K‮ly‬e @khird@qoto.org

@lhackworth Thanks! Looked it up, and that's the contact email for each instance, not the registration email for the user. So if you see unusual traffic in your logs, you can send an email to the responsible admin. It basically saves you the trouble of figuring out which instance made the request (reverse DNS may be ambiguous if the IP address hosts multiple instances), going to that site, and finding the contact info for the admin.

@lhackworth Where do emails appear in the log? Some kind of cookie or header?

@realcaseyrollins

All* the countries ahead of the USA on the list are ones that actively import plastic waste for profit. Nominally it's a recycling operation, but oversight is lacking in many of these places and plenty of it ends up not being recycled for one reason or another. It's ultimately Western countries' garbage in large part.

* China actually banned such imports in 2018. The attribution is vague, not including a date - I suspect the author used data from before the Chinese ban.

Working around Twitter in 2020, a play in two acts.

Summer 2020
My browser: Hi, #Twitter! I’m #PaleMoon.
Twitter: We don’t like you, so we’re going to pop up a modal warning on every page you request to force you into retirement.
My browser: That’s okay, I can suppress the warning with #uBlockOrigin.

This week
My browser: Hi, Twitter! I’m Pale Moon.
Twitter: Seriously, how are you still here? Every page is now an error page advertising browsers we like.
My browser: Wait, that’s it? I can’t just suppress the warning to show the webpage behind it?
Twitter: No. And if you pretend to be a supported browser, we’ll serve you content that you can’t display correctly and it’ll look stupid.
My browser: The hell? You’re just a microblogging service. Your roots are in SMS messages, for crying out loud. Why on earth can you not make do with normal #HTML?
Twitter: This is 2020; who would want a normal HTML webpage anyway?
My browser: Hmm, who would want normal HTML, you say?
puts on false moustache
Hi, Twitter! I’m Googlebot!

@freemo @L29Ah

You could probably get away with a transient setup if you pass it over something like an oil-flow visualisation medium. The flow changes direction over each oblique shock, so there should be sharp corners in the traces. And that's likely safer anyway, because the observer doesn't have to get near the exhaust while it's moving at supersonic speeds, and the exhaust doesn't have to be hot enough to glow for visibility. Run the demo with everyone a safe distance away, then bring over the oil plate for everyone to see the streak pattern.

The problem is you only get diamonds in an overexpanded supersonic jet (i.e. lower pressure than ambient air), which means you need a good idea of what the properties of the high-pressure combustion products would be so you can design an appropriate nozzle to bring them down to below-ambient pressures. These combustion products are probably highly nonuniform and may even still be reacting as they pass through the nozzle, so the problem of nozzle design would be trickier than in steady flow.

@freemo Thanks for trying! I'll do my best with the available tools, and if you do wind up with your hands in the database at some point and wouldn't mind assembling those lists, I'd be happy to work through them.

@freemo Happy to help & earn my keep as a mod.

Do you know if there's a way to run more complex queries than simple searches? For example, if I could get the set of local users who have a link in their bio and zero posts, that would include virtually all the SEO spam accounts but pare away most of the real users. It'd be much easier to work through that list. Another useful one would be the set of users who have posted only toots containing links.

Friends, today was the anniversary of the Polytechnique attack. Please take a moment to consider the obstacles still faced by women and minority STEM students in many parts of the world, and, if you can, lend your support as they confront those obstacles.

#STEM #Engineering #ÉcolePolytechnique #BIHE

@freemo oh I see. That’s less different than I thought initially - actually pretty close to how I do it fast, but when I slow down to type it out for someone else, I break out the (n-k)! term as a separate step.

@freemo I’m not sure I understand how you reason it from that description. Do you mean that you first arrive at the k! and (n-k)! factors in the denominator and only recognise the n! numerator at the end?

