JMCE boosted

"Will Mastodon make any money?" scream the journalists, who have forgotten the joy of building sandcastles on the beach

& the expectation, in many, of powerpointy interfaces. Structure? Markup? Longevity? → Academic meh.

(No news in that, for 25 years. Why do I still try to care…)

Show thread

Meeting in academialand yesterday, discussing archiving/upgrading some old stuff, suggesting static site generation. Some PHPerson invited too (not sure if for previous work for the natives or as an interpreter for anything I would be saying). The look from the PHPperson when I replied "no" when he asked if we haven't been using Drupal/Joomla/Wordpress.

A "this guy isn't normal" look.

[prev meeting, someone else pointing out the LAMP nature of the native web culture]

JMCE boosted

Instagram: My life is a party.

Snapchat: My life is a quirky TV show.

Facebook: My life turned out great!

Twitter: We're all going to die.

Mastodon: Don't worry, while we are on a quirky, meandering path towards an inevitable apocalypse, we might as well enjoy the ride and show eachother some love in an unorthodox, yet irresistible manner, not in any way hindered by considerations of style, identity or consistency.

JMCE boosted

I just went around and did some basic nmap-ing on the most popular Mastodon instances, and there's some seriously sketchy stuff in there. Publicly reachable Postgres servers, tons of open internal HTTP ports, SSH with password login, multiple Mastodon instances that seem to be running on mail server VMs, …

I guess if you're just running a single-user instance for yourself, sure, but those are all 2000+ user instances.

You can, however, make programmers work 60-80 h/week, during short time intervals of a few hours (or even a few days).
If you succeed in making some of them work 168 h/week for a full day, occasionally challenge them into achieving a bit more. A few may succeed in working a full day at more than 336 h/week, and you will then have a dream team literally able to get things done yesterday — le Saint Graal of programmer management.

JMCE boosted

Okay, now that a few friends-of have been notified, please help boost so folks who weren't able to get on maly.io and other free speech Masto instances before they hit capacity know that the awesome freehold.earth is now open. :D

JMCE boosted
Vague CoCs are a problem. For instance, freedesktop's:

"Other conduct which could reasonably be considered inappropriate"

Could mean literally anything. It's like the obsession with the term "reasonable" in English law. It gives very wide latitude for interpretation by an authoritarian figure.
JMCE boosted

@donb cool, please share with me earlier if you can.

Other off the top of the head tricks (some need a different sig):

Password: quarantine pw files that aren't encrypted

username: utmp/wtmp

syslog to local/remote: zorch certain logs based on log level etc.

Browser strings: logs

DNS additional records: local lookup caches

SMTP X-headers: mail files/spools

Anything across the net to bork IDSes running AV.

This is a gift that keeps on giving!

Other ideas?

JMCE boosted

Have fun planting virus signatures in strange places that touch remote disks somehow/somewhere.

Example:

Change your mail sig to:
X5O!P%@ap[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Or send it in a browser var, as a password (quickly find the sites that don't encrypt passwords), send to open syslogs, etc.

The some AV actually delete/quarantine the file (weblogs, mailspool, {u,w}tmp etc.)!

What are your ideas?

Inspired by: sec.cs.tu-bs.de/pubs/2017-asia

JMCE boosted

Brilliant <thing on other network we don't talk about> by @Mudge:

twitter.com/dotmudge/status/85

"This is a brilliant tactic. There are so many others like this because the AV community keeps thinking this is a one-move game... Kudos!"

That definition of the strategy of the AV community is absolutely perfect. Depth: zero.

JMCE boosted

> People often don't realize how important it was to OSS that it was preceded by decades of easy access to programming tools and resources meant for absolute beginners.

> OSS needs FPGAs, and FPGAs need what programming had back in the 1980s: an on-ramp.

Man this looks really cool. Am excite. blinklight.io/blog/2017-03-31/

JMCE boosted

You know instance admins can read your direct messages in the fediverse? Twitter and Facebook also can - and sometimes do - read your private messages, and they have infrastructure to comply with law enforcement requests. I'd love to see some end-to-end encryption built into Mastodon clients.

JMCE boosted
@sonya @bob If you make unprofessional writing "ok" when its an opinion piece, all you're going to do is make all journalism turn into opinion pieces.
JMCE boosted

If you own a Tizen powered hardware (Samsung), consider removing it from the Internet and your network. It’s incredibly insecure: motherboard.vice.com/en_us/art #security #infosec

JMCE boosted

Hey, all, now that maly.io is closed to new accounts for the time being, I need a similarly free-speech-oriented Mastodon instance to recommend to friends and colleagues.

Doesn't need to be particularly Anglophone-centric, but should have an English-speaking admin in case of issues.

JMCE boosted

arxiv.org/abs/1704.00792

George Kadianakis, Claudia V. Roberts, Laura M. Roberts, Philipp Winter,

"Anonymous Keys in Tor relays"

[...]Our experiments revealed that ten relays shared moduli, and 3,557 relays -- almost all part of a research project -- shared prime factors, allowing adversaries to reconstruct private keys. We further discovered 122 relays that used non-standard RSA exponents, presumably in an attempt to attack onion services.[...]

JMCE boosted
I'm pretty pissed off. I just read up on the software that goes with my blood glucose monitor, and it turns out the company (and their partners) will have access to all my data. That's pretty damn intimate. When I eat and how much, when I sleep, how often I inject or check my blood sugar levels. And there's no way around that. And I get the feeling I also have to switch back to windows. :-(
JMCE boosted

@maiyannah I immediately left mastodon.social when I became aware of their censorship/defederation practice.

However, their ability to do so protects the network and protocol from pressure to silence users/groups for the protection of those who desperately want to live in that kind of bubble. We got Twitter/FB censorship because these people had to globally censor in order to have an environment they felt safe in.

Freedom to associate works both ways.

JMCE boosted

I am originating a new usage of the ✅. I hope it catches on, because in a sense it's mostly used this way now.

As portability is currently quite limited, the checkmark now indicates that I am actively using that instance, and that my other nonchecked instance identities are hibernating.

Show older
Maly

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!