If you're not using WebUI (not seedboxmaxxing) - this doesn't concern you tho.

Someone on alt reports a serious security vulnerability concerning qbittorrent WebUI instances, does so publicly outright in github issues without consulting anyone first, prompts hectic scramble for the creation of a security file and the race to figure out and fix the vulnerability (this took them 2 days)

: This is an important find, but you really should have disclosed this privately to the developer before going public with it (their contact info is in the README), especially considering this works without any authentication. Posting it here has it in the clear for attackers to potentially exploit before the necessary fixes are available.

: Security through obscurity is no security at all

: thats not what he's saying, what he's saying is to disclose it responsibly. common practice is to report vulnerabilities like this privately so they can't be used by a malicious actor, then if nothing happens after a few months then disclose it publically. this is not the way to do

: That doesn't respect my freedom™ to use a better client.

Tankie: A hardline Stalinist. A tankie is a member of a communist group or a "fellow traveller" (sympathiser) who believes fully in the political system of the Soviet Union and defends/defended the actions of the Soviet Union and other accredited states (China, Serbia, etc.) to the hilt, even in cases where other communists criticise their policies or actions. For instance, such a person favours overseas interventions by Soviet-style states, defends these regimes when they engage in human rights violations, and wishes to establish a similar system in other countries such as Britain and America.

(Basically the Far-Left's version of Neo-Nazis)

IT starts with a post 12 days ago on a Mastodon site.

Not a big deal. Standard "the privacy on this site is better than other site shit"

Let me read the comm....

Heads up: The tankie behind lemmy.ml got banned from r/socialism for posting fascist LaRouchite propaganda

🔒Brigaded/r/socialism mods are banning Communists: My Story. This is really long so I didn't read it.

Frick the white supremacist Reddit admins, want me to set up a self hosted one for /r/communism?

The lemmy.ml admin is banning anyone that mentions Stalin or Xi or Putin's homophobia

ankies for those who do not know, are are the neo-nazis of the left, and don't care, ignore, or fully support things like mass killings, "work" camps, and "reeducation" centers.

Note: I found this post on Beehaw (Lemmy site) where they discuss Mastodon users saying Lemmy sucks

Spammers are just creating accounts on instances that have no registration verification and creating thousands of posts that ping random people with images. The spam seems to originate from a group of Japanese script kiddies that just wanted to vandalise Misskey and now every instance is getting false-flag spam messages from thousands of accounts over thousands of instances.

The details are actually a bit fuzzy since it's all speculation outside of some discord screenshots and the spam that is actually sent, but it doesn't matter in the grand scheme of things. Since there's like thousands of tiny instances and nothing stops spammers from just making their own, the only guaranteed solution right now is to make a whitelist of servers that moderate account registration. I made one post on an irrelevant instance earlier and got three of these spam messages from different accounts on different instances.

https://mastodon.social/@Gargron/111953045633249137

There is an ongoing spam attack on the fediverse for the last couple of days. It's more widespread than before, as attackers are targeting smaller servers to create accounts. Before, usually only https://mastodon.social was targeted and our team could take care of it. For server administrators out there: If you don't need open registrations, switch over to approval mode. If you do, blocking disposable e-mail providers is a massive stopgap to the problem. Mastodon also supports hCaptcha.

I just have to point out that all of this is being done by a community of 12-15 year olds because ActivityPub is shit actually . The script to test for open registration nodes is literally this:

export async function isNoCapNoMail(host: string, softwareType: string) {
 if (softwareType !== "misskey") {
   return false;
 }

 const endpoint = `https://${host}/api/meta`;
 try {
   const res = await fetch(endpoint, {
     method: "GET",
     headers: {
       "Content-Type": "application/json",
     },
   });

   const json = await res.json();

   if (json["emailRequiredForSignup"]) {
     return false;
   }

   if (
     json["enableHcaptcha"] ||
     json["enableMcaptcha"] ||
     json["enableRecaptcha"]
   ) {
     return false;
   }

   return true;
 } catch {
   return false;
 }
}

Someone's definitely improved this by now since it does more than just misskey, but you get the point. Just imagine the damage someone could do with an integrated captcha solver. Most ActivityPub software doesn't have any kind of middleware for handling incoming messages and maybe drop them based on filters, but that'll probably change soon.

More rumours elsewhere

I have found some more information on this CPTK, the japbros probably already knew but uhh:

1. They're just skids

2. Most of them are like kids (literal 11-14 year olds)

3. They have done many raids in the past, they DDoS'd 2chan back in 2022 and they've taken legal action against them

4. Their old group imploded due to infighting

5. According to the Karasawa Wiki (yeah that lawyer who got doxxed like 100 times for being a 2chan troll), their leaders have been doxxed, MULTIPLE times. And they're all kids.

