<steve.langasek@ubuntu.com> wrote:
>
> On Mon, Apr 15, 2024 at 04:48:17PM +0100, Robie Basak wrote:
> > Prior to Noble, the pastebinit command defaulted to paste.ubuntu.com. In
> > Noble, this has changed to dpaste.com due to an upstream change[1].
>
> > What do Ubuntu developers think the default should be? If it should
> > remain paste.ubuntu.com, we can ask upstream to change it back, or add a
> > delta for now.
>
> > Reason to keep it dpaste.com:
>
> > People have complained that the login requirement makes it unusable for
> > helping Ubuntu users at large who don't necessarily have an Ubuntu SSO
> > account.
>
> > Reason to keep it paste.ubuntu.com:
>
> > I'm not keen on relying on third party services when not necessary,
> > especially ad-supported ones. I have no reason to distrust the current
> > operator, but in general, these things tend to go wrong sooner or later.
>
> > There was more discussion on IRC[2].
>
> > [1] https://github.com/pastebinit/pastebinit/commit/5c668fb3ed9b4a103eb22b16e603050a539951e0
> > [2] https://irclogs.ubuntu.com/2024/04/15/%23ubuntu-devel.html#t14:17
>
> I was not pleased to see the switch to dpaste.com. I've found that it's
> pretty unusable on mobile, and I don't like this pointing to a service we
> don't control.
>
> And if there are issues with the usability of paste.ubuntu.com, uh, we own
> that service? So let's work with our IS team to make it fit for purpose.
> (I don't know why it currently requires a login to *view* paste contents;
> that seems straightforwardly a bug that we should just get sorted.)
That's because pastebin servers are frequently abused as a way to get
free mass storage.
It's not very practical to require login to post to a pastebin as the
whole point is for a tool like "pastebinit" to work without needing
user configuration as it's commonly used as a debug tool on cloud
instances and other random servers random than a user's personal
system.
With that in mind, a bunch of folks noticed that you could abuse a
service like paste.ubuntu.com by pushing large files (base64 encoded
or the like) and then retrieve them with a very trivial amount of html
parsing (if no raw option is offered directly).
There are obviously alternatives to this, but they tend to require a
bunch more server side logic, basically trying to find the right set
of restrictions to both poster and reader so that legitimate users can
use the service normally while abusers get sufficiently annoyed to
stay away from it.
> --
> Steve Langasek Give me a lever long enough and a Free OS
> Debian Developer to set it on, and I can move the world.
> Ubuntu Developer https://www.debian.org/
> slangasek@ubuntu.com vorlon@debian.org
> --
> ubuntu-devel mailing list
> ubuntu-devel@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
--
Stéphane
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
