yawnbox

yawnbox , 28 days ago to random

if you have ever been curious about running a web application firewall (WAF) in front of Mastodon or other fediverse instance, i've published a repo containing the #openappsec policy we're now using, which is also configured to maintain strong privacy protections. i've recently turned on prevent mode, blocking critical events

https://code.disobey.net/dd/ap-waf

there's a lot of skip exceptions needed in order to not block required ActivityPub transactions. even things like changing a password in Mastodon is seen as a critical (false) positive

given the number of skip exclusions, there's a lot of attack surface that admins won't be able to action on since so much of ActivityPub looks malicious, and a targeted attack could easily take advantage of these necessary skip policies

i'm curious if any ActivityPub devs have ever run a WAF in front of their instance, and curious if any improvements can be made to the spec to reduce transactions that look like malicious behavior

i have to trust that for the ActivityPub exclusions, Mastodon properly sanitizes inputs and so the overall risk is still low

either way, this is a big win for overall risk reduction for anyone serious about protecting their community

#MastoAdmin #ActivityPub #Mastodon #OpenAppSec

yawnbox , 2 months ago to random

#plushtodon delivery!!

ALT

yawnbox , 3 months ago to random

i had a really nice time at #eth0 - everyone was super friendly; i think more time was spent relaxing than actual events going on, which is the opposite of things like chaos events, where there's always 10 things going on at once xD

Mer__edith , 3 months ago to random

📣THREAD: It’s surprising to me that so many people were surprised to learn that Signal runs partly on AWS (something we can do because we use encryption to make sure no one but you–not AWS, not Signal, not anyone–can access your comms).

It’s also concerning. 1/

Mer__edith , 3 months ago to random

PSA: we're aware that Signal is down for some people. This appears to be related to a major AWS outage. Stand by.

yawnbox , 5 months ago to random

a #ChatControl update (shared on the ISOC "Global Encryption Coalition" mailing list):

"The good news is that the blocking minority held. Members states raised concerns about privacy and cybersecurity as reasons for their opposition. Even countries that are officially in support of the proposal asked questions along these lines for the first time – showing that they are facing increased pressure back home.

The bad news is that #Denmark is moving forward even though they did not receive full support. They are keeping their plan to take this proposal to the Justice and Home Affairs Council meeting on October 14th.

After discussing with partners, we understand this as a strategy from Denmark. They are not making progress at the working level (the meeting today) and therefore will try directly at the political level (justice and home affairs). During these coming four weeks they will try to convince some of the blocking member states to reconsider their position.

What this means for us is that we need to keep up the pressure. We should be thanking the blocking countries for their position and encouraging the undecided or supportive countries to reconsider. We should keep up pressure in the media at the same time."

yawnbox , 6 months ago to random

we ( @emeraldonion ) need 60 new tor exit relay :tor: names. please give us names

(must be alphanumeric, =<16 chars, no spaces)

:boosts_ok_gay:

aral , 6 months ago (edited 6 months ago) to random

According to capitalists:

✅ Working for a company like Google or Microsoft that is complicit in genocide.

❌ Displaying images of the genocide.

Maybe if the consequences of your work are considered “Not Safe For Work”, you shouldn’t be doing that work in the first place.*

But, no, it’s just much easier to look away, isn’t it? After all, you’re just following orders, right?

• Update: because I just know that someone will pipe in maliciously with “oh, so you mean sex workers shouldn’t be doing that work?”, I just want to preemptively say “fuck off, you pernickety prat, you know exactly what I’m talking about and it isn’t that.”

