infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@lcamtuf I have the same experience as you, just want to note that this likely has to do with handling verbatim queries (as shown by your example). Last time I checked Google had proper support for this (although hidden), while other like DDG didn't. Different experiences may be explained how specific individual people are with their queries/how much they rely on the engine to guide them.
this post | permalink
The Linux CNA – Red Flags Since 2022

https://jericho.blog/2024/02/26/the-linux-cna-red-flags-since-2022/
this post | permalink
I just noticed the latest message on https://grsecurity.net , well played! :)

"Are Your Products Drowning in Linux Kernel CVE Noise?

We know your products can't be updated every week based off unverified CVE information. Address true risk by protecting against entire classes of vulnerabilites and exploitation techniques."
this post | permalink
@TarkabarkaHolgy IME sound making toys make you learn basic electronics 2x as fast and your dexterity also improves so you can dis/reassemble as quickly as possible without the kid noticing
this post | permalink
@singe sounds like a job for @stf
this post | permalink
@molly0xfff ICYMI: https://github.com/alevchuk/vim-clutch @narrowcode
this post | permalink
@cynicalsecurity @stevelord Thanks, I'm pretty sure I could handle this, but also that I don't want to: as I understand DNS makes signature evaluation non-deterministic and according to some test services having a failed DKIM check results in worse scores than no DKIM, so it's better not to configure it in the first place...

Re: BIMI I hope I can sit out the time it dies as it should...
this post | permalink
@ping4pong My goal is to learn, but I agree ignorance is sometimes a bliss :)
this post | permalink
@stevelord Oh yes that's also a fun trick to debug!
this post | permalink
@stevelord My problem I think is with the fundamentals. Suppose you are a tech enthusiast who wants to use this mode of auth. Now you have to:
- Learn that your keys won't fit into DNS records
- Learn that while you can split your key to multiple records, there is no guarantee the client will concat them in a particular order
- Learn that while you can fall back to shorter key sizes they may be insecure or require an algorithm that either your tool or the receivers doesn't support

While you test all this, you also have to consider caching of course.

Did I miss anything?
this post | permalink
Next Page