#general

lol its just that I have my own pvp client and I wanna make sure im 100% secure from it

ty

1.8

yea i've done the necessary patches i just want to make sure that i haven't been compromised from the last 2 days

Affectd by the exploit?

Run a malewarebytes scan with everything enabled, and you should be good to go.

i've did a mcafee scan

full scan

So

We're dealing with a lot of potentially NEW malware

For all accounts, you're fine

if you're still not sure, go reinstall your OS

1.7. https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition

read before talking

damn

Why would anybody waste time writing new malware?

I said potentially new

hackers are always finding new ways to make money

I mis read that.

malware based on the exploit?

not that i'm tryna be smart but people are innately greedy

> below <

I know

so, 1.7 is impacted

As I said. I didn't read it well.

they'd take advantage of any new vulnerability as soon as it pops up
and this vulnerability seems really easy to be taken advantage of

long weekend of dealing with people who can't read is getting to me \o/

and for some reason, I literally cannot close discord

It's like

addicting

I love tormenting myself

https://www.youtube.com/watch?v=3vjkh-acmTE

cat if you closed Discord you'd miss me.

new phone, who dis?

lol

laughter

hahaha

I sent you my taco pics pls respond

Cat doesn't miss anyone.

true

YES

I got macOS to boot

Omg

Is someone typing an essay?

So the full ramifications

Anyone could have been infected by anything any time since 1.7
Any possible infection has the potential to have hidden itself
Any possible infection has the potential to hide from antivirus

The conclusion

There's no reliable way to tell if you absolutely have or have not been infected.
Each of the above ramifications is plausible at best, rarely probable at worst.

And if you think you were recently exposed to a toxic, hidden, new vulnerability, the only thing you can do to be certain is to nuke the system.

Paper is sick of discussing this and they made this clear.
If you are worried, re-install your stuff, apply the patches, and move on.

^

ok

So clients 1.7+ were patched then in the official launcher?

cuz of that news thing

The statement from Mojang

Hmm they didn't say which vanilla versions were patched

Pretty sure they patched all affected versions

Which is 1.12 and up

They patched allllll the way down to even 1.7.something iirc

misinformed

Read the pins in paper-help

ok ocelot

or pie

ocelot is fine.

1.7+ is patched in the client.

i still find it funny that the issue was in a logger of all places :P

epic

I use macOS btw

Its really goofy how this came to be

Just

I mean the lookups feature fine whatever; worthless as it is, realistically should only have gone in the logger configuration, not logged messages

My source is slicedlime 👍

So unless something changed AFTER his message

the fact that this was default behaviour of log4j2 is extremely concerning lol

As far as I'm concerned I'm right lol

Rip any shitty IoT devices that run apache

Been watching some trends on greynoise, concerning

I doubt an iot device has a logging framework built-in

this is giving me big event-stream vibes

at least not the shitty ones that have no resources to even log to

Now to wait two hours until macOS is installed on my disk uwu

Here's the official statement from Mojang that provides information how to patch servers as early as 1.7

https://help.minecraft.net/hc/en-us/articles/4416199399693-Security-Vulnerability-in-Minecraft-Java-Edition

something gets a vulnerability and everything downstream gets screwed over

Log4j was supposed to make sure lookups didnt happen outside of permitted interfaces

But I think there was probably a logic error that just let it happen everywhere

New conspiracy: Apache developers went back in time to create a dumb vulnerability to throw the java community into chaos

but why provide a function which logs a different message from what was put in? 👀 that just sounds like trouble right from the start

Like I said it would make sense only in the configuration itself, not the logged messages

rip

Hardcoded lookups are immediately safer (outside of internal attacks)

For clients or servers, DeJay?

tbh that would probably make debugging even worse lmao

But unmodded clients 1.12.2 and higher are fine without any intervention.

Clients, ^

1.7 and up even

I mean, it's not a different message that was put in

They patched the client down to 1.7.

It's in their announcmeent.

It's part of why we can do shit like %minecraftFiltering in there

In the pins in paper-help.

Its just a string template honestly

For some reason my test 1.8 server has an error with the server patch XD

the issue is that there was nos sane escape mechanism which was well documented

#625768024057577473 message

and, the one which did exist was known by basically nobody

Uh actually slicedlime said that they had patched all the versions shortly after the 1.12+ announcement thing

the replacements of variables inside the message itself seems like a different message to me

If you can see that message you have literally all the information I know

thats outdated dejay 😄

DeJay don't spread misinformation, please.

noone told me in that server

Phoenix I agree that it being on by default in the first place is concerning

he tweeted, sec

They published a statement on their website rather than emailing you personally, sir.

https://twitter.com/slicedlime/status/1469277537490677766

I WAS IN THE MIDDLE OF DOING SOMETHING

AND DISCORD WAS LIKE "oi look at this instead"

Not sure how much I trust log4j as an option atm

i know how to use tab and arrow keys thats why im using them idiot

i mean

I'm sure all this flak has Apache sanitizing properly now lol

And under scrutiny of the entire web

I never bothered using anything besides System.out

lmao

the thing is that there might be more odd design decisions in the project...

and finding all of them will not be easy lol

as far as im concerned clients younger than 1.8? didnt need anything done to them anyway? O_o

atleast no security exploits in System.out yet

Not by default

Well

There was that screen bug where crafted messages could kill the server

Would not take long to make one... System.out is a variable, not a constant...

Does anyone know if Optifine pushed this to their newest downloads

go ask optifine

but I can kinda understand them. Some devs have the philosophy that logging should only ever be enabled for debugging purposes anyways... so this would always run in a controlled environment

Don't trust anybody write your own os, programming language and logging library

if you're using optifine you're probably also using forge or fabric so just

update your modloader

i mean you could PR one to HotSpot ;)

problem solved?

if you use optifine with the normal launcher then the launcher should pull it in anyways no matter the mods you are using

btw who on the paper team was doing the server backports ie 1.8.8

I think @wraith trail ? not sure

Whoever they were, it was not without agony

So much animosity for 1.8.8

I gave it a shot and it was so annoying

Sulu came in clutch though

a few people tried iirc 😄

well

yeah all i could find was glares original prs*

Fixed with a log4j config

We didn't push git data for the others.

But

:p

Cause they aren't supported

yaeh i saw a commit id but it doesnt exist

when you have a patch system in the repo instead of source files it gets painful to backport

That's not the reason

Little bit of magic to remove the log4j config from nms and inject the patched one

Should not have needed too much more than that

Its actually easier imo

pushing to the repo as 0 effect

I saw the spigot patch was to just use the noLookups flag in craftbukkit

We literally do not have a build pipeline setup

It impacts down to 1.7, which is why they patched it.

So, all of this is manual patch, test, and then toss a jar somewhere before it can be uploaded, manually

Time to fund the papermc legacy CI/CD project

xd

https://www.youtube.com/watch?v=gb72HBB1QbA lol wtf

i mean, if the fix is literally what the build description says then it's just syncing the upstream repository

it's what I've been telling people to do for like 2 days

lmao

I wanted to give Sulu money for the patching of older versions but Sulu doesn't seem to have sponsors enabled, so instead all of you for your work on this literal enterprise grade problem.

the vulnerability isnt going to work in the anvil or signs probably

not really necessary

Mojang and MultiMC have released updates for their launchers to fix the issue

so it's not necessary

also everyone using the official launcher will have a fix

in case of your typical shady launcher then uh, check with them, it's not our problem

Read the pins in #paper-help. Some legacy versions have been patched and pushed to the API

i was not asking for support 😄

I have secured the servers I work with already

sucks to suck then, a decent client still uses the mojang jre and library set as a basis

again, check with the launcher maintainers if they have released fixes

Optifine, forge, and fabric are safe

Mojang's launcher and MultiMC too

We are, once again, not going to add stupid patches towards an issue which is not ours to solve

It's not, it's just not necessary

if you want a filtering solution, go grab one

github being funny for anybody else?

hi whos the anime girl in your profile picture? edit: i googled it

but, we're not even going to make the faux promise that we can filter out all of this shit

nor are we gonna break peoples existing setups where text like that is valid and used for other things just because people are using random 3rd party software which has nothing to do with us

Jahy Sama

and that's our final answer.

