Conversation
Notices
-
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 04:52:25 JST 
Pleroma-tan
???? -
Embed this notice
ruin (ruin@mai.waifuism.life)'s status on Wednesday, 22-May-2024 04:55:02 JST 
ruin
@kirby@lab.nyanide.com the friendica instance is coming from inside the house
Pleroma-tan likes this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 04:55:12 JST
Pleroma-tan
@ruin we've always been on vpses lmao. jibberjabber.online is where this redirects to -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 22-May-2024 04:55:21 JST 
@kirby @ruin
```
$ curl https://agency.local/api/v1/instance/peers | jq | grep 192
"192.168.1.228",
```
1715841625564.jpgPleroma-tan likes this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 04:55:37 JST
Pleroma-tan
@mint @ruin what da heck is goin on!!!!! -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 22-May-2024 04:58:21 JST
pleroma=# select ap_id from users where nickname = 'friendica@192.168.1.228'; ap_id --------------------------------------- https://jibberjabber.online/friendica (1 row) Running theory is that they fucked up webfinger and Pleroma somehow ate it up.
Pleroma-tan repeated this. -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 22-May-2024 05:02:12 JST
@kirby @ruin https://jibberjabber.online/.well-known/webfinger?resource=acct:friendica@jibberjabber.online returns a different local address at the moment, though it isn't in my peerlist.
Screenshot_20240521_230009.pngPleroma-tan likes this. -
Embed this notice
ruin (ruin@mai.waifuism.life)'s status on Wednesday, 22-May-2024 05:04:27 JST
ruin
@kirby@lab.nyanide.com https://play.google.com/store/apps/details?id=appjibberjabberonline.wpapp&hl=en_IE
related?Pleroma-tan likes this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 05:05:09 JST
Pleroma-tan
@mint @ruin maybe a fresh new instance will cause that address to federate instead??? is this a bug that needs to be brought up with the pleroma devs? -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 22-May-2024 05:06:08 JST
@kirby @ruin The service account also returns internal address everywhere except the inboxes. I'll have to test it out sometime later.
Screenshot_20240521_230401.pngPleroma-tan likes this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 05:13:10 JST
Pleroma-tan
cc @lanodan @alex well i mean this is obviously not intentional right???? -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 22-May-2024 05:56:37 JST
@kirby @ruin Holy fuck it was THAT easy to overwrite the account nickname. ✙ dcc :pedomustdie: :phear_slackware: likes this.Pleroma-tan repeated this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 05:56:43 JST
Pleroma-tan
@ruin well this is a security vulnerability :D -
Embed this notice
daniel stevens of ontario, canada (graf@fba.ryona.agency)'s status on Wednesday, 22-May-2024 05:56:52 JST
daniel stevens of ontario, canada
@kirby@lab.nyanide.com @ruin@mai.waifuism.life I suck c0ck for malboros Pleroma-tan likes this.Pleroma-tan repeated this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 05:58:35 JST
Pleroma-tan
@mint @ruin wait is the the bug mr. gleason mentioned a year ago??? -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 22-May-2024 05:59:26 JST
@kirby @ruin Perhaps. Pleroma-tan likes this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 06:01:59 JST
Pleroma-tan
@graf @ruin cc @theorytoe theory how do you feel about this -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 06:07:08 JST
Pleroma-tan
@mint @ruin he mentioned how you were able to spoof being any user but it was a problem with webfinger. this is reminiscent of that -
Embed this notice
nukie (nukie@boymoder.biz)'s status on Wednesday, 22-May-2024 06:36:05 JST 
nukie
@mint @kirby @ruin what the fuck did you just bring upon this cursed world and Pleroma-tan like this.Pleroma-tan repeated this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 06:53:38 JST
Pleroma-tan
@nukie @ruin @mint interesting side effect
I guess I'll have to make pleroma re fetch the profile later if there's a command for that✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 07:00:31 JST
Pleroma-tan
@nukie @mint @ruin guessing this is why you thought the other thing might help. ✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 22-May-2024 07:13:04 JST
@kirby @nukie @ruin You can just swap the nickname fieks in users table to fix that. On that note, did a few tests on random instances with zero posts, and Pleroma 2.4.x and earlier aren't affected, and so is Rebased.
Screenshot_20240522_011046.pngPleroma-tan likes this.Pleroma-tan repeated this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 07:16:03 JST
Pleroma-tan
@mint @nukie @ruin Yeah so alex addressed this issue before, but the pleroma team never got around to fixing it i guess. well a new emergency release is gonna be nice at least. likes this. -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 22-May-2024 07:17:33 JST
@kirby @nukie @ruin https://gitlab.com/soapbox-pub/rebased/-/commit/f08184b0fa8bc5b58c42e053abb4742d35c20760
I think that might or might not be the fix. What I find funny is that Marcin made MRs for a bunch of changes to upstream since, including some for webfinger, but not that.
https://git.pleroma.social/pleroma/pleroma/-/commits/develop?search=webfingerPleroma-tan likes this.Pleroma-tan repeated this. -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 22-May-2024 07:18:15 JST
@kirby @nukie @ruin Nevermind, it's this.
