Recent searches
Search options
@tedivm@hachyderm.ioIn exciting news I appear to be part of one of the first data breaches of the fediverse era!
I got this email 20 minutes ago letting me know my data migration from mastodon.social was dumped in a breach.
I'm going to be honest, I've got some opinions on the fact that a public bucket is used to store archives, with just obfuscation to stop people from downloading them.
@tedivm I'm always baffled when people use random filenames when they make file accessible to trusted users.
S3 already has an API to support signed downloads, and all the application needs to do is to sign a URL which the client can use to access the resource.
I've implemented it from scratch (there was no client library for Common Lisp at the time) and it was trivial. If you have a library, it's literally one function call. There is no excuse for this.
@tedivm same. The model seems... flawed.
@tedivm isn’t all the stuff you upload to a masto server public anyway?
@Steveb "followers only" posts and media are not public.
@tedivm good point. But would you really put anywhere on social media anything you cared about remaining private?
@tedivm As someone, who has his own instance, I'm a bit worried for quite some time. The way, I've set up my bucket, it seemed to be too easy to be secure.
@tedivm agree about the obfuscation method. But their transparency is really important here. There’s integrity in that, especially as part of an open-source community.
@markwyner this notification was required by law since they fall under GDPR