KF does it. Okay. And what? I'm just not seeing the world-ending scandal, I don't even see much of a contradiction. The cops also shoot your dog, but if someone else shoots your dog, they aren't necessarily a cop. So someone dumps his dox, he dumps theirs; turnabout's fair play, I thought.
(DIR) Post #AW8RiI6i8pKeOiR0s4 by charliebrownau@poa.st
2023-05-29T03:58:14.462615Z
0 likes, 1 repeats
@graf @p @roboneko @sevvie Why does the Fediverse have to be a single group list run byAnti Whites & Jews & Mentally ill and International Marxists/Commies/ZionistsWhy cant we have our own separate group network affiliation listsClearly certain groups are in compatibleTime for a peaceful self separation and self segregationLet US go our own way (away from you lot)
(DIR) Post #AW8RlzEmF0qt22yBjk by meticore@sneed.social
2023-05-29T03:58:52.428632Z
2 likes, 0 repeats
@p @roboneko @sevvie @graf @Hoss <2022-09-09T19:06:10.000Z> graf: I trust that you will keep this to yourself but we have some.. less than ethical traps and logging going on right now<2022-09-09T19:19:25.000Z> borzoi: 🤐<2022-09-09T19:31:51.000Z> borzoi: I can be as patient as long as it needs to take since I know the walls are closing in on this personHe also sets traps to log all traffic to try to dox specific users<2022-06-27T02:58:23.000Z> graf: im going to set up a trap in that poast's webserver will log all traffic by that IP and track him around, then we can paint a picture of where he went and what he was trying to do<2022-06-27T02:58:47.000Z> graf: but we are going to watch it for a few weeks. he will slip up with referral sites or other cookies that can be tracked and i will find them
(DIR) Post #AW8RmHR8ZnQzTatJVA by p@freespeechextremist.com
2023-05-29T03:58:57.938304Z
0 likes, 0 repeats
@graf @roboneko @sevvie Makes sense.
(DIR) Post #AW8RqejFuzx0sGS6ro by meticore@sneed.social
2023-05-29T03:59:44.425302Z
3 likes, 0 repeats
@p @Hoss @graf @roboneko @sevvie poast entire privacy policy is a lie
(DIR) Post #AW8Sf8WNQRRLkiV1LU by p@freespeechextremist.com
2023-05-29T04:08:52.753161Z
7 likes, 0 repeats
@charliebrownau @graf @roboneko @sevvie Eat fifty dicks, charliebrownau.
(DIR) Post #AW8ShWW9B9CAkrWvXE by graf@poa.st
2023-05-29T04:09:17.356940Z
4 likes, 0 repeats
@p @roboneko @sevvie @charliebrownau ((((((((DICKS)))))))))))))))))))))))))))))))
(DIR) Post #AW8SoMOLE0svNR8gEa by charliebrownau@poa.st
2023-05-29T04:10:32.566531Z
0 likes, 0 repeats
@graf @p @roboneko @sevvie Who the fuck has two dicks ..WTFMutant mudblood
(DIR) Post #AW8SvEDQ1RGm2vIyLw by charliebrownau@poa.st
2023-05-29T04:11:47.036463Z
0 likes, 0 repeats
@p @roboneko @sevvie @graf Go back to India
(DIR) Post #AW8SzlQaTtliD8cxOK by mrsaturday@shitposter.club
2023-05-29T04:12:35.833267Z
4 likes, 2 repeats
@charliebrownau @roboneko @sevvie @p @graf
(DIR) Post #AW8TSVx95ye4c9Z7Xk by p@freespeechextremist.com
2023-05-29T04:17:48.207840Z
4 likes, 1 repeats
@meticore @Hoss @graf @roboneko @sevvie > He also sets traps to log all traffic to try to dox specific usersA malicious user that runs a website that dumps dox. I'm not a fan of the site where it was published (NJP can eat a damn dick, Antelope Hill can eat a damn dick, etc.), so I didn't repost the link, but you're telling me about stuff I was present for.> <2022-06-27T02:58:23.000Z> graf: im going to set up a trap in that poast's webserver will log all traffic by that IP and track him around, then we can paint a picture of where he went and what he was trying to doI just told you, that was my idea. He wanted to block the IP, I wanted to watch to see when they came back and what they did. I just said that, man. The "trap" (not what I'd call it) was basically `tail -f nginx_logfile | mawk -Winteractive '$1 == whatever_the_ip_was'`.
