kravietz 🦇 @kravietz@social.privacytools.io
- OpenPGP
- 6F7B6BB9A9B632555E1A03C132AF1F39C4EE03F2
- Website
- https://krvtz.net
- Matrix
- @kravietz:krvtz.net
Polish expat into UK. Information security engineer. Caver & cave rescuer (thus the bat). NHS volunteer & blood donor.
Joined May 2019
kravietz 🦇
boosted
Published a new study: 58% of Hacker News, Reddit and tech-savvy audiences block Google Analytics
https://plausible.io/blog/google-analytics-adblockers-missing-data
Robert David Steele, a former CIA officer turned conspiracy theorist who claimed to be the first person to call COVID-19 a hoax, has died from COVID-19.
kravietz 🦇
boosted
"This overview of the decentralized social ecosystem is structured by protocols, applications, and topics. The
protocols and applications sections contain summaries of existing projects."
Topics covered include:
Protocols
• #ActivityPub
• #GUN
• #Hypercore Protocol (Dat)
• #IPFS
• #Matrix
• #Peergos
• #Solid
• #XMPP
Applications
• #Aether
• #Blockchain social networks
• #Diaspora
• #Mastodon
• #SSB social networks
kravietz 🦇
boosted
And mentions a very interesting draft on filtering #ipv6 next header and option packets https://datatracker.ietf.org/doc/html/draft-ietf-opsec-ipv6-eh-filtering-08
Freshly published - RFC 9099
Operational Security Considerations for #IPv6 Networks
kravietz 🦇
boosted
kravietz 🦇
boosted
@drq
🍱 «Яндекс.Еда» удалила «Тануки» из своего сервиса
Ранее произошла атака «Мужского государства» на социальные сети и курьерскую доставку ресторана из-за рекламы с темнокожим мужчиной
Лидер «МГ» пригрозил парализовать работу «Яндекс.Еды» фейковыми заказами, если те не удалят «Тануки» из своего сервиса. Агрегатор выполнил это требование.
«Тануки» объявил войну «Мужскому Государству» и собирается добиться блокировки его социальных сетей
🍱 «Яндекс.Еда» удалила «Тануки» из своего сервиса
Ранее произошла атака «Мужского государства» на социальные сети и курьерскую доставку ресторана из-за рекламы с темнокожим мужчиной
Лидер «МГ» пригрозил парализовать работу «Яндекс.Еды» фейковыми заказами, если те не удалят «Тануки» из своего сервиса. Агрегатор выполнил это требование.
«Тануки» объявил войну «Мужскому Государству» и собирается добиться блокировки его социальных сетей
kravietz 🦇
boosted
Dumb Gab shit incoming:
It was deep in a long thread about whether EXIF data should be scrubbed from images, so it's probably worth posting as its own thing: if you have been verified (i.e., gave Gab your government ID) or you have ever given Gab any money (Pro, Donor, Investor), then when you try to delete your account on Gab, it will tell you it's been deleted, but will not actually delete anything.
An explanation if you don't know how to read the code: the "Delete my account" button passes the request to a backend job after making you confirm your password (see the code in the upper-right, the DeletesController) and tells you that your account has been deleted. That backend job checks if you are pro/verified/donor/investor (all cases, perhaps by coincidence, where Gab has your dox), and if your account is any of those things, then it just does nothing ("return true" means to return success from that method, meaning it skips the rest of it, like "purge_user!"/"purge_content!"/etc.). It was a cursory glance at the code but I didn't see anything in there about deleting images you've uploaded.
It *could* be the case that they were just trying to stop the mod team from removing paid accounts, but the effect is that if Gab has your dox, your account can't be deleted, even if you try to delete it yourself.
A fun side-effect of this is that this is the same code that their mod team uses to delete accounts, so they've got to manually scrub your shit from the DB in order to delete your account, meaning that if Gab has your dox, you can run wild on that site until someone with direct access to the DB (i.e., someone that can turn those flags off manually and then re-attempt the delete). 
Side note:
Rob Colbert doesn't know how to use git (and apparently believes that it is only used by communists to steal knowledge from the white man), so he has 7z'd the code and then put the .7z file into a git repo. 
gab_doesnt_delete_your_shit_if_they_have_your_dox.png
gab_devs_may_be_actually_retarded.png
It was deep in a long thread about whether EXIF data should be scrubbed from images, so it's probably worth posting as its own thing: if you have been verified (i.e., gave Gab your government ID) or you have ever given Gab any money (Pro, Donor, Investor), then when you try to delete your account on Gab, it will tell you it's been deleted, but will not actually delete anything.
