Dan Guido

@dguido@infosec.exchange
1,022 Followers
81 Following
8 Posts

Pedro Pascal as Quokkas.

A thread.

OMG who did this? I am crying

Wow, just look at that timeline 🔥

#Testing a new encrypted messaging app's extraordinary claims

https://crnkovic.dev/testing-converso/

Testing a new encrypted messaging app's extraordinary claims

How I accidentally breached a nonexistent database and found every private key in a 'state-of-the-art' encrypted messenger called Converso.

crnkovic.dev
👀
“We perform a survey of open-source implementations and find 36 weak Fiat-Shamir implementations affecting 12 different proof systems. For four of these—Bulletproofs, Plonk, Spartan, and Wesolowski’s VDF—we develop novel knowledge soundness attacks accompanied by rigorous proofs of their efficacy. We […] demonstrate that a weak F-S vulnerability could have led to the creation of unlimited currency in a private blockchain protocol”
https://eprint.iacr.org/2023/691
Weak Fiat-Shamir Attacks on Modern Proof Systems

jack dorsey hardly ever actually posted on twitter. but jack's been actually posting on bluesky!

turns out he's an RFK Jr fan. the bluesky regulars are ragging the shit out of him and discussing the crunchie->qanon pipeline. hope jack's enjoying it!

i remember trying and failing to write a piece on Jack and bitcoin for Foreign Policy. he does not appear to have a personality.

having done the research, i am convinced the man is actually a chatbot that was sent back through time. literally a boring person's idea of an interesting person.

the missing ingredient on bluesky was obviously a billionaire who sucked to bully

I just released a #Prometheus exporter for #mastodon that others may find useful:
https://github.com/andrew-d/mastodon_exporter

It currently supports metrics for number of local accounts, number of posts, number of resolved/unresolved mod reports, and a histogram of how long it took to resolve reports on the instance.

I'm planning to use it to graph the number of posts on our instance over time, and to set up alerting so that a new report doesn't get lost, along with tracking report SLAs to keep ourselves honest 😃

This is my first time writing a Prometheus exporter, so feel free to submit PRs and I'd appreciate any feedback from those that do test it!

I run it on my Postgres database using something like:

DATABASE_URL="host=/var/run/postgresql user=mastodon database=mastodon" /path/to/mastodon_exporter --web.listen-address=localhost:9393

Boosts are appreciated to reach other Mastodon admins that may find this helpful.

#mastoadmin #monitoring

GitHub - andrew-d/mastodon_exporter: Prometheus metric to export data about a Mastodon instance

Prometheus metric to export data about a Mastodon instance - GitHub - andrew-d/mastodon_exporter: Prometheus metric to export data about a Mastodon instance

GitHub