(DIR) Post #AW8U4bYghcXZ0IHwLg by p@freespeechextremist.com
2023-05-29T04:24:41.234139Z
9 likes, 0 repeats
@meticore @Hoss @graf @roboneko @sevvie I don't think they're obligated to hold up their end of the privacy policy if the person is not supposed to be there. Privacy policies are for legitimate users of the site; site rules prohibit that behavior, which, again, was someone trying to dox people on Poast. The idea that it's fine for Sargent to dox people but you have to respect her privacy is kind of stupid.
(DIR) Post #AW8UMZtRdH3z3GZFMe by loathsome@petrolkorps.cc
2023-05-29T04:27:55.611249Z
2 likes, 0 repeats
Keeping and looking at logs is now a "trap"? :D
(DIR) Post #AW8V3yIclbYVCL2L4q by p@freespeechextremist.com
2023-05-29T04:35:46.680199Z
2 likes, 0 repeats
@graf @roboneko @sevvie @charliebrownau Actually lol'd.
(DIR) Post #AW8VHTbLhKre2nEby4 by p@freespeechextremist.com
2023-05-29T04:38:13.004236Z
3 likes, 0 repeats
@charliebrownau @roboneko @sevvie @graf Go back to Langley.
(DIR) Post #AW8YhadWSphHFqOXfk by Library@poa.st
2023-05-29T05:16:32.728459Z
0 likes, 0 repeats
@Earmuffs @graf @roboneko @sevvie @p @Hoss @meticore Isnt that meticore guy esofaggy or kop? I havent been paying much attention lol
(DIR) Post #AW8Ymn61ZBp3LUCqno by mia@freespeechextremist.com
2023-05-29T05:17:29.584845Z
2 likes, 0 repeats
@p @meticore @Earmuffs @Hoss @graf @roboneko @sevvie “Here’s Grafs phone number, but how dare you read your own traffic laws.”Book tier retardism.
(DIR) Post #AW8ZeKsKhtYZSRKnOS by Solbera@poa.st
2023-05-29T05:27:09.024620Z
1 likes, 0 repeats
@charliebrownau @graf @p @roboneko @sevvie Diphallia or penile duplication is an extremely rare congenital anomaly. It occurs once in every 5.5 million live births. The extent of penile duplication and the number of associated anomalies vary greatly, ranging from a double glans from a penis with no associated anomaly up to complete penile duplication associated with multiple anomalies.
(DIR) Post #AW8de0thNsupJW4iTA by ExtraSpecialK@poa.st
2023-05-29T06:11:55.644691Z
1 likes, 0 repeats
@graf @p I think everyone gets hacked at some point. The better question is do you treat it as a learning experience and do a better job next time.Admins are supposed to prevent the hack, but users should just assume the hack has already happened.
(DIR) Post #AW8dj2vxEy6Z4rWvIm by ExtraSpecialK@poa.st
2023-05-29T06:12:49.909416Z
2 likes, 0 repeats
@Shadowbroker2135 @p lol, it's empty
(DIR) Post #AW8dmEUUjBmtn2CmzQ by ExtraSpecialK@poa.st
2023-05-29T06:13:24.622203Z
1 likes, 0 repeats
@p @sevvie yeah they'll never find out about my additional pylons.
(DIR) Post #AW8e6bxv9wmKO2gchk by ExtraSpecialK@poa.st
2023-05-29T06:17:05.797922Z
2 likes, 0 repeats
@momo @momo @Humpleupagus Yeah I tried to use an alias on Dr Jordan B Peterson's, Know Your Email dot com and a video of Dr Peterson calling me a narcissist and a psychopath popped up.
(DIR) Post #AW8eYksFdC5k7mSEdM by ExtraSpecialK@poa.st
2023-05-29T06:22:10.834796Z
1 likes, 0 repeats
@p Sooo, disable ImageMagik?Right, simple enough... no moreapk add php-imagemagikfor me!