Anyway good luck to Bluesky on their fediverse integration lol

No significant takeaways yet (~1/5th of the way through on some protected classes). I think the one notable thing is that they have to try really hard to tell the AI that woke racism is different from non-woke racism, which is funny

— Brian Chau (@psychosort) December 16, 2022

Twittercels sleuthed out what was going on using prompts like "a man holding a sign that says" and then noooticing that the contents of the sign are not always gibberish.

Orange site post: https://news.ycombinator.com/item?id=32160352

People hate reddit's official app with the fire of a thousand suns, and MANY of them have been force logged-out and told to download the app on their mobile devices instead of using the mobile website.

The people are extremely, EXTRA - EEMLYYY unhappy about this. To the point that even redditors are considering not using reddit!

Edit: https://goodereader.com/blog/e-book-news/z-library-domains-are-seized-and-pirate-book-site-is-dead

https://torrentfreak.com/tiktok-blocks-z-library-hashtag-pending-piracy-investigation-221031/

It's still available on Tor

http://bookszlibb74ugqojhzhg2a63w5i2atv5bqarulgczawnbmsb6s6qead.onion/

Orange Site:

https://news.ycombinator.com/item?id=33460970

https://news.ycombinator.com/item?id=32972923

https://old.reddit.com/r/Piracy/comments/yll45h/zlibraryorg_is_fricking_gone_and_we_can_only_blame/?sort=controversial

(It's the TikTok s fault)

https://old.reddit.com/r/DataHoarder/comments/yln9aj/zlibraryorg_is_fricking_gone_and_we_can_only_blame/?sort=controversial

https://old.reddit.com/r/zlibrary/comments/ylmkt1/alternatives/?sort=controversial

https://old.reddit.com/r/Piracy/comments/ylmjz1/tiktok_blocks_zlibrary_hashtag_pending_piracy/?sort=controversial

https://old.reddit.com/r/zlibrary/comments/ylmkqq/a_workaround_yall_tor_browser_works_click_send_to/?sort=controversial

https://old.reddit.com/r/zlibrary/comments/ylma04/how_to_get_access_to_z_lib_again/?sort=controversial

https://old.reddit.com/r/zlibrary/comments/ylko3f/is_zlibrary_down/?sort=controversial

https://old.reddit.com/r/zlibrary/comments/ylkc8m/z_library_pooping_down/?sort=controversial

https://old.reddit.com/r/zlibrary/comments/yljn16/oh_god_what_now/?sort=controversial

https://twitter.com/search?q=zlibrary%20down&src=typeahead_click&f=top

The even more frugal guy reading this and using a $100 phone is wondering why OP is splurging on a $200 phone.

https://old.reddit.com/r/Frugal/comments/12kk6kh/why_do_people_always_need_to_buy_the_latest/jg33vvj/?sort=controversial

I keep my phones for a long time too.

But once it stops getting security updates, I get a new one. You would be more at risk from security exploits if you're not getting patches anymore. The savings from not buying a new phone is not worth the risk.

https://old.reddit.com/r/Frugal/comments/12kk6kh/why_do_people_always_need_to_buy_the_latest/jg306au/?sort=controversial

Not everyone sees the world the way you do.

https://old.reddit.com/r/Frugal/comments/12kk6kh/why_do_people_always_need_to_buy_the_latest/jg2rgh6/?sort=controversial

Because some people like them the same way you like your phone. It’s okay for people to like different things and have different priorities

Nah if somebody buys the new iphone every year thats a massive redflag that theyre dumb [-72]

https://old.reddit.com/r/Frugal/comments/12kk6kh/why_do_people_always_need_to_buy_the_latest/jg2u6du/?sort=controversial

I don't understand it either. I used to buy iphones around iphone 2-5 but each one completely died after a year. I got so sick of it so I switched to Samsung. I'm on my second Samsung in like 10 years. I later found out that Apple was updating their phone to kill battery life after the phone was about a year old. I will never ever buy an Apple product again.

https://old.reddit.com/r/Frugal/comments/12kk6kh/why_do_people_always_need_to_buy_the_latest/jg2s8or/?sort=controversial

Credit to /h/miners! Subscribe for more great dramatic threads.

https://news.ycombinator.com/item?id=35641448

Context (for nerds)

This happened yesterday. For those unaware, InfluxDB is some database offering no one cares about. Unfortunately that's not true because some people care about it People cared so much that InfluxData (the developing company), about a decade ago, jumped in the SaaS game and made their own cloud offering to host InfluxDB instances. For some reason, this was considered a good idea and people used their service.

Quite suddenly, some European region and some Asian region containing InfluxDB instances were shut off. Normally, deprecation of services are well advertised by a vendor. This isn't the case here and it's why I posted this: the CTO jumped in on HN to try to do some damage control. He is also a co-founder, according to his HN profile and by his own admittance. What does he have to say?

