There is a bug in yarnd that’s been around for awhile and is still present in the current version I’m running that lets a person hit a constructed URL like
YOUR_POD/external?nick=lovetocode999&uri=https://socialmphl.com/story19510368/doujin
and see a legitimate-looking page on YOUR_POD, with an HTTP code 200 (success). From that fake page you can even follow an external feed. Try it yourself, replacing “YOUR_POD” with the URL of any yarnd pod you know. Try following the feed.
I think URLs like this should return errors. They should not render HTML, nor produce legitimate-looking pages. This mechanism is ripe for DDoS attacks. My pod gets roughly 70,000 hits per day to URLs like this. Many are porn or other types of content I do not want. At this point, if it’s not fixed soon I am going to have to shut down my pod. @prologic@twtxt.net please have a look.
↳
In-reply-to
»
@stigatle / @abucci My current working theory is that there is an asshole out there that has a feed that both your pods are fetching with a multi-GB avatar URL advertised in their feed's preamble (metadata). I'd love for you both to review this PR, and once merged, re-roll your pods and dump your respective caches and share with me using https://gist.mills.io/
⤋ Read More
@prologic@twtxt.net Try hitting this URL:
https://twtxt.net/external?nick=nosuchuser&uri=https://foo.com
Change nosuchuser to any phrase at all.
If you hit https://twtxt.net/external?nick=nosuchuser , you’re given an error. If you hit that URL above with the uri parameter, you can a legitimate-looking page. I think that is a bug.
↳
In-reply-to
»
Hack of the day: running
⤋ Read More
watch -n 60 rm -rf /tmp/yarn-avatar-* in a tmux because all of a sudden, without warning, yarnd started throwing hundreds of gigabytes of files with names like yarn-avatar-62582554 into /tmp, which filled up the entire disk and started crashing other services.
@prologic@twtxt.net Sure, but why would this start happening all of a sudden today? Nothing like this has happened before. Is this a known bug?
Plus on a de compétences techniques, plus on peut utiliser des technologies “basses”, et plus on est incompétent, plus on utilise une technologie haut niveau qui décide à notre place. Donc il faut essayer d’enseigner la technologie la plus “basse” possible pour permettre aux enfants d’être en mesure de comprendre ce qu’ils font. - Marcello Vitali-Rosati, auteur de “Éloge du bug”.
👋 If y’all notice any weird quirks or UI/UX bugs of late on my pod, please let me know! 🙏 For those that have a Javascript enabled web browser will notice (hopefully) a SPA (single page app) like experience, even in Mobile! No more full page refreshes! All this without writing a single line of Javascript (let alone React or whatever) 😅 – HTMX is pretty damn cooL! 😎 #htmx
I am supposed to come to office today, but I have caught the same cold bug wife has had for the last three days, so I am staying remote to spare cube-mates. Nose stuck, dripping, and a general slight sense of malaise is what I am feeling right now.
↳
In-reply-to
»
OK time to put this to the test, I ended up setting my $VISUAL env
{-here-} variable, so that jenny can launch neovim instead of plain old vi like
{-here-} it is instructed in the code. But as you can see, I still get these
{-here-} wired new lines every ~70th character (marked them with {-here-})
⤋ Read More
I might have found the actual source of my problem.
Jenny uses an .eml file when composing a twt …
and vim kinda auto formats it and inserts in those line breaks every ~70 character.
Then, I stumbled upon this link where Where someone reports that saving a .eml into a .txt might… corrupt the data?
↳
In-reply-to
»
I keep muting accounts here (twtxt.net), and they keep popping back on after some time. It is nuts. :-(
⤋ Read More
↳
In-reply-to
»
KTeaTime: A customizable tea steeping timer application from the KDE project: https://apps.kde.org/kteatime/
⤋ Read More
@mckinley@twtxt.net weird you mentioned my with the anthony.buc.ci account. I am assuming these kind of bugs were never addressed by @prologic@twtxt.net. :-(
Bug Thread
⌘ Read more
↳
In-reply-to
»
@xuu That was one of the horror puzzles where I had to look for help. 🥴 I modelled my solution after this: https://www.youtube.com/watch?v=2pDSooPLLkI (I can’t explain it better than the video anyway.) It takes a second on my machine and that’s with my own hashmap implementation which is probably not the fastest one.
⤋ Read More
i am wondering if maybe i need a better heap like a btree backed one instead of just list sort on Dequeue.
I found a bug where i didnt include an open/closed list that seemed to shave off a little. right now it runs in about 70 seconds on my machine.. it takes over the 300s limit when it runs on the testrunner on the same box.. docker must be restricting resources for it.
I might come back to it after i work through improving my code for day 23. Its similar but looking for the longest path instead of shortest.
↳
In-reply-to
»
The Unreasonable Effectiveness Of Plain Text - YouTube -- This is very good 👌
⤋ Read More
@lyse@lyse.isobeef.org I wish more standardization around distributed issues and PRs within the repo ala git-bug was around for this. I see it has added some bridge tooling now.
↳
In-reply-to
»
Could pumping CO2 under Canada's coast cause earthquakes?
Injecting CO2 underground might increase pressure along geological faults and cause earthquakes, but a report concludes the risk is minimal for a proposed CO2 storage site near Vancouver Island ⌘ Read more
⤋ Read More
@New_scientist@feeds.twtxt.net hello @prologic@twtxt.net here’s another feed that’s spewing multiple copies of the same post. This one above is repeated 8 times. @awesome-scala-weekly@feeds.twtxt.net now has 13 copies of each post every week. This definitely looks like a bug in whatever code is generating these feeds, because the source feeds don’t have multiple copies of the original posts:
- Has 8 copies of the above post: https://feeds.twtxt.net/New_scientist/twtxt.txt
- Has only 1 copy of the above post: https://www.newscientist.com/feed/home/
I forget whether I filed an issue on this before, but can you tell me where I should do that?
