Pinned post

New blogpost: Leaked clarifications on : maxim.tips/chatcontrol-leak/

Last week, there was a leak concerning chatcontrol. It illustrates nicely the various issues the commission ignores. In the blog post I translated the leak from german to english and added more context/information. Please read & boost!

Pinned post

After multiple people asked me if my thread about was available on another website, I took it as an opportunity to set up my own blog. You find the post about chatcontrol here: maxim.tips/chatcontrol/

You can find the original thread here: mastodon.technology/@mxm/10848

Pinned post

chatcontrol, eupol 

, we really need to talk about , the EU's next mass surveillance system. Long Thread below, with hints to skip over parts of if it's too long for you. Sources are in [brackets] & linked at the end. I tried to simplify a bit to keep the thread accessible for people without deep technical knowledge. I've packed a LOT of content into this thread - if you have trouble undestanding, it's probably my fault. Ask and I'll clarify! Please boost for awareness.

Maxim boosted

uspol and OMG 

Law enforcement agents raid Mar-A-Lago, the Florida home of former President Donald Trump: usatoday.com/story/news/politi

Maxim boosted
Maxim boosted
Maxim boosted
Maxim boosted

Nicht nur Lobbyist:innen, auch Bundestagsabgeordnete vertreten die Interessen von Unternehmen direkt bei Bundesministerien.

Wir veröffentlichen mit @a_watch dutzende Bittbriefe für "Rheinmetall" & Co. an den "lieben Robert" und den "lieben Peter". fragdenstaat.de/blog/2022/08/0

Maxim boosted

"What if instead of an application, we had humans do the driving for you?"

You just invited chauffeurs.

"No, I mean like as an on demand thing."

You just invented cabs.

"No, I mean let's share it so you only need to go to easily identified pickup points."

Like public transit?

"No! I mean for long distances without all the agony of airports."

So, high speed rail.

".....why do you hate innovation?"

Maxim boosted

Update zur Lage in der #Ukraine
Nach Berichten wurde das Gelände des KKW #Saporischschja am Freitag beschossen. Ein Reaktor soll abgeschaltet worden sein.

Es gibt keinen Hinweis, dass Radioaktivität ausgetreten sein könnte.
Wir beobachten die Lage.

bfs.de/SharedDocs/Kurzmeldunge

Maxim boosted

📺 >>#heuteshow
Till to Go: KLIMAKRISE<<
🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹
Seit Jahren wird uns erzählt, dass die #Klimakrise durch individuelle Entscheidungen verhindert werden kann: durch weniger…
rodlzdf-a.akamaihd.net/none/zd
🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹
(12 min) verfügbar bis ...
#FARBfernsehen

Maxim boosted
Maxim boosted

@tek

"Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition", oh yeah, there's a really good thing to have an exploit in which can be used remotely without authentication.

Maxim boosted
Maxim boosted

Unbelievable, there seems to be some “e-commerce” engine of some sort that just doesn’t work on Firefox. Encountered two different sites today that are clearly using the same backend (both in the onewheel/skating community) and both declined cards (Visa and Mastercard, by two different banks) without ever hitting the payment processor. Both worked on Chromium.

*smh*

Capitalism can’t even do capitalism right.

#mainstream #mediocrity #capitalism #testOnMoreThanOneBloodyBrowserYouBellends

Maxim boosted

Dumb security bug of the day goes to Slack. Summary: they discovered a problem with the mechanism of inviting new users to your company.

>The bug we discovered was in this invite link event: along with the information about the shared invite link, *we included the hashed password of the user who created or revoked the link*. This information was sent over the websocket to all users of the workspace who were currently connected to Slack.

Peachy.

Maxim boosted

Huch!
Buddybutzen?
Und was macht der Finanzminister da für Dinge im Verkehrsressort?
@lobbycontrol @fragdenstaat @a_watch

Es ist einfach nur noch zum peinlich berührt sein, wenn es nicht so ernst wäre.

Maxim boosted
Maxim boosted
Maxim boosted

Dokumente des Identitätsdienstleisters
Verimi belegen, wie dieser zum Erhalt der Zahlungsinstitut-Lizenz die
BaFin täuschte.
Eine Story über Berater, die ein paar Extrameilen zu viel gingen und nebenbei einen Onlineshop für Kunstdrucke betrieben.
lilithwittmann.medium.com/veri

Maxim boosted

Big Tech needs to play fair if we want a better web. But Tutanota users can't register a Microsoft Teams account and Microsoft won't change this. This demonstrates why stronger antitrust legislation is needed: tutanota.com/blog/posts/micros
#antitrust #Fight4Privacy #antitrustsummer

Maxim boosted

from last night

Haven't used this telescope in ages (a Celestron 8" SCT). Collimation was really off and also focus was not perfect. Will be doing this again next week with hopefully better results!

Maxim boosted

Reply to Consider Disabling HTTPS Auto Redirects by @tdarb

One thing this article misses is the fact that webpages are delivered over the Web to Web browsers.

The vast majority of browsers are application runtime environments. Serving pages to users’ browsers creates a software distribution platform. Serving pages in cleartext is a way to give permission to users’ ISPs, network administrators, and governments to serve their malware instead, under your name, whether or not your page includes any scripts of your own.

People can’t always choose their networks, service providers, or governments. They aren’t always equipped to deal with content injection and page alteration.

This isn’t a “fear-based tactic”. It’s an acknowledgement of our reality: networks are hostile. There are no robust measures to stop an intermediary from altering unencrypted traffic, yet there are strong incentives for all able parties to do so. That makes malware injection a perfectly reasonable concern. Moreover: multiple ISPs, including Comcast and Vodafone, have been caught injecting JavaScript apps into unencrypted pages. Governments are no stranger to content injection either.

If you want to serve in cleartext, pick a protocol that’s not part of an application delivery platform. Gopher is a popular option.

#POSSE note from https://seirdy.one/notes/2022/08/03/on-enforcing-https/

Show older
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!