@0xtero@kbin.social cover
@0xtero@kbin.social avatar

0xtero

@0xtero@kbin.social

First I drink the coffee, then I do the things.

Cybersecurity specialist. Perpetual blue team botherer and a glorified network janitor. SecurityFest Crew (https://securityfest.com/)

Trying to leave things better than I found them.
Slow regard of silent things.

#infosec #security #cybersecurity #dfir #coffee #climate #sustainability #solarpunk

About Me: https://0xtero.hanninen.eu/
Mastodon: https://infosec.exchange/@0xtero

This profile is from a federated server and may be incomplete. Browse more on the original instance.

0xtero ,
@0xtero@kbin.social avatar

Effect of ActivityPub, not Lemmy. All federating systems function similarly, because it's a feature of the protocol.
If instances want, they can ignore delete requests and your content stays in their cache forever (remember Pleroma nazis from couple of years ago?) - now, that is an instance problem that might be a GDPR issue, but good luck reporting it to anyone who cares. At best you can block and defederate, but that doesn't mean your posts are removed.

The fediverse has no privacy, it's "public Internet". Probably a good idea to treat it as such.

0xtero ,
@0xtero@kbin.social avatar

In this case, the "lemmy devs" and the operators of lemmy.ml are the same people and it's hosted within EU.
But - that's still a far cry from getting any kind of GDPR violation report going, much less getting it through the process to actual fines.
People like to bring up GDPR violations as a some kind of super-moderator tool, but it isn't that easy and it definitely isn't automated.

0xtero ,
@0xtero@kbin.social avatar

Yeah. That's what I said

0xtero ,
@0xtero@kbin.social avatar

I find it interesting that Meta Platforms, Inc., a company known for harvesting user data, is blocking some servers from fetching its public posts. They decided to implement a feature Mastodon calls Authorized fetch.

This was always going to happen. They will block agressively, because they can't have their precious advertising money mixed with CSAM, nazis and other illegal content. And the fedi is full of that.

0xtero ,
@0xtero@kbin.social avatar
0xtero , (edited )
@0xtero@kbin.social avatar

It's also a matter of scale. FB has 3 billion users and it's all centralized. They are able to police that. Their Trust and Safety team is large (which has its own problems, because they outsource that - but that's another story). The fedi is somewhere around 11M (according to fedidb.org).
The federated model doesn't really "remove" anything, it just segregates the network to "moderated, good instances" and "others".

I don't think most fedi admins are actually following the law by reporting CSAM to the police (because that kind of thing requires a lot resources), they just remove it from their servers and defederate. Bottom line is that the protocols and tools built to combat CSAM don't work too well in the context of federated networks - we need new tools and new reporting protocols.

Reading the Stanford Internet Observatory report on fedi CSAM gives a pretty good picture of the current situation, it is fairly fresh:
https://cyber.fsi.stanford.edu/io/news/addressing-child-exploitation-federated-social-media

0xtero ,
@0xtero@kbin.social avatar

I've been using Debian since 1.3. Haven't really ever needed anything else.
I did "experiment" a bit when the decision to go with systemd was taken, but in the end, most distros went with it and it really isn't that big deal for me.

So it's just Debian. I need a computer that works.

0xtero ,
@0xtero@kbin.social avatar

Gates is probably just as bad and evil as the global 0.1%:er billionaire cabal members come, but that site gave me a crackpot conspiracy brainrot.

0xtero ,
@0xtero@kbin.social avatar

It's wild that a site with hundreds of millions of users, didn't invest into multiple-account deletion tools.
True start-up mentality, that one.

Just shows how our "critical" social media is really just some hasty tape and bubblegum behind the scenes to keep the front from falling apart.

0xtero ,
@0xtero@kbin.social avatar

As is the case normally with these "exodus" things, most people went back to Reddit after the first month here.

0xtero ,
@0xtero@kbin.social avatar

It's a silly hashtag för instances that are in a "pact" to block Threads

0xtero ,
@0xtero@kbin.social avatar

Because the people signed the pact did it long time ago, before any details about Threads federation was known. It was a typical fedi kneejerk reaction.

0xtero ,
@0xtero@kbin.social avatar

I guess majority on fedi are dumbasses in that case ¯_(ツ)_/¯
Mastodon is pretty fucked up anyway because everyone is on mastodon.social.

