Mitigating MITMs in XMPP — JMP Blog
In October 2023, Jabber.ru, “the largest Russian XMPP messaging service”, discovered that both Hetzner and Linode had been targeting them with Machine-In-The-Middle (MITM) attacks for up to 6 months. MITM attacks are when an unauthorised third party intercepts traffic intended for someone else. At the point of interception, the attacker can inspect and even modify that traffic. TLS was created to mitigate this; all communication between the two parties is encrypted, so the third party sees nothing but gibberish (ciphertext).TLS is great, but it’s actually not enough when the attacker owns your network, as in Jabber.ru’s situation. Jabber.ru rented servers from Hetzner and Linode, who altered their network’s routing setup to obtain TLS certificates for Jabber.ru’s domains and successfully carry out a MITM. When connecting to an XMPP server, most clients are only configured to look for a valid certificate. A valid certificate matches the service’s domain name, is not expired, and is authorised by a known and trusted Certificate Authority (CA). If the client sees a certificate that’s signed by an unknown CA or whose expiry has passed or the domain in the cert doesn’t match the service domain or any combination of those, it’s considered invalid; the client should terminate the connection before transmitting sensitive data, such as the user’s password.
Because Hetzner and Linode controlled Jabber.ru’s network, they were able to meet all of those conditions. XMPP clients would just accept the rogue (but valid!) certificates and continue along as normal, unaware that they were actually connecting to a rogue server that forwarded their traffic (possibly with modifications) to the proper server.
A fairly straightforward mitigation involves DNS-based Authentication of Named Entities, or DANE. This is just a standard way to securely communicate to clients what certificate keys they should expect when connecting. When clients initiate a connection to the XMPP server, they receive a TLS certificate that includes a public key. If the server admin has implemented DANE, the client can verify that the public key they received matches what the server administrator said they should receive. If they don’t match, the client should terminate the connection before transmitting sensitive data.
[...]
Some posts here indicate people don't know the basics & are still feverishly explaining why they are so smart that they gave an NED-funded app their phone number like this is somehow defensible. Or worse posting that blog where "Soatok" argues stickers + ease of use trump technical concerns in the end. Please do not let some niche skill monopoly turn you into an egomaniac, if you are even really part of one 🤨
The "Kahanist Plan": Inside the Zionist Far-Right
- YouTube
Auf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.www.youtube.com
\* cries in québécois \*
Edit: I feel I need to clarify. These doctors will never come work in Québec with the current government and their threats with bill 2 that might close a LOT of clinics and create an exodus of doctors the likes we have never seen.
like this
fif-t and NoneOfUrBusiness like this.
my doctor already warned us she is leaving next april. she has 600 patients on her roster and the gov't wanted to add more...
so i'll have no family doctor next year... but, hey, at least we don't be able to pray in schools!
QC gov't: "no healthcare for you!"
me: "dear god, please keep us healthy..."
QC gov't: "NO PRAYING EITHER!"
like this
NoneOfUrBusiness likes this.
🤣🤣🤣🤣🤣🤣🤣
Duuude that would make such a great fucking joke for the Bye Bye at the end of the year hahahahahahahahaha
The context beyond the title. The article did not include numbers of net new doctors this is expected to yield.
The federal government is promising to open up permanent residency for foreign doctors working in Canada as temporary foreign residents in order to tackle the doctor shortage across the country.
...
"Many of these doctors are already treating patients in our communities. We cannot afford to lose them," Diab said.
Katsuhiro Harada to leave Bandai Namco after more than 31 years
Katsuhiro Harada to leave Bandai Namco after more than 31 years - Gematsu
Bandai Namco executive game director, chief game producer, marketing director, and general manager Katsuhiro Harada will leave Bandai Namco after more than 31…Sal Romano (Gematsu)
like this
Auster likes this.
haha, oh not to mention lemmy communists: love to defend imperalism, supports capitalistic explitation of foreign labour (as long as its not US explotation), oh and opposes anyone arming themselves in opposition to said imperialism 🤷
eh, internet will always be internet; it sucks but I know I'll get along far better with a commie than a facist afterall. Faces help so much
like this
☆ Yσɠƚԋσʂ ☆ likes this.
uh, does the original "meme" provide that context? 😅 the point is to point out the diviseness - not to prove that communists are just as bad
tldr. leftist infighting bad.
like this
☆ Yσɠƚԋσʂ ☆ likes this.
love to defend imperalism
No?
supports capitalistic explitation of foreign labour (as long as its not US explotation)
No? What do you mean by this?
oh and opposes anyone arming themselves in opposition to said imperialism
No? Again, what do you mean?
like this
☆ Yσɠƚԋσʂ ☆ likes this.
