Xmpp is The activitypub of chatting

For Cloudflare users:
Security Rules:

(http.request.uri.path eq "/api/v3/comment/list" and not http.request.uri.query contains "post_id")

For Caddy users:

  # >>> Specific handler for /api/v3/comment/list with post_id check
  handle_path /api/v3/comment/list {
    # Check if the 'post_id' query parameter is present
    @hasPostId {
      query post_id=*
    }
    # Abort the connection if the parameter is missing
    handle @hasPostId {
      reverse_proxy http://localhost:8536/
    }
    # This handles all requests that did not match @hasPostId
    abort
  }

Good, I am challenging all ASN 49453

I am gonna try to make it for caddy too

@cadusilva@bolha.one

Hahahaha this is the best comment I ever read!

lol this works

I think these things oscillates a lot.

I guess he was ironic

IIRC they are already working on this

This is where a lot of the reliance of GitHub comes from, in my opinion.

100% agree with you here.

We already get more than enough drive by spam from everyone who just makes an account to complain that our code doesn’t do something we never said it did. And if they don’t even have to do that? Ugh.

That’s easy to solve by allowing no one to open issues at all. JK.

Keep adding

https://old.lemmy.world/

They are not. Stop spreading bullshit…

Samesies, my friend.

Fediverse

All social media platforms are a bit cursed if you ask me. Even Fedi is doomed to many of the same ills—as much as I love it. But, for all its faults, the Fediverse survives, it continues to improve, and can be kinda magical sometimes. I personally believe that the Fediverse, of all the social networks, is best for us as humans. If you think so too, consider getting involved and supporting organizations like The Nivenly Foundation who’s Security Fund looks to help Fedi stay a safe and secure place for all.

A new security fund opens up to help protect the fediverse | TechCrunch Sarah Perez 4–5 minutes

The fediverse, also known as the open social web that includes Mastodon, Meta’s Threads, Pixelfed, and other apps, is ramping up its security. On Wednesday, a nonprofit focused on bringing governance to open source projects, the Nivenly Foundation, announced the launch of a new security fund that will pay those who responsibly disclose security vulnerabilities that affect fediverse apps and services.

While all software can have security issues, Mastodon — an open source and decentralized alternative to X — has fixed numerous bugs over the years, leading to the need for such a program. Another issue found in the fediverse is that many servers are run by independent operators who don’t necessarily have a security background or understand best practices.

Already, the Nivenly Foundation has helped a few fediverse projects set up their basic security vulnerability reporting process, and now it’s looking to distribute small payouts to anyone who responsibly discloses other security vulnerabilities that may still be in the wild.

The payouts will total $250 for vulnerabilities with a vulnerability severity score (known as CVSS) of 7.0-8.9 and $500 for more critical vulnerabilities with a CVSS score of 9.0 or greater. The funds for the payouts come from the foundation, which is supported directly by members — which includes individuals as well as other trade organizations.

The vulnerabilities themselves are validated by acceptance from the fediverse project leads as well as public records in vulnerability disclosure (CVE) databases.

The fund is currently in a limited trial after the discovery of a security vulnerability in the decentralized Instagram alternative, Pixelfed. Open source contributor Emelia Smith came across the issue, and the Nivenly Foundation paid her to fix it, she explains.

A more recent issue came about when Pixelfed’s creator, Daniel Supernault made the details of a vulnerability public before server operators had a chance to update, which would have left the fediverse vulnerable to bad actors, she says. (Supernault has already apologized publicly for his handling of the issue that had affected private accounts.)

“Part of the program is…education for project leads, helping them understand why responsible disclosure practices for security vulnerabilities are important,” Smith told TechCrunch. “We came across several projects that just said ‘file security vulnerabilities in our public issue tracker,’ which absolutely isn’t safe, as any malicious actor watching that repository would now be able to attack instances of that software,” she added.

Typically, the common practice is to disclose minimal information about a vulnerability, giving server operators time to upgrade, Smith said. However, this requires that project leads understand security best practices.

In the case of the Pixelfed issue, for instance, the Hachyderm Mastodon server, which has over 9,500 members, decided it needed to defederate (or disconnect from) other Pixelfed servers that hadn’t been updated in order to protect their users.

With this new program designed to follow best practices around the disclosure of vulnerabilities, the need to defederate to protect users may become less common.

Sarah has worked as a reporter for TechCrunch since August 2011. She joined the company after having previously spent over three years at ReadWriteWeb. Prior to her work as a reporter, Sarah worked in I.T. across a number of industries, including banking, retail and software.

thanks!

too many people called them out on the CEO’s views.

What views?