https://gitlab.com/soapbox-pub/rebased/-/merge_requests/270Pleroma-tan likes this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 07:20:28 JST
Pleroma-tan
@mint @nukie @ruin I also just tested with akkoma [DRC] and it also doesn't seem to be affected, post doesn't show up when I tag myself or i try to fetch the object
so that's nice likes this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 07:34:11 JST
Pleroma-tan
@mint @nukie @ruin actually it works on akkoma.mercurywork.shop [which also happens to have poast defederated but simplemrf didn't catch that somehow]
it's running 3.10.4 so it's a bit older but still affected likes this. -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 22-May-2024 07:35:56 JST
@kirby @nukie @ruin >but simplemrf didn't catch that somehow
Because it checks against AP IDs instead of nicknames. I believe the devs took the fix and recommited it at one point, making a fancy blogposts about security updates.Pleroma-tan likes this.Pleroma-tan repeated this. -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 22-May-2024 07:41:48 JST
@kirby @nukie @ruin Or not, I misremembered about signed fetch issue with threads.net. Looked at the commit history, didn't find anything relevant, which might be explained by the fact they forked before Pleroma 2.5 release (which introduced the bug). ✙ dcc :pedomustdie: :phear_slackware: and Pleroma-tan like this.Pleroma-tan repeated this. -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 22-May-2024 07:53:20 JST
@kirby @nukie @ruin Thank you Alexander Strizhakov, very cool!
https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3361Pleroma-tan likes this. -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 22-May-2024 08:01:38 JST
@kirby @nukie @ruin Are you sure it showed with @poa.st and not @fba.ryona.agency? Because if not, the bug might lay deeper than that, working only if the proper account doesn't exist in their DB (because the domain is blocked). Though that might be an ackoma quirk which I shouldn't be concerned about; tests with pleroma proper showed that it just doesn't work on 2.4 and lower. Pleroma-tan likes this.Pleroma-tan repeated this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 08:09:20 JST
Pleroma-tan
@mint @nukie @ruin likes this. -
Embed this notice
þernia (pernia@cum.salon)'s status on Wednesday, 22-May-2024 08:13:50 JST 
þernia
@nukie @kirby @ruin @mint global plausible deniability mrf and Pleroma-tan like this. -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 22-May-2024 08:14:05 JST
@kirby @nukie @ruin Interesting. But still, not going to be concerned about ackoma. Pleroma-tan likes this.Pleroma-tan repeated this. -
Embed this notice
shitpisscum (shitpisscum@mrhands.horse)'s status on Wednesday, 22-May-2024 08:16:52 JST 
shitpisscum
@mint @nukie @kirby @ruin
>Pleroma 2.4.x and earlier aren't affected
shitpisscum.mooo.com ftw 😎 and Pleroma-tan like this.Pleroma-tan repeated this. -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 22-May-2024 08:17:53 JST
@shitpisscum @nukie @kirby @ruin Can't poison the DB if it's clogged. Pleroma-tan likes this.Pleroma-tan repeated this. -
Embed this notice
shitpisscum (shitpisscum@mrhands.horse)'s status on Wednesday, 22-May-2024 08:18:30 JST
shitpisscum
@mint @nukie @kirby @ruin A fellow dba I see and Pleroma-tan like this. -
Embed this notice
þernia (pernia@cum.salon)'s status on Wednesday, 22-May-2024 08:26:53 JST
þernia
@mint @nukie @kirby @ruin this could be really funny. ghost war against ackoma and Pleroma-tan like this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 08:30:00 JST
Pleroma-tan
@pernia @nukie @ruin @Owl @mint itd be kind of funny to reply as graf or something to some of the "cleaner" ones on a fresh domain and see the reactions likes this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 08:33:57 JST
Pleroma-tan
@pernia @Owl @mint @nukie @ruin nvm they'd probably send annoying letters to my hosting providers i don't feel like dealing with that if I could figure out this bug. They've sent letters to other people before -
Embed this notice
þernia (pernia@cum.salon)'s status on Wednesday, 22-May-2024 08:35:10 JST
þernia
@kirby @nukie @ruin @Owl @mint what is a letter gonna do? :francisco: throws anything not law-enforcement related in the trash and Pleroma-tan like this. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 08:42:28 JST
Pleroma-tan
@pernia @nukie @ruin @Owl @mint oplink seems friendly enough but I sort of don't want to take any chances. -
Embed this notice
Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 22-May-2024 12:11:31 JST
Pleroma-tan
@j @graf @ruin this is a forged post, pleroma user spoofing bug, expect a new release soon i guess? -
Embed this notice
Jake (formerly sjw) :lain_sneed: (j@bae.st)'s status on Wednesday, 22-May-2024 12:11:32 JST 
Jake (formerly sjw) :lain_sneed:
@graf @kirby @ruin what are you doing? Pleroma-tan likes this. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Wednesday, 22-May-2024 12:33:00 JST 
Alex Gleason
@kirby @j @graf @ruin 👏 👏 👏 Pleroma-tan likes this. -
Embed this notice
Jake (formerly sjw) :lain_sneed: (j@bae.st)'s status on Wednesday, 22-May-2024 12:39:50 JST
Jake (formerly sjw) :lain_sneed:
@kirby @graf @ruin yeah I see now. The username update should have validation. Pleroma-tan likes this. -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 22-May-2024 18:45:24 JST
@kirby @nukie @ruin Anyway, looks like the charade is over. Seems that no one but yours truly happened to have fun with that in the meantime.
