kravietz π¦ @kravietz@social.privacytools.io
- OpenPGP
- 6F7B6BB9A9B632555E1A03C132AF1F39C4EE03F2
- Website
- https://krvtz.net
- Matrix
- @kravietz:krvtz.net
Polish expat into UK. Information security engineer. Caver & cave rescuer (thus the bat). NHS volunteer & blood donor.
Joined May 2019
kravietz π¦
boosted
Dumb Gab shit incoming:
It was deep in a long thread about whether EXIF data should be scrubbed from images, so it's probably worth posting as its own thing: if you have been verified (i.e., gave Gab your government ID) or you have ever given Gab any money (Pro, Donor, Investor), then when you try to delete your account on Gab, it will tell you it's been deleted, but will not actually delete anything.
An explanation if you don't know how to read the code: the "Delete my account" button passes the request to a backend job after making you confirm your password (see the code in the upper-right, the DeletesController) and tells you that your account has been deleted. That backend job checks if you are pro/verified/donor/investor (all cases, perhaps by coincidence, where Gab has your dox), and if your account is any of those things, then it just does nothing ("return true" means to return success from that method, meaning it skips the rest of it, like "purge_user!"/"purge_content!"/etc.). It was a cursory glance at the code but I didn't see anything in there about deleting images you've uploaded.
It *could* be the case that they were just trying to stop the mod team from removing paid accounts, but the effect is that if Gab has your dox, your account can't be deleted, even if you try to delete it yourself.
A fun side-effect of this is that this is the same code that their mod team uses to delete accounts, so they've got to manually scrub your shit from the DB in order to delete your account, meaning that if Gab has your dox, you can run wild on that site until someone with direct access to the DB (i.e., someone that can turn those flags off manually and then re-attempt the delete). 
Side note:
Rob Colbert doesn't know how to use git (and apparently believes that it is only used by communists to steal knowledge from the white man), so he has 7z'd the code and then put the .7z file into a git repo. 
gab_doesnt_delete_your_shit_if_they_have_your_dox.png
gab_devs_may_be_actually_retarded.png
It was deep in a long thread about whether EXIF data should be scrubbed from images, so it's probably worth posting as its own thing: if you have been verified (i.e., gave Gab your government ID) or you have ever given Gab any money (Pro, Donor, Investor), then when you try to delete your account on Gab, it will tell you it's been deleted, but will not actually delete anything.
An explanation if you don't know how to read the code: the "Delete my account" button passes the request to a backend job after making you confirm your password (see the code in the upper-right, the DeletesController) and tells you that your account has been deleted. That backend job checks if you are pro/verified/donor/investor (all cases, perhaps by coincidence, where Gab has your dox), and if your account is any of those things, then it just does nothing ("return true" means to return success from that method, meaning it skips the rest of it, like "purge_user!"/"purge_content!"/etc.). It was a cursory glance at the code but I didn't see anything in there about deleting images you've uploaded.
It *could* be the case that they were just trying to stop the mod team from removing paid accounts, but the effect is that if Gab has your dox, your account can't be deleted, even if you try to delete it yourself.
A fun side-effect of this is that this is the same code that their mod team uses to delete accounts, so they've got to manually scrub your shit from the DB in order to delete your account, meaning that if Gab has your dox, you can run wild on that site until someone with direct access to the DB (i.e., someone that can turn those flags off manually and then re-attempt the delete). Side note:
Rob Colbert doesn't know how to use git (and apparently believes that it is only used by communists to steal knowledge from the white man), so he has 7z'd the code and then put the .7z file into a git repo. gab_doesnt_delete_your_shit_if_they_have_your_dox.png
gab_devs_may_be_actually_retarded.png
kravietz π¦
boosted
Today in the Internet of Shit, we learn you can unlock *any* Honda/Acura car simply by capturing and replaying its keyβs radio packets.
https://github.com/HackingIntoYourHeart/Unoriginal-Rice-Patty
Those who say Cyrillic script is well suited for Slavic languages have a point here π€£
I recommend the report on which I based my statements:
https://www.gov.uk/government/publications/fire-incidents-involving-solar-panels
Having a high-voltage power-generating installation on your house is simply larger risk than having a washing machine, and that's regardless of rather miserable UK building standards.
Batteries are a completely separate topic and while the Kent opposition rhetoric of "nuclear explosion" was simply idiotic, the core of their concerns were kind of confirmed by latest Tesla fire.