An explanation if you don't know how to read the code: the "Delete my account" button passes the request to a backend job after making you confirm your password (see the code in the upper-right, the DeletesController) and tells you that your account has been deleted. That backend job checks if you are pro/verified/donor/investor (all cases, perhaps by coincidence, where Gab has your dox), and if your account is any of those things, then it just does nothing ("return true" means to return success from that method, meaning it skips the rest of it, like "purge_user!"/"purge_content!"/etc.). It was a cursory glance at the code but I didn't see anything in there about deleting images you've uploaded.
It *could* be the case that they were just trying to stop the mod team from removing paid accounts, but the effect is that if Gab has your dox, your account can't be deleted, even if you try to delete it yourself.
A fun side-effect of this is that this is the same code that their mod team uses to delete accounts, so they've got to manually scrub your shit from the DB in order to delete your account, meaning that if Gab has your dox, you can run wild on that site until someone with direct access to the DB (i.e., someone that can turn those flags off manually and then re-attempt the delete). Side note:
Rob Colbert doesn't know how to use git (and apparently believes that it is only used by communists to steal knowledge from the white man), so he has 7z'd the code and then put the .7z file into a git repo. gab_doesnt_delete_your_shit_if_they_have_your_dox.png
gab_devs_may_be_actually_retarded.png
kravietz 🦇
boosted
Today in the Internet of Shit, we learn you can unlock *any* Honda/Acura car simply by capturing and replaying its key’s radio packets.
https://github.com/HackingIntoYourHeart/Unoriginal-Rice-Patty
Those who say Cyrillic script is well suited for Slavic languages have a point here 🤣
kravietz 🦇
boosted
#nuclear is cheaper and less wasteful than #renewables also renewables need a back-up because they don't run 100% of the time so it need #nuclearenergy or fossil fuel https://www.scientificamerican.com/article/renewable-energys-hidden-costs/
#rinnovabili #nucleare
kravietz 🦇
boosted
Weaponizing Censorship Middleboxes for TCP Reflected Traffic Amplification Attack
> Most of these nation-states are weak amplifiers (the Great Firewall of China only offers about 1.5x amplification, for example), but some of them offer more damaging amplifications, such as Saudi Arabia (~20x amplification)
And....
> We found a small number of infinite routing loops that traversed censorship infrastructure (notably in both China and Russia) that offered *infinite* amplification. 💣💥
https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/
Many years ago, a friend of mine told me it may be possible to exploit the Great Firewall of China for reflected amplification DDoS. This attack is real! #censorship #infosec #ddos
kravietz 🦇
boosted
The body was ultimately recovered from over 1 km depth in a very complex operation that involved over 30 cavers. I will spare further details as they were rather gory.
Normally he wouldn't be even able to descend there as vertical caves require massive amounts of rope, but Veryovkina is so huge it was rigged permanently — descent to the bottom takes three days and there are four camps on the way with basic supplies.
This is how he was able to descend to camp at -600 m, spent a week there (!) and then decided to o further. At -1100 m the cave however becomes much more technical, which was where he got stuck and died.
Everything in this story screams "WTF" from caver's perspective.
Unlike climbing, you don't solo caves, and the Veryovkina cave is a Chomolungma among caves. The deepest I've done was ~400 m underground and it's hell of an exercise, requiring fitness and skills.
And this guy went alone down to -1100 m totally unprepared, with two ascenders weirdly connected with a carabiner, which guaranteed he won't be able to ascend anything. Most likely he didn't even test it on a rope.
Reluctantly sharing Daily Mail but they were the only English language media covering this. #speleo
A tragic, gory and in many parts unbelievable story — a lone tourist descended down to -1100 m in the world's deepest cave unprepared, got stuck on rope rebelay, died of hypothermia and was only found after 8 months.
- OpenPGP
- 6F7B6BB9A9B632555E1A03C132AF1F39C4EE03F2
- Website
- https://krvtz.net
- Matrix
- @kravietz:krvtz.net
Polish expat into UK. Information security engineer. Caver & cave rescuer (thus the bat). NHS volunteer & blood donor.
Joined May 2019
kravietz 🦇's choices:
