most of the instances are offline or admin only login last I checked
who would have thought software that was quickly spun up to replace something carefully written over the course of 7 years because tankies would have 0 days
you don’t understand, piefed only has the best code. Everyone says so and it even happens so much faster than those dirty tankies. Some say it is the perfect code but please whatever you do don’t look at it just imagine the best possible code and that’s it.
Here I was thinking the downtime was due to the hosting DC having a fire https://www.datacenterdynamics.com/en/news/northc-data-center-outside-amsterdam-suffers-fire/
Lol. Lmao, even
Ohhhh that’s why they need possibly 24hrs of downtime 😂😂😂😂😂
Even dealing with a security issue the code is shit. Why are they chaining multiple ors in a if single statements
| | | | -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | | `def is_invalid_get_request_uri(uri):` | | | | `if current_app.debug:` | | | `return False` | | | `try:` | | | `ip = ipaddress.ip_address(furl(uri).host)` | | | `except:` | | | `ip = None` | | | `` | | | `if ip:` | | | `return ip.is_private or ip.is_link_local or ip.is_reserved or ip.is_loopback or ip.is_multicast or ip.is_unspecified` | | | `return False` | | | `` | | | `` | | | `def is_invalid_post_request_uri(uri):` | | | `return is_inv` |https://codeberg.org/rimu/pyfedi/commit/ada8e2ea35ec687000b7e7c2343288d44a219c3a
I mean they weren’t given any heads up but had to instantly shut down their servers and figure out what was going on and come up with a solution on the spot. Not that I think piefed is well-made but just publicly posting critical security vulnerabilities is a dick move.
Was it a zero day? And fair.
Yeah, piefed is rather small and apparently no one even thought to as much as prompt an LLM for the code. It was an unknown vulnerability.
https://lemmy.ml/post/47379574 - - I think this is at least one of them?
Will be an interesting read when not weekend.
Mostly wasn’t sure if something big in python or just the implementation. Been so many announcements on big vulnerabilities lately
If it’s the one from yogthos then yeah
Bare except, too. Not ideal.
“security tweaks”
Yeah I’m no expert but [the bug they fixed could theoretically get cloud hosting private keys for the hosted service]
Complete hallucination, this is improper validation of requests, nothing about fetching something or leaking credentials.
Also, 169.254.0.0/16 is the link-local IPv4 network so it doesn’t even make sense outside of the fact that aws servers may get metadata on such networks (which again is absolutely unrelated to this diff). Is this a 3b model? Seems like it ran out of context, maybe it loaded the entire html page.
Yeah I’m no expert
I’ll bold it next time. However, thank you for your analysis!
is this live? If it is please remove the comment and tell the devs. This could put people who already are being harassed on the regular by trolls at risk. I don’t know if IP addresses are logged, not everyone uses burner email addresses etc.
I can’t even mod the comment bc then it just shows up on the modlog, i’d have to remove the entire post.
They patched it. This is what the threat was.
Ah good
It was not, that’s only what deepseek said it was. I don’t know why you edited the comment to hide the details of the hallucination instead of accepting that it fluked.
I changed it before I read your comment because a mod asked me to. Relax.
If I was fed the pie, will I be okay or should I get help?
i would suggest forcing fingers down your throat until you upchuck it
ha ha
Lol wait really? Makes a blog post about burn out, zeroday crashes every piefed instance?
Interesting
| 6 hours ago | infosec.pub mod | Deleted post Piefed has some really bad security bugs that p… in cybersecurity@infosec.pub |
Other than the dev?
