Post ATL20l9f0I5PEBoYoy by 1iceloops123@shitposter.club
(DIR) More posts by 1iceloops123@shitposter.club
(DIR) Post #ATKUNyhTPZszSOWvei by graf@poa.st
2023-03-06T05:48:23.401422Z
104 likes, 56 repeats
this whole situation makes us look bad. an entire instance and its users are displaced with likely (probably) hundreds of password crossovers with real world emails because trust or maybe oversight on one persons partwe as instance owners owe it to our users to do better than this. poast takes pretty extreme measures in terms of security but realistically its as simple as having keys instead of passwords and not storing that on your pc. change your ports, restrict logins to specific users or better yet enable an ssh knock port so the server will only respond if you knock on the port before trying to connect. there's all kinds of simple steps to take to prevent something like this from metastasizing outside the original 'hacked' computer the number 1 method of hacking is social engineering, RAT can fall under this since she likely willingly installed whatever was sent to her dont click shit from people on the internet i guess is the takeaway from this if you are an end user. dont open links, just dont
(DIR) Post #ATKUTHP5Iff8udSOAa by pogrommer@poa.st
2023-03-06T05:49:22.242127Z
2 likes, 0 repeats
thanks @graf
(DIR) Post #ATKUTtvK5G1sNcpfhA by APPTeOORuzvlGOetVY.verita84@poster.place
2023-03-06T05:49:29.237994Z
6 likes, 1 repeats
@graf "Click on the exe sirs" :pajeet:
(DIR) Post #ATKUXqqrRn2E0jd4Fs by Jean_Philippe_Micheaux@poa.st
2023-03-06T05:50:11.793677Z
1 likes, 0 repeats
@graf what's a rat?
(DIR) Post #ATKUaZU0ToAd0nEhay by theorytoe@ak.kyaruc.moe
2023-03-06T05:50:41.118806Z
5 likes, 1 repeats
@graf >implying I have usersif only:facebook_frog: :lean:
(DIR) Post #ATKUioLr5CHFRULuKm by lewdthewides@hidamari.apartments
2023-03-06T05:51:59.376097Z
22 likes, 3 repeats
@graf everyone's freaking out over 0 day vulnerabilities right now, when it was clearly a retard women moment falling for the simplest trick in the book. Never trust your security to an e-whore
(DIR) Post #ATKUmR1PlQcMFFWGDA by deprecated_ii@poa.st
2023-03-06T05:52:48.412012Z
13 likes, 0 repeats
@Jean_Philippe_Micheaux @graf remote access trojan
(DIR) Post #ATKUmRRIDDJlXVcvY0 by graf@poa.st
2023-03-06T05:52:46.359025Z
5 likes, 0 repeats
@lewdthewides this wasnt a vulnerability it was full access to the admins machine
(DIR) Post #ATKUpimwAIFaDQJZy4 by Jean_Philippe_Micheaux@poa.st
2023-03-06T05:53:25.827150Z
2 likes, 0 repeats
@deprecated_ii @graf Thanks 🧀
(DIR) Post #ATKUrdUynpasOBpQ00 by SockAccountForWatchingRandbot@poa.st
2023-03-06T05:53:33.313883Z
2 likes, 0 repeats
@Jean_Philippe_Micheaux @graf Remote Access Trojan
(DIR) Post #ATKUtPnCjTX2SZCWg4 by lewdthewides@hidamari.apartments
2023-03-06T05:53:56.137464Z
8 likes, 0 repeats
@graf I know, which makes it more hilarious
(DIR) Post #ATKUzLYNPGKX395sem by CatLord@poa.st
2023-03-06T05:55:10.108063Z
0 likes, 0 repeats
@graf Reminds me of a certain incident on 4ch'n
(DIR) Post #ATKVBOhPXKPYHU48wq by graf@poa.st
2023-03-06T05:57:19.419074Z
14 likes, 2 repeats
looks like claire used the same password for everything so ive deactivated her account on here for obvious reasons
(DIR) Post #ATKVBS2n6IIOef5lBo by LurkPerry@poa.st
2023-03-06T05:56:35.765074Z
5 likes, 0 repeats
@lewdthewides @graf 100% woman momentâ„¢
(DIR) Post #ATKVITczbsitauNJVg by ademan@thebag.social
2023-03-06T05:58:36.851012Z
3 likes, 0 repeats
change your portsI always figured that was security through obscurity, it’s not like port scans are expensive. Am I off base here?Port knocking is definitely a good defense but I have to confess I’m afraid of knockd (and locking myself out lol)
(DIR) Post #ATKVJ9qadiYUXF3lXE by calloc@poa.st
2023-03-06T05:58:33.448281Z
8 likes, 3 repeats
@graf Another good reminder to setup all your online identities under the assumption they'll be compromised given enough time.
(DIR) Post #ATKVLNkJw1XODlBhvE by graf@poa.st
2023-03-06T05:59:07.128600Z
3 likes, 0 repeats
@ademan you are using VPS. just turn off sshd and use vnc bro
(DIR) Post #ATKVWk4tFKIOfQE4iu by splitshockvirus@mstdn.starnix.network
2023-03-06T06:01:08Z
5 likes, 0 repeats
@ademan @graf He doesn't have an SSH gateway or VPNNGMI I mean neither do I. But there are infinity ways to got autismo on security.
(DIR) Post #ATKVe85QNgrJ9hzy8u by Jens_Rasmussen@gleasonator.com
2023-03-06T06:02:32.184261Z
1 likes, 0 repeats
@graf I don't know what most of these words and expressions mean, because I'm not a computer-guy.
(DIR) Post #ATKVfGGrR9bEpRt5ge by johnfortnitekennedy@sneed.social
2023-03-06T06:02:44.474761Z
0 likes, 0 repeats
(DIR) Post #ATKVjl0X6JJdJbOUTI by kroner@seal.cafe
2023-03-06T06:03:32.570277Z
2 likes, 0 repeats
*SSH hardening intensifies*
(DIR) Post #ATKW9XdnQ8E5O83PWq by Shadowman311@poa.st
2023-03-06T06:08:12.564798Z
12 likes, 4 repeats
@graf also if you're a server owner, or really anyone and are downloading a sketchy file, or any file outside of official vendors or trusted people just upload that thing to either virustotal.com or (better yet) hybrid-analysis.com even if your antivirus doesn't throw a bitch fit.
