infosex.exchange <3
You are probably looking for the infosec.exchange Mastodon instance
This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.
Discoverability and Archiving
Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.
Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.
Gluttony Section for Search Engines
@cR0w Also, I don't think it's OpenAI's code...
@cR0w This is even a plain SSRF, but a local file read (where PHP is also kind enough to resolve remote URL's)!
@infosecdj no idea, but I'm sure it's documented by cf somewhere...
Just spent ~an hour figuring out why a code path wasn't hit.
Turns out it was, only my log messages were configured to a level too low to appear...
#fail
I'm kinda getting used to Space Emacs but eshell quickly became my arch nemesis
@cy @cR0w If you read carefully you'll see that I applied Hanlon's Razor to the blog post, not the operational practices. On that part my argument is that they'd need to go far out of their way to do evil, which doesn't mean they don't do it, but I'm pretty sure they won't do it for a security-awareness blog post.
@cR0w @mark Yes, a MitM-as-a-Service provider *may* see and misuse your passwords.
Does this particular stat make any difference to that equation? No.
Next Page