Stop mentioning.

lmao

We're not adding arbitary filtering.

wtf are you going on about

just use a plugin and be done with it

so much drama for an issue that is already fixed

blind, over agressive filtering is stupid

tell your users to keep their shit updated

once again, we're not gonna go break everybodies setup because people are using unsupported software

there are options out there already if you wanna engage in that potential game of cat and mouse

This is free, open source software

if you really want that you are more than welcome to go program it and open a PR

I'm personally against it and think that it's stupid, but, I'm not the only person with a say in this

it has already been fixed on the client level

the client is not a problem Paper has to deal with

and the client has already been fixed

You want empathy for people who use third party clients almost exclusively to cheat.

How dare you not spend the next few hours chasing an issue , for free, to fix an issue with software which has literally nothing to do with you!

what consequences? a bunch of closed issues on GitHub?

Is that a threat? lol

Once again

if you want it, go open a PR

Its him

otherwise, if you're not willing to put your money where your mouth is, stfu

then pay a dev

The man who will cripple the MC community with log4j

https://cdn.discordapp.com/attachments/910972393214840904/919111801289965588/4qeRomMzSv0.jpg

the world is really simple like that

you are not entitled to determine where we spend our time on a free project

we've already told you that there is plugins, etc, out there to fix this

why is it called ldap

nor is it our job to roll out agressive filters which breaks peoples setups just because people wanna use janky software

if you are using the microsoft store minecraft launcher it shld've auto updated for all clients ystdy right

I see this as an insult to my name

ldap is a protocol with legitimate uses

Because it makes a ldap request

But thats the easier exploited jndi interface

then, you do not understand the effort and the implications of it

it costs nothing

Good

blatently false

"it costs nothing" is only said by people that don't value their time (or yours)

if you deem your time as worth 0, that is on you, but, we already pour a substantial amount of cost into this project

You’ve changed Noah. You used to be nicer 😔

i mean i've heard of adobe flash patches which ended up creating more vulnerabilities

Adobe flash was a trainwreck for its entire lifetime

doesnt youtube use adobe flash

no

Nothing uses adobe flash

the "community" follows a rolling release scheme, where the old version becomes unsupported as soon as a new one comes out. the fact that they've backported fixes should be seen as a courtesy. In addition, Paper has nothing to do with the clients. Go nag Mojang in their JIRA.

It fucking died

Sorry dap

not for many years

Many, many years

Because it is garbage

laughs in habbo’s flash desktop client

wait what

laughs in habbo hotel

youtube doesn't use flash

once again, there is literally already plugins out there which do that

i've always thought it used flash

HTML5 made flash go byebye

They haven’t for years

Not specifically on youtube though

chances are they miss stuff, I do not wanna waste my time playing cat and mouse towards chasing a moving issue which is already fixed for supported software

flash is literally dead and gone

i got annoyed clicking allow so i made youtube auto allow flash i think

Flash is gone due to the media bashing on it too much and making it seem like a threat

and i will die on this hill

Dude if you are in modern day allowing sites to use flash

flash is a threat

^^^

Your browser is soiled

I’d use flash any day

I mean, how are you going to play Line Rider without flash?!?

coolmathgames

What the hell is line rider

any HTML5 port of games like club penguin that i find feels significantly slower than the Flash versions

Like, flash had yet another massive huge security bug in the thing before everybody tossed it out

HTML5 port of club penguin

I completely agree

idk, I don't keep links towards random software

You mean an unofficial clone of a service that was retired??

speaking of flash i haven't played farmville in many years

Habbo’s new client is stupidly ugly

yes i do and i do not care that it's unofficial

yeah, you should not build games in html5 and javascript lmao

at least use java

runs

Didn't that club penguin recreation have a rather significant data breach

wtf java applets not safe either

So fucking bad they literally created a client with flash because players hate it

CPRewritten? not that i know of

java applets have been dead for years too

Games really shouldnt be played in the browser

I think that there was still some aspects of it around as they've not 100% yeeted it yet

https://monitor.firefox.com/breach-details/ClubPenguinRewritten

I just use shockwave nowadays, super updated

but, embedded on the browser afaik is gone

Shockwave > Flash

Congruence

Four million unhashed passwords

stuff like hordes.io runs pretty fast with html5, don't think thats necessarily the fault of html5/JS

@viral hornet 🥺

Z

Lord

My macOS install finally booted to the setup process

It’s beautiful

Hackintosh?

