Post AC2A0FMp4FZPnur0dN by r000t@fedi.site
(DIR) More posts by r000t@fedi.site
(DIR) Post #AC26gLNSiCkQn4yGGW by mangeurdenuage@shitposter.club
2021-10-04T21:12:17.367292Z
23 likes, 21 repeats
>haha fedi is safe we aren't dependent on one central entity to exist what happened to faceberg won't happen to us>cloudflare goes down>50% of fedi disappears>AWS goes down >30% of fedi disappears>OVH goes down >15% of fedi goes down
(DIR) Post #AC26rIvIB4G6Md1MlU by becassine@kiwifarms.cc
2021-10-04T21:14:15.216790Z
13 likes, 3 repeats
@mangeurdenuage >Trannies get angry>KiwiFarms goes down
(DIR) Post #AC27IO3VCfSU6Im8AK by dwaltiz@pleroma.soykaf.com
2021-10-04T21:19:08.208251Z
2 likes, 0 repeats
@mangeurdenuage reminds me how back in the day all the big GNU social servers were hosted in the same data center lol
(DIR) Post #AC27aPYeM94jyMwHIG by hj@shigusegubu.club
2021-10-04T21:22:23.853918Z
0 likes, 0 repeats
@mangeurdenuage i just hope hetzner doesn't go down....
(DIR) Post #AC27he7uaXTXBSslSC by mangeurdenuage@shitposter.club
2021-10-04T21:23:43.826710Z
3 likes, 0 repeats
@hj It's a shame that half of the world went mad, otherwise could just self host at home :feelsbadman:
(DIR) Post #AC27iVlRAJaFXOmZv6 by lanodan@queer.hacktivis.me
2021-10-04T21:23:49.198952Z
8 likes, 3 repeats
@mangeurdenuage Let's Encrypt: 99% of fedi more or less goes away with it.
(DIR) Post #AC27n1XcxauNFeTVGi by dubu@social.tofu.kim
2021-10-04T21:24:29.137936Z
2 likes, 0 repeats
@mangeurdenuage @hj >power goes out
(DIR) Post #AC27qqfHLCqkg0sSbA by hj@shigusegubu.club
2021-10-04T21:25:22.454907Z
1 likes, 0 repeats
@dubu @mangeurdenuage yep. i used to self-host from home
(DIR) Post #AC27tSEGeHV7l9UAzI by lanodan@queer.hacktivis.me
2021-10-04T21:25:48.080820Z
1 likes, 0 repeats
@hj @mangeurdenuage The good things ofhosting at home, if my internet goes down so does me and my server.
(DIR) Post #AC27wUAts4Vuf9M8q8 by federal_bureau_of_the_interwebz@poa.st
2021-10-04T21:26:23.868697Z
1 likes, 0 repeats
@mangeurdenuage hey, at least we can rejoice for now
(DIR) Post #AC288kG9tUIa1Xf4YC by yes@social.handholding.io
2021-10-04T21:28:37.642838Z
1 likes, 0 repeats
@mangeurdenuage >facebook goes down>100% of fb/ig/wa disappears
(DIR) Post #AC28Unhjlbbf4w4tpA by xue@shitposter.club
2021-10-04T21:32:36.882597Z
1 likes, 0 repeats
@becassine @mangeurdenuage so its a win-win situation
(DIR) Post #AC28hmyvlUg0bNJUsy by thatguyoverthere@charlestown.social
2021-10-04T21:34:57.230221Z
0 likes, 0 repeats
@lanodan @mangeurdenuage they messed their stuff up last week. If their servers go offline the certs are still distributed, but if the terms of service were altered and they started revoking certs that would do serious damage for sure.AFAIK they are the only free trusted certificate provider. Woe were the days when a cert had to cost a hundy or more.
(DIR) Post #AC28mi9R9VJ34HZh6e by Moon@shitposter.club
2021-10-04T21:35:50.788593Z
2 likes, 0 repeats
@thatguyoverthere @lanodan @mangeurdenuage I would buy a cert if they still could last three or more years
(DIR) Post #AC28tAmxakatch8uFE by djsumdog@djsumdog.com
2021-10-04T21:37:00.359136Z
0 likes, 1 repeats
@mangeurdenuage It'd be interesting to reverse-IP the big fedi instances and see what % is hosted via AWS, OVH, Vultr, DigitalOcean, etc. .. You would only be able to get numbers for instances not behind CloudFlare though
(DIR) Post #AC28vb9UXnkDy0q1Bo by mangeurdenuage@shitposter.club
2021-10-04T21:37:27.319646Z
0 likes, 0 repeats
@lanodan Over a decade ago someone made an addon for firefox to be able to auto check websites that used pgp instead the x.509 system for authenticity and security, the man who made it had one a 10k prise in france, he never came to take it and completely disappeared I can't even find the articles where I read that anymore :/
(DIR) Post #AC28y0OBgV26ojrMHY by Hyolobrika@counter.fedi.live
2021-10-04T21:36:47.609330Z
0 likes, 0 repeats
@thatguyoverthere @lanodan @mangeurdenuage does federation depend on SSL? if not then that won't be affected
(DIR) Post #AC291bnl2gzPicXQbA by thatguyoverthere@charlestown.social
2021-10-04T21:38:32.079224Z
2 likes, 0 repeats
@Moon @lanodan @mangeurdenuage yeah the short lifetime is a bit of a drag, but for simple encryption I appreciate the effort to bring that cost down for the average web site which can't easily justify spending hundreds a year. Shit is a racket in my eyes.