(DIR) Post #ATKWGQmPKPpY8UMojY by deprecated_ii@poa.st
2023-03-06T06:09:27.421264Z
10 likes, 2 repeats
@ademan @graf "security through obscurity" gets tossed around too muchit doesn't hurt unless you *rely* on the obscurity and it does stop certain nuisances
(DIR) Post #ATKWO3KmNlmLjm4vq4 by graf@poa.st
2023-03-06T06:10:47.090859Z
9 likes, 1 repeats
@deprecated_ii @ademan there's all kinds of shit at play, for example limiting auth retries to 2. fail2ban on ssh logs will black hole ips for entire lifetimes if you configure it right. there's a lot to stop brute forcing. the only stop for social engineering is you
(DIR) Post #ATKWXSp4z9QNOZjrVY by Crux_Invictus@poa.st
2023-03-06T06:12:32.392114Z
10 likes, 0 repeats
@deprecated_ii @ademan @graf I always preferred "security through obsolescence" myself.>"Look this phishing email hit this person's inbox and the attachment was opened">"Oh no! What do we do?">"Well the exploit was for a newer version of windows than what we run so..... Just image the box and get rid of the email I guess."
(DIR) Post #ATKWfvP0bxW4LkZxGC by ceptard@sneed.social
2023-03-06T06:09:11.409010Z
1 likes, 0 repeats
@graf ok but uhhhh
(DIR) Post #ATKWgTz02eVXbDgB4y by ademan@thebag.social
2023-03-06T06:14:09.435835Z
3 likes, 0 repeats
I don’t think it hurts (except I have RSI from typing ssh -p [REDACTEDPORT] from my day job) but are you really getting anything in this case? You’re getting port scanned all day long and the search space is only 65535 to begin with.
(DIR) Post #ATKWhuLNWAhFe6pIB6 by Crux_Invictus@poa.st
2023-03-06T06:14:25.664024Z
9 likes, 0 repeats
@deprecated_ii @ademan @graf >troon hacker man tries getting into computer>none of the attacks work because windows 3.1 gang gangRETVRN
(DIR) Post #ATKWq8TqqGVVo4iGBs by TheWanax@poa.st
2023-03-06T06:14:12.526968Z
3 likes, 0 repeats
@Shadowman311 @graf One other thing: I think it's common sense, but a lot of people may forget:I think it's smart to use a special email address and password just for fedi that isn't linked or connected to anything else. Even the handle name I use is unique. Fedi draws attention from dirtbags, so best to isolate the related info if dox is an issue for people so that they have a harder time tracing back to you.
(DIR) Post #ATKWrzqrtWFXclMlX6 by King_Porgi@poa.st
2023-03-06T06:16:14.954094Z
2 likes, 0 repeats
@Crux_Invictus @deprecated_ii @ademan @graf if at workdefinitely open it on company terminalit's a really good idea and will speed up your pc
(DIR) Post #ATKWz0j72XW0Mg5DKy by deprecated_ii@poa.st
2023-03-06T06:17:30.251007Z
6 likes, 1 repeats
@ademan @graf sure, you're stopping a big slice of script kiddies and bots from cluttering up your logs
(DIR) Post #ATKWz1ykNtcEFSPDLU by ForbiddenDreamer@poa.st
2023-03-06T06:17:30.821173Z
4 likes, 2 repeats
@graf If you're responsible for other people's data, just buy a shitty $20 thinkpad, lock it down, and only use that for your administrations (and only for admin stuff). Although if you reuse passwords, you might be boned anyways.
(DIR) Post #ATKX0zhboqOfldKFZQ by skylar@wolfgirl.bar
2023-03-06T06:17:50.219866Z
14 likes, 8 repeats
@graf oofif you're reading this and reuse passwords, please start going through and changing themi've seen a company lose 10 million bucks to wire transfer fraud because somebody reused a password, and another have their entire infrastructure (including backups) wiped out by ransomware because somebody reused a password.whole ass lists of email addresses/usernames and their associated passwords are just sitting out there, either for free or for an absurdly tiny amount of money for tens of millions of em.
(DIR) Post #ATKX1uTkj2BJrAHUO0 by King_Porgi@poa.st
2023-03-06T06:18:02.061389Z
3 likes, 0 repeats
@Crux_Invictus @deprecated_ii @ademan @graf you know a nigger recorded thism.youtube.com/watch?v=hSJDIGiepgU
(DIR) Post #ATKX398phCCRca5My8 by graf@poa.st
2023-03-06T06:18:14.390031Z
2 likes, 0 repeats
@ForbiddenDreamer nah we have our remote access disabled for this reason right now. even obscurity isnt enough when your shit is a definite target
(DIR) Post #ATKX6wQgtt7LM1FRvk by Crux_Invictus@poa.st
2023-03-06T06:18:56.733743Z
7 likes, 0 repeats
@King_Porgi @deprecated_ii @ademan @graf The things people would just casually open at work. They never listened to my Commissar solution to that problem. There's also the people who would find unattended USBs or DVDs in the carpark and put them in the work computers.As well as the boomer classic:>"I didn't order a package but this email says they're holding a package for me!">"You MUST unblock this link so I can get my package!">"What do you mean that's not the official Australia Post site?! Shut up and let me get this package!"
(DIR) Post #ATKXP868FwuUkuIxUW by ForbiddenDreamer@poa.st
2023-03-06T06:22:14.137658Z
1 likes, 1 repeats
@graf Well you shouldn't use it as your only means of security, although it takes a lot of the issues of downloading a RAT from github or what have you. Seeing as most people hosting a server probably already have an old laptop lying around, I see it as an easy way to help keep your keys secure.
