DMV.Community

0 posts0 participants0 posts today

DeepSec Conference ☑DeepSec and DeepINTEL 2025 – Call for Papers!We have silent running since December. The reasons were behind-the-scenes updates, post-processing the past DeepSec conference, recharging our batteries, and adapting to the new situation in IT security influenced by geopolitics. Following the news since 20 January took a <a href="https://blog.deepsec.net/deepsec-and-deepintel-2025-call-for-papers/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.deepsec.net/deepsec-and-deepintel-2025-call-for-papers/</a><a href="https://social.tchncs.de/tags/Administrivia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Administrivia</a> <a href="https://social.tchncs.de/tags/CallForPapers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CallForPapers</a> <a href="https://social.tchncs.de/tags/Conference" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Conference</a> <a href="https://social.tchncs.de/tags/DeepIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DeepIntel</a> <a href="https://social.tchncs.de/tags/Announcement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Announcement</a> <a href="https://social.tchncs.de/tags/CfP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CfP</a> <a href="https://social.tchncs.de/tags/DeepINTEL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DeepINTEL</a> <a href="https://social.tchncs.de/tags/DeepSec2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DeepSec2025</a>

gellenburg :heart_pride: :verified_gay:1. If you're going to <a href="https://queerfedi.com/tags/report" rel="nofollow noopener noreferrer" target="_blank">#report</a> somebody you need to give <a href="https://queerfedi.com/tags/examples" rel="nofollow noopener noreferrer" target="_blank">#examples</a> of what <a href="https://queerfedi.com/tags/activity" rel="nofollow noopener noreferrer" target="_blank">#activity</a> you're reporting. Just <a href="https://queerfedi.com/tags/reporting" rel="nofollow noopener noreferrer" target="_blank">#reporting</a> a <a href="https://queerfedi.com/tags/profile" rel="nofollow noopener noreferrer" target="_blank">#profile</a> and telling an <a href="https://queerfedi.com/tags/instance" rel="nofollow noopener noreferrer" target="_blank">#instance</a> <a href="https://queerfedi.com/tags/admin" rel="nofollow noopener noreferrer" target="_blank">#admin</a> that an <a href="https://queerfedi.com/tags/account" rel="nofollow noopener noreferrer" target="_blank">#account</a> is being "<a href="https://queerfedi.com/tags/spammy" rel="nofollow noopener noreferrer" target="_blank">#spammy</a>" doesn't cut it. Not when we can clearly see the user is not. 2. Again, not a very helpful report. You report a user and say they're a <a href="https://queerfedi.com/tags/SCAM" rel="nofollow noopener noreferrer" target="_blank">#SCAM</a> account but offer up absolutely no <a href="https://queerfedi.com/tags/evidence" rel="nofollow noopener noreferrer" target="_blank">#evidence</a> to support your <a href="https://queerfedi.com/tags/claim" rel="nofollow noopener noreferrer" target="_blank">#claim</a>. 3. Every account was new once, including the person that reported this one. As long as <a href="https://queerfedi.com/tags/NSFW" rel="nofollow noopener noreferrer" target="_blank">#NSFW</a> <a href="https://queerfedi.com/tags/content" rel="nofollow noopener noreferrer" target="_blank">#content</a> is properly <a href="https://queerfedi.com/tags/flagged" rel="nofollow noopener noreferrer" target="_blank">#flagged</a>, there's no issue. Suspecting an account to be a "scam account or worse" is not a valid <a href="https://queerfedi.com/tags/reason" rel="nofollow noopener noreferrer" target="_blank">#reason</a> for reporting an account. 4. Another report without any basis or <a href="https://queerfedi.com/tags/justification" rel="nofollow noopener noreferrer" target="_blank">#justification</a>. 5. Again, another baseless report about somebody with absolutely ZERO evidence to back up their claim. So here's what's going to happen.... The instances that forwarded these <a href="https://queerfedi.com/tags/bogus" rel="nofollow noopener noreferrer" target="_blank">#bogus</a> <a href="https://queerfedi.com/tags/reports" rel="nofollow noopener noreferrer" target="_blank">#reports</a> to me, and wasted my time, each have a strike against them. Strike three and we tell <a href="https://queerfedi.com/tags/Sharkey" rel="nofollow noopener noreferrer" target="_blank">#Sharkey</a> to <a href="https://queerfedi.com/tags/ignore" rel="nofollow noopener noreferrer" target="_blank">#ignore</a> any and all reports coming from the <a href="https://queerfedi.com/tags/instance" rel="nofollow noopener noreferrer" target="_blank">#instance</a> in the future. No <a href="https://queerfedi.com/tags/admin" rel="nofollow noopener noreferrer" target="_blank">#admin</a> wants <a href="https://queerfedi.com/tags/BadActors" rel="nofollow noopener noreferrer" target="_blank">#BadActors</a> on their instances, and no admin wants a <a href="https://queerfedi.com/tags/BadActor" rel="nofollow noopener noreferrer" target="_blank">#BadActor</a> to make someone else feel unwelcome. But you can't just flag and report an account for any bullshit reason either. You have to give us proof and evidence. This is not high school and this is not middle school. If somebody is being disruptive or causing problems, let us know. But if you just suspect someone might cause problems or they might be disruptive... wait until you have proof and evidence and then let us know! <a href="https://queerfedi.com/tags/FediAdmin" rel="nofollow noopener noreferrer" target="_blank">#FediAdmin</a> <a href="https://queerfedi.com/tags/AdminStuff" rel="nofollow noopener noreferrer" target="_blank">#AdminStuff</a> <a href="https://queerfedi.com/tags/administrivia" rel="nofollow noopener noreferrer" target="_blank">#administrivia</a> <a href="https://queerfedi.com/tags/UserReports" rel="nofollow noopener noreferrer" target="_blank">#UserReports</a> <a href="https://queerfedi.com/tags/FediReports" rel="nofollow noopener noreferrer" target="_blank">#FediReports</a> <a href="https://queerfedi.com/tags/InstanceAdmins" rel="nofollow noopener noreferrer" target="_blank">#InstanceAdmins</a> <a href="https://queerfedi.com/tags/MastoAdmin" rel="nofollow noopener noreferrer" target="_blank">#MastoAdmin</a>

