There’s an awful article in The Washington Post today about how young men see the Tate Brothers as role models who have ‘easy answers’.
I’m not linking to it because I don’t want to give it any traffic.
The tone of the piece is about how hard men have it right now. How they get mixed messages and don’t know whether they should be ‘alpha’ or not.
Let me be perfectly clear, they don’t have it hard. This is accountability. That’s all. Men are finally being told they have to be responsible for their actions. That they can’t get away with misogyny, assault, rape and abuse. That we are fighting back.
If that’s ‘confusing’ for them, that’s their problem.
The Tate brothers don’t have the answers. They’re just propagating the same misogynistic and fascism adjacent narrative that many men have heard for years.
That Trump and Musk are only too happy to support.
That women are less than. That men can and should dominate us. That ‘being a man’ involves subjugating women.
It doesn’t. It shouldn’t. Call it out. Support women. Believe victims.
Say Gisele Pelicot’s name today. Let’s change the narrative.
#misogyny #mercigisele #patriarchy #fuckthepatriarchy #uspoli #fascism
Darth Tiktaalik reshared this.
They target trans folk because they think cishet folk will look away. They're counting on you not defending those who aren't like you.
They target Black and Brown folk because they think white folk will look away. They're counting on us not defending those who aren't like us.
reshared this
Darth Tiktaalik and Lysdexic reshared this.
I'm considering migrating from Fosstodon and I'd appreciate recommendations of alternate Mastodon instances with these features:
- medium/large
- main theme among my tech interests but allow general discussions
- ElasticSearch (full-text search)
- at least 2 admins/mods
- regularly updated stock Mastodon, no forks
Darth Tiktaalik reshared this.
In theory Bluesky is decentralized but in practice it isn’t. The AT Protocol supports decentralization but in practice, the network that most users participate in is run by a single company.
So unlike Mastodon, if that one company’s servers go down, the entire BlueSky service is down for all users.
techcrunch.com/2025/04/24/wait…
Wait, how did a decentralized service like Bluesky go down? | TechCrunch
It turns out that decentralized social networks can go down, too. On Thursday evening, the decentralized social network Bluesky experienced a significantSarah Perez (TechCrunch)
reshared this
Klaudia (aka jinxx), Rokosun, Darth Tiktaalik and Darth Tiktaalik reshared this.
That's not what happened. The storage nodes (the PDS, that are actually decentralized) run by BlueSky PBC were down because of a DDOS. People that are running their own PDS were not impacted. The front-end (called the "AppView" in ATProto lingua) was also not impacted.
The exact same thing could happen if a Mastodon host is down because of a DDOS.
Ooof 😟 this morning i got the server bills and currently im still a massive €470+ short..
Upcoming week I'm gonna dedicate go clean up servers, merge some to cut costs
Unofrt active users has gone down but the cost do keep return and even increase every month
Please, if you can and want, help me out with these bills
paypal.me/stuxOS
patreon.com/mstdn
ko-fi.com/mstdn
bunq.me/stuxhost
stux.me/donate
liberapay.com/mstdn
Boosts would also be a help❤️
stux.me:~$ Support By Donation
Most if not all the work I do (online) I give away for free! Personally I dislike advertisements so I won't apply those either.stux (stux.me:~$)
reshared this
(dan)iel (sup)ernault, Dgar, DoomsdaysCW, Lenz Grimmer, Alex@rtnVFRmedia Suffolk UK, Lilly Hunter, BrianKrebs, SpaceLifeForm, Em and Darth Tiktaalik reshared this.
@hamkaas Oh yes, for sure 😉
Gotta pay all bills first each month and we save what we can miss, if any to set aside for rings and a wedding (but thats more distant, first the question 
)
May I ask are the bills in line with the previous ones, or/and can you see peaks that can be read as being due to outside/AI scrabbing?
Also hoping you get the bills covered. That's an important thing you're doing.
If you are going to ask for money every month, have you considered flipping the script?
Turn the server into a subscription-only system, but make it so that each paying subscriber gets to invite N people (where 3 <= N <= 10)?
I'll share this github issue again: github.com/mastodon/mastodon/i…
It needs more discussion and, preferably, support.
Have option to setup paid accounts in admin menu · Issue #34289 · mastodon/mastodon
Pitch Costs for running an instance are around $1 / active user / month, yet currently the best we have to financing this is running out of your own pocket or pleading every month to receive enough...GitHub
The server bills are paid ❤️ thank you so incredible much for your support 
This takes away my biggest worry for this month 
I'm gonna do my best to cut down costs but without it impacting any service!
Without your help i would not be able to affort to run all our services ❤️ thank you!
Florian Schmidt reshared this.
Congrats on raising so much money so quickly. A clear sign people appreciate what you do, stux⚡
👏
I am here to save your life!Get this eBook and you will get all problems and their solution 😉
payhip.com/b/oa4iF
If many give a small donation, he will hit his target.
reshared this
nullagent, Aral Balkan and Darth Tiktaalik reshared this.
reshared this
Darth Tiktaalik reshared this.
reshared this
Easydor, Isaac Ji Kuo, GailWaldby@bsky.social, stux⚡, Florian Schmidt, Cory Doctorow, Space Catitude 🚀, Coach Pāṇini ®, Lenz Grimmer, Jonathan Beverley and Darth Tiktaalik reshared this.
That's exactly what happened with Canada.
Asked clearly what we could do, no answer, no fucking clue, it was just for show.