0xtero ,
@0xtero@kbin.social avatar

Yeah, that's pretty much my take as well.

All the "but muh datas" pearl clutching is just annoying and frankly, ridiculous. If they wanted to mine us, they already would have. They're probably doing it as we speak. They didn't have to create a multi-million social network for it. A raspberry pi on someones desk would have sufficed. Fedi doesn't have any (/very much) privacy.

They're doing this to escape the wrath of EU privacy watchdogs. They were already fined for $1.3bn and more is coming. Running their Twitter killer on interoperable protocol is nice, because it's free and they get to point at W3C and say they're LIKE TOTALLY supporting data portability. Why would they "extend and extinguish" that? It's their alibi.

I don't like Meta. It's a shit company ran by shit people. I hope they burn in hell.
But I can't really get my panties in a twist about threads.net existing.

I'll get angry if they somehow figure out to push ads to my face.

But for now. Maybe I'll block it. Maybe I won't. We'll see.

0xtero , (edited )
@0xtero@kbin.social avatar

doesn’t mean we have to hand it to them on a silverplatter and allow them to scrape it legally

They could have just set up a simple Pleroma on Raspberry Pi and it would have been just as "legal" as any other instance. You'd need to turn on AUTHORIZED_FETCH and set up authentication on the Mastodon API, otherwise everything is public and unauthenticated (even if the instance is suspended/defederated).

But if enough instances say no, that means they are not welcome. Democracy and all

mastodon.social has already said yes. So have all the other big instances. Most of them have said "we'll wait and see". So democracy served I guess

And the last point is the dumbest: Threads will just include a revenue sharing model like Youtube does

Yeah, maybe. Who knows. I'll deal with it when it happens rather than knee-jerk years in advance. Threads has a long way to go, it's missing a lot of features to put it on par with their other commercial competitors, so I think they're going to be busy doing other things.

0xtero ,
@0xtero@kbin.social avatar

I think he's talking about people on his own instance.
He's Fosstodon admin, so pretty sure he knows how federation works.

0xtero ,
@0xtero@kbin.social avatar

I bet he does. You can block/mute influencers pretty easily and you can block the whole domain if you so wish.
He's talking about some kind of nefarious ad injection into ActivityPub objects as part of server to server activities.

0xtero ,
@0xtero@kbin.social avatar

Why spend the money up front? That's just bad business.

Yeah agreed. They're building a multi-million dollar social network - why spend all that money up front when they could have just installed small anonymous Pleroma on Raspberry Pi for under 100 bucks if they'd wanted to mine our data.

I don't think fedi is their "target".

0xtero ,
@0xtero@kbin.social avatar

How do we accomplish that?

0xtero ,
@0xtero@kbin.social avatar

Somehow I don't think many instance admins have resources or knowhow to drive legal processes against Meta?

And while a disclaimer on the instance page might have some effect, the Federation protocol makes it hard to avoid getting a copy of the said content in your cache.

downloading gmails

my gmail account is full, most of the space is emails. I tried to download them through "takeout" and it has an option that says hey let's split this up into 2GB chunks. And you select that and it sends you one 12GB .mbox file regardless. The 12GB download keeps failing and now it says you've already downloaded these files too...

0xtero ,
@0xtero@kbin.social avatar

Local mail client (Thunderbid) -> IMAP/POP -> sync.
Once done, move to a local folder and delete from Gmail.
You can just backup the Thunderbird profile, if you want to keep the mails safe

0xtero ,
@0xtero@kbin.social avatar

Will be interesting to see how they deal with nazis and CSAM from all the Japanese servers.

0xtero ,
@0xtero@kbin.social avatar

Not more than it is now. Everything is already public so if they need it, they've already been collecting it. This doesn't really change anything.

0xtero ,
@0xtero@kbin.social avatar

Yeah will be interesting to see if they enable two-way federation. It's problematic for them

Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Company Is Threatening Them (www.404media.co)

In one of the coolest and more outrageous repair stories in quite some time, three white-hat hackers helped a regional rail company in southwest Poland unbrick a train that had been artificially rendered inoperable by the train’s manufacturer after an independent maintenance company worked on it. The train’s manufacturer is...

0xtero , (edited )
@0xtero@kbin.social avatar

Get a physical copy that doesn’t require internet activation then, assholes.

