Post ATgmlxW6REbjVaxFpY by lamp@berserker.town
(DIR) More posts by lamp@berserker.town
(DIR) Post #ATgjOkXMENTCjImbSa by lamp@berserker.town
2023-03-16T23:20:15Z
8 likes, 3 repeats
Lole
(DIR) Post #ATgjZFc9Xb7Q0h27oe by AshChapelsGhost@poa.st
2023-03-16T23:22:10.524669Z
0 likes, 0 repeats
@lamp Fucken OOPS.
(DIR) Post #ATgkgSxoPH55OTAVoe by r000t@ligma.pro
2023-03-16T23:34:06Z
2 likes, 0 repeats
@lampLmao who wants the list? @graf
(DIR) Post #ATgklBHlYqXm0ukZSS by r000t@ligma.pro
2023-03-16T23:34:38Z
1 likes, 0 repeats
@lampAbsolutely spectacular domain btw @graf
(DIR) Post #ATgl6CS6Q021iIbiyG by r000t@ligma.pro
2023-03-16T23:39:02Z
1 likes, 0 repeats
@botLamp already iterated over the like 20k pages so I didn't duplicate work. I'll be at my computer in like 30 minutes but the compressed list is like 200MB.Also I'm pretty sure the misconfiguration was there well after the 24th.@lamp @graf
(DIR) Post #ATglwuVHsiMrOXEPeC by r000t@ligma.pro
2023-03-16T23:48:31Z
1 likes, 0 repeats
@botYes. They're someone's media uploads. Only reason they'd be gone is a deletion in the case of local media and pruning in the case of remote media. There'd be no indication as to which ones were DMs for example, but there's plenty of tools that look for things people would consider private. @lamp @graf
(DIR) Post #ATgmG63R9zAQilLyS0 by lamp@berserker.town
2023-03-16T23:52:18Z
2 likes, 0 repeats
@r000t @bot @graf i also got some of the dumps
(DIR) Post #ATgmHWsWukKCChw1J2 by p@freespeechextremist.com
2023-03-16T23:52:35.664098Z
2 likes, 0 repeats
@r000t @lamp @graf If you got it.
(DIR) Post #ATgmU3BUcyZxsEm7bE by lamp@berserker.town
2023-03-16T23:54:48Z
3 likes, 1 repeats
@p @r000t @graf https://avps.owo69.me/fms.tar.gz https://avps.owo69.me/fmo.tar.gz
(DIR) Post #ATgmiAX26giciQaB9c by HitlerIs6_5@nicecrew.digital
2023-03-16T23:56:46.235106Z
1 likes, 0 repeats
Depends on whether or not people named their files stupid shit that gives away private information.
(DIR) Post #ATgmktBF4khllmgf9U by lamp@berserker.town
2023-03-16T23:57:52Z
0 likes, 0 repeats
@HitlerIs6_5 @r000t @graf @bot mastodon doesnt save file names
(DIR) Post #ATgmlxW6REbjVaxFpY by lamp@berserker.town
2023-03-16T23:58:04Z
0 likes, 0 repeats
@bot @r000t @graf yes
(DIR) Post #ATgmn6qnDmLQkKBHRA by Jain@blob.cat
2023-03-16T23:58:15.683167Z
2 likes, 0 repeats
@lamp @p @r000t @graf :blobcatfrowningbig: why are you interested in that list anyway?
(DIR) Post #ATgmxhAf2O1MHuWPTs by HitlerIs6_5@nicecrew.digital
2023-03-16T23:59:11.502295Z
0 likes, 0 repeats
oh so it's literally just a list of everything that was uploaded? I guess that's useful for datamining purposes or if people are retarded and posting images with dox info behind dms/private accounts.
(DIR) Post #ATgmxhfVBigtpYx2YK by r000t@ligma.pro
2023-03-16T23:59:54Z
1 likes, 0 repeats
@HitlerIs6_5 They do. But what's even more useful is hitting them with OCR to find "dunks"@lamp @graf @bot
(DIR) Post #ATgn1AX6KKiiDlfro8 by lamp@berserker.town
2023-03-17T00:00:49Z
0 likes, 0 repeats
@r000t @HitlerIs6_5 @graf @bot ooooo OCR havent thought of that
(DIR) Post #ATgn4kDy5FK9miQio4 by graf@poa.st
2023-03-17T00:01:28.096148Z
0 likes, 0 repeats
@lamp @r000t @HitlerIs6_5 @bot did you scrape any of the media or is it just a raw list?