Radioactive release from a nuclear power plant operations is actually 100x lower than from a coal power plant. The latter releases quite a lot of radioactive elements with the vast amounts of fly ash - which of course is not considered radioactive waste because it's "traditionally" considered safe.
There were 80 PV-related fires in the UK alone in the last 5 years. In one case when PV farm caught fire the whole neighbourhood was told to stay indoors due to toxic smoke.
A Tesla battery farm in Australia caught fire last month and burned for three days.
So granted the rather low levels of maturity of the PV technology and pressure to do things cheaply, I think the residential opposition is way more justified than in case of nuclear power plants.
kravietz π¦
boosted
#nuclear is cheaper and less wasteful than #renewables also renewables need a back-up because they don't run 100% of the time so it need #nuclearenergy or fossil fuel https://www.scientificamerican.com/article/renewable-energys-hidden-costs/
#rinnovabili #nucleare
kravietz π¦
boosted
Weaponizing Censorship Middleboxes for TCP Reflected Traffic Amplification Attack
> Most of these nation-states are weak amplifiers (the Great Firewall of China only offers about 1.5x amplification, for example), but some of them offer more damaging amplifications, such as Saudi Arabia (~20x amplification)
And....
> We found a small number of infinite routing loops that traversed censorship infrastructure (notably in both China and Russia) that offered *infinite* amplification. π£π₯
https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/
Many years ago, a friend of mine told me it may be possible to exploit the Great Firewall of China for reflected amplification DDoS. This attack is real! #censorship #infosec #ddos
@celesteh I was wearing a mask in shops from March 2020 when UK government was still in denial of both pandemic and specifically masks, and I of course did hear silly comments from other shoppers. And I continue to wear it now. Don't care about other people's smirks and silly looks. I managed to avoid infection for the whole period in spite of some very close hits (kids, neighbours etc) so it clearly does work.
You don't need an IP from Google to host your SMTP (which I've been doing for ages). Residential or dynamic IP is a no-go, but any server-designated IP subnet will work assuming it has proper SPF, DKIM, DMARC set up. I agree kind of removes the use case for the Helm which, if I understood correctly, is hosted at home, but hosting your SMTP on a broadband is a bad idea anyway.
kravietz π¦
boosted
The body was ultimately recovered from over 1 km depth in a very complex operation that involved over 30 cavers. I will spare further details as they were rather gory.
Normally he wouldn't be even able to descend there as vertical caves require massive amounts of rope, but Veryovkina is so huge it was rigged permanently β descent to the bottom takes three days and there are four camps on the way with basic supplies.
This is how he was able to descend to camp at -600 m, spent a week there (!) and then decided to o further. At -1100 m the cave however becomes much more technical, which was where he got stuck and died.
Everything in this story screams "WTF" from caver's perspective.
Unlike climbing, you don't solo caves, and the Veryovkina cave is a Chomolungma among caves. The deepest I've done was ~400 m underground and it's hell of an exercise, requiring fitness and skills.
And this guy went alone down to -1100 m totally unprepared, with two ascenders weirdly connected with a carabiner, which guaranteed he won't be able to ascend anything. Most likely he didn't even test it on a rope.
Reluctantly sharing Daily Mail but they were the only English language media covering this. #speleo
A tragic, gory and in many parts unbelievable story β a lone tourist descended down to -1100 m in the world's deepest cave unprepared, got stuck on rope rebelay, died of hypothermia and was only found after 8 months.
I was so amazed when my journalist friend used it frequently when struggling with camera in mountains that I memorized it to her amusement (spelling may be wrong as I don't speak much French apart from this):
> va te faire enculer tu putain du merde
People are routinely bad at assessing risks:
> In December of 2020, he tweeted, βI have a very low risk of A) Getting COVID and B) dying of it if I do. Why would I risk getting a heart attack or paralysis by getting the vaccine?β
Phil Valentine, Anti-Vax and Anti-Mask Radio Host, Dies at 61 of COVID Complications
Right-wing, anti-masker radio host Phil Valentine had mocked the vaccine prior to his lengthy battle with the virus.
https://www.thewrap.com/phil-valentine-anti-vax-anti-mask-radio-host-dies-covid-complications/
- OpenPGP
- 6F7B6BB9A9B632555E1A03C132AF1F39C4EE03F2
- Website
- https://krvtz.net
- Matrix
- @kravietz:krvtz.net
Polish expat into UK. Information security engineer. Caver & cave rescuer (thus the bat). NHS volunteer & blood donor.
Joined May 2019
kravietz π¦'s choices:
