Show newer

@wagnerblog unfortunately, in Iran, North Korea, Cuba, Venezuela, and Syria, at least, we have seen totalitarian power pass down to an heir apparent.

@AvengingFemme the most Twitter mentions I think I ever got was when James Lindsay (anti-woke, anti-CRT grifter) QT'd me with bad faith, zero information, single-word comments and his rabid bunch of followers dog-piled me for several hours. Pure harassment play. Fortunately, I knew it would be a quick storm.

This one experience doesn't give me a hugely strong opinion on whether QTs are net good or bad, tho.

Since lots of people don't seem to know this: there is a totally free library app called borrow box where you can download free ebooks and audiobooks to your heart content. The books are returned automatically, so there are no late fees. You can reserve and renew books for free, too. All you need is a standard library membership. #books #library #BorrowBox #freebooks #audiobooks #audible #amazonprime

A user on the cybercrime forum Breached is selling what they claim is info scraped via Twitter APIs from 400 million Twitter profiles, including email, name, account name, follower count and in many cases phone number.

The seller told me they scraped the data using the same set of weaknesses in Birdsite APIs that allowed the scraping (and publishing) early this year of profile data on 5.4M Twitter users.

bleepingcomputer.com/news/secu

They said they scraped the data via an exploit that was patched earlier this year, in the login api, and specifically the part of it that checks for duplicate accounts.

That, according to the seller, leaked the Twitter user ID, which was then converted via another Twitter API into a username. They also said that same iterative process worked for user telephone numbers.

The vulnerability that was reportedly used to scrape the previously dumped 5.4M twitter user data set was reported to Hacker One on Jan. 1, 2022.

hackerone.com/reports/1439026

The seller released 1,000 new records as a teaser, and is trying to get Twitter to buy the data for an undisclosed amount.

They also pasted a number of "celebrity" accounts directly into the sales thread. Curiously, this record set does not have the phone number associated w/ my Twitter account. But it was in the 5.4M scrape that got released on the same forum last month. However, I removed the burner phone number from my profile around the time the seller said they scraped this data (beginning of 2022).

The data in both the teaser and the 1,000 user file includes follower counts for each user, and a spot check on about a half dozen of them show follower numbers consistent with what Archive.org and Sociable says about follower accounts at the beginning of Jan 2022/end of December.

They are selling it through the escrow service set up by the administrators of the forum, which is what you'd expect to see in a real offering for this volume of data.

Is there (or could there be) a standard way to link to posts and profiles that automatically views through your default client, whether that's an app or web client? When sharing links off Mastodon it would be nice to automatically have them be viewed from the viewer's chosen instance and client.

@AvengingFemme I actually can see the images, so thanks!

I'd be interested to understand why qoto has been defederated. As far as I can tell, it's because of loudly refusing to defederate instances where abusive people reside and people not liking how the admin roles. But I'm pretty new to the Fediverse.

I'm likely to self host to hopefully control my own federation destiny. But Ariadny's point resonates with my experience. I picked an instance based on cursory information and find myself cut off from parts of the Fediverse. It's very possible for this to happen to people and they don't even know!

@AvengingFemme @ariadne ironically, I can't see the original posts. From my instance's perspective, the last post from @ariadne is about how the instance that hosts my account is being defederated.

😄

Did you know that Billy Joel put out a heavy metal album?

And do you know some people (wrongly!) believe it's the worst album of all time?

Here's the album!

youtube.com/watch?v=L7s8PHnCTG

So, you've run debirdify.pruvisto.org/ , fedifinder.glitch.me/ and twitodon.com/ to migrate from Twitter, and then searched via fediverse.info/explore/people but still feel like your timeline is empty? Then have a look at followgraph.vercel.app/ which looks up all the people you follow and then the people that *they* follow to suggest new people for you.

Journalist profiles on the Washington Post can now include Mastodon links. Here's what it looks like: washingtonpost.com/people/drew

I feel like I come here to learn stuff and go to Twitter when I need my tabloid fix 😂

@johode Wow, TIL!

Yeah, there's nothing new under the sun, but I suspect that social media creates a positive feedback mechanism for the halo effect. I can see a bunch of other people reflecting back that same cognitive bias, deepening my own.

Hey, everyone who follows me who is hacking on somethigna round ActivityPub/fediverse — please reply here and share a link to your app/GitHub/Glitch! Would love to show off all the creativity that's happening right now. (And please boost so your friends can share their projects too.)

@tobyjaffey @anildash Ah interesting. I've been thinking of Mastodon as an ActivityPub implementation, but in practice, it sounds like it also defines a higher-level open API that supports other clients.

@anildash I've built a toy/hack Node.js #ActivityPub server which exposes (some of) the #MastodonAPI in the front end. That means you can connect to it with a Mastodon client app and send/receive messages. It's helped me figure out how this stuff works and hopefully will help others understand too github.com/ringtailsoftware/cu

Show older
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.