Nils

So #BlueSky was down today. Tempted to register the webpage "isthefediversedown.com" which is just static HTML of the text "no"

I have developed a foolproof system for inbox zero. it’s called “a separate email address I never check” and I feel fucking great about it buy my course.​​​​​​​​​​​​​​​

This is why I believe Bluesky was never meant to be federated. To create a Bluesky "instance", like Blacksky is heroically attempting, you have to perfectly duplicate every server Bluesky runs. But Bluesky is a business operating at a loss by burning unlimited-for-now VC cash. That has always implied only a business with unlimited VC cash can create an instance. Blacksky is succeeding. Except on days where they aren't.

Because this is the other "we used future alien technology to make it worse" thing about Bluesky.

In the "natural", Hobbesian form of P2P, the more nodes you add the less work per node you need to do, because of work sharing.

But Bluesky's "federation" is like blockchain. When you create a second "instance", that instance must duplicate *literally all the work* of the first instance. It must scrape all the posts itself. It must archive all the posts itself. It must CSAM-scan the posts itself.

P2P is a world where naturally the more people use it, the faster and more resilient the network becomes. Load gets distributed. Working nodes talk to each other and ignore nonworking nodes. That's how the primitive, BitTorrent era systems worked.

Bluesky somehow applied superfancy alien future technology to invent P2P traffic jams. When one node goes down, the others go down because they depended on it. Because it's a mesh of interoperating microservices by different providers, not federation.

well, duh.

Hopefully the last one.

One more test

Aaaaand, one more try.

Ah well, it happened again.

Just a quick test to see whether #hollo still craps out every time I publish something.

Der Tankrabatt kostet für 2 Mon. 1,6 Mrd. €. Dafür, dass sich die Öl-Konzerne weiter bereichern, SUV-Fahrer besonders entlastet und fossile Kriege finanziert werden.
Das Deutschlandticket kostet für 12 Mon. 1,5 Mrd.€. Dafür, dass 14 Mio. Menschen entlastet, Stau reduziert, das Klima geschützt & fossile Unabhängigkeit gestärkt wird.
2 Monate Tankrabatt ist also teurer als 1 Jahr Deutschland- ticket. Nie wieder soll es heißen, dass für letzteres kein Geld da ist und es leider teurer werden muss!

The leaders I've respected most have a gap between stimulus and response. They pause. They ask a question. They get curious before they get decisive.

"What happened here?" lands differently than "Who dropped the ball?" "Help me understand your thinking" opens more than "That won't work." Curiosity isn't idle. It's a discipline.

#SelfLeadership

@donaldegray

We’re happy to share that Mastodon has been awarded a service agreement from the Sovereign Tech Fund @sovtechfund 🎉

This covers five major initiatives through 2026 and 2027. We are very grateful for this support. Read about the details in our blog post.

https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/

@ChristinaLekati Ah yes, that makes sense. Have they disclosed the nationality of the proxies? Pretty are and certainly an interesting example of how complex this challenge is becoming.

@mattmattmatt @hollo Yeah, I've heard this from a bunch of other people as well. I do not see any pending requests on my end, and follower approval is turned off (and has been off since launching this instance). 🤔

I have been using email for 40 years. It used to work.

As an (independent) academic researcher, I need to contact new people, primarily in universities, to ask questions.

I refuse to use Google, Microsoft or the other American IT giants.

But they are increasingly preventing refuseniks from sending email at all.

I know what RFC, DNS, MX, SPF and DMARC mean. My email goes through small British companies with intelligent, friendly and helpful staff.

mxtoolbox.com says that I must have DMARC to send email to M$. So I set it up. I now get a dozen copies of the same report from G or M$ for each email that I send out.

They show that my email gets to G and M$ sites, but then it is marked as spam.

The stupid senior management of numerous universities has surrendered their staff email to M$.

Web searches and AIs preach about spam. I don't send spam - I want to contact my colleagues.

Rumour has it that previously unknown senders are treated with suspicion and their emails are sent to spam. In other words, it is impossible to **initiate** communication with someone.

Let's be blunt about this. They are a mafia that is enforcing an **oligopoly**. It's got nothing to do with reducing spam --- I have no doubt that they let through emails from "trusted partners", ie companies that bribe them enough to send their spam.

The result of this is that it will only be possible to send emails by paying M$ to do it, and then it will only be allowed to express "approved" opinions.

What can we do about this?

At the very least, those of you with senior positions in universities can tell your management to revert to competent standards-based email systems hosted on Linux systems.

@reiver @occrp That's the only issue I'd flag. I think with @pixelfed and Vernissage we have two nice photo-centric clients available (though I wish there was an Android app for Vernissage).

@reiver The apparent 40 mb limit for media attachments on many Mastodon servers makes this a hard sell. At @occrp, we routinely have to produce a dedicated version of videos for Mastodon that stay below that limit, lest posts with media won't publish. I know this is a local server limit, but it seems most servers have comparable ones. Linking to video platforms is fine, but if one wants to cross-post with platforms that favor local attachments over external links, you'll almost certainly be crafting separate versions specifically for Mastodon. And uploading a video to YouTube every time adds an extra step where mainstream platforms allow you to just include the file with the post and be done.