(DIR) Post #ATgn8xIFR2pTTZRKDI by Jain@blob.cat
2023-03-17T00:02:13.092763Z
1 likes, 0 repeats
@lamp @graf @p @r000t its not cool to leak data from a server like this tho... that can be compared to doxing imho... no one from this server, even not gargron deserves that
(DIR) Post #ATgnEurnN1W7gfuQLo by lamp@berserker.town
2023-03-17T00:03:18Z
0 likes, 0 repeats
@graf @r000t @HitlerIs6_5 @bot too much to scrape
(DIR) Post #ATgnLKmZvdpRnkWsTY by r000t@ligma.pro
2023-03-17T00:03:07Z
2 likes, 0 repeats
@Jain You have no idea what they've done to me. @lamp @p @graf
(DIR) Post #ATgnPTw1qH5pLTvYO0 by Jain@blob.cat
2023-03-17T00:05:11.357327Z
1 likes, 0 repeats
@r000t @lamp @p @graf tell me
(DIR) Post #ATgoEh78bNVazMXl0C by r000t@ligma.pro
2023-03-17T00:14:28Z
4 likes, 1 repeats
@Jain - Multi-year libel campaign - Full-scale cancellation including complaints to pretty much everywhere I have an account- No action taken on direct threats of violent physical harm to me specifically. As in, it's okay to do that, but only to me. Gargron says this is because I was "too loud" about people making direct threats of violent physical harm to me. - They've swatted me for making a search engine Basically, for every rule mastodon.social has, people on that instance and remote instances are allowed to, and do frequently, break them, but only towards me. @lamp @p @graf
(DIR) Post #ATgofs4ZxvewnNJ0S0 by Jain@blob.cat
2023-03-17T00:19:23.079675Z
1 likes, 0 repeats
@r000t @lamp @p @graf i agree that this is bad and you deserve better but does that but does that justify a data leak?imho no
(DIR) Post #ATgoz4h1GjU9RCRVa4 by r000t@ligma.pro
2023-03-17T00:22:51Z
1 likes, 1 repeats
@JainThe reason they deserve the leak, is because I have a known history of finding security bugs in Mastodon, and yet the person responsible for receiving those reports, which I do still send, has taken every measure to avoid messages from me? Eugen is so married to "don't feed the trolls" that he outright blocks vulnerability reports. This is not the action of a sane and rational software vendor. @lamp @p @graf
(DIR) Post #ATgpQbL405ByVQIZqi by Jain@blob.cat
2023-03-17T00:27:48.491099Z
0 likes, 0 repeats
@r000t @lamp @p @graf :blobcatoh: i agree on that too, but you are playing with data from his users which still dont deserve that
(DIR) Post #ATgpUvT968tk668oee by r000t@ligma.pro
2023-03-17T00:28:17Z
3 likes, 0 repeats
@bot @lamp @HitlerIs6_5 @graf
(DIR) Post #ATgpk0UCj8J008pMcC by p@freespeechextremist.com
2023-03-17T00:31:21.367472Z
3 likes, 0 repeats
@Jain @r000t @graf @lamp The data *is* leaked. Using it to cause problems, that's another matter, that's probably a bad idea, but having it is just having it.
(DIR) Post #ATgqLAqt9LRmrhA0qe by lamp@berserker.town
2023-03-17T00:38:03Z
4 likes, 0 repeats
@Jain @p @r000t @graf mastodon is a public publishing network and they have a clear warning not to "share sensitive information over mastodon" for a reason. dm to other servers and they can leak just as well. If this is an actual problem to you then it's all your fault, IMO. I do not think anything nefarious can be done with this, it's just fun.
(DIR) Post #ATgr89Sn6LhgkQF9Qe by Jain@blob.cat
2023-03-17T00:46:52.637677Z
0 likes, 0 repeats
@lamp @p @r000t @graf i disagree upon that... yes theoretically DMs could be leaked from each server receives DMs but that doesnt mean that they do that... i would prevent sending DMs to such servers too and no i think thats not a problem of myself, its more like having trust in fediverse and its protocols. Like in emails you also have a certain trust that the server receives an email wont publish it publicly... of course i can't do anything against what you are doing but at least i can tell you that i do not agree with your way of handling data of other peoples
(DIR) Post #ATgsBoCEDKN7twnuJE by p@freespeechextremist.com
2023-03-17T00:58:47.440936Z
4 likes, 0 repeats
@Jain @lamp @graf @r000t > Like in emails you also have a certain trust that the server receives an email wont publish it publicly... Not really. That's why we have PGP. Trust in the server isn't even a factor:https://en.wikipedia.org/wiki/Lavabit> Lavabit is an open-source encrypted webmail service, founded in 2004. The service suspended its operations on August 8, 2013 after the U.S. Federal Government ordered it to turn over its Secure Sockets Layer (SSL) private keys, in order to allow the government to spy on Edward Snowden's email.
