If you're not using WebUI (not seedboxmaxxing) - this doesn't concern you tho.
Someone on alt reports a serious security vulnerability concerning qbittorrent WebUI instances, does so publicly outright in github issues without consulting anyone first, prompts hectic scramble for the creation of a security file and the race to figure out and fix the vulnerability (this took them 2 days)
Jump in the discussion.
No email address required.
Jump in the discussion.
No email address required.
Jump in the discussion.
No email address required.
yeah gimme the thug shaker, shake that shit
Jump in the discussion.
No email address required.
More options
Context
seeing non english characters in a URL box
I remember reading a book by the security guy who built Chrome's URL parser and he said it was crazy hard with all of the thousands of foreign language unicode characters and weird hacks.
Jump in the discussion.
No email address required.
The URL reads like http://infititeratioglitch.xn--80aqkrf.xn--j1aim:8080/ in the browser.
Also the URL is not a real FDQN but rather something I made via static DNS because pfsense allows it.
Jump in the discussion.
No email address required.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Someone invite him here.
Jump in the discussion.
No email address required.
More options
Context
Shit like that is why I hate open source projects.
Shitters whine ("not privately disclosed"), then do performative shit ("security policy file") and it takes days for an actual programmer to have a look at the issue.
Jump in the discussion.
No email address required.
It is kinda amazing how few open-source "developers" can actually program lol
Jump in the discussion.
No email address required.
Closed source developers also have the same problem.
Jump in the discussion.
No email address required.
More options
Context
It's what happens when you are paid in exposure/resume padding.
Then of course the fact you wouldn't really want to disclose the fact the open source project you work on is a torrent client/fetish website/other neurodivergent venture until you are talking to the actual fellow neurodivergent coders in the interview process and not HR goobers.
Jump in the discussion.
No email address required.
I'd much rather tell potential employers that I'm a developer on a torrent client than a developer for rdrama tbqh
Jump in the discussion.
No email address required.
The advantage of saying that you are a developer here is that you can say it without it being true. No one is going to call here to check.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
More options
Context
People went mental at Poettering saying something similar a few years ago. https://github.com/systemd/systemd/pull/5998#issuecomment-303651608
Jump in the discussion.
No email address required.
More options
Context
More options
Context
i have exactly this torrent ad i dont care
Jump in the discussion.
No email address required.
Thank you for your valuable contribution to my botnet
Jump in the discussion.
No email address required.
I love sharing data about me
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Jump in the discussion.
No email address required.
i think we have 2 biggest torrent sites
Jump in the discussion.
No email address required.
It doesn't end at torrenting, I've gotten tons of stuff off of chomikbox.
Jump in the discussion.
No email address required.
jesus christ i used to play with that chomik icon too much lmao
yeah it's great for especially super old files and weird polish things (I downloaded an app made in 1998 on here which helps to identify plants)
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
More options
Context
Same, I'll just update when the patch comes or something
Jump in the discussion.
No email address required.
https://github.com/qbittorrent/qBittorrent/pull/18626
Jump in the discussion.
No email address required.
I have no idea what any of that means
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
More options
Context
tixati 4 lyfe!
Even if qbit is better, I hate the straggy UI buttons (which are pointless):
(Yes, I hated uTorrent too).
This is all you need:
Imagine using colors to better differentiate your columns of data.
Some VPNs cut your download speed if you surpass a certain amount, so having a quick and easy to view history is a plus:
The settings have tons of features which you don't need to adjust if you simply want to torrent. Other programs are so limited in what you can edit; it's so lame.
lol @ bloat like a WebUI. Use your web browser instead, r-slur. The risk isn't worth it.
Jump in the discussion.
No email address required.
My only issue with tixati is it's closed source so no repo packages it (and I can't eb bothered to manually update anything ever for any reason)
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Either he's a moron or he wanted to piss people off.
Jump in the discussion.
No email address required.
either way he belongs right here on rdrama.net
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Frick!
Snapshots:
archive.org
ghostarchive.org
archive.ph (click to archive)
This is an important find, but you really should have disclosed this privately to the developer before going public with it (their contact info is in the README), especially considering this works without any authentication. Posting it here has it in the clear for attackers to potentially exploit before the necessary fixes are available.:
archive.org
ghostarchive.org
archive.ph (click to archive)
Security through obscurity is no security at all:
archive.org
ghostarchive.org
archive.ph (click to archive)
thats not what he's saying, what he's saying is to disclose it responsibly. common practice is to report vulnerabilities like this privately so they can't be used by a malicious actor, then if nothing happens after a few months then disclose it publically. this is not the way to do:
archive.org
ghostarchive.org
archive.ph (click to archive)
That doesn't respect my freedom™ to use a better client.:
archive.org
ghostarchive.org
archive.ph (click to archive)
Jump in the discussion.
No email address required.
Looks like Snappy is a
Jump in the discussion.
No email address required.
Indeed
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
If you have a path traversal issue in 2023 I don't think you deserve to have that shit notified privately.
Jump in the discussion.
No email address required.
More options
Context
Transmission chads keep winning
Jump in the discussion.
No email address required.
Deluge Premiere is the only torrent client worthy of rdrama because it generates immense seethe on private trackers due to stat manipulation.
Jump in the discussion.
No email address required.
idk what happens behind the scenes but I'm really surprised there aren't more cheaters on private torrent sites due to what's essentially a trust me bro way of determining ratio.
Jump in the discussion.
No email address required.
Cabal (and larping) trackers have
chinks rangebanned preemptively
a group of snitches and who look out for stat manipulation for brownie points
users are usually a bunch of people afraid of getting their butt banned with their tree upwards (the person they got invited by and everyone they invited)
Schizos who fork gazelle and add some neurodivergent, deranged and lunatic feature even Aevann wouldn't come up with after he's fed LSD with Amph.
Got banned off GGN in 6 hours for trying to speedrun PU status. The only private tracker that didn't give a shit that I am aware of was jpopsuki.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Surprised they don't just straight up ban it tbh
Jump in the discussion.
No email address required.
AB has it informally banned, first hand experience.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
More options
Context
rip
Jump in the discussion.
No email address required.
More options
Context
good find, I still need to set up a seedbox and fill up my jellyfin server.
Jump in the discussion.
No email address required.
I use deluge on my seedbox but I haven't touched it in forever so it's running a version from like 2016
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Looks like it's Windows only, so seedboxcels are probably immune as well.
Also, this is literally why you should run most things in Docker containers.
Jump in the discussion.
No email address required.
But docker is gay in the bad way
Jump in the discussion.
No email address required.
More options
Context
More options
Context
I was going to say, shit! But I use the client app. Not fond of webapp and I'm glad I missed that shit.
Jump in the discussion.
No email address required.
What’s the difference
Jump in the discussion.
No email address required.
More options
Context
More options
Context