Hello cybre.space, time for #introductions! :)
I'm a networking geek and researcher living in Berlin, currently working on a PhD in Computer Science. On a technical level, I like access networks such as WiFi and mobile networks, I like measurement and understanding performance, and I do low-level user-space programming in C. I sometimes talk about science, free software, and tech communities, among other things.
Since it was surprising to me that 127.257 and 2130706433 are pingable addresses, I wrote up my findings and a short explanations for people unfamiliar with how IPv4 addresses look under the hood: https://rixx.de/blog/fun-legacy-ip-addresses/
You thought you know IPv4 addresses? Let me tell you something:
YOU PROBABLY DON'T!
I learnt today that IP addresses can be shortened by dropping the zeroes.
http://126.96.36.199 → http://1.1
http://192.168.0.1 → http://192.168.1
This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted.
#infosec #bugbounty #bugbountytip
We trust you have received the usual lecture from your local System Administrator. It usually boils down to these three things:
#1) Women, especially women of color and trans women, built the foundations of most of your digital life.
#2) Before you try to help someone with a problem, make sure they actually asked for your assistance.
#3) Others' needs are more important than your convenience.
I'm extremely pleased to launch Run Your Own Social: How to run a small social network site for you friends.
This is a guide book to running a small, tight-knit federated social network server. It comes from my year of experience running Friend Camp. It's focused largely on SOCIAL solutions, though it does touch on the technical.
I've tried to keep it technology-neutral, and it should be a pretty easy read for anyone who's been on the fediverse for a while.
Hey! :) The Recurse Center is "funding Fellowships of up to $10,000 for women, trans, and non-binary people to work on programming projects, research, and art at RC this fall.
Apply by July 22nd and start August 12th or September 23rd."
This is an incredible opportunity – if you want to be part of a diverse, kind programming community, and spend three months focusing on projects close to your heart, this is your chance! Happy to answer any questions you might have! \o/
"On 10 April, astrophysicists announced that they had captured the 1st ever image of a #blackhole.
Just 5 days later, the NSF rejected a grant to support that ecosystem, saying that the software lacked sufficient impact.
#opensource is widely acknowledged as crucially important in science, yet it is funded non-sustainably."
GnuPG — "SKS Keyserver Network Under Attack":
"If you fetch a poisoned certificate from the keyserver network, you will break your GnuPG installation."
"High-risk users should stop using the keyserver network immediately."
Would any Sex-worker be interested in giving a talk or workshop at our @PrivacyWeek conference?
It's a one-week conference about privacy, data-protection, GDPR and technology assessment organised by the non-profit Chaos Computer Club Wien in October in Vienna/Austria.
Automated blocklist sharing Show more
Automating the sharing of blocklists is great for:
🍍 Discreetly silencing minorities
🍍 Preventing those who have been targeted for abuse through this system from ever vindicating themselves
🍍 Policing who can be friends with whom for petty reasons
🍍 Abdicating responsibility for decisions that an instance admin really should have to stand behind
Dear IT-humans: Please do yourselves a favour and create security@ as an email address on all of your domains which is actually routed and read by someone with knowledge about your IT!
That way you make it easy for people who accidentally stumble upon security issues with your infrastructure to actually report them to you.
The sheer fact of having and reading security@ (as mandated by RFC 2142) will help improving your IT security.
If you are a trans or non-binary person, your participation in this anonymous survey is appreciated! (and boost also appreciated!)
Name change for trans or non-binary people
You've seen the QPoC Flag, yes? Well here's the QTPoC Flag!
I'll have an SVG available of this eventually, but feel free to save this and share it and whatever you want. The black outline is there because I'm gonna try to make a patch from it, but it's easy to remove once you have the SVG.
If you want a regular image without the outline, lemme know and I'll upload one here to the fediverse
Prison Abolition and dealing with "The Dangerous Few"
I found this super compelling and it resolves my only holdout argument against prison abolition.
Design student creates a high-tech adjustable binder for trans people, which is apparently safer and easier to use than existing binding methods.
"It’s strange, isn’t it? The ideology of capitalism is that it is a system that generates immense abundance (so much stuff!). But in reality it is a system that relies on the constant production of scarcity.
This conundrum was first noticed back in 1804, and became known as the Lauderdale Paradox. Lauderdale pointed out that the only way to increase “private riches” (basically, GDP) was to reduce what he called “public wealth”, or the commons. To enclose things that were once free so that people have to pay in order to access them. To illustrate, he noted that colonialists would often even burn down trees that produced nuts and fruits so that local inhabitants wouldn’t be able to live off of the natural abundance of the earth, but would be forced to work for wages in order to feed themselves. "
Degrowth: A Call for Radical Abundance
PSA: Citing sources Show more
So, this is worth talking about as we slide further into a rather gross political time.
It is critically important to cite reliable sources when posting about the injustices going on.
This can mean a link to a news article, it can mean saying "I was there and here is what I saw," or whatever. The important thing is that anyone reading it should be able to check the underlying facts, as much as possible.
Also, be skeptical of news analysis, which is basically someone's personal interpretation of the facts.
By making this a habit, and by not spreading outrage-provoking news without sources, we inoculate our social circles against "fake news," and we help stop instigators from spreading misinformation to divert us from the real threats.
Propaganda isn't a bunch of brochures being dropped from airplanes, it's a social media meme.
Network geek and researcher from Berlin. Queer feminist, bisexual, fights for social justice. She/her
ｃｙｂｒｅｓｐａｃｅ: the social hub of the information superhighway
jack in to the mastodon fediverse today and surf the dataflow through our cybrepunk, slightly glitchy web portal