(DIR) Post #ATKXRGuiRxnwg0zDf6 by sysrq@freespeechextremist.com
2023-03-06T06:22:37.858557Z
5 likes, 0 repeats
@Crux_Invictus @deprecated_ii @ademan @graf >gets hit with a bootsector virus in 2023
(DIR) Post #ATKXb8n5VRLINa7ljs by Crux_Invictus@poa.st
2023-03-06T06:24:24.596167Z
5 likes, 0 repeats
@sysrq @deprecated_ii @graf @ademan
(DIR) Post #ATKXcFxmKBtOuiemTw by deprecated_ii@poa.st
2023-03-06T06:24:36.417715Z
6 likes, 0 repeats
@skylar @graf that's a big fox :kannalooks:
(DIR) Post #ATKXf8kra6v7QUzUhc by skylar@wolfgirl.bar
2023-03-06T06:25:05.268971Z
2 likes, 0 repeats
@deprecated_ii @graf UUUU
(DIR) Post #ATKXnkK3n0m2G0Yd3w by King_Porgi@poa.st
2023-03-06T06:26:41.137422Z
5 likes, 0 repeats
@Crux_Invictus @deprecated_ii @ademan @graf boomers are so gullibleneed to make some sort of virus on a flash stick that takes over audio and blares the "fuck niggers" cat meme
(DIR) Post #ATKXrf4BH1ST77zsY4 by King_Porgi@poa.st
2023-03-06T06:27:23.620426Z
4 likes, 0 repeats
@Crux_Invictus @deprecated_ii @ademan @graf tfw smoke alarm and audible lip licking
(DIR) Post #ATKXug0QEmZ0tcg19U by Crux_Invictus@poa.st
2023-03-06T06:27:56.346520Z
7 likes, 0 repeats
@King_Porgi @deprecated_ii @ademan @graf The golden age of:>"HEY EVERYONE I'M LOOKING AT GAY PORNO OVER HERE"blaring through the speakers to let everyone know someone did a fucky wucky
(DIR) Post #ATKY7uG2YoHorWI4LA by Paleloon@poa.st
2023-03-06T06:26:50.547307Z
3 likes, 0 repeats
@ForbiddenDreamer @graf I made a whole new email with new passwords that dont even slightly resemble my normie accounts for shitposting here like 2-3 years ago and all the passwords are written down and in a lockbox
(DIR) Post #ATKYWGLw3yDYL4f6Aa by GuntGrease@poa.st
2023-03-06T06:33:50.560794Z
7 likes, 0 repeats
@graf >used the same password
(DIR) Post #ATKYWI01wNsrRiQdIu by graf@poa.st
2023-03-06T06:34:41.837231Z
7 likes, 1 repeats
@GuntGrease i dont know if she did or not or if someone got access to her password list or somethingi will be unplugging my pc when i go to bed and nuking windows in any event, this was the last push i needed to go full time gentoo on my desktop so thanks whoever
(DIR) Post #ATKYZefM7iWwc7MZay by King_Porgi@poa.st
2023-03-06T06:35:20.644599Z
1 likes, 0 repeats
@Crux_Invictus @deprecated_ii @ademan @graf loadwomanmoanobnoxiousextraload.mp3>ooohhhhhhhhhhhhhhhhhhh
(DIR) Post #ATKYlA97QCzRQtluTY by p@freespeechextremist.com
2023-03-06T06:37:25.847283Z
3 likes, 0 repeats
@graf > used the same password for everything:terryshiggy: I shiggy diggy.
(DIR) Post #ATKYmnbIDUXU5WjKue by graf@poa.st
2023-03-06T06:37:42.315967Z
2 likes, 0 repeats
@p could be a password manager too, i dont know
(DIR) Post #ATKYpE4CmonGkdPXns by p@freespeechextremist.com
2023-03-06T06:38:09.906837Z
1 likes, 0 repeats
@graf Yeah, if they got her 1pass or something.
(DIR) Post #ATKYqGynRU5a4gNdtg by joe@social.thisisjoes.site
2023-03-06T06:38:17Z
2 likes, 0 repeats
@graf lol
(DIR) Post #ATKYta2n1A5g4QpE5A by p@freespeechextremist.com
2023-03-06T06:38:57.126189Z
3 likes, 0 repeats
@ademan @graf > I always figured that was security through obscurity, it’s not like port scans are expensive. Am I off base here?No, that's accurate. It doesn't *hurt* but it doesn't help much. It never helps in the case of a targeted attack.
(DIR) Post #ATKYueLWVYI9he67Rg by sysrq@freespeechextremist.com
2023-03-06T06:39:08.722881Z
2 likes, 0 repeats
@p @graf >centralized password manager:alexjonesshiggy2:
(DIR) Post #ATKYwTjsupvBNvMfbc by Argyrus@poa.st
2023-03-06T06:39:28.348933Z
4 likes, 0 repeats
@King_Porgi @Crux_Invictus @deprecated_ii @ademan @graf Imagine: Thumb drive w/ AI generation malware that identifies the employee through the face cam and generates heinously racist voice lines to play them quietly throughout the day as if they're muttering to themselves in their office/cubicle
(DIR) Post #ATKYwwx0J8e9z0j3a4 by p@freespeechextremist.com
2023-03-06T06:39:33.663006Z
3 likes, 0 repeats
@sysrq @graf Ultimate shiggy.
(DIR) Post #ATKZ0fJznJhSSvFfLk by graf@poa.st
2023-03-06T06:40:11.898630Z
3 likes, 0 repeats
@p @ademan i've got biometric usb keydisks and yubikeys im going to distribute (ill send you one too) for this reason
(DIR) Post #ATKZ1HDwsFRS1AiNCS by sysrq@freespeechextremist.com
2023-03-06T06:40:20.574380Z
6 likes, 0 repeats
@p @graf >hmm yes I will have a password manager to keep track of the exact same password:terrywat:
(DIR) Post #ATKZ3lqE0hYzYTo7F2 by miscbrains@misc.brainsoap.net
2023-03-06T06:40:45.461Z
1 likes, 0 repeats
@p@freespeechextremist.com @sysrq@freespeechextremist.com @graf@poa.st older 1pass was more or less self hosted, but oof at hosted password managers.
(DIR) Post #ATKZ3oxmP4OBEmMgvw by dcc@annihilation.social
2023-03-06T06:40:31.836050Z
2 likes, 0 repeats
@p @sysrq @graf i write down my password on paper :dude_smug:
(DIR) Post #ATKZ5a28sle1VsFDMm by InceptionState@poa.st
2023-03-06T06:41:07.030912Z
1 likes, 0 repeats
@Crux_Invictus @deprecated_ii @ademan @graf > Oh this box is ancient, I bet it will be easy to hack> Oh it's running Solaris> Why isn't my tool running, wtf is SPARC?
