Mastodon's federation introduces UX challenges.
One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.
Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).
Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?
https://googleprojectzero.blogspot.ch/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html - fantastic work by Gal Beniamini.
So, about this Mastodon thing (still learning):
- mastodon.social is to Mastodon what gmail.com is to email,
- like in email @usernames are only unique within a given server,
- MAXLEN=500 here,
- RTFM: https://github.com/tootsuite/mastodon/tree/master/docs
- enough people already asked about end-to-end encrypted DMs. There are no.
- no one asked about e2e signed toots though yet?
- if you believe you're trustworthy enough, consider using the ✅ character to let others know they can trust you.
LIEF - Library to Instrument Executable Formats
A new Quarkslab blogpost to announce the release of LIEF as free software \o/
The original server operated by the Mastodon gGmbH non-profit