Conversation

Notices

1. Embed this notice
   𝅙𝅙𝅙𝅙𝅙𝅙𝅙𝅙 (sally@freesoftwareextremist.com)'s status on Tuesday, 03-Jun-2025 19:37:11 JST 𝅙𝅙𝅙𝅙𝅙𝅙𝅙𝅙

   • Zergling_man
   @Zergling_man @dwarvenallfather
   
   Arbitrary code execution vulnerability.
   • 翠星石 likes this.
   • Embed this notice
     𝅙𝅙𝅙𝅙𝅙𝅙𝅙𝅙 (sally@freesoftwareextremist.com)'s status on Tuesday, 03-Jun-2025 19:37:09 JST 𝅙𝅙𝅙𝅙𝅙𝅙𝅙𝅙

     in reply to

     • Zergling_man
     @Zergling_man @dwarvenallfather
     
     It makes you pointlessly waste power and CPU cycles like 99,9% of javashit, that alone is malicious behavior.
     翠星石 likes this.
   • Embed this notice
     Zergling_man (zergling_man@sacred.harpy.faith)'s status on Tuesday, 03-Jun-2025 19:37:10 JST Zergling_man

     in reply to
     @sally @dwarvenallfather Probably. It just contains info about the request though, and specifically does not include user-agent so you can't do anything funny that way.
     But I think it does include the path so maybe that justifies it.
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Tuesday, 03-Jun-2025 19:37:30 JST 翠星石

     in reply to

     • Zergling_man
     @Zergling_man @sally @dwarvenallfather BloatFE winners stay winning.
   • Embed this notice
     Zergling_man (zergling_man@sacred.harpy.faith)'s status on Tuesday, 03-Jun-2025 19:37:31 JST Zergling_man

     in reply to

     • Zergling_man
     @dwarvenallfather @sally (But by that definition half of fedi is malware.)
   • Embed this notice
     Zergling_man (zergling_man@sacred.harpy.faith)'s status on Tuesday, 03-Jun-2025 19:37:32 JST Zergling_man

     in reply to
     @sally @dwarvenallfather Well yeah.
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Tuesday, 03-Jun-2025 19:46:07 JST 翠星石

     in reply to

     • Zergling_man
     @Zergling_man @sally @dwarvenallfather >not even licensed.
   • Embed this notice
     Zergling_man (zergling_man@sacred.harpy.faith)'s status on Tuesday, 03-Jun-2025 19:46:09 JST Zergling_man

     in reply to

     • 翠星石
     @sally @dwarvenallfather @Suiseiseki https://github.com/ihabunek/toot
     >github
   • Embed this notice
     𝅙𝅙𝅙𝅙𝅙𝅙𝅙𝅙 (sally@freesoftwareextremist.com)'s status on Tuesday, 03-Jun-2025 19:46:10 JST 𝅙𝅙𝅙𝅙𝅙𝅙𝅙𝅙

     in reply to

     • 翠星石
     • Zergling_man
     @Zergling_man @Suiseiseki @dwarvenallfather
     
     Send repo.
   • Embed this notice
     Zergling_man (zergling_man@sacred.harpy.faith)'s status on Tuesday, 03-Jun-2025 19:46:11 JST Zergling_man

     in reply to

     • 翠星石
     @Suiseiseki @dwarvenallfather @sally I was talking about the people.
     But also, toot > bloatfe.
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Tuesday, 03-Jun-2025 19:59:13 JST 翠星石

     in reply to

     • Zergling_man
     @sally @Zergling_man @dwarvenallfather There is a copy of the GPLv3 and a note in he readme that says "GPLv3", but not if it's GPLv3-only or GPLv3-or-later and it doesn't say what particular files are under the license.
     
     There are no license headers either.
     
     The only conclusion that can be reached is that at least one file is under the GPLv3-ambigious, but it's unclear as to which one(s).
   • Embed this notice
     𝅙𝅙𝅙𝅙𝅙𝅙𝅙𝅙 (sally@freesoftwareextremist.com)'s status on Tuesday, 03-Jun-2025 19:59:15 JST 𝅙𝅙𝅙𝅙𝅙𝅙𝅙𝅙

     in reply to

     • 翠星石
     • Zergling_man
     @Suiseiseki @Zergling_man @dwarvenallfather
     
     I'm seeing a GPL license there.
   • Embed this notice
     Zergling_man (zergling_man@sacred.harpy.faith)'s status on Tuesday, 03-Jun-2025 20:04:04 JST Zergling_man

     in reply to

     • 翠星石
     @Suiseiseki @dwarvenallfather @sally Probably readme.md.
     翠星石 likes this.