Benno

@bensge
135 Followers
303 Following
137 Posts
Security Engineer, formerly CISPA & iOS jailbreak tweak developer
Twitter@bensge
Websitehttps://bensge.com
LocationGermany
BennoSep 19, 2025
@goeo_ sup :p
BennoAug 13, 2025
Filippo ValsordaAug 13, 2025

I edited my Cross-Site Request Forgery countermeasures research into a stand-alone article, including recommendations reusable by other projects.

tl;dr: no need for tokens or keys, modern browsers tell you if a request is cross-origin!

https://words.filippo.io/csrf?source=Mastodon

Cross-Site Request Forgery

Cross-Site Request Forgery countermeasures can be greatly simplified using request metadata provided by modern browsers.

BennoJul 13, 2025
Mike [SEC=OFFICIAL]Jul 13, 2025
Once again I appear to have put something in "a safe place" while incorporating a threat model that includes criteria such as "I may want to find it one day".
BennoJun 18, 2025
Max RudbergJun 9, 2025
Glasklart theme from 2010
BennoApr 1, 2025
So you can swipe on the trackpad to go back on the GitHub website except when the cursor is inside a code block??? Who designed this?
BennoNov 11, 2024
Sunset at 3:55pm already πŸ™
BennoOct 10, 2024
Chee Aun πŸ€”Oct 8, 2024

Hopping on the releases train. #PhanpySocial changelog ✨

πŸ’¬ 5 new languages: Dutch, Esperanto, Galician, Italian, Japanese
πŸ› Bug fixes

Recap: Mastodon v4.3 features (https://github.com/mastodon/mastodon/releases/tag/v4.3.0) already supported on Phanpy:
- Server-side notification grouping (opt-in)
- Filtered notifications
- Severed relationships notifications
- Timeline of public posts about a trending link
- Author highlight for news articles

πŸ”— https://phanpy.social/
πŸ’¬ https://matrix.to/#/%23phanpy:matrix.org

Release v4.3.0 Β· mastodon/mastodon

Upgrade overview This release contains upgrade notes that deviate from the norm: ‼️ Requires new encryption secrets environment variables ⚠️ The minimal supported version for PostgreSQL has been bu...

GitHub
BennoSep 24, 2024
Anil DashSep 24, 2024
The lack of surveillance-based tracking for podcasts is a feature, not a bug, and a happy outcome of the format having been built around open standards instead of a single monopolistic company.

RE: https://www.threads.net/@jbillinson/post/DARuFKky5ju
Josh Billinson (@jbillinson) on Threads

It’s really amazing that the podcast industry lasted for so long on an ad-supported model while also giving every user a button that instantly skips forward the length of roughly one ad

Threads
BennoSep 6, 2024
Zelda πŸ‘‘Sep 6, 2024

*advertiser spends billions a year and spies on me through 30 different apps*

"d-do you want to buy... *looks at my receipt for a GPU purchased yesterday* do you want to buy a GPU?"

BennoAug 30, 2024
Spotify has a frustratingly bad UX if you care about music.
What was the song you just played?
Sorry, I forgot it in the playing history.
Maybe just go back a track?
Random other song starts playing.