(DIR) Post #ATKZ8MZPOaSCcr8D68 by p@freespeechextremist.com
2023-03-06T06:41:37.407192Z
5 likes, 0 repeats
@graf @ademan > just turn off sshd and use vncHost whitelisting is not great but still better than this; VNC has terrible security.
(DIR) Post #ATKZ93c3Md7S7VhQgq by sysrq@freespeechextremist.com
2023-03-06T06:41:44.947046Z
4 likes, 0 repeats
@dcc @p @graf I keep the password to all my other passwords on paper :alexjonessmug3:
(DIR) Post #ATKZFvF4srrYBcE61Q by InceptionState@poa.st
2023-03-06T06:42:58.480937Z
2 likes, 1 repeats
@skylar @graf It's so easy now too. Bitwarden is pretty good, and there's always KeePassXC for a purely offline password manager.keepassxc.org/
(DIR) Post #ATKZGOUK9GI0tIaBJQ by p@freespeechextremist.com
2023-03-06T06:43:04.436739Z
1 likes, 0 repeats
@graf @deprecated_ii @ademan > the only stop for social engineering is youAttachment related.frek evinart_of_deception--mitnick.pdf
(DIR) Post #ATKZKJ3SI8BRCKsefY by King_Porgi@poa.st
2023-03-06T06:43:46.099403Z
3 likes, 0 repeats
@Argyrus @Crux_Invictus @deprecated_ii @ademan @graf genius and has it tethered into their phone tooa lot of office networks now have the desk phone tied into apps on their pcsit would be hilarious
(DIR) Post #ATKZOJfdwY5UGaeeci by graf@poa.st
2023-03-06T06:44:29.128363Z
1 likes, 0 repeats
@p @deprecated_ii @ademan mitnick was right. the more hands you have in the pie the easier it gets to steal it
(DIR) Post #ATKZPSMz5OLhXHTFtg by ademan@thebag.social
2023-03-06T06:44:41.400687Z
5 likes, 1 repeats
actually contains a zero-day exploit for adobe acrobat
(DIR) Post #ATKZTHbN3xg7IX1aj2 by Argyrus@poa.st
2023-03-06T06:45:24.010040Z
0 likes, 0 repeats
@graf I guess this is a good reason to buy Macintosh, y'know....because they don't get viruses:smug1:
(DIR) Post #ATKZVj7rhSONF2OAq0 by p@freespeechextremist.com
2023-03-06T06:45:50.765306Z
4 likes, 0 repeats
@ademan @deprecated_ii @graf > (except I have RSI from typing ssh -p [REDACTEDPORT] from my day job)Skill issue.$ ed ~/.ssh/config9001$aHost worksystem.corpo.internal.shitty.biz Port [REDACTEDPORT].wq9065$ ssh worksystem.corpo.internal.shitty.biz
(DIR) Post #ATKZXPrWIChs4kY6RE by graf@poa.st
2023-03-06T06:46:07.812764Z
1 likes, 0 repeats
@Argyrus not true and this false sense of security often leads people into issues like claire has right nowmacworld.com/article/672879/list-of-mac-viruses-malware-and-security-flaws.html
(DIR) Post #ATKZeWhrFE0pKUQ76W by Argyrus@poa.st
2023-03-06T06:47:25.983044Z
0 likes, 0 repeats
@graf I know, it was only ever sort of true when their market share was piddlywinks, I just like saying it to spin up IT people
(DIR) Post #ATKZj9sPYJz5yKZ5to by p@freespeechextremist.com
2023-03-06T06:48:16.394347Z
0 likes, 0 repeats
@graf @GuntGrease baste
(DIR) Post #ATKZw2CtNaWbwwHic4 by p@freespeechextremist.com
2023-03-06T06:50:36.040332Z
4 likes, 0 repeats
@sysrq @dcc @graf Imagine not just memorizing large prime numbers and generating your privkeys from manually typing them on boot.
(DIR) Post #ATKa59cz9s6tZTq2E4 by kirbyV2@pwnage.nyanide.com
2023-03-06T06:52:14.372545Z
2 likes, 0 repeats
@dcc @p @sysrq @graf I am coming to your house
(DIR) Post #ATKaBR5T9p21ST9m88 by sysrq@freespeechextremist.com
2023-03-06T06:53:23.044672Z
2 likes, 0 repeats
@p @dcc @graf all my passwords are hashquines :terryhacker:
(DIR) Post #ATKaDfxookVGAze80G by ademan@thebag.social
2023-03-06T06:53:46.394213Z
2 likes, 0 repeats
edpowerful
(DIR) Post #ATKaXIFEiKxgP99CyW by p@freespeechextremist.com
2023-03-06T06:57:20.044407Z
1 likes, 0 repeats
@ademan @deprecated_ii @graf ed's nice (unironically), very easy to use, and if you have used vi or sed for long enough, you almost know it already. But the reason I do messages as ed sessions is that this makes "what to put into the file" unambiguous.
(DIR) Post #ATKah2J0pWrtrlYkiW by loathsome@petrolkorps.cc
2023-03-06T06:41:52.804012Z
3 likes, 1 repeats
Why people aren't using offline password managers by default is a mystery to me.https://keepassxc.org/
(DIR) Post #ATKah2sShjDzdi93yK by loathsome@petrolkorps.cc
2023-03-06T06:47:08.408915Z
3 likes, 0 repeats
Well, now that I think about it, they could have keylogged her manager password as well. All security kind of falls apart when they get inside your computer.
