fsebugoutzone.org:9999

       Posts by filippo@mastodon.social
 (DIR) Post #APWy8gfwzGFOu9OYHA by filippo@mastodon.social
       2022-11-12T14:42:56Z
       
       1 likes, 0 repeats
       
       Azure joins the shameful group of companies that block domain fronting. https://news.ycombinator.com/item?id=33572390I am still angry and disappointed by Cloudflare&#39;s decision to block domain fronting and drop Lantern as a customer in 2015. Lantern was one of the most effective Great Firewall bypass proxies at the time, and Cloudflare was expanding in China.
       
 (DIR) Post #APWy8iCxI2F5enqQMK by filippo@mastodon.social
       2022-11-12T14:44:42Z
       
       0 likes, 0 repeats
       
       After blocking them, the CEO went on HN to accuse Lantern of exploiting Cloudflare and to argue that they were not a customer. https://news.ycombinator.com/item?id=9234367That was obviously false because you need to have a Cloudflare zone configured for domain fronting to work. They were a customer as much as the targeted hate websites they strenuously defend.
       
 (DIR) Post #APrDcK7ekj6t2hyJgu by filippo@mastodon.social
       2022-11-21T01:53:41Z
       
       0 likes, 0 repeats
       
       According to analytics.twitter.com I lost ~350 followers in the last 28 days.I am seeing some people saying it&#39;s all bots being cleaned up, so I decided to diff my listfollowers.com dumps that are ~50h apart.These don&#39;t look like bots. I&#39;ll post stats in a moment.
       
 (DIR) Post #APrDcL21NACFrWLKXw by filippo@mastodon.social
       2022-11-21T02:29:35Z
       
       1 likes, 0 repeats
       
       In the last 50h I lost 206 followers on Twitter. 0.4% of the total.From a random sample, 1/10 unfollowed me, 1/10 unfollowed everyone, 8/10 deactivated. (Didn&#39;t bother with the Twitter API.)58% had more than 100 followers. 49% had more than 1000 tweets. 83% had no numbers in their username. 98% were older than a year, 74% older than five years.&quot;Elon is cleaning up the bots&quot; does not seem to hold as a hypothesis. People are definitely leaving Twitter.
       
 (DIR) Post #APrDcNLEmgkx1hLhmC by filippo@mastodon.social
       2022-11-21T02:37:55Z
       
       0 likes, 0 repeats
       
       I don&#39;t ordinarily track unfollows, because people are welcome to do what they wish with their attention and should not feel bad about it.I collected these stats because some people argued that it&#39;s Elon Musk cleaning up bots, which is ludicrous but also easily disproved.
       
 (DIR) Post #APvTK8a5IhWLvxSVAe by filippo@mastodon.social
       2022-11-23T14:48:19Z
       
       0 likes, 0 repeats
       
       Footnotes are critical to my writing process, not because any of you needs to read them, but because they let me hide the paragraphs of tangents that my brain won&#39;t let me omit but that don&#39;t fit in the flow of the piece. This draft I&#39;m polishing is 50% footnote 😅
       
 (DIR) Post #AQ0j20ZithbewsSzYG by filippo@mastodon.social
       2022-11-26T23:02:01Z
       
       1 likes, 0 repeats
       
       I regret to inform you that I made a thing.https://filippo.io/fakenews/
       
 (DIR) Post #AQ4hnWjVjL891EPoKe by filippo@mastodon.social
       2022-11-28T20:36:24Z
       
       0 likes, 0 repeats
       
       @cks age has the advantage of being pretty simple, which makes it easy to gain trust in it. A few folks looked at it at this point, and I am comfortable with it.
       
 (DIR) Post #AQ6cOqP5Lc9vKdBz72 by filippo@mastodon.social
       2022-11-29T19:23:35Z
       
       1 likes, 1 repeats
       
       &quot;Secret Network&quot; is apparently a private blockchain designed such that any point-in-time compromise of SGX deanonymizes all previous transactions.van Schaik, et al. set up a node, used the currently-unpatched SGX vulnerabilities to extract the keys, and deanonymized the whole chain.That&#39;s great work, but this was... predictable, surely?https://sgx.fail/
       
 (DIR) Post #AQ9H09aPNIiS1Tkn44 by filippo@mastodon.social
       2022-11-28T12:52:35Z
       
       0 likes, 0 repeats
       
       https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/XRiWGz4JBQAJ
       
 (DIR) Post #AQ9H0A7NOj5TfjB7S4 by filippo@mastodon.social
       2022-11-30T00:51:26Z
       
       1 likes, 5 repeats
       
       TrustCor, the Certificate Authority who&#39;s being aggressive and condescending on the mozilla.dev.security.policy mailing list, also operates MsgSafe.io, which self-describes as &quot;Most secure email - Free end to end encryption&quot;.They claim they can&#39;t read your emails.I took a few minutes to prove that&#39;s false, by signing up, receiving an email, logging out, resetting my password, and logging in with the new password to find my email sitting pretty in plaintext. 🤷‍♂️https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/09ppQcZnCgAJ?utm_medium=email&amp;utm_source=footer
       
 (DIR) Post #AQ9H0EPbQu2kzPjjPs by filippo@mastodon.social
       2022-12-01T01:01:17Z
       
       1 likes, 4 repeats
       
       Mozilla is distrusting TrustCor.Certificates issued from December 1st onward won&#39;t be trusted, roots will be removed once current certificates expire.Note that this probably means systems like Linux distros that just consider the Mozilla root store a bag of certificates will fully trust TrustCor for at least another year, likely longer due to release lag.https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/62669320-d923-4339-b557-9e2bfe0f9f52n%40mozilla.org
       
 (DIR) Post #AQK3hZWtX4W6JjTkDQ by filippo@mastodon.social
       2022-12-05T17:17:45Z
       
       0 likes, 0 repeats
       
       Sigh. The architecture of the fediverse is even more hostile to self-hosting than I thought.I already knew you can&#39;t have multiple identity domains (the ones in the username) hosted at the same instance.TIL that while Mastodon considers the identity domain canonical, Pleroma tracks the URL the API is hosted at.In email terms, it&#39;s as if your identity was tied to the domain you access your webmail at.https://github.com/mastodon/mastodon/issues/5774#issuecomment-1337381347https://git.pleroma.social/pleroma/pleroma/-/merge_requests/294#note_4915
       
 (DIR) Post #AQK3ha2ncS2NugPDwe by filippo@mastodon.social
       2022-12-05T17:21:25Z
       
       0 likes, 0 repeats
       
       In practice it means that I can&#39;t have @filippo@filippo.io as my username, and then delegate it to a masto.host instance I access at, say, filippo.masto.host. I need to put the instance on a domain I control and never change, with all the risks involved in delegating a subdomain.For a network that compares itself to email and preaches &quot;own your identity&quot; it certainly makes it hard, unless you go straight for the true and pure solution of self-hosting everything. Users need graceful on-ramps.
       
 (DIR) Post #AQK3haa7cYgza1zpsu by filippo@mastodon.social
       2022-12-05T17:38:57Z
       
       0 likes, 0 repeats
       
       Like, imagine if having your email address alice@example.com hosted on Gmail meant that some email implementations forever remembered you as alice@aspmx.l.google.com with no way to change that. That&#39;s how Pleroma works, apparently as mandated by the ActivityPub spec.