https://git.pleroma.social/pleroma/pleroma/-/merge_requests/4114Pleroma-tan likes this. -
Embed this notice
(mint@ryona.agency)'s status on Thursday, 23-May-2024 00:59:32 JST
@alex @j @graf.fake@poa.st @kirby @ruin Note how the changelog omits the credits to whoever made the bugfix once again.
https://pleroma.social/announcements/2024/05/22/pleroma-security-release-2.6.3/ - uncredited
https://pleroma.social/announcements/2024/02/20/pleroma-security-release-2.6.2/ - credited to some akkoma tranny
https://pleroma.social/announcements/2023/09/03/pleroma-security-release-2.5.5/ - uncredited
https://pleroma.social/announcements/2023/08/05/pleroma-security-release-2.5.4/ - credited to some akkoma tranny -
Embed this notice
(mint@ryona.agency)'s status on Thursday, 23-May-2024 01:10:33 JST
@alex @j @kirby @ruin Speaking of fixes, I once again ask you to apply the fix to my MRF change. Gitlab dehumanizes me.
https://ryona.agency/media/801102f83479d5a08b68bc85551f03b5dcc3ab2b174fb5542fa0910a8e0d8ca6.patch?name=RemoteReportPolicy-Fix-third-party-report-detection.patch -
Embed this notice
nukie (nukie@boymoder.biz)'s status on Thursday, 23-May-2024 19:17:16 JST
nukie
@mint @kirby @ruin i think the bell/subscription is broken now, I only see replies that directly mention me in notifs. not sure if it's related tho likes this. -
Embed this notice
(mint@ryona.agency)'s status on Thursday, 23-May-2024 19:18:44 JST
@nukie @kirby @ruin I've cherrypicked Alex's fix before the proper MR got merged. Don't see how it can affect notifications, but won't be suprised it somehow does. -
Embed this notice
(mint@ryona.agency)'s status on Friday, 24-May-2024 18:27:16 JST
@nukie @kirby @ruin And here's the reason, merging shit that breaks previous frontend behavior.
https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3659 -
Embed this notice
nukie (nukie@boymoder.biz)'s status on Saturday, 25-May-2024 00:44:48 JST
nukie
@mint @kirby @ruin cc @hj apparently subscriptions (the bell button that makes all the posts of the user appear in your notifs) got broken after backend update, please take a look narcolepsy and alcoholism :flag: likes this. -
Embed this notice
narcolepsy and alcoholism :flag: (hj@shigusegubu.club)'s status on Sunday, 26-May-2024 05:47:09 JST 
narcolepsy and alcoholism :flag:
@nukie @i @kirby @ruin @mint fucked up themes how? The editor is a bit broken (i'm gonna replace it entirely) but otherwise it should work. -
Embed this notice
nukie (nukie@boymoder.biz)'s status on Sunday, 26-May-2024 05:47:11 JST
nukie
@i @kirby @ruin @mint @hj updated, and it absolutely fucked up the theme. we can't have nice things on the mastadon network -
Embed this notice
:blank: (i@declin.eu)'s status on Sunday, 26-May-2024 05:47:13 JST 
:blank:
@nukie @kirby @ruin @mint @hj https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1916 -
Embed this notice
narcolepsy and alcoholism :flag: (hj@shigusegubu.club)'s status on Sunday, 26-May-2024 06:10:33 JST
narcolepsy and alcoholism :flag:
@nukie @i @kirby @ruin @mint develop IS that separate branch, use master if you want more stable experience -
Embed this notice
nukie (nukie@boymoder.biz)'s status on Sunday, 26-May-2024 06:10:34 JST
nukie
@hj @i @kirby @mint @ruin alright, downgraded and now everything's fine. this is why no one takes frontend soydevs seriously, could've just put this shit into separate branch until it matures -
Embed this notice
nukie (nukie@boymoder.biz)'s status on Sunday, 26-May-2024 06:10:36 JST
nukie
@hj @i @kirby @ruin @mint half of the shit in redmond theme is wrong color, like black titlebars on dark blue background -
Embed this notice
narcolepsy and alcoholism :flag: (hj@shigusegubu.club)'s status on Sunday, 26-May-2024 06:11:13 JST
narcolepsy and alcoholism :flag:
@nukie @i @kirby @ruin @mint i've noticed that too but I think it only happens on firefox for some reason, i need to investigate further what's up with that.
-
Embed this notice
All GNU social JP content and data are available under the 
