Conversation

Notices

1. pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Sunday, 03-Sep-2023 22:08:51 JST pistolero :thispersondoesnotexist:
   If you can see this post, I fucked up:
   •  and Disinformation Purveyor :verified_think: like this.
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Sunday, 03-Sep-2023 22:09:04 JST pistolero :thispersondoesnotexist:

     in reply to
     Okay, well, it did work. It just sent the post *without* the attachment. This is correct.
      likes this.
   • Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Sunday, 03-Sep-2023 22:10:34 JST Disinformation Purveyor :verified_think:

     in reply to
     @p you fucked up
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Sunday, 03-Sep-2023 22:14:17 JST pistolero :thispersondoesnotexist:

     in reply to

     • 
     • Haelwenn /элвэн/ :triskell:
     • Kirino Kousaka
     Thanks @lanodan / @mint / @Kirino!
     
     The secret uploads on FSE (dick pics, plans to kidnap governors, and instructions from my Mossad handler) are now saved forever.
     a_man_poops_a_sun_into_a_field.jpe
      likes this.
   • :blank: (i@declin.eu)'s status on Monday, 04-Sep-2023 21:50:42 JST :blank:

     in reply to

     • Your New Kemono Waifu :verified: :cornbread_the_cat:
     • Moon
     • :btrfly: anime graf mays 🛰️🪐
     @sjw @p @graf @Moon you're asking the man who's plan is to give you 0edee99513019215adb2871d7b076edcc4c50c026b721a594a40f4802434551b id's instead
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Monday, 04-Sep-2023 21:50:43 JST pistolero :thispersondoesnotexist:

     in reply to

     • Your New Kemono Waifu :verified: :cornbread_the_cat:
     • Moon
     • :btrfly: anime graf mays 🛰️🪐
     @sjw @Moon @graf In this case, you don't need to know that hash. You know posting with an attachment is a two-step process, right, upload the file, and then you get an ID back, and then the ID is passed along with the text of the post. The IDs are sequential and there wasn't a permissions check before. So you could just fire off a large number of posts, each with a different ID, starting from "1", and get every attachment ever uploaded.
   • Your New Kemono Waifu :verified: :cornbread_the_cat: (sjw@bae.st)'s status on Monday, 04-Sep-2023 21:50:43 JST Your New Kemono Waifu :verified: :cornbread_the_cat:

     in reply to

     • Moon
     • :btrfly: anime graf mays 🛰️🪐
     @p @graf @Moon Ah now I see.
     Can we go bank to the ID in /notice/$id being sequential instead of cancer now that the rabbit is gone?
   • Your New Kemono Waifu :verified: :cornbread_the_cat: (sjw@bae.st)'s status on Monday, 04-Sep-2023 21:50:44 JST Your New Kemono Waifu :verified: :cornbread_the_cat:

     in reply to

     • Moon
     • :btrfly: anime graf mays 🛰️🪐
     @p @graf @Moon so what exactly does this fix? Attachment URLs are just sha256. If you know the hash of the file you can view it. Is that not the case anymore?
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Monday, 04-Sep-2023 21:50:45 JST pistolero :thispersondoesnotexist:

     in reply to
     Incidentally, if you don't know what I'm talking about, you should probably update Pleroma.
     
     lanodan's post: https://queer.hacktivis.me/objects/0617fc56-1fd0-41f5-ae97-5333c0117c24
     
     Announcement: https://pleroma.social/announcements/2023/09/03/pleroma-security-release-2.5.5/
     
     The diff: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3947/diffs
     
     FSE's (apparently successful) backport to old balormo: https://git.freespeechextremist.com/gitweb/?p=fse;a=commit;h=12ca1b9c5a8f5dae2e07a038bc41ea1f8416f283
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Monday, 04-Sep-2023 21:50:45 JST pistolero :thispersondoesnotexist:

     in reply to

     • Your New Kemono Waifu :verified: :cornbread_the_cat:
     • Moon
     • :btrfly: anime graf mays 🛰️🪐
     cc @sjw / @graf / @Moon / every balormo admin, sev already saw it.
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Monday, 04-Sep-2023 21:51:27 JST pistolero :thispersondoesnotexist:

     in reply to

     • Your New Kemono Waifu :verified: :cornbread_the_cat:
     • Moon
     • :btrfly: anime graf mays 🛰️🪐
     • :blank:
     @i @sjw @Moon @graf This is a lie and I have described the means of avoiding that, in public, at least twice now. You're thinking of Gleason, who actually did do that.