@chkuendig@ioc.exchange avatar

chkuendig

@chkuendig@ioc.exchange

PM by day, code by night.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

GossiTheDog, (edited ) to random
@GossiTheDog@cyberplace.social avatar

The three million toothbrush botnet story isn’t true.

Here’s the original source of the story: https://archive.is/2024.01.30-203406/https://www.luzernerzeitung.ch/wirtschaft/kriminalitaet-die-zahnbuersten-greifen-an-das-sind-die-aktuellen-cybergefahren-und-so-koennen-sie-sich-schuetzen-ld.2569480

It’s simply a made up example. It doesn’t exist. It starts talking about NoName Ddosia, too, which also isn’t toothbrushes.

chkuendig, (edited )
@chkuendig@ioc.exchange avatar

@GossiTheDog The weird thing is that in this linked interview, the Fortinet exec claims this really happened to some swiss firm and caused milions in damage during the 4h outage (which also just doesn't pass the smell test)

chkuendig, (edited )
@chkuendig@ioc.exchange avatar

@GossiTheDog it generally sounds like a overeager exec met a creduluous (biz, not tech) journalist.

chkuendig,
@chkuendig@ioc.exchange avatar

@GossiTheDog While I typically dont like the German/Swiss tradition of authorizing/proofreading quotes in articles (something nobody else does as far as I know), here it clearly paid off.

chkuendig,
@chkuendig@ioc.exchange avatar

@texttheater @GossiTheDog It did help separate deception from misunderstanding

paul, to random
@paul@tapbots.social avatar

Wait Apple is reducing fees, but only in the EU or only for EU developers?

chkuendig,
@chkuendig@ioc.exchange avatar

@paul Are you sure that developer location matters? That’d be crazy. I just assumed the EU store now takes a lower cut…

stroughtonsmith, to random
@stroughtonsmith@mastodon.social avatar

The level of salt in Apple's press release says everything you need to know about the company and the people who run it 😑

chkuendig,
@chkuendig@ioc.exchange avatar

@its_john_davis @stroughtonsmith I’d assume this doesnt depend on developer location but User/App Store location.

chkuendig,
@chkuendig@ioc.exchange avatar

@its_john_davis Presumably - but you can only release that version on the EU App Stores.

daringfireball, to random
@daringfireball@mastodon.social avatar

[Sponsor] HEY Calendar
https://daringfireball.net/feeds/sponsors/2024/01/hey_calendar

chkuendig,
@chkuendig@ioc.exchange avatar

@daringfireball love the reactions here 😂

foone, to random
@foone@digipres.club avatar

Here's a question I can't seem to find by googling:

I've got a script that runs some functions on a device while recording what happens with a webcam. I've got ffmpeg streaming off v4l2 to a MKV file.

But I want to be able to know when in the video file certain events happened: Like, I know that at real-time 3:09:26 I generated an error, but I don't know when in the video that is

chkuendig,
@chkuendig@ioc.exchange avatar

@foone inject/mux a teletext stream which is generated on the fly based on a clock

chkuendig, to random
@chkuendig@ioc.exchange avatar

I guess 2024 is the year of the web and so I decided to run a personal website again like its 1999.

https://christian.kuendig.info/

chkuendig, to random
@chkuendig@ioc.exchange avatar

https://christian.kuendig.info/posts/2023-03-silentsteel/ test

chkuendig, to webassembly
@chkuendig@ioc.exchange avatar

I managed to wrap up some things over the holidays...

https://christian.kuendig.info/posts/2024-01-scummvm-part3/

jerry, to random

Lately, not an hour goes by without someone asking me about what infosec.exchange is “doing about Threads”. There’s a lot of mis- and dis-information running around the fediverse as of late about Threads beginning to federate, along with some legitimate concerns. This post is not about my personal views, but rather my plans for Threads and some instructions.

