@craftxbox@transfur.social cover
@craftxbox@transfur.social avatar

craftxbox

@[email protected]

Developer & Sysadmin. Webmaster @ transfur.social. Postmaster of many.

This profile is from a federated server and may be incomplete. View on remote instance

@db0@hachyderm.io avatar db0 , to random

You can now claim you instance on , even if your admins are not visible via the nodeinfo/API

@db0@lemmy.dbzer0.com avatar db0 : Fediseer & DNS TXT records in Fediseer

craftxbox ,
@craftxbox@transfur.social avatar

@db0 Somewhat related note, I tried to claim an owncast instance, and was successful in doing so but lost the API key, and i cant re-claim the instance and there doesnt seem to be any way to otherwise reset the key 😅

@soatok@furry.engineer avatar soatok , to random

When I say something like, "The people who tut-tut over the phone number requirement never articulate anything resembling a coherent threat model" (when talking about Signal), I want to be very clear:

I mean an actual threat model.

Not a use-case.

Not a user story.

Not a set of wants.

Threat.
Model.

Learn what that is before replying.

craftxbox ,
@craftxbox@transfur.social avatar

@soatok having never used signal, nor knowing specifically what the criticism actually is, is the identity tied to the phone number? are there second authentication steps to negate the effectiveness of simswap? would a successful simswap give an attacker the capability to silently register a new device or perform a lost key recovery?