(DIR) Post #AC294Ee9aX9um2IYl6 by lanodan@queer.hacktivis.me
2021-10-04T21:38:56.935271Z
1 likes, 0 repeats
@thatguyoverthere @mangeurdenuage There is other things than Let's Encrypt which are also ACME-based and at least partially gratis, and they seem fairly well recognised, might actually consider using one of them for domains where I don't need wildcards.Also I was using CACert.org before Let's Encrypt, only issue with it being that Mozilla et al. didn't want to accept it for bullshit reasons.And I also used StartSSL certificates for a bit before they got trashed.
(DIR) Post #AC295sAa806vdrFNpI by Moon@shitposter.club
2021-10-04T21:39:18.461425Z
1 likes, 0 repeats
@thatguyoverthere @lanodan @mangeurdenuage sure, basically I used to have to maintain a few devices where I can't run letsencrpt agent so a regular long-lived cert is best
(DIR) Post #AC297k2RKaWV0CKWEy by thatguyoverthere@charlestown.social
2021-10-04T21:39:38.609480Z
1 likes, 0 repeats
@Hyolobrika @lanodan @mangeurdenuage well no encryption isn't required, but many front ends are protected by SSL (and should be).
(DIR) Post #AC29BhUElBKiFMDg5A by critical@blob.cat
2021-10-04T21:40:21.191259Z
0 likes, 1 repeats
@lanodan @thatguyoverthere @mangeurdenuage what are these Let's Encrypt free alternatives?
(DIR) Post #AC29DQrfX0ebH10Oxc by vanecx@mastodon.pirateparty.be
2021-10-04T21:40:37Z
0 likes, 0 repeats
@mangeurdenuage so, worst case scenario, half of fediverse still works (and this could be solved quite easily)
(DIR) Post #AC29LLFMIokkANrEum by lanodan@queer.hacktivis.me
2021-10-04T21:42:02.478146Z
0 likes, 0 repeats
@Hyolobrika @thatguyoverthere @mangeurdenuage Pretty much all of the fediverse servers have HTTPS into their advertised URLs, switching back to clearnet isn't much of an option.Which is quite good, I mean, it would take a while for certificates to go away, but a lot of people are *only* using Let's Encrypt.And TOFU is just dead for the web and can't really work for fedi-kind of server-to-server.
(DIR) Post #AC29TPaw1L6Ry5nWxk by lanodan@queer.hacktivis.me
2021-10-04T21:43:29.546670Z
2 likes, 0 repeats
@critical @thatguyoverthere @mangeurdenuage Here is a non-exhaustive list: https://github.com/acmesh-official/acme.sh#supported-caNot sure if all of them are free but they support ACME, which is the only reasonable thing to do for validation these days.
(DIR) Post #AC29l8z2WGOJf6Wnc8 by frank87@ikbenpiraat.nl
2021-10-04T21:43:47.094737Z
0 likes, 0 repeats
@mangeurdenuage Maybe it's time to gear up the Yggdrasil-network...
(DIR) Post #AC29lASr0tpmFrU7iy by mangeurdenuage@shitposter.club
2021-10-04T21:46:44.647466Z
0 likes, 0 repeats
@frank87 Yeah I'd like to see fedi on Gnunet too.
(DIR) Post #AC29towUOw1O6zTMKe by r000t@fedi.site
2021-10-04T21:48:19.717925Z
1 likes, 0 repeats
@mangeurdenuageRight but it doesn't take out the whole thing.
(DIR) Post #AC2A0FMp4FZPnur0dN by r000t@fedi.site
2021-10-04T21:49:29.758681Z
1 likes, 0 repeats
@djsumdogI'm hosting on proxmox at home, but the connection is terminated at Vultr Chicago. If Vultr went down, I'd have to change some routing, but the box hasn't gone away. @mangeurdenuage
(DIR) Post #AC2ANtz8DXHkRG3IsS by jcast@mastodon.social
2021-10-04T21:47:47Z
0 likes, 0 repeats
@lanodan @mangeurdenuage Self Cert is still a thing?