Negotiating in Good Faith with a person who has a line of authority to make a deal is the foundation of negotiations. I'm not spitballing, I did this for a living.
Japan HAD to walk away. No one else should waste their time.
JonChevreau reshared this.
reshared this
Darth Tiktaalik and Charlie Stross reshared this.
Your donation means hope to us in these difficult times.
Please don't ignore us.🙏
gofund.me/b485f196
Donate to Help Sehwel Family with their Medical treatment, organized by Mariam Shwel
Hello everybody, We are Munther Sahweel, we are here to ask you urgent as… Mariam Shwel needs your support for Help Sehwel Family with their Medical treatmentgofundme.com
Darth Tiktaalik reshared this.
Gawd.. Do I wish I was wrong about #Trump
I remember people telling me not to call him a fascist or dictator
Where are they now?
Darth Tiktaalik likes this.
reshared this
Grant 🇺🇦ArmUkraine🇺🇦, SpaceLifeForm, Darth Tiktaalik, Lesley Carhart and Isaac Ji Kuo reshared this.
they duped you.
I too was warned not to use the correct true fact, he is a fascist.
they were never in denial.
they were either incredibly stupid, or more likely, actively rooting for him to be fascist.
Boost your social media page by this 👆
60 Motivational Luxury reels
"Unlock 60 high-quality Motivational Luxury Reels to elevate your brand! Perfect for entrepreneurs, influencers, and content creators looking to inspire and captivate their audience.Payhip
Darth Tiktaalik likes this.
reshared this
Darth Tiktaalik reshared this.
Darth Tiktaalik likes this.
reshared this
Darth Tiktaalik reshared this.
reshared this
Gordon J Holtslander, DoomsdaysCW, Calisti 🏳️🌈🦇, Cory Doctorow, No Gods , no Masters! RESIST, BrianKrebs, Claudius, Em and Darth Tiktaalik reshared this.
Black Maga Discovers Racism
youtube.com/watch?v=qcJv5d9iwZ…
FAFO season continues in the familiar streets of Black Maga. It was all fun and games waving the Maga hat and complaining about the plight of Black Conservatives before Trump was elected. It was all good just a week ago. But now..chickens have come home to roost and Leopards are eating faces. Racism you say? Not Maga!This Black Conservative TikToker now has put away her Black Maga hat to solicit help for her son who, as she calls it is dealing with 'racial injustice.' The kind they call us victims and snowflakes for pointing out.
#TrumpSupporters #maga #blackMaga #reeseWaters #fafo #LeopardsAteMyFace #racism
Black Maga Discovers Racism
FAFO season continues in the familiar streets of Black Maga. It was all fun and games waving the Maga hat and complaining about the plight of Black Conservat...YouTube
It is appearing very likely that #RationalWiki will be dissolved this year due to lack of legal representation (no pro bono lawyers came forward and we do not have funds to hire a lawyer). Meritless #defamation lawsuits were filed against us by "human biodiversity"/"scientific racism"/pro-eugenics plaintiffs. The plaintiffs are consequently likely to win their cases by default.
#law #racism #eugenics #slapp #nonprofit
rationalwiki.org/wiki/Racialis…
Racialism
Racialism (also known as scientific racism) is a set of far-right pseudoscientific ideas which hold that humanity can at all be meaningfully divided into biological categories ("races") that are both broad (each category should include many humans, s…RationalWiki
reshared this
Darth Tiktaalik reshared this.
We have new batch of GOOD transgender news for you!
tapatalk.com/groups/crossdream…
#transgender #trans #LGBTQ #LGBTQIA
Crossdream Life-Good Transgender News
California Democrats on an Assembly committee blocked two bills Tuesday that would have banned transgender athletes from girls’ sports, locker roomsCrossdream Life
reshared this
Darth Tiktaalik reshared this.
I totally missed #PortfolioDay, but I make a post anyway 😅.
Hi, I’m Daniela, I’m an autistic comic artist from Berlin/Germany and I make comics about autism/neurodivergence, cozy fantasy art and cute/happy art!
#MastoArt #CozyArt #FantasyArt #Autism #DigitalArt
fuchskind
fuchskind ist bei Wonderlink, die ONE LINK ONLY Linkbaum-Lösung für all Deine Sozialen Netze.Wonderlink
Darth Tiktaalik reshared this.
Every moment,nothing new is mentioned except the devastation & suffering we endure daily.
#Gaza #freepalestine #war #palestine
reshared this
Darth Tiktaalik reshared this.
reshared this
Democracy Matters, Isaac Ji Kuo, GailWaldby@bsky.social, Jyrgen N, stux⚡, Lenz Grimmer, Grant 🇺🇦ArmUkraine🇺🇦, ahimsa, Gordon J Holtslander, der.hans, SpaceLifeForm, Peter Lichota, Evan Prodromou, David J. Atkinson, JonChevreau, crossgolf_rebel - kostenlose Kwalitätsposts, Coach Pāṇini ®, Em, Rokosun, Tinyrabbit ✅, Dan Gillmor, Karl Voit, David Adler, CatSalad🐈🥗 (D.Burch), Aral Balkan, lorax b. horne 🍉, David August, beladona, Florian Schmidt, DoomsdaysCW, Till and Darth Tiktaalik reshared this.
It didn't start with Trump as you say.
Guantanamo is a more recent example.
