Warning: do not use Hive Social:
We found a number of critical vulnerabilities, which we confidentially reported to the company. After multiple attempts to contact the company we finally reached them by phone and they acknowledged the report. After multiple days and multiple reminders by us, they claimed to have fixed all issues. However multiple vulnerabilities we reported still exist at the time of writing.
The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages. This also includes private email addresses and phone numbers entered during login.
Attackers can also overwrite data such as posts owned by other users.
The Hive team has become aware of security issues that affect the stability of our application and the safety of our users. Fixing these issues will require temporarily turning off our servers for a couple of days while we fix this for a better and safer experience
To their credit, it sounds like pulling the plug entirely was the right move, and most companies would not have done that. Even if they only did it not when they found out, but only after someone created a PR disaster to force their hand. One takes what one can get.
However, that does not change the fact that (as I said earlier this week) they are yet another data silo whose lock-in design is antithetical to the principles of openness and interoperability that are the good things that the Internet and the World Wide Web brought to the world.
Since Mastodon can't do link previews for shit, I figured I might as well just generate screenshots myself.
Every system attempts to expand until it can be a content delivery network. The systems which cannot do so expand until they are replaced by ones which can.
it's a little too low res.
Well it is a *thumbnail*... Also that seems to be the best rez I can get from the thing I'm using (wordpress mshots)
yeah, it’s just blurry in the preview on my phone. Oh well.
It is very bad especially when you share from Youtube music etc. Just a cryptic URL.
You could have put the whole text of the blog post into the alt. 😉
False. 500 != 1622.
Also that would have made someone with a screen reader read it to them twice, which I'm guessing would not be helpful.
Hmm… I can do 500 chars in the post and 1500 in the alt. So close anyway.
Good point about the screen reader tho.
I don't know if something changed today, or if it's that I'm using the browser interface instead of an app, but link previews are working for me when I post today. Earlier I was just getting the truncated URL.
Whether and when link previews show up is dependent on the load and whims of whatever instance you are viewing. So in addition to being incredibly wasteful and damaging, Mastodon's link-preview design is *also* unreliably capricious! It's awesome!
Yikes. In my industry, "intermittent fault" is a code word for "enjoy spending the next week of your life tearing everything down until it goes away".
Fun/useless fact: While developing the F-1 engine for the Saturn V rocket, NASA couldn't figure out why they would sometimes exhibit instability--but also sometimes not!-- which caused them to explode on test stands. So they would literally throw bombs into the combustion chamber to induce instability for testing: https://www.nasa.gov/centers/marshall/history/solving-combustion-instability-and-saving-americas-first-trips-to-the-moon.html
I think about this fuzz tester often: https://vimeo.com/132609771
I wish our endurance testing rigs were that hilarious-slash-terrifying. Will pass it along to the appropriate decisionmakers.
Thanks for the article.
Up until pretty recently, I would have been nodding along in agreement with this. But more and more in the last couple of years, I have found myself thinking "rough consensus and running code turned out to not be such great acceptance criteria for something that was going to be critical infrastructure." It's what got us where we are today.
I suppose, like democracy, the open internet is the worst of worlds, except for all of the alternatives.
It seems to me those elements of working code and rough consensus aren't what went to shit.
Someone Else's Computer and an attempt to invent Noncopyable Bits have gone pretty badly.
Don't make me tap the sign