I think the point was, it is increasingly hard to find such products.
And even once you think you've bought such product, DRM makes sure it's still not really yours.

0xtero ,
@0xtero@kbin.social avatar

Yeah, and as the article links, this is just not about media, CDs, DVDs and games. It's also about very physical products that we immediately associate as "owned" - like printers, phones, cars, tractors or even, (lol) trains. They're all locked to manufacturers parts and repair services and increasingly difficult to circumvent.

0xtero ,
@0xtero@kbin.social avatar

Serving my car with 3rd party parts is stealing?

0xtero ,
@0xtero@kbin.social avatar

Smaller marketshare,
Pretty sure they'd release mobiile > console > PC if they could get away with it.

The PC release will be a year or so after to get people to double dip.

0xtero ,
@0xtero@kbin.social avatar

There's thousand different stats around this, but generally most analysts place consoles slightly ahead of PC with stronger growth potential, but it depends a bit where in the generation cycle they do their measurements.

Most of this has been overshadowed by mobile gaming though.

0xtero ,
@0xtero@kbin.social avatar

But at least MKBHD tried to say nice things about it in his video. He really tried.

why doesn't GNOME have a mascot??

KDE not only has 1 mascot, they have over 6 or more mascots!! Yet GNOME only has the foot, that’s interesting, they need a mascot. And made by Tyson Tan or someone with a similar art style, it would be amazing!!! But anyway GNOME is the best desktop environment and it’s better if it’s vanilla with some small...

0xtero ,
@0xtero@kbin.social avatar

The Gnome devs say you don't need a mascot.

0xtero ,
@0xtero@kbin.social avatar

Because the more market share leads to better hardware and driver support

0xtero ,
@0xtero@kbin.social avatar

The real problem with the internet isn’t Facebook or Twitter or Reddit, it’s the fact the entire experience is pretty much controlled by Microsoft and Google

I think the real problem is that the entire Internet is basically just a dozen multi-billion Big Tech companies and the entire "Internet economy" is so tightly weaved into advertising money.

0xtero ,
@0xtero@kbin.social avatar

What's really wild is that you don't have to go that far into the past (just ca. 20 years) when the Internet was all about Information wanting to be Free. It was hopeful time of people coming together around new technology. There were a lot new businesses with wild innovations.

And then, just in a decade it was all gone. Replaced by unregulated behemoths that merged until there's a dirty dozen left, controlling most of global money and information.

Enshittification of the Internet.

Where can I find documentation on how federation works? (kbin.social)

I can't find anything on the specifics of how federation actually works. The op thread gets copied to any federated server? What happens if the thread is deleted on the op server? Does it still exist on all other federated servers? How do comments and votes work? That kind of thing.

/kbin logotype
0xtero ,
@0xtero@kbin.social avatar

There are mobile apps in development and the API is coming along.
Kbin is still just a prototype though, but it's moving along nicely.

My other feeling is that kbin is setting up to be like iCloud whereas lemmy is more akin to sftp.

I've no idea what that analogy even is, but I think the differences are mostly technical (PHP vs Rust) and UX.
Both implement AP a bit differently, but at the end of the day, they're still AP aggregators.
And that's ignoring the political issues around lemmy's codebase ofc.

0xtero ,
@0xtero@kbin.social avatar

Yea, I know its the edgy kid distro

Huh?

0xtero ,
@0xtero@kbin.social avatar

I see, I was wondering why a IT-Security workers were suddenly being called edgy kids. lol.

0xtero ,
@0xtero@kbin.social avatar

I guess mainly:
Activity Pub is actually official W3C standard. There are yearly conferences, development and it's open.
That AT protocol is owned by Bluesky, they decide how it's developed, what gets in, what goes out and to my knowledge it's actually not implemented anywhere else (yet).

Shouldn't browsers protect what users write from being seen by the website (like customer support chats) before hitting send? Would it be difficult to implement?

I’m sure its common knowledge by now that whatever you write in text boxes on customer support chats can be seen by whoever is on the other side, without or before hitting send. Don’t you think that’s a breach of privacy?! I imagine it isn’t too difficult to implement a fix for it: The browser (like Firefox) could choose...

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • testing
  • tech
  • updates
  • drbboard
  • programming
  • til
  • wanderlust
  • bitcoincash
  • Sacramento
  • All magazines