It already happened to several US citizens and also to tourists who just loved the U.S. tourist folder pictures. And when ICE don't arrest you: beware because in the U.S. any idiot you meet in the street could be carrying a loaded gun.
RE
many people today will never connect the dots
RE #GeorgeTakei
"...send migrants to a prison camp without any due process, it can send U.S. citizens there, too. I know because this happened to me and my family in 1942."
⭕Connect the dots, makes me think, what IF one reason to do this in 1942 was to get many balanced bilinguals to join the #OSS and be placed ALL OVER JAPAN #WW2
#officeofstrategicservices
en.m.wikipedia.org/wiki/Office…
en.m.wikipedia.org/wiki/George…
![Takei had several relatives living in Japan during World War II. Among them, he had an aunt and infant cousin who lived in Hiroshima and who were both killed during the atomic bombing that destroyed the city.
In Takei's own words, "My aunt and baby cousin [were] found burnt in a ditch in Hiroshima."
At the end of World War II, after leaving Tule internment camp, Takei's family was left without any bank accounts, home or family business; this left them unable to find any housing, so they lived on Skid Row, Los Angeles for five years.
He attended Mount Vernon Junior High School and served as Boys Senior Board President at Los Angeles High School. He was a member of Boy Scout Troop 379 of the Koyasan Buddhist Temple.
Upon graduation from high school, Takei enrolled in the University of California, Berkeley, where he studied architecture.
Later, he transferred to the University of California, Los Angeles, where he received a Bachelor of Arts in theater in 1960 and a Master of Arts in theater in 1964.
He also attended the Shakespeare Institute at Stratford-upon-Avon in England and Sophia University in Tokyo. In Hollywood, he studied acting at the Desilu Workshop.](https://nerdica.net/photo/preview/640/31747306 "Takei had several relatives living in Japan during World War II. Among them, he had an aunt and infant cousin who lived in Hiroshima and who were both killed during the atomic bombing that destroyed the city.
In Takei's own words, \"My aunt and baby cousin [were] found burnt in a ditch in Hiroshima.\"
At the end of World War II, after leaving Tule internment camp, Takei's family was left without any bank accounts, home or family business; this left them unable to find any housing, so they lived on Skid Row, Los Angeles for five years.
He attended Mount Vernon Junior High School and served as Boys Senior Board President at Los Angeles High School. He was a member of Boy Scout Troop 379 of the Koyasan Buddhist Temple.
Upon graduation from high school, Takei enrolled in the University of California, Berkeley, where he studied architecture.
Later, he transferred to the University of California, Los Angeles, where he received a Bachelor of Arts in theater in 1960 and a Master of Arts in theater in 1964.
He also attended the Shakespeare Institute at Stratford-upon-Avon in England and Sophia University in Tokyo. In Hollywood, he studied acting at the Desilu Workshop.")
Being homeless, I have lost my "papers" yet again do to my house being stolen AGAIN. I'm done replacing them and just waiting for ICE to send me to Germany where one branch of my family came from about a century ago.
Oh, BTW, I swore to defend the US Constitution against foreign and domestic terrorism in THIS country.
citizens, look up extraordinary rendition!
It's the same law is it not, the "Alien Enemies Act" that the Trump regime is using to disappear "non-citizens" to the El Salvador prison?
The law that President Roosevelt used in 1942. It's from 1798.
Under Trump It's not theory. They are already trying: x.com/BridgetCambria8/status/1…
And if we consider domestic torture camps, it's not distant future, it's a signed decree right now called "wellness farms" open for anyone doing drugs, needs medicine or struggles with mental health. What this means? Bet "Trump Derangement Syndrome" will be in the next ICD: en.wikipedia.org/wiki/Trump_de…
Scientific America has more about Wellness Farms: scientificamerican.com/article…
If we phrase it "(US) citizen put into (domestic _or_ foreign) camps by US government" - do I really need to go on? Guess everyone interested in the topic already has some bells ringing about current and past things going on. I'd even argue the war on minorities and activists isn't specifically a Trump thing, just the pace at which it happens and that the gov is so vocal about it.
Also there is a fun story from germany: Hungary asked for extradition of someone, court rules in first instance to extradite a german citizen. But as prison conditions are expected to be free of human rights it went to a higher court. Cops were informed that courts first instance decision isn't final but cops went up early that day to deport the woman - while in parallel the court was deciding that she can't be extradited. When she was there the word was "yea, sorry, too late, can't get her back no more". Meanwhile court ruled the extradition was illegal in first place. But has no consequences: tagesschau.de/inland/ausliefer… (german)
Why Is the Trump Administration Villainizing Mental Health Meds for Kids?
A federal commission to examine U.S. chronic disease could undercut real treatment for kids with depression, ADHD and other mental health challengesScientific American
An Ivermectin Influencer Died. Now His Followers Are Worried About Their Own ‘Severe’ Symptoms.
unmc.edu/healthsecurity/transm…
An Ivermectin Influencer Died. Now His Followers Are Worried About Their Own ‘Severe’ Symptoms.