(DIR) Post #ATKavAYYwzoLVfZXZg by mario@hornyjail.pro
2023-03-06T07:01:37.224094Z
6 likes, 3 repeats
@graf I know this is somewhat of a mute point, but I think more decentralization (in terms of user spread) would help in the future as it makes instances less high-profile and minimizes the damage when something happens. Server hacking games have been around since IRC and when admins think they can have (bad) user-grade security this will happen. Sucks for the admin and the users but my pity stays limited since it could have been easily avoided by chudbud admin not getting rooted and by the users not using identifiable info for registration or in DMs. From my perspective, they got backslapped for acting hard.>victim blamingYeah, essentially. Provinding an online platform and even registering and engaging on one comes with op-/infosec responsibilities, especially in Sweety Squad circles.Remember when Kiwifarms had their database dumped? Stuff like that even happens to somewhat competent admins. Users shouldn't need to trust error-prone systems or at least make it only their own problem when stuff gets leaked.tl;dr host your own single user instance for 10€/month with some effort or get a btrfly one for even less effort and only be responsible for your own data
(DIR) Post #ATKayoKtVXA9kiuoe8 by graf@poa.st
2023-03-06T07:02:17.094756Z
7 likes, 2 repeats
@mario you are correct friendnot even just for security, but the health of the fediverse depends on instances like poast not existing. so i would prefer if people made their own
(DIR) Post #ATKbB86nopqWYGCLke by p@freespeechextremist.com
2023-03-06T07:04:32.027676Z
2 likes, 0 repeats
@mia @ademan @deprecated_ii @graf "Which key do you push" is harder to communicate on the internet than "Here are a sequence of ASCII characters, you could literally paste them into the editor."But due to the whole Arthur Whitney thing, I gave up on really caring what editors someone else uses. I hadn't cared much before that, but then Arthur Whitney was using notepad.exe to build k. nano's basically Linux's notepad.exe.
(DIR) Post #ATKbGR070Qyqamb9V2 by graf@poa.st
2023-03-06T07:05:28.163394Z
5 likes, 0 repeats
@p @mia @deprecated_ii @ademan if im making quick edits: nanoif im hammering out code: vi or sublimetext if im in xfce4
(DIR) Post #ATKbGaVHfuGM44Ffpw by Elliptica@poa.st
2023-03-06T07:05:30.840606Z
1 likes, 0 repeats
@graf @mario But I think that would make it easier to target individuals. On average they would not know anything about net security and would all probably use the same basic setup. You could probably automate a take down process that would wipe out accounts quickly, and people would be left unable to fix their own stuff.
(DIR) Post #ATKbJHSYw6JXrzGMHQ by graf@poa.st
2023-03-06T07:05:59.068120Z
5 likes, 0 repeats
@Elliptica @mario the impact would be on that user, not on the 3000 people also on that server who now had all their shit exposed because someone didnt like the admin/me
(DIR) Post #ATKbNZu4IyMwEKB55E by tyler@1611.social
2023-03-06T07:06:46.463774Z
2 likes, 0 repeats
I write literally everything in nanoBest syntax highlightJust installed vscode yesterday though, trying it just for fun.
(DIR) Post #ATKbQhMR2CjkEBvxaq by graf@poa.st
2023-03-06T07:07:19.613724Z
0 likes, 1 repeats
@tyler @mia @p @deprecated_ii @ademan if you configure your use flags right and use a decent nanorc you can make nano do literally everything but as i said i use it on remote shit because i ts almost universally installed whereas vi/m isnt
(DIR) Post #ATKbVpon1AMruDe5wG by UnityOstara@poa.st
2023-03-06T07:08:16.301776Z
0 likes, 0 repeats
@graf @mario Ugg, on weather. The fediveres deserves better than this.
(DIR) Post #ATKbddtpDPypFziwz2 by Elliptica@poa.st
2023-03-06T07:09:41.020092Z
0 likes, 0 repeats
@graf @mario So there wouldn't (or shouldn't) be a general exploit that could be used to knock the 3000 other users around as well?I feel like it would be as simple as "hey big hosting service, it's the ADL/government, do you see these 3000 individual fedi accounts? Take them offline please?"
(DIR) Post #ATKbdmsNq9At687QUC by mario@hornyjail.pro
2023-03-06T07:09:41.212980Z
1 likes, 0 repeats
Tbh I think having a good-enough net security isn't too hard.I'm an idiot and able to not get into trouble, even though there are chinese IPs trying to ssh into hornyjail.pro every 30s or so.Maybe I'm just not important enough to receive high-effort attacks but the only real attack vectors I could see on hornyjail.pro would be a 0day or social engineering. The worst gaps in security are already fixed by having a secure ssh key/password.
(DIR) Post #ATKblXmfptPQbi99rk by MemeLandfill@poa.st
2023-03-06T07:11:06.715200Z
1 likes, 0 repeats
@mario @Elliptica @graf long ass passwords are king
(DIR) Post #ATKc3K7hMj13S2SVdI by mario@hornyjail.pro
2023-03-06T07:14:19.029605Z
2 likes, 0 repeats
but that would also work with a bigger instance and a gov-complying hoster. if there was a court order to take hornyjail.pro offline, my hoster would def do it (as they probably should tbh if the court order has any merit)Onion fediverse when? (actually that's a really, really bad idea :blobcatsweat:)
(DIR) Post #ATKcQhbEFObkvEQ3Ki by Elliptica@poa.st
2023-03-06T07:18:32.969774Z
1 likes, 0 repeats
@mario @graf You are correct, but a bigger service might also have access to more resources that lets them manage some hosting through independent 3rd parties (bob with a huge server rack in his basement). I don't or can't have a server in my home, so I and most people like me are stuck with some variant of Amazon + cloudflaire.
(DIR) Post #ATKcY3VfBT6Su1K2y0 by graf@poa.st
2023-03-06T07:19:51.578902Z
4 likes, 1 repeats
@Elliptica @mario this is why we encourage users to use literally anything other than major cloud providers. btrfly itself is working to not use the same upstream provider. you cant anymore. being able to trust an upstream to stand by their own TOS isnt a thing that you can do any longer
(DIR) Post #ATKcl1wOKQCpnk0kFc by collappsar@fediverse-lite.com
2023-03-06T07:22:10.400754Z
0 likes, 0 repeats
@graf Whomp whomp.
(DIR) Post #ATKcwad1hVkEZJSu6y by mario@hornyjail.pro
2023-03-06T07:24:17.966932Z
0 likes, 0 repeats
>Amazon+CloudflareThat's not a stack I'd trust :blobcatsweat: I'd recommend more like Hetzner, Fran, btrfly or that other one fediverse-focused provider I forgot the name of.Those are good enough, somewhat cheap and don't drive your electricity bill up when one of your posts gets shared too many times :blobcatgiggle2: With Contabo I can personally attest that they also don't blindly follow any abuse report but actually look into the situation.
(DIR) Post #ATKd0OsnJSaJIYepSC by lanodan@queer.hacktivis.me
2023-03-06T07:24:31.996177Z
2 likes, 0 repeats
@p @deprecated_ii @ademan Reminds me that diff and patch implementations typically have an ed mode, which I guess was very useful before patch got standard.
