For those horrible enough to like this.

Sometimes each other too if my information is correct. So even if you are a bad person and want to harass innocent people, kiwi farms isn’t the place to be.

Bad people are bad people towards you too if you give them the chance. Just don’t be bad, much better. Don’t hate!

Vanilla might not be good in a lot of things… Ice cream… Se… But here it is pretty nice!

I can’t test it right now but I would love to know. Is it true?

Yeah! But to be fair, it kinda works in the reverse too

I will start to call chrome/iums limited web browser from now on

Yeah that’s a stereotype. Some many brilliant people and somehow the fuck ups (not the people but their fuck ups) generate all the attention. I didn’t think of that stereotype and was curious. But seriously blaming a (maybe even a fresh)PhD for being bad at coding is both fair and unfair but no peer review is not on them.

I don’t like cryptic message like this, especially if the repo seems to be gone

There isn’t a legal precedent. Unless I misunderstood, this is a settlement and settlements aren’t! Legal precedent. Which is why big e.g. pharma likes them, because then they don’t have the legal precedent for the next case.

I didn’t mean it so serious. I just tried to express that you seem to have experience with it and I am wondering what you have to deal with. I am sorry if it came across negatively.

So you are saying you are the expert in unshitifying queries? What is the most common thing that needs to be unshitified?

As a dev, yes usually. It is certainly the better starting point.

I am telling you this because hopefully it will make you feel a little better. Our head of it blames devs for slow queries.

Fair perspective. It is a scam happing in the crypto sphere but that doesn’t necessarily make her a cryptosis. I mean, it comes down to what makes a cryptosis a cryptosis, acting in the crypto sphere or believing in crypto or holding crypto?

Technically not a cryptosis as onecoin wasn’t a cryptocurrency, that was part of the scam.

Dude, can you be less rude? Calling me a liar, without point out a lie. At best, you found a misunderstanding of cve on my end which wouldn’t be a lie and isn’t in the part that you called a lie. Also I don’t think that there was a misunderstanding on my end of what cve means. Then you call me basically a clueless idiot for not having a clue about web servers. While I actually currently am working for a multi billion dollars companies as a backend dev and never worked anything but web dev. Then you complain about a straw man when you don’t bother to express what your actual argument was and I had to guess.

You might realize that I am not bothering to argue your points, there is a simple reason why, you are being a dick. Make your points clearly like you did just a moment ago and don’t be rude while doing it and you get an interesting conversation.

In case, you are curious, I am actually rather neutral on whether or not, it should be cves. I see the devs reasons and think they are reasonable and I understand why f5 would report it. A new fork seems to be an overreaction though. I bet you didn’t expect me to hold this position because you were busy being a dick instead of having a conversation

There is an astounding number of lies/misrepresentations in your post, good lord.

1. I never said it isn’t an issue. Dos is the issue. It is a vulnerability.
2. No. CVE are not required. Like never. There is no legal requirements. The c in CVE stands for common btw… You know what is not common, Experimental features on non stable releases.
3. The stables are not affected. To quote from https://www.nginx.com/blog/updating-nginx-for-the-vulnerabilities-in-the-http-3-module/ about cve-2024-24989, “NGINX Open source mainline version 1.25.4. (The latest NGINX Open source stable version 1.24.0 is not affected.)” And about CVE-2024-24990, “NGINX Open source mainline version 1.25.4. (The latest NGINX Open source stable version 1.24.0 is not affected.)”
4. Yes and no. Remember the c in cve?
5. How is it a lie to say that they informed people through a mail list, when they did that? Remember you said I was lying? Also didn’t you say they wanted to keep it quiet to fix in secret, while they inform the public? Isn’t that a lie? (Also, you call it a cve in this point, well the dev didn’t think of it as one and he alerted the users. So they satisfied your “least” requirement for a cve while not thinking of it as a cve.)
6. My statement is once again not a lie. But let’s talk about your stuck transaction. Your transaction isn’t “stuck” if you use transactions in your database, but besides that you used an experimental feature on a non stable release on a publicly facing service and the “stuck” transaction is your issue? You are fucking without a condom, my friend. And That experimental feature might just crash randomly, due to memory leaks or what not, and your transaction is stuck too.

Where were my lies? I mean I showed you yours.

Have you looked into the CVE? Apparently it is a non issue. You could use it to dos a service that have an experimental feature enabled, which is disabled by default, on a non stable Version. I understand the dev. CVE should be for serious issues. And they alerted their users over an email list

It can be used for dos, as it is crashing workers, but they will be restarted anyway.

The only issue is “var”.

The CEO told the head editor to support a specific political party in Germany. He talks about east Germans like they are lesser. And so much more…

In short, if your news is axel Springer, your news are trash

With things like cloudflare cache leak, it might become a real way to hack stuff.