Oh hey, you're the guy in the meme
theanarchistlibrary.org/librar…
Why We Don’t Vote
Urcuchillay Why We Don’t Vote August 8, 2020 A Wayback Machine copy of the original is at https://web.archive.org/web/20210118221953/https://awsm.nz/?p=6210The Anarchist Library
Nowhere in that does it really explain why voting is counter productive. Voting is a tool, and a very cheap one. It only costs at most an hour once every 3 years and requiring knowledge of current events and politics, which is stuff you will know about anyway if you're involved in any kind of direct action.
The only potential argument there is the psychological one, where people are lead to think voting is enough to do their part, but I don't think that's a strong enough argument to pass up choosing your opposition. As shit as Labour is, National and Act are worse, and by any logic other than accellerationism (which is a terrible idea of you care about the human cost), Labour will make fighting capitalism that little bit easier.
I understand not running for office. That article gives good reasons that actually joining politics is a wasted effort. It takes a lot of time and money, and almost always ends up making people slide towards the "reasonable politician", not the radical that they promised to be.
Nowhere in that does it really explain why voting is counter productive.
You clearly didn't read past the first paragraph then
Mate, I read the whole thing. The only claim I saw as to why voting is counter productive is that "voting convinces people that they've done all they need to" idea, which I think is flawed. All the other arguments are talking about voting having low impact and it can't fundamentally change things.
Please, if there is another part that I missed, tell me what it is, whether that's something backing up the complacency claim or another claim entirely. I'd love to be proven wrong here.
It is literally in paragraph 2
We argue that electoralism ensures that a statist perspective becomes dominant. Everything is seen in terms of state intervention and following the decisions of the leaders, which has always proved deadly to encouraging a spirit of revolt, self-management and self-help – the very keys to creating change in a society.
OK maybe I read that wrong. The way I interpreted it, I read "electoralism" as using voting as a primary tool. Using that definition, I agree with that paragraph. Voting alone is nowhere near enough to produce real change.
But if the definition of "electoralism" is using voting in addition to direct action, I don't think that paragraph gives much reasoning behind itself. It's a good statement, but it needs more backing it up
a very cheap one
Basically 1 billion dollars for 2022-2023 alone in Australia
which is a terrible idea of you care about the human cost
Once you're at the point of advocating for voting in genocidal right wingers, you've lost the ability to just dismiss things out of hand by invoking the "human cost".
Labour will make fighting capitalism that little bit easier.
Citation needed mate. I'm pretty sure you just mean you'll be more materially comfortable under Labour.
advocating for voting in genocidal right wingers
I am advocating for using your vote to reduce human cost as much as possible. What that means depends on the context.
If you're in America, the decision right now is between one genocide, two genocides, or refusing to have an impact on that decision with how impossible the system is for third parties. One less genocide is the least bad option, unless you have a better one.
If you're in New Zealand (where I live, so I'm more familiar with the politics here than anywhere else), there are multiple options because of MMP voting. That means I won't be advocating for voting in genocidal right wingers.
citation needed
Labour coalitions have historically been the governments that have had the best impact on workers rights. At least far more than national coalitions.
Also, don't think I'm saying you should vote for labour next year. Labour is shit, vote for someone better
I think voting is useful tho
If there are decent options, votes can show support for it, regardless of a win or loss. The results would signal that there is decent support on it or became a part of awareness on issues or points.
Not dismissing other parts on direct action and the fact that there is no right to recall in elections(Not USAmerican or EU-ian. Do you have right to recall?)
