I think there are a lot of long-time Mastodon users who like the fact that it isn’t gaining mainstream traction, and want to keep it that way. But then don’t call it “open”.
tell me you are priviledged without telling me you are priviledged.
Quick toot on the difference between the fediverse and mastodon, techbro and the pact.
The fediverse existed before mastodon and was full of nazi that were kicked from twitter (gnu social anyone).
Mastodon added (may I say, because the community pushed and pushed for it hard) the ability to block servers, which is what made it successful over time.
It is clear that Activity Pub is "open" from the persespective of governance (w3c), and also clear that the protocol doesn't want to codify the security aspect which would make it less "open" .
Activity Pub seen this development but didn't "make it into law".
Tech bros are going 'it is agaisnt the law' and technically they are not wrong.
The pact is saying that the popularity of mastodon, and the fediverse is based on safety tools, which should be made into "law" (it is already "de facto law") .
Tech bros have been and are pushing back real hard to make sure safety tools don't make it into de jure law.
--
TL;DR:The pact is saying we will use our capacity to moderate to stop a know bad actor, opponent to this, argue that it is going against the protocol.
Yikes: “The Register reports that malicious actors are exploiting expired #AWS S3 buckets to inject harmful code into legitimate #npm packages without needing to modify existing code.”
@thisismissem I've long seen this as an attack vector, and written S3 bucket takeover neutralization RFCs at multiple employers to prevent relinquishing S3 buckets that were used in production products. (Think empty, tag, add bucket policy to prevent deletion.)
The global S3 bucket namespace was a mistake, and it will, over time, become more difficult to create unique names as companies/orgs fail to release any previously used bucket names for the foreseeable future. #aws#s3#security
And as long as you have two-factor authentication on your Apple ID (enabled by default for most people), not even Apple can read your synced health and activity data.
Cybersecurity in der Industrie 4.0 – Das Webinar der heise Academy
Lernen Sie in einem Webinar alles Wichtige über Cybersicherheit in der Industrie 4.0 – von Grundlagen über den Faktor Mensch bis zum Ausblick auf Industrie 5.0.
The upcoming Teams and Enterprise Demo will include a special topic on how to set your match detection options. Save your seat today! https://bitwarden.com/weekly/
Drei Jahre heise Security Pro – eine Zwischenbilanz von Jürgen Schmidt
Seit 2020 bietet das Pro-Angebot von heise Security neben Hintergrundinformationen auch Networking und Austausch für Datenschutz- und Sicherheitsverantwortliche
Millions of Americans’ personal #data exposed in global hack
People's with state ID's (like driver's licenses) in Oregon and Louisiana data has been leaked/breached.
MOVEit (CVE-2023-34362) SQL injection (and privilege escalation - CVE-2023-35708) continue to be exploited. There will be more high profile victims, almost certainly.
It’s pretty terrible that #Apple introduced hardware #Security Keys support (e.g., #YubiKey) for Apple ID six months ago and #Windows users are still locked out if they enable it.
Bike Index - Bike registration that works (bikeindex.org)
The best bike registry: Simple, secure and free.