I really feel like fedi is disproportionately autistic with comparison to other social media platforms, but I haven't touched any other major ones in years, nor do I have the necessary data, so I don't really know. Poll: do you identify as autistic (not necessarily officially diagnosed, etc, not trying to exclude the experiences of those without necessary medical access or subclinical presentation)?
New sensitive breach: Lexipol had 672k email addresses breached last month by self-proclaimed "Puppygirl Hacker Polycule". Data included name, phone and MD5 or SHA-256 password hashes. 23% were already in @haveibeenpwned. Read more: them.us/story/puppygirl-hacker…
--- 🇪🇦 URGE #fediblock a freysa.ai / social.freysa.ai
Esta instancia cuenta 1500 usuarios, todos ellos generados por IA, enviando spam random al fediverso en forma de estados con #hashtags creando falsos trendings. Se han detectado 1787915 estados generados por IA con #hashtags mientras escribo esto. (ver imagenes)
Esto además, puede causar que las bases de datos de las instancias con las que federe gasten recursos y espacio en disco innecesarios almacenando esta basura.
Estas cuentas generadas por IA y con estados podrian usarse para realizar ataques de SPAM a usuarios del fediverso con @mentions --
🇬🇧 URGENT #fediblock to freysa.ai / social.freysa.ai
This instance has 1500 users, all of them AI-generated, sending random spam to the fediverse in the form of posts with #hashtags that create fake trending topics. As I write this, 1,787,915 AI-generated posts with #hashtags have been detected (see images).
As of November 2024 we have switched our ongoing production of Framework Laptop 16 to use Honeywell PTM7958 phase change thermal interface material instead o
A proposal by BlueSky to allow you to opt out of training AI.
Oh lookie here.
First, some background.
Speaking at the SXSW conference in Austin on Monday, Bluesky CEO Jay Graber said the social network has been working on a framework for user consent over how they want their data to be used for generative AI.
Now onto this.
Link below but #Bluesky will start selling your data to train AI. The fact this is a proposal and something the CEO is pushing for should tell you that this is a small step towards selling everyone's data, regardless of whatever you want to happen.
Many here are willing to actually trust CEO's for some reason.
A CEO wants to make money. Period. That is their primary function.
This proposal is opt out, not opt in. Otherwise, they wouldn't go on the record with this comment...
Speaking at SXSW, Graber explained that the company has engaged with partners to develop a framework for user consent over how they would want their data to be used — or not used — for generative AI.
The fact a CEO is considering something multiple times should tell you your wishes will be violated to make a profit. If not now, but eventually.
@ErickaSimone It doesn’t say anything to that effect though? If anything that looks like a good proposal for Mastodon/Fedi to adopt, and create a structured version of what people just stuff into their bios freeform right now, giving people more tools for consent.
@mastodonmigration you would if the terms of service you had to agree to in order to get your license said that you agree that your car can be broken into at any time, and that the terms of service can be changed at any time and your continuing to drive after the effective date constitutes your acceptance of the new terms.
hey fedi, how do i not be a horrible person? (for context, when i was younger, i was diagnosed with oppositional defiant disorder, and i'm pretty sure those behaviors are ones i still exhibit until today (probably doesn't help that i rarely ever socialize))
Hi! I'm planning on escaping my current place to move to a safer location with friends, where I'd be able to actually live my life.
For that I need around 600 euros to cover travel expenses and food for the time it'll take me to find a job and stable housing, for the first month. I'm planning on leaving first week of April, but this may change.
Goal: 612/600 euros
If you don't want that money to be lost forever, you can lend me money and I'll make sure to refund you whenever I'm able to. That'd be very appreciated. No matter what, every cent I get through this will be invested back into mutual aid again once I'm out of this mess.
Thank you so much for your help, it helps me so so much! ❤
Boosts appreciated :3 Me and my friends have made these paracord collars a bit ago and they're pretty fun to make, so if you want me to make one for you or a friend, i'd be glad to do it! I can also make similar bracelets.
You have complete control over the colors and accessories. Also, we can put an NFC tag on it to point to a website, a fedi account or contact information when someone scans your collar.
You can DM me here or on Matrix (@tasiaiso:vulpinecitrus.info) for more info.
