Mastodon, Web Browsers, Web Servers

posted by Roy Schestowitz on Nov 17, 2022,
updated Nov 17, 2022

• Mastodon users vulnerable to password-stealing attacks

  Heyes found he was able to steal users’ stored credentials using Chrome’s autofill feature by tricking them into clicking a malicious element he had disguised as a toolbar.

• The Fediverse Could Be Awesome (if we don’t screw it up)

  Something remarkable is happening. For the past two weeks, people have been leaving Twitter. Many others are reducing their reliance on it. Great numbers of ex-Twitter users and employees are making a new home in the “fediverse,” fleeing the chaos of Elon Musk’s takeover. This exodus includes prominent figures from civil society, tech law and policy, business and journalism. It also represents a rare opportunity to make a better corner of the internet…if we don’t screw it up.

  The fediverse isn’t a single, gigantic social media platform like Facebook or Twitter. It’s an expanding ecosystem of interconnected social media sites and services that let people interact with each other no matter which one of these sites and services they have an account with.

  That means that people can tailor and better control their experience of social media, and be less reliant on a monoculture sown by a handful of tech giants.

• Is Mastodon Private and Secure? Let’s Take a Look

  With so many users migrating to Mastodon as their micro-blogging service of choice, a lot of questions are being raised about the privacy and security of the platform. Though in no way comprehensive, we have a few thoughts we’d like to share on the topic.

  Essentially, Mastodon is about publishing your voice to your followers and allowing others to discover you and your posts. For basic security, instances will employ transport-layer encryption, keeping your connection to the server you’ve chosen private. This will keep your communications safe from local eavesdroppers using your same WiFi connection, but it does not protect your communications, including your direct messages, from the server or instance you’ve chosen—or, if you’re messaging someone from a different instance, the server they’ve chosen. This includes the moderators and administrators of those instances, as well. Just like Twitter or Instagram, your posts and direct messages are accessible by those running the services. But unlike Twitter or Instagram, you have the choice in what server or instance you trust with your communications. Also unlike the centralized social networks, the Mastodon software is relatively open about this fact.

• Interview: Stuart Semple On Pantone, Freetone, Colour, And Open Source

  We recently covered the removal of Pantone colour support from the Adobe cloud products, with the two companies now expecting artists and designers to pay an extra subscription for a Pantone plugin or face losing their Pantone-coloured work to a sea of black blocks. Our coverage focused on our community, and on how the absurdity of a commercial entity attempting to assert ownership over colours would have no effect on us with our triple-byte RGB values.

• Considering C99 for curl | daniel.haxx.se

  The curl project builds on foundations that started in late 1996 with the tool named httpget.

• Remix and the Alternate Timeline of Web Development

  What’s interesting about this history is how each step asked: how do we fix what’s inadequate with our current situation?

  Remix, however, came along and asked: what if, rather than fixing where we are now, we went back a few steps to the point in time where we began to disregard the role of the browser in web development and imagined a different future that leans into the strengths of the browser (and the client/server model) rather than trying to bypass or reinvent them?