(DIR) Post #AW8fM52bRJNkrQogKG by ExtraSpecialK@poa.st
2023-05-29T06:31:05.718178Z
1 likes, 0 repeats
@p New idea; Scooby-doo and the case of the missing auth-token.Like Zoinks Scooob, we gotta get some nachos... and figure out how to get our auth-token back or we're like, gonna be expoooosed maaaan
(DIR) Post #AW8nOu9LBm3PaGpG4W by Soy_Magnus@detroitriotcity.com
2023-05-29T08:01:14.008689Z
3 likes, 0 repeats
@p @roboneko @sevvie @graf @Hoss @meticore "tail -f nginx_logfile | mawk -Winteractive '$1 == whatever_the_ip_was'" only $1¿ I'm ashamed of you p you could at least afford $100 I bet thats why that little eworm got away
(DIR) Post #AW8nX3JkzDRqKoaCv2 by maxmustermann@shitposter.club
2023-05-29T08:02:42.728210Z
2 likes, 0 repeats
@roboneko @sevvie @p As already mentioned; There are vast differences between instances. I don't think vanilla pleromer is vulnerable to that nonsense. I wonder if the people behind these hacks are not from alogs itself. They could be since that place ran out of goofs to make fun threads about. And no, Ralph and cozy.gov ain't enough to fill out a shit board.
(DIR) Post #AW8wjaLEvfeToqKMjY by maxmustermann@shitposter.club
2023-05-29T09:45:49.222118Z
1 likes, 0 repeats
@roboneko @sevvie @p > Blackhat for hireGiven that its /cow/ we are talking about, it could haven been as well 200M who is doing shit like this for clout. As I have mentioned; that place ran out of material.
(DIR) Post #AW8xVTWZZvqSZlSq6C by Moon@shitposter.club
2023-05-29T09:54:26.685919Z
1 likes, 0 repeats
@maxmustermann @roboneko @p @sevvie vanilla pleroma was vulnerable.
(DIR) Post #AW8yWaONd5KO7Uj35c by maxmustermann@shitposter.club
2023-05-29T10:05:52.728889Z
1 likes, 0 repeats
@Moon @p @roboneko @sevvie fug :DDD: Wait. Was that one of the reason why outside media didn't work for like a day?
(DIR) Post #AW8ylWzcYBKVv9GrhI by Moon@shitposter.club
2023-05-29T10:08:27.131434Z
1 likes, 0 repeats
@maxmustermann @p @roboneko @sevvie yes.
(DIR) Post #AW8yrl4F8ONjJGP0Ua by Moon@shitposter.club
2023-05-29T10:09:41.289354Z
1 likes, 0 repeats
@maxmustermann @p @roboneko @sevvie the changes I made should fully protect us from this entire class of problem even if a new one shows up. this is in fact a change I wish I made a long time ago, it was on my radar as a good security improvement.
(DIR) Post #AW9Rz6F1hpRtg3Ibia by xianc78@gameliberty.club
2023-05-29T15:35:58Z
1 likes, 0 repeats
@graf @roboneko @sevvie @p @charliebrownau All of them (((cut))).
(DIR) Post #AW9Yg8SBxJU4iRMSjg by nach@bae.st
2023-05-29T16:50:59.401207Z
1 likes, 0 repeats
@p it's always the dramaniggers, isn't it?
(DIR) Post #AW9iAYQqpfNTYrJWcK by p@freespeechextremist.com
2023-05-29T18:37:20.655036Z
0 likes, 0 repeats
@mia @Earmuffs @Hoss @graf @meticore @roboneko @sevvie I really don't get the, like, extreme rules-lawyering. What's it supposed to accomplish?
(DIR) Post #AW9iHj4ZfWyAadJWAy by p@freespeechextremist.com
2023-05-29T18:38:38.422872Z
0 likes, 0 repeats
@Solbera @charliebrownau @graf @roboneko @sevvie :chad:
(DIR) Post #AW9yXTcwSgz0aNvC8u by p@freespeechextremist.com
2023-05-29T21:40:46.003361Z
5 likes, 0 repeats
@ExtraSpecialK @graf > I think everyone gets hacked at some point.Knock on wood, nothing I have run yet, but yeah, this kind of thing happens.> Admins are supposed to prevent the hack, but users should just assume the hack has already happened. Users have to assume that anything could be compromised, including the admin. I tell that to people, they show up and ask if I'm a fed and I tell them just to assume I am.