At the moment, Threads.net is silenced (aka limited) on infosec.exchange. That means that infosec.exchange accounts won’t see threads.net posts or accounts, and threads.net accounts can’t follow infosec.exchange accounts without approval of the person being followed. This gives people the ability to search for a threads.net account and bypass the warning to follow them. From there, it is like interacting with any other fediverse account. That works fine for now as there are not many threads.net accounts exposed to the fediverse, but it doesn’t scale very well for people who want to interact with threads.net accounts in the future.

The big picture plan for threads.net on infosec.exchange is this:

  1. Silence threads.net – done
  2. Enable the authorized_fetch feature on infosec.exchange to prevent the normal flow of posts from accounts blocking threads.net to Threads’ users and systems – done (note: this in no way prevents people, including Threads, from accessing your public posts. Public posts are public and can be accessed via the web site directly, RSS, and and so on.)
  3. Encourage people who do not want to interact with threads.net or have their posts visible to Threads’ users to block the domain threads.net. – This post is kicking off that campaign. See below for instructions.
  4. Create a new instance (name will either be infosec.space or infosec.cafe, still deciding) that will fully block threads.net. This should be completed by Jan 1, 2024
  5. Encourage infosec.exchange members who are not comfortable with other infosec.exchange users interacting with threads.net to migrate to the new instance or to some other instance that fully blocks theads.net. This campaign will start once the new instance is available.
  6. Remove the threads.net silence/limit on infosec.exchange. This will happen 60 days after step 5.

Q&A

Q: I think you are a terrible person not blocking threads.

A: I am sorry it didn’t work out between us. I am but an imperfect human trying my best to navigate a complicated world. There are other instances that may be more to your liking.

Q: Will the new instance block instances that don’t block threads.net?

A: I do not currently see value in this beyond being punitive to other instances, so no, there are no current plans to do that.

Q: I’ve been told that instances will collapse once threads starts federating. Aren’t you worried about that?

A: I worry about many things. This isn’t one of them. For sound technical reasons.

Q: What if no one wants to use your new instance or what if everyone leaves infosec.exchange due to your poor decision making?

A: I save a lot of time and money.

Q: What happens when $terribleaccount on threads.net starts harassing people?

A: I will block the account, just like I do today.

Q: Aren’t you worried about the moderation of threads.net?

A: Not really. I get to deal with problematic instances and problematic people all day, every day. If it gets to be too much, I’ll reassess.

Q: How do I block threads.net on my account?

A: This is how:

These instructions are how to block threads.net via a web browser. Some mobile apps also expose this feature and some don’t, and I don’t really have the ability to create instructions for the 20+ different mobile apps.

Step 1 – search for threads.net

https://blog.infosec.exchange/wp-content/uploads/2023/12/image-5.pngStep 2 – Select a threads.net account:

https://blog.infosec.exchange/wp-content/uploads/2023/12/image-2.pngStep 3 – Click on the menu next to the account name in the profile view:

https://blog.infosec.exchange/wp-content/uploads/2023/12/image-4.pngStep 4 – block the domain

https://blog.infosec.exchange/wp-content/uploads/2023/12/image-6.pngThat’s it.

https://blog.infosec.exchange/2023/12/27/threads-and-infosec-exchange/

image/png
image/png

chkuendig,
@chkuendig@ioc.exchange avatar

@jerry reasonable and the right decision. @seb FYI (not sure you have made any statement yet and like most people have probably more important things to worry about than Threads federation 😀 )

chkuendig,
@chkuendig@ioc.exchange avatar

@seb awesome, thanks for clarifying. and thank you for running #IOCX!

mastodonmigration, (edited ) to threads
@mastodonmigration@mastodon.online avatar

IMPORTANT. Threads stated policy is to collect and exploit Fediverse user personal data without explicit consent.

Now is a very good time to review Threads Terms of Use (https://help.instagram.com/769983657850450) and Supplemental Privacy Policy (https://help.instagram.com/515230437301944).

Note just by following a Threads user or replying to a post, Meta claims they are entitled to your personal data.

And what do they say they will do with your data? Provide you with "business services (including ads)."

