Post AQ151ldSdnVdbbVNmC by somegirlprivacy@fosstodon.org
(DIR) More posts by somegirlprivacy@fosstodon.org
(DIR) Post #AQ151jcg7jh9Mb7jHM by somegirlprivacy@fosstodon.org
2022-11-27T02:54:33Z
0 likes, 0 repeats
Did you know that dev of software who manage your most private infos do not enable on their Git 2FA making their account vulnerable ?Did you know that many of those who have 2FA don't use a phishing resistant one (email, SMS, otp).Did you also know that most of them never sign their commit with a valid GPG key ?Did you know that many use git over https witch is less secure than ssh ?You want secure software ?Ask them to secure their git account.#security #software #git #2FA #GPG #ssh
(DIR) Post #AQ151kH5hU1NNw20Gm by AOMKLrLWRaeXOD1nsW.ale@social.manalejandro.com
2022-11-27T02:57:11.492Z
0 likes, 0 repeats
@somegirlprivacy@fosstodon.org i use only https without signing
(DIR) Post #AQ151kkrulqAsHxmgS by somegirlprivacy@fosstodon.org
2022-11-27T02:59:21Z
0 likes, 0 repeats
@ale and it's a problem (for me) since it's not signed nothing prove me that your commit is done ... by you.
(DIR) Post #AQ151lCsEeF4H949Kq by AOMKLrLWRaeXOD1nsW.ale@social.manalejandro.com
2022-11-27T03:00:45.692Z
0 likes, 0 repeats
@somegirlprivacy@fosstodon.org
(DIR) Post #AQ151ldSdnVdbbVNmC by somegirlprivacy@fosstodon.org
2022-11-27T03:07:15Z
0 likes, 0 repeats
@ale the most funny in that it's once git and gitea is set (like 3 or 4 settings) it change nothing on how we interact with git.But like always some dev take the easy road...and in the end when theirs account is taken over it's the user data who are breached or their computer who have a ransomware ont it.
(DIR) Post #AQ151m6Av2Th2ewJX6 by AOMKLrLWRaeXOD1nsW.ale@social.manalejandro.com
2022-11-27T03:08:19.560Z
0 likes, 0 repeats
@somegirlprivacy@fosstodon.org sure but... you ban I P F S from mastodon? 😱🙊 O M G
(DIR) Post #AQ151mYtCHRkTiNFI0 by somegirlprivacy@fosstodon.org
2022-11-27T03:10:46Z
0 likes, 0 repeats
@ale yep for security IPFS is one of the worse tech i ever seen in the same basked of all these "WEB3" crap.Since you host unknown data for unknown peoples what can go wrong ? 🤷♀️
(DIR) Post #AQ151myPfNrZksJd4a by AOMKLrLWRaeXOD1nsW.ale@social.manalejandro.com
2022-11-27T03:11:49.096Z
0 likes, 0 repeats
@somegirlprivacy@fosstodon.org then you must ban all p2p software 😱 OMG
(DIR) Post #AQ151nRptzOnE857w0 by somegirlprivacy@fosstodon.org
2022-11-27T03:13:51Z
0 likes, 0 repeats
@ale No because P2P you share a file you know with other people so you can just not share illegal thing, with ipfs is muuuch more complicated.Just see how much the guy behind ransomware use ipfs to hide their crap.Blocked on my network and i don't want to see it on masto.
(DIR) Post #AQ151o3lcxjx7lpQ3c by AOMKLrLWRaeXOD1nsW.ale@social.manalejandro.com
2022-11-27T03:17:06.163Z
1 likes, 0 repeats
@somegirlprivacy@fosstodon.org i've never seen it, but I know more or less how IPFS works and it could be done, it's a distributed network so the nodes replicate the same information, but it depends on how you configure your node, it will share what you want, so you're wrong about that, you shouldn't ban so easily
(DIR) Post #AQ15PPRQoExTip9TYe by djsumdog@djsumdog.com
2022-11-27T03:32:41.773181Z
0 likes, 0 repeats
Yea, I thought with IPFS you had to pull a file/image/media through your node for it to get cached on your node? That was one of the big problems with the (now defunct) Zeronet Project. Everything you view gets hosted via webtorrent, and it had a problem with child abuse content. So if you're just trying out Zeronet, you could inadvertently be hosting illegal shit.There's the Freenet project, which is a little more interesting. Everyone gives up a little piece of their hard drive for encrypted information, and you have no idea what is being stored on the storage you give over to Freenet. It's a very slow network, but it has privacy and confidentiality as its first priority. (There are white papers that claim they can tell what an individual user is downloading by monitoring its neighbor connections, but not sure how practical it is to exploit).