I don't understand anarchism at least in the context of reading about half of this web page, which basically just repeats the notion that a true radical can not vote because that reinforces capitalism, "well both sides are bad" and the individual can not rule over the many. Truly, in principal I agree with what this is saying. But to spark a revolution, the government needs to become so much worse than it currently is. I don't think anarchism has actually happened and been sustained, tell me if I'm wrong. If Anarchism was on the cusp of succeeding and it was all those democrat voters which caused it to fail I would completely understand not voting.
Rather Anarchism gives permission to the right to continue there slaughter. While in the same way voting in an election gives the magical president that capitalism works, (But still holding a net vote towards a better outcome) not voting in an election has the same president that capitalism doesn't work.
Because a non voter is the same as a centrist when the choice to vote or not to vote is actually the "vote" someone should make.
Nobody hears you.
Truly, as an anarchist are you homeschooling your children? Would you go to a public hospital? Sorry to do the "Communism =/ Iphone" but the government has good things, and increasing those good things are, good. Is this kind of Anarchism a kind of Accelerationism where you let the state continue to make living conditions worse on principal that this is the system capitalism created?
I believe in using every resource available to make everything better, and I won't hold those further left than me from succeeding because the enemy is the right, but I also want leftists to come together and agree.
Rather Anarchism gives permission to the right to continue there slaughter.
You don't understand anything about what anarchists believe and are going by vibes.
Because a non voter is the same as a centrist when the choice to vote or not to vote is actually the “vote” someone should make. Nobody hears you.
This is honestly the most ridiculous take I've ever read in my entire life.
Look, this is lemmy memes and I'm not the Cowbee for anarchism. You should try reading more in your life instead of politics by vibes. Check out Kropotkin.
homeschooling your children?
Yes
Would you go to a public hospital?
I don't really go to doctors, I take care of my own health. I have basic medical training. In a communal setting I would help others take care of their health. In an anarchist world we'd have hospitals under the Young Lords models. I would prefer a community hospital that wasn't run under capitalism. Under the system we live in and in the country I live in I would go to, but that doesn't mean I support the Mexican government.
kind of Anarchism a kind of Accelerationism where you let the state continue to make living conditions worse on principal that this is the system capitalism created?
There is no alternative than destroying the system and rebuilding it
You are right, my politics are basically just vibes. I think my politics are mostly just common sense which is this current system isn't working how do we fix it. I acknowledge that the system isn't broken, it's working as intended.
You live in Mexico, don't you have a progressive leader right now? This at least improves living conditions temporarily. I heard one of her policies was enforcing the minimum wage increase to be above the increase of inflation. This is a policy that I personally wish would be implemented in my own country.
I would vote for someone like this.
I think fighting for a political system which will likely never come in your lifetime is admirable, but unrealistic. I personally fight for a system wherr the government gives every person the minimum requirements to live. Free food, housing, healthcare, water, electricity, transport, and education. This will make people not need to work under corporations, which will then make corporations meet the need of the worker or fall. I also fight for no government donations, this will make politicians have less alterior motives, making policy better.
That's all I need within my lifetime is a government which makes the health and wellbeing of an Individual as best as it could be.
There is a large amount of Anarchist larpers on Lemmy I can't name them all.
edit: Guess not, I have them blocked so I have no idea what they're posting or if they're an Anarchist. I think they crashed out on my instances music comm
Bill proposes to end free postage for people who are blind
Bill proposes to end free postage for people who are blind
The federal Liberals’ budget bill currently making its way through Parliament contains a small amendment to Canada Post’s legislation that could spell the end of a critical service providing accessible reading material for people who are blind.The Canadian Press (CTVNews)
like this
frustrated_phagocytosis likes this.
like this
frustrated_phagocytosis likes this.
The party switch happened when Harper let the Reform Party take over the PC.
Your historic Liberal Party is the NDP. Carney was elected because he was a Conservative.
When I became a naturalized Canadian citizen I voted for the first time in my life in any election, and it was NDP, because they were the closest thing to what I want.