I have used Linux for most my life, and it hat been my daily driver for nearly two decades now. I have been bugged recently how when I exit the terminal buffer has not been cleared leaving whatever contents available to the next user to view.
a quick man zsh I found the STARTUP/SHUTDOWN FILES, and then a quick search on resetting the termianl buffer led me to <esc>c or printf "\033c".
In five minutes something which has bothered me for who knows how long was resolved. Just needed some motivation to figure it out.
Bug Bounties May Sound Great, But Aren’t Always Handled Well
Bug bounty programs setup by large corporations to reward and recognize security researchers for properly reporting new bugs and security vulnerabilities is a great concept, but in practice isn’t always handled well. Security researcher Adam Zabrocki recently shared the troubles he encountered in the bug bounty handling at Google for Chrome OS and in turn for Intel with it having been an i915 Linux kernel graphics driver vulnerability… ⌘ Read more
Siphon
⌘ Read more
↳
In-reply-to
»
git-bug
⤋ Read More
Ah git-bug! Ive chatted with the creator when he was working on the graphql parts. Its working with git objects directly sorta like how git-repo does code reviews. Its a pretty neat idea for storing data along side the branches. I believe they don’t add a disconnected branch to avoid data getting corrupted by merging branches or something like that.
↳
In-reply-to
»
@movq yeah.. i rewrote it a few times because i thought there was something breaking.. but was mistaken
though now i am seeing a weird cache corruption.. that seems to come and go.
Media
⤋ Read More
I have found the issue with this very subtle bug.. the cache was returning a slice that would be mutated. The mutation involved appending an item and then sorting. because the returned slice is just a pointer+length the sort would modify the same memory.
CACHE Returned slice
original: [A B C D] [A B C D]
add: [A B C D] E [A B C D E]
sort: [E A B C] D [A B C D E]
fix found here:
https://git.mills.io/yarnsocial/yarn/pulls/1072
↳
In-reply-to
»
Hmmm, after fixing my feeds to move the
⤋ Read More
<author> from <entry>s to <feed>, Newsboat marked all old affected articles as unread. IDs were untouched, of course. Need to investigate that. Had something similar happen with another feed change I did some time ago. Can't remember what that was, though.
Great, last system update broke something, building from current master I get:
/usr/bin/ld: /lib/x86_64-linux-gnu/libm.so.6: unknown type [0x13] section `.relr.dyn'
What the heck!?
And it also appears that I’m not really able to reproduce this unread bug. It only kind of works a single time. And it has something to do with my config. Not sure what it is yet. I also noticed that the <updated> timestamps in the entries somehow shifted between the old and new feed. Da fuq!?
Astronomer Hotline
⌘ Read more
@eldersnake@yarn.andrewjvpowell.com Is there still an issue (sortt was out for most of the day) with the We 💚 Privacy Club pod? 🤔 I hope no weird bug has been introduced 😢 AFIK none of the auth/session handling code has been touched in quite some time.
#BUG (or feature?) when I hit reply twtxt.net no longer fill in the @mention of the persons who’s post I’m replying to…
Oof! I found a bug on Yarn’s Markdown rendering, @prologic@twtxt.net. See OP.
@quark@ferengi.one Pinging @movq@www.uninformativ.de, in case it is a bug.
↳
In-reply-to
»
My kid just uncovered a bug in a program I wrote by grabbing my laptop and smacking the keyboard a bunch. Biological input fuzzing; a real-life chaos monkey.
⤋ Read More
It did! And I fixed the bug last night. And now I’m curious how your pod deals with spam. 👆🏼
My kid just uncovered a bug in a program I wrote by grabbing my laptop and smacking the keyboard a bunch. Biological input fuzzing; a real-life chaos monkey.
Fixed another bug in my finger client: rfc1288 says lines have to end with crlf, but I was just sending lf.
Fixed a bug. Found a new bug in yesterday’s work. Fixed that bug.
@prologic@twtxt.net @jlj@twt.nfld.uk @movq@www.uninformativ.de
/p/tmp > git clone https://www.uninformativ.de/git/lariza.git Mon May 24 23:48:18 2021
Cloning into 'lariza'...
/p/tmp > tree lariza/ 12.5s Mon May 24 23:48:32 2021
lariza/
├── BUGS
├── CHANGES
├── LICENSE
├── Makefile
├── PATCHES
├── README
├── browser.c
├── man1
│ ├── lariza.1
│ └── lariza.usage.1
├── user-scripts
│ └── hints.js
└── we_adblock.c
2 directories, 11 files
↳
In-reply-to
»
I just timed it: 59 seconds for my Raspberry Pi to boot, 33 of which is waiting for my keyboard firmware to initialize. That's just absurd.
⤋ Read More
Unrelated: my first response shows a rendering bug on your site: it’s dropping a backslash. Hard to mix markdown and genuine plain text.
@prologic@twtxt.net Bug in your profile links: it’s repeating a segment. For example, your face tries to get to https://twtxt.net/user/https://twtxt.net/user/prologic/twtxt.txt
@xuu@txt.sour.is @prologic@twtxt.net @thewismit@twtxt.psynergy.io ah.. probably a bug with the re parser. looks like i can do it without the <>’s with lex
Printer bug + Exchange https://dirkjanm.io/exploiting-CVE-2019-1040-relay-vulnerabilities-for-rce-and-domain-admin/