Sheogorath 🦊  

Maybe you didn't know, but I run an IRC network called MadIRC.

It seems like it got quite famous among Tor users since we allow completely anonymous access via onion addresses.

Today I had to rework the channel ranks of the main darknet channel "" after quite some abuse of power. Of course, the abusers are unhappy with this situation and declared it the end of the channel.

Feel free to prove them wrong:

Website: madirc.net
Tor direct tor web access: tor.madirc.net

1
Sheogorath 🦊 boosted
Nolan  

The web is capable of so much more than people are doing with it nowadays. A lot of the problems are business incentives (ads, trackers, third-party junk) and cargo cult (bloated toolchains, bloated deps, a main thread that doesn't scale).

We're waiting for the next Ajax/Web2.0/whatever revolution where somebody comes up with a bold new design that's better than everything that came before.

1
Sheogorath 🦊 boosted
w4tsn  

@sheogorath Facebook uses some pretty damn mind tricks to bind people to it. This is deep psychology and hard to overcome. That's why I think it's in the democratic states responsibility to boost more fediverse services for such important digital infrastructure. Obviously these services hit a nerve and provide us something we want, but how it's implemented right now is horrible and a good example for a single money-driven entity in control that emphasises money over humanity.

0
Sheogorath 🦊  

Mhm, while sharing this article with someone (it's from 2017, but still interesting):

dataethics.eu/facebooks-data-c

I started to wonder: Is there even a point where people decide to stop using Facebook(-owned) Services even when "their friends are there"? I mean, we have a lot of people on the Fediverse that deleted their account, but I wonder if some Facebook users are so dependent on it, that they decide "no matter what Facebook does, as long as they can 'hang out' with their friends it's fine".

1
Sheogorath 🦊  

Nice article about and it's pros and cons.

It's not very technical and still provides a reasonable insight into the problems and chances of DoH in the way it's currently rolled:

eff.org/deeplinks/2019/09/encr

0
Sheogorath 🦊  

If you are waiting for CentOS 8 since RHEL 8 came out in May, you might be interested in why it's still not there:

montanalinux.org/wherefore-art

TL;DR: There was RHEL7.7 which becomes CentOS 7.7 and since CentOS already has tons of active users, it's more important to ship CentOS 7.7 than CentOS 8.

0
Sheogorath 🦊  

And also a follow up on my traefik story, where an upgrade of the go version dropped the defaults for TLS connections down to SSLv3, instead of TLS1.0.

The wonderful team around traefik solved the problem and released a new version within 2 days:

github.com/containous/traefik/

That's how things should work!

0
Sheogorath 🦊  

Little follow up on my earlier statement about Desktop and the `--no-sandbox` argument they force on linux now.

I didn't just made noise on my social media but of course also (tried to) work with the upstream project. Sadly it seems like they don't care:

github.com/signalapp/Signal-De

5 work days and no one even had a look at it. Great… Maybe I should write a PR this weekend in hope it gets more attention.

1+
Sheogorath 🦊 boosted
Digitalcourage e.V.  

Peer Heinlein (CEO, @mailbox_org@twitter.com):

„PGP ist nach wie vor eine sichere und bewährte Technologie, deren Tage noch lange nicht gezählt sind …“

mailbox.org/de/post/der-keyser

#AusSicherheitsgründen #pgp #gnupg /c

1+
Sheogorath 🦊 boosted
Claudius  

School has an annual fundraiser, organized by an outside company. One parent did the math. You'll be *shocked*[1] how that turned out.

[1] not really
reddit.com/r/Parenting/comment

0
Sheogorath 🦊  

Hey developers,

it's time to support your Fedora Userbase as simple as possible.

Packit-as-a-service is here, which simply integrates with your upstream repository and allows builds on the latest version of Fedora, so all your project can be automatically picked up by latest Fedora release engineers and integrate it into the next version of the OS.

packit.dev/packit-as-a-service

(More docs should follow soon)

1
Sheogorath 🦊 boosted
Claudius  

spiegel.de/plus/sohn-eines-ns-

0
Sheogorath 🦊 boosted
Simon :linux:  

New #arch logo

0
Sheogorath 🦊 boosted
Jiří Eischmann  

Today we welcomed a new member of our family - Laura 👨‍👩‍👧‍👦

1+
Sheogorath 🦊 boosted
Dan Langille  

If you are selling your SEO services, why do you have to resort to email?

#spam

0
Sheogorath 🦊 boosted
Dmitri ⚛️  
0
Sheogorath 🦊  

Seriously, verify your systems after an update. Only continuous monitoring of security features will make sure you don't expose people to insecure systems over time.

github.com/containous/traefik/

This morning I had to notice that my traefik setup decided to downgrade its defaults to SSLv3 due to a bug in the go TLS library.

So yeah, if you run anything server-side that provides TLS and is build with go 1.12.x you might want to verify it.

1+
Sheogorath 🦊  

For those who wonder about the article:

diode.io/distributed-infrastru

The problem with DNS is: It's so fundamental that you want humans to have a word in it. (So probably no blockchain)

And you also don't want in-memorable hashes as domain names, since you already have IPs for that. (So not like .onion addresses)

I'm open for ideas, feel free to have suggestions.

1
Sheogorath 🦊  

Huh, over (or more general DNS that is based on cryptography)… It's an interesting idea especially for the root DNS servers, but there is a fundamental problem:

Key management.

The article I read used youtube.com as an example. What if an attacker obtains the private key for this domain? He can now control it or even transfer it.

Right now, you can get a court rule that undoes that. But with DoB this would mean everyone has to learn a new domain. Good luck with that…

1
Sheogorath 🦊  

If you wonder how I spend the last hour: Improving other people's container image build instructions.

github.com/Snawoot/postfix-mta

Providing postfix with MTA-STS is a nice thing. But when you do it, please do it not as root…

A container is no excuse to run software as root.

0
Show more

infosec

46

codimd

23

riot

22

fedora

15

flatpak

13
Sheogorath's Microblog

This instance is the microblog to my blog. You'll probably find more recent content here while finding more elaborated content on the blog. Impressum / Datenschutz / Privacy

Resources

Developers

What is Mastodon?

shivering-isles.com

More…