Mastodawn

Dan Guido

@dguido@infosec.exchange

1,022 Followers

81 Following

8 Posts

Dan Guido Feb 20, 2024

nixCraft 🐧Feb 18, 2024

Dan Guido Aug 3, 2023

Amanda Aug 3, 2023

Pedro Pascal as Quokkas.

A thread.

Dan Guido Jul 14, 2023

Pxl Phile Jul 12, 2023

OMG who did this? I am crying

Dan Guido May 28, 2023

Marco Ivaldi May 27, 2023

Wow, just look at that timeline 🔥

#Testing a new encrypted messaging app's extraordinary claims

https://crnkovic.dev/testing-converso/

Testing a new encrypted messaging app's extraordinary claims

How I accidentally breached a nonexistent database and found every private key in a 'state-of-the-art' encrypted messenger called Converso.

crnkovic.dev

Dan Guido May 17, 2023

Frederic Jacobs May 16, 2023

👀
“We perform a survey of open-source implementations and find 36 weak Fiat-Shamir implementations affecting 12 different proof systems. For four of these—Bulletproofs, Plonk, Spartan, and Wesolowski’s VDF—we develop novel knowledge soundness attacks accompanied by rigorous proofs of their efficacy. We […] demonstrate that a weak F-S vulnerability could have led to the creation of unlimited currency in a private blockchain protocol”
https://eprint.iacr.org/2023/691

Weak Fiat-Shamir Attacks on Modern Proof Systems

Dan Guido May 8, 2023

David Gerard May 6, 2023

jack dorsey hardly ever actually posted on twitter. but jack's been actually posting on bluesky!

turns out he's an RFK Jr fan. the bluesky regulars are ragging the shit out of him and discussing the crunchie->qanon pipeline. hope jack's enjoying it!

i remember trying and failing to write a piece on Jack and bitcoin for Foreign Policy. he does not appear to have a personality.

having done the research, i am convinced the man is actually a chatbot that was sent back through time. literally a boring person's idea of an interesting person.

the missing ingredient on bluesky was obviously a billionaire who sucked to bully

Dan Guido Feb 15, 2023

@campuscodi Not quite right! Our security audit of cURL had 15 findings, and you can find the full report here:
https://github.com/trailofbits/publications/blob/master/reviews/2022-12-curl-securityreview.pdf

We also designed a threat model! https://github.com/trailofbits/publications/blob/master/reviews/2022-12-curl-threatmodel.pdf

This blog post about 4 issues were just a fun side-story to the main audit. Some of these bugs were found outside the audit and reported afterward.

publications/2022-12-curl-securityreview.pdf at master · trailofbits/publications

Publications from Trail of Bits. Contribute to trailofbits/publications development by creating an account on GitHub.

GitHub

Dan Guido Dec 13, 2022

Andrew Dunham Dec 13, 2022

I just released a #Prometheus exporter for #mastodon that others may find useful:
https://github.com/andrew-d/mastodon_exporter

It currently supports metrics for number of local accounts, number of posts, number of resolved/unresolved mod reports, and a histogram of how long it took to resolve reports on the instance.

I'm planning to use it to graph the number of posts on our instance over time, and to set up alerting so that a new report doesn't get lost, along with tracking report SLAs to keep ourselves honest 😃

This is my first time writing a Prometheus exporter, so feel free to submit PRs and I'd appreciate any feedback from those that do test it!

I run it on my Postgres database using something like:

DATABASE_URL="host=/var/run/postgresql user=mastodon database=mastodon" /path/to/mastodon_exporter --web.listen-address=localhost:9393

Boosts are appreciated to reach other Mastodon admins that may find this helpful.

#mastoadmin #monitoring

GitHub - andrew-d/mastodon_exporter: Prometheus metric to export data about a Mastodon instance

Prometheus metric to export data about a Mastodon instance - GitHub - andrew-d/mastodon_exporter: Prometheus metric to export data about a Mastodon instance