#israel #genocide #apartheid #settlerColonialism #Palestine #Gaza #WestBank #Palestine #FreePalestine #StopIsrael #stopTheGenocide https://freefree.ps/@faab64/114903988836528662

yawnbox , 6 months ago to random

holy shit

"The Business Court in Brussels, Belgium, has issued an unprecedentedly broad site-blocking order that aims to restrict access to shadow libraries including Anna's Archive, Libgen, OceanofPDF, Z-Library, and the Internet Archive's Open Library. In addition to ISP blocks, the order also directs search engines, DNS resolvers, advertisers, domain name services, CDNs and hosting companies to take action. "

#lawfedi

https://torrentfreak.com/belgium-bans-internet-archives-open-library-in-sweeping-site-blocking-order/

gerrymcgovern , 9 months ago (edited 9 months ago) to random

I came across information that the original quote in Futurism which said 99% electricity use was incorrect.
https://futurism.com/google-ceo-congress-electricity-ai-superintelligence

The transcript says “3% to 9%”.
https://www.techpolicy.press/transcript-us-lawmakers-probe-ais-role-in-energy-and-climate/

The larger point remains, though. AI and data center energy and water use is surging, and we are only at the beginning of this whole thing. For years, data centers energy use stayed below 1% and we were told not to worry. In countries like Ireland, data center energy use is now already over 20%

Gargron , 9 months ago to random

Anyone else's YouTube home page suddenly full of giant thumbnails and channels you've never heard of before? It suddenly became almost completely unusable.

malwaretech , 10 months ago to random

[Thread, post or comment was deleted by the author]

yawnbox , 10 months ago to random

" Hi all,

As you might have just seen on the livestream or witnessed in person, I disrupted the speech of Microsoft AI CEO Mustafa Suleyman during the highly-anticipated 50th anniversary celebration. Here’s why.

My name is Ibtihal, and for the past 3.5 years, I’ve been a software engineer on Microsoft’s AI Platform org. I spoke up today because after learning that my org was powering the genocide of my people in Palestine, I saw no other moral choice. This is especially true when I’ve witnessed how Microsoft has tried to quell and suppress any dissent from my coworkers who tried to raise this issue. For the past year and a half, our Arab, Palestinian, and Muslim community at Microsoft has been silenced, intimidated, harassed, and doxxed, with impunity from Microsoft. Attempts at speaking up at best fell on deaf ears, and at worst, led to the firing of two employees for simply holding a vigil. There was simply no other way to make our voices heard.

We are witnessing a genocide

For the past 1.5 years, I’ve witnessed the ongoing genocide of the Palestinian people by Israel. I’ve seen unspeakable suffering amidst Israel’s mass human rights violations - indiscriminate carpet bombings, the targeting of hospitals and schools, and the continuation of an apartheid state - all of which have been condemned globally by the UN, ICC, and ICJ, and numerous human rights organizations. The images of innocent children covered in ash and blood, the wails of mourning parents, and the destruction of entire families and communities have forever fractured me.

At the time of writing, Israel has resumed its full-scale genocide in Gaza, which has so far killed by some estimates over 300,000 Gazans in the past 1.5 year alone. Just days ago, it was revealed that Israel killed fifteen paramedics and rescue workers in Gaza, executing them “one by one,” before burying them in the sand -- yet another horrific war crime. All the while, our “responsible” AI work powers this surveillance and murder. The United Nations and the International Court of Justice have concluded that this is a genocide, with the International Criminal Court issuing arrest warrants for Israeli leaders."

🧵 1/3

Source: https://www.theverge.com/news/643670/microsoft-employee-protest-50th-annivesary-ai

9to5linux , 10 months ago to random

XZ Utils 5.8 Introduces Performance Improvements in the LZMA/LZMA2 Decoder and Many Other Goodies https://9to5linux.com/xz-utils-5-8-introduces-performance-improvements-in-the-lzma-lzma2-decoder

#Linux #OpenSource

ALT

w7voa , 1 year ago to random

“I don't think there's any plans to invade Canada,” US National Security Adviser Mike Waltz says on NBC’s MTP. https://www.nbcnews.com/meet-the-press/video/nsa-waltz-says-gutting-usaid-absolutely-not-handing-power-to-china-and-russia-full-interview-231499845771

molly0xfff , 1 year ago to random

https://slate.com/technology/2025/02/wikipedia-project-2025-heritage-foundation-doxing-editors-antisemitism.html

#Wikipedia #HeritageFoundation

ALT

EUCommission , 1 year ago to random

🎗 Did you know that 40% of cancer cases in the EU are preventable?

This #WorldCancerDay, we reaffirm our commitment to combatting this disease.

