So ... apparently ImageMagick is borked
-
[sigh] It's getting bad, guys. We needs moar security on shizz, and less "OMG OPEN SOURCE FUR LIEEEEF!!!111oneoneone!!"
-
-
@Vaire Someone posted this yesterday. It was patched almost immediately, and @ben_lubar got us taken care of shortly after.
-
@Polygeekery said in So ... apparently ImageMagick is borked:
@Vaire Someone posted this yesterday. It was patched almost immediately, and @ben_lubar got us taken care of shortly after.
I don't haz tiem to read all of the news here. My god, my "unread topics" counter NEVER goes below 90. NEVER! No matter how many topics I read, it just keeps creeping back up to 99 almost immediately. It's a problem guys, I need help.
@accalia where is that auto-read-it bot of yours? o_0
-
@Vaire said in So ... apparently ImageMagick is borked:
My god, my "unread topics" counter NEVER goes below 90. NEVER! No matter how many topics I read, it just keeps creeping back up to 99 almost immediately.
I don't even pay attention to that number.
-
@Vaire There's a "mark all as read" button. Just use it when you're done for the day.
-
@blakeyrat said in So ... apparently ImageMagick is borked:
@Vaire There's a "mark all as read" button. Just use it when you're done for the day.
There ... there is? Seriously? How did I not know this?!
-
@Vaire Kind of. It's hidden under the "Mark as Read" menu for some goddamned reason.
-
@blakeyrat said in So ... apparently ImageMagick is borked:
@Vaire Kind of. It's hidden under the "Mark as Read" menu for some goddamned reason.
I am the fail. All your base DO NOT belong to us :(
-
@Vaire said in So ... apparently ImageMagick is borked:
@accalia where is that auto-read-it bot of yours? o_0
havent made one yet.... could i guess. just have it mark threads with activity than X or that contain in the title as read....
yeah that's doable.
-
@accalia said in So ... apparently ImageMagick is borked:
@Vaire said in So ... apparently ImageMagick is borked:
@accalia where is that auto-read-it bot of yours? o_0
havent made one yet.... could i guess. just have it mark threads with activity than X or that contain in the title as read....
yeah that's doable.
Iz okay, Blakey taught me a new trick today, I'm good :D
-
@accalia Please do not make software that just spams the forum with API requests for absolutely no reason.
-
@blakeyrat said in So ... apparently ImageMagick is borked:
It's hidden under the "Mark as Read" menu for some goddamned reason.
Where else would you put it?
-
@accalia said in So ... apparently ImageMagick is borked:
havent made one yet.... could i guess. just have it mark threads with activity than X or that contain in the title as read....
Or just wait until we get the Ignore option, and then you can ignore those threads and they won't show up in Unread.
-
This post is deleted!
-
This post is deleted!
-
@Vaire said in So ... apparently ImageMagick is borked:
No matter how many topics I read, it just keeps creeping back up to 99 almost immediately.
It only counts up to 100 threads even if there's way more, and all the imported threads from d*******e count their last couple of posts as unread.
-
@blakeyrat said in So ... apparently ImageMagick is borked:
Please do not make software that just spams the forum with API requests for absolutely no reason.
why would i spam the forum with API requests when i can just sit on one end of a websocket and fire off the read request when a post is made in a topic that matches the rules?
seems rather inefficient and rude to poll when a push model is available
-
@RaceProUK said in So ... apparently ImageMagick is borked:
@blakeyrat said in So ... apparently ImageMagick is borked:
It's hidden under the "Mark as Read" menu for some goddamned reason.
Where else would you put it?
-
@loopback0 said in So ... apparently ImageMagick is borked:
@RaceProUK said in So ... apparently ImageMagick is borked:
@blakeyrat said in So ... apparently ImageMagick is borked:
It's hidden under the "Mark as Read" menu for some goddamned reason.
Where else would you put it?
I'm not sure it was @RaceProUK who d here.
-
@Dreikin I figured blakey was being sarcastic.
If not then yeah, to me.
-
Does this exploit work on Windows Server?
-
@Vaire said in So ... apparently ImageMagick is borked:
I don't haz tiem to read all of the news here.
Just look out for new topics, e.g. https://what.thedailywtf.com/unread/new
-
Oh look, they gave it a cute name:
-
@lucas1 said in So ... apparently ImageMagick is borked:
Does this exploit work on Windows Server?
