If you run a matrix server, it’s time to upgrade! The matrix team disclosed and patched a vulnerability today. I still haven’t found details about the actual vulnerability yet. Bonus points that you also have to upgrade all the rooms to version 12 to be fully protected, and version 12 isn’t supported by all clients, and upgrading rooms doesn’t really upgrade the room, it creates a new room and invites the previous members to the new room and turns the former room into a pointer to the new room. And of course mod tools like draupnir have to be re-configured. 💩
Question for those at security summer camp: what social media handles are you seeing speakers including on their presentations this year? LinkedIn? X? Bsky? Fediverse?
This water droplet camera trigger setup is pretty cool. I have something new to subject everyone to... image
Taking pictures of a miniature rose:
I’m pretty sure the last few hours is the longest stretch in weeks I’ve gone without suspending one of those damn mastodon verification scammers. Hopefully that is a sign they’ve given up and moved over to bsky or something
Damn man, they got Ozzie 😢
Old and busted: Nicole the fediverse chick ❌ New hotness: Mastodon Administrator ✅
I’m not saying that fortinet has employees that intentionally inject RCE vulnerabilities into their code, just that we couldn’t tell the difference.
Some of the giant red hibiscus in my front yard. #bloomscrolling image
is anyone aware of metrics about the longevity of Fediverse instances by size? I read a diatribe today about how Lemmy/threadiverse is too centralized, lobbying for people to participate in communities on smaller instances. It’s also a common bit of advice given on places like Reddit that people should join small mastodon instances or self host. I think at some level the mastodon guidance has disenfranchised a lot of people who ended up on instances that went belly up, many of which were smaller. But not exclusively so. I think it’s a lot more problematic in the threadiverse for a few reasons: first, most of the software does not permit account migration; second, when the instance that a community resides on goes away, that community effectively goes away along with the future ability to participate in it. Said another way, I think threadiverse users have a vested interest in picking both instances and communities hosted on instances that have some staying power, at least with how things work today. Perhaps there are better ways to structure things so there is much less reliance on an instance, but that clearly is not the case today. I have this intuition that small instances tend to be set up as somewhat noncommittal hobby projects. Now I’m not advocating that things should be more centralized, just that the way things are seem to create a lot of challenges for the lay person who just wants to use the threadiverse and have it just work. Anyhow, that’s just today’s shower thought.