the los angeles metro 2040 plan is a beautiful vision of a future that we can have, if we build it

mastodon.social/media/met0Tbvh

@djsundog @rabcyr It'd largely depend on your OS/distro though since Masto's shelling out.

@sungo @rabcyr I just ran the ImageTragick PoC test suite from github.com/ImageTragick/PoCs on the toot-lab server, reports safe:

sundog@toot-lab:~/repos/PoCs$ ./test.sh
testing read
SAFE

testing delete
SAFE

testing http with local port: 33517
SAFE

testing http with nonce: a5de7659
SAFE

testing rce1
SAFE

testing rce2
SAFE

testing MSL
SAFE

I could use some extra eyes on some Masto code that is striking me as a security concern.

Look at dropbox.com/s/i0h8yg4z2oril0u/ which is a log snippet

From what I can see, every time masto gets a file, incl profile images and headers from federated instances, it shells out to imagemagick to resize and convert it.

Part of that is here github.com/tootsuite/mastodon/

Given imagetragick.com this seems ... bad

do the people complaining about mastodon admins being able to view your private messages realize that
twitter can do that too and they're literally partnered with a service named "dataminr"

honestly thought? turntable.mastodon. That needs to be a thing.

The Bill of Rights at the Border: Fourth Amendment Limits on Searching Your Data and Devices - https://quitter.no/url/1058627

gonna create an instance of mastodon where the default avatar is an alien, likes are called "florps", and the timeline goes sideways

#introduction

I'm a PhD student in Computational Social Science. Have been involved in/am interested in public policy, w/ background in defense and military issues. These days increasingly interested in computation and impact on society writ large.

Cyber-Clausewitz avi sort of mixture of "old" and "new" me even if both always interests I've had. I'll toot about mixture of natsec, tech, and cultural topics. And of course Harambe (RIP).

Wait, this isn't the fan site for the heavy metal band Mastadon?

I did a gamedev thing today

and enjoyed it ❤❤❤

A good way to get the most mileage out of Mastodon is to continue to use other social media while tooting here, and seeing what features this place has you find you really miss off-site. Being able to default to "not public to the entire universe" for my posts was a godsend, as is stuff like the CW toggles and NSFW image blockeroo!

I have my list of Possible Changes but it's way, way less than certain other sites I could name.

mastodon.social isn't blocked in China! No VPN needed- sweeeeeeet:dancers:

I've made some improvements to my #Fediverse history post. Thanks to @clacke for the corrections, keep 'em coming!
http://qttr.at/1r0f

I spent most of the day writing quasi-#introduction to mastodon - exploring how I relate to the platform and key details that I wish someone had shared with me.

medium.com/scat-sense/playing-

Props to @b_cavello's and their artwork which helped give me hope this platform will be a great place to create - I've been lacking that on twitter for a few months now.

Thank you @Gargron helping give so many people hope back and introducing us to the fediverse.

“Obviously it’d be hard for me to pay the bills if literally everyone decided to use the mastodon.social instance only.” :joy: oops
medium.com/scat-sense/playing-

Show older
Maly

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!