Posts by videogamesm12

  • happy december 6

    Quote from lyicx
    Quote from videogamesm12

    You think Windows 8.1 is the best modern operating system. Point and laugh!

    im too drowsy to talk about how much you would put your dick in aero so im just gonna leave this here

    image.png

    There's a very important distinction to make between XMB and Windows 8. The former looks great even in 2022, while the latter looked like shit even in 2012.

  • happy december 6

    Quote from lyicx

    YOU FUCKING LITTLE WEE SHITE, YOU HAD A MOMENT TO SAY ANYTHING AND EVERYTHING BUT YOU CHOSE TO NAME A FUCKING ANIMAL??

    I WAS NEAR A PIG SLAUGHTER HOUSE THE OTHER DAY, I HEARD THE SQUEALS OF THE LITTLE PIGGIES I DONT WANNA HEAR SHIT BOUT ANIMALS WHILST IM EATING LIKE BACON OR SOMETHING



    THIS IS A BIG OCCASION, BIGGER THAN TF ANNIVERSARY AND MY BIRTHDAY AND SHIT. YOU COULD'VE DONE AN EPIC SPEECH BUT NOOO YOU JUST SAID FUCKING "COW" FUCK YOU FUCK YOU IM PISSING MYSELF

    https://cdn.discordapp.com/attachments/418198246217744415/1049529397041954877/80-1.png

  • Make TotalFreedom Coins Great Again

    I'm going to say this again and again: I really do not like the concept of a shop on the Freedom server in the first place. It goes against the foundation of the server where things like that were given out to operators equally. To justify its existence, people have said that the goal of it is to help with player retention. Threads discussing why people stick around on this server bare no mention of this.


    I can tolerate its existence currently, but do note that I see rewriting it as a bit of a waste of time.

  • Invalidating the Log4Shell allegations on my ban.

    Quote from wild1145

    Not actually a requirement, the Log4J Dependency just had to be included, which it was on multiple servers and plugins for various reasons even if it wasn't actively used.

    No, that's not how the exploit works. The only way it would execute is if Log4J itself was specifically instructed to log (and subsequently process) a string. That's the only way it would work.

    Quote from wild1145

    Entirely possible though which is sort of the point.

    Nope. Paper had already pushed a patch for Log4Shell for 1.17.1 all the way back in December of 2021. Freedom-01 itself had updated to 1.17.1 in January 2022, meaning we absolutely could not have been running a vulnerable version of 1.17.1 by then.

    OZVbww0OKmtFq7Wk.png

    Quote from wild1145

    Not really, still entirely possible.

    Nope. RFC-952, the document that specifies the foundation in which public domain names work, disagrees:

    Quote from RFC-952

    A "name" (Net, Host, Gateway, or Domain name) is a text string up to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus sign (-), and period (.). Note that periods are only allowed when they serve to delimit components of "domain style names". (See RFC-921, "Domain Name System Implementation Schedule", for background). No blank or space characters are permitted as part of a name.

    Nowhere in that text does it say you can use underscores, only that you can use alphanumeric characters in addition to the minus and period. To further test this, I threw "get_balls" into Google Domains to see if it would let you register a domain like "get_balls" or "get_balls.com". It doesn't.

    juFBUBNnW9ngcw9A.png

    Quote from wild1145

    Java by default (In my own experience anyway) will postfix a .com to the domain if it can't resolve it.

    No, it doesn't. I even tested it on a local server that was running a vulnerable version of Log4J. It attempted to resolve get_balls and obviously failed. However, it did not attempt to resolve any other domain, and this is evident by the fact that it didn't throw an error about get_balls.com not resolving properly despite the fact that the domain doesn't exist. You can see the results below:

    ZCS5qRcT81XwwUOr.png


    Quote from wild1145

    See the first statement, not the case.

    Ditto.


    Quote from wild1145

    The issue is that Eva attempted it, it's not about successfully exploiting something, it's about the fact they tried to do this in the first place.

    Why would she even attempt to exploit a vulnerability that she knew was already patched and (for reasons I've stated before) wouldn't have worked anyways?

  • Invalidating the Log4Shell allegations on my ban.

    The original appeal was locked, so I'm going to continue to challenge the ban extension in this thread, because frankly I still don't find the reason provided to be sufficient for Eva to have been banned for half an entire year. Two months would have been more than sufficient given how obnoxious it apparently was for Ryan to clean it up, but half a year is absurd.

    Quote from wild1145

    as I've said, there could have been ways what you did here could have damaged the server should the right conditions have been met.

    That string would have only worked if each of these spectacular blunders happened all at once:

    • [Network-level] BungeeCord using Log4J at all for its logging (it simply doesn't)
    • Us running a version of Paper/Scissors that was still vulnerable to the exploit (we didn't and still don't because that would be fucking suicide)
    • The public domain schema allowing underscores in top-level domains (it doesn't).
    • Us for some reason deciding to actually manually resolve the domain get_balls to somewhere that hosted malicious class files (we don't, because that would be retarded) OR manually configure our shit to append .com to the end of domains that fail to resolve (we didn't and still don't, because that's absolutely pointless)
    • Us using something that uses Log4J specifically to log the IP address used by players to join the server (we don't)

    There is no way in hell it could have damaged the server. We have a patched version of Paper, we use BungeeCord, we have a reasonable configuration, and nothing we run even logs that sort of information with Log4J in the first place. It simply couldn't work.

  • List of indefinitely banned users from Freedom Game-Mode

    By my request, Alco_Rs11 has created a spreadsheet containing a list of all indefinitely-banned players from the Freedom game-mode, including the name, UUID (if present), the reason for the ban, the link to the original request, and whether or not it can be appealed. It is publicly-accessible, so anyone should be able to view it.


    You may view it here: https://docs.google.com/spread…NR5lkDfk/edit?usp=sharing


    This list will not include those that are banned on other game-modes and may not include those that are globally banned.

  • I almost can't believe how bad: FTX

    FTX (some retarded cryptocurrency exchange shit) recently filed for bankruptcy and replaced its CEO with John J. Ray, III, someone who oversaw Enron's bankruptcy filing and liquidation. The previous CEO, Sam Bankman-Fried, had resigned following some very illegal events he had a hand in. This morning, the new CEO filed an affidavit in regards to the bankruptcy, in which he detailed just how bad management was in that company. He summarized the situation quite bluntly as "a complete failure of corporate controls and such a complete absence of trustworthy financial information" and noted that he had never seen something like this before.


    To be more specific, here's just a few things he noted in the affidavit:

    • Ray couldn't trust the accuracy of the financial documents he was provided, and many of which weren't audited at all
    • Executives (beyond Bankman-Fraud and his inner circle) were left in the dark about the situation leading up to the bankruptcy
    • Their human resources were so bad that they didn't even know who worked for the company and who didn't
    • They had a terrible disbursement system in place, with payment requests being made through some chatroom and approved with literal emojis
    • Corporate funds were often used to buy houses and other personal shit, and this was obviously not documented
    • An unsecured group email address had root-level access to things like private keys and sensitive data
    • They used software to cover-up misuses of customer funds
    • They didn't keep track of the investments they made
    • They didn't keep track of decision making and often did so using platforms that offered self-destructive messaging
    • Some of their auditors had a headquarters in the fucking metaverse (HAHAHAHAHAHAHAHAHAHAHAHAHAHAHA)

    In other words, they had shitty (or even in some cases nonexistent) accounting, auditing, cybersecurity, money management, human resources, risk management, and data protection. What a shitshow. The first time I actually heard of them was back in July of this year when a friend of mine literally got an ad shilling this shit in their fucking fortune cookie. I swear you couldn't make this up.


    Here's the affidavit if you're interested: https://pacer-documents.s3.ama…3/188450/042020648197.pdf

  • Admin Application - AquaPlayZ

    I would like to express some concerns I have as constructive criticism. While I haven't been too observational, I have noticed that you have been making excessive amounts of sexual jokes. While I don't expect a team full of young adults to not make sex jokes, there is a limit with those kinds of things.


    I've included an example below so you can understand what I mean by this.

    qq94k5j.png