Slop.

597 readers

317 users here now

For posting all the anonymous reactionary bullshit that you can't post anywhere else.

Rule 1: All posts must include links to the subject matter, and no identifying information should be redacted.

Rule 2: If your source is a reactionary website, please use archive.is instead of linking directly.

Rule 3: No sectarianism.

Rule 4: TERF/SWERFs Not Welcome

Rule 5: No bigotry of any kind, including ironic bigotry.

Rule 6: Do not post fellow hexbears.

Rule 7: Do not individually target federated instances' admins or moderators.

founded 2 years ago

MODERATORS

Lyudmila@hexbear.net

VILenin@hexbear.net

ButtBidet@hexbear.net

MiraculousMM@hexbear.net

gaystyleJoker@hexbear.net

sweet_pecan@hexbear.net

turns out there's some zero-day bugs in that pie (hexbear.net)

submitted 19 hours ago by culpritus@hexbear.net to c/slop@hexbear.net

25 comments fedilink hide all child comments

most of the instances are offline or admin only login last I checked

https://lemmy.ml/modlog/14815

you are viewing a single comment's thread
view the rest of the comments

[–] Fossifoo@hexbear.net 8 points 10 hours ago (1 children)

"security tweaks" michael-laugh

[–] RedWizard@hexbear.net 3 points 7 hours ago* (last edited 6 hours ago) (2 children)

Yeah I'm no expert but [the bug they fixed could theoretically get cloud hosting private keys for the hosted service]

[–] floquant@lemmy.dbzer0.com 4 points 6 hours ago (1 children)

Complete hallucination, this is improper validation of requests, nothing about fetching something or leaking credentials.

Also, 169.254.0.0/16 is the link-local IPv4 network so it doesn't even make sense outside of the fact that aws servers may get metadata on such networks (which again is absolutely unrelated to this diff). Is this a 3b model? Seems like it ran out of context, maybe it loaded the entire html page.

[–] RedWizard@hexbear.net 2 points 55 minutes ago

Yeah I'm no expert

I'll bold it next time. However, thank you for your analysis!

[–] mathemachristian@hexbear.net 1 points 6 hours ago* (last edited 6 hours ago) (1 children)

is this live? If it is please remove the comment and tell the devs. This could put people who already are being harassed on the regular by trolls at risk. I don't know if IP addresses are logged, not everyone uses burner email addresses etc.

I can't even mod the comment bc then it just shows up on the modlog, i'd have to remove the entire post.

[–] RedWizard@hexbear.net 2 points 6 hours ago (2 children)

They patched it. This is what the threat was.

[–] floquant@lemmy.dbzer0.com 1 points 3 hours ago (1 children)

It was not, that's only what deepseek said it was. I don't know why you edited the comment to hide the details of the hallucination instead of accepting that it fluked.

[–] RedWizard@hexbear.net 3 points 58 minutes ago

I changed it before I read your comment because a mod asked me to. Relax.

[–] mathemachristian@hexbear.net 3 points 5 hours ago

Ah good