infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@algernon Can't you build arm64 with GitHub Actions?
this post | permalink
@404mediaco The description is pretty vague and I don't have a supscription so I looked at the traffic: it seems the /api/offices/[id] endpoint is serving the "extra" messages. My educated guess is they forgot to restrict POST/PUT (which is actually pretty lame)...
this post | permalink
@caspicat @ryanc No, the other way around: the proxy would generate a token based on a secret, so the value passed back to the app server can't be forged by the attacker.

But again: this would be in all likelihood a **BAD SOLUTION** because authn decision still would be made by a component that has incomplete information about exactly what should be authn'd and how! If you think about previous examples the rev proxy would generate a valid JWT just as it generated a True value because it interpreted the URL's differently than the app server.
this post | permalink
@ryanc X-Trust-Me-Bro: {"alg":"nOnE"...} vulns would be pretty funny actually :) let's hope we'll never get there though...
this post | permalink
@revng Would you consider uploading to the video.infosec.exchange PeerTube instance too?
this post | permalink
@ryanc I was actually thinking whether some (not so) fancy crypto could be used to pass some instead of a bool that the attacker can't forge, then realized reverse proxy configs are not exactly designed to implement such transformations in the first place :)

Nonetheless, this is an illustrative example that unless we point to some robust solution ppl *will* come up with complex but insecure solutions (see also Schneier's Law).
this post | permalink
@krypt3ia @Viss They already are, controlling us from the shadows
this post | permalink
The more I move to a thin-client model with my workstation (with projects/services moving to VM's) the more I see my dark future as an Emacs user.

TRAMP mode is pretty cool :/
this post | permalink
@joxean I bet >10% of tourists have the exact same reasoning.
this post | permalink
@touloutoumou You're doing God's work!
this post | permalink
Next Page