With the EU Cancer Plan, we're targeting every stage:

🛡️ Prevention of vaccine-preventable cancers & fostering a smoke-free environment
🩺 Early detection through the new EU-supported cancer screening scheme
🏥 Diagnosis and treatment
🌿 Quality of life of cancer patients and survivors

Cancer affects us all. We’re determined to tackle it together.

video/mp4

arstechnica , 1 year ago to random

Silk Road founder Ross Ulbricht pardoned by Trump 10 years into life sentence
Trump confirmed the pardon was partly to “honor” Libertarian movement.
https://arstechnica.com/tech-policy/2025/01/silk-road-founder-ross-ulbricht-pardoned-by-trump-10-years-into-life-sentence/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Wendy , 1 year ago to random

If you don't have Signal installed on your phone, please fix that.

You may not need the security for yourself, but someone you talk to will.

Everyone needs to have it. ⚧️

https://signal.org/

kevinrothrock , 1 year ago to random

👀

video/mp4

9to5linux , 1 year ago to random

#Ubuntu 24.04 LTS Is Now Available on the HiFive Premier P550 RISC-V Development Board https://9to5linux.com/ubuntu-24-04-lts-now-works-on-the-hifive-premier-p550-risc-v-development-board

#Linux #RISCV

ALT

nixCraft , 1 year ago to random

what is the dark web. wrong answers only

yawnbox , 1 year ago to random

Have you ever thought about the privacy and security implications of Starlink satellites and cell phones? You're in luck, I've written a new blog post:

"Threat modeling Starlink satellite cellular risks"

https://yawnbox.is/blog/threat-modeling-starlink-satellite-cellular-risks/

gulovsen , 1 year ago to random

Does anyone have any recommendations for coffee that tastes like Starbucks but doesn't have the anti-labor baggage that goes along with it?

I tried Death Wish and its not bad. I might stick with that if there are no better alternatives.

And if you've got opinions about whether you think Starbucks tastes good feel free to post those elsewhere because that's not what I'm asking for and I don't care. :blobcatcoffee:

Gargron , 1 year ago to random

I'd love to hear something that you like about #Mastodon 4.3. It's been a long time in the works and I think our whole team could use some dopamine 🙂

pixelfed , 1 year ago to random

We're working on some exciting new photography updates:

• Bigger Resolution (4K -> 8K)
• Resumable uploads (via webUI)
• Native AVIF, HEIC, WEBP support
• HDR support
• Preserve ICC profiles + EXIF
• New Compose UI
• Improved Location tagging
• New AI labelling + Anti-AI features

And much more!

We're eager to ship this massive update and gather feedback on how we can make our platform even better for novice to pro photographers!

Spread the word ✨

#pixelfed #photography #fediverse

dansup , 1 year ago to random

Let’s remember it’s not BlueSky vs the Fediverse

Its walled gardens against freedom

The web withers in monopoly’s shade

Together we soar on the winds of freedom

#together #freedom

arstechnica , 1 year ago to random

Here’s how Michelin plans to make its tires more renewable

The tire company wants a completely sustainable tire by 2050.

https://arstechnica.com/cars/2024/07/heres-how-michelin-plans-to-make-its-tires-more-renewable/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

yawnbox , 1 year ago to random

IT helpdesk (Lapsus$): ring ring

Employee: hello?

IT: Hello! This is Roger from IT. We've identified a problem with your Okta access and we need to replace your company Yubikey. We've already mailed you a replacement, return your old Yubikey in the box that will have a return shipping label. Please write down your company email and Yubikey PIN on a sticky note and include it in the box so we can fully remove the old Yubikey from Okta. The delivery is scheduled for today so your work wont be impacted come Monday.

employee: ok!

yes, #phishing a #Yubikey is possible

yawnbox , 1 year ago to random

i think @9to5linux needs more followers

#linux

yawnbox , 2 years ago to random

government backdoors in cryptography be like

#privacy #surveillance #encryption #e2ee #KOSA #EARNITAct #OnlineSafetyBill #ChatControl #eIDAS #SaltTyphoon #ProtectEU

ALT