The domain `mirage.foxb612.com` and IP address `65.108.53.178` have been blocked (defederated) from Enby.Life. These are part of a fediverse crawler system that indexes servers based on the country where they are physically located. This wouldn't normally be against our rules, but the crawler goes to great lengths to de-anonymize instances, including sending fake-signed ActivityPub probes to obtain the server's true IP address. Requests from the crawler use a web browser's User Agent to evade filters, and documentation on the website mentions that CloudFlare bypasses are also in use. Given the complexity of setting up something like this, we believe that the crawler is likely operating with bad intentions. While there could be some use for an index of instances based on community region, tracking the actual *physical location* of the server backends is highly suspicious. I'd encourage all instance admins to consider whether something like this poses a threat, and to take appropriate action. For anyone interested in going beyond a simple domain block, please see these log excerpts typical of being crawled via AP probes. Logs are taken from a non-standard Sharkey deployment and may not directly translate to other software, but I've tried to include as much detail as possible anyway. Sharkey admins can check whether you've been scanned by searching for backend log patterns like this (make sure to replace your instance hostname where appropriate): ```log Feb 17 20:10:21 campsite run-sharkey.sh[241576]: INFO * [apserv sigcheck] req-yzi /users/9fpwmts9tv (by Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0) apparently from mirage.foxb612.com: we don't know the user for keyId mirage.foxb612.com/kiite/key/e… trying to fetch via mirage.foxb612.com/kiite/key/e… ``` Alternately, anyone with Activity Logging in place can check for AP fetch errors like this: ```csv id,at,duration,host,request_uri,object_uri,accepted,result,object,context_hash a4n23pddff,2025-02-24 20:10:24.433000 +00:00,894.86,mirage.foxb612.com,mirage.foxb612.com/kiite/key/e… invalid content type of AP response - content type is not application/activity+json or application/ld+json: mirage.foxb612.com/kiite/key/e… ``` A final indicator is reverse-proxy logs showing this domain as part of an HTTP Signature header. Here's an example from our Caddy server: ```json Feb 24 20:10:25 campsite caddy[916]: 2025/02/24 20:10:25.329 ERROR http.log.access.log0 handled request { "request": { "remote_ip": "65.108.53.178", "remote_port": "53964", "client_ip": "65.108.53.178", "proto": "HTTP/1.1", "method": "GET", "host": "enby.life", "uri": "/users/9fpwmts9tv", "headers": { "Accept-Encoding": [ "gzip, deflate" ], "Accept": [ "application/activity+json" ], "Connection": [ "keep-alive" ], "Content-Type": [ "application/activity+json" ], "Date": [ "Mon, 24 Feb 2025 20:10:23 GMT" ], "Signature": [ "keyId=\"https://mirage.foxb612.com/kiite/key/enby.life/1740427823/Y93ZjgZHZlxNSuxa/main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date\",signature=\"5umGzjOXHeV8DdI4NjQqwbag6ChMKYS6\"" ], "User-Agent": [ "Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0" ] }, "tls": { "resumed": false, "version": 772, "cipher_suite": 4865, "proto": "http/1.1", "server_name": "enby.life" } }, "bytes_read": 0, "user_id": "", "duration": 0.901198418, "size": 254, "status": 500, "resp_headers": { "Date": [ "Mon, 24 Feb 2025 20:10:25 GMT" ], "Access-Control-Allow-Origin": [ "*" ], "Alt-Svc": [ "h3=\":443\"; ma=2592000" ], "Content-Type": [ "application/json; charset=utf-8" ], "Strict-Transport-Security": [ "max-age=15552000; preload" ], "Access-Control-Allow-Methods": [ "GET, OPTIONS" ], "Content-Length": [ "254" ], "Access-Control-Allow-Headers": [ "Accept" ], "Server": [ "Caddy" ], "Access-Control-Expose-Headers": [ "Vary" ], "Cache-Control": [ "private, max-age=0, must-revalidate" ] } } ``` #FediBlock #BlockRecommendation #Moderation #Crawler #Scraper
here's a machine-translated excerpt of the page. As I understand it, they use the probes to trigger an outbound fetch, which either exposes the IP directly or is proxied by CloudFlare. In the latter case, they parse the CloudFlare headers to identify the country of origin.
upon a little further research it looks like it could be a hobby project, judging by the contents of the site that it's being hosted on (translated from chinese). they even have a blog post about removing tracking parameters from URLs? it might be a good idea to reach out and let them know that all this privacy circumvention is making them look sketchy
no, it works on regular instances too. I verified by checking for Enby.Life which has never used CloudFlare. It correctly identifies the server as being located in the USA.
I'm not so concerned about country, but like, I'm worried about exact IP addresses, which SHOULD be masked by wire guard, but if they're not they could lead back to the city my mom lives in
I totally forgot to mention, this thing sends probes using a web browser user agent (Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0) and an ActivityPub content type (application/activity+json). This will never be done by a legitimate instance, and is another way to reliably detect malicious requests.
long (if it gets cut off view on my instance), confession, actually not a shitpost, i'm so sorry fedi, can y'all help me out with this pretty please
Sensitive content
hey, fedi i have some pretty horrible confessions to make...