Yea

"next project: installing Arch offline"

https://cdn.discordapp.com/attachments/695651123679199232/917720945639186492/FirearmsRetro_https___t.co_ytvSnl4vYz.mp4

can TPS loss cause problems if tps is at 20?

wat

i wouldn't be surprised if someone made an automatic tool to scan all available minecraft servers and try exploiting log4j

Theres not a good way to use bukkit api on fabric yet is there

sent from my hackintosh

isn't that was happened?

wait it already happened?

lmao

Anything lower than 20 is TPS loss, 20 it's perfection.

what about higher than 20

🚎

@void void

no and will be always no

Problematic

Trying to find a way to permit concrete duping but not possible on paper

What of many?

maybe there's any forks that reverts thos dupes

https://github.com/NoahvdAa/Dripstone lets you set the max tps

Messing with tickrate is cringe

Anything that gambles on tick being 50ms gets screwed by that

Paper multiverse????

it's just for fun relax

paper metaverse

I"m looking at the timings and it says 20 tps, 14 % tps loss

that usually indicates that you have some lagspikes happening

I'm fully aware

I really hope nobody runs this in prod

https://timings.aikar.co/?id=9cee81739d0f469f8d2908dc39358786 ah, I'm looking at this

we're doing a dynmap fullrender but /tps e.g. shows 20.0, 20.0, 20.0

tps is a useless metric

so I should be looking at TPS loss instead?

yeah, TPS will stay at 20 because only some ticks take too long.
Take a look at /mspt instead

I see

Timings also aren't really that useful for lagspikes, you probably would want to look at a Spark report with --only-ticks-over instead
But first I would wait out the dynmap render, that can be a bit heavy

yeah good advice

(wait out the dynmap render)

Anyone know the patch number for sand duping

Am I allowed to recommend a plug-in that blocks the exploit here? Some people can't update their server or want players to not be vulnerable to the exploit. The plug-in I've found also blocks the exploit client-side.

Yeah I'm not expert

No

Everyone can fix it

It doesnt require an update

It only requires a single file and a restart

there is a plugin that reintroduces it on the forums

where can i report users trying to distribute a jar via dms?

DM @upbeat falcon

oke

@void void do you know the difference in performance using that plugin vs just recompiling without the patch?

Easier to update paper

Because you need to remove two patches

vs just swapping the jar

Aw cat beat me to it.

Thanks for reporting

Theres an update checker built into this simple plugin?

I might just fork the plugin and remove all the bloat

I seriously doubt your plugin works anyway

There are a bunch of ways to make the client/server log something you provide and the most obvious ways to filter it out can be bypassed using other log4j features

I wanna see it tho. I wanna decompile it and make fun of you

oof

It's called Log4JExploit-Fix. In the update logs, you can see how it works.

Yeah, that one don't work

Last time I looked it was only filtering chat

It's not mine though.

It isn't.

There is exactly 0 chance simple text filtering is going to fix all possible variations of the exploit

it's stupid, however

update or suffer

https://github.com/Luziferium/Log4JExploitFix/blob/master/src/main/java/dev/luzifer/log4jexploitfix/AppenderFilter.java#L45

just update omfg

plugin "patches" dont work

This is cringe

Now I can literally bypass your servers main logs by tossing a $ in my messages

yes it is

Oh, that's that one

and this took me one second to look at to know how to exploit https://github.com/notrhys/Log4J-Exploit-Fixer/commit/bcad7a7ff4b711fc9b17f7b460e82b6176091d48#diff-3dfe0be7d35d4445b0917ca13d53688524002f117c0d4b6bd7a29a206a68a810R15

Only if it also matches the regex

there's so many of them, none of them work

It uses Mojang's fix...

You'd be better off considering all string templates

would it work if you actually had a proper filter in there?