Using AI to write isn’t always wrong and other heresies

If you use AI to help with your writing, are you a talentless hack? Perhaps. But I don't think the connection is as direct as some would like to make it. It's just a tool, and it can be used for good or ill

https://mathewingram.com/work/2026/04/09/using-ai-to-write-isnt-always-wrong-and-other-heresies/?utm_source=mastodon&utm_medium=jetpack_social

#Hungary is voting today, and all i wish for it is a Monday without Orban

16 years have been 16 too many

We’re all monitoring the situation to feel some agency over issues well beyond our control. But is that doing us any good?

On #TechWontSaveUs, I spoke with Amanda Mull to dig into how we consume information and what drives all that engagement.

Listen to the full episode: https://techwontsave.us/episode/323_take_a_break_from_the_feed_w_amanda_mull

#tech #iranwar #socialmedia #ai #artificialintelligence #trust #media

Not sure why, but after migrating from IOC.exchange to a selfhosted #snac instance and then to #hollo, less than 250 of my originally 980 followers have moved over with me. A bit susprised since account migration has been a basic feature on #Mastodon for several years now. @hollo

#fediverse #mastoadmin

@ChristinaLekati Two details stand out to me:

• They "looked nothing like a North Korean." That's pretty remarkable if true, because for anyone who's worked with North Koreans it's very easy to spot them from a mile away.
• If they attended multiple major crypto conferences, I'd love to know where those where. Outside of China and South East Asia, visas for North Koreans are not easy to come by.

Fascinating breach, nonetheless.

TL;DR North Korean-linked threat actors pulled off a $285M heist against crypto exchange Drift using IN-PERSON social engineering. They deployed proxies to global conferences to befriend Drift contributors, spent 6 months building a relationship as customers, and even deposited $1M of their own funds to prove they were legitimate.

✨️✨️✨️

Here is what happened:

🔹 Starting in the fall of 2025, a group of individuals (later linked to North Korea) started attending international crypto conferences, with a goal in mind. These proxies were technically fluent, had fully constructed professional identities, with employment histories, and looked nothing like a North Korean.

🔹 This group, posing as employees of a quantitative trading firm, first 𝐚𝐩𝐩𝐫𝐨𝐚𝐜𝐡𝐞𝐝 𝐬𝐩𝐞𝐜𝐢𝐟𝐢𝐜 𝐃𝐫𝐢𝐟𝐭 𝐜𝐨𝐧𝐭𝐫𝐢𝐛𝐮𝐭𝐨𝐫𝐬 𝐚𝐭 𝐚 𝐦𝐚𝐣𝐨𝐫 𝐜𝐫𝐲𝐩𝐭𝐨 𝐜𝐨𝐧𝐟𝐞𝐫𝐞𝐧𝐜𝐞 𝐟𝐚𝐜𝐞-𝐭𝐨-𝐟𝐚𝐜𝐞. They wanted to discuss integrating with the platform.

🔹 After the initial discussions, they moved their conversations to Telegram, where they spent months discussing legitimate trading strategies.

🔹 "What a pleasant coincidence running into you again!"

Over the next 6 months, the attackers deliberately sought out these same contributors at multiple global conferences. They wanted to continue building trust and credibility.

🔹 Dec. 2025 - Jan. 2026: To checkmate the game, the group onboarded an Ecosystem Vault on Drift. They engaged with the Drift contributors in working sessions, asked relevant & informed questions and eventually, they 𝐝𝐞𝐩𝐨𝐬𝐢𝐭𝐞𝐝 𝐨𝐯𝐞𝐫 $1 𝐦𝐢𝐥𝐥𝐢𝐨𝐧 𝐨𝐟 𝐭𝐡𝐞𝐢𝐫 𝐨𝐰𝐧 𝐟𝐮𝐧𝐝𝐬 𝐢𝐧𝐭𝐨 𝐭𝐡𝐞 𝐩𝐫𝐨𝐭𝐨𝐜𝐨𝐥.

🔹 (excerpt from Drift's Incident Update): "Integration conversations continued through February & March 2026. (...) By this point, the relationship was nearly half a year old. 𝐓𝐡𝐞𝐬𝐞 𝐰𝐞𝐫𝐞 𝐧𝐨𝐭 𝐬𝐭𝐫𝐚𝐧𝐠𝐞𝐫𝐬; 𝐭𝐡𝐞𝐲 𝐰𝐞𝐫𝐞 𝐩𝐞𝐨𝐩𝐥𝐞 𝐃𝐫𝐢𝐟𝐭 𝐜𝐨𝐧𝐭𝐫𝐢𝐛𝐮𝐭𝐨𝐫𝐬 𝐡𝐚𝐝 𝐰𝐨𝐫𝐤𝐞𝐝 𝐰𝐢𝐭𝐡 𝐚𝐧𝐝 𝐦𝐞𝐭 𝐢𝐧 𝐩𝐞𝐫