(Vice) Danny Lemoi took a daily dose of veterinary-grade ivermectin and told his thousands of followers to give the drug to children. He died of a common side effect of the medication. Just before …The Transmission
Cubans the Latest Latinos For Trump to Find Out
youtube.com/watch?v=gbivs51Y0b…
#TrumpSupporters #LatinosForTrump #maga #fafo #CubanImmigrants #VenezuelanImmigrants #DonaldTrump
Cubans the Latest Latinos For Trump to Find Out
Latinos for Trump this is your FAFO moment. Think Maga will come to your rescue? Marco Rubio? Trump? Instead, the Trump administration will be revoking the l...YouTube
reshared this
Darth Tiktaalik, Darth Tiktaalik, Lenz Grimmer, Blaise Pabón - controlpl4n3, TheConstructor (he/him), Easydor, der.hans and Florian Schmidt reshared this.
reshared this
Noam writes, Esther Payne, Eniko (moved ➡ gamedev.place), Infrapink (he/his/him), Dgar, DoomsdaysCW, alcinnz and Darth Tiktaalik reshared this.
'Segregated facilities' are no longer explicitly banned in federal contracts
Man votes Trump, wife gets arrested & imprisoned
youtube.com/watch?v=c6iq71Itcs…
#donaldTrump #trumpvoters #trumpsupporters #ice
Man votes Trump, wife gets arrested & imprisoned
💻 Sponsored by Aura: Try it free for 2 weeks! See if your data is safe at https://aura.com/pakman-- A man votes for Donald Trump and his Peruvian wife is su...YouTube
GOP state Sen. Justin Eichorn arrested on suspicion of soliciting sex with a 16-year old girl
So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.
Let me put the important words in uppercase.
So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.
[Edit with H/T: benjojo.co.uk/u/benjojo/h/cR4d…]
blog.cloudflare.com/password-r…
#cloudflare #password #cybersecurity
It feels quite uncomfortable that cloudflare is somewhat openly admitting to analysing login credentials that are going through the reverse proxy, and providing aggregated stats on it (without explicit consent of the user it appears?)Based on Cloudflare's observed traffic between September - November 2024, 41% of successful logins across websites protected by Cloudflare involve compromised passwords.
Don't get me wrong the results are actually pretty interesting, but I just cannot think of a ethical way of doing this, and it feels kind of jarring that they just "did that"blog.cloudflare.com/password-r…
Password reuse is rampant: nearly half of observed user logins are compromised
Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.The Cloudflare Blog
reshared this
stux⚡, Karl Voit, 📡 RightToPrivacy & Tech Tips, Stefan Rother-Stübs, Florian Schmidt and Darth Tiktaalik reshared this.
Robert [KJ5ELX] :donor: (@0xF21D@infosec.exchange)
Recently I boosted a couple of links about cloudflare doing some sort of password re-use analysis on passwords they saw through their WAF. This was not a technical post. It was a call to attention.Infosec Exchange
wrote: "[...] something we technically knew was going on before but didn't consciously consider a threat, until now."
I've been warning for CDN's like Cloudflare and Fastly (and cloud providers in general) for a long time.
Here's a recent toot (in Dutch, the "translate" button should do the job): infosec.exchange/@ErikvanStrat….
If you trust Google to translate it (guaranteed NOT error-free, it *may* work in other browsers than Chrome): infosec-exchange.translate.goo…
P.S. Fastly knows your infosec.exchange login credentials.
#Cloudflare #MitM #AitM #Fastly #CDN #TLSinterception
Erik van Straten (@ErikvanStraten@infosec.exchange)
Attached: 1 image Risico Cloudflare (+Trump) 🌦️ Achter Cloudflare Steeds meer websites zitten "achter" het Amerikaanse bedrijf Cloudflare. Stel u opent https://pvv.Infosec Exchange
If your adblock is good enough you always see the captchas, so you always know when a thing is cloud flair.
Also, who's not doing single use email addresses? Every site is a sea of spammy notification/cart abandonment/special offer/watch list/privacy policy update/m&a mail... And thats before they get pwned or sell your details.
Who wants all that in one mail box?
I already get a bitcoin scam call every 2 weeks because i enabled sms 2fa one place and scammers got hold of the number. At this point they know i know and they know i know that, but the guys on the phone have a call/hour quota and they gotta pay rent i guess...
@EndlessMason @ErikvanStraten @malanalysis Cory Doctorow @pluralistic argued that hiding your email address from spambots is futile anyway so he doesn't worry when he publishes it regularly: theguardian.com/technology/201…
He needs a good spam filter technique though. Afaik he is still using the same email address.
Keeping an email address secret won't hide it from spambots
The spam wars aren't going away soon but treating public email addresses as secret is of no benefitCory Doctorow (The Guardian)
@skaphle @EndlessMason @ErikvanStraten @malanalysis @pluralistic
A good promo for #Thunderbird , it’s a very good email client. I use it as well (not that my use is any recommendation whatsoever next to Cory’s :)
: Cloudflare is evil anyway.
Cloudflare reverse-proxies (or -proxied):
-
cloudflare.com.save-israel·org
-
ns.cloudflare.com.save-israel·org
-
albert.ns.cloudflare.com.save-israel·org
-
sydney.ns.cloudflare.com.save-israel·org
-
I don't know whether any of these domains were or are malicious, but such domain names are insane; expect evilness.
See also:
crt.sh/?Identity=save-israel.o…
Tap "Alt" in the images for more info.
#CloudflareIsEvil #BigTechIsEvil #AitM #MitM #DV #DVCerts #DVCertsSuck #BrowsersSuck
![Screenshot from part of https://www.virustotal.com/gui/ip-address/188.114.96.0/relations
Visible in the screenshot (using '-' on a line on itself as line separator, and replaced the last dot in domain names by "[.]" to prevent accidental opening):
-
2025-03-17 0/94 Mandiant albert.ns.cloudflare.com.save-israel.org
-
2025-03-17 19/94 Mandiant allegro.pl-oferta5260043.shop
-
2025-03-17 19/94 Mandiant allegro.pl-ogloszenia78517.shop
-
2025-03-17 6/94 Mandiant allegrolokalnie.8124-4912-9124.rest
-
2025-03-17 17/94 Mandiant allegrolokalnie.d9llje3ubkij00gv.shop
-
2025-03-17 21/94 Mandiant allegrolokalnie.oferta-3156512.shop
-
2025-03-17 19/94 Mandiant allegrolokalnie.oferta-8681986.sbs
-
2025-03-17 19/94 Mandiant allegrolokalnie.ogloszenie-9908905.shop
-](https://nerdica.net/photo/preview/640/31307596 "Screenshot from part of https://www.virustotal.com/gui/ip-address/188.114.96.0/relations
Visible in the screenshot (using '-' on a line on itself as line separator, and replaced the last dot in domain names by \"[.]\" to prevent accidental opening):
-
2025-03-17 0/94 Mandiant albert.ns.cloudflare.com.save-israel.org
-
2025-03-17 19/94 Mandiant allegro.pl-oferta5260043.shop
-
2025-03-17 19/94 Mandiant allegro.pl-ogloszenia78517.shop
-
2025-03-17 6/94 Mandiant allegrolokalnie.8124-4912-9124.rest
-
2025-03-17 17/94 Mandiant allegrolokalnie.d9llje3ubkij00gv.shop
-
2025-03-17 21/94 Mandiant allegrolokalnie.oferta-3156512.shop
-
2025-03-17 19/94 Mandiant allegrolokalnie.oferta-8681986.sbs
-
2025-03-17 19/94 Mandiant allegrolokalnie.ogloszenie-9908905.shop
-")
![Screenshot from part of https://www.virustotal.com/gui/domain/cloudflare.com.save-israel.org/relations
Visible in the screenshot (using '-' on a line on itself as line separator, and replaced the last dot in domain names by "[.]" to prevent accidental opening):
-
Passive DNS Replication (2)
-
Date resolved Detections Resolver IP
-
2024-07-31 0/94 VirusTotal 172.67.169.79
-
2024-07-31 0/94 VirusTotal 104.21.87.91
-
Subdomains (1)
-
ns.cloudflare.com.save-israel.org 0/94 172.67.169.79 104.21.87.91
-
Siblings (2)
-
com.save-israel.org 0/94 172.67.169.79 104.21.87.91
-
www.save-israel.org 0/94 63.250.43.12 63.250.43.11
-](https://nerdica.net/photo/preview/640/31307598 "Screenshot from part of https://www.virustotal.com/gui/domain/cloudflare.com.save-israel.org/relations
Visible in the screenshot (using '-' on a line on itself as line separator, and replaced the last dot in domain names by \"[.]\" to prevent accidental opening):
-
Passive DNS Replication (2)
-
Date resolved Detections Resolver IP
-
2024-07-31 0/94 VirusTotal 172.67.169.79
-
2024-07-31 0/94 VirusTotal 104.21.87.91
-
Subdomains (1)
-
ns.cloudflare.com.save-israel.org 0/94 172.67.169.79 104.21.87.91
-
Siblings (2)
-
com.save-israel.org 0/94 172.67.169.79 104.21.87.91
-
www.save-israel.org 0/94 63.250.43.12 63.250.43.11
-")
![Screenshot from part of https://www.virustotal.com/gui/domain/ns.cloudflare.com.save-israel.org/relations
A bit more text than visible in the screenshot (using '-' on a line on itself as line separator, and replaced the last dot in domain names by "[.]" to prevent accidental opening):
-
Passive DNS Replication (2)
-
Date resolved | Detections | Resolver | IP
-
2024-07-31 | 0/94 | VirusTotal | 172.67.169.79
-
2024-07-31 | 0/94 | VirusTotal | 104.21.87.91
-
Subdomains (2)
-
albert.ns.cloudflare.com.save-israel[.]org 0/ 94 188.114.96.0 188.114.97.0 188.114.96.9 ...
-
sydney.ns.cloudflare.com.save-israel[.]org
0/94 188.114.96.0 188.114.97.0 188.114.96.9 ...
-
Siblings (2)
-
com.save-israel[.]org 0/94 172.67.169.79 104.21.87.91
-
www.save-israel[.]org 0/94 63.250.43.12 63.250.43.11
-](https://nerdica.net/photo/preview/640/31307600 "Screenshot from part of https://www.virustotal.com/gui/domain/ns.cloudflare.com.save-israel.org/relations
A bit more text than visible in the screenshot (using '-' on a line on itself as line separator, and replaced the last dot in domain names by \"[.]\" to prevent accidental opening):
-
Passive DNS Replication (2)
-
Date resolved | Detections | Resolver | IP
-
2024-07-31 | 0/94 | VirusTotal | 172.67.169.79
-
2024-07-31 | 0/94 | VirusTotal | 104.21.87.91
-
Subdomains (2)
-
albert.ns.cloudflare.com.save-israel[.]org 0/ 94 188.114.96.0 188.114.97.0 188.114.96.9 ...
-
sydney.ns.cloudflare.com.save-israel[.]org
0/94 188.114.96.0 188.114.97.0 188.114.96.9 ...
