Show more

Here's the Debian Project's statement about the arrest of Dmitry Bogatov, a Debian Maintainer who worked in the Debian Haskell group and currently maintains several packages for command line and system tools. He was arrested by Russian authorities, and Debian has removed his keys from their servers in case they're compromised. debian.org/News/2017/20170417

Mastodon's federation introduces UX challenges.

One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.

Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).

Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?

Comey emailed me (yeah, not really). The content is exquisite

"United States Of America his Excellency President Donald Trump to boost the exercise of clearing all foreign debts owned to you"

I really appreciate the work of the Broadcom exploit by P0 (cool that Halvar gets a shoutout)!

Constructive observation:

I wish people writing exploit-reports would start with the reveal or outcome and *then* show how they got there.

Too often the author takes the reader on the full journey from the the start. The problem is that the author already has end-result context but the reader does not.

The reader, at the end, is forced to re-parse earlier elements when they get the final context.

Looks like Mastodon is entering its growth period. Curious to see if there's gonna be a fail whale like maintenance page. Good luck @Gargron!

Okay, with another influx of new people, here is again my article "Welcome to Mastodon: Here is what's different and why it's better" medium.com/@Gargron/welcome-to (I am working on a better in-UI onboarding process)

If, as you say, infosec twitter has finally joined, maybe Keybase will finally make an OStatus verification integration. I requested it a few months ago.

If the infosec community continues to migrate at this rate, I'm not signing into Twitter anymore next month.

@Gargron Any plans on deploying end-to-end encrypted messages? This would be a nice feature.

(ex-Signal developer here)

End-to-end encrypted Direct Messages would be a terrific feature for Mastodon. Twitter won't do it so it's a nice reason to give to people to migrate.

I remember that day. The day where Twitter made it clear they didn't care about their techy early adopters anymore and were going to focus on popular culture and tools to engage with Bieber, while closing their API. That was a sad day.

The thing about moving to a new platform is that it will be cool until marketing and Kremlin trolls takes over the platform.

Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!