If everything is fine with this RC, you can expect the final 0.21 release by the end of the week 🎉
Failed exploit against our Mastodon server. SQL injection attempt, obviously.
@tux They seem to be interested in you. 😉
Why are we flooding your feed today? Because we feel we are entering into a perfect storm of privacy issues.
We believe that engaging in and out of our personal networks can help us correct course.
1. We have an unprecedented attack on #encryption, in the US with the EARN-IT act, and beyond.
2. Pervasive widespread person-tracking is being embraced by governments and the public, often unwittingly.
3. Fear may prompt the public to cling to ideologies that are injurious to #privacy.
The mobile app for #Jitsi Meet has been updated to 20.1 this week.
They fixed an annoying bug in the settings dialog. Entering a custom URL for the server was a real pain. Now it’s quite easy.
This is very good news. There are lots of Jitsi Meet instances around, and this setting is really useful. (And I had some friends about to give up only because of that poor usability problem.)
Some people might say: "I want a restrictive #licence to the software I’m writing, to prevent 'bad guys'—e.g. the military, the Mafia—from using it."
Bad idea: if people are killing other people, software licences are probably not something they would really care about.
Better stick with licences that do not impose personal views about who and what purposes. (Copyleft is important, though.)
It is interesting to see how attacks are quickly mutating.
Today, hundreds of "GET /.aws/credentials" requests started popping up.
In the past hours, I have seen a large number of requests in my #nginx log.
"GET /.env HTTP/2.0" 403 146 "-" "curl/7.58.0"
Hundreds of bots looking for the file, then going away. Most addresses resolve in compute.amazonaws.com
They are very obviously trying to get a config file. Is it still that old Laravel #exploit?
Here is what it looks like.
It feels good to live away from Windows machines. This is getting creepier every day.
Installing #Chrome also installs a side executable that can search the hard drive and remove programs it thinks might interfere with the browser.
Remember: If you behave like malware, then you ARE malware.
How shall we deal about expiry dates for GPG keys?
1) Teach them how to renew their keys
✅ They become self-supporting
❌ Way too complicated. Error-prone
2) I keep their private keys and do it for them
❌ Unethical to potentially become a privacy-violator myself
3) Set a key that never expires (or in 10+ years)
✅ No need to worry
❌ What if their phones get stolen or hacked?
Any better idea?
Stand in solidarity with your favorite demonetized YouTuber,
I inadvertently saw a user applying the 4-word password principle in front of me:
– Teenage Mutant Ninja Turtles
I bet this opens the door to a new type of effective dictionary attacks.
Lesson for all of us: teach your users to be smart and never rely on simplistic rules.
Helping the Free Software Movement since 1997
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!