

There are still server softwares our there that are going to be exposing people’s private Mastodon posts.
You could’ve saved yourself a lot of typing there by just admitting to claiming things you actually didn’t know.
HW/FW security researcher & Demoscene elder.
I started having arguments online back on Fidonet and Usenet. I’m too tired to care now.
There are still server softwares our there that are going to be exposing people’s private Mastodon posts.
You could’ve saved yourself a lot of typing there by just admitting to claiming things you actually didn’t know.
If you know of other ActivityPub servers that expose private posts the same way I suggest you make a responsible disclosure to the developers.
I don’t know of any, but you claim they exist so …
You have absolutely no idea what “responsible” in “responsible disclosure” means :) It’s completely irrelevant how Mastodon has implemented private posts when it comes to how Dansup handled the issue, knowing what the effects were.
You don’t, when told of a vulnerability, handle it in a way that cause harm if it can be avoided.
Read more, post less. I’ve said nothing about any spec violation. That’s not relevant.
hahahahaha
Watch and try again ;) I post under my real name.
https://www.cve.org/CVERecord?id=CVE-2024-44754
https://www.youtube.com/watch?v=ZbKLAjPYOEg
Feel free to post less and read more.
It has everything to do with ActivityPub since if you follow that protocol strictly you will cause this behavior. It still doesn’t change that Dansup was told that this caused Bad Things™ and yet he didn’t follow normal procedure in how you handle it.
Vulnerabilities don’t need to be buffer overflows.
/cybersec researcher
Regardless whether you want to pretend that not caring about Mastodon is a valid defense when implementing software using the ActivityPub protocol, that still doesn’t change anything regarding how Dansup handled the disclosure of the effects it had.
Oh you’re absolutely right we’re on Premium. Youtube is absolutely horrible without.
I don’t get it. They’re 17. They’re not kids. Wikipedia tells me the age of consent in the US varies from 13 to 17 (depending on age difference and if it’s a person in authority) which is actually partly lower than in Sweden (15).
You seem to willingly uphold something you actually don’t believe in, even when just asked for your opinion. Why?
Why is it up to you whether they have sex or not? Aren’t they their own individuals? What’s the age of consent where you reside?
(I’m Swedish and your views sound completely unhinged coming from my cultural background)
True, if I look at my own kids. The eldest doesn’t use their PS5, the PC is connected to the big screen. The middle one only uses their PS4 Pro to watch Youtube.
All gaming is done on PC.
Us parents are console gamers only so it’s definitely not influencing on our side.
Don’t know about “art”, but I use it sometimes to generate contextual imagery for blog posts and videos. I would’ve never hired an artist so the only real difference is that it looks a lot better than when I used to try to draw something myself.
It’s not social media, it’s the algorithms that drives engagement for … profit. “Number must go up.” “The more users the more we can sell ourselves to VCs for.”
That’s why Fediverse is so important. We keep the social, but leave the negative effects behind. Feel free to click on a ragebait title here without your whole feed suddenly being steered in that direction.
Yes, necessarily.
Importantly, your Mastodon or GoToSocial instance isn’t handing your private posts to any random server, just because it asks. The problem only becomes apparent when you have at least one legit accepted follower from a Pixelfed server
The private account would still need to accept a follower from that rogue instance.
You might have a very different definition of “average Discord user” than the average Discord user.
Matrix is a decentralized platform with the same level of security/encryption as Signal. Being decentralized you can run your own server, and chat with others on other servers.
It supports groups, voice, streams etc - similar to Discord/Slack/Teams etc.
Open source. Multiple different server and client implementations. Mobile platforms, “all” operating systems, and with bridges so you can have your IRC, Telegram, Slack, FB Messenger etc channels go to your Matrix account/server.
Are you using the dockerized version? If so it sets up (a) database etc.
How large is large? A few hundreds? Not seeing any performance issues.
It’s a list from 2021 and as a cybersec researcher and Jellyfin user I didn’t see anything that would make me say “do not expose Jellyfin to the Internet”.
That’s not to say there might be something not listed, or some exploit chain using parts of this list, but at least it’s not something that has been abused over the last four years if so.