Ellie

Jesus, the folks running Gab are just spectacularly incompetent, aren't they? arstechnica.com/information-te

1
& sarah

@noelle Hey wait... I thought they were using mastodon? Did they change their mind or am I thinking of some other assholes?

1
Ellie

@onfy They forked Mastodon and added a bunch of their own stuff, and the stuff they added appears to be the stuff that's breaking.

1
& sarah

@noelle Wow... I don't think mastodon's *that* fucking broken, so they must've fucked it up spectacularly.

1
& sarah

@noelle Oh yeah, it actually mentions they're running a form of Mastodon in the article. I feel silly now for not reading to the end first.

Hopefully whatever vuln they have is unique to them... or we're in a bit of trouble.

1+
shork

@onfy @noelle afaik it's not (the one vuln I know about was a really basic SQL injection), and they also didn't incorporate any of the fixes Masto got in the meantime

1
& sarah

@noiob @noelle What, you think mainline Mastodon's vulnerable to that kind of attack too?

1
Ellie

@onfy @noiob The specific Gab attack was based on a patch that removed SQL sanitizing, and I don't think there's anything like that in Mastodon's code. That said, it's theoretically possible for someone to introduce code like that to Mastodon; we just have to be careful.

1
& sarah

@noelle @noiob cough github.com/unascribed/sleeping

1+
shork
Follow

@onfy @noelle una merges mainline fixes afaik

· · Web · 1 · 0 · 1
& sarah

@noiob @noelle She does, to some extent anyway. I don't follow it as much as I maybe should. I think she was behind for a while but has been fixing stuff more recently. Last commit is apparently from November.

1
shork

@onfy @noelle yeah I would've heard if there were any big vulnerabilities since Nov github.com/noiob/awoospace

1
shork

@onfy @noelle (I should probably still update, there've been some good updates to glitch-soc in the meantime)

1
& sarah

@noiob I personally have come to prefer sleeping, so this is a relief to me.

0
Sign in to participate in the conversation
Awoo Space

Awoo.space is a Mastodon instance where members can rely on a team of moderators to help resolve conflict, and limits federation with other instances using a specific access list to minimize abuse.

While mature content is allowed here, we strongly believe in being able to choose to engage with content on your own terms, so please make sure to put mature and potentially sensitive content behind the CW feature with enough description that people know what it's about.

Before signing up, please read our community guidelines. While it's a very broad swath of topics it covers, please do your best! We believe that as long as you're putting forth genuine effort to limit harm you might cause – even if you haven't read the document – you'll be okay!

Trending now

Resources

Developers

What is Mastodon?

awoo.space

  • v3.5.3+glitch

More…

v3.5.3+glitch · Privacy policy