I'm not finding any information one way or another, so assume yes.
The primary reference code appears to be CVE-2016-3714 (, although there are related ones with the codes
- CVE-2016-3718
- CVE-2016-3715
- CVE-2016-3716
- CVE-2016-3717
So you can try looking these, as well as the cute name "imagetragick", up for more information.
(Codes taken from the link above.)
-
I used to work on a product that used this server side on Windows. I will inform a friend that works there. Thx
-
@blakeyrat said in So ... apparently ImageMagick is borked:
absolutely no reason.
Obviously there's a reason, she just said it.
You can say an auto-mark-all-as-read is a bad reason, but it's not no reason.
-
@RaceProUK said in So ... apparently ImageMagick is borked:
Where else would you put it?
Well, the button had was nii--...was niiiii--...worrrrrkk--...is a way you could do things.
-
"ImageMagick allows to process files with external libraries. This feature is called 'delegate'. The most dangerous part is ImageMagick supports several formats like svg, mvg, maybe some others - which allow to include external files from any supported protocol including delegates."
-
Woo hoo! Wordpress, by default, doesn't use ImageMagick!
-
Just logged in to my web server's admin panel. There's a big fat banner at the top telling me that my hosting company already patched the vulnerabilities and that I don't have to do anything. I know why I host my websites there, despite them being a little more expensive than the competition.
-
@asdf said in So ... apparently ImageMagick is borked:
Just logged in to my web server's admin panel. There's a big fat banner at the top telling me that my hosting company already patched the vulnerabilities and that I don't have to do anything. I know why I host my websites there, despite them being a little more expensive than the competition.
Who? I am always looking for better hosting.
-
@Vaire said in So ... apparently ImageMagick is borked:
Who? I am always looking for better hosting.
Do you speak German? ;) Because they don't even have an English website, they specialize in German web development companies and don't sell to individuals. I got an account there through my last employer.
-
@asdf said in So ... apparently ImageMagick is borked:
@Vaire said in So ... apparently ImageMagick is borked:
Who? I am always looking for better hosting.
Do you speak German? ;) Because they don't even have an English website, they specialize in German web development companies and don't even sell to individuals. I got an account there through my last employer.
...nein :(
-
@Vaire Das ist nicht so gut
-
@Jaloopa said in So ... apparently ImageMagick is borked:
@Vaire Das ist nicht so gut
I know English (and bad English [waves to Korben Dallas]), Spanish, and Japanese, a tiny amount of Korean and Chinese, and a smattering of Hindi. And I'm out, everything else is Google Translate or shrugs
-
@Vaire said in So ... apparently ImageMagick is borked:
I know English (and bad English [waves to Korben Dallas]), Spanish, and Japanese, a tiny amount of Korean and Chinese, and a smattering of Hindi. And I'm out, everything else is Google Translate or shrugs
For what it's worth, you know more languages than 90+% of Americans (number obtained via SWAG methodology).
If you call someone who knows two languages “bilingual” and someone who knows three languages “trilingual,” what do you call someone who knows only one language?
An American.
-
@Vaire said in So ... apparently ImageMagick is borked:
I am always looking for better hosting.
I haven't needed hosting for a long time, but I was always very happy with site5.com. Fast, responsive support
staff, and they didn't overprovision their servers.
-
@antiquarian said in So ... apparently ImageMagick is borked:
For what it's worth, you know more languages than 90+% of Americans (number obtained via SWAG methodology).
Confirmed. I know English. And a very little french. From high school. 35+ years ago.
-
@FrostCat said in So ... apparently ImageMagick is borked:
@Vaire said in So ... apparently ImageMagick is borked:
I am always looking for better hosting.
I haven't needed hosting for a long time, but I was always very happy with site5.com. Fast, responsive support
staff, and they didn't overprovision their servers.Are they Windows/Linux, or Linux only, or Windows only? I have needs for both.
-
@Vaire said in So ... apparently ImageMagick is borked:
Are they Windows/Linux, or Linux only, or Windows only? I have needs for both.
I only ever had a Linux host. Looks like no Windows, though.
-
@FrostCat Ok, thanks. Won't be able to switch to it though :)
-
@antiquarian said in So ... apparently ImageMagick is borked:
what do you call someone who knows only one language?
An American.Why else win those World Wars if you just gotta learn to speak everyone else's languages?