I honestly want this shit to stop. I want affordable housing again, I want rent control, and I want lease transfers (when they ended that people said it would absolutely show a spike in homelessness, which it did). For one thing that would make me sound conservative is that I want the current bullshit on firearms bans to be stop and be repealed. The Canadian licensing scheme for firearms has been very successful in preventing bad guys from getting guns, showing in that very few criminal guns in Canada are sourced from legal Canadian sources. The worst shooting in Canadian history that happened in Nova Scotia in 2022 was done with smuggled AR-15s from the United States. The shooter had one gun sourced from Canada, but how he got it is a monumental failure of the RCMP... the shooter was the executor of someone's estate, and that person legally owned a pistol when he was alive. The RCMP could have swept in and took it, as the shooter not only did not have an RPAL, but also had a criminal record and a history of alcoholism (both of which would bar anyone from getting an RPAL or PAL approved).
Basically the current state of the liberals with the failed gun bans is both very expensive (and they haven't collected a single damn rifle yet) and highly ineffectively and driven entirely by simple hatred of firearms and sport shooting... and the money continues to be diverted from more essential services like healthcare and housing, in addition to trying to pass the equivalent of the Patriot Act without any justification whatsoever and warrantless digital spying on Canadians and online IDs... it is giving me a headache just to think about it.
I agree with you but I wanted to thank you for sharing.
If I was better networked I would push for change.
You wrote a lot, rather than address it because I didn’t have much to add I just thanked you.
My comment would be seeing the NDP move to where the Liberals used to be is depressing but seeing the Conservatives move to the right of the US Democrats is worse.
However that doesn’t do justice to your effort.
All I really care about is how he will punish companies that operate in the US/people that travel there.
Hard to punish people leaving but entering or people in the country should face treason charges.
Growing up we’re taught to hate them. Burning down their government building more than 200 years ago is a point of national pride.
NAFTA being a disaster for us just made it worse.
Just sent this to my MP:
Dear Patrick WeilerI am writing to you today to stress my significant frustration regarding Bill C-15.
As an able-bodied Canadian, I find it deeply troubling that this legislation is effectively stripping Canadian organizations and individuals of the ability to send and receive essential materials, such as books, letters, used by people who are blind, without incurring postage costs.
We are judged by how we treat the worst off, not the best, and the impossibly minor savings this will grant are not worth how it will impact the differently abled. I've never used, know anyone who has used, or expect to use this saving, but to people that need it its a lifeline.
The long-standing policy of allowing these items to be mailed postage-free is crucial for accessibility and participation in society for the blind community. I urge you to reconsider the implications of Bill C-15 and support policies that maintain or enhance this vital service.
Thank you for considering my concerns regarding this important issue.
That's a great letter. Thanks for posting it here.
There are other big problems with Bill C-15 like the part where any minister can exempt a person/organization from any act of parliament (outside of the criminal code) under their responsibility. It's section 208.
So the minister of the environment could exempt a company from any environmental laws. One person could decide to let someone dump whatever they wanted into our lakes or rivers.
There are countless other acts that could be exempted at the judgment of one minister appointed to the role.
CIBC announces Senior Executive Leadership Changes
CIBC announces Senior Executive Leadership Changes
/CNW/ - CIBC (TSX: CM) (NYSE: CM) today announced senior leadership appointments to its Group Executive Leadership Team for 2026, to further accelerate the...CNW Group
unironically, i can't wait for the AI Investment Advisor to start spouting off all the financial advice they scraped off reddit....
"yeah bro, yolo all your money into blackberry and gamestop! to the moon!!! i'd also put 69% (nice) allocation into dogecoin...."
PalestinaHackathon 10 januari Göteborg
10 januari 2026 kl 11-18, Norra Hamngatan 14 Göteborg
Välkommen på en heldag där vi avslöjar kopplingar mellan svenska aktörer och folkmordet i Palestina. Det finns uppgifter för dig som vill koda, skriva, gräva fram info eller designa. Vi kommer att analysera data, researcha, designa visualiseringar och andra uppgifter som du kan hitta på. Tillsammans tar vi fram underlag för artiklar, material till kampanjer eller publicerar saker direkt.
Det kommer finnas lite öl och pizza, ta gärna med din överblivna glögg eller nåt annat du vill bjuda på.
