Dave Winer ☕️It's nice to start over on Masto. When someone you haven't thought of in ages follows you it's a chance to think about them again. Which is often nice.
John Gruber@davew Have you been able to figure out why your Mastodon profile link to Scripting.com isn’t “verified” yet? I’m looking at Scripting.com’s HTML and I don’t see why it isn’t working. I saw you were looking into this the other day.
Jake in Oregon 👾 
@gruber @davew HTTPS links are required for verification, per the official docs at https://docs.joinmastodon.org/user/profile/
Colin Devroe@cdevroe For spoofing attacks, start here:
https://en.wikipedia.org/wiki/Man-in-the-middle_attack
Now, when you bring this up to most IT pros, they'll say "But, that's so unlikely, and the attacker has to be in a special place on the network.".
But these attacks can take place anywhere along the chain, from browser extensions to on-the-wire to caching, to CDN, to destination infra.
There's also another class of attacks it prevents, but it's complicated, I'm on vacation, and it won't fit in a toot anyway. 😄