Conversation
Notices
-
Embed this notice
from a dm convo between me and @p
- pistolero likes this.
-
Embed this notice
@Nepiant Yeah, so the reason Pleroma was tweaking file extensions was actually an attempt to *add* security, but it made Pleroma susceptible to that libmagic bug. It can't break if it doesn't exist.
-
Embed this notice
@Nepiant @p
Press brake 🥺
Brake presses back up 🦉
rm refuses to unlink a file because the volume is full 🦀
-
Embed this notice
@RedTechEngineer @Nepiant I am willing to bet that accidents are actually more common for people that drive these cars that make decisions for you.
-
Embed this notice
@p @Nepiant
Completely irrelevant to what you are talking about but I like how if I login to my fsebugoutzone account I can upload a picture and it just works but if I do it on stock 🅱️leroma it fucks with shit or silent errors out at me because it's not a regular legacy jpg and lain tells me I have to go create an account on some shithub site and file a bug report on some dependency and pleroma's media handling is still broken 5 years after the fact and now I'm sad.
Stop holding my hand please, you are crushing it!
-
Embed this notice
@RedTechEngineer @Nepiant
> I can upload a picture and it just works
:bigbosssalute:
> Stop holding my hand please, you are crushing it!
I am stealing this.
-
Embed this notice
@p @RedTechEngineer @Nepiant Just remove the ABS sensors 👌
-
Embed this notice
@sysrq @Nepiant @RedTechEngineer Wasn't my car. I would not have bought that car.
-
Embed this notice
@lamp @Nepiant
> pleroma needs BETTER media processing, not less,
I upload a file and I want to convey exactly those bytes that are in the file. If I'm uploading it, I've already done as much processing as I want done to it.
If there were a per-upload checkbox, "It's okay to fuck with this and second guess me", sure. A per-user setting would be fine, too. But if it did "better" media processing, I would remove it.
You saw how 4chan got owned, and it was essentially the same bug as ImageTragick, years ago. It's retarded. I'm not executing that kind of thing on a server if it's my choice.
-
Embed this notice
@Nepiant @p pleroma needs BETTER media processing, not less, why fucking remove strip exif at least it helps, but pleroma has to strip metadata from heic and video files too, cuz fucking android and some ios apps sometimes don't.
-
Embed this notice
@lamp @Nepiant
> The only files I'd upload to a social network are almost always media for other people to look at,
Every file on any website exists for other people to look at.
I have uploaded scripts, binaries, a really old build of TempleOS from when it was called LoseThos, PDFs, a shitload of PDFs, text files. I don't want the server to fuck with it, so I have stopped my server from fucking with it.
> it doesn't matter if the bytes are changed
If that is what you want to do, fine. Doesn't affect me if you don't want to do the things I want to do.
> what matters is not getting ur exact GPS location exposed.
This is illusory. You are giving the server that shit and the server can do what it wants: remove it before uploading it. Look at fucking Parler. Don't upload it if you don't want it to become public because a server with training wheels is not going to save you from your own bad decisions.
> That's much worse than rare glitch
"Rare glitch" has gotten people arrested. If you are paying me for my time, that's one thing, but I run FSE and I'm the one that has to deal with it if FSE gets owned and I'm going to run it this way.
> that lets ppl mess with the server full of useless public data,
There is data on any server that is not public: that is why a compromise is a problem. Look at what happened to chudbuds.lol and then imagine what would have happened if, instead of dumping Claire's dox, they just decided to leave something that captured credentials passively. Poast/Baest got hit by an auth token hijack and all the chat messages leaked.
People on other servers have whined about Pleroma sometimes not caring about email addresses: Gleason actually filed a bug to try to get Pleroma to remove the option. But if FSE actually required a real email address, then that would be more personal data that FSE has, making FSE a more valuable target.
> No I did not see I don't look at 4chan.
I haven't looked at 4chan itself in a very long time, but the exploit was PDF thumbnail generation. If you treat uploads as opaque blobs, this entire class of bug is impossible. So all the admins' email addresses, the code (including the hacks, the special-cased IP addresses, etc.) became public.
-
Embed this notice
@p @Nepiant The only files I'd upload to a social network are almost always media for other people to look at, it doesn't matter if the bytes are changed (it's better that they are to compress and optimize it), it's not a file hosting site, what matters is not getting ur exact GPS location exposed. That's much worse than rare glitch that lets ppl mess with the server full of useless public data, that should be isolated from anything else anyway.
No I did not see I don't look at 4chan.
-
Embed this notice
@p @lamp @Nepiant
>If there were a per-upload checkbox, "It's okay to fuck with this and second guess me", sure. A per-user setting would be fine, too. But if it did "better" media processing, I would remove it.
this is my favorite feature in misskey. I wish other projects stole it.
you see that second option? if you use that it doesnt fuck with your upload.
and it was GREAT
at least until they decided to embed a transcoded webp version for images into posts. although the original is preserved in the drive and you can link to it (for example https://r2.loli.church/files/0ffc674c-8cfd-403f-a1a6-ba12283defdc.jpg ). or if you are on a misskey instance you can grab the original by clicking the details button.
but fuck everyone else on the fediverse i guess. at least it doesn't mess with anything other than image/* which you can't say the same for bleroma and its forks.
-
Embed this notice
@RedTechEngineer @Nepiant @lamp
> at least until they decided to embed a transcoded webp version for images into posts.
I goddamn hate webp.
> at least it doesn't mess with anything other than image/* which you can't say the same for bleroma and its forks.
:pressf:
-
Embed this notice
@RedTechEngineer @lamp @p @Nepiant tbh i don't know why sandboxing isn't more of a thing. we have had all the APIs to fork and pledge* for the purpose of tasks like image processing and just feed the bit buffer back.
*choose local equivalent
-
Embed this notice
@icedquinn @lamp @RedTechEngineer @p well, at the least, there's this:
"All I want is a secure system where it is easy to do anything I want. Is that so much to ask?"
-
Embed this notice
@Nepiant @icedquinn @RedTechEngineer @lamp Accurate.
In this case, I think the pledging isn't so terrible, but I think of sandboxes as duct tape mostly and managing multiple long-lived processes glued together with pipes can be a non-trivial pain.
-
Embed this notice
@p @lamp @RedTechEngineer @Nepiant memes are memes but in this case its literally a sattelite process for a single program, to do a single task, which is known to be hazardous, and the security overlays are just there.
-
Embed this notice
@lamp @Nepiant @RedTechEngineer Google format, spotty support, dubious usefulness, paucity of implementations and the one implementation had a terrible bug (maybe "bug" should be in quotes, given the Google's relationship with the government), and Fabrice Bellard did a better one. It seems to be a format for the sake of more formats: it doesn't give you anything, really.
-
Embed this notice
@p @RedTechEngineer @Nepiant why u hate webp
-
Embed this notice
@icedquinn @lamp @RedTechEngineer @p @Nepiant There are security policies in imagemagick, but every distro so far shipped the default least secure one.
https://imagemagick.org/script/security-policy.php
Desire-kun
pistolero
RedTechEngineer
tsoifan1997
lamp
iced depresso
Phantasm
All GNU social JP content and data are available under the 
