A Random Half-Giant @Ent@infosec.exchange

🔥🔥🔥Two malicious #Python libraries caught stealing #SSH and #GPG #keys.
One library was available for only two days, but the second was live for nearly a year.
https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/

https://github.com/lobsters/lobsters/issues/761

wait what
they (brave) force websites to participate in this and don't even let them tell their users they don't want to

brave browser isn't brave if it can't even stop pretending to be something else

The ongoing saga of my monitor continues. I finally got a refund for the one that the fedex driver stole (NB: it was extremely helpful having video cameras that show the delivery person never even attempted to deliver it)

I reordered it to arrive today, when I’m off work. All was going well until the UPS truck transporting it was in a crash at 2am.

The universe does not want me to have this monitor.

Based on recent personal experience, I offer this advice: when eating spicy beef jerkey, wash your hands thoroughly before rubbing your eyes.

"Killing links is a strategy, designed to keep people from the open web. The web is where we can make sites that don’t abuse data in the ways that Facebook properties do. Links take us to places where we can make choices that Instagram never would."

https://anildash.com/2019/12/10/link-in-bio-is-how-they-tried-to-kill-the-web/

Hello, I’m the reel2bits project developper, a #FOSS self-hostable #soundcloud like with #ActivityPub federation.

It’s written in python/flask/vuejs and I need help because of health issues I’m unable to work a lot on it anymore, if you are interested to help me on some of the issues and more specially the ActivityPub part, you can contact me through:

the project matrix channel
the issue tracker
this account

boosts appreciated, thanks.

w3ClI3g21a4-tw.png
DIbpEOul8OMehg.png

Dear Zucc: please never consider ActivityPub, jack is cray.

- the fediverse

The internet is real.

Therefore, whatever we do or say here has consequences that are not only for and on the online sphere.

I even wrote a fucking paper about it at Uni. No, the internet is not virtual. It is just another platform of communication.

It's just different than old media, like newspapers, because you can't 'touch' it. Yet, the consequences are pretty much the same, if not even amplified, for online you're dealing with way more a wider audience than an old school newspaper would.

This is why things like online harassment and bullying are so much the order of the day.

This is also why everything you say here, especially in public, matters.

All of this to say that yes, while we're communicating through a mostly text-based platform, there is gender online.

Every single word we utter or write is socially historically and economically contingent. Text has tone, and tone has nuances. And they may reflect gender, race, age, etc.

To deny any of it just because we're on mastodon... Is to deny the fact that the world is just not the same whether you were raised accordingly to what gender you were/are perceived as.

And THAT is a dangerous thing to ignore.

It's not enough to build a better mouse trap, now they force you to use their cheese and track how you use it.

It worries me that the free software community gets the "how" for making GPL-licensed federated equivalents to popular web services, but they rarely understand the "why".

This is evidenced when new services pop up with poor/missing moderation controls and no ability for users to downloading & migrate their data.

If users who don't or can't self-host are expected to swap one unaccountable group for another, and the community is no better, then there is no benefit to them for making the switch.

Hmmm, I dunno...

https://twitter.com/jack/status/1204766078468911106

I mentioned federation feels like the early days again. But that means we have some foresight into how companies will corrupt it.

Once it gets popular enough, they'll jump on. But this time they'll suck up any public data and posts for analytics instead of just their own.

courtesy of the Stimslack peeps
79416345_10157726492158711_5266…

image.png

Also if you're red team/pentestering, look for logs! You might get lucky and find someone who's done this (or typed <username><password> into the username field and hit enter) #infosec
---
RT @kyhwana@twitter.activitypub.actor
<.< If you ever end up typing/pasting your password into the username field, (and it gets submitted) then consider it compromised and change it. x.x (Because it'll get logged somewhere and/or sent plaintext depending…
https://twitter.com/kyhwana/status/1203852284100112384

#Berlin
I went to the Stasi Museum. It was my first time learning about the Stasi, beyond the documentaries that I have watched.

I was really sad and disturbed by what I've seen.

More photos at https://hannahsuarez.me/blog/2019/12/07/stasi-museum-germans-spying-on-germans-psychological-warfare-zersetzung/

Wondering what is the best resource (online, free) about the Stasi, I've so far seen some documentaries on Youtube https://www.youtube.com/watch?v=M9OB5lIiovY