1. Which mods/admins were being Power Tripping Bastards?

Snoopy

  1. What sanction did they impose (e.g. community ban, instance ban, removed comment)?

Community ban

  1. Provide a screenshot of the relevant modlog entry (don’t de-obfuscate mod names).

  1. Provide a screenshot and explanation of the cause of the sanction (e.g. the post/ comment that was removed, or got you banned).

I woke up to suddenly being banned with a dm that was misgendering me. It appears the real reason I was banned was due to fact I was critical of Piefed’s recent actions.

Snoopy has no evidence that “I personally released the exploits into the wild" It was actually @yogthos@lemmy.ml who did the deed. I’m not technically enough to be pull it off, nor do I want to.

  1. Explain why you think it’s unfair and how you would like the situation to be remedied.

Hopefully unbanned and unblocked.

  • davel@lemmy.mlEnglish
    421·
    2 days ago

    @yogthos@lemmy.ml didn’t release exploits into the wild. He publicly disclosed vulnerabilities, which could be used to create exploits. We removed the post at the request of the developer, and he has since released a security update.

    https://en.wikipedia.org/wiki/Vulnerability_(computer_security)#Disclosure

    Someone who discovers a vulnerability may disclose it immediately (full disclosure) or wait until a patch has been developed (responsible disclosure, or coordinated disclosure). The former approach is praised for its transparency, but the drawback is that the risk of attack is likely to be increased after disclosure with no patch available.

    Yogthos has made a follow-up post: PSA: open source security considerations in the era of LLMs

    • Otter@lemmy.ca
      211·
      2 days ago

      The discussion is full disclosure vs responsible disclosure. I think almost everyone who is familiar with the situation agrees that:

      • yogthos didn’t create the vulnerability
      • the vulnerability should be patched, and the public needed to be made aware of them

      I don’t see why full disclosure is still being suggested as having been the right call in this case. A patch would have come out just as fast with a responsible disclosure, and there was nothing that users of Lemmy or Piefed could do by becoming aware of it right away. Meanwhile the full disclosure harms regular users, instance operators, and developers alike. I think it would ALSO be bad if someone did this to the Lemmy developers, or any other project.

      Responsible disclosure would have meant

      • contact the developer and wait a reasonable time for a patch
      • contact instance operators to let them know that they may want to take steps before the patch is out

      Even if we assume that malicious entities are actively exploiting the vulnerability, which is an assumption and not confirmed, publicly promoting it only makes the problem worse and doesn’t speed up any resolution.

      I understand that there is also tension between Yogthos and Rimu. I think Yogthos would have come out of this looking a lot better if they went with responsible disclosure

      • davel@lemmy.mlEnglish
        162·
        2 days ago

        I don’t see why full disclosure is still being suggested as having been the right call in this case.

        I don’t think it was the right call and said so in the removed post.

        • Otter@lemmy.ca
          10·
          2 days ago

          I see, I misunderstood the earlier comment and I’ll edit accordingly