(DIR) Post #AW9yeymF2riVDsqghE by p@freespeechextremist.com
2023-05-29T21:42:07.379272Z
1 likes, 0 repeats
@ExtraSpecialK @sevvie You need to construct them.
(DIR) Post #AWA2x6nqLN0d8yUwy0 by p@freespeechextremist.com
2023-05-29T22:30:13.184966Z
1 likes, 0 repeats
@ExtraSpecialK I love ImageMagick, but FSE doesn't run it for thumbnailing or uploads, partially because the place is more comfortable if the machine does what you tell it to do and partially because I remember having to patch shit in production due to ImageTragick.
(DIR) Post #AWA3ntTobokRAfIfei by p@freespeechextremist.com
2023-05-29T22:39:45.552232Z
1 likes, 1 repeats
@Soy_Magnus @Hoss @graf @meticore @roboneko @sevvie awk was made in the 70s, $1 used to mean something.
(DIR) Post #AWA4dryjR5vzZaXrAe by mint@ryona.agency
2023-05-29T22:48:47.176800Z
5 likes, 2 repeats
@p @roboneko @sevvie @Soy_Magnus @graf @Hoss @meticore $1 is now $6.75 thanks to inflation.
(DIR) Post #AWA4gtQsUEYox29TVI by sevvie@collapse.pub
2023-05-29T22:49:38.708129Z
4 likes, 1 repeats
@mint @roboneko @Soy_Magnus @p @graf @Hoss @meticore Goddamn economy introducing bugs in my awk one-liners.
(DIR) Post #AWA8uAzMvKJQyxsFkW by Soy_Magnus@detroitriotcity.com
2023-05-29T23:36:54.144700Z
2 likes, 0 repeats
@p @roboneko @sevvie @graf @Hoss @meticore do you mean to tell me there's something wrong with our monetary sus-tem¿
(DIR) Post #AWA94UM9lpDtwgRyU4 by Soy_Magnus@detroitriotcity.com
2023-05-29T23:38:45.875658Z
1 likes, 0 repeats
@mint @roboneko @sevvie @p @graf @Hoss @meticore yeah every hard money believer knows the dates 32, 44-45, 64, 72, 82 none of which I was alive for >={
(DIR) Post #AWB4F4tOTnjVXkBdBI by eisai@freespeechextremist.com
2023-05-30T10:19:23.013472Z
4 likes, 2 repeats
@p > yet another javascript ui has a stupid security breach VTS_01_2 00:27:00.699.jpg
(DIR) Post #AWBa0ASiDIFttTYHyK by p@freespeechextremist.com
2023-05-30T16:15:14.958592Z
0 likes, 0 repeats
@nach Over 9,000% of the time.
(DIR) Post #AWBdHOf6yGsCigG6cK by p@freespeechextremist.com
2023-05-30T16:51:58.700956Z
3 likes, 1 repeats
@mint @Hoss @Soy_Magnus @graf @meticore @roboneko @sevvie At least a new implementation of awk would be able to retain "$0".
(DIR) Post #AWBe8PTOgba4aD3fCy by p@freespeechextremist.com
2023-05-30T17:01:33.536627Z
1 likes, 1 repeats
@Soy_Magnus @Hoss @graf @meticore @roboneko @sevvie :tucker:
(DIR) Post #AWDluoeRSvTSZDAmm0 by ehhh@varishangout.net
2023-05-31T17:38:00.433853Z
2 likes, 0 repeats
@ExtraSpecialK @roboneko @sevvie @p @graf @Hoss Njalla sucks, I've seen them pull the rug on their customers several times over fake CP reports because the company gives zero communications to sysadmins nor do they investigate if their clients are actually abusing their services.
(DIR) Post #AWDmYpkEorHFXdxwky by Jens_Rasmussen@gleasonator.com
2023-05-31T17:45:23.286029Z
1 likes, 0 repeats
@ehhh @roboneko @sevvie @p @ExtraSpecialK @graf @Hoss This sounds like the kind of thing Disa would know about. He made a site where he describes his experiences with various providers.