-
Siblings (2)
-
com.save-israel[.]org 0/94 172.67.169.79 104.21.87.91
-
www.save-israel[.]org 0/94 63.250.43.12 63.250.43.11
-")
I may have a suggested edit for them, for brevity's sake:
Keeping user accounts safe with Cloudflare
FUCKING BLOCK IT
it's long known that the cloudflare proxy in the free tier will terminate SSL at their servers and re-encrypt it on the way to your host. They can basically analyze everything sent through the proxy.
So I'm honestly not surprised at all that they do, in fact, analyze the data users willingly throw at them.
Personally I am using* CF for my domain and DNS as well, but without proxy because of that.
*Because sadly, they are the only ones having a proper API to get letsencrypt certs via DNS auth.
not sure if that is using the monitoring, or enabling the monitoring
HTTP only, opt-in.
You can (should) do this at home.
“Once enabled, leaked credentials detection will scan incoming HTTP requests for known authentication patterns…”
to be clear, the blog post states they got their data from a feature you need to enable and configure. So this shouldn't be a surprise to most cloudflare customers.
developers.cloudflare.com/waf/…
developers.cloudflare.com/waf/…
Leaked credentials detection · Cloudflare Web Application Firewall (WAF) docs
The leaked credentials traffic detection scans incoming requests for credentials (usernames and passwords) previously leaked from data breaches.Cloudflare Docs
my iPhone does this and it’s creepy AF. It will tell me if other people use similar passwords or if mine would be easy to guess. But it will also tell me if my password has been in a data breach which has been helpful because half of these data breaches I only find out about by seeing the notation in my iPhone password area.
Then google tries to force me to set up a “passkey” which won’t help me login to Google Voice on my computer to do two factor authentication if I ever lose my phone, so I’m not real sure how I would get back to any of these things if I misplaced my phone. I can’t transfer the phone number attached to my phone to a new phone if I can’t get into the email, and I can’t get into the email if I can’t give them a code from the phone, which is why I wanted to use a Google Voice number for that stuff, but if I lose my phone I can’t get into the Google Voice.
It all just feels like a huge scam. Yesterday I tried to file a Small Claims Court case and it only gave me two court options so I chose the one closest to me. This morning they told me my filing was rejected because I chose the wrong jurisdiction, when I got someone on the phone they told me the right one should be there, and low and behold it was today.
But as I was going through refiling this morning all I could think about was this is how they lock us out of this stuff. You can only e-file small claims cases, and if I don’t have the option to choose the correct court when I e-file I can’t file. And when it gets to the point that no one is there to answer the phone to help us there will be no help to be had.
And at this point I think I have drifted far off topic and I apologize, but it’s possible I have circled right back around to the topic at hand because this is all the same problem at its core.
this toot is a bit misleading imo.
Saying it like like you did sounds like CloudFlare keeps a database of passwords people use on websites in order to compare them. However cloudflare only compares them to previously leaked passwords (through haveibeenpwned and other sources). This could theoretically be done without cloudflare ever having the password. I don't know how they do it though.
It doesn't change the fact that CloudFlare is an actual MitM and therefore a huge security risk.
In addition, remember that Cloudflare offers DNS resolvers at the 1.1.1.1 IPv4 anycast address.
Being in the position of the a users DNS resolver opens up all kinds of possibilities for manipulation of the returned resource records. (It's been a many years since I played with DNSSEC, so I am not sure whether DNSSEC could provide protection.)
Let me put further important words in uppercase:
One more reason why it's a REALLY GOOD IDEA to REALLY #UNPLUGTRUMP ASAP!
@0xF21D wrote:
So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.
Let me put the important words in uppercase.
So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.
blog.cloudflare.com/password-r…
Password reuse is rampant: nearly half of observed user logins are compromised
Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.The Cloudflare Blog
They run half the internet all for free....
¯\(ツ)/¯
Cloudflare + MITM = Bullshit
Still any questions? Don't usw this shit!
What software is that guy using? It looks like people are repyling from mastodon. Is this a write.as? I didn't think it had that feature actually.
Anyway, this is nuts, and one person there saying he's fine with it because it's free: said the same thing when I joined gmail what, two decades ago? Really regret that now. We should care more about privacy. _I_ didn't sign up for this.
I'm American though. Used to it.
Leaked credentials detection · Cloudflare Web Application Firewall (WAF) docs
The leaked credentials traffic detection scans incoming requests for credentials (usernames and passwords) previously leaked from data breaches.Cloudflare Docs
So if you give your private key and certificate to a third party to MITM you, or you let them request their own certificate, they can MITM you?!
Who saw that coming?!
Microsoft will cause millions of computers dying this year, still people are fan of M$.
I'll give it a week and then nobody cares about Cloudflare either.
@schnur Wow. We knew this was possible and huge reason for all the anti cloudflare stance.
I recall a hearing w/gov said "you realize the access you have is very important".
Might have to cover this. Thanks for sharing.
@RTP @schnur This is why I call it "clownflare" .. That US company owns over 80% of the CDN market share, which makes it the world's largest >MITM< reverse proxy
Source: w3techs.com/technologies/histo…
You would think that developers would know better to configure their own infrastructure, but nah.. they choose convenience, i guess it's a human nature..
Market share trends for reverse proxy services, March 2025
Changes in the market share of reverse proxy servicesw3techs.com
Admittedly I used to run the Mastodon instance sending this message through Cloudflare, but then I one day thought that they have far too much internet traffic about everyone already and switched to bunny.net to reduce that ever so slightly.
