So you want to say that as a research community, locking yourself into a privacy invasive, for-profit platform may not have been the best choice in the end?
A friendly advice to all fellow security researchers: don't lose security mindfulness when operating in open spaces. There are a lot of threat actors out there looking to exploit both your trust and your devices. Trust no one, not even yourself. Always be careful.
This tweet is sponsored by Lazarus team.
đź–¤ ANTI-META FEDI PACT đź–¤
Apparently, some Mastodon instance admins have been contacted by Facebook. I have a suspicion that in future, we may see volunteer-run networks facing unknown hardships ranging from inability to compete with availability of corp-run instances, DDoS attacks or attempts to sneak features into Mastodon which may support all of these.
Keep them out of this.
An observation regarding Reddit exodus: while it's true that to really gain a momentum there should be enough usability for non-power users to easily navigate the platform, subreddits are much more specialized things and if you follow, say, strictly technical subs, then the problem isn't that but just a network effect. Which is a huge difference with Twitter/Mastodon thing which is inherently more general-purpose phenomenon.
I've created an exploit development community (subreddit, basically) on infosec.pub Lemmy instance:
https://infosec.pub/c/exploitdev
Exploit Development - Infosec.Pub
A curated community dedicated to strictly technical materials about
vulnerability research, exploit development and reverse engineering.
I'd very much like to use decentralized, not privacy invasive service but it really feels like no alternatives to Reddit and Twitter (both of which are actively trying to cut off anti-tracking means of access) are going to gain a momentum in foreseeable future.
Unfortunately, Mastodon does not seem to catch up for me personally in terms of parsing valuable security research items appearing on social media. Twitter still works in that regard just fine, delivering several new bookmarks a day.
Hot take: if you aren't writing security-critical software, adding “written in Rust” to the description is irrelevant and meaningless.
