3·
10 hours agoServer admins can set up moderation filters to deal with stuff like that, and should be coordinating with each other on detected spam patterns, etc.
Natanael
Cryptography nerd
Fediverse accounts;
Natanael@slrpnk.net (main)
Natanael@infosec.pub
Natanael@lemmy.zip
Lemmy moderation account: @TrustedThirdParty@infosec.pub - !crypto@infosec.pub
@Natanael_L@mastodon.social
Bluesky: natanael.bsky.social
- 0 Posts
- 22 Comments
Joined 2 months ago
Cake day: January 18th, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Infrastructure costs
Lemmy has language tags. Clients could offer integration with translation tools.
Lemmy is built around forums, which is very distinct from microblogging when it comes to moderation and management.
You don’t get the same kind of context collapse as on Twitter. You don’t get the same kind of dependency on server wide shared culture like on many niche Mastodon servers. Although context collapse still happens to some degree on reddit and may happen here when threads gets popular, it’s possible for forums to be moderated to minimize it and enforce quality. You don’t get nearly as many people trying to enforce their rules in others’ spaces, because forum makes it clear that it’s not “your feed” (like how some try to control what they see not with filters but instead by harassing people who post stuff they don’t like), here it’s somebody’s forum and somebody else is the moderator. You can stop seeing specific content by blocking those forums instead of blocking the users. Forums which you don’t interact with doesn’t affect you!
Because of how the federation works here, volume alone is never the main problem. Forums can be hosted on small instances just fine. Users on small instances can use big forums just fine. If a particular forum is poorly moderated it can be blocked regardless of where it’s hosted. Admins for small servers can filter content from problematic servers, regardless how big they are, and can do it on a per-forum basis too in order to avoid collateral.
Spurious defederation between servers where one has a lot of users is where the problems gets complicated.
4·21 hours agoIt’s losing cost advantages as time goes. Long term storage is still on tape (and that’s actively developed too!), and flash is getting cheaper, and spinning disks have inherent bandwidth and latency limits. It’s probably not going away entirely, but it’s main usecases are being squeezed on both ends
It’s also what Google Maps live view is using. Street view imagery plus rough location plus on-phone camera sensor calibration data allows it to compute highly accurate positions relative to surroundings.
1·8 days agoPasskeys can be synchronized, but aren’t intended to be exported raw as they’re meant to be used with a TPM / secure element chip or equivalent secure hardware to protect the key in use. Bitwarden can synchronize them.
Also, they intentionally create distinct keys per site, so you can’t link multiple accounts using the same passkey / hardware security key.
That’s literally no different from a regular password manager or having a 2FA TOTP code app set up for it
It literally just takes a slightly different domain name. Lots of infosec pros have been phished when not paying attention
Passkeys use unique keys per site for that reason
TOTP codes can be phished, hardware security keys and passkey can’t
Google Chrome on PC can let you verify from the phone to unlock passkeys
TOTP can be phished remotely, passkeys / hardware security keys can’t (need to get malware into the users’ computer instead)
The synchronization part is the annoying part. And when you have multiple accounts on one site you can end up with multiple passkeys for it.
They’re using the same standard as FIDO2 / WebAuthn hardware security keys. The protocol is phishing resistant, unlike TOTP and similar one time code solutions.
I prefer the physical ones, because they’re easy to organize. Passkey synchronization can be annoying.
The scaling attack specifically can make a photo sent to you look innocent to you and malicious to the reviewer, see the link above
There’s basically ideologues versus hateful people versus indifferent sociopaths (overlap is common)
I consider political ideologues and “technocrats” and extremely pedantic rule-following bureaucrats to be different flavors of ideologues (has a specific worldview they try to enforce / uphold)
Yeah so here’s the next problem - downscaling attacks exists against those algorithms too.
Also, even if those attacks were prevented they’re still going to look through basically your whole album if you trigger the alert
Apple had it report suspected matches, rather than warning locally
It got canceled because the fuzzy hashing algorithms turned out to be so insecure it’s unfixable (easy to plant false positives)
To be pedantic, transparency mod bots exists on reddit and server admins can redact the log here.