Notices by Evan B🥥ehs (eb@social.coop), page 2

If an absolute maximum of 18k fedi servers (probably way less than 10k) making requests 2 requests to your server (so they can download the OG image you decided to make) can bring it down for hours, maybe your server configuration is the problem.

What’s wrong babe? You’ve hardly created any shareholder value today

With local software, there is no DDoS
With local software, there is no need to scale your cloud
With local software, there is no XSS
With local software, there is no SQL injection
With local software, there is no SSRF, CORS, and CSRF
With local software, there is no broken authentication
With local software, there is no V8 sandbox escapes

TRUTH SOCIAL SENT ME THEIR SOURCE CODE: https://boehs.org/node/truth-social

Fedi takes another huge win. I wonder what we'll find.

#trump #socialmedia

@lori out here dropping another banger:

https://d-shoot.net/kagi.html

@luis_in_brief @benwis @brainwane @glyph @geofft @diazona @djc oh that’s sick, it’s so funny that you never know who you’re speaking to on here lol. Congrats on how successful tidelift has been :)

@benwis @brainwane @luis_in_brief @glyph @geofft @diazona @djc there’s some website (I forget what it is) that basically you pay x amount of dollars and it audits your entire dependency tree and attempts to pay maintainers proportionally. Unfortunately iirc it was kinda flawed but I think it’s a solid idea

Holy shit.

Unfolding now: https://news.ycombinator.com/item?id=39865810

- https://www.openwall.com/lists/oss-security/2024/03/29/4
- https://github.com/tukaani-project/xz/commit/cf44e4b7f5dfdbf8c78aef377c10f71e274f63c0

An incredibly technically complex #backdoor in xz (potentially also in libarchive and elsewhere) was just discovered. This backdoor has been quietly implemented over years, with the assistance of a wide array of subtly interconnected accounts:

- https://github.com/tukaani-project/xz/commit/ee44863ae88e377a5df10db007ba9bfadde3d314
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067708
- https://github.com/jamespfennell/xz/pull/2

The timeline on this is going to take so long to unravel

#security #linux

https://boehs.org/node/everything-i-know-about-the-xz-backdoor

I have begun a post explaining this situation in a more detailed writeup. This is updating in realtime, and there is a lot still missing.

#security #xz #linux

Can somebody explain why #meta is a threat to the Fediverse? Like I get that they are evil corporate and probably up to no good but if you want all the fediverse data it's incredibly simple to get (just add .rss, .json, setup a ghost instance, or use the API with zero authentication), so no need for this. Plus, I doubt anybody is switching fedi → #threads. Plus, a few might go threads → fedi. AP is lead by passionate people like @evan, so they can't control it. What's in it for evil #facebook?

@CassandraZeroCovid @evan you must have glazed over the part where I said mastodon has next to no privacy. Every post you make is federated to thousands of other servers controlled by thousands of different people. From the web, anybody can get a machine readable feed of your posts without logging in by adding .json or .rss to the end of the url. Almost all data, if Facebook wanted, they could already get

@evan it’s funny everybody is answering yes while simultaneously hating threads with all their guts

@evan perhaps, the argument is “anybody can implement it but we don’t need to federate with you”

Imagine you have a dam. Fish want to get through the floodgates, but the gates are locked. You want to open the gates when a fish wants to pass through.

If you are a tech bro, you might say “we can use AI to solve this problem”

If you are the municipality of Utrecht, you instead say “what if we put a livestream of the canal on the internet and instructed viewers to push a button when they see one”

https://visdeurbel.nl/

@gianni @samlavigne

@atomicpoet @fediversenews It's right below lol

@evan How so?

@evan My apologies, I will keep that in mind. Thanks for entertaining the question this time!

@evan Must it be food *I* hunted, fished, or gathered? This distinction would put me on the other extreme