@blake@infosec.town

blake

@blake@infosec.town

A software developer with a passion for the powers, rights, and freedoms of users. Developer of dahliaOS, LucidLog, Bodacious, and more. Sometimes tries to design and write. Cool tech enthusiast.

Likely to post about #FOSS, #FreeSoftware, and #OpenSource (specifically, my various projects), radio stuff, and some other technology-related stuff. For my climate activism and solarpunk adjacent stuff, see my alt account linked below.

  • I hereby opt in my public posts to be searchable on tootfinder
  • My profile picture is not up to date, even though I just took some for this purpose
  • Recovering from being a lot of bad things, still have more to go. Keep me in check please

This profile is from a federated server and may be incomplete. Browse more on the original instance.

blake, to random

Recently I've noticed a lot of moderative issues that have (potential) solutions and mitigations.
The spam issue, as @devnull pointed out, could be reduced with some kind of reputation system (although doing that in a federated environment could prove difficult).
I've said numerous times we could really use some kind of approval-based federation (I propose both "newly discovered instances must be approved" and "newly discovered users from specific instances must be approved"). This is something between block-by-default and allow-by-default. Maybe you could let lookups from a logged-in local user bypass these, too.
It was either @hrefna or someone else, I forget, who said treating the "replies" collection as the definitive collection of replies would enable moderating or restricting replies to a post.
I think the available time and attention is probably being well spent but these things probably deserve more time and attention than something like quote posts.

stefan, to design
@stefan@stefanbohacek.online avatar

So I finally got the latest update of the official Mastodon app with the new username design. (See comparison with the screenshot from the Android app store.)

What do you all think?

I kind of like it, but I do miss the "@"s.

#UXUI #design #mastodon #SocialMedia #android

blake,

@stefan They changed it to look like Threads. I can't say I like that decision. Plus, how to mention them becomes less obvious...

joel, to random
@joel@fosstodon.org avatar

You joined a social network literally DESIGNED to federate with tons of other internet services and servers.

Why should its main feature be opt-in?

We want everything to be federated. Except when we don't...

blake,

@joel @meow I feel like the big difference is how impossible it is to sanely moderate it, just because of its sheer size. Not to mention their absurd ToS that claims ownership of everything that touches the protocol.

blake, to random

I feel so bad for this guy who's spent months and months working on this cool new thing he's so proud of and agonizing over how to make the least amount of people mad as possible and his entire audience save a few cis white men hate him and block him and his cool toy for it.

blake,

I wonder how many developers will go over to Bluesky because of how badly any effort to improve this space is treated (see: quote posts, search, and probably several other things I can't quite think of).

Also I wonder how long it takes until he receives death threats for it. Knowing how Fedi has been in recent history, I'm almost surprised it hasn't happened yet.

snarfed.org, to random

Fediverse! I’ve been building a bridge to Bluesky, and they’re turning on federation soon, which means my bridge will be available soon too. You’ll be able to follow people on Bluesky from here in the fediverse, and vice versa.

Bluesky is a broad network with lots of worthwhile people and conversations! I hope you’ll give it a chance. Only fully public content is bridged, not followers-only or otherwise private posts or profiles. Still, if you want to opt out, I understand. Feel free to DM me at @snarfed (different account than this one), email me, file a GitHub issue, or put #nobridge in your profile bio.

A number of us have thought about this for a while now, we’re committed to making it work well for everyone, and we’re very open to feedback. Thanks for listening. Feel free to share broadly.

blake,

@CStamp @snarfed @activitypubblueskybridge @fedidevs @fediversenews This will allow two way interaction.

blake,

@bou @snarfed @activitypubblueskybridge @fedidevs @fediversenews Yep.

blake,

@snarfed.org@snarfed.org @snarfed @activitypubblueskybridge @fedidevs @fediversenews I'm a big fan of bridges and this is the big one I've been eagerly waiting for. I'll probably add it to my wizard soon after it's available. Once the moderation issues get sorted out, I firmly believe that in the end, this will be a net positive for both networks, since Bluesky users will be able to follow and engage with the vibrant and growing communities and services here, and we'll be able to follow and engage with shitposters from Bluesky.

The moderation issues should be sorted out promptly, and I'm a little disappointed that you're going to open it up with little consideration about mod tooling, especially considering the lists and lists of known problematic users on Bluesky, from mere crypto-shills and scammers to bigots, transphobes, racists, fascists, and genocide supporters. I don't have any way to find or use Bluesky's mod lists from here so there needs to be some other way.

Plus, I'm sure Bluesky users want a way to mass-mute and mass-block bridged users, maybe even from particular instances, especially considering our ongoing tone police and reply guy problems, which have driven numerous people from here to there. I feel like this part is imminently solvable with automatically-populated moderation list(s), though.

blake, to random

Not all things need to be federated. Wikis probably shouldn't be openly federated (although closed federation a la IRC and pushing to mirrors isn't a terrible idea). Forums can get away with not being federated. Both should probably support something like IndieAuth to make it far simpler to participate, though.

blake,

I don't completely understand though. It appears to be a vastly simplified version of OpenID (which is great!), but unfortunately it also seems to be quite limited. I don't know if IndieAuth supports this (yet?), but with the Fediverse being as big as it is, it might not be a terrible idea to support double-@-style Fedi-handles in the login box (and then get Mastodon-and-friends to support it!).

blake,

@lewiscowles1986 I'm talking about IndieAuth the standard. I don't see any mention of rel=me in that standard.

blake, to random

Well now we know what Fediverse server software has a 9.8/10 severity vulnerability... and now we're just waiting for them to haggle over putting out the fix!

devnull, to fediverse
@devnull@crag.social avatar

As expected, when an instance attempts to respond to a Note with a larger audience than the note replied to, Mastodon will silently drop it from processing.

I don't actually know if this is codified anywhere in or spec, but looking into it now. 💪

Edit: Might be it actually is processed, but doesn't link up to the more-restrictive parent. Also good I think. Not quite sure how I'd handle this in ...

blake,

@devnull Pro tip: for testing against Mastodon (or really AP in general), you could try to run the activitypub.academy software, which shows the activities it receives (and maybe sends?) in a log. I would have recommended activitypub.academy itself but it seems to be down.

blake, to rust

Maybe something I can try for the purpose of learning is setting up a real-time communication channel in (i.e. a socket that the web UI could use to show real-time information, typing indicators, etc). Maybe it's too easy or too hard... I also have an audio processing project I intend on doing in Rust but I haven't managed to get myself to do that yet.

Also, I still want to have NodeBB. It might become affordable for a lot more communities that way! There's a request lodged for it in their feedback thing but there's currently no indication they plan on adding it.

mttaggart, to random

I feel like, if you're a site admin, and your site is brought down by toothbrushes, you gotta switch careers. Time to buy that farm you've been fantasizing about.

www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages

blake,

@LinuxAndYarn @mttaggart Java should never be used and I will die on this hill

blake, to random

The finishing blow to firefish.social has been made: it now simply gives up and returns 503. Sure there's more decay past this point, like at some point it won't hit anything and at some point the DNS will stop resolving and at some point the IP will stop resolving but there's no Firefish left on firefish.social.

🫡

blake,

Not to mention the recent (this morning?) announcement that Kainoa gave up the software and it's now in the hands of someone else who looked like they're not very engaged (even though they're familiar with the code and contribution proceses etc).

It had a nice run. I've been very Team Firefish since I discovered it last year (while it was still Calckey), through various dramas that it found itself in, and pretty much up until a week or two after the ScyllaDB migration when Kainoa first disappeared and the site went from slow to unstable.

I guess Iceshrimp is de-facto taking its place. Maybe one of these days I'll see how Sharkey is coming along; it's not Americanized (yet?) like Firefish/Iceshrimp is, since it's forked straight from Misskey.

box464, to random
@box464@mastodon.social avatar

The founding developer of Firefish has officially stepped down from the project. Keys are being transferred to one of the dev leads.

It appears Firefish IS still breathing, albeit flopping around at the edge of the pond right now.

Many instances migrated to other Forkeys - Sharkey or IceShrimp. A newcomer, Catodon, is also emerging.

Glad to see Firefish given a chance to survive, and wish them the best!

https://git.joinfirefish.org/firefish/firefish/-/issues/10847

blake,

@lewiscowles1986 @box464 Initial commit was Misskey. Firefish/Calckey comes into the picture later (not sure when).

danhulton, to random
@danhulton@hachyderm.io avatar

I wanna surface this to my main timeline because it's kinda important to say out loud from time to time:

Businesses do NOT "have to" focus exclusively on their return to shareholders. Not legally, not morally.

That is the misguided OPINION of a 1970 essay by Milton Friedman, and the fact that everyone seemed to just hop on board that opinion is a significant reason why we switched gears into hyper-hell-capitaliam since then.

Push back on this every time you see it.

blake,

@danhulton Interesting. I was told it had to do with a Supreme Court decision, but I can't find it now.

blake, to forum

A that takes on would have to:

  • Have some kind of real-time interface. The chat-like style Spectrum.chat used was great for this (apart from Spectrum (source linked) being slow as hell).
  • Provide plenty of single sign-on. IndieAuth on by default could be a big help.
  • Have a cheap/free (at least sponsor open-source projects to be free), dead-simple way to host your own

Other nice-to-haves:

  • Fediverse support of some kind.
  • Integration with Discord (hell, using Discord's forums, and bi-directional! It's possible with Discord's API, last I checked).
blake,

I'd like NodeBB to do this but since it's built on plain NodeJS it's pretty much impossible right now to cheaply shared-host it the way PHP CGI can. Everything else should be not just possible but almost easy to do¹.

It would also be really rad if the front page of some of these forums showed the general chat of a Matrix or Rocket.chat room as it scrolled by. That might give it a sense of life that forums on their own just don't have.

¹ okay I guess apart from ActivityPub. Which is why I said "Fediverse," maybe it would use FeatherPub or LitePub instead.

blake,

@devnull @thisismissem I know there are a couple services like Heroku and Pikapods that are pretty cheap (or even free) and might be able to handle it pretty well. I think it's just a matter of streamlining that setup, and although this is probably way out of your power, hosting platforms sponsoring non-profit/open-source projects for free hosting since they often have trouble affording it.

blake, to random

Friendly reminder that the US is actually on the metric system, it's just that there's just a handful of official cases that haven't converted (highway signs and meteorology), and a shitton of old people who can't be arsed to learn shit.

The highway signs would cost a shit ton of money and time to replace, and then you have to do education too. I assume there's a similar excuse for the National Weather Service to still be using Fahrenheit and (nautical) miles in its official material, but I haven't heard it.

blake, to random

Something New on The Mystery Signal on 155.52 MHz: it came on, kept repeating two patterns (we'll call them "data", the random-looking one, and "pause", the one that comes out like a bunch of straight or wavy lines on the waterfall), occasionally cut off and started the preamble tones again and kept going, until it broke the pattern, sent something with longer data and shorter pauses, and then cut off.

Usually, the "pause" is quite short, but during this transmission, it was almost the same length as the "data" portions.

Also, in SSB or DSB modes, the outro tone sounds like a DTMF tone. The intro tones don't, I think, although the first of the three intro tones is the same as the outro tone.

I should have recorded that long burst to see if the restarts were a specific time apart or something.

blake,

I'm thinking, based on the waterfall, it's probably some variation of FLEX. It makes sense to be a pager, especially if it can contain more than just "hey I need you," i.e. "hey I need you and you and you and also here's why".

I just discovered multimon-ng so I tried its FLEX and FLEX_NEXT mode to see if that can decode it, and neither seem to have come up with anything.

I believe the preamble tones are 660 Hz for less than 0.3 seconds, 750 Hz for the same amount of time, and 600 Hz for approximately 0.5 seconds, and then the "data" starts. The exit tone is 660 Hz for about 0.3 seconds. I measured this with the AM audio because it's clearest there but it sounds the same in NFM mode, although the 660 Hz tone is less audible.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • slotface
  • cubers
  • tacticalgear
  • everett
  • Durango
  • rosin
  • InstantRegret
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • Youngstown
  • mdbf
  • ngwrru68w68
  • JUstTest
  • kavyap
  • tester
  • GTA5RPClips
  • modclub
  • cisconetworking
  • osvaldo12
  • khanakhh
  • ethstaker
  • anitta
  • provamag3
  • Leos
  • normalnudes
  • lostlight
  • All magazines
    •