(DIR) Post #AC2ANuSYS8oxuVonjs by lanodan@queer.hacktivis.me
2021-10-04T21:53:40.359974Z
0 likes, 0 repeats
@jcast @mangeurdenuage self-signed certificates basically mean certificate pinning like TOFU or exceptions lists.This isn't a thing which could work for the fediverse as it needs server-to-server to work and get at least a bit of validation.
(DIR) Post #AC2Ef92btMOnsF9mwC by inference@mastodon.inferencium.net
2021-10-04T22:41:39Z
0 likes, 0 repeats
@Hyolobrika @thatguyoverthere @lanodan @mangeurdenuage You could always just switch certificate authorities or self-sign in the worst case scenario.
(DIR) Post #AC2GFlkHZEAGICbzqS by thatguyoverthere@charlestown.social
2021-10-04T22:59:31.718634Z
2 likes, 0 repeats
@inference @Hyolobrika @lanodan @mangeurdenuage yeah the problem with self signed certs is one of trust. Getting others to trust your cert would be difficult. The browsers allow you to install a certificate, but I'd be shocked if 10% of internet users even know what SSL is for, let alone how to interact with the certificate store
(DIR) Post #AC2GOKKQs7zvrnbLm4 by inference@mastodon.inferencium.net
2021-10-04T23:00:47Z
1 likes, 0 repeats
@thatguyoverthere @Hyolobrika @mangeurdenuage @lanodan I didn't say it was easy or going to be accepted by everyone, I said it was possible.Of course, we'd need a backchannel to send the certs on, so we should do it before an outage happens, to be honest.
(DIR) Post #AC2HxUE0AaD2eIvH5k by thatguyoverthere@charlestown.social
2021-10-04T23:18:38.108430Z
1 likes, 0 repeats
@inference @Hyolobrika @mangeurdenuage @lanodan what about coordinating a few fedi cert authorities. Then we could cross sign certs and enhance the trust. It's not too difficult to set one up and then we could just distribute root certs like the big boys. Wed still have to help regular users trust the new authorities, but its a bit easier than trying to keep track of everyone's self signed certs as far as distribution goes.
(DIR) Post #AC2I9Mwn3NM1YLXR5M by inference@mastodon.inferencium.net
2021-10-04T23:20:44Z
1 likes, 0 repeats
@thatguyoverthere @Hyolobrika @mangeurdenuage @lanodan Indeed, that could work.Just set up a self-signed CA and make it work like RSA web of trust.
(DIR) Post #AC2I9bSr4xK0ZqeF0a by shironeko@fedi.tesaguri.club
2021-10-04T23:20:48.484293Z
1 likes, 0 repeats
@mangeurdenuage I don't talk to over 50% of fedi, so :doki-shrug:
(DIR) Post #AC2INABZIWCY1m1oK8 by Hyolobrika@counter.fedi.live
2021-10-04T23:22:11.493708Z
0 likes, 0 repeats
@mangeurdenuage @hj wdym?
(DIR) Post #AC2IkReWWPlgrRfoIK by mangeurdenuage@shitposter.club
2021-10-04T23:27:29.472381Z
1 likes, 0 repeats
@Hyolobrika @hj Woke neo-liberism.
(DIR) Post #AC2O7Y816wPvNOIyTw by mangeurdenuage@shitposter.club
2021-10-05T00:27:35.556326Z
0 likes, 0 repeats
@faketaoist F
(DIR) Post #AC2OoUXELYIcgSZhMO by Hyolobrika@counter.fedi.live
2021-10-05T00:34:21.651526Z
0 likes, 0 repeats
@mangeurdenuage @hj woke neo-liberalism means we can't self-host at our homes?
(DIR) Post #AC2Qu44zotNQHP9aka by Hyolobrika@counter.fedi.live
2021-10-05T00:57:46.666870Z
1 likes, 0 repeats
@inference @thatguyoverthere @mangeurdenuage @lanodan tagging @jcast into this discussion (hope you don't mind. I just wanted to merge the two subthreads)I remember seeing a blockchain project that, among other things, wanted to solve this problem.https://emercoin.com/en/emersslWithout having read the white paper yet (I am on my phone and it's late), I have my doubts though. How is putting hashes of SSL certs on the blockchain supposed to solve the problem of trust?
