This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that
| """ | |
| 31-round sha256 collision. | |
| Not my research, just a PoC script I put together with numbers plugged in from the slide at | |
| https://twitter.com/jedisct1/status/1772647350554464448 from FSE2024 | |
| SHA256 impl follows FIPS 180-4 | |
| https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf | |
| """ |
| from mastodon import Mastodon | |
| # Create an application, and fill in these parameters with that. | |
| # You should at least have the following permissions; | |
| # - read | |
| # - admin:read | |
| # - admin:read:accounts | |
| # - admin:write | |
| # - admin:write:accounts | |
| mastodon = Mastodon( |
| #/!/bin/bash | |
| # Dependency: jq & curl | |
| # env vars: | |
| # GITHUB_USER | |
| # FORGEJO_USER | |
| # FORGEJO_TOKEN (password or api token) | |
| # FORGEGO_URL | |
| curl https://api.github.com/users/$GITHUB_USER/starred\?per_page\=100\&page\=1 \ |
| // a very minimal instruction set. | |
| // it has just enough operations to implement a recursive | |
| // fibonacci function - what a coincidence :D | |
| // NOTE: in my VM, i don't use an `enum`. | |
| // this is just for simplicity. | |
| #[derive(Clone, Copy, Debug)] | |
| enum Instruction { | |
| LoadInt { dst: u8, value: i16 }, | |
| Copy { dst: u8, src: u8 }, | |
| Add { dst: u8, src1: u8, src2: u8 }, |
I've commented a few times about some issues I see with the scalability of ActivityPub - the protocol behind the Fediverse and its best-known implementation Mastodon. A couple of folks have asked for more elaboration, so ... here it is.
First, let me add some disclaimers and warnings. I haven't devoted a lot of time to looking at ActivityPub, so there might be some things I've misunderstood about it. On the other hand, I've brought bigger systems - similar node counts and orders of magnitude more activity per node - from broken to working well based on less study of the protocols involved. So if you want to correct particular misconceptions, that's great. Thank you in advance. If you want to turn this into an appeal to authority and say that I'm wrong only because I haven't developed a full ActivityPub implementation or worked on it for X years ... GTFO.
What is ActivityPub? It's an HTTP- and JSON-based protocol for exchanging information about "activities". An activity could be many things.
A lot of my friends have recently been considering leaving Twitter for other networks, and many are considering Mastodon. There are many guides floating about that can tell you about Mastodon and the Fediverse, which is really exciting! It can be overwhelming to sort through them all, though, and honestly I haven't read them since I know my way around.
So, this is the blog version of me sitting down with a friend explaining what I know about Mastodon and how I'd recommend approaching setting up an account there for the first time and getting oriented.
https://docs.google.com/document/u/1/d/1lR4NWLlCbBAxrXdRiVn82zC3iiF7fATPtVnPA2C1TwU/edit
for those of us who never learned how
or for those of us who are
| [ | |
| "FCi27mtaKod38ztmGndn-y8NNz.r.lt6SndqGztz_ztr-ngqQm9aMo9eOnMeJntuNntu", | |
| "D2ei2mgqJz9b-m.mGmPqRyLNNnwmOlt7.ywiGmt-Kndr9otqRywv8o9ePmtiNmd2Sn92Tma", | |
| "6U7vcmPuOn9uLnMaGyM7-nLNNntv9lt6RmtaGmweOyMmJnMmSmgmOo9eOnM6LnMaRmM-Tma", | |
| "lXLf8owyQztiMzwqGnMz7zcNNotb7lwf.m9qGzt6Km.qMngqLndqLo9eOotaNm96Mmt6Tma", | |
| "FCi27y9qOnd-Ny96GmPmOmcNNzwf-lwj-m9mGztz7ytaMnM78n9v-o9ePmM6Rm9-Qn9eTma", | |
| "XlEDumMz7nM7-m9iGogmRmLNNyt_8lwiKz9eGm9-Pm.v7ztiLztz_o9eOnMeQnd-Sodm", | |
| "lXLf8yt-JywmNmPeGm9n9n8NNzgn.lt_8zwqGogz7zgn7zt6SyPr-o9eOnM6Pot2Mn9qTma", | |
| "FCi27zgf8mdqMmMeGnMmMy8NNz9eQlweNy.eGmMiMm96Qmgr9nMb-o9ePmtuRmt6JotmTma", | |
| "FCi27nwmKnMeSodeGm.z.y8NNntz.lt-PywmGy9__ngqQmtiPmtb7o9ePmteJotyJoduTma", |
There was a reddit post about installing Arch on NTFS3 partition. Since Windows and Linux doesn't have directories with same names under the /(C:\), I thought it's possible, and turned out it was actually possible.
If you are not familiar to Linux, for example you've searched on Google "how to dualboot Linux and Windos" or brbrbr... you mustn't try this. This is not practical.