Mr. 30㎝ 🍆💦 :18only: :verified_gay: :heart_trans:I've had to reject and deny new user signups from several people over the past couple days for not abiding by Rule 3. The same Rule 3 that everyone that signs up an account agrees to follow. <a href="https://nsfw.social/tags/nsfw" rel="nofollow noopener noreferrer" target="_blank">#nsfw</a> <a href="https://nsfw.social/tags/admin" rel="nofollow noopener noreferrer" target="_blank">#admin</a> <a href="https://nsfw.social/tags/adminstuff" rel="nofollow noopener noreferrer" target="_blank">#adminstuff</a> <a href="https://nsfw.social/tags/administrivia" rel="nofollow noopener noreferrer" target="_blank">#administrivia</a>

George Ellenburg (he/him/his)Attention <a href="https://bofh.social/tags/FediAdmins" rel="nofollow noopener noreferrer" target="_blank">#FediAdmins</a> (this includes <a href="https://bofh.social/tags/Mastodon" rel="nofollow noopener noreferrer" target="_blank">#Mastodon</a>, <a href="https://bofh.social/tags/Sharkey" rel="nofollow noopener noreferrer" target="_blank">#Sharkey</a>, <a href="https://bofh.social/tags/Pleroma" rel="nofollow noopener noreferrer" target="_blank">#Pleroma</a>, etc.) - To avoid getting <a href="https://bofh.social/tags/DDOS" rel="nofollow noopener noreferrer" target="_blank">#DDOS</a>'d by Mastodon's flood of API requests if a user suddenly decides to delete 30k of their posts on their account, you can take advantage of the built-in <a href="https://bofh.social/tags/nginx" rel="nofollow noopener noreferrer" target="_blank">#nginx</a> rate-limiting. I've been experimenting with it all day today. The following is my nginx config for one of my instances, so feel free to modify for your own needs! <pre><code># For WebSocket map $http_upgrade $connection_upgrade { default upgrade; '' close; } proxy_cache_path /tmp/nginx_cache_bofh levels=1:2 keys_zone=cache1:16m max_size=6g inactive=720m use_temp_path=off; limit_req_zone $binary_remote_addr zone=post:10m rate=1r/s; server { listen 80; listen [::]:80; server_name bofh.social; # For SSL domain validation root /var/www/html; location /.well-known/acme-challenge/ { allow all; } location /.well-known/pki-validation/ { allow all; } location / { return 301 https://$server_name$request_uri; } access_log /var/log/nginx/bofh-social-access.log; error_log /var/log/nginx/bofh-social-error.log; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name bofh.social; ssl_session_timeout 1d; ssl_session_cache shared:ssl_session_cache:10m; ssl_session_tickets off; # To use Let's Encrypt certificate ssl_certificate /etc/letsencrypt/live/bofh.social/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/bofh.social/privkey.pem; # SSL protocol settings ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; ssl_stapling on; ssl_stapling_verify on; # Change to your upload limit client_max_body_size 99m; # Gzip compression gzip on; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml; # Proxy to Node location / { proxy_pass http://REDACTED:3000; proxy_set_header Host $host; proxy_http_version 1.1; proxy_redirect off; # If it's behind another reverse proxy or CDN, remove the following. proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; # For WebSocket proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; # Cache settings proxy_cache cache1; proxy_cache_lock on; proxy_cache_use_stale updating; add_header X-Cache $upstream_cache_status; } location /inbox { limit_req zone=post; proxy_pass http://REDACTED:3000; proxy_set_header Host $host; proxy_http_version 1.1; proxy_redirect off; # If it's behind another reverse proxy or CDN, remove the following. proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; } location /api/ { limit_req zone=post; proxy_pass http://REDACTED:3000; proxy_set_header Host $host; proxy_http_version 1.1; proxy_redirect off; # If it's behind another reverse proxy or CDN, remove the following. proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; } access_log /var/log/nginx/bofh-social-access.log; error_log /var/log/nginx/bofh-social-error.log; }</code></pre> Yes, I'm limiting requests to 1 req/s from the same IP. Which is still 3600 reqs/ hour. <a href="https://bofh.social/tags/FediAdmin" rel="nofollow noopener noreferrer" target="_blank">#FediAdmin</a> <a href="https://bofh.social/tags/MastoAdmin" rel="nofollow noopener noreferrer" target="_blank">#MastoAdmin</a> <a href="https://bofh.social/tags/Administrivia" rel="nofollow noopener noreferrer" target="_blank">#Administrivia</a>

George Ellenburg (he/him/his)Not sure what's going on but had to block [135.181.116.160] in our WAF. It claims to be [mastodon.world] and the IP is in Finland. It has been HAMMERING one of our instances to the tune of over 6,000 reqs an hour sending <a href="https://bofh.social/tags/ActivityPub" rel="nofollow noopener noreferrer" target="_blank">#ActivityPub</a> "INBOX" post requests. You look at our metrics and traffic for the last 24 hours and things look fine and then all of a sudden we are getting HAMMERED. Anybody know the <a href="https://bofh.social/tags/FediAdmin" rel="nofollow noopener noreferrer" target="_blank">#FediAdmin</a> for [mastodon.world]? <a href="https://bofh.social/tags/MastoAdmin" rel="nofollow noopener noreferrer" target="_blank">#MastoAdmin</a> <a href="https://bofh.social/tags/administrivia" rel="nofollow noopener noreferrer" target="_blank">#administrivia</a> <a href="https://bofh.social/tags/InstanceBlock" rel="nofollow noopener noreferrer" target="_blank">#InstanceBlock</a>

Max Leibman has moved!Point: multitasking is a myth. You cannot simultaneously pay attention to this mandatory security training video while processing your email with the care and attention it deserves. Counterpoint: multitasking is real. Letting this mandatory security training video play in the background still results in full credit for watching it, while you simultaneously crank through a whole bunch of email. <a href="https://mastodon.social/tags/productivity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#productivity</a> <a href="https://mastodon.social/tags/multitasking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#multitasking</a> <a href="https://mastodon.social/tags/administrivia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#administrivia</a>

Doc Edward Morbius ⭕An administrative announcement. Motherfuckers.<a href="https://toot.cat/tags/administrivia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#administrivia</a> <a href="https://toot.cat/tags/introduction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#introduction</a>

Recent searches

Search options

Administered by:

Server stats:

#administrivia