Notices by F. Maury ⏚ (x_cli@infosec.exchange)

@elzen (je m'inscris en faux sur cette affirmation ; il s'agit de la seule interprétation de @elzen des textes que j'ai fournis et qui, à mon avis, disent l'exact opposé :))
@crowdagger @parleur @lanodan

@lanodan Les lois applicables, c'est toujours les mêmes depuis 20 ans : la LCEN et la LCEN2.

@crowdagger @elzen @parleur

@parleur
Loin de moi l'idée de défendre des racistes.

Je rappelle néanmoins qu'en droit, un hébergeur est un hébergeur tant qu'il ne fait d'action de choix éditoriaux ; autrement tant qu'il se contente de supprimer le contenu qui est manifestement illégal dès lors que celui-ci lui est signalé et dans un délai raisonnable. Dès lors que ses actions de modération s'étendent des décisions sur du contenu qui n'est pas manifestement illégal, alors il devient éditeur, et il est responsable légalement des propos tenus sur sa plateforme.

Est-ce que des messages que tu assimiles à du dog whistle (je te crois sur parole ; je m'y connais pas assez) sont qualifiables de manifestement illégal ? Par définition, j'ai l'impression que non.

Zéro confiance en Olvid.

https://web.archive.org/web/20250228063029/https://infosec.exchange/@x_cli/114071933034464431

1) L'État ne représente pas un risque selon eux ;
2) Épandage de la peur et du doute sur les concurrents ("nos concurrents sont des outils de surveillance de masse", sans justification) ;
3) Usage de post-vérité : "nous avons été audité, contrairement aux autres, que les gogos croient sur parole" ;
4) emploi de comptes marionnettes/ferme à trolls pour poster de la désinformation sur les concurrents (https://mastodon.top/@atchi150585/114078339465195398)

Ne tombez pas dans le piège. Déconseillez Olvid.

@rgacogne
I second that opinion, but the structure has to be a non-profit. This is why I refuse to fund Thunderbird.
@rakoo @exception @sarahjamielewis

Donc l'#ANSSI sort un guide sur la sécurisation des serveurs ACME.

**PAS UNE mention de DNSSEC**

Fucking amateurs

#infosec #acme #cybersecurity

@solene
Nope. Not IPv6 related 😉

Check your #DNS skills:

On GNU/Linux:

ping broken-by-design.fr => name resolution OK

resolvectl query broken-by-design.fr => name resolution OK

wget https://broken-by-design.fr => Temporary lookup failure

apt update => Temporary lookup failure

What did the user (sudoer) change on their system to break it?

For those of you on Atomic Desktops (Fedora Silverblue) wanting to run Signal Desktop and not trusting the non-official flatpak (which is broken anyway...): you can install Signal Desktop on a toolbox.

toolbox create -d ubuntu -r 24.04
toolbox enter ubuntu-toolbox-24.04
<run the commands to install signal desktop as indicated by the Signal website>
apt update && apt install -y alsa

and boom ! You can run Signal Desktop!

Toolbx is an excellent tool, including for running applications with graphic displays. Audio and video calls work too!

@solene Random noise can be nullified given enough input data. Sounds inefficient.

@soatok Out of curiosity, would you please care explaining to me why you consider DNSSEC to be off-limits? I believe it is a key component to secure the ACME protocol, which is the basis of so many modern PKIs. I wouldn't know how to do in it without DNSSEC.
This is not me trying to evangelize about it, but trying to understand what are the alternatives? Do you consider that ACME is a mistake?

@ryanc Yeah, but at the same time, the concurrent protocols was using ASN.1. So yeah. SMTP is kinda cool in regard.

@Mer__edith
Yet, the flatpak is said to be published "by Signal Foundation". If that's not the case, the package is usurping Signal Foundation identity and people using Flatpak oriented distros are targeted by this usurper. Can you request a takedown, please?
@apicultor @briankrebs

@soatok It also shows a complete lack of understanding of the mindset of cryptographers.

Cryptographers call cryptanalysis breaking a few rounds of AES. They deprecate hashing algorithms at the first sign of weakness. I mean, MD5 has still no 2nd preimage attacks but the general recommandation is not no longer use it, even if this property still holds.

Cryptograhers do not wait for a vulnerability to be dramatically practical to raise flags. It just is the way it works. They take no chance, and I feel safer that way.

People need to understand that.

@ryanc
Maybe they are not sure about your partner gender and neutral is neutral?

@feditips
Thanks. I did not know about that sort of groups.
One drawback I see is that such groups are centralized. If the provider goes dark, members would lose everything. Hashtags are decentralized by nature and thus would be more resilient. Am I missing something?

@jerry I am strongly against this kind of lists. I chose this instance because I trust your judgement and your moderation policy. Outsourcing censorship feels dangerous.

@feld @jerry I do not. Open networks are bound to fail. The issue is with open networks as a concept.

@cafkafk @feld @jerry Can you please name one open network of significant size that is not crippled by spam, please?