Conversation

Notices

1. Embed this notice
   Soatok Dreamseeker (soatok@furry.engineer)'s status on Thursday, 19-Feb-2026 05:36:12 JST Soatok Dreamseeker

   The reading comprehension on this one was so bad that I still laugh

   https://bsky.app/profile/hackthedev.bsky.social/post/3mf3xkld6vs2z

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Thursday, 19-Feb-2026 05:55:28 JST Soatok Dreamseeker

     in reply to

     Some of their other posts, for context, since blocking breaks the threads:

     • I posted a link to my blog post about discord alternatives
     • Them: https://bsky.app/profile/hackthedev.bsky.social/post/3meznpjlhjk2z
     • Me: https://bsky.app/profile/soatok.bsky.social/post/3mezs2ygbss2y

     They made two more replies:

     • https://bsky.app/profile/hackthedev.bsky.social/post/3mf3pr3njqs25
     • https://bsky.app/profile/hackthedev.bsky.social/post/3mf3puz3uqc25

     So I said: https://bsky.app/profile/soatok.bsky.social/post/3mf3tap3utk2g

     And then they posted that, then blocked me.

     Of course, they also said this to someone else who criticized the app they're spamming everywhere: https://bsky.app/profile/hackthedev.bsky.social/post/3mezoxedp3k2f

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Thursday, 19-Feb-2026 05:58:41 JST Soatok Dreamseeker

     in reply to

     There's a lot of people trying to self-promote in the wake of the Discord ID verification news.

   • Embed this notice
     ɩɐɥɔɐɿɐɯ (malachai@furry.engineer)'s status on Thursday, 19-Feb-2026 06:31:44 JST ɩɐɥɔɐɿɐɯ

     in reply to

     @soatok yeah, but you're just trying to be a drama person :drgn_blep:

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Thursday, 19-Feb-2026 06:33:21 JST Soatok Dreamseeker

     in reply to

     • ɩɐɥɔɐɿɐɯ

     @malachai clearly

   • Embed this notice
     Hazelnoot ALT (hazelnoot@enby.life)'s status on Thursday, 19-Feb-2026 11:08:07 JST Hazelnoot ALT

     in reply to

     @soatok@furry.engineer I started looking into their app and immediately ran into this pre-compiled EXE that's vendored into the source tree. It has an included readme, but the wording is... odd, to say the least.

     Soatok Dreamseeker repeated this.
   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Thursday, 19-Feb-2026 11:10:14 JST Soatok Dreamseeker

     in reply to

     • Hazelnoot ALT

     @hazelnoot electron moment

   • Embed this notice
     Hazelnoot ALT (hazelnoot@enby.life)'s status on Thursday, 19-Feb-2026 11:21:21 JST Hazelnoot ALT

     in reply to

     @soatok@furry.engineer eyyy and it's also got the exact same CSS injection vuln I reported in Misskey last year :neofox_laugh_tears:

     Soatok Dreamseeker repeated this.
   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Thursday, 19-Feb-2026 11:21:42 JST Soatok Dreamseeker

     in reply to

     • Hazelnoot ALT

     @hazelnoot rofl

   • Embed this notice
     Hazelnoot ALT (hazelnoot@enby.life)'s status on Thursday, 19-Feb-2026 11:24:54 JST Hazelnoot ALT

     in reply to

     @soatok@furry.engineer I'm 99% sure there's at least one XSS vuln in here, since the client seems to use innerHTML all over the place

     Soatok Dreamseeker repeated this.
   • Embed this notice
     Hazelnoot ALT (hazelnoot@enby.life)'s status on Thursday, 19-Feb-2026 11:26:48 JST Hazelnoot ALT

     in reply to

     @soatok@furry.engineer yep, just found one :neofox_woozy:

     Soatok Dreamseeker repeated this.
   • Embed this notice
     Hazelnoot ALT (hazelnoot@enby.life)'s status on Thursday, 19-Feb-2026 11:28:39 JST Hazelnoot ALT

     in reply to

     @soatok@furry.engineer preliminary audit report:Do not use this.
     Fin.

   • Embed this notice
     Hazelnoot ALT (hazelnoot@enby.life)'s status on Thursday, 19-Feb-2026 11:28:54 JST Hazelnoot ALT

     in reply to

     @soatok@furry.engineer one-click arbitrary HTML injection with no CSP

     Soatok Dreamseeker repeated this.
   • Embed this notice
     Baral'heia Stormdancer ΘΔ🐲 (baralheia@dragonchat.org)'s status on Thursday, 19-Feb-2026 11:34:33 JST Baral'heia Stormdancer ΘΔ🐲

     in reply to

     • unawarewolf 🐺

     @gimmechocolate @soatok BITE EM BITE EM BITE EM!!!!! :dragnyellcowboy:

   • Embed this notice
     unawarewolf 🐺 (gimmechocolate@bark.lgbt)'s status on Thursday, 19-Feb-2026 11:34:35 JST unawarewolf 🐺

     in reply to

     @soatok
     Bite em!!!!

     Soatok Dreamseeker repeated this.
   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Thursday, 19-Feb-2026 11:41:10 JST Soatok Dreamseeker

     in reply to

     • Hazelnoot ALT

     @hazelnoot I don't interpret your thread as dunking on them for being a novice, but for being an asshole lol

   • Embed this notice
     Hazelnoot ALT (hazelnoot@enby.life)'s status on Thursday, 19-Feb-2026 11:41:27 JST Hazelnoot ALT

     in reply to

     @soatok@furry.engineer ok since I don't want to bash on someone who's probably a novice developer trying their best, I want to applaud them for working so hard on this. They've clearly put in a lot of effort and I don't see any signs of AI slop. This project certainly could become something in the future, but right now it should remain a personal learning project. It's just not ready for production use.

   • Embed this notice
     Cassidy James :rr: :gg: :fh: (cassidy@mastodon.blaede.family)'s status on Thursday, 19-Feb-2026 13:21:50 JST Cassidy James :rr: :gg: :fh:

     in reply to

     • Hazelnoot ALT

     @soatok @hazelnoot this is when I love @hailey.at’s Bluesky labeler…

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Friday, 20-Feb-2026 08:12:03 JST Soatok Dreamseeker

     in reply to

     • Hazelnoot ALT

     @hazelnoot This is totally unsurprising. It kind of sucks to see though: Promoting their own thing so hard but not listening to any criticism that could make them more secure. Oh well.