Notices by :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site), page 37
-
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Friday, 19-Jul-2019 13:06:20 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
(don't take that as an endorsement of support for either of those websites, but there is something to be said about adversarial security models, and in that role, they are doing a service by motivating people to care about the security of the ecosystem as much as I do) -
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Friday, 19-Jul-2019 13:03:58 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
personally i think that Gab and KiwiFarms and all of them being here and the ecosystem being able to react to them however they wish is indicative of the system working as designed. there are flaws, but i believe it will lead to better security hygiene in the long term. -
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Friday, 19-Jul-2019 13:02:52 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
i wonder if the true lesson of these 'evil instances' appearing on the fediverse isn't the one i have been teaching all along -- safety is better accomplished through small communities (less than 100 active users) than having large silos? -
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Friday, 19-Jul-2019 12:30:28 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
@shpuld i guess that's one way of solving the problem -
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Friday, 19-Jul-2019 08:53:36 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
@ben @cj soon (maybe tonight) -
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Friday, 19-Jul-2019 08:28:16 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
@nik @dirb @karolat
that's not a solution under the current security model. why do you think I keep complaining about it? and besides Pleroma can already be configured to not federate blocks if you don't want the side effects to distribute through the network. -
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Thursday, 18-Jul-2019 21:14:25 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
@karolat I do t know what it's called, and no quarantine doesn't effect blocks. we will need to look into that (perhaps sending Reject Follow instead) -
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Thursday, 18-Jul-2019 21:02:19 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
@karolat @nik all MRFs are listed in nodeinfo -
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Thursday, 18-Jul-2019 20:49:05 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
@dzuk he has a FSE account and he couldn't explain how UBI wouldn't cause inflation to me (just muttering about how he would tax Amazon to pay for it). landlords ain't Amazon. -
banana (banana@mastodon.art)'s status on Sunday, 14-Jul-2019 23:32:14 EDT banana
BUNS BUNS BUNS BUNS
-
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Thursday, 18-Jul-2019 20:42:44 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
@macgirvin @cwebber @yaaps
with all due respect, if Gab used Zot, how would it be resolved there? -
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Thursday, 18-Jul-2019 18:55:35 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
@macgirvin @cwebber @yaaps
How is it any more 'security through obscurity' than the tokens used by OWA? -
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Thursday, 18-Jul-2019 16:08:05 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
@succfemboi @fluffy
then i will literally be too drunk partying in celebration of the first telecom regulation that actually did any good -
Christine Lemmer-Webber (cwebber@octodon.social)'s status on Thursday, 18-Jul-2019 12:44:54 EDT Christine Lemmer-Webber
@yaaps @kaniini Nope! The ONLY thing that bearcaps require is that you check the Authorization field. The bearer token is an opaque value. The only thing you need is an http request parsing library, that's it.
-
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Thursday, 18-Jul-2019 12:58:07 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
@cwebber @yaaps
indeed, the only interesting part here about OAuth is that if you already implement OAuth, you basically get bearcaps for free. -
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Thursday, 18-Jul-2019 12:37:06 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
@yaaps @cwebber
it's not really that much of a rush, and i believe the ultimate destination is basically the same. problem is, we have to get there incrementally, because breaking the fediverse in the meantime is bad.
so, the response path of fediverse implementations is essentially
signatures (in the case of Pleroma, mapping them to inferred capabilities for futureproofing) -> instance-wide bearcaps -> user-specific bearcaps -
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Thursday, 18-Jul-2019 11:43:16 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
@yaaps
delegation doesn't require signatures, because the only identity aspect we care about is who initially caused the token to be issued to begin with.
the mapped identity stuff is only really in the context of compatibility, and will eventually be purged from Pleroma, being 100% based on granted capabilities instead -
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Thursday, 18-Jul-2019 11:01:34 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
@fluffy yeah, unfortunately BCP38 depends on ISPs filtering their own customers' traffic (to drop spoofed packets) to work, and many choose not to. -
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Thursday, 18-Jul-2019 10:57:06 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
@ben i'm talking about the hosting providers mostly. the ones with servers that have gig-e and 10gig-e and so on for rent and don't bother to implement BCP38. -
:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Thursday, 18-Jul-2019 10:50:24 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
@ben most attacks are still amplification based on spoofing. BCP38 if it were implemented everywhere stops that dead in it's tracks.