All this has done is convince me that I was right to do that.
It still isn't perfect because how I configured it basically means bunny.net effectively MitM nearly everything instead, but I would rather give a company in Slovenia my data than a US company which has something approaching some sort of weird monopoly at this point.
You can analyze whether hashed passwords are the same without looking at the original passwords.This is how password hashing works.
dashlane.com/blog/what-is-pass…
What Is Password Hashing? - Dashlane
What is password hashing? Discover how it works, the algorithms it uses, and why it's crucial for data security.Dashlane
no passwords in plain text and with first 5-digit oh Hash☝️
troyhunt.com/understanding-hav…
Understanding Have I Been Pwned's Use of SHA-1 and k-Anonymity
Four and a half years ago now, I rolled out version 2 of HIBP's Pwned Passwords [https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/] that implemented a really cool k-anonymity model courtesy of the brains at Cloudflare.Troy Hunt
Any more reason to switch to FIDO2 with hardware tokens or #Passkeys.
The latter only if you trust the service providers and if you don't need protection against phishing. With Passkeys and their optional delegation feature you can be tricked into transferring to a hacker. 😞
With a #FIDO2 hardware token, you're really safe.
and back in 2017, cloudflare leaked passwords :D
pbs.org/newshour/science/cloud…
Cloudflare data leak potentially exposed trove of passwords, personal information for months
Cloudflare, an internet services company that manages 10 percent of all web traffic, has been leaking assorted bits of customer information since a bug appeared in their code in September 2016.PBS News
#ClownFlare is a #RogueISP and their #MITM-based approach eould've always allowed that.
- Why is ANYONE here surprised of that?
#CloudFlare is a #RogueISP known to offer Services in #Russia and to #CyberCriminals...#ClownFlare is also a #ValueRemoving #rentseeker who's core product / service is essentially a #Racketeering Scheme and should not exist as any competent hoster offers #DDoS protection free of charge...
This is going around a lot, and isn't nearly as sinister as the Mastodon megabrain is assuming.
Cloudflare analyzed (via the system that it already has to check for bad passwords and signal the service they're connected to that a password should be changed because that's a service they provide that their users can opt-in to) passwords people are using to log in (via zero-knowledge proofs sent to Have I Been Pwned, a feature HIBP has that Cloudflare helped them build) to sites they protect and discovered lots of re-use.
In no piece of that story do the ideas "Cloudflare is storing your passwords" or "anyone at Cloudflare knows your password" enter into it. But it's easy to see how people arrive at that conclusion (becuase, well... Nobody knows how passwords work!).
If Cloudflare's guilty of anything, it's that they wrote a blogpost about this targeted at people of the level of tech-sophistication where they re-use passwords (i.e., they don't even know what a "hash" is) to tell them to stop doing that... And they didn't, in the same post, guard against the possibility that readers would assume they did the analysis in a way so stupid no professional security company would ever do that.
How is that even possible unless they store the passwords unsalted?
Oh no.
Ohhhhhh no.
So wait they stole everyone's passwords and saved them in plaintext?!
OK, cloudflare scanned credentials und geht damit offen um. Das ist zwar nicht schön, vermutlich machen das aber viele Anbieter, um sich / ihre Systeme und auch ihre Kunden zu schützen. Und sie vergleichen "nur" die gespeicherten Passwordhashes mit den übertragenen Credentials.
Die Erlaubnis dafür holen sie sich im Kleingedruckten des kostenlosen "free plan"
"Our data analysis focuses on traffic from Internet properties on Cloudflare’s free plan, which includes leaked credentials detection as a built-in feature. Leaked credentials refer to usernames and passwords exposed in known data breaches or credential dumps ..."
blog.cloudflare.com/password-r…
Password reuse is rampant: nearly half of observed user logins are compromised
Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.The Cloudflare Blog
blog.cloudflare.com/password-r…
Im dort verlinkten DEV post steht:
"Note
Cloudflare does not store, log, or retain plaintext end-user passwords when performing leaked credential checks. Passwords are hashed, converted into a cryptographic representation, and then compared against a database of leaked credentials."
developers.cloudflare.com/waf/…
Nicht schön, aber formal korrekt.
Password reuse is rampant: nearly half of observed user logins are compromised
Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.The Cloudflare Blog
Apparently DOD went through the web pages for Medal of Honor recipients and marked those of non-white dudes as "DEI", which also broke links.
The shameless racism is nakedly on display.
Darth Tiktaalik likes this.
reshared this
Coach Pāṇini ®, Mark Newton, stux⚡, Florian Schmidt, DoomsdaysCW and Darth Tiktaalik reshared this.
Although the DoD won't share it, Gen Rogers' Wikipedia page has his Medal of Honor citation. He charged through multiple waves of incoming artillery fire to lead his men to repel an attack, and was seriously wounded TWICE in the process.
"DEI" should not be not a smear, but in this case, DEI my ass.
reshared this
Mark Newton, Coach Pāṇini ®, Florian Schmidt and Ricki Crush Bandicute Tarr reshared this.
This racial discrimination also includes 21 MoH recipients from the #442nd RCT (Regimental Combat Team, Go for Broke) during WWII. The 442nd had most MoH recipients for a unit of just 4000 men.
Sam Sethi said, on bsky:
> If the racists [sic] US Govt really want to dishonour their black or female veterans, odd they have not replaced the 404 image
Grabbed image while I could; great JPEG with full details!
