the approach of using a visibility seemed best for usability (in terms of obviousness), and provided an excuse to dig deeper on OStatus leaks
Notices by kaniini (kaniini@mastodon.dereferenced.org), page 61
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 22:50:03 EST 
kaniini
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 22:44:14 EST
kaniini
the generic patch needs work, but i think i know what's wrong.
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 22:43:04 EST
kaniini
this is another local-only toot
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 22:43:04 EST
kaniini
this is another local-only toot
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 22:42:31 EST
kaniini
overall the auth model in mastodon 2 seems reasonable, it's just the specific policy objects that need tweaking.
or in the case of OStatus leaks, it's because the post privacy settings on variant objects were always set to "public."
this patch would likely allow things like followers-only boosting too, but that's for another day.
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 22:37:11 EST
kaniini
testing generic version of the patch now, which should eliminate *all* OStatus leaks
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 22:33:59 EST
kaniini
i fixed it. going to clean up the patch and post it momentarily.
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 22:32:09 EST
kaniini
@bea no i fucked up and forgot to set the privacy
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 22:31:15 EST
kaniini
this is a private status and it should hopefully not get exposed in RSS.
-
💫Alyx (alyx@witches.town)'s status on Wednesday, 22-Nov-2017 22:30:14 EST 
💫Alyx
boost if you disagree
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 22:28:26 EST
kaniini
@bea testing quick and dirty fix
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 22:12:44 EST
kaniini
actually, it seems it is a security problem in mastodon itself.
i'm working on fixing the general case
(mastodon is leaking things it shouldn't be into public view, but this leak was hidden because reboosts of private posts is normally forbidden)
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 22:07:22 EST
kaniini
so it's reboosts getting leaked via OStatus.
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 22:06:58 EST
kaniini
harumph this is the one i am going to reboost
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 22:06:58 EST
kaniini
harumph this is the one i am going to reboost
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 22:02:12 EST
kaniini
there is a decent shawarma place across the street from what i was told was a male strip club (remington's?)
-
kaniinitesting (kaniinitesting@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 21:55:19 EST 
kaniinitesting
this is another test, supposed to be local-only
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 21:53:53 EST
kaniini
@csaurus did you get the original status or the reblog? i have concerns about how mastodon handles OStatus reblogs.
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 21:30:58 EST
kaniini
Patch: https://github.com/kaniini/mastodon-hardened/commit/3e832e91d1fada8f7efbd89059bd14e7ca258ad8
-
kaniini (kaniini@mastodon.dereferenced.org)'s status on Wednesday, 22-Nov-2017 21:29:52 EST
kaniini
this is a local-only status i say
All Jonkman Microblog content and data are available under the