Huggles boosted

What a weekend! Ended up #1 on HackerNews, a dozen sub-reddits and GitHub Trending.

So exhausted, but also so proud of everything we do at @charm!

charm.sh

Huggles boosted
Huggles boosted

I wonder why .NET is called .NET.

It's practically /begging/ for confusion with the .net TLD.

Huggles boosted
Huggles boosted

#Mastodon is getting opt-in (off by default) automatic toot deletion built in:
github.com/mastodon/mastodon/p

Not something I plan to use, but I know others use third-party services for this feature and it's cool to have it as an option.

Huggles boosted

@stux
@gabek Blockchain, as a technology is neither good nor bad, it's completely neutral. It has its applications.

But, like every technology, it's becoming a golden hammer, used for everything. And a good technology used for bad cases leads to problems.

Huggles boosted

i couldnt help it... heres Alpine + XFCE4 running in a chroot with an Android X server for the UI. I used linux deploy for the rootfs and a bunch of hacks to make it actually start

Huggles boosted

i downloaded all 10.000 of those ugly lazy lions nfts and turned them into a mosaic of a person right-clicking

Huggles boosted

So it turns out it just didn't like the Facebook sandboxing add-on I was using. Because of course.

Show thread
Huggles boosted
Huggles boosted
Huggles boosted

hardening mastodon against scraping 

fellow masto instance admins of the fediverse:

by default, mastodon is leaky as fuck and there are a bunch of ways that data can be scraped and indexed from a mastodon instance

there are a few steps you can take to harden your instance against this; since there's an ongoing harassment campaign against trans masto users, now is a good time to review this

the following is not exhaustive, but it's a good start

1. Enable 'Secure Mode' on your instance. Without secure mode turned on, any of the activitypub endpoints of your instance can be scraped without http authentication -- this includes user profiles and users' public posts. This makes it ***absolutely trivial*** for a scripter to scrape all of the profiles of your instance denizens and look for keywords.

From the mastodon docs: 'When secure mode is enabled, all GET requests require HTTP signatures as well.'

It's insane to me that this isn't enabled by default. To enable it, see the 'AUTHORIZED_FETCH' parameter here: docs.joinmastodon.org/admin/co

This makes it more complicated to scrape, since scraping traffic now has to come from an instance that uses http signatures, and not just from some random asshole's computer.

2. Toggle some config options in preferences => administration => site settings. Here you can turn off the profile directory, disallow unauthenticated access to public pages, etc. See the screenshot below this post for the settings I use. You can make up your own mind about how strict you want to be here, but I think turning off the profile directory and the public timeline is a great idea.

3. Recommend your users disable DMs from people they don't follow. This is under preferences => notifications.

Any stuff I've missed, stuff you'd like to add, feel free to reply to this post.

Thanks for reading!

Huggles boosted

Dude gets fired.

Recruiter gets him an interview... with the firm that fired him.

He goes. And interviews.

Delightful.

twitter.com/Firr/status/145632

Huggles boosted
Huggles boosted
Huggles boosted

Show me a 10ft paywall, I’ll show you a 12ft ladder

Pretty simple add any pay walled URL to
12ft.io/ and boom you are reading that shit.

This was quite an impressive phish. They copied my blog and added a login system in hopes that I would try to login so they could scrape my password.

Huggles boosted
Show older
LinuxRocks.Online

Linux geeks doing what Linux geeks do...