Post AWNfTPMOjTZOAIscNc by indieterminacy@social.coop
(DIR) More posts by indieterminacy@social.coop
(DIR) Post #AWNaD076KdrXSZ59RA by risottobias@tech.lgbt
2023-06-05T01:31:26Z
0 likes, 0 repeats
is removing server headers actually beneficial to #security, or is it #securitytheater e.g., removing the #mastodon server versionpros: for a widely used software (like apache), knowing the exact version helps you narrow down exploits.rebuttal: you know it's mastodon or #lemmy already.cons: think like a user. Removing the server version means that users can't know that you've lapsed in updating the site.transparency over obscurity.#cybersecurity
(DIR) Post #AWNaD1DAFaJ4revVWi by indieterminacy@social.coop
2023-06-05T02:18:00Z
0 likes, 0 repeats
@risottobias I felt that the design decisions within the #GeminiProtocol for having a minimalist header felt sound.'Here is the content'
(DIR) Post #AWNaD1i0OuycPJM8bA by risottobias@tech.lgbt
2023-06-05T02:13:07Z
0 likes, 0 repeats
here's a good case for publishing version numbers:https://rwhb.me/20221204/
(DIR) Post #AWNaD1q9ubUyobAeJ6 by risottobias@tech.lgbt
2023-06-05T02:29:45Z
0 likes, 0 repeats
@indieterminacy could also just say what features you support, instead of guessing the features based on the versionLike how SMTP or MySQL return what plugins are turned on
(DIR) Post #AWNaD2qu9JgnxCWl6m by indieterminacy@social.coop
2023-06-05T02:36:51Z
0 likes, 0 repeats
@risottobias I get what you are saying.The protocol aims to either send the format #Gemtext, which provides a simpler #markdown format, else what is refers to as a 'binary', which would be a file which has no (direct) syntax assumptions.But back to your point there was a recent conversation in this matrix room that touches upon that topic (somewhat):https://matrix.to/#/#fediverse-city:matrix.orgIt involves @quilnux and @strypey
(DIR) Post #AWNaD3ZDUZ8QAdG9B2 by strypey@mastodon.nzoss.nz
2023-06-05T11:13:59Z
0 likes, 0 repeats
@indieterminacy> there was a recent conversation in this matrix room that touches upon that topicI'm a bit embarrassed to see this linked here, since was my tone in this exchange was... less than exemplary. But...... the true disagreement isn't really about server version data. It's about whether the social value of the NodeInfo and stats site infrastructure, outweighs any security downsides it involves. I think it does. @quilnux is not convinced ; )@risottobias
(DIR) Post #AWNfTPMOjTZOAIscNc by indieterminacy@social.coop
2023-06-05T12:12:58Z
0 likes, 0 repeats
@strypey @quilnux I liked the conversation, I wouldnt worry. Happy to purge the message if needs be (and apologies if cross referencing like that is uncouth) @risottobias
(DIR) Post #AWNjFI07hGzb6Sz5P6 by strypey@mastodon.nzoss.nz
2023-06-05T12:55:13Z
0 likes, 0 repeats
@indieterminacy> Happy to purge the message if needs beNot at all. It's a public chat room and it's perfectly fine to link to it IMHO.I'm just trying to hold myself to the highest possible standard of friendly and respectful behavior, and for me that includes openly acknowledging it when I fall short of that standard.@quilnux @risottobias
(DIR) Post #AWNkg7LpV7WDqWUgIi by risottobias@tech.lgbt
2023-06-05T13:11:19Z
0 likes, 0 repeats
@strypey @indieterminacy @quilnux I'm just a newb and a know it all but I'll shut up 😅Me and my dunning Kruger effect
(DIR) Post #AWNlqXKfrETRHAU9rs by strypey@mastodon.nzoss.nz
2023-06-05T13:24:25Z
0 likes, 0 repeats
@risottobias> I'm just a newb and a know it all but I'll shut upYou're asking good questions and learning stuff. Don't you dare shut up. Keep going! @indieterminacy @quilnux