Ah yes, my best efforts of spending whole 5 minutes of my time showing how your codebase is a shitshow with zero consideration for security. Be thankful that I found them and published them, and it wasn’t somebody actually malicious who found them first and exploited them.
There was no valuable secret information here, literally anybody with access to an LLM could find this trivially. The fact is that your ‘devs’ didn’t bother doing even a minimal due diligence here. I guess can’t expect fascists to be competent.
When you ban everybody who disagrees with you that makes it hard to communicate with you losers. Warning people who are federating with your malware instance is a public service though.
I threw an LLM at pyfedi code yesterday and it found a whole bunch of catastrophic security problems. So they had to take the server down and actually fix their shitty code. Piefed is complete amateur hour.
Up until this post; I had always assumed that my code was shit because I’ve never been formally educated on it and came from an IT background that emphasized just getting it to work over any other concerns like security.
But no; it can be so much worse and that has been one of the biggest surprises I’ve ever had; professionally speaking.
My advice would be to just go for it. If you find a bug and fix it or add a useful feature, it’s absolutely worth submitting. And collaborating with other devs will help you grow your skills a lot faster.
Less skill improvement and more trivial pursuits. Lol
I’ve been a Lemmy user for a little while now and my perceived short comings of it are starting to irk me like other IT systems started irking me and fixing them will make me life easier.
I know from experience that once I attain a level of mastery that’s sufficient to fix what I want to fix; then that level will stop increasing. :p
And now that you’ve given me license, I’m going to tell them to redirect the blame to you. Lol
oh look, the fed instance has spoken
Yes we’re back despite your best efforts.
Ah yes, my best efforts of spending whole 5 minutes of my time showing how your codebase is a shitshow with zero consideration for security. Be thankful that I found them and published them, and it wasn’t somebody actually malicious who found them first and exploited them.
Usually you give the developers heads up first then release the exploit information after it’s been patched.
That’s the decent thing to do.
There was no valuable secret information here, literally anybody with access to an LLM could find this trivially. The fact is that your ‘devs’ didn’t bother doing even a minimal due diligence here. I guess can’t expect fascists to be competent.
People make mistakes but releasing it publicly like you did was a real dick move.
When you ban everybody who disagrees with you that makes it hard to communicate with you losers. Warning people who are federating with your malware instance is a public service though.
I still prefer it to lemmy and that’s the great thing about the fediverse.
flies are drawn to manure
?? What weird childish mythology about the scary tankies have you cooked up now, are we hackers?
I threw an LLM at pyfedi code yesterday and it found a whole bunch of catastrophic security problems. So they had to take the server down and actually fix their shitty code. Piefed is complete amateur hour.
https://lemmy.ml/post/47393443
https://codeberg.org/rimu/pyfedi/commit/093a466935849f27b3ecf2eab159129186320417
Up until this post; I had always assumed that my code was shit because I’ve never been formally educated on it and came from an IT background that emphasized just getting it to work over any other concerns like security.
But no; it can be so much worse and that has been one of the biggest surprises I’ve ever had; professionally speaking.
I find a lot of people in tech end up with imposter syndrome like this, but the reality is that most code in the wild is really terrible.
It genuinely made me wonder if my rust is already good enough to let me start lending a hand on Lemmy.
I’ve been practicing but my python/ruby/java/c++ keep interrupting my hello world comprehension self tests.
My advice would be to just go for it. If you find a bug and fix it or add a useful feature, it’s absolutely worth submitting. And collaborating with other devs will help you grow your skills a lot faster.
Less skill improvement and more trivial pursuits. Lol
I’ve been a Lemmy user for a little while now and my perceived short comings of it are starting to irk me like other IT systems started irking me and fixing them will make me life easier.
I know from experience that once I attain a level of mastery that’s sufficient to fix what I want to fix; then that level will stop increasing. :p
And now that you’ve given me license, I’m going to tell them to redirect the blame to you. Lol
I’ll let diva explain it.
Huh, so the dystopian social credit instance was poorly coded? Color me shocked.