> On Mon, Apr 15, 2024 at 4:14 PM Steve Langasek
> <steve.langasek@ubuntu.com> wrote:
> > And if there are issues with the usability of paste.ubuntu.com, uh, we own
> > that service? So let's work with our IS team to make it fit for purpose.
> > (I don't know why it currently requires a login to *view* paste contents;
> > that seems straightforwardly a bug that we should just get sorted.)
>
> That's because pastebin servers are frequently abused as a way to get
> free mass storage.
>
> It's not very practical to require login to post to a pastebin as the
> whole point is for a tool like "pastebinit" to work without needing
> user configuration as it's commonly used as a debug tool on cloud
> instances and other random servers random than a user's personal
> system.
>
> With that in mind, a bunch of folks noticed that you could abuse a
> service like paste.ubuntu.com by pushing large files (base64 encoded
> or the like) and then retrieve them with a very trivial amount of html
> parsing (if no raw option is offered directly).
I'll add that (from memory) it wasn't just being abused as free mass
storage in general, it was very very dodgy stuff that required urgent
takedown enforcement. We talked IS down from making it require a login
to use the service at all and this was the compromise.
--
Colin Watson (he/him) [cjwatson@ubuntu.com]
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
