Home | Notifications | New Note | Local | Federated | Search | Logout
feld@feld@friedcheese.us
Up and not crying
Delta Chat: https://i.delta.chat/#2308C221F5B7403CE990C06F240C7E0EA369B0D5&a=x2lfrbwxg%40chat.feld.me&n=feld&i=fjYh0v48KCmFgS2JAOVmaIt4&s=lgQyur9Gwm5Lk3lkbBfaVAch
⚡️: strike@feld.me
Gulf: of Mexico
Joined: 2026-02-23 22:03:39
7 notes, 0 following, 0 followers
Reply to @silverpill@mitra.social
feld@feld@friedcheese.us (2026-04-15 01:37:36)
@silverpill @phnt @benpate harder to target users on your own homeserver when you don't have a public timeline where you can spy on your users to pick a victim based on their public posts/profiles.
most of the activity on Matrix is private or at least in group chats. The fediverse is public by default.
Reply to @phnt@fluffytail.org
feld@feld@friedcheese.us (2026-04-15 01:29:09)
@phnt @benpate good question. I think the reality will be more like
- flawed implementation, terrible rollout
- Mastodon and maybe Pixelfed support it (seems like something dansup would jump on)
- all the logic has to be in the client (or frontend)
alright. Now we've got an app store with a ton of shady looking fedi clients (we're that popular guys).
How long before any of those are modified to exfiltrate your keys? How long before the first incel server admin that wants to spy on some female account so they backdoor the FE to steal their keys next time they login?
As soon as one of those events happens, now trust is gone. So Mastodon has to restrict access to this feature to the official Mastodon app and the official Mastodon servers.
UHOH SPAGHETTI-O
Reply to @phnt@fluffytail.org
feld@feld@friedcheese.us (2026-04-15 00:32:06)
@phnt @benpate
> E2EE
> Fediverse
Complete and utter bullshit. Explain how they manage private keys. Not gonna happen. Their document skips this step and only discusses how to discover public keys. They're waiting until the last minute to solve this piece because it's the hardest part. How can you securely distribute them across every browser/session and app that people use to access Mastodon etc? If they were gonna copy Matrix's SSSS they'd have mentioned it
https://github.com/swicg/activitypub-e2ee/blob/main/architectural-variations.md
Reply to @feld@friedcheese.us
feld@feld@friedcheese.us (2026-02-26 03:00:17)
let's analyze this futher!
The Rust version:
> du -sh `which dnstracer`
1.1M /usr/local/bin/dnstracer
> ldd `which dnstracer`
/usr/local/bin/dnstracer:
libthr.so.3 => /lib/libthr.so.3 (0x3df3fbeeb000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x3df3fe3a1000)
libc.so.7 => /lib/libc.so.7 (0x3df3ff0a8000)
libm.so.5 => /lib/libm.so.5 (0x3df3ff9d8000)
libsys.so.7 => /lib/libsys.so.7 (0x3df3fdc84000)
[vdso] (0x3df3fb325000)
The C version:
> du -sh `which dnstracer`
21K /usr/local/bin/dnstracer
> ldd `which dnstracer`
/usr/local/bin/dnstracer:
libc.so.7 => /lib/libc.so.7 (0x269ec858a000)
libsys.so.7 => /lib/libsys.so.7 (0x269ec6fb5000)
[vdso] (0x269ec69fa000)
Why is this considered progress? Why do we keep doing this to ourselves?
feld@feld@friedcheese.us (2026-02-26 02:59:18)
> there's a Rust rewrite of dnstracer, dnstracer-rs
>> it appears to be actively developed. But this is kind of a solved problem, so why so many releases?
>>> "lock file maintenance" and bumping dependencies
MEANWHILE the C version has been frozen in time for decades because it has no external dependencies or compiler updates it needs to chase all the time
Reply to @feld@friedcheese.us
feld@feld@friedcheese.us (2026-02-23 14:34:39)
@lain only ethical option now is to drop all reports with the MRF and only accept reports from your own users
Reply to @lain@lain.com
feld@feld@friedcheese.us (2026-02-23 14:32:58)
@lain that's a new mastodon feature actually so other instances can be "warned" about the bad person they should also ban
Not joking