Caption: U.S. Marine Corps Cpl. Ava Alegria, a combat photographer [...] , and Sgt. Kevin Cherry, a drill instructor with Lima Company, 3rd Recruit Training Battalion [...] Parris Island, S.C., Dec. 19, 2024. (U.S. Marine Corps Photo by Lance Cpl. Ayden Cassano)
@danmcd When I take the "dei" out of the URL I get what looks like a redirect response to the URL with the "dei" added back in and THEN I get a 404.
To test that it's not just my fancy browser doing it, I tried with links and got the same behavior.
@jef @danmcd Because it would mean that the people who actually have to upkeep this are taking steps to make it reversible at least. The website could actually be completely intact, this could be done in a reverse proxy.
Being unable to stop it from happening, this would be the next best thing. As soon as whoever needs to get their head out their ass to stop this does, they could put it back.
Also present at this link, but it is not a .gov site.
cmohs.org/recipients/charles-c…
Charles Calvin Rogers | Vietnam War | U.S. Army | Medal of Honor Recipient
U.S. Army Lieutenant Colonel Charles Calvin Rogers was presented the Medal of Honor for military valor during the Vietnam War.Congressional Medal of Honor Society
Darth Tiktaalik likes this.
For the billionaires funding the end of American democracy, bigots are the perennially reliable voting bloc for fascists & Russian psyops.
The coded language of bigotry.
The CRT furor was funded by Koch, Putin, Sharon Virts, Dunn, Wilks, Ackman & Paul Singer.
The DEI and trans furor has the same funding.
thenation.com/article/politics…
jacobin.com/2022/09/wall-stree…
cnbc.com/2021/11/10/critical-r…
washingtonpost.com/technology/…
thedailybeast.com/right-wing-a…
Warmongers too:
desmog.com/2025/03/14/heritage…
Heritage Foundation and Allies Discuss Dismantling the EU - DeSmog
The group that drafted a key blueprint for Donald Trump’s second term convened a meeting in Washington D.C. this week to consider proposals for bulldozing the European Union (EU).Sam Bright (DeSmog)
The US government is at war with its own citizens.
It wasn't just about removing undocumented migrants, it was also about changing the status of existing American citizens.
It's shocking, but it's also a logical consequence of believing some people deserve to survive, thrive, and be happy, more than others.
Sexism, racism, homophobia, transphobia, religion, capitalism, supremacy, monarchy, patriotism, nationalism, fascism... it's a continuum.
web.archive.org/web/2025030516…
Medal of Honor Monday: Army Maj. Gen. Charles Calvin Rogers
Army Maj. Gen. Charles Calvin Rogers worked for gender and race equality while in the service. But he's perhaps most well-known for his leadership during an intense battle in Vietnam, which earned himU.S. Department of Defense
I'd respect them just slightly more if they said what they mean
So many "free thinkers" love their code words to play lawyer
The once great USA looks like a tag-nut on the arse hairs of humanity these days.
Coming from less-than-great-Britain that seems like a terrible thing to say, and I apologise to my American friends who maybe don't see what's happening, for being so blunt.
The world is laughing at the American clown show (except those who are afraid, I guess).
Let's hope USA vomits its poison soon, and starts to recover...
Race breakdown of the US Army.
Would you join up if you’re non-white?
statista.com/statistics/214869…
Distribution of race and ethnicity among the U.S. military 2019 | Statista
In the fiscal year of 2019, 21.39 percent of active-duty enlisted women were of Hispanic origin.Statista
See if the DoD marked some white guys as DEI too: that could happen if they used software to detect a face and a white guy's face was dark enough due to poor lighting to trick the software into classifying him/her as non-white.
It wouldn't surprise me if they didn't think anything through: their 1st priority is to generate those 5 sentences for Musk describing each thing they accomplished in a week.
Don’t tell them about Edward Carter Jr. but everyone should read about this American hero before their intern gets around to removing it too
Darth Tiktaalik likes this.
check out this hero’s story too: Army Pfc. William Henry Thompson
Darth Tiktaalik likes this.
Darth Tiktaalik likes this.
Darth Tiktaalik reshared this.
"Joining me today on the pod is someone I'm hoping to reach across the aisle to. Ladies and gentlemen, welcome Joseph Goebbels!"
RE: bsky.app/profile/did:plc:cd3uw…
Darth Tiktaalik reshared this.
#illustration #comicart #history #art #death
Darth Tiktaalik reshared this.
Trump Deports a Legal US Resident to Censor Criticism of Israel
Hey welcome back to my new channel, Documenting the Collapse of US Democracy! I know this must be strange for those of you who preferred the old format of discussing science and critical thinking butRebecca Watson (Skepchick)
reshared this
Darth Tiktaalik reshared this.
258 cases of #measles. And yet:
"a health department spokesperson said it was withholding further information because 'these cases don’t pose a public health risk and to protect patient privacy.'"
Bullshit! Measles is very infectious and the unvaccinated and undervaccinated are at risk. Most of the people affected were unvaccinated.
Talk to your doctor about your vaccine status.
arstechnica.com/health/2025/03…
Texas measles outbreak spills into third state as cases reach 258
Oklahoma says the cases “don’t pose a public health risk.”…Beth Mole (Ars Technica)
Darth Tiktaalik reshared this.
Victor 4X6GP
in reply to Paolo Amoroso • • •Do we need to do this to ourselves?
Paolo Amoroso
in reply to Victor 4X6GP • • •