(DIR) Post #ATgsh6LAnuF19TuRai by Jain@blob.cat
2023-03-17T01:04:25.050606Z
1 likes, 0 repeats
@p @lamp @r000t @graf :blobcatgoogly: pgp is another layer, yes... and we can use pgp everywhere like here in fedi too... but that in no way means that one should like any data you possibly ever could get!
(DIR) Post #ATgt3hO7k63EQL45CK by p@freespeechextremist.com
2023-03-17T01:08:31.647203Z
3 likes, 0 repeats
@Jain @graf @lamp @r000t If the information leaves your computer, assume it could become public at any time without warning: maybe there's a leak, maybe there's a crack, or maybe the government just grabs it.
(DIR) Post #ATgtM7GUGuUztMH6qO by r000t@ligma.pro
2023-03-17T01:11:50Z
0 likes, 0 repeats
@p @lamp @Jain @graf ActivityPub needs a basic extension for per-client keypairs that DMs are encrypted with before sending.
(DIR) Post #ATgtgjv6GMLnZP6aZs by modpod@blob.cat
2023-03-17T01:15:34.871315Z
1 likes, 0 repeats
@p @lamp @Jain @r000t @graf this is true.and wow what a spectacular mess.
(DIR) Post #ATgtvOtmhYPUiYTsEC by p@freespeechextremist.com
2023-03-17T01:18:14.120626Z
0 likes, 0 repeats
@r000t @lamp @Jain @graf You can tell me that, but I have been saying this for years. I am writing facilities for this, but the default activity for AP stuff coming across the bridge is to silently drop DMs going through the bridge because AP does not have this and it would not work well as an AP extension. I don't think you can do host-proof encryption very well over AP. I'm sure there are implementations of this kind of thing but it would have to be client-side.If you could rig up some sort of support for clients to do DMs through libpurple, you could *probably* do OTR. I don't even remember if finch/pidgin still supports OTR very well. But it would all have to be client-side or it's not E2EE.
(DIR) Post #ATgvFeH9L9pw9bd248 by hdtv@mastodon.hdcraft.xyz
2023-03-17T01:33:03Z
0 likes, 0 repeats
@lamp True, its honestly impressive how much you did so quickly LOL. Not a fan of any servers that block other instances for things that aren't illegal. If they were more open to at least just limiting instances, then I think it would be different.
(DIR) Post #ATgvoGaVP2R2p5BnAu by dcc@annihilation.social
2023-03-17T01:39:19.067153Z
1 likes, 0 repeats
@p @lamp @Jain @r000t @graf pidgin and the android clients can do otr well but otherwise your screwed on what clients you can use, also you can't encrypt images
(DIR) Post #ATgwMKfqiVchLFvsiu by modpod@blob.cat
2023-03-17T01:45:30.309247Z
1 likes, 0 repeats
@p @lamp @Jain @r000t @graf pidgin does have OTR, but i cant recall how well it works. nobody really to test it with. :)ps, the leak appears to be patched, <Error><Code>AccessDenied</Code><Message>Access Denied</Message></Error>or perhaps i'm just not doing it right.files.mastodon.social/[slug from xml with rest of path.]oh well. :)
(DIR) Post #ATgxDV7Sc08R5MCTMO by lamp@berserker.town
2023-03-17T01:55:05Z
2 likes, 1 repeats
@modpod @Jain @p @r000t @graf They deleted all the user archives and turned off the public listing. but here's a glimpse https://web.archive.org/web/20230224045603/https://files.mastodon.social/?prefix=backups
(DIR) Post #AThPGpHgtPlrDAMKyO by modpod@blob.cat
2023-03-17T07:09:26.696314Z
1 likes, 0 repeats
@lamp @Jain @p @r000t @graf thank you. yeah i have several gigs of that now, i dl'ed your gunzipped tarballs earlier. it was interesting to look at, although i had no nefarious purpose, just wanted to see what it looked like. :)