.webp?h=8 "Heart Crown (sparkles) - 💕💛💔💗♥🖤✨💙 or something idk")
security vulnerability and publicly posts it right after without messaging developer
If you're not using WebUI (not seedboxmaxxing) - this doesn't concern you tho.
Someone on alt reports a serious security vulnerability concerning qbittorrent WebUI instances, does so publicly outright in github issues without consulting anyone first, prompts hectic scramble for the creation of a security file 
and the race to figure out and fix the vulnerability (this took them 2 days)
tech/science swag. 
On-Topic: Anything that good slackers would find interesting. That includes more than /g/ memes and slacking off. If you had to reduce it to a sentence, the answer might be: anything that gratifies one's intellectual laziness.
Off-Topic: Most stories about politics, or crime, or sports, unless they're evidence of some interesting new phenomenon. Videos of pratfalls or disasters, or cute animal pictures. If they'd cover it on TV news, it's probably lame.
Help keep this hole healthy by keeping drama and NOT drama balanced. If you see too much drama, post something that isn't dramatic. If there isn't enough drama and this hole has become too boring, POST DRAMA!
Please do things to make titles stand out, like using uppercase or exclamation points, or saying how great an article is. It should be explicit in submitting something that you think it's important.
Please don't submit the original source. If the article is behind a paywall, just post the text. If a video is behind a paywall, post a magnet link. Fuck journos.
Please don't ruin the hole with chudposts. It isn't funny and doesn't belong here. THEY WILL BE MOVED TO /H/CHUDRAMA
If the title includes the name of the site, please leave that in, because our users are too stupid to know the difference between a url and a search query.
If you submit a video or pdf, please don't warn us by appending [video] or [pdf] to the title. That would be r-slurred. We're not using text-based browsers. We know what videos and pdfs are.
Make sure the title contains a gratuitous number or number + adjective. Good clickbait titles are like "Top 10 Ways to do X" or "Don't do these 4 things if you want X"
Otherwise editorialize. Please don't use the original title, unless it is gay or r-slurred, or you're shits all fucked up.
If you're going to post old news (at least 1 year old), please flair it so we can mock you for living under a rock, or don't and we'll mock you anyway.
Please don't post on SN to ask or tell us something. Send it to [email protected] instead.
If your post doesn't get enough traction, try to delete and repost it.
Please don't use SN primarily for promotion. It's ok to post your own stuff occasionally, but the primary use of the site should be for curiosity. If you want to astroturf or advertise, post on news.ycombinator.com instead.
Please solicit upvotes, comments, and submissions. Users are stupid and need to reminded to vote and interact. Thanks for the gold, kind stranger, upvotes to the left.
Be snarky. Don't be kind. Have fun banter; don't be a dork. Please don't use big words like "fulminate". Please sneed at the rest of the community.
Comments should get more enlightened and centrist, not less, as a topic gets more divisive.
If disagreeing, please reply to the argument and call them names. "1 + 1 is 2, not 3" can be improved to "1 + 1 is 3, not 2, mathfaggot"
Please respond to the weakest plausible strawman of what someone says, not a stronger one that's harder to make fun of. Assume that they are bad faith actors.
Eschew jailbait. Paedophiles will be thrown in a wood chipper, as pertained by sitewide rules.
Please post shallow dismissals, especially of other people's work. All press is good press.
Please use Slacker News for political or ideological battle. It tramples weak ideologies.
Please comment on whether someone read an article. If you don't read the article, you are a cute twink.
Please pick the most provocative thing in an article or post to complain about in the thread. Don't nitpick stupid crap.
Please don't be an unfunny chud. Nobody cares about your opinion of X Unrelated Topic in Y Unrelated Thread. If you're the type of loser that belongs on /h/chudrama, we may exile you.
Sockpuppet accounts are encouraged, but please don't farm dramakarma.
Please use uppercase for emphasis.
Please post deranged conspiracy theories about astroturfing, shilling, bots, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email [email protected] and dang will add you to their spam list.
Please don't complain that a submission is inappropriate. If a story is spam or off-topic, report it and our moderators will probably do nothing about it. Feed egregious comments by replying instead of flagging them like a pussy. Remember: If you flag, you're a cute twink.
Please don't complain about tangential annoyances—things like article or website formats, name collisions, or back-button breakage. That's too boring, even for HN users.
Please seethe about how your posts don't get enough upvotes.
Please don't post comments saying that rdrama is turning into ruqqus. It's a nazi dogwhistle, as old as the hills.
We reserve the right to exile you for whatever reason we want, even for no reason at all! We also reserve the right to change the guidelines at any time, so be sure to read them at least once a month. We also reserve the right to ignore enforcement of the guidelines at the discretion of the janitorial staff. Be funny, or at least compelling, and pretty much anything legal is welcome provided it's on-topic, and even then.
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
: 
: 
:
Jump in the discussion.
No email address required.
Jump in the discussion.
No email address required.
Jump in the discussion.
No email address required.
yeah gimme the thug shaker, shake that shit
Jump in the discussion.
No email address required.
More options
Context
seeing non english characters in a URL box
I remember reading a book by the security guy who built Chrome's URL parser and he said it was crazy hard with all of the thousands of foreign language unicode characters and weird hacks.
Jump in the discussion.
No email address required.
The URL reads like http://infititeratioglitch.xn--80aqkrf.xn--j1aim:8080/ in the browser.
Also the URL is not a real FDQN but rather something I made via static DNS because pfsense allows it.
Jump in the discussion.
No email address required.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Someone invite him here.
Jump in the discussion.
No email address required.
More options
Context
Shit like that is why I hate open source projects.
