Why do we still have the Twitter one box enabled while it's still performing DoS attacks?
-
@FrostCat said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
@boomzilla I admit to not having paid too close attention before, but have we not contacted the iframely people, or are have they gone dark and aren't responding to bug reports, or is it something else?
The only report I can see of this behavior is the one I filed today.
-
@FrostCat said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
@boomzilla I admit to not having paid too close attention before, but have we not contacted the iframely people, or are have they gone dark and aren't responding to bug reports, or is it something else?
There is the iframely people, then there are the iframely plugin people (which is nodebb people). Iframely itself is a service. We self host their open sourced version. The nodebb plugin part integrates nodebb with iframely.
-
@boomzilla said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
IOW, you don't know either. Geez, why did you even post that?
No; I'm saying "the browser cache fixes it" is irrelevant (even if it were true; which it's not) because browsers aren't required to keep a cache.
-
@blakeyrat said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
browsers aren't required to keep a cache
Browsers also aren't required to execute JavaScript or support HTML. That doesn't mean JavaScript and HTML are irrelevant. In any case, you're the only person who brought up caching being a solution to this problem.
-
@Arantor said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
I think it's actually useful to have some safe, sane preset onebox defaults, e.g. Wikipedia, YouTube.
Not sure Twitter is on that list.
I'd rather have a Twitter onebox than have to follow a link there just to read 140 characters or see a video or image.
-
@ben_lubar said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
Browsers also aren't required to ... support HTML.
Huh? Isn't that literally the most fundamental definition of a web browser?
-
@masonwheeler said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
Huh? Isn't that literally the most fundamental definition of a web browser?
I don't know if you'd call it a browser, but there's no particular requirement that the HTTP protocol be used to pass HTML around.
You could in theory create a browser that uses HTTP and only receives and displays .fla files.
-
@blakeyrat said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
You could in theory create a browser that uses HTTP and only receives and displays .fla files.
Had one on my PSP at one point to view YouTube videos. Though I'm certain it still parsed a bit of HTML on the server's backend...
-
Regarding the original point, I believe that what most people would recognize as an "attack" (on anything) has two specific characteristics.
- It's intentional
- It has a high likelihood of causing damage
I can think of cases where some people would still regard actions that don't meet one of these criteria as an attack, but I can't really imagine any reasonable person classifying something that meets neither of the two as an attack.
In light of this, how does this bug qualify as "a DOS attack"?
-
@ben_lubar ewwwwwwwwww. That:
@julianlam said in Composer preview should not include scripts, media, or iframes:
one wonders if you could selectively change text nodes based on a diff of the old and new raw input...
is literally precisely what I meant when I said
@anotherusername said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
figure out "oh, the user entered
a
, that should go at the end of this TextNode, I'll just modify that".and it sounds like a really complex, painful way of doing it. Which was why, instead, I thought of caching a reference to the onebox element after iframely does its thing, and just reuse the same element instead of requiring a new onebox from iframely if the URL's exactly the same.
-
@masonwheeler said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
It's intentional
Nope.
-
@blakeyrat said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
@masonwheeler said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
It's intentional
Nope.
In other word
s, microaggressions?
-
@blakeyrat said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
@masonwheeler said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
It's intentional
Nope.
Well, the thing about the word attack is that it has the same root word as AT&T. So really, anything possibly using copper wires qualifies.
-
@masonwheeler said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
In light of this, how does this bug qualify as "a DOS attack"?
You can't read twitter if you're on MS-DOS. So posting links to twitter is an attack against people on MS-DOS.
-
@anotherusername said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
@blakeyrat no, what's irrelevant is stabbing puppies with ice picks.
You've never made an ice pick hushpuppy kabob?
-
@xaade no, are they tasty?
-
@anotherusername Dude...
Especially if you alternate hushpuppy and boudin ball.
-
@Tsaukpaetra said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
microaggressions?
lol....
Godwin's law millennial edition?
-
@FrostCat said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
@Lorne-Kates said in Why do we still have the Twitter one box enabled while it's still performing DoS attacks?:
Meaning that if there's any sort of bandwidth, usage caps, or angry sysadmin... then I WILL BE THE ONE WHO WILL BE BANNED?
Lorne and Blakey angry about the same thing? https://www.youtube.com/watch?v=WfVcvyxLj-s&t=22
My psychic powers told me what clip that was going to be before I clicked it. (Or maybe great minds think alike.)