A trick used by me today to quickly found the few remaining spammers:
in the PGSQL DB :
select id,username,domain,display_name,avatar_file_name from accounts where username ~ '^[0-9a-z]{10}$' AND username=display_name and created_at > '2024-02-15 00:00:00' and suspended_at IS NULL AND avatar_file_name IS NULL limit 100;
Then from the obtained file :
for i in $(cat piaille-spam.txt|awk '{print $1}' ) ; do xdg-open "https://piaille.fr/admin/accounts/$i"; sleep 6 ; done
New #ejabberd problem: I keep getting Invalid value for option 'sql_username': ejabberd with the below configuration. I’ve also tried having the sql_* options at the top level rather than under host_config, but I don’t see any difference in behavior. I’m using version 18.12.1 with erlang-p1-pgsql 1.1.6.
@tksql_* options along with default_db, auth_method, and new_sql_schema should be at top level unless you specifically want to configure them differently for each domain. I have this block in top-level right below the hosts lists:
And on the postgres side I have an ejabberd database owned by the ejabberd postgres role. Since iirc you’re migrating from mnesia I think the docs said you’ll need to run a migration script and maybe apply the schema manually
Account portability is the major reason why we chose to build a separate protocol. We consider portability to be crucial because it protects users from sudden bans, server shutdowns, and policy disagreements. Our solution for portability requires both signed data repositories and DIDs, neither of which are easy to retrofit into ActivityPub. The migration tools for ActivityPub are comparatively limited; they require the original server to provide a redirect and cannot migrate the user’s previous data.
Other smaller differences include: a different viewpoint about how schemas should be handled, a preference for domain usernames over AP’s double-@ email usernames, and the goal of having large scale search and discovery (rather than the hashtag style of discovery that ActivityPub favors).
Ok, so I've got a Debian 12.5 VM spun up, FusionPBX 5.2 installed with all of its dependancies, including FreeSwitch 1.10 something, and I've got a voip.ms SIP account with credentials and an active DID. I had to fight with fail2ban for hours to not have it block the voip.ms server. Now got that figured out, and have a SIP registration, but nothing further than that. Tried creating an inbound destination, but logs keep saying that the user 123456 needs to be created, and authentication granted within the domain of <MyPrivateIP> and then another line stating within the domain of <MyPublicIP> where 123456 is the six-digit SIP username assigned to me by voip.ms, and to which I am registering with. Wellp, I'm newby frustrated, and now just have to really try hard to get over the huge overpowering desire and hurdle of "give up on this piece of shit because I don't get it" surging through my veins.
Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use...
Passwords are known (or accessible in a password manager) by the user and the user gives one to a site to prove they are who they say they are. The user can be tricked into giving that password to the wrong site (phishing).The site can also be hacked and have the passwords (or hashes of the passwords leaked), exposing that password to the world (a data breach).
With passkeys, the browser is the one checking that it’s talking to the right site before talking by making sure the domain name matches. Passkeys also don’t send a secret anywhere but instead use math to sign a message that proves they are the returning user. This security is possible because there is a public key and a private key. The user is the only one with a public key. The authenticity of the message is guaranteed by math by checking it with the public key that the user provided to the site when they registered their passkey. The site doesn’t need access to the private key that the user has to verify the message so there’s nothing sensitive for the site to leak.
In practical terms, instead of having to have your password manager autofill the username and password and then do some kind of second factor, it just signs a message saying “this is me” and the site logs you in.
@noellemitchell It means you can use your own domain as part of your username / handle. It allows you use the same online identity. Either requires settings in your DNS or you can upload a file to a website you control
Interestingly, the .af NIC just suspended inet.af, too. It used to host Go modules. This suggests queer.af maybe wasn't specifically targeted for being LGBTQ+ friendly, but for being unrelated to Afghanistan.
That’s not how that works. Domains are registered and basically rented year by year from registrars and they seized it from them.
Mastodon has nothing to do with it. Mastodon is like lemmy, anyone can run their own instance. For example I have a ton of domains, most notably to go along with my username I’ve “owned” rdyoung.info for like 20 years now. I could run my own instance and point that domain at it or the other ones I own.
In Mastodon/Lemmy/Kbin/ActivityPub, your identity is tied to your instance. So if your instance shuts down, you lose all your followers/followees/subscriptions/DMs
In Nostr, your identity is your public key so your relay can shut down and everything is fine since your identity isn’t tied to your relay/instance.
BlueSky’s proposed solution to this is to have your username be yourname@somedomainyouown.com. Which requires buying a domain name, which are limited resources, costs >$10 per year, and requires manually configuring DNS records which is not fun.
In Mastodon/Lemmy/Kbin/ActivityPub, your identity is tied to your instance. So if your instance shuts down, you lose all your posts/followers/followees/subscriptions/DMs
In Nostr, your identity is your public key so your relay can shut down and everything is fine since your identity isn’t tied to your relay/instance.
BlueSky’s proposed solution to this is to have your username be yourname@somedomainyouown.com. Which requires buying a domain name, which are limited resources, costs >$10 per year, and requires manually configuring DNS records which is not fun.
American nonprofit OCLC is known globally for its leading database of bibliographic records, WorldCat. A few months ago, many of these records were posted publicly by the shadow library search engine, Anna’s Archive. OCLC believes that this is the result of a year-long hack and, with a lawsuit filed at an Ohio federal court,...
Regarding the operating location(s) of Anna’s Archive, OCLC is alleging the following (pages 7-9):
C. Defendants Rely on Sophisticated Technology and Online Practices to Conceal their Identities.
Defendants understand that their pirate library enterprise and related activities, here, hacking and harvesting OCLC’s WorldCat® records, are illegal. Defendants admit that they are engaging in and facilitating mass copyright infringement, stating, “[w]e deliberately violate the copyright law in most countries.” In another blog post, Defendants noted that their activities could lead to arrest and “decades of prison time.” Defendants have also recognized that their hacking and distribution of OCLC’s data is improper, acknowledging that WorldCat® is a “proprietary database,” that OCLC’s “business model requires protecting their database,” and that Defendants are “giving it all away. :-).”
Because Defendants understand their actions infringe on copyright laws, amongst others, Defendants go to great lengths to remain anonymous to ensure both that Anna’s Archive’s domains are not taken down and to avoid the legal consequences of their actions, including civil lawsuits where parties like OCLC seek to vindicate their rights, as well as criminal and regulatory enforcement actions undertaken by government entities. None of Anna’s Archive’s domains or its online blog provide a business address, business contact, or other contact information that would be found on a legitimate entity’s website.
Defendants have explained in a blog post that they are “being very careful not to leave any trace [of their online activities], and having strong operational security.” For instance, Anna’s Archive utilizes a VPN with “[a]ctual court-tested no-log policies with long track records of protecting privacy.” Each of the Anna’s Archive domains are registered using foreign hosts, registrars, and registrants in order to conceal the identity of the site operators. Additionally, Defendants rely on multiple proxy servers to maintain anonymity. Defendants also use a free version of Cloudflare, a top-level hosting provider, so that they do not have to provide any payment or other identifying information. Defendants selected Cloudflare because they claim Cloudflare has resisted requests to take down websites for copyright infringement. The individuals behind Anna’s Archive also use usernames as pseudonyms to mask their identities online.
Through the work of a cyber security and digital forensic investigation firm, OCLC was able to identify one of the individuals behind Anna’s Archive by name and locate a United States address, Defendant Maria Dolores Anasztasia Matienzo. However, the physical address and contact information of Anna’s Archive and the identities and contact information of the John Does remain unknown. It is highly likely that Anna’s Archive is a non-domestic, foreign entity, based on the findings from OCLC’s investigator, as set forth below.
OCLC explained the above in their Motion To Serve Defendant Anna’s Archive By Email, as justification for why they seek “permission to serve Anna’s Archive by alternative means, here, email, pursuant to Federal Rule of Civil Procedure 4(h)(2) and (f)(3).”
I know that lots of folks here don't like Bluesky (and I understand most of the reasons why), But now that it's open, I tried to explain the reasons why I am excited about it and hope it succeeds. https://www.techdirt.com/2024/02/06/bluesky-opens-up/
@jbenjamint they're experimenting with value add business models, like if you register a domain name for your username. I expect more similar things to continue (optional fees for value added services)
But they've talked about business models in terms of providing additional add on paid services (which they already do with domain registrations for unique usernames). There is likely to be more like that as well.
And, if you don't think it's "conversational" um, I don't know what to tell you. It is.
One thing Bluesky gets right that Mastoson catastrophically fucked up: I am @ratkins.net on Bluesky. I own that domain. Nobody can take that username away from me. I can move to a different “instance” (equivalent) and my social graph is not interrupted. DNS verifies my identity.
Your identity is not tied to your instance. If your instance closes up shop, you keep all your followers, followees, DMs, etc
This is one of the major advantages Bluesky’s protocol (AT Protocol) has over ActivityPub. ActivityPub doesn’t have anything built-in to support this. On Bluesky, you can use your own domain name as your username, and freely move from one server to another while keeping the same username (once they open up federation). It’s configured through a DNS TXT record.
One beautiful underrated pattern in Swift is writing your own ExpressibleBy* types. Give richer semantic meaning to Strings and Ints, use stronger types, enable more fluid callsites, document your weird constants
Does your API take a String? Unless you’re taking long-form user input it probably doesn’t! It takes a Password, or a FilePath, or a Command, or a Username, or a Domain, etc.
In today's interconnected world, social media has become an integral part of our daily lives. From sharing updates with friends to networking with professionals, these platforms offer a myriad of opportunities. However, with great convenience comes great risk, as hackers continually evolve their tactics to compromise user...
Please can someone show off how smart and sexy they are by answering these questions. I don’t mind if you just link me to a video or guide explaining it (like I’m 5?) instead of typing it out - but please don’t just send me stuff that says something like “To forward to ports correctly, simply forward the correct ports -...
Look, this is a large puzzle you’re trying to solve all at once. I’ll try to answer at least some of it. I’d advise you take these things step by step. DM me if you need some more help, I may have time to help you figure things out.
I paid for and installed mullvad (app) but it crashes a lot (for over a minute every 20 seconds), so it looks like I need to configure something like gluetun to do it instead.
Check the error logs and see what’s wrong with it instead. How is it crashing? Did you check stdout and stderr (use docker attach or check the compose logs)?
If I want to watch them on my TV I need to connect something to my TV that talks to the raspberry pi, so I have an NVIDIA shield with Jellyfin installed on it - but in order for the NVIDIA-Jellyfin to connect to the RaspberryPi-Jellyfin it needs to go through the internet (if this is not the case, how does one point the NVIDIA-Jellyfin at the Raspberry Pi jellyfin?)
Technically not. You can use the Jellyfin web UI to stream directly from the RPi. You may need the shield if the RPi does not have enough resources for streaming, but I’d try it out first. Try to get the IP the Raspberry is listening on on your local network and put that in a web browser on a computer first. IF you get the web UI and can watch stuff, then try a web browser on your TV, or cast your computer to the TV or something. As long as you have a web browser you should be fine.
First of all, is that all correct or have I misunderstood something?
You should look a bit into how the internet, DNS and IP addresses work on the public internet and private networks. You can absolutely set it up so that traffic from your local network hitting your domain never leaves your home, while if you try the same from somewhere else, you get an encrypted connection to your home. You’re a bit all over the place with these terms so it’s hard to give you a straight answer.
How does mysubdomain.mydomain.com know it’s me and not some random or bot?
If the question is whether how the domain routes to your IP, look up how DNS works. If you are asking how to make sure you can access your domain while others can’t look up the topic of authentication (basically anything from a username/password to a VPN and network rules).
How do I tell Cloudflare to switch from web:443 to local:443 (assuming I’ve understood this correctly)
If I remember correctly, Cloudflare forwards HTTP/S traffic only, so don’t worry about the ports, that’s all it will do. About the domains, you need to have a fixed public IP address for that, and you have to give Cloudflare by setting a DNS A record for an IPv4 address and/or an AAAA record for an IPv6 address.
So something like this: A myhost.mydomain.com 123.234.312.45
Is this step “port forwarding” or “opening ports” or “exposing ports” or either or both?
Nope. Port forwarding is making sure that your router knows what machine should answer when something on the Internet comes knocking. So if the RPi port 8096 is “forwarded” to the router, then if something from the internet connects to the router’s 8096 port, it will get to your RPi instead of something else. Opening ports has to deal with firewalls. Firewalls drop all connections on all ports that are not open, for security reasons. By opening a port you are telling the firewall what entities outside your device can connect to a service like Jellyfin listening on that port. Exposing ports is Docker terminology, it is the same as port forwarding except instead of “moving” a port from your machine to your router you “move” a port from a container to your machine.
If my browser when accessing mysubdomain.mydomain.com is always going to port 80/443, does it need to be told it’s going to talk to cloudflare - if so how? - and does cloudflare need to be told it’s going to talk to NGINX on my local machine - if so how?
The DNS server you are hosting the domain from will propagate that info through the DNS network. Look up how DNS works for more info. If your domain is managed by Cloudflare, it should “just work”. Cloudflare knows it talks to your router by you setting up a DNS record in their UI that points to your router, where your RPi’s port should be forwarded, which directs traffic to your RPi, on which your NGINX should be listening and directing traffic to your services.
How do I tell NGINX to switch from local:443 to local:8096 (assuming I’ve understood this correctly)
Look up NGINX virtual servers and config file syntax. You need to configure a virtual server listening on 443 with a proxy_pass block to 8096.
Is there a difference between an SSL cert and a public and private key - are they three things, two things or one thing?
Yes, SSL certs are the “public keys” of an X509 pair, while what you know as “public and private keys” are RSA or ED25519 key pairs. The former is usually used to make sure that the server you are accessing is indeed who it claims to be and not a fake copy, it’s what drives HTTPS and the little lock icon in your browser. RSA or ED25519 keys are used for authentication as in instead of a username and password, you give a public key to a service, then you can use a private key to encrypt a message to auth yourself. One service you might know that it uses it is SSH.
Doesn’t a VPN add an extra step of fuckery to this and how do I tell the VPN to allow all this traffic switching without blocking it and without showing the world what I’m doing?
A VPN like Mullvad is used for your outgoing traffic. All traffic is encrypted, the reason you want a VPN is not so that others can’t see your messages, it’s so that your ISP and the other people forwarding your messages don’t know who you’re talking to (they’ll only know you’re talking to your VPN), and so that the people you’re talking to don’t know who you are (they are talking to your VPN). You need this so your ISP doesn’t see you going to pirate sites, and so that other pirates, and copyright trolls acting as pirates don’t know who you are when you talk to them and exchange files using torrents.
Gluetun just looks like a text document to me (compose.yml) - how do I know it’s actually protecting me?
I don’t know shit about Gluetun, sorry.
From nginxproxymanager.com : "Add port forwarding for port 80 and 443 to the server hosting this project. I assume this means to tell NGINX that traffic is coming in on port 80 and 443 and it should take that traffic and send it to 8096 (Jellyfin) and 5000 (ombi) - but how?
Again, look up virtual servers in NGINX configuration. You need a virtual server listening on 80 and 443 proxying traffic to 8096 and 5000, separating on hostnames I guess.
Also from that site: “Configure your domain name details to point to your home, either with a static ip or a service like DuckDNS or Amazon Route53” - I assume this is what Cloudflare is for instead of Duck or Amazon? I also assume it means "tell Cloudflare to take traffic on port 80 and 443 and send it to NGINX’s 80 and 443 as per the previous bullet) - but how?
I read an article about ransomware affecting the public transportation service in Kansas, and I wanted to ask how this can happen. Wikipedia says these are “are typically carried out using a Trojan, entering a system through, for example, a malicious attachment, embedded link in a phishing email, or a vulnerability in a...
There’s a new similar phishing attack thanks to Google and their .zip domain. Web browsers support a feature that lets you use addresses of the form protocol://username:password@domain.tld{.text}. That feature allows you to log in to domain.tld{.text} with the given credentials. When you combine that with Unicode forward slashes, you can craft addresses that look like https://microsoft.com/files/@windowsupdate.zip{.text}, where the part between https://{.text} and @{.text} is a username and the part after @{.text} is the actual address most likely used for malicious intends. My example uses normal slashes, so will lead to Microsoft’s website and page not found error. windowsupdate.zip{.text} is a domain someone has registered, but leads to no-where as of today. PSA: Don’t go to random web addresses you find on the Internet or elsewhere.
Considering moving to @info because the hassle to deal with the YNH mastodon package just drives me crazy but ... what about migrating my server to you infra folks ?
@info well I would like to use the same domain, username & already maybe send you all the media no ? I mean ... whatever works works. Just don't want to loose my historic data
I’m not sure if I agree with most of the premises. Security and privacy require extensive concepts and include several measures. It’s difficult to single out one detail and make absolute statements about it without taking into consideration the context and rest of the setup. Also both depend on the exact threat scenario and it’s difficult to say anything on the matter without defining the threat scenario first.
An old-fashioned adblocker has some advantages over the newer variants and DNS blocking. It can rewrite the websites and remove most trackers, ads and annoyances even if they’re on the same host. A DNS blocker / VPN can only do that if the tracker runs on a dedicated, distinct domain. And many services nowadays don’t do that. You lose those blocking abilities.
Sure an adblocker is software and thus has vulnerabilities and issues. But why make the cut here? Why not trust uBlock which is open-source, well used by millions of people and has more than one pair of eyes looking at it and a good track record… But trust the browser which is a ridiculously complex piece of software with millions and millions of lines of code and runs with even more permissions? Ontop an even more complex operating system that has access to everything and is often designed by companies that make a living by collecting user data?
And I don’t think a VPN is good per se. It also adds more complexity and a whole new company in the mix that now handles your traffic. Could be better than your ISP, could also be worse. Sure, it obscures your IP. But I’m sure most VPN providers have to abide by the law and do lawful intercept. As do internet service providers. So depending on the threat, there might not be any benefit over not using a VPN. And there are a lot of VPN offerings and different flavors. Not all of them are good. You could jeopardize your personal information by choosing the wrong one. It adds a layer of privacy under the condition that the company doesn’t keep logs, doesn’t collect user data and has their customer database and payment details decoupled from the network infrastructure.
And the privacy of VPN use depends on other measures. If you use social media, login to a google account, ckeck your mail, don’t filter trackers or use an Android or Apple phone that uses their services for push notifications, connectivity checks and all sorts of services… Your VPN IP will be known to said companies. And/or your username or other identifiers. They can correlate data, analyze your behaviour pretty much the same way as if it were an ordinary internet connection. It doesn’t help against browser fingerprinting, cookies etc. And the metadata that is for example collected by instant messengers or other “free” services also is the same and also still tied to your account.
I really don’t see much of a benefit in using a VPN considering today’s technology and the way online services and data collection works. Also their DNS filterlists are also still “badness enumeration” and the same concept as the adblocker filterlist.
And I always like to tell people security and privacy aren’t the same. Sometimes things even oppose each other. For example you could be using a secure Linux distribution and a privacy protecting browser. Now, without additional measures, you’re easily recognized everywhere because only a fraction of the internet users use a setup like that. Combine that with a VPN and a nonstandard DNS that is provided by your VPN provider (and not 8.8.8.8 like most people type in) and you’re singled out even more. (And using Google’s DNS sends your requests to Google, so that’s also not good.) There are additional techniques to migitate for things. In this example faking the browser agent. But there are other techniques to invade privacy, migitations and it’s really a complex subject, that doesn’t have a simple answer to it.
So if the statement is: uBlock doesn’t provide absolute privacy nor security, I agree. The remaining statements are too simplistic and probably don’t hold true in real-world scenarios.
Bluesky and Mastodon users are having a fight that could shape the next generation of social media (techcrunch.com)
Passkeys might really kill passwords (www.theverge.com)
Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use...
Queer.af mastodon instance has been shut down by the Taliban (mastodon.world)
Joining a QNAP to a AD Domain.
Hello all!...
deleted_by_author
Lawsuit Accuses Anna's Archive of Hacking WorldCat, Stealing 2.2 TB Data (torrentfreak.com)
American nonprofit OCLC is known globally for its leading database of bibliographic records, WorldCat. A few months ago, many of these records were posted publicly by the shadow library search engine, Anna’s Archive. OCLC believes that this is the result of a year-long hack and, with a lawsuit filed at an Ohio federal court,...
About how we could decentralize Signal
Many of us (or at least me) would probably like to see Signal getting decentralized. Here are a few thoughts I had about this recently....
How to hack a social media account (Phishing method)
In today's interconnected world, social media has become an integral part of our daily lives. From sharing updates with friends to networking with professionals, these platforms offer a myriad of opportunities. However, with great convenience comes great risk, as hackers continually evolve their tactics to compromise user...
I want to get started with *arr apps - here are all the things I don't understand about (reverse-/)proxies and networking in order to get it set up.
Please can someone show off how smart and sexy they are by answering these questions. I don’t mind if you just link me to a video or guide explaining it (like I’m 5?) instead of typing it out - but please don’t just send me stuff that says something like “To forward to ports correctly, simply forward the correct ports -...
How does ransomware get into major networks, such as schools or other large public agencies?
I read an article about ransomware affecting the public transportation service in Kansas, and I wanted to ask how this can happen. Wikipedia says these are “are typically carried out using a Trojan, entering a system through, for example, a malicious attachment, embedded link in a phishing email, or a vulnerability in a...
Badness Enumeration | PrivSec - A practical approach to Privacy and Security (privsec.dev)