(DIR) Post #ATKdE4UJw8sI6DjG2S by p@freespeechextremist.com
2023-03-06T07:27:28.525000Z
1 likes, 0 repeats
@graf @mia @deprecated_ii @ademan acme or ed, sometimes vi if it's on a server and it is a painful file, like an nginx config.
(DIR) Post #ATKdEkjKshqD6x4qH2 by TheWanax@poa.st
2023-03-06T05:55:56.613685Z
0 likes, 0 repeats
@graf Is there a reasonable way to check for RATs?
(DIR) Post #ATKdEmIT3ZXNyCWPfk by AWIVR@poa.st
2023-03-06T07:27:35.200407Z
0 likes, 0 repeats
@TheWanax @graf you can monitor in/outbound network traffic while someone is connected, but unless they're picked up by antivirus before someone executes then no.
(DIR) Post #ATKdJdeAe0kMafzUn2 by graf@poa.st
2023-03-06T07:28:27.509510Z
3 likes, 1 repeats
@p @mia @deprecated_ii @ademan i fucking hate nginx i need to rewrite the one for poast its got shit literally everywhere in that config with like no real documentation anymore lol
(DIR) Post #ATKdQHXhE6N43u88tk by The_Almighty_Kek@nicecrew.digital
2023-03-06T07:29:40.106521Z
0 likes, 0 repeats
I hate niggers, too, man.
(DIR) Post #ATKdbFdYeR6VL06QRU by p@freespeechextremist.com
2023-03-06T07:31:39.865786Z
0 likes, 0 repeats
@lanodan @ademan @deprecated_ii Yep. diff still emits ed scripts by default.
(DIR) Post #ATKdfoiIBE2pHdUhc0 by p@freespeechextremist.com
2023-03-06T07:32:29.387337Z
1 likes, 0 repeats
@tyler @graf @mia @deprecated_ii @ademan :drinkfluoride:
(DIR) Post #ATKdpQsrdGdMH11Yps by p@freespeechextremist.com
2023-03-06T07:34:13.654890Z
6 likes, 0 repeats
@graf @tyler @mia @deprecated_ii @ademan > almost universally installed whereas vi/m isntIf it doesn't come with ed, it is technically not POSIX compliant.nano's surprisingly popular with sysadmins. No idea why. First thing I do when I set up a Debuntu machine is `apt-get install ed nvi; apt-get purge nano vim`.
(DIR) Post #ATKduj1NcqKzyPWzeC by istvan@bozgor.org
2023-03-06T07:35:08.932544Z
0 likes, 0 repeats
It all comes back to security through obscurity.You have a better luck that the guys at RackNigger.com will be too lazy or high to open the ADL email whereas AmaZOG Cloud will clap its heels and salute the second the bits come down the cable.
(DIR) Post #ATKdzip1nGeans8VQu by graf@poa.st
2023-03-06T07:36:03.596631Z
3 likes, 0 repeats
@p @tyler @mia @deprecated_ii @ademan im just so used to it being the default i dont bother unless its a devel machine. speaking of, our datacenter is building us out an identical server so we can crashcart between them with next to no downtime -- the catch is i have to move poast one more time sometime in the next week or two so we will have 2x our build racked and idle for easy switch in the event a crash cart is needed. 10-15m turnover instead of the entire day that one time we were doing surgery on the database lol
(DIR) Post #ATKeGTmSyCxb4nvdBo by graf@poa.st
2023-03-06T07:39:05.649769Z
3 likes, 1 repeats
@istvan @mario @Elliptica the point is you cant rely on one method to make sure you aren't deplatformed. you have to research, in our case we speak to the datacenters that work with us so they know what they are getting involved with when they choose to accept our hardware. some people cant do that, but you can still reach out and explain. that goes 10x further than just trying to fly under the radar and crying when you get noped for hosting whatever
(DIR) Post #ATKeuDDDzSptH2OHLc by istvan@bozgor.org
2023-03-06T07:46:15.862866Z
0 likes, 0 repeats
It’s definitely going to be more challenging when you are responsible for other users.When you are just here for shits and aren’t a narcissist who cares about his follower count, it’s no big deal to just grab a new domain and another LowendBox $6 trash host and spin it up for a couple months.
(DIR) Post #ATKfPSPxVUxBPSFIcS by lewdthewides@hidamari.apartments
2023-03-06T07:51:17.940780Z
3 likes, 0 repeats
@mario @Elliptica @graf configure your ssh to listen at a custom port in the 10000 - 65535 range. Vast majority of script kiddies don't bother scanning that high
(DIR) Post #ATKfSNGf6w42J2Hvl2 by mario@hornyjail.pro
2023-03-06T07:52:22.319102Z
1 likes, 0 repeats
i have endlesssh listening on port 22 :akko_fingerguns:
(DIR) Post #ATKglBfiY2xbnYXgNE by p@freespeechextremist.com
2023-03-06T08:07:04.521552Z
2 likes, 0 repeats
@graf @tyler @mia @deprecated_ii @ademan > im just so used to it being the default i dont bother unless its a devel machine.I'm old, so nano is "new terrible shit" instead of something I'm used to.> 10-15m turnover instead of the entire day that one time we were doing surgery on the database lol Excellent!
(DIR) Post #ATKgqcb5rqV8knyFSC by graf@poa.st
2023-03-06T08:08:01.846092Z
2 likes, 0 repeats
@p @tyler @mia @deprecated_ii @ademan used to be pico when i was in HS
(DIR) Post #ATKhMe0EB53gNZzqiW by sandwich@poa.st
2023-03-06T08:13:50.406299Z
1 likes, 0 repeats
@loathsome @graf Does it help writing them down on paper (i have all mine in code, only I can understand in case someone reads it or it gets lost)?
(DIR) Post #ATKhaJlKEB0LevXvDk by sandwich@poa.st
2023-03-06T08:16:18.775532Z
1 likes, 0 repeats
@sysrq @dcc Same. I have mine coded & styled in a way that only I understand.