Just update lmfao

??????

these fixes are all written by people with zero understanding of how this exploit works

You're best off just fixing the problem

These plugins suck

Oh, okay

1.8 and 1.12 user move on challenge

mini, hangar wen

${Hey, look, now I can say whatever I want, woooo}

I've seen someone filter "${jdni", tf is that?

like does that do anything at all xd

Okay, but it will filter it and it won't send in the chat..

replace anything matching /\${.+}/s with empty string

So this one is doing two things

inb4 i can just do jdNi to bypass this

Plugin hackaround = garbage

It's trying to apply Mojang's fix via code and it's trying to filter chat packets

They added that first bit since the last time I looked at it

Probably since Mojang put out their fix

I don't know if it does Mojang's fix correctly or not, I don't care because you should just use Mojang's fix 😛

I'll create a plugin that just puts the fixed logger config into the runtime jar and call it a day

Add metrics

big brain plugin dev moment

The chat filtering stuff is not going to catch everything though so don't rely on this to protect clients from each other

just make a plugin that updates your server to 1.18

and sent it to all the 1.8 users

tldr plugin is dumb, apply the real fix and/or update

i mean how else are you gonna fix a code exploit? with hardware?

official patches and / or updates

Mojang does it via configuration file 😄

well i retract my statement

There are many people not aware of this exploit. They are still vulnerable. With this plug-in, the exploit can't be used in that server to exploit logged in clients.

Yes it can

You're better off making a plugin that turns the server off if the server isnt patched

No, I'm not going to tell you how

Client aren't vulnerable if they restart. The plugin can be bypassed so it is not a solution.

news flash, if they dont know about the exploit they're not gonna look for a plugin to fix it

a plugin is not going to help you prevent your backend or client from being infected, just update

it might discourage users from trying more by using a plugin, or just to log who attempt to use it

but its not a fix

It'll block the idiots, it won't block the most malicious people

I mean that server owners install the plug-in to protect clients in their servers.

minecraft client is probably not that bad of an issue because launcher updates automatically, no?

If they're joining your server and you know about the exploit spam it in a giant message that takes over their chat box until they acknowledge it

Finally a good use for the conversation API

Modded clients still are. People don't just randomly update their clients.

Someone should make that plugin instead

well now they should :]

all right, for a modded server with a custom launcher operating on a variety of versions, what's the best way to patch this exploit

Look, if you want to install this plugin, go for it. It doesn't fix unpatched clients and it doesn't protect anything. People need to update their clients. That's the only solution.

do they not? doesn't forge do that?

Cry a lot of and hope everyone updates

You'll have to manually update modded clients.

its a custom launcher there is no mojang issued update

does your launcher auto-update? then just update them to the latest fabric/forge version

then you're basically fucked

glhf

So pay your developers to fix it then

Did they update log4j in the launcher manifest or not?

What you really mean is an old ass version of the game via some dumb cracked launcher, right?

They did

But again, I don't say that the plug-in is a full replacement for the fix. I say it's an extra layer of protection.

Once again

shouldn't custom launchers pull from launcher manifest anyways?

You'd hope

should

we're not going to waste our time tryna do stupid chat filtering

it's bypassable

take whatever false security you want, i guess

Don't share that stuff around here like it's a fix is the main thing

It's not a fix

you're literally dismissing what I'm actually saying

so the latest forge does fix this?

you did say it's a fix and not "extra layer of protection"

Probably, ask them

You're also dismissing what I'm saying.

how am I?

yeah, they released updates for all supported forge versions that fix it. but, ^

I've literally already said that it's bypassable

We need Minecraft Application Firewall (MAF) /s

if you wanna use it for the basic security and the false sense of security it offers, go ahead

That's called bungeecord

nowhere am I acting like my word is final?

bungeecord is not a firewall?

I literally explained that this is an open source community

You could actually do a filter for this in a proxy

I think this is getting too out of hand and personal

Just blindly filter all text that goes through it

You re more than welcome to create a PR or rally for one

I'm just saying that imho its not worth it and not something I'd approve

I don't see how it would be bypassable, but it's still an extra layer of security. My lobby server is still vulnerable, because I can't apply the fixes. With that plug-in, it blocks the exploit.

Be nice - be polite. No personal attacks.

no it doesn't

you don't need to join the server to exploit it. the plugin only helps for users that are actually on the server

you can actually check the health % of an iPad

The server part of it probably works but you can just apply Mojang's log4j2.xml to do the same thing

jfc just do what you wanna do, don't brag about it here and piss off

We keep telling you that it doesn't. I don't know why you don't believe us. But if you want to apply it anyway you can.

who cares

We know doing it Mojang's way works

The bit about it protecting clients isn't true though

Just NOOP the logger, easy fix.

It'll stop the most obvious stuff but that just means people think they're safe until the really malicious people show up

Perfect solve

Log nothing

Hwiggy woah

long time no see

i can see paper general is undergoing cancer again, i need coffee before i come back in here

I'm aware of this, and I know how it works. But most people will just use it inside the server.

They DO NOT NEED TO UPDATE THE GAME

Can you make me some too

They only have to download ONE SINGLE FILE

general is a cringefest again

(they should tho)

And it isnt your piece of garbage plugin

You can apply your false sense of security all you want

@fallen oracle ill do you one better and review the pr when im awake

Just don't tell people it fixes the problem

Cubxity

Hwiggy

You could even implement changes too

Huge brain

I appreciate you

oh boy

Tends to happen after a @ everyone ping

Yes something can be done to prevent it

but... people literally did?

It is called apply the official mojang fix and shut the hell up

And that's not true.

Mojang did, Paper did, Forge did, Fabric did. What more do you want?

We are not going to spend the next few days wasting our time away to patch and filter every single potential exploit vector when there are already official fixes out for the client

I can't tell if @crystal escarp is trolling at this point or not

They seem incapable of understanding any point other than their own

If people don't use those fixes, its not the fault of the people developing the fixes

In my opinion, if a sentence starts with in my opinion, it's prolly full of shit

Its clear his account was compromised by log4j and this is a bot come to spill calamity

We are not going to play cat and mouse with our time, for free, to patch something which already has official fixes

That plugin will stop the people who think it's funny to open calc on you 100 times

It won't stop the really malicious people

imagine willfully staying on outdated versions or willfully failing to use official sources and then coming to a free project's chat to complain that they're not doing enough for you

Well, this log4j thing is like cat and mouse

So it's a false sense of security

probably hasn't donated anything ever either

it's like chrome's built in "xss protection"

I think these two conversations have run their course.

!ban @crystal escarp Take your attitude and entitlement elsewhere. We owe you fuck all.

:raised_hands: Banned agustinOut#6413 (Take your attitude and entitlement elsewhere. We owe you fuck all.) [3 total infractions] -- electronicboy#8869.

they dropped that iirc

3 total infractions

or are planning on it

Hes been here before

says enough tbh

Insert "first time" gallows gif

Nah those are all recent I think

Darnit I didn't get to screencap the "nice work" message before booped! I wanted it for my collection.

irc go brrrr

He wants server-side fixes for third party clients that might not be patched.

anyway fuck the drama, lets talk about other things that i deem are more important. what changes

Let's talk about my boss being insane

All I want for Christmas is env overrides

Anything you see wrong. I mean tbh the whole backend needs to be cleaned but that still implements that CF support

He will drive by all my team members tomorrow to give us gifts

oh god

I also want to update it to the latest spring at some point

how nice :)

The gift of being fired?

i see the whole project as needing rewrites

paper hard fork when

gift for each person: rewrite x to not use log4j

we can only dream 🙏

and buy mini beer

already did

Haha I wish, then I could find something new for more money, but for now am stuck here cause I like my team and the work too much, lol

once

hangar wen

Your boss is Santa Claus?

Mini are you actually an elf?

I mean, you might mistake my ears for that, lmao

And hey, I worked on hangar today simple

simple don't badger Mini about hangar

good boy

I realized that auth is working on staging again, so technically that's progress

Elves work hard.

Altho I didn't commit anything

Lmao

This is hugely frustrating

Oh wait, I did, I disabled scroll bars

Both projects Java 17

i will have to contribute to your alcoholism soon if you keep it up mini

I plan on doing stuff tomorrow before going to my parents

But like, hangar needs two things, a designer and a fucking project manager

I have no clue what I need to do

And that's greatly hurting progress, lol

i'll design it

but you may not like it

Very true, but neither of us seem to have the time to do that right now unfortunately.

roll random discord members and let them do it

my life is a mess, i have no time to do anything but suffer

😦

Gradle is making me very angery

git gud

mad cuz bad

Oh its intellij problem

Intellij cache is not updated or something

Build just fine but dum IDE error

invalidate caches

file>invalidate caches

Yes I am familiar

But thank you

👍

just makingsure

Not needed anymore

We get repair ide now

Which is literally magic

what is that

would be nice if the IDE wasn't broken in the first place

It's software, software always sucks

cmon

Yeah I am just gonna permanently have this compiler error but its not even incorrect

windows is living proof that software is always amazing

said nobody ever

I'm running Windows ME.

It's A++

Wait that joke is too old.

you mean C++

I'm running Windows 8.

It's A++

Repair ide fixes that

Microsoft Word perfect example of standardized broken software

like battery saving?

@vernal moth is this a plugin?

windows me = Misery Edition

didnt you make a theme for irc? so ur obviously a designer mini, smh stop making excuses

No it's a new feature

I can implement a design

I can't come up with one

The IRC theme is a rewrite of somebody else's work

thats why designers make big bucks

They don't actually, lmao

it was sarcasm

Hey some do.

the ones in marketing do

That depends.

Marketing bullpen designers are usually making not a lot.

The ones that designed spotify wrapped used to

i never got to see my stats cuz the app crashes every time i open it

and for some reason its only on mobile

great design choices

like, wtf is this (not my screenshot)

"duitse pop" bruh

spotify moment

modern design

you wouldn't get it

@vernal moth didnt work 😦

I'm a mere mortal

I 100% assumed something broke with font rendering there

they're just progressive

eurovisie songfestival

lmao

its a feature

Hello, how can I find this general location? Found in a timings report

the coordinates are right there

is that about log4j?

nah its about guava

Wow fix pls

just know that ~1200 entities isn't too bad, you need to divide the number by the times the area has been seen

its just an amplification exploit, no big deal

downloading xcode because why not

god xcode is so bad, but its also good

When I teleport to that area its just an empty ocean

its the start of the region, you will need to fly around a bit

I see okay 🙂

It's a 512x512 area, right?

Forgot how big regions are

yep

Is 1.12.2 patched from the log4j exploit?

No - check the pin in #paper-help and use the Mojang recommended fix.

Redoing community guilds huh

Okay

only to alphabetically order them again, and posted by @crystal lily instead now

history's biggest lie:

its technically correct, its just a tick taking way too long

yep

it'll sometimes... not lead to a crash

but yeah its just a tick warning message essentially

it definitely is a slightly misleading message

@twin lagoon GOOD MORNING

HELLO

BEST OCELOT

So krypton mod optimizes bandwidth usage?

I have it on my client.

Maybe.

👋 🥺

https://www.greynoise.io/viz/query/?gnql=tags%3A"Apache Log4j RCE Attempt"

i'm loving macOS

https://twitter.com/TheASF/status/1400875147163279374 Went to twitter and saw this.

hehe

well i opened twitter and see some random person quit from LMG and made a big stink about it by quote tweeting linus' hiring confirmation tweet with "lol i quit" but then refuses to elaborate on it, so they make a huge deal about it on twitter then say "sorry it'd be unprofessional for me to say anything about it", "and also i was not fired"

but will happily raise drama and run with the twitter clout

i do love modern society

random person

literally suop

mfw

yeah and

LITERALLY. SUOP.

and

I WILL LEARN HOW TO KEYBOARD

am i supposed to give a shit about that person

changed my apple music resolution to the highest and now it just skips all songs

you can't handle the truth of high res

I mean, there was basically a huge episode and drive which got her hired in the first place

probs just my crappy headphones

You want the high res?

YOU CAN'T HANDLE THE HI-RES

peasant!

yea that's what she quote tweeted when quitting

so i'll just use my ipad for hi-res

and i just see the whole deal as like, "ok? fuck off now"

apple music just doesn't want me listening to santa baby

i don't want you listening to santa baby either

well i want

ask youtube

this song is kinda addicting

this is a better jam https://www.youtube.com/watch?v=gaemFnBm-IY

nice song

it's better on mute

x)

you're better on not alive

.kill dap

crushes dap with a huge spiked rock.

I mean... isn't most "Christmas" music addicting?

Is it possible to find a server with doLimitedCrafting set true??

Can that be searched for anywhere?

🤔

christmas is addicting

Indeed

unless they advertise it no it can't be searched anywhere that i know of

Hmmm, ok, that splains why Im not having any luck searching

deep inside you love me

admit it

Kills him again

correct: i did love you

that is, until you refused to send me jamon iberico

.kill dap

Ouch

rams a grenade launcher up dap's ass and lets off a few rounds.

based paperchan

double kill? 😔

Is it the woman he did a contest computer build with?

echoing announcement d-d-d-d-d-d-d-d-d-d-d-d-double kill

i have no idea

Yea

madison

oh we on a first name basis now

yea, she was doing the LMG tiktoks and stuff

why does prt scr not make a screenshot in macOS

all the lmg cringe shit basically

well anyway i could give less than a single solid shit about her

she's appeared a few times and such

alt-shift-5

‰

LOL

wait, no

it'd be more like one of those dehydrated shits

cmd-shift-4

i know cat knows what im talking about

or 5

ez

wdym ez

You need more ram

i dont even have a lot of stuff open

i'm worried

just firefox and apple music

and xcode installing on the background

might be that

other than that, macOS is amazing

super smooth

didn't remember it being so good

my family is literally watching mariah carey christmas music videos on the tv and dancing to it

LOL

https://www.youtube.com/watch?v=j9jbdgZidu8

That's the UKs christmas anthem

another reason not to go live in the uk

i want this for christmas http://paper.owo.foundation/6L397y9.png

any recommendations for website hosting? It would be just some basic litebans page, maybe forums/wiki too

https://extravm.com/webhosting.php

thanks

also my wifi seems to be better on macOS

use the exploit to fix the exploit

https://naomi.s-ul.eu/OVhcL5Ks

white text on white

what is that font you deadly bitch

is that roblox

roblox

yep

wait

nvm

detroit: become human

1v1 phantom forces naom

yes, i play roblox with the boys, you got a problem?

dude i just got off phantom forces

LOL

i'm joking

unless..

oh its webhook

lol i tought its bot

would've clapped you anyway

she's an AI

i see

ai deez nu-

bonk.

this is paper general, not paper horny

i can shred you in roblox minecraft

1v1 me monkegame onetap

1v1 me in rust in minecraft

hm

bet

aight tmr

make sure to remind me

still on 1.17.1 because

dead server

hmm

I can show you one of my latest creations tomorrow

you'll see

why wait until tomorrow

why not

can i put there namelessmc? their livechat is not working

should be able to

@spiral robin ur live chat is BROKEN

Hi

What

lol

We don’t have livechat, dunno what they’re talking about

1.18.1 patched that log4j issue, right ?

oh extravm livechat

lol^2

namelessmc is a php application so yes

it will run

stupid

thanks

you are stupid

no u

my man you managed to bork your arch install by leaving your computer running

arch's fault

that's dumb

it died overnight

this change feels so nice

font actually looks great!

the animations have me wheezing though

anyway can i just complain about roblox servers?

they have a minimum of 50 ping at all times

no, it's your fault for playing roblox

my friend's macbook can't run cs otherwise we'd play that

did i ask

do i care if you asked?

Hi simple

hi Larry !

Be kind to each other, Naomi and simple :)

this is how i show love

i'm so good at cs that everyone votekicks me

too good for them

I play irelia but I can never time the cannon minion correctly

why did macOS create a games folder all of a sudden with chess in it?

Play chess.

chess is a game dap

japanese chess > chess

no way

So what… did you setup a hackintosh or bought a new Mac?

it is?

hack

Ah

what server hosting to yall recomend

bloom or dedicatedmc

extravm, bloomhost, dedicatedmc

beat you to it

you didnt mention extravm so shut up dap

calm down

do i detect toxicity

maybe

im about to be real mf toxic toward intellij, it's not loading at all