#threads #DataPrivacy

chkuendig,
@chkuendig@ioc.exchange avatar

@mastodonmigration I dont get the outrage in this case. Any mastodon instance collects this information to run/provide their services. How else do you think the list of followers is assembled? (or making sure theres only like per user abd post)

mosseri, to random

Two important Threads updates 🔔🔔

First, Threads is expanding to more countries across Europe, so people there can follow and join the conversations they care about. We’re starting to roll out in more countries now on the Apple App Store and Google Play Store; www.threads.net is live everywhere now.

chkuendig,
@chkuendig@ioc.exchange avatar

@mosseri future reader, please like this answer once it shows up on Threads (presumably sometimes next year)

film_girl, to random
@film_girl@mastodon.social avatar

Mastodon I’m gonna need you to help me get a good 4K rip on torrent or Usenet.

chkuendig,
@chkuendig@ioc.exchange avatar

@film_girl Looks like it's been ripped about 14hs ago, so should be easy to find by now... https://predb.me/?search=eras

kennwhite, to random

Today I learned you can use Ethernet on an iPhone. https://www.macrumors.com/2023/09/22/iphone-15-usb-c-to-ethernet/

chkuendig,
@chkuendig@ioc.exchange avatar

@kennwhite If this works with “Wi-Fi Calling” you can use this to turn your phone into a landline 😂

seb, to mastodon

apps that move the needle and bring innovations to the table:

@IceCubesApp for adding AI generated image descriptions.

@mammoth for their innovative content discovery approach.

@MonaApp for being the most flexible/customizable mastodon app out there.

@ivory for being the fastest app with the most beautiful interface.

@me for the innovative approach of utilizing ML on the phone to curate content.

chkuendig,
@chkuendig@ioc.exchange avatar

@seb @me Just tried Sona. Its exactly the feed I always wished mastodon had out of the box!

(unfortunately the rest of the app is a bit clunky - e.g. clicking on a specific link just crashed the app and theres no long-press option to open in safari)

chkuendig, (edited )
@chkuendig@ioc.exchange avatar

@me thank you for building sora! the link was the threads profile link in https://mastodon.social/@marcelsalathe/111588701190713219

chkuendig,
@chkuendig@ioc.exchange avatar

@me I suspected this was probably caused by an unfederated handle, thanks for the clarification.

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

deleted_by_author

    •
    chkuendig,
    @chkuendig@ioc.exchange avatar

    @GossiTheDog Did Meta ever give any updates on how adding federation is going? any timeline?

    GossiTheDog, to random
    @GossiTheDog@cyberplace.social avatar

    deleted_by_author

    •
    chkuendig,
    @chkuendig@ioc.exchange avatar

    @GossiTheDog one can hope…

    carnage4life, to random
    @carnage4life@mas.to avatar

    It’s a hard knock life for billionaire grifters

    chkuendig,
    @chkuendig@ioc.exchange avatar

    @carnage4life Why charge 2 and 20 and get rich from the carry when you can hustle for that sweet 10$/sub influencer money instead

    carnage4life, to random
    @carnage4life@mas.to avatar

    Universal Music is suing Anthropic because its chatbot, Claude, has been trained with lyrics of their songs. It can recite the lyrics of “I will survive” if prompted.

    I’ve begun to think there are two distinct classes of copyright lawsuits and generative AI

    1. Is it fair use to use public web content to train a chatbot given it’s just a different UI on a search engine?

    2. Is it fair use to train an AI on non-public content like books from authors like Stephen King?

    https://arstechnica.com/tech-policy/2023/10/universal-music-sues-ai-start-up-anthropic-for-scraping-song-lyrics/

    chkuendig, (edited )
    @chkuendig@ioc.exchange avatar

    @carnage4life The obvious issue here isnt even the training but that it reproduced the lyrics without license. Thats pretty black and white.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • mdbf
  • ngwrru68w68
  • modclub
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • megavids
  • GTA5RPClips
  • tacticalgear
  • normalnudes
  • tester
  • osvaldo12
  • everett
  • cubers
  • ethstaker
  • anitta
  • provamag3
  • Leos
  • cisconetworking
  • lostlight
  • All magazines
    •