(DIR) Post #ATKhkgkVcNPXqb6qie by dcc@annihilation.social
2023-03-06T08:17:54.899602Z
1 likes, 0 repeats
@sandwich @sysrq i should make all my passwords in greek
(DIR) Post #ATKhylzEwQuq95iRNo by strongerthanyou@poa.st
2023-03-06T08:20:43.973945Z
1 likes, 0 repeats
@Crux_Invictus the one i love (i'm in melbourne) is getting an sms saying i have to pay a tag fine for my car - with a link. me in my head: i don't have (or want) a car but go off with your shady-ass links, you dickhead.
(DIR) Post #ATKicaoHuoBx46a3ay by Crux_Invictus@poa.st
2023-03-06T08:27:55.580455Z
1 likes, 0 repeats
@strongerthanyou Minutes after I signed up for one of those toll tag things I got my first phishing attempt.Bloody ridiculous
(DIR) Post #ATKj96VtZvLqerTpom by strongerthanyou@poa.st
2023-03-06T08:33:48.203507Z
1 likes, 0 repeats
@Crux_Invictus it's so lame. i got a phishing email back in the day when all those celebs got their nudes hacked via the same faux apple email. luckily i knew about it, but that one was scary because if you didn't know about it, it would've been terribly convincing. craziness. 🤬
(DIR) Post #ATKkBiLnyHZiXdZLGK by loathsome@petrolkorps.cc
2023-03-06T08:19:32.649501Z
1 likes, 0 repeats
Sure. Just be aware that there are all kinds of cryptanalysis techniques that might break your code, if someone REALLY wants to figure out your passwords.
(DIR) Post #ATKkI9bBZnxOmspl8C by sandwich@poa.st
2023-03-06T08:46:38.711038Z
1 likes, 0 repeats
@loathsome @graf That is very true. Luckily if they ever get into my pics they'll be disappointed w/the thousands of pics of old homework notes/assignments, cats, family, selfies....boring shit
(DIR) Post #ATKms2aDL0JLMVcSO0 by dcc@annihilation.social
2023-03-06T09:15:16.287358Z
1 likes, 1 repeats
@kirbyV2 @p @sysrq @graf when
(DIR) Post #ATKrUx6s1LkdUthhse by p@freespeechextremist.com
2023-03-06T10:07:23.795341Z
2 likes, 0 repeats
@graf @tyler @mia @deprecated_ii @ademan Back in the day!
(DIR) Post #ATKrauUiep577ihSme by graf@poa.st
2023-03-06T10:08:26.899129Z
1 likes, 0 repeats
@p @tyler @mia @deprecated_ii @ademan you and me, we are old as fuck my man. i started with caldera openlinux 1.3this is what i started internet with archive.org/details/OpenLinux1.3
(DIR) Post #ATKsEcT56AeGnarv2e by p@freespeechextremist.com
2023-03-06T10:15:38.989312Z
2 likes, 0 repeats
@graf @tyler @mia @deprecated_ii @ademan Man, I have not seen Caldera in a long time. Came with StarOffice!
(DIR) Post #ATKsLXSY7Q7xIAv3Gy by graf@poa.st
2023-03-06T10:16:52.706006Z
1 likes, 0 repeats
@p @tyler @mia @deprecated_ii @ademan that was my shit man. thats what i learned with and moved from that to slackware to gentoo
(DIR) Post #ATKwvsuQFMGa3gXjjk by lelouchebag@shitposter.club
2023-03-06T11:08:16.302327Z
0 likes, 0 repeats
@graf >passwordsWere they not hashed and salted? I thought this was default pleroma unless ch*dbuds ran something else
(DIR) Post #ATKx1kNireONLg2lIu by graf@poa.st
2023-03-06T11:09:19.617521Z
0 likes, 0 repeats
@lelouchebag it is and ours are and seeing the replies in the thread the are bcrypted which is the standard pleroma setup so I think maybe in the case of passwords they may have been given over plaintext in chats
(DIR) Post #ATKxKGDTF6JTIK4mhs by lelouchebag@shitposter.club
2023-03-06T11:12:41.226073Z
0 likes, 0 repeats
@graf Read this: https://poa.st/objects/e0d3d40f-bb91-446e-8e79-c9dad921ab75So they were salted but dingdong didn't secure the salt? What a mess
(DIR) Post #ATKxWjfBaKmm67zKj2 by graf@poa.st
2023-03-06T11:14:55.448239Z
0 likes, 0 repeats
@lelouchebag I don't personally know to what extent the salt used in the pleroma config was used. pete says it independent of the database salt but I've never tried to reverse engineer a users password so I don't know if that's possible. I know they are bcrypted. I'd rather warn people to change than stay silent, too
(DIR) Post #ATKxxsjdxpMQ3K19pg by lelouchebag@shitposter.club
2023-03-06T11:19:50.763739Z
1 likes, 0 repeats
@graf No you're right, they could generate their own rainbow table if they have the salt. For examplebatman123 -> hash -> hashedpassbatman123 -> salt+hash -> differenthashpassbut since they know the salt they can feed in like the top 10,000 most common passwords into the salt+hash, and see where in the dump that hash comes up and figure out their password is batman123. Hence why securing your salt is absolutely vital because without it the passwords would be mostly fine
(DIR) Post #ATKy3x6Ke0vDKZWaOm by graf@poa.st
2023-03-06T11:20:55.486809Z
1 likes, 0 repeats
@lelouchebag yeah no they had access to the config pleroma so if you are certain of this then yeah their shit will potentially be leaked
(DIR) Post #ATKyDRRFDj1s1hpad6 by mint@ryona.agency
2023-03-06T11:21:58.658290Z
2 likes, 0 repeats
@mario @Elliptica @graf >Onion fediverse when? (actually that's a really, really bad idea :blobcatsweat:)http://rawrxd4mden7rmbobaftao3qjyxbrvj4rrooehkqxlqcsdtnnn2hndid.onion/
(DIR) Post #ATKyPA5PYqXFgWCv20 by mario@hornyjail.pro
2023-03-06T11:24:46.378233Z
1 likes, 0 repeats
my biggest concern is illegal content, the yearly pawoo incidents are already borderline enough for me
(DIR) Post #ATKyR3cmYZkSDtiin2 by mario@hornyjail.pro
2023-03-06T11:25:06.724863Z
0 likes, 0 repeats
i'm too scared to open that link :blobcatsweat:
(DIR) Post #ATKzX0YWyideOj8JZg by zxcvfadsf@shitposter.club
2023-03-06T11:37:24.286292Z
2 likes, 0 repeats
@p @deprecated_ii @graf @ademan THE STANDARD EDITOR
(DIR) Post #ATKzZubbYg3AoNxJM8 by mario@hornyjail.pro
2023-03-06T11:37:54.395713Z
1 likes, 0 repeats
i'd be interested to know how fedi-over-tor would play out but i'm to scared to participate. really want to avoid illegal content as good as possible and i assume that it would be used primarily to host/share illegal content.
