Posts by spencerdailey@journa.host
(DIR) Post #AQehQy1h5DBghJiirA by spencerdailey@journa.host
2022-12-16T05:57:04Z
0 likes, 1 repeats
here's a fun bit of trivia: more Mastodon posts were clustered to Techmeme's top stories tonight than ever before https://www.techmeme.com/221216/h0050
(DIR) Post #ARzCN0417meWjZmShM by spencerdailey@journa.host
2022-12-21T18:53:47Z
0 likes, 1 repeats
If you had said 3 months ago that I'd be boosting posts about decentralized protocol projects, I'd have channeled years of web3 skepticism into a categorical denial. But here we are in blockchain-less Mastodon-land, which has totally rehabilitated the brand of 'decentralized' and reminded us of the great successes of email, internet, and torrent tech, and that we should want more. https://mastodon.cloud/@anildash/109502799592437348
(DIR) Post #ASBvfoBaL18XEQBMem by spencerdailey@journa.host
2023-01-05T01:56:14Z
1 likes, 0 repeats
I love so much about Mastodon, but I'm afraid its threat model is borked. If dozens upon dozens of governments are hacking journalists' iPhones and Android devices, the odds that servers (each hosting thousands of accounts) aren't hacked (now or later) is close to zero,and that makes me uneasy. Look at a project like Wordpress or Drupal, which fairly often undergo mass 0-day exploit events, and tell me that Mastodon won't just once. It only takes once b/c when hackers get your keys it's over 1/3
(DIR) Post #ASBvfteU10DuBUk0tU by spencerdailey@journa.host
2023-01-05T02:14:38Z
0 likes, 0 repeats
I think this raises stakes for Mastodon scaling up its team with top-notch people who can pay the attention needed to mitigate security issues (not sure you can "fix" all of them). It's great that infosec is already on Mastodon in full force, yet I've learned via their chatter of the myriad ways this implementation of activityPub can be abused to bring down servers (via denial of service or straight-up security issues).b4 🐘 is popular,we need a network designed to withstand popularity/notoriety
(DIR) Post #ASBvfwuXtjr2IBHNqa by spencerdailey@journa.host
2023-01-05T02:21:11Z
0 likes, 0 repeats
Nostr's federated social model lets users (locally) own their social identity's private keys. Maybe Bluesky/ATProtocol will too, but that's likely DOA b/c Elon is steering it now :/ . That way, when the public-facing relays inevitably get hacked, the attacker doesn't literally steal their identity. That is nice, and Mastodon doesn't benefit from that design. Which means the stakes are exceedingly high that this project tightens its security. I fear its too late. But I'll enjoy it while it lasts.
(DIR) Post #ASBvg3zPa2uEFIbru4 by spencerdailey@journa.host
2023-01-09T03:34:16Z
0 likes, 0 repeats
see above^ @jerry @SwiftOnSecurity @Pwnallthethings Do any of you feel like saying "Mastodon's threat model is borked" is an overreaction? I'm just concerned it would take merely one 0day event (like https://www.techmeme.com/150919/p1#a150919p1, https://www.techmeme.com/180330/p15#a180330p15, https://www.techmeme.com/141016/p46#a141016p46, etc etc) to completely reset this experiment. We all see how hard nation states attack Twitter - from killing DNS resolving services, to flooding Twitter with porn, to bribing employees, etc.. Could Mastodon survive success?
(DIR) Post #ASBvg8f2DEZqjY7AKu by spencerdailey@journa.host
2023-01-31T04:05:20Z
0 likes, 0 repeats
the silence in the replies here is deafening.
(DIR) Post #AYjHrCq8S03d4hKiMi by spencerdailey@journa.host
2023-08-14T17:47:57Z
1 likes, 0 repeats
if you were wondering how crypto was doing these days
(DIR) Post #AhzG314LdsCUEQIQz2 by spencerdailey@journa.host
2024-05-05T13:22:23Z
0 likes, 0 repeats
"Remember when Tesla held that press conference showing a faked battery swap between cars, and promised it would be rolling it out within a year?" Lovely comments here. https://reddit.com/r/RealTesla/comments/1ckemu5/fired_supercharger_maintenance_workers_say/