eo boosted

Wired, 1993: Rebels with a Cause - Your Privacy. "On the cover were Eric Hughes, Tim May, John Gilmore, holding up an American flag, faces hidden behind white mask, their PGP fingerprints written on the foreheads. Gilmore even sporting an newly-founded EFF T-shirt. (from Thomas Rid, CS Monitor)"

Wired, 2019: YOU'RE IN PRIVATE MODE. To continue using a private window, sign in or subscribe. The title of the article being denied reads "It's Time to Switch to a Privacy Browser. Ad trackers are out of control".

eo boosted
eo boosted


Well, yes, but no. Yes, the same infrastructure would cost tons of money, but a comparable one, which would be fine as well and not require Cloudflare as 3rd party in order to run all traffic through it, could be done for an reasonable amount of money.

It's just kind of worrying how more and more traffic is going through cloudflare.

@sexybiggetje @amolith @cloudflarelink

eo boosted
eo boosted

My gf's learning html. Nobody told her that vim's a strange tool for genius programmers, so I just told her it was a normal tool, showed her insert and escape, then let her get on with it.

Half an hour later, I showed her another vim command.

Someone with almost zero education, who can't type properly, is programming in vim because nobody told her it was difficult. I know people who can program in Haskell who aren't sure if they can do vim.

eo boosted
eo boosted

Is there something like a 'ActivityPub account proxy' ?

Usecase: I have several AP profiles (say mastodon, pixelfed, writefreely) to which the proxy would subscribe and repost under a generic `@mrb@example.org` profile.

Users can then subscribe to my proxy to get all my ramblings or choose one of the specific profiles and I gain some flexibility in changing profiles without users being affected.


eo boosted
ttrss is such a godlike tool for skimming news headlines and clicking on the ones that interest you
eo boosted
eo boosted

And there's millions of web browsers "infected" with bitcoin-mining javascripts, delivered via unsuspecting web sites using advertisments. That's bad only because it uses CPU, memory, and battery. But what's stopping the makers of such botnets from reusing their infrastucture for decoding or brute-forcing password hashes?

Show thread
eo boosted

Remember when NASA conducted the SETI project? Millions of volunteers allowed NASA to install a tiny client on their personal computing device, that would churn away bits and pieces of a space signal, to figure out what it meant.

Now we have billions and billions of internet-connected devices, over which we have no control. Who's to say those aren't abused into a botnet that happily and quietly breaks encryption algorithms?

eo boosted

My boss asked me for some work account's password once. "I don't know," I said, "I don't know any of my passwords. I use a password manager and passwords that exceed 32 characters if possible."

My boss thought that was silly. Today, breaking a SHA-256-encoded hash for a 12-character password takes less than an hour.

Services that limit password length give away hints about their shoddy password hashing practices. Do not trust them.

eo boosted

Due to feedback of our readers, we just published part 0 of our web server security series:


This part covers important considerations before actually setting up your new server.

We also updated some other parts of this series to address the release of Debian 10 and current security recommendations. The series consists of 8 parts at the moment: infosec-handbook.eu/as-wss/

#webserversecurity #infosec #security #serversecurity

eo boosted

Setup my own DoH provider for my Firefox :)

If you want to use it: go to about:config, search for network.trr.resolvers and overwrite the value with:

[{ "name": "Cloudflare", "url": "mozilla.cloudflare-dns.com/dns" },{"name": "Shivering-Isles", "url": "dns.shivering-isles.com/dns-qu]

If you wonder how the stack looks like:


On the production code:

#DoH #Firefox #DNS #DNSoverHTTPS

@nwps@sektori.org If someone's reading this later, mine are available here:



Ever had the need to embed Youtube videos, tweets, etc.?

Check out Embetty, a privacy-conscious alternative to spying embeds.


eo boosted
Due to the recent discussions about Tusky merging their Gab ban, I'm reposting my series "Imagine if _all_ applications were developed the same way as Fedi apps" with slightly improved screenshots and a new one.

Also, I'd like to clarify my stance on this matter since people thought I'd support Gab or that I'd make inaccurate comparisons.

My motivation for posting these screenshots is that I think blocks like this don't belong in software that is completely detached from the stuff it displays.
Kinds of software that belong in this category are web browsers, email clients, music players, text editors, and also Fedi apps such as Tusky or Fedilab. They are merely tools that allow people to use certain contents or services, but they don't host them and therefore aren't responsible for them.
To me, this isn't a matter of free speech or some free software principles. As a user, I simply don't want developers to force their personal/political opinions onto me in that way. And here is why:

Imagine if more software implemented various kinds of blocks against things the developer doesn't want to support. I'm sure many of you now may think "Cool, so they block things for bad people. How is this a problem?"

The problem is that your view of what "bad people" are or how they should be handled by the software doesn't necessarily have to agree with the developers' views.

A good example for this is the file browser screenshot: Among other files, the message lists a Torrent for an Arch Linux image as blocked. Most likely, the imaginary developer thinks that Torrents are used too often to distribute illegal things, so making them harder to use is more beneficial than not doing it. Would you agree with this?

In the long run, this problem may become worse. What if the political climate in our society shifted and over time, some of the opinions you or people you like/follow/... hold were considered harmful by many software developers? What if you were confronted with messages like the ones in the screenshots all the time because of that?

Many people don't expect that measures taken against "bad people" could ever affect them negatively. After all, they are good people.
This is actually very similar to discussions about privacy invasions, where there are people who "have nothing to hide" and therefore don't care about such problems.

That's the situation I was trying to convey with these screenshots in the same way Black Mirror shows how current technological trends could lead to negative impacts on our society.
Bildschirmfoto vom 2019-06-19 1…
Bildschirmfoto vom 2019-06-01 2…
Bildschirmfoto vom 2019-06-02 1…
Bildschirmfoto vom 2019-06-02 1…
Bildschirmfoto vom 2019-06-17 2…
Bildschirmfoto vom 2019-06-19 1…
eo boosted

Is there any Telegra.ph-like anonymous publishing platform that could be self-hosted?

No logins or bad design please.

Show more

This is an instance of Mastodon hosted on NixNet.xyz, a librehosting provider. There isn't really a specific topic; just enjoy your time here and have fun! 😉