(DIR) Post #ATL092UqDCllQ7XfCC by HWABAG@bae.st
2023-03-06T11:44:16.670186Z
2 likes, 0 repeats
@p @graf just use a notebook (irl) lol
(DIR) Post #ATL1Lz3YPh6mTBVzKS by Moon@shitposter.club
2023-03-06T11:57:44.618153Z
6 likes, 1 repeats
@lelouchebag @graf in pleroma every account's password is hashed against its own randomly generated salt. the salt is as visible as the hash in the db. what this means is, if you have a database dump, you can't use an existing rainbow table; you have to brute-force hashes to guess an individual users's password from their hash; your brute force attempt for that single user can't be repeated for any other user, you just have to brute force second user you want to crack too.
(DIR) Post #ATL1RThhtTFUyAur7Q by graf@poa.st
2023-03-06T11:58:47.862906Z
1 likes, 0 repeats
@Moon @lelouchebag thanks for the clarification I wasn't fully sure
(DIR) Post #ATL1feSWheOONdZdzc by eriner@noagendasocial.com
2023-03-06T12:01:12Z
1 likes, 0 repeats
@Moon @graf @lelouchebag This is why bcrypt is almost always the answer for password hashing. It solves all the problems with a straightforward implementation. Hard to screw it up.
(DIR) Post #ATL1oOMDwDOj32nGPw by Moon@shitposter.club
2023-03-06T12:02:53.595224Z
0 likes, 0 repeats
@eriner @graf @lelouchebag not on spc, but i have messed it up before by changing the hashing rounds manually, and then accidentally dropping a zero lel
(DIR) Post #ATL1uIljd3H7S9Xnzk by eriner@noagendasocial.com
2023-03-06T12:03:56Z
1 likes, 0 repeats
@Moon @graf @lelouchebag lol. Yeah, the difficulty is the only catch. The time-based auto-difficulty on an RPi != Ryzen.
(DIR) Post #ATL20l9f0I5PEBoYoy by 1iceloops123@shitposter.club
2023-03-06T12:05:08.796930Z
0 likes, 0 repeats
@Moon @eriner @graf @lelouchebag if I can't login I'll just ask for a new account on an alt
(DIR) Post #ATL26WTAW4oXQ4ggIC by graf@poa.st
2023-03-06T12:06:12.926600Z
0 likes, 0 repeats
@eriner @1iceloops123 @eriner @Moon @lelouchebag transientloops moment
(DIR) Post #ATL2D8ehSFeXaZEgBk by 1iceloops123@shitposter.club
2023-03-06T12:07:23.278885Z
0 likes, 0 repeats
@graf @eriner @Moon @lelouchebag well I heard a update might screw up my 6 year old account.
(DIR) Post #ATL8CnqTQRomlwxxD6 by Shlomo@poa.st
2023-03-06T13:14:35.779857Z
1 likes, 0 repeats
@graf I facepalmed hard after reading this. Why are people like this.
(DIR) Post #ATL8FWF5KVKN2vlytc by coldacid@noagendasocial.com
2023-03-06T13:15:04Z
0 likes, 0 repeats
@loathsome @GuntGrease @graf absolutely this, every time I see someone push Lastpass or some other online bullshit I think to myself "what an overly trusting retard"
(DIR) Post #ATL8gkx4kRUoUBKwoi by Mythriil@noagendasocial.com
2023-03-06T13:20:00Z
1 likes, 0 repeats
@skylar @graf I’ve studied for infosec before, its nightmare material, all the examples like that that can even lead to getting arrested.
(DIR) Post #ATLBJGsWh4q8Puhacq by p@freespeechextremist.com
2023-03-06T13:49:23.121304Z
0 likes, 0 repeats
@zxcvfadsf @ademan @deprecated_ii @graf Unironically good editor.
(DIR) Post #ATLBL5ATCjk2fzxV8y by p@freespeechextremist.com
2023-03-06T13:49:42.766888Z
0 likes, 0 repeats
@HWABAG @graf As bad.
(DIR) Post #ATLEPk1fXLX6Prkt5k by HWABAG@bae.st
2023-03-06T14:24:09.661948Z
0 likes, 0 repeats
@p @graf you can always light it on fire and bury the ashes.
(DIR) Post #ATLFrWeQxPlEzuhRGi by ademan@thebag.social
2023-03-06T14:40:22.774340Z
1 likes, 0 repeats
I do (well descriptive ones), but not for this instance, there’s hundreds of thousands of dynamically allocated ips.
(DIR) Post #ATLHOpFEwndIAvMFsG by ChurnHinge@poa.st
2023-03-06T11:15:30.504058Z
1 likes, 0 repeats
@theorytoe @graf hey your avatar is HD now
(DIR) Post #ATLHeocZ2C7msEtNJY by p@freespeechextremist.com
2023-03-06T15:00:30.566188Z
0 likes, 0 repeats
@HWABAG @graf A hostproof system doesn't even need burning.
(DIR) Post #ATLI2UlsUFpoGEXXdo by thendrix@social.hendrixgames.com
2023-03-06T15:04:45.340659Z
0 likes, 0 repeats
You don’t have bash aliases?
(DIR) Post #ATLcSwIMm3REEmcgwy by Koropokkur@poa.st
2023-03-06T18:53:39.788059Z
1 likes, 0 repeats
@deprecated_ii @Jean_Philippe_Micheaux @graf mmmm. mousu... prolly chewin on the power cables
(DIR) Post #ATLcsRnulJ4nCSXi7c by Koropokkur@poa.st
2023-03-06T18:58:16.312749Z
0 likes, 0 repeats
@loathsome @graf @GuntGrease ikr. instead of scribbling them onto blank pages in random books, they save them in a folder named PWs