(DIR) Post #AWDmfkeO9sVDljWphQ by ehhh@varishangout.net
2023-05-31T17:46:35.252371Z
1 likes, 0 repeats
@mrsaturday @roboneko @sevvie @p @charliebrownau @graf stealing
(DIR) Post #AWDnEv9d64oITuuZ3Q by ehhh@varishangout.net
2023-05-31T17:52:57.498373Z
1 likes, 0 repeats
@p @enoch @graf Doesn't poast still have its tor site? :flan_think:
(DIR) Post #AWDnNgiU96KgJGOZGq by ehhh@varishangout.net
2023-05-31T17:54:03.690340Z
1 likes, 0 repeats
@Shadowbroker2135 @p context? 😆
(DIR) Post #AWDq252PL4B1EU6OKO by Shadowbroker2135@poa.st
2023-05-31T18:24:17.622353Z
1 likes, 0 repeats
@ehhh @p youtube.com/watch?v=xaF0LSwzFog&t=9s
(DIR) Post #AWDqm55tShZcjBfRia by ehhh@varishangout.net
2023-05-31T18:32:33.588006Z
1 likes, 0 repeats
@Shadowbroker2135 @p alogs are desperately trying to make a somethingburger out of a nothingburger fr.
(DIR) Post #AWDrD0CfklgdNWfvV2 by Shadowbroker2135@poa.st
2023-05-31T18:37:28.356430Z
1 likes, 0 repeats
@ehhh @p Honestly I haven't heard anything in a few days. Feels like it's already over.
(DIR) Post #AWDrQk9GF5CXdfdETA by ehhh@varishangout.net
2023-05-31T18:39:55.245746Z
3 likes, 0 repeats
@Shadowbroker2135 @p the hack itself is more interesting than snooping at old admin dms tbh. Other vulnerabilities were discovered in the process, so hopefully this will keep future exploits at bay for a while.
(DIR) Post #AWFsli8JQ1ZTjwfab2 by p@freespeechextremist.com
2023-06-01T18:04:22.628027Z
2 likes, 0 repeats
@ehhh @enoch @graf I think so, but they block Tor exits from the main site.
(DIR) Post #AWFvmYnHvVMGvYvsjA by dcc@annihilation.social
2023-06-01T18:38:05.864666Z
1 likes, 0 repeats
@p @enoch @graf @ehhh i was able to set up tor for my site with mints help, i2p is next (and all the rest of my shit)
(DIR) Post #AWFwRscv5rMOJJmmGG by p@freespeechextremist.com
2023-06-01T18:45:36.818151Z
1 likes, 0 repeats
@dcc @ehhh @enoch @graf Oh, yeah, they don't do Tor federation. FSE doesn't either, but it is a thing that can be set up.
(DIR) Post #AWFwj8CKSBrhWhZeMq by dcc@annihilation.social
2023-06-01T18:48:38.766650Z
1 likes, 0 repeats
@p @enoch @graf @ehhh i know it does not so i was spammed with thousands of cloud flair errors (doing how it says on the wiki) to doing it mints way :alex_lol:
(DIR) Post #AWFxaTbrZkFfHXxEnI by dcc@annihilation.social
2023-06-01T18:58:17.791696Z
1 likes, 0 repeats
@p @ehhh @enoch @graf because*These spelling mistakes were a result of :no_sleep: (i only slept one hour today)
(DIR) Post #AWGAg5M7xivbCZbCQy by ehhh@varishangout.net
2023-06-01T21:24:42.142106Z
1 likes, 0 repeats
@dcc @p @enoch @graf wtf.
(DIR) Post #AWGEwHn5tfCyDaC1a4 by dcc@annihilation.social
2023-06-01T22:12:39.470657Z
1 likes, 0 repeats
@ehhh @p @enoch @graf which part?
(DIR) Post #AWGFq7F6In4nigulF2 by ehhh@varishangout.net
2023-06-01T22:22:49.806761Z
1 likes, 0 repeats
@dcc @p @enoch @graf the one hour of sleep.
(DIR) Post #AWGGAy35gAkPHsEvXE by dcc@annihilation.social
2023-06-01T22:26:34.835502Z
1 likes, 0 repeats
@ehhh @p @enoch @graf lol, well i did take a nap from 7pm to 10pm and then went to bed at 8am so its more a techincal one hour :pepe_tea: