jerry

@jerry@infosec.exchange

Cloud CISO
Podcast: https://defensivesecurity.org
Blog: https://infosec.engineering
Twitter: https://infosec.exchange/@maliciouslink
https://Infosec.Exchange Admin
#infosec #security #cybersecurity #risk #fedi22
…and for fucks sake, be nice to each other. We are only here for a brief time. Make it enjoyable.

To help support the costs associated with running this instance, please consider donating. You can set up recurring donations here:

Patreon: https://www.patreon.com/infosecexchange

Ko-Fi: https://ko-fi.com/infosecexchange

Liberapay: https://liberapay.com/Infosec.exchange/

You can also support with a one-time donation using PayPal to "jerry@infosec.exchange".

This profile is from a federated server and may be incomplete. Browse more on the original instance.

jerry, to random

I just read another news article about why mastodon didn’t make it and is dying. It’s very sad to hear and probably explains why I have to keep adding more server capacity to handle all the people quitting mastodon.

jerry, to random

I continue to be squeezed by both sides of the threads situation. I am operating on the premise that people who think I’m a terrible person and this is a terrible instance for allowing any interaction with threads have left and/or blocked, those remaining seem to want to either have nothing to do with threads at all and are mainly concerned with their data, and those who want to seamlessly interact with threads. I have threads limited/silenced on Infosec.exchange, but that isn’t seamless, and it’s also not fully blocking. So, here’s my proposal:
I remove the limit from threads, and run a job to domain block threads for each account. Any account who chooses can undo the block (or ask me to do it) and then they can seamlessly interact with threads, and those who want nothing to do with them get their way.

Thoughts?

jerry, to random

I noticed that lots of fedi-regulars have more or less moved back to twitter. That drug is just too strong, methinks 💉 💊

jerry, to random

contempating noforn.infosec.exchange for the vehemently opposed 🤔​ Then again, I think they all left already.

jerry, to random

To those leaving due to my “heavy handed”, “ethically questionable,” and “morally bankrupt” decision to let people decide whether to interact with Threads: I am sorry it didn’t work out.

To people on instances who will soon block me/us because I did not block Threads, thanks for being there, I wish you all well.

💕

jerry, to random

Imagine in a few years being able to say to chatgpt8:
Please promote my product on the fediverse by registering 100,000 accounts over the course of 12 weeks on at least 500 different instances, weighted by instance size. These accounts should be conversational and engaging with other members and should not be detectable as bots. 10% of of these bots should express skepticism in my product, and the remaining bots should engage them in a public discourse to correct their misunderstanding. Monitor the sentiment of people discussing my product and develop an optimal strategy to maximize that sentiment. “

jerry, to random

There is a noticeable decline in the number of active users on Infosec.exchange lately. Where are the cool kids hanging out these days?

jerry, to random

Holy moly - 179 US congress people signed an Amicus brief in Trump’s appeal to the US SCOTUS in the Colorado 14th amendment eligibility case, claiming that the the President doesn’t have a duty to uphold the US constitution.

jerry, to random

I feel like I shouldn’t have to say this, but here we are.

If you get into a disagreement with someone here or for whatever reason the person you’re messaging with asks you to disengage, just stop. I’ve been around since the dawn of online arguments and I’ve never seen a person realize the error of their ways because someone was trolling and/or being an asshole to them in the replies.

If someone asks you to stop, stop. If they block you, take a cue from Elsa and Let It Go. Don’t find alternate ways to continue engaging. I’m sure it the parting shot feels good, or you think you have the perfect reply to help them see the reality of a situation, but it isn’t so.

Please, just stop and think: AITA in this situation?

jerry, (edited ) to random

I have threads silenced on Infosec.exchange, .town, and fedia.social. That means people here won’t see stuff from threads, but you have the option to follow and interact or outright block the threads instance.

There are some, though, that are hyper opposed and not finding that to be sufficient. Hypothetically speaking, if I were to create another instance that did hard block threads (activitypub, DNS, firewall, etc), would what would be the type of instance would you like to see?

jerry, to random
jerry, to random

What’s everyone up to this weekend?

jerry, to random

Apparently Meta has been contacting some instance admins about their plans for the fediverse. I am not sure whether to be happy or sad, but they didn’t contact me.

I am seeing a rift emerging in the fediverse that is a bit reminiscent of my own CISA episode back in November of 2022. At the time, the people who objected fell into two overlapping camps:

ACABs that couldn’t see past CISA’s placement in the DHS and simply object to the concept of any law enforcement affiliated person being on the fedi (NB: there are a LOT of them here and they’re all over the fediverse)

Instance admins that wanted to protect their constituents from the surveillance that comes along with DHS.

While the context is materially different, the Meta situation seems to come down on similar lines: conceptual rejection of Meta because of who Meta is; and a concern for the privacy of one’s fedi-data.

Regarding the former point, I think it is fundamental to the fediverse for people and instances to be able to pick who they want to participate with, almost for whatever reason. If there are people who really dislike bald guys, I’m one to block. The latter reason is more problematic. As with the DHS situation, Meta creating an account or an instance is really not an effective way to conduct a surveillance operation (either to send people to jail or to show them ads) - not on an infrastructure that has oodles of open APIs that make it far easier to collect data using direct connections vs creating an instance.

Said another way, the lack of a branded Meta or CISA account or instance is not an indication that such data extraction isn’t happening. We generally wouldn’t know if it were.

I’ve heard the “embrace/extend/extinguish” accusation about every 6 months in the 7+ years I’ve been here. The company that bought Pawoo was going to take over the fediverse. Medium was going to be installing paywalls and feeding ads across the fediverse. Vivaldi and Mozilla were going to bring so much trash into our timelines that we should just preemptively block them.

If I, or any instance admin, finds that Meta or any other company is surreptitiously collecting data from our instances, we will take action. I will highlight that suspending instances and accounts won’t be very effective here - we would have to implement firewall level blocks, assuming we can identify where they are coming from. And I doubt it will be coming from a branded instance. Sadly, even this is trivial to work around if they connect to a relay or set up an account on an instance that doesn’t isn’t blocked. The major concern, of course, is that your fedi data is linked to a record they maintain about you in their own databases, and then use your content to help tailor ads as you visit other parts of the internet.

If we identify that an instance is behaving badly, of course they are going to get suspended, just as happens today. But be aware that this only prevents YOU from seeing THEIR content. If Meta does set up an instance and start spamming out ads, that is exactly what will happen.

In the mean time, if you want to block Meta owned domains and instances who aren’t blocking Meta owned domains and instances who are not blocking instances who are not blocking meta owned domains, that’s ok.

For me, I am going to wait until I know more to make a decision.

jerry, to random

Y’all…

I had to go to FB to find out about fireworks tonight due to a passing rain storm. I haven’t been on FB in a long, long time.

There are people posting elementary school math problems and adults are arguing about the answers.

What is happening to this world? Did people forget how to do basic arithmetic?

jerry, to random

Ok - https://matrix.infosec.exchange is alive! It requires an account on the mastodon instance at infosec.exchange. If there's a demand, I'll open general registrations

jerry, to random

Does Elk only work as a docker container now?

jerry, to random

I would like to take a moment to orient people to a brand new and highly innovative feature that was recently introduced in mastodon and many other fedi-apps. This feature enables you to not have to see posts from or interact with people whose posts you don’t like, don’t agree with, or are otherwise offended by.

I like to call it the “block button”.

Does someone on the fedi support the “other side” in the Israel/Hamas conflict? Instead of asking your moderators to figure out which side is objectively right in a no win situation, BLOCK! It’s amazing!

Did someone just say that they are frustrated that they got Covid after having gotten all the vaccines? That’s not disinformation, it’s an opinion and you can block them!

Does someone seem a little too happy that one of Biden’s staff got in trouble or that a democrat is getting charged? BLOCK! It’s amazing!

Did someone use the word Nazi in a way that offends you? Yep, you guessed it! BLOCK!

I have no idea what the median age of people on the fediverse are, but it’s disappointing that moderators are effectively having to act as camp counselors for 13 year olds who are having a disagreement. Yes, the substance of these disagreements tend to be much more consequential, but the pettiness is about the same or perhaps worse.

If someone is harassing you or otherwise violating your instances rules, please do report them, but try to apply some perspective.

jerry, to random

Ok. I am tired of Infosec.exchange being sluggish. I just submitted a crazy order with Hetzner to upgrade the instance. Hopefully the last time for a while. I ordered a dell AMD Genoa 48 core server with 256 GB of ram to act as a database and redis server, a dell 64 core sapphire rapids server with 256gb of ram to act as the single front end/puma/streaming server, and an amd 7950 with 128gb of ram to run minio (insourcing from Backblaze).

I ordered all with 10g network interfaces to be connected to the same switch.

I continue to see issues with Backblaze performance causing issues with posting.

This will consolidate the environment down from about 13 servers to 4 (I will keep using less expensive servers on 1G networks for Sidekiq if it can’t run on the sapphire rapids server.

I will be putting that behind Fastly for global distribution and ddos mitigation. I don’t know whether I’ll keep serving media via bunny.net or try to do that with Fastly also. Bunny works pretty well and is cost effective for media delivery.

Anyhow, changes are coming. Thanks for patience.

jerry, to random

What is your favorite ssh client for Windows?

jerry, to random

PSA: for about $50, you can buy a Wi-Fi water sensor (also senses temp and humidity) from Moen. I put them under my sinks and near my water heater, washing machine, and furnace/AC.

I did the same at my beach place and just got an alert of a leak, but I’m 400 miles away. So I called a maintenance person and sure enough, my AC unit is dumping water on the floor. On the 8th floor.

That little $50 puck just saved me and the people below me thousands.

jerry, (edited ) to random

It's probably obvious to most of you, but a big difference between the commercial social media platforms and the fediverse is that as those commercial platform grow, they get additional revenue from ads, from selling personal information, and otherwise monetizing their users. While that is turning out to not actually pay the bills for them, in the fediverse, just about every instance is run by volunteers and funded by donations or out of the volunteers' pockets. It's a labor of love and a hope for a better future. When traffic grows, we need to expand our capacity.

That is why I am asking, if you are able, please consider donating to the instance you on to help keep the fediverse ecosystem going. Typically the /about web page will have details on how to donate.

Note: I am well aware that many of you are not in a financial position to donate - and that is OK. We are here to serve you as well. Donations are completely optional.

jerry, to random

I am more than a little surprised to see that Infosec.exchange is the 7th largest mastodon instance, from the perspective of active accounts: https://fedidb.org/software/mastodon

jerry, to random

October marks one year since the mass exodus from Twitter made my life exciting. For those that joined and stayed, I’m glad you’re here :blobheartcat:​

jerry, to random

Question for people in the USA: why would someone want to use a regular bank rather than a credit union for personal banking? Am I missing something?

jerry, (edited ) to random

Which domain name do you like best for a new mastodon instance? I am contemplating a new instance that blocks Threads outright for people who are so inclined.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • thenastyranch
  • magazineikmin
  • everett
  • ethstaker
  • khanakhh
  • InstantRegret
  • Youngstown
  • ngwrru68w68
  • slotface
  • rosin
  • tacticalgear
  • kavyap
  • mdbf
  • megavids
  • DreamBathrooms
  • Durango
  • cubers
  • modclub
  • tester
  • cisconetworking
  • GTA5RPClips
  • Leos
  • osvaldo12
  • normalnudes
  • provamag3
  • anitta
  • lostlight
  • All magazines
    •