it's B! Cavello ☠️ @b_cavello@maly.io

the los angeles metro 2040 plan is a beautiful vision of a future that we can have, if we build it

https://mastodon.social/media/met0Tbvh8qG_Iqj_3ZQ

@djsundog @rabcyr It'd largely depend on your OS/distro though since Masto's shelling out.

@sungo @rabcyr I just ran the ImageTragick PoC test suite from https://github.com/ImageTragick/PoCs on the toot-lab server, reports safe:

sundog@toot-lab:~/repos/PoCs$ ./test.sh
testing read
SAFE

testing delete
SAFE

testing http with local port: 33517
SAFE

testing http with nonce: a5de7659
SAFE

testing rce1
SAFE

testing rce2
SAFE

testing MSL
SAFE

I could use some extra eyes on some Masto code that is striking me as a security concern.

Look at https://www.dropbox.com/s/i0h8yg4z2oril0u/wtf.txt?dl=0 which is a log snippet

From what I can see, every time masto gets a file, incl profile images and headers from federated instances, it shells out to imagemagick to resize and convert it.

Part of that is here https://github.com/tootsuite/mastodon/blob/master/lib/paperclip/gif_transcoder.rb

Given https://imagetragick.com this seems ... bad

do the people complaining about mastodon admins being able to view your private messages realize that
twitter can do that too and they're literally partnered with a service named "dataminr"

100 FOLLOWERS GET

🎉 T O O T 🎊

honestly thought? turntable.mastodon. That needs to be a thing.

The Bill of Rights at the Border: Fourth Amendment Limits on Searching Your Data and Devices - https://quitter.no/url/1058627

gonna create an instance of mastodon where the default avatar is an alien, likes are called "florps", and the timeline goes sideways

#introduction

I'm a PhD student in Computational Social Science. Have been involved in/am interested in public policy, w/ background in defense and military issues. These days increasingly interested in computation and impact on society writ large.

Cyber-Clausewitz avi sort of mixture of "old" and "new" me even if both always interests I've had. I'll toot about mixture of natsec, tech, and cultural topics. And of course Harambe (RIP).

Wait, this isn't the fan site for the heavy metal band Mastadon?

I did a gamedev thing today

and enjoyed it ❤❤❤

-----BEGIN PGP SIGNATURE-----
69

Every awoo is sacred

mastodon.social isn't blocked in China! No VPN needed- sweeeeeeet:dancers:

I've made some improvements to my #Fediverse history post. Thanks to @clacke for the corrections, keep 'em coming!
http://qttr.at/1r0f

I spent most of the day writing quasi-#introduction to mastodon - exploring how I relate to the platform and key details that I wish someone had shared with me.

https://medium.com/scat-sense/playing-with-hairy-elephants-ce338a2e41e3

Props to @b_cavello's and their artwork which helped give me hope this platform will be a great place to create - I've been lacking that on twitter for a few months now.

Thank you @Gargron helping give so many people hope back and introducing us to the fediverse.