Shitters whine ("not privately disclosed"), then do performative shit ("security policy file") and it takes days for an actual programmer to have a look at the issue.
Jump in the discussion.
No email address required.
It is kinda amazing how few open-source "developers" can actually program lol
Jump in the discussion.
No email address required.
Closed source developers also have the same problem.
Jump in the discussion.
No email address required.
More options
Context
It's what happens when you are paid in exposure/resume padding.
Then of course the fact you wouldn't really want to disclose the fact the open source project you work on is a torrent client/fetish website/other neurodivergent venture until you are talking to the actual fellow neurodivergent coders in the interview process and not HR goobers.
Jump in the discussion.
No email address required.
I'd much rather tell potential employers that I'm a developer on a torrent client than a developer for rdrama tbqh
Jump in the discussion.
No email address required.
The advantage of saying that you are a developer here is that you can say it without it being true. No one is going to call here to check.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
More options
Context
People went mental at Poettering saying something similar a few years ago. https://github.com/systemd/systemd/pull/5998#issuecomment-303651608
Jump in the discussion.
No email address required.
More options
Context
More options
Context
i have exactly this torrent ad i dont care
Jump in the discussion.
No email address required.
Thank you for your valuable contribution to my botnet
Jump in the discussion.
No email address required.
I love sharing data about me
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Jump in the discussion.
No email address required.
i think we have 2 biggest torrent sites
Jump in the discussion.
No email address required.
It doesn't end at torrenting, I've gotten tons of stuff off of chomikbox.
Jump in the discussion.
No email address required.
jesus christ i used to play with that chomik icon too much lmao
yeah it's great for especially super old files and weird polish things (I downloaded an app made in 1998 on here which helps to identify plants)
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
More options
Context
Same, I'll just update when the patch comes or something
Jump in the discussion.
No email address required.
https://github.com/qbittorrent/qBittorrent/pull/18626
Jump in the discussion.
No email address required.
I have no idea what any of that means
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
More options
Context
tixati 4 lyfe!
Even if qbit is better, I hate the straggy UI buttons (which are pointless):
(Yes, I hated uTorrent too).
This is all you need:
Imagine using colors to better differentiate your columns of data.
Some VPNs cut your download speed if you surpass a certain amount, so having a quick and easy to view history is a plus:
The settings have tons of features which you don't need to adjust if you simply want to torrent. Other programs are so limited in what you can edit; it's so lame.
lol @ bloat like a WebUI. Use your web browser instead, r-slur. The risk isn't worth it.
Jump in the discussion.
No email address required.
My only issue with tixati is it's closed source so no repo packages it (and I can't eb bothered to manually update anything ever for any reason)
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Either he's a moron or he wanted to piss people off.
Jump in the discussion.
No email address required.
either way he belongs right here on rdrama.net
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Frick!
Snapshots:
archive.org
ghostarchive.org
archive.ph (click to archive)
This is an important find, but you really should have disclosed this privately to the developer before going public with it (their contact info is in the README), especially considering this works without any authentication. Posting it here has it in the clear for attackers to potentially exploit before the necessary fixes are available.:
archive.org
ghostarchive.org
archive.ph (click to archive)
Security through obscurity is no security at all:
archive.org
ghostarchive.org
archive.ph (click to archive)
thats not what he's saying, what he's saying is to disclose it responsibly. common practice is to report vulnerabilities like this privately so they can't be used by a malicious actor, then if nothing happens after a few months then disclose it publically. this is not the way to do:
archive.org
ghostarchive.org
archive.ph (click to archive)
That doesn't respect my freedom™ to use a better client.:
archive.org
ghostarchive.org
archive.ph (click to archive)
Jump in the discussion.
No email address required.
Looks like Snappy is a
Jump in the discussion.
No email address required.
Indeed
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
If you have a path traversal issue in 2023 I don't think you deserve to have that shit notified privately.
Jump in the discussion.
No email address required.
More options
Context
Transmission chads keep winning
Jump in the discussion.
No email address required.
Deluge Premiere is the only torrent client worthy of rdrama because it generates immense seethe on private trackers due to stat manipulation.
Jump in the discussion.
No email address required.
idk what happens behind the scenes but I'm really surprised there aren't more cheaters on private torrent sites due to what's essentially a trust me bro way of determining ratio.
Jump in the discussion.
No email address required.
Cabal (and larping) trackers have
chinks rangebanned preemptively
a group of snitches and
who look out for stat manipulation for brownie points
users are usually a bunch of
people afraid of getting their butt banned with their tree upwards (the person they got invited by and everyone they invited)
Schizos who fork gazelle and add some neurodivergent, deranged and lunatic feature even Aevann wouldn't come up with after he's fed LSD with Amph.
Got banned off GGN in 6 hours for trying to speedrun PU status. The only private tracker that didn't give a shit that I am aware of was jpopsuki.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Surprised they don't just straight up ban it tbh
Jump in the discussion.
No email address required.
AB has it informally banned, first hand experience.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
More options
Context
rip
Jump in the discussion.
No email address required.
More options
Context
good find, I still need to set up a seedbox and fill up my jellyfin server.
Jump in the discussion.
No email address required.
I use deluge on my seedbox but I haven't touched it in forever so it's running a version from like 2016
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Looks like it's Windows only, so seedboxcels are probably immune as well.
Also, this is literally why you should run most things in Docker containers.
Jump in the discussion.
No email address required.
But docker is gay in the bad way
Jump in the discussion.
No email address required.
More options
Context
More options
Context
I was going to say, shit! But I use the client app. Not fond of webapp and I'm glad I missed that shit.
Jump in the discussion.
No email address required.
What’s the difference
Jump in the discussion.
No email address required.
More options
Context
More options
Context