I had a StatusNet account until Evan killed identi.ca years ago; a shit-ton of great people I talk with here every day have accounts on Pleroma or GNU Social. Some are their developers.
#Mastodon benefited handsomely from there being a large community of dedicated people in Fediverse before Mastodon was a thing. Let's acknowledge that and stop being so condescending.
#Introduction time! I'm a hacktivist, free software advocate, strong supporter of free and open internet. Used to be a policy hacker. Co-founded the Warsaw Hackerspace.
Currently trying to make sure journalists at @OCCRP have the tools and training to safely expose corruption and organized crime.
Also, I bake bread, sail, and dance Lindy Hop. So, there's that.
complex systems Show more
So use your skepticism and minimalism to do what is necessary to make the world better, no more, no less. Is it necessary to fight the ists, or will they die out on their own? Is this ism even needed anymore? Do these isms even work with these ists? Save yourself and everyone else the stress and think about it for a while first.
That last bit's just science, humans are garbage at SMT so crank up that logic thread to help keep your emotion thread in control. Just enough ism to work
Recap: Mastodon security and privacy tips.
– enable two-factor authentication
– monitor sessions activity
– regularly check your authorized apps
– check your "post privacy" settings
– use "authorized followers" feature
– host your own Mastodon instance if necessary
In August, Mastodon 2.4.4 was released which contains two fixes for security vulnerabilities.
Today, 39.5% of all Mastodon instances which show their version number are still running vulnerable Mastodon < 2.4.4.
We already checked this twice:
– 10/1/18: 42% vulnerable
– 8/23/18: 38.6% vulnerable
Either the remaining instances are all unmaintained or admins refuse to update.
Vulnerabilities like this are why exploit mitigations are so crucial: https://blog.talosintelligence.com/2018/10/vulnerability-spotlight-live-networks.html
ASLR and W^X should mitigate the vulnerability. #HardenedBSD applies ASLR and W^X to vlc by default. SafeStack would also be extremely useful in this case.
Legal reasons my ass! Laziness is what this is called! https://whisper.tf/media/wjcVW56KHlDnxBDl7k8
So my ISP not only stores passwords in plaintext, they also send them via SMS. Looks like changing password now will accomplish nothing since the new one is also going to be exposed to my carrier. 🤦 That's not how #infosec is supposed to work, right?
albin.social rundown Show more
albin.social is a new mastodon derived instance
it has many negative traits that mean you as an instance admin should defederate
-harvests user data, presumably from all federation as well as local users
-plans to run off ads fed that data
-for profit, corporate adjacent based monetary goals, instead of user centric
-no features to sell you other than "ads = stability" in their twisted logics
boost and defederate, folx
Ich werde beim #35c3 Sticker verteilen, die ich selbst gestaltet und drucken lassen habe. Angelehnt an einen Sticker dens bei 34c3 gab. Sprecht mich einfach bei der Chaoszone an und ich drücke euch eine Anzahl in die Pfoten/Hände. :)
Ihr erkennt mich vermutlich an einer Schärpe bestehend aus diesen Stickern ;) Wenn ihr sie in euren Hackspace/Erfa verteilt bekommt ihr gerne auch ein paar mehr.
Hacker, activist, free-softie; CISO at https://occrp.org/ # my opinions are my own etc.
Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!