Pinned toot

Hello new folks! 👋 Since everyone is doing it, I'll post another . I am relatively new to Mastodon myself, but I've found a community here that is welcoming, tolerant and friendly. Hope you'll have the same experience.

I toot about , and general related topics.

I regularly look through the tag for new people with similar interests, but if I miss you, give me a follow or send me a message, and I'll follow you back. 🙂

The reality is that this (mostly false) narrative of polarization actually begets more polarization. We need to stop identifying as “liberals” or “conservatives” (or whatever other group) but recognize that we are complex individuals with multifaceted views. The more we can see this complexity in ourselves, the more we are able to recognize the same in others

This article gives me hope about the upcoming election in Canada and has lessons that can be applied regardless of where you live in the world

The TL;DR is that polarization in politics is—to a large degree—a lie. The (perhaps surprising) truth is that people on the opposite side of the aisle have more in common with you than you think. Even in the US, where everything has become a partisan issue, people overall agree on most issues

thewalrus.ca/democracy-is-cana

This story is nuts. Chef signed a $95k contract with ICE, did some shady shit to cover it up and when that didn’t work, published a blog post claiming they did nothing wrong

theregister.co.uk/2019/09/20/c

Firefox is getting a new privacy protection report that shows you how much ick it has blocked over the last week. I /think/ it should ship as part of FF70 which comes out on 22 Oct. Also, it looks like the new logo is part of this release as well ✨

If you're going to make me lease a gateway/modem, don't give me a piece of shit

And also, at minimum, IT SHOULD NOT START ON FIRE

I've tried updating drivers, fiddling with driver settings, using DISM and SFC to repair Windows, nothing seems to work 😫

Anyone have any ideas or should I just accept that this computer is possessed by creatures from the netherworld?

So here's a /fun/ problem I'm having: after reinstalling Windows, the ethernet adapter on this PC doesn't work (well, it sort of does, but its so slow nothing ever loads). And not just the PCI card; I connected a USB adapter and it has the same issue!

Wi-Fi is totally fine (except that it disconnects from the network every once in a while—haven't tried to troubleshoot that yet)

Also, fun fact: NPM doesn't support overriding an upstream dependency like so thank heavens for Yarn I guess

And since I'm 90% sure I've had this exact problem before, I leaving this handy link for future me to find when I inevitably forget AGAIN how to fix this problem: juffalow.com/javascript/how-ya

okay okay, so an old version of node-sass was being installed because sass-brunch depends on it. This old version of node-sass doesn't work on Node 12. But sass-brunch hasn't been updated to use the new version of node-sass which works on Node 12 😫

And you know what: this wouldn't be such a problem if there was some kind of error message that nudged you in the right direction. But it took me an hour just to figure out that something was up with node-sass and not one of the other dependencies

I can't get node-sass to compile. I feel like I'm going insane 🙃

Why does this always happen??

Three days of (literal) nonstop work has paid off. Our university film society has a website! surreyfilmsoc.co.uk/

I need a bit of break now though 😳

@sjw @cdmnky @karolat @lanodan

it is possible in AP, if you use a different construction of it.

you would move to an architecture like Zot where all content in the network isn't horizontally replicated across as many peers as possible, instead only pointers (`Create` activities) are replicated.

if you combine this with IndieAuth for fediverse-wide single sign-on, you get a true federated social web instead of this island hopping 300 GB database bullshit we have now ;)
when you lead people to believe they are "safe" on an issue when they are *not*, you are compromising their security.

this is the reason why Pleroma blocks don't go as far as Mastodon blocks.

i'm not comfortable with "fake it till you make it" when it comes to security.

i'm only interested in building features that actually work securely in the present model. i'm also interested in changing the model (see also: OCAP) so that we can build more robust security features.

the people who jumped me last night have a completely broken understanding of the problem. they need to think more deeply about these problems.

let me explain their argument and why it is wrong.

they argue that if foo@mastodon.social sends a `Block` to bar@kiwifarms.cc, that it's fine because kiwifarms.cc is supposed to stop showing all content including the knowledge of the foo@mastodon.social account to bar@kiwifarms.cc.

in proprietary, non-federated services, this behaviour makes sense.

but in the fediverse, it doesn't, because any admin can simply modify their server to circumvent the `Block`. it takes approximately 5 minutes to do on Mastodon or Pleroma.

this is not good security, because it assumes that there are no hostile nodes. and, like, this is the fediverse, so obviously that's a bullshit assumption.

so, why does all of this matter?

the reason why it matters is because the fundamental architecture is broken. we are trying to graft security into a network that originally ran on a protocol designed strictly for shitposting and built around the data model used by GNU Social.

and what does a correct network model look like? actually, the ActivityPub spec has the answer: stop caching remote profiles locally on the server.

this has other problems, but, fundamentally, any security assumptions under the spec (fortunately or unfortunately, depending on how you look at it, the spec defines security as non-normative though) are built around peers NOT having local caches of profile data.

so instead of trying to push blocks around the network, why not actually solve the caching problem?

it is simply not possible to have the security guarantees Mastodon's block feature claims under the current data model of the fediverse. i am surprised nobody has created a service already that lets you automate scraping profiles of accounts that block you. it's not because it's hard to do, that's for sure.

and why do all of these software (Pleroma included) shadow all of these remote profiles? because people want to stay in one place and things need to be decently fast.

what i am saying is that if we want security guarantees like "blocked users cannot access profiles" that aren't trivially bypassed, then we need to move toward stuff like what Hubzilla is doing, where instead of doing things 100% from your own home instance, there is fediverse-wide single sign on, and people move from instance to instance to interact.

which is ultimately what OCAP is about evolving toward.

Pro tip for #OSX users trying to back up their #Macbook:

If you're just using Finder to select and copy stuff to your backup drive, be sure to push Cmd+Shift+Dot to show the hidden folders before selecting everything! That way you'll actually be copying *everything* instead of just some things!

uspol, religion, abortion 

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.