Dave Winer ☕️It's nice to start over on Masto. When someone you haven't thought of in ages follows you it's a chance to think about them again. Which is often nice.
John Gruber@davew Have you been able to figure out why your Mastodon profile link to Scripting.com isn’t “verified” yet? I’m looking at Scripting.com’s HTML and I don’t see why it isn’t working. I saw you were looking into this the other day.
Jake in Oregon 👾 
@gruber @davew HTTPS links are required for verification, per the official docs at https://docs.joinmastodon.org/user/profile/
Colin Devroe@cdevroe @davew @gruber Again, you have to think about the whole chain for attacks. And don't think Dave, think heads of states and F500 corps.
Here's how I'd actually MITM it for my 40,000 users on our network equipment. (and yeah, there's a CSS spacing bug for the forwarded server.).
Then, on evilserver.org, I'd have some code that met my goals.
You would do something similar to attack different points in the chain, depending on what your exact goals and jail time tolerances were.
@codejake It just so happens that my jail time tolerance is something less than zero. Thanks for the follow-up. Fascinating.