Vi som ordnar det här är journalist och IT-konsult. Senaste halvåret har vi samlat på oss dokument och data om svenska kopplingar till Israel som vi inte riktigt hinner gå igenom själva. Och vi tror att vi tillsammans kan få fram ännu mer genom att söka i datamängder, begära ut fler handlingar och visualisera data. Både du som har koll på det här och du som vill lära dig mer är välkommen.
Maila anmälan eller frågor senast 7 januari till
palestinahackathon@mailbox.org
reshared this
Samuel reshared this.
Canada’s environmental ‘realism’ looks more like surrender
Last week, the United Kingdom did something all too rare: it chose leadership by backing science and prioritizing public safety. The Labour government announced it would ban new oil and gas licences in the North Sea, strengthen a windfall tax and accelerate phasing out of fossil-fuel subsidies.These are not symbolic gestures. They are an acknowledgment that the global energy system is shifting and that mature economies must shift with it.
And they came in the same week that catastrophic floods swept across south-east Asia, killing more than 1,000 people and displacing over a million. The real-world imperative to transition off fossil fuels has never been so urgent.
But, at the exact moment the UK stepped forward, Canada stepped back.
Ottawa signed a new Memorandum of Understanding with Alberta to support a new oil sands pipeline that would facilitate increased production of fossil fuels. The deal would delay methane regulations, cancel an oil and gas emissions cap and exempt the province from clean electricity rules. All this comes as leaders are lifting environmental-assessment requirements for major projects, preparing to weaken greenwashing laws and suspending Canada’s electric vehicle sales mandate. The MP Steven Guilbeault resigned from Mark Carney’s cabinet rather than defend the retreat.
The contrast could not be sharper: while climate effects intensify and economies pivot, Canada is reinforcing the very industries driving the crisis.
Internationally, the commitment is crystal clear. At COP28, in Dubai in 2023, Canada, the UK, and 190 countries agreed for the first time to transition away from fossil fuels. You do not “phase out” something by building more of it. A pipeline enabling 1m additional barrels a day pushes Canada in the opposite direction of what it has already promised.
Carney built his reputation by warning that climate inaction threatens economic stability and that finance must align with the reality of a warming world. Instead, he is overseeing decisions that deepen Canada’s dependence on an industry whose expansion directly fuels the disasters already devastating communities.
Tzeporah Berman [author] is a Canadian environmental activist, campaigner and writer
Canada’s environmental ‘realism’ looks more like surrender
At a time when the UK and other countries are finally taking bold steps for climate, Canada is preparing a new oil pipelineTzeporah Berman (The Guardian)
Carney is a capitalist. He's a banker. He's pro money and doesn't give a shit about the environment.
Check out section 208 of Bill C-15 which gives a minister the ability to allow any entity to ignore a law for a period of time. They could freely allow a company to ignore environmental laws for example.
Here's the relevant part of the bill copied below, and the link to the bill on parl.ca. Scroll down a little bit to section 208. There are some things I trimmed out for brevity. This is not the whole thing, just the parts I considered most relevant.
208 Section 11 of the Act and the heading before it are replaced by the following:
#Exemptions to Encourage Innovation, Competitiveness or Economic Growth
Order
12 (1) Subject to subsections (3) and (7), a minister may, by order, for a specified validity period of not more than three years and on any terms that the minister considers appropriate, exempt an entity from the application of
* (a) a provision of an Act of Parliament, except the Criminal Code, if the minister is responsible for the Act;
* (b) a provision of an instrument made under an Act of Parliament, except an instrument made under the Criminal Code, if
* * (i) the minister is responsible for the Act, or
* * (ii) the body that made the instrument is accountable, through the minister, to Parliament for the conduct of its affairs; or
* (c) a provision of an Act of Parliament, except the Criminal Code, or a provision of an instrument made under an Act of Parliament, except an instrument made under the Criminal Code, if the minister administers or enforces the provision.
Conditions
(3) A minister may make an order under subsection (1) only if the minister is of the opinion that
- (a) the exemption is in the public interest;
- (b) the exemption would enable the testing of, among other things, a product, service, process, procedure or regulatory measure with the aim of facilitating the design, modification or administration of a regulatory regime to encourage innovation, competitiveness or economic growth;
- (c) the benefits associated with the exemption outweigh the risks;
- (d) sufficient resources exist, and appropriate measures will be taken, to maintain oversight of the testing, manage any risks associated with the exemption and protect public health and safety and the environment; and
- (e) a feasible implementation plan has been developed.
