Martín Ferrari ✅ is a user on hostux.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Martín Ferrari ✅ @Tincho@hostux.social

Last night was the cheese and wine party at #DebConf17 #DebConfMTL !
🧀&🍷
Great way for discovering new things to eat/drink!

Finally finished Queer Privacy (leanpub.com/queerprivacy/) by @sarahjamielewis. It's a very interesting collection of articles about queer (non-cishet) privacy challenges and stories. They were generally enlightening, and the one about trolls was really scary!

Consider buying it and supporting work like this!

#MercrediFiction
- Bonjour et bienvenue. J'ai une bonne nouvelle, et une mauvaise.
- Où suis-je ? Je vous ai déjà vu ?
- A la signature de votre assurance-vie, oui. La mauvaise nouvelle : vous êtes morte. La bonne : comme prévu, votre conscience a été transférée dans la simulation où nous sommes.
- Oh.
- Notre contrat couvre le transfert et une période de maintenance. L'explosion de l'EPR de Flamanville ayant raréfié l'électricité, vous disposez encore de 5
- Siècles ? Décennies ?
- 4, 3, 2, 1

"Prometheus in Jessie(bpo) and Stretch" by Martín Ferrari http://qttr.at/1t15

@valere Es que il y a des problèmes avec la federation? Je n'arrive pas a voir les toots ou connections des certaines comptes.

Nifty little DNS tool for all you admin/sec folks out there.

dnsspy.io/

I just went around and did some basic nmap-ing on the most popular Mastodon instances, and there's some seriously sketchy stuff in there. Publicly reachable Postgres servers, tons of open internal HTTP ports, SSH with password login, multiple Mastodon instances that seem to be running on mail server VMs, …

I guess if you're just running a single-user instance for yourself, sure, but those are all 2000+ user instances.

So the mastodon.social privacy policy is ok, but if I were the maintainer I'd avoid recording any IP addresses. One thing to consider is that when you're a meganode both state and non-state organisations will become interested in your logs and will try to obtain them either explicitly, with goons showing up and making threats, or also less explicitly with implants and exfiltration or NSLs and gagging orders. If you don't record IPs then in the worst case there's not much that third parties can get.

Another factor to consider is that the demographic of fediverse folks probably includes a higher proportion of non-normative views and lifestyles than you might find in the silos. These non-normative people are precisely the groups which the really bad guys always seek to target. So as maintainer you should be concerned with your user's interests and practice metadata minimization which can limit any potential damage.

Is there any way to see the local or federated timelines on their own? I find a bit uncomfortable to read them in 1/4 of screen width :-)

Oi @valere, est qui il-y a un code-of-conduct pour cette instance?