Mastodawn

It has come to our attention that an abuse service ("mastinator") has appeared here on the fediverse. This service allows bad actors to read followers-only posts of their targets by doing automated follows through fake users.

We've found data scrappers before, but this is an insidious new technique.

To counter it, you need to go to your settings page and lock your account; this means you'll need to approve followers manually. Also,search for "mastinator" among your followers and remove them.

Admins, please block the domain mastinator.com (EDIT: I was just informed that Mastodon already blocks all subdomains whenever you block a domain, so there's no need to add *.mastinator.com to the block list)

#Fediblock

Take care.

Cruiseren Dec 30, 2022

(((Jann Gobble)))🏳️‍🌈Dec 29, 2022

@zleap @auschwitzmuseum I just wish orgs here would realize its not the number of followers here, but the quality.

You'll get far, FAR more boosts of your signal with less followers who are more apt to boost what you are saying (engaged).

100k means nothing if those people don't engage and/or don't really believe in the cause.

Cruiseren Dec 30, 2022

Auschwitz Memorial Dec 29, 2022

Our community here has already reached 75k.

Thank you for your continuous support.

We remember about the history and the human tragedy of Auschwitz in order to create better, safer and more responsible future. We are grateful for amplifying our voice.

#Auschwitz #Memorial #community #memory #history

Cruiseren Dec 30, 2022

Robert Reich Dec 29, 2022

If the top 1% holding more wealth than 290 million Americans doesn’t convince you that wealth inequality is out of control, I don’t know what will.

Cruiseren Dec 30, 2022

Show thread

Sc00bz Dec 30, 2022

@epixoip @staticnoisexyz @WPalant @soatok This is all the code you need to read to know LP is not or at least was not doing crypto correctly, but this did give us the LastPass penguin.

Padding is N bytes each of value N (eg \x02\x02 or \x05\x05\x05\x05\x05 etc). This code checks the last byte of a decrypted message and if it is 0 through 16 then it removes that many bytes from the message. If the last byte is "not valid" then it sends LP that decrypted byte. This is the weirdest padding oracle I've ever seen. Note zero should be an invalid pad. I found this because I saw a get request of "https://lastpass. com/error.php?msg=website errors(1): Bogus pad:88 length: 50&_dc=1446052072243".

I believe I was told that this was in all their apps and they removed it but missed it in a few places.

PaddedDataToString: function(a /* string - decrypted data */, b /* bool - whether to report the bogus pad or not */)
{
var c = "", d, e = a[a.length - 1];
if (0 <= e && 16 >= e)
{
for (d = a.length - 1; 0 < d && a[d] == e; d--);
for (e = 0; e <= d; e++) c += String.fromCharCode(a[e])
}
else
b || t("Bogus pad:" + e + ("undefined" != typeof g_to_dec ? " length: " + g_to_dec.length : ""));
return c = AES._utf8_decode(c)
}
From https://web.archive.org/web/20150906164449js_/https://lastpass.com/m.php/all?1426604514

Cruiseren Dec 30, 2022

Gil Duran Dec 24, 2022

A few years ago, right before the holidays, someone wrote in with a question for Dr. George Lakoff: “When my family gets together for the holidays, how do I avoid getting into a political argument with my conservative grandfather?”

“Don’t argue with your grandfather,” Dr. Lakoff answered. “Instead, ask him to tell you a story about a time he did something good for someone else. Listen, and then ask him to tell you another one.”

Empathy, the secret weapon:
https://georgelakoff.substack.com/p/wise-advice-for-dealing-with-conservatives

How to deal with a conservative relative during the holidays

Dr. George Lakoff's small lesson in the power of empathy

FrameLab

Solidarity	Share this planet
Socialism	Solidarity
Equality	Socialism
Integrity	Equality