fiat_lux

The raw changes are interesting but not particularly descriptive of the problem(s?) it intends to resolve, so I can't gauge whether it achieves the goal from this. The description of the version bump as simply "security improvements" doesn't help me determine if any of these changes add dedicated tests or anything else to prevent future occurrences (and I'm not traversing the repository on my phone). Additionally, the issue acknowledged via inline comment: "This will probably break PeerTube federation" is odd to omit from even the briefest changelog. In my opinion, this is not that reassuring an update.

The LLM generated report of Lemmy's vulnerability, which I note requires an entire DNS configuration to exploit, is a little ironic to point to as an authoritative source while characterizing the Piefed exploit discovery as "someone running an LLM and trying to discover vulnerabilities without double checking them".

But I don't think it's necessary or helpful to have a competitive security score-card situation between packages either - I would much prefer that each ActivityPub implementation is meaningfully improving their development lifecycle processes, especially around security risk mitigation, even if they don't go quite as far as having a formal "security posture".

Fair. In my case I wish someone had not overlooked the systemic inflammation (from a different condition that has been recently correlated with OA, somewhat unexpectedly) and the malmechanics I was experiencing, so that I might have avoided some of the further issues, but, so it goes.

I manage to shift some of the chronic pain, but sadly society really likes to build worlds that have only one blessed way of doing certain things, which makes it impossible to shift more consistently. So I will have to mostly content myself with smugly sore.

Given you appear to be a doctor though, I do have one favor to ask. If you ever get a flexible kid with crepitus come through your doors, maybe add a CRP test to their blood work, just on the off-chance and even if only for the chain of evidence.

A few months ago I mentioned in a thread about Piefed there were questionable system design choices that indicated that other parts of the system should be carefully examined for how they’re handling and sanitizing input. I'm assuming someone discovered one of the places that this was actively exploitable.

From what I've seen of the code, although Python is not my specialty, it might be worth delaying reactivation until it can demonstrate that it is at least somewhat resistant to the OWASP Top 10, especially Injection.

Irresponsible disclosure is annoying, but vastly better than discovery and exploitation by those who aren't going to disclose at all.

So when people told me as a kid not to worry about my crepitus, they were in fact completely wrong? If so, I'm feeling vindicated but also sore, but that's better than only sore.

He actually said the phrase "ensure a fair deal for working people". Who thought it was a good idea to put that in the speech knowing he was going to be fully dressed in the spoils of exploitation? You'd think they'd at least temper it with the comparative term "fairer" if the more sensitive wardrobe option was truly off the table.

lemmy.zip was the nearest similar comm? This could have been put in an instance that is involved with the dispute, many of them have Fediverse communities.

Putting aside the irony of cross-posting a thread about the potentially ideologically inspired muting of smaller instances by Piefed to draw attention to lemmy.ml's potentially heavy-handed censorship and bias harming the growth of the Lemmy-verse - it looks less like "vitilizing" and more like fragmenting discussion.

More ironic still is that if I see one of your posts now it means that I'll probably go look at ml to see the actual discussion and hear more from the OP. Perhaps posting original content might go further to achieve your goals?

I believe the poster is referring to The Ghost in the Machine, Published in the Journal of the Society for Psychical Research, Vol.62, No 851 April 1998 (pdf)