(DIR) Post #AC2RDlDNfUa3YzT1pw by inference@mastodon.inferencium.net
2021-10-05T01:02:22Z
0 likes, 0 repeats
@Hyolobrika @thatguyoverthere @jcast @lanodan @mangeurdenuage They can be signed by the public who verify the certs came from the correct IP/domain. This is how cryptocurrencies work; the wallet addresses and transactions are permanently stored after verification from decentralised machines users are running.
(DIR) Post #AC2RUzA748YNk89V1E by mangeurdenuage@shitposter.club
2021-10-05T01:05:32.552639Z
0 likes, 0 repeats
@Hyolobrika @hj No it means that you can be traced back home.
(DIR) Post #AC2alDNCtb742U5fE0 by Hyolobrika@counter.fedi.live
2021-10-05T02:48:13.814637Z
0 likes, 0 repeats
@mangeurdenuage @hj what about hidden services?
(DIR) Post #AC2bLS0Bz2pbpnbVoW by stuff@mu.zaitcev.nu
2021-10-05T02:55:51.525393Z
0 likes, 0 repeats
@mangeurdenuage Only by number of instances, not by post volume, I suspect. Fedi is very concentrated at dominating instances like mastodon.online, pawoo.net, etc. They aren't at a cheap VM at OVH (like this instance).
(DIR) Post #AC2cK9mAMY7AyHzSWe by Hyolobrika@counter.fedi.live
2021-10-05T03:05:44.718708Z
0 likes, 0 repeats
@mangeurdenuage @hj oh yeah, we are talking about the Fediverse, I forgot
(DIR) Post #AC2dOqxTqx6s0o5Nk8 by mangeurdenuage@shitposter.club
2021-10-05T03:18:53.161607Z
0 likes, 0 repeats
@ShadowRZ If made too they could.
(DIR) Post #AC2dQXU1ESvsBq6pto by mangeurdenuage@shitposter.club
2021-10-05T03:19:11.945826Z
0 likes, 0 repeats
@Hyolobrika @hj I knew some instance who had onions.
(DIR) Post #AC2lrt8Je5bcmvVfyy by net@letsalllovela.in
2021-10-05T04:53:46.885628Z
0 likes, 0 repeats
@mangeurdenuage
(DIR) Post #AC2mEi2v273b3wrqWO by Hyolobrika@counter.fedi.live
2021-10-05T04:56:48.820307Z
0 likes, 0 repeats
@mangeurdenuage @hj did it have a clearnet domain too? did it federate over its onion?
(DIR) Post #AC2xLKibGKQSEgiyu0 by frank87@ikbenpiraat.nl
2021-10-05T06:39:26.658513Z
0 likes, 0 repeats
@lanodan @jcast @mangeurdenuage Some sort of "web of trust"? Servers signing off certificates of other servers?
(DIR) Post #AC2xLLD5QyoPlEzKQC by lanodan@queer.hacktivis.me
2021-10-05T07:02:16.250764Z
0 likes, 0 repeats
@frank87 @jcast @mangeurdenuage web of trust is something I've yet to see not being a catastrophic failure.
(DIR) Post #AC36iSS3ZlaWT45WKm by jcast@mastodon.social
2021-10-05T08:03:01Z
0 likes, 0 repeats
@frank87 @lanodan @mangeurdenuage I guess I was on a post apocalyptic world where you would only trust you buddies' servers and call them up to manually (socially) validate.
(DIR) Post #AC36iSvToN7jwJr1CC by frank87@ikbenpiraat.nl
2021-10-05T08:28:01.449255Z
0 likes, 0 repeats
@jcast @lanodan @mangeurdenuage I would say, self signing is good enough for the fediverse: we don't know each other, so real world validation is impossible.Self signing is enough to prevent spoofing.
(DIR) Post #AC36iTMmAsxTIycok4 by lanodan@queer.hacktivis.me
2021-10-05T08:47:18.128468Z
0 likes, 0 repeats
@frank87 @jcast @mangeurdenuage Self-signing for server-to-server basically means throwing the entirety of certificate validation away.Which is something I'd rather not end up with as it would require rethinking some of the assumptions on how the fediverse is done, because we consider that the channel is already verified and safe.The only reason there is CAs is is to verify ownership, which is something rather expensive and tricky. I'm pretty sure it was considered almost impossible to automate without breaking already questionable security before ACME became a thing.And ACME *requires* a client to run for validations to occur because almost all challenges are stateful.Only alternative to CAs which would make sense would be to have DNS be more trustworthy and have things like fingerprints stored in it, sadly DNSSEC is way too hazardous for how reliable DNS needs to be.
(DIR) Post #AC36tewXTMKkOZgfCK by icedquinn@blob.cat
2021-10-05T08:49:23.528734Z
0 likes, 0 repeats
@lanodan @frank87 @jcast @mangeurdenuage minimalt