-i haven't really played games in years now -i haven't watched much tv shows and movies lately -i haven't been listening to music as much as i'd want to -i haven't been looking at and appreciating general art as much as i've used to -i've haven't really coded anything since i was a child i think (which actually isn't all too long ago all things considered but still years ago) -...and there's so many other things my brain kinda just shutoff rn
...and i really wanna change all that! i wanna do shit again!
so, could it be possible for fedi to help me out? i genuinely don't know where to start!
even if you have a hobby or interest that may be considered weird or niche or whatever, please don't hesitate to reply! when i was younger i was pretty in to elevators and stuff like that :3
It's honestly laughable how we went from an era where the only universally agreed upon bad browser was IE, and now we're at a point where there isn't a universally agreeable good one
If you're thinking about switching away from Firefox, at least make sure you don't put your trust in a company which is worse, because that would be fucking pointless.
this is probably a dumb question, but, like, I don't understand why there isn't a good Firefox fork at this point ?
is it really that hard to fork Firefox and remove all of the monetization decisions made by mozilla over the past few years, while keeping the rest of the browser ?
like, I realize that if the open-source community is treating bad mozilla leadership like a problem we'll have to deal with, it's probably because there's a reason why it's difficult to just remove their bullshit from the browser and keep using the rest. but I'd like to understand what the reason is.
would you guys ever vote for me if i was to become prime minister or president of any country? my goal is to essentially make things better than what the current situation is (in the future)
i also actually have more concrete plans than just "make things better"
AZ is trying to introducing an ID law again. If this passes it'll effect E621 which is based in AZ. If you know anyone in Arizona you should give them a nudge to call their reps over this.
I've been discussing doing this in private posts so... I guess I'll post this now and start this weekend 1 boost to this post = 1 day I can only pee in my diapers
rules: - I can also piss my pants (because....it's fun) - I won't be wearing diapers in cases where I anticipate I might end up naked with someone else, to not kill the mood - in the case above, I'll still make all possible efforts to try and not go until I can be in diapers again. if that can't be achieved and I end up using the bathroom, that day won't count towards the remaining days
We believe the government should change legislation to make it easier for trans people of all ages to change their legal gender without an official diagnosis of gender dysphoria.
Oh boy, that could all :D 16" with 4 Ram Slots and 4 M2.SLots or a black Chassi or a Keyboard with trackpoint or a monitor unit without Webcam/Microphone or a Magsafe like chargport or a rgb Keayboard with trackpoint for 13" & 16" or full feature Thunderbold 4 Slots on each port or a eGpu enclosure or a integrated RJ45 slot or a "air jet" cooling or a integrated NFC reader or a mobile modem integration
I really hope it will look literally just the same as the original 13, would be a good joke reveal, especially if played up as some grand new thing before on the stream.
But the actual reveal is new hardware iteration (of course backwards compatible) e.g. ARM or Ryzen 9000, maybe a board with a full fledged mobile video card, touch screen.
@catsalad the funny thing is that I’m so used to people being mean to my instance specifically that it didn’t occur to me that it was That trick until 3/4ths through the comments…
there's a way to ask the receiving server to substitute a variable for its own name in a post. so everyone sees their own server as if it were typed in.
the logic on that is simply that when you create a note your instance has to send a Create(Note) activity to several other instances. during this time you can change what the content is depending on the instance you're sending it to. In this case it's simple variable substitution. if you have auth fetch enabled you can expand it a bit more to change the content depending on who's fetching it (because you need to verify the signature requiring you to know what instance is requesting it to grab their key)
Recently, Google has pushed out two new system apps to many Android devices: Android System Safety Core and Android System Key Verifier. There has been a lot of outrage and misinformation about that, which has been blindly shared without bothering to check the truth or dig deeper. There is a great blog post by @SteffoSpieler and @finn about that whole thing, which you should read: steffo.blog/outrage-warps-real…
How mass paranoia and uninformed outrage will hurt the Fediverse, and what we can learn about the drama regarding VLC's AI and Google's newest service.
"Last week tonight" is a weekly show (as the name implies) 🤭 Highly recommend! There's an official Youtube channel and an unofficial Peertube mirror tube.fede.re/videos/watch/bd39…
John Oliver discusses Facebook’s controversial new plans for content moderation and which Animorphs he would and would not kill with his car.Connect with Las...
send me your favorite artists please i wanna look at cool art especialyl gay furries
Hi! I'm planning on escaping my current place to move to a safer location with friends, where I'd be able to actually live my life.
Alexia :neocat_flag_trans: :therian:
in reply to Have I Been Pwned • • •jan Tusi (trucy) 🏳️⚧️🔞
in reply to Have I Been Pwned • • •AlexTECPlayz
in reply to Have I Been Pwned • • •Latte macchiato :blobcoffee: :ablobcat_longlong:
in reply to Have I Been Pwned • • •TeflonTrout :bc: he/him
in reply to Have I Been Pwned • • •2. Don't care that I am. Get em/us, puppygirls