Skip Navigation

Fediverse @lemmy.world

psychothumbs @lemmy.world

4d ago

A new security fund opens up to help protect the fediverse

A new security fund opens up to help protect the fediverse | TechCrunch

40 comments

The fediverse, also known as the open social web that includes Mastodon, Meta’s Threads, Pixelfed, and other apps (...)
Mention Lemmy for once 😠
- Meta’s Threads
  LOL
- We are tiny in comparison to the rest of the fediverse.
  
  But its actually usable, pixelfed sucks, prob way more actual engagement and conversation here, pixelfed is hella ppl posting with no likes or views
- Yeah!
  I asked here about that and was told there's not enough of us here. Meh.
  
  Funny how that works. Wonder if not mentioning it will help remedy that?
- Also Lemmy: Here's a bunch of death threats and pictures of a pig taking a shit because you said democracy was a good idea

Was the first paragraph written by the Meta marketing department?
- Yeah, there's also this:
  A more recent issue came about when Pixelfed’s creator, Daniel Supernault made the details of a vulnerability public before server operators had a chance to update, which would have left the fediverse vulnerable to bad actors, she says. (Supernault has already apologized publicly for his handling of the issue that had affected private accounts.)
  In the case of the Pixelfed issue, for instance, the Hachyderm Mastodon server, which has over 9,500 members, decided it needed to defederate (or disconnect from) other Pixelfed servers that hadn’t been updated in order to protect their users.
  It is weird to spend almost half the words in this, pretending that something in Pixelfed that wasn't a problem on Pixelfed's side was. This is the weirdest "vulnerability" in the world to pick if you want to pick one to hold up extensively as an example.
  
  Regardless whether you want to pretend that not caring about Mastodon is a valid defense when implementing software using the ActivityPub protocol, that still doesn't change anything regarding how Dansup handled the disclosure of the effects it had.

I still feel that interoperability between mastadon and Lemmy is kind of messed up. How to browse a Lemmy community through mastodon application?
- You cannot use a mastodon app as a lemmy client, but you can view lemmy communities by opening them as if they are profiles. For example, open @fediverse@lemmy.world and it will show up as a user, but it will be the communitiy's posts.
  You can mention it in a post to forward the post to the community as well.
- It’s terrible

I can't wait to find out which project has the most security holes 🔥
Any guesses?
- The ones with the most amount of code lines and dependencies probably. More code = more problems.
  
  IMO poor security is more about a lack of eyes on the code. Projects that have a single developer and a lower user-base will be pretty easy money.

...that will pay those who responsibly disclose security vulnerabilities that affect fediverse apps and services.
If it is straight to the project, then I'm all for it. Otherwise, it seems sus.
- It is to the person who discovers the vulnerability. That's fairly normal... how would giving it to someone else motivate the result they're trying to get?

40 comments