My feed here is not really active. Any Mastodon follow recommendations?
Who is still using Mastodon? Did it replace your Twitter use? Or complement it? How?
Cédric Villani, fields medalist and a brilliant mind I've had the pleasure to work with in the Scientific Advisory mechanism to the European Commission, wrote a very good post on why the French should vote:
Cédric Villani : «S'abstenir, c'est donner la moitié de son vote à Marine Le Pen»
Privacy-Enhancing Identity Federation is a very interesting problem. NIST has a call for collaborators to work on federated identity https://www.federalregister.gov/documents/2016/12/09/2016-29482/national-cybersecurity-center-of-excellence-nccoe-privacy-enhancing-identity-federation-building
The Mastodon "Remote follow" feature could be so easily used to phish the average Mastodon user into signing into a fake instance.
⚠️ Important security reminder: Always make sure the URL shows your "home instance" when logging in.
Here's the Debian Project's statement about the arrest of Dmitry Bogatov, a Debian Maintainer who worked in the Debian Haskell group and currently maintains several packages for command line and system tools. He was arrested by Russian authorities, and Debian has removed his keys from their servers in case they're compromised. https://www.debian.org/News/2017/20170417
Spent a lovely day in the Alps. Taking advantage to test Mastodon image upload
I've published a technical explanation of how to get unsandboxed arbitrary code execution in Subgraph OS, and how this attack compares with Qubes https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/ cc @rootkovska
Sean Spicer Justifies Syria Strike By Claiming Hitler—Who Gassed Millions—Didn’t Use Chemical Weapons https://theintercept.com/2017/04/11/sean-spicer-justifies-syria-strike-by-claiming-hitler-who-gassed-millions-didnt-use-chemical-weapons/
Holy shit, Jack just tweeted about the #Mastodon Band/Social joke on #BirdSite! https://twitter.com/jack/status/850070169468649472
Mastodon's federation introduces UX challenges.
One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.
Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).
Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?
Wow, not sure what drugs the people who designed Swindon's Magic Roundabout were on.
@fj immediately had to think of this: https://twitter.com/paulblom/status/849294679145422848
Amsterdam appears to be another interesting case
I was discussing autonomous vehicles with a Frenchman. Summing it up by: The Turing test for autonomous vehicles is to be able to cross the place de l'étoile (Paris) quickly & safely.
Comey emailed me (yeah, not really). The content is exquisite
"United States Of America his Excellency President Donald Trump to boost the exercise of clearing all foreign debts owned to you"
I really appreciate the work of the Broadcom exploit by P0 (cool that Halvar gets a shoutout)!
I wish people writing exploit-reports would start with the reveal or outcome and *then* show how they got there.
Too often the author takes the reader on the full journey from the the start. The problem is that the author already has end-result context but the reader does not.
The reader, at the end, is forced to re-parse earlier elements when they get the final context.