:headdesk: Let's send a Subscriber Agreement update!
-
yeah......
you're doing it wrong.
BCC EXISTS FOR A REASON!
-
@accalia I don't see the problem...?
-
I have Let's Encrypt certificates and did not receive that email. Are you sure it's real?
-
I don't use gmail (for raisins unimportant here); how do you view the full headers of an email there?
-
@dkf said in Let's send a Subscriber Agreement update!:
I don't use gmail (for raisins unimportant here); how do you view the full headers of an email there?
It's in the top right menu somewhere. Or you type C-u g.
-
@Mikael_Svahnberg I just ⌘+U, but I was more interested in the gmail user interface here…
-
@dkf it's there in the web interface. Can't find it in the native ios app.
-
@Mikael_Svahnberg said in Let's send a Subscriber Agreement update!:
Can't find it in the native ios app.
Unsurprised.
-
@ben_lubar said in Let's send a Subscriber Agreement update!:
I have Let's Encrypt certificates and did not receive that email. Are you sure it's real?
well the single link in the email is: https://letsencrypt.org/repository/
which checks out, it mentions the correct dates for the documents at the end of that link
and the mailheaders checkout.
Google let it through to my inbox last night, but seems to have changed its mind now. it's currently living in spam.
so......... /shrug/
-
@accalia [TW: Discourse] https://community.letsencrypt.org/t/email-address-disclosures-preliminary-report-june-11-2016/16867
-
@bb36e Wow it's amazing that an open source team like this could have such a bad bug, why didn't their extensive QA processes catch it?
-
@blakeyrat bugs happen in all software. all software is shit. get over it
-
@bb36e said in Let's send a Subscriber Agreement update!:
all software is shit
You don't get it. Blakey seems to believe that if a piece of software is commercial, it must automatically be great, and that if it is open source, it must automatically be terrible. Both are wrong. There's good software and bad, yet those axes are different to whether it is commercial or open source.
Bad commercial software is really nasty, and often just seems to work hardest at stopping you from taking your data out and going to a competitor…
-
@dkf said in Let's send a Subscriber Agreement update!:
Blakey seems to believe that if a piece of software is commercial, it must automatically be great,
Lies.
-
@bb36e said in Let's send a Subscriber Agreement update!:
@accalia [TW: Discourse] https://community.letsencrypt.org/t/email-address-disclosures-preliminary-report-june-11-2016/16867
from the raisins:
This was done via an automated system which contained a bug that mistakenly prepended between 0 and 7,618 other email addresses to the body of the email. The result was that recipients could see the email addresses of other recipients.
Livingston Q Fucknards, people. Stop making my "funny because it's stupid beyond reason" jokes in "funny because it's sad & true" jokes:
https://what.thedailywtf.com/post/904564
Sprint 21: Error in JOIN statement used to build password reset mailburst from Sprint 20. Password reset email again sent to all users, with every user cc'd on every email. Sending apology.
-
@Lorne-Kates said in Let's send a Subscriber Agreement update!:
an automated system which contained a bug
In 2016, sending mailz is hard.
"Should we use any of the thousands of mail-list programs that are available and that have been working for decades?"
Nah, we'll roll our own.
"Should we test it?"
Nah, QA is for people who can't code right the first time.
-
@accalia you just doxxed your all e-mail, now random internet trolls will br able to send you messages
-
@fbmac said in Let's send a Subscriber Agreement update!:
@accalia you just doxxed your all e-mail, now random internet trolls will br able to send you messages
It's not a secret... Heck, mine isn't either!
-
@fbmac said in Let's send a Subscriber Agreement update!:
@accalia you just doxxed your all e-mail, now random internet trolls will br able to send you messages
My email address is fbmacdeletesyouremails@lubar.me
-
@fbmac said in Let's send a Subscriber Agreement update!:
@accalia you just doxxed your all e-mail, now random internet trolls will br able to send you messages
and your point is?
-
@accalia I thought I was being ironic
-
@dkf said in Let's send a Subscriber Agreement update!:
I don't use gmail (for raisins unimportant here); how do you view the full headers of an email there?
In this particular instance, it appears you don't need to. The addresses concerned were prepended to the body of the message....
-
@PJH said in Let's send a Subscriber Agreement update!:
@dkf said in Let's send a Subscriber Agreement update!:
I don't use gmail (for raisins unimportant here); how do you view the full headers of an email there?
In this particular instance, it appears you don't need to. The addresses concerned were prepended to the body of the message....
yes, a fact that i realized after posting the screen shot
@fbmac said in Let's send a Subscriber Agreement update!:
@accalia I thought I was being ironic
don't you have to be 900% more hipster to be ironic?
-
@ben_lubar said in Let's send a Subscriber Agreement update!:
@fbmac said in Let's send a Subscriber Agreement update!:
@accalia you just doxxed your all e-mail, now random internet trolls will br able to send you messages
My email address is fbmacdeletesyouremails@lubar.me
Your email's bouncing. You may want to call Milwaukee PC's helpdesk.
-
@ben_lubar said in Let's send a Subscriber Agreement update!:
Are you sure it's real?
Seems legit...
-
@DoctorJones their official disclosure on their Discourse forum
-
@fbmac LOL, they use Discourse...
Also,
Each email mistakenly contained the email addresses from the emails sent prior to it
How do you even build a system with that specific bug?
[ ] reusing variables
[ ] not initializing variables before using them
[ ] embedded device without a filesystem
[ ] other: _____________________________
-
@anotherusername said in Let's send a Subscriber Agreement update!:
How do you even build a system with that specific bug?
Forget that, how do you even get them into the message body?
-
@LB_ that's part of the question. I threw out a few wild guesses. Feel free to add some; that's what "other" is for.
-
@LB_ said in Let's send a Subscriber Agreement update!:
Forget that, how do you even get them into the message body?
Probably some variable that should have been the username to use within a greeting for that user that (1) used the user's email address instead (
GREETING = "${GREETING} ${EMAIL_ADDRESS\n}"
) and (2) wasn't cleared between emails.That's what it looks like anyway.
-
@ben_lubar Curious if that will actually end up in @ben_lubar's inbox somehow :)