Hi, cofounder and CTO here. We notified everyone via email on February 23, April 6 and May 15th. We also offered to help migrate all users. I realize that it's not ideal that we've shut down this system, but we made our best efforts to notify affected users and give them options to move over to other regions. If you've been impacted by this, please email me personally and I will do my best to help out: paul at influxdata.com.

Drama

To summarize why this is r-slurred: Paul here notified his customers that they would permanently shut off products they pay for by sending only three emails. In enterprise, this is supremely r-slurred: emails are likely to be caught by a spam filter or never read.

HN agrees and gets angry:

This is insane.

...

This screams either gross incompetence or straight up negligence. This is such a solvable problem (as many here have already mentioned various solutions), but I'm honestly just flabbergasted that this is a problem that is even being discussed here right now.

As a DBaaS, the data of your customers should be your number one priority. If its not, y'all need to take a hard look at what the heck your value proposition is.

We weren't impact by this directly, but you can be sure that this is going to be one of the topics for discussion amongst my teams this week. Mostly how we can either move off InfluxDB Cloud or ensure that our DR plans are up to date for the rug being pulled out from under us from you guys in the future.

\

Paul, are you actually for real right now? Did you really just say "We deleted all your data, and its your fault. We did whisper into the wind three times, you should have heard it. No, there is no chance of recovery"?

\

Hi Paul, email is one-way communication and not guaranteed to be delivered. At a minimum you should have monitored who did and did not respond to the email with some kind of action and those that did not should have more effort expended to be able to reach them. Finally, you should have kept the data for a reasonable amount of time (say 90 days) post shut-down so users that did not get the notification could download it. What you've done is super rude and if I were still a customer in an unaffected region it would definitely be reason enough to leave because it's pointless to sit and wait to see how you'll deal with my data when the time comes. Better to preempt that and leave while I still have control.

For anyone who thought this was purely incompetence: no. They just wanted to save money :

We get an email address because we need to contact our customers. After that we make best efforts but if people can’t respond to vendors they pay money to, we’re really at a loss. I realize that shutting down a region isn’t good. It’s not what we would have preferred, but we had to do it for the business. And we made an honest effort to contact all customers to help move them.

Plenty more rage in the thread. Meanwhile, on their forums, a developer advocate defends his piggy's actions;

Hi all, I am ever so sorry the closure of these clusters has unexpectedly hit you. To confirm the information given by support. Communication was delivered in the following ways;

The UI was updated with a closure message for these regions.

The https://status.influxdata.com/ website also provides the notification.

We sent out emails on the following dates:

Feb 23, April 6, May 15.

We understand that a scream test would have been another form of communication that we overlooked. Some of the reasons for the closure of been outlined here: [some Slack link]

Conclusion

It's pretty rare to see cloudshit companies implode like this, and even more rare for representatives to directly engage in communities that would assuredly shit on them. Thus, this is funny.

can't make an API call?

ngmi

https://mstdn.games/@chris/110553477682106144

PSA: #Reddit is restoring deleted and overwritten posts to save what they consider "their data". This is a new low and probably illegal at least in Europe. You can send a GDPR or CPRA request here: https://www.reddit.com/settings/data-request

These are screenshots of my profile on June 14th before and after overwriting and then deleting all my posts with Powerdelete. Today, June 16th all my posts have been restored by Reddit without my knowledge or consent.

Orange Site discussion

Of course they did. Powerjannies have no backbone except to powertrip on the only thing they have in their pathetic little lives, Reddit.

Also lmao Reddit won a phyrric victory at best

Lemmytards

Orange Site

https://news.ycombinator.com/item?id=37003134

https://old.reddit.com/r/technology/comments/15ic0td/the_reddit_protest_is_finally_over_reddit_won/?sort=controversial

Apple disallowed almost anything related to Covid, especially vaccines or human origins of the virus.

We had to build a list of over 20 terms to not show results for, only on Apple devices.

Apple also later rejected us because users included Pepe images in videos. pic.twitter.com/euw1ppkoKg

— LBRY 🚀 (@LBRYcom) November 28, 2022

Orange Site discussion

Introducing Sora, our text-to-video model.

Sora can create videos of up to 60 seconds featuring highly detailed scenes, complex camera motion, and multiple characters with vibrant emotions. https://t.co/7j2JN27M3W

Prompt: “Beautiful, snowy… pic.twitter.com/ruTEWn87vf

— OpenAI (@OpenAI) February 15, 2024

Lots of seethe on Twitter. Discuss the societal implications, and what degenerate thing you're going to make when stable diffusion released their copy in a year!

Also, what will it take for Yann LeCum to admit he is wrong? We'll have AIs that simulate the future and he will still be arguing they aren't intelligent and his model (which is essentially the same thing) is better