#Transparency and Parliamentary Oversight
Accessibility
14 (1) Subject to subsections (2) and (3), a minister must, as soon as feasible after making an order under section 12, make the order and the following information publicly accessible:
* (a) a description of the decision-making process and a summary of the reasons for the order; and
* (b) a description of the process for providing comments or information to, or requesting information from, the minister in relation to the order.
Exception
* (2) The minister may exclude information that, in the minister’s opinion, would be inappropriate to make publicly accessible for reasons that include safety or security considerations or the protection of confidential or personal information.
He’s pro money and doesn’t give a shit about the environment.
So he's more or less like the vast majority of Canadians. He won the election killing the carbon levy, because too many poor Canadians are struggling to gas up their V8 pickups after commuting at 140 km/hr.
Forget the EV mandate. It's gone.
One weak argument is that he needed to do this to counter effects of Trump until the CDN economy can stop being addicted to the US economy, but practically he's just aligning Canada with weakening US environmental laws.
Giving in to trump is one of the stupidest things imaginable. I will never understand how anyone fell for him. When I studied the rise of Hitler during ww2 I was confused as to how anyone fell for a buffoon like him and still am.
Yet people continue to fall for this shit.
Too bad most Canadians are fucking idiots and didn't realize or understand that 80% of households benefitted from the Carbon Tax, receiving more than what they paid in the first place.
We just decided to kick the environment in the groin and take money away from the poorest Canadians. And somehow the oil companies and media oligarchies framed this as a win for the "working and middle classes".
Canada almost fell for MAGA over the carbon levy but we got MAGA adjacent.
Fuck you, Carney, I can't believe I voted for this jackass. I voted liberal specifically so shit like this DOESN'T happen.
Fuck this. Fuck their cuts to Healthcare, fuck their continued enabling of the housing crisis, fuck their trying to cut a deal with Trump, fuck their ineffective and extremely expensive (and unenforceable) gun bans and attacks on sport shooting, fuck their bill to make a patriot act style surveillance state, fuck their continued breaches of internet privacy. Just fuck this.
That is correct. I did choose whoever the liberal candidate was on the ballot. But we all know what that means ultimately in a national election.
I should have abstained or voted NDP or voted symbolically.
Russian troops liberate two communities in Ukraine operation over past day — top brass
Russian troops liberate two communities in Ukraine operation over past day — top brass
Russia’s Battlegroup South inflicted more than 145 casualties on Ukrainian troops and destroyed three enemy armored combat vehicles in its area of responsibility over the past day, the Defense Ministry reportedTASS
Old Teslas Are Falling Apart
Old Teslas Are Falling Apart
On Consumer Reports' latest ranking of used car reliability, Tesla came in dead last with a rating not even half of the top placed brand.Frank Landymore (Futurism)
3D printing 1939
- YouTube
Auf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.youtube.com
China’s trade surplus tops $1 trillion for first time
China’s annual trade surplus in goods has topped $1 trillion for the first time, with plunging exports to the United States amid a tariff war more than compensated for by shipments to other markets, new data shows.
Figures released by China’s General Administration of Customs on Monday showed the trade surplus for the first 11 months of the year hit $1.08 trillion in November, as exports climbed 5.9 percent year-on-year that month, reversing a 1.1 percent decline the month prior.
The leap came despite a continued slump in exports to the US, which fell 28.6 percent to $33.8bn last month, the data showed.
Beijing and Washington have been locked in a bitter trade war involving hefty tariffs during the second administration of US President Donald Trump, forcing Chinese exporters to pivot to other markets – although the leaders of the world’s two largest economies agreed to pause the hostilities during a meeting in South Korea in October.
China trade surplus tops $1tn for first time amid pivot to counter US lull
Chinese exports climb as exporters reroute shipments to other markets amid slump in shipments to the US.Al Jazeera
TankieReplyBot
in reply to Ayache Benbraham ☭🪬 • • •I found a YouTube link in your post. Here are links to the same video on alternative frontends that protect your privacy:
Piped
piped.video