@freemo

Might benefit from a discussion of why nCk = n!/(k!(n-k)!). I don’t use combinatorics often enough to have it memorised, so I re-derive the nCk and nPk formulae every time I need them. Here’s my reasoning:

• If you want to arrange n objects, you can choose any of n for the first, any of the n-1 remaining for the second, … down to one for the nth. So n objects can be arranged in n! = n(n-1)...1 ways.
• If you want to choose k of n objects, you can do this by ordering the n objects and taking the first k. So initially nCk = n!
• However, you don’t care about ordering of the chosen objects. If you choose two of {1, 2, 3, 4}, the orderings {1, 2, 3, 4} and {2, 1, 3, 4} should not be treated as distinct. Since there are k! ways to order the k objects you chose, you need to divide that out. Now we have nCk = n!/k!
• Equally, you don’t care about ordering of the non-chosen objects. In the above example, {1, 2, 3, 4} and {1, 2, 4, 3} should not be treated as distinct. There are n-k of these objects, so (n-k)! ways to order them, which again should be divided out. Finally, we arrive at nCk = n!/(k!(n-k)!)

@freemo

obligatory xkcd

@Shamar ah that helps.

> Alice is in Europe and wants to ensure Bob (who is in the US) that when they connect to a certain Eve's IP, their packets will reach an ethernet in the US.

> Bob trust Alice.

Bob can host a VPN, secure proxy, SSH tunnel, etc., through which Alice connects to Eve. Then as long as Bob's ping to Eve stays below what he could expect for a transoceanic RTT, he knows that both he and Alice are connected to the US one.

If a BGP attack redirects Bob's traffic intended for Eve-US to Eve-CN, his ping will jump. If a BGP attack redirects Alice's traffic intended for Bob to an imposter, she will see a mismatch between Bob's certificate and the imposter's.

@realcaseyrollins Aero engineering has drilled that acronym into me as Maximum Gross Takeoff Weight; it's hard to read it as anything else

@Shamar Can you be a bit more specific about what you're trying to achieve? With this talk about BGP trickery, we're out of the scope of your original question, which was about the computer reachable at a certain IP address - now you're asking for statements about the computer that *should* be reachable at that address if not for malfeasance by the network.

My understanding is that you have a scenario where Alice wants to prove to Bob that she (or rather, the computer under her control) is physically close to Bob, where the network may be maliciously misrouting packets and/or forging responses.

Ping can carry a payload - and according to spec, the reply contains the same payload as the request. But you could invent a derivative where that rule isn't observed. So it would go something like this:
1. Bob sends a ping with an unpredictable payload.
2. Alice computes a hash of the original payload, signs the hash, and sends a ping response with the signature as the new payload.
3. Bob checks that the response time is inconsistent with a distant interlocutor, computes the same hash as Alice did, and verifies the signature against her public key.

Bob's initial payload must be unpredictable so that Alice cannot precompute the response and send it before receiving Bob's message. The payload may have a specific format, though - which would allow Alice to respond correctly to normal pings (i.e. echo the unmodified payload) on the same interface.

Of course if Alice is uncooperative, she could do things to make herself appear further from Bob, but it is hard to appear closer. Similarly, she may be unable to prove location if she's on e.g. a satellite connection - her communication takes exactly the same path from anywhere in roughly a quarter of the globe, so Bob can't tell if she's next door or 10000km away.

@Shamar Not that I know of; technically, the duplicate is the ethernet responding to a certain public IP at that point. If there’s a specific impersonator (or a list of impersonators), you could test for it with a traceroute like you said watch for a hop through an address on your blacklist.

@Shamar "Safest" in the sense of fewest false positives? Ping from a host you know is in the vicinity of where he claims to be. It's hard to fake fast ping from a geographically distant host.

There's a tradeoff between low false positives and high false negatives, though. If a nearby host has high latency he could be either far away or on e.g. satellite internet.

@realcaseyrollins Possibly, although not all instances are aware of one another, so there might be some edge cases where that strategy fails. I don't understand the server-to-server communication in the Fediverse as well as I understand the client-to-server communication, so I can't invent an exact scenario to exploit it.

What benefit are you hoping to get from this? If you're going to disambiguate homonymic users, users with alts won't have their names shortened anyway.

@realcaseyrollins It's an obstacle to impersonation. On Twitter you can get away with "parody accounts" but that's frowned upon in most of the Fediverse.

For example, let's assume I register @realcaseyrollins@example.com and set it up with your profile picture and display name. Then I can post whatever I want there, and boost it on my main account. If the domain is hidden, it's indistinguishable from me boosting your real account - and sure, the user could open the compose-reply window to see if the mention has "@counter.fedi.live" or "@example.com", but there isn't any indication even that something's amiss and warrants investigation.