Tonight's reading material: Bitcoin's 0.12 mempool PRs. There's a lot of new logic there which may or may not be suitable for Zcash, but definitely needs to safely interact with our z-addr mempool logic.
Backporting Is Fun! (TM)
Hey there fediverse friends! Welcome to Mastodon 😁 Have fun and remember to Be Excellent to One Another! Hack the Planet!
Announcing Rust 1.17
(submitted by steveklabnik)
Good news, rclone is not backdoored! Why reproducible builds matter, and how easy they are in Go
Here's the Debian Project's statement about the arrest of Dmitry Bogatov, a Debian Maintainer who worked in the Debian Haskell group and currently maintains several packages for command line and system tools. He was arrested by Russian authorities, and Debian has removed his keys from their servers in case they're compromised. https://www.debian.org/News/2017/20170417
Here's more context around his arrest: https://meduza.io/en/feature/2017/04/10/mathematics-teacher-accused-of-inciting-mass-riots-now-also-accused-of-supporting-terrorism-and-once-again-detained
'According to investigators, “the suspect posted materials calling for riots in the center of Moscow with the help of special software designed to hide traces of his Internet presence, [namely] using servers based in [foreign states].”' -- so, it seems, organizing protests in Moscow, possibly using Tor
I've published a technical explanation of how to get unsandboxed arbitrary code execution in Subgraph OS, and how this attack compares with Qubes https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/ cc @rootkovska
Just published a #mastodon guide on converting your instance to "single user mode": https://github.com/ummjackson/mastodon-guide/blob/master/single-user-mode.md
@ericblade @hupfen Just published it yesterday! 😁 https://github.com/ummjackson/mastodon-guide/blob/master/up-and-running.md
Uber likely responsible for 24-35% reduction of drunk driving accidents in NYC
(submitted by petergatsby)
imagine a future where in order to stay afloat birbsite has to implement ostatus
Mastodon's federation introduces UX challenges.
One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.
Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).
Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?