Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

'0.0.0.0' means 'all local host addresses'. Including whatever might be listening on 127.0.0.0/8.

It's just a private network address, and this "vulnerability" is because idiots adhere to the letter of the spec maliciously instead of understanding current practice.




Wait, so you're suggesting developers shouldn't adhere to specs but instead develop their tools / libraries according to whatever they feel it is the cool kids currently do?


Yes, I do. You should be following de-facto real world standards, not fantasy ones. Especially if security is involved.


If there are de facto real world standards, why not write them down?


Ask the guys writing the RFC's, not me. Boggles my mind too.


Have you considered replacing/creating/updating RFCs/BCPs relevant to your field?


i fail to see much difference with:

>>develop their tools / libraries according to whatever they feel it is the cool kids currently do?<<

versus:

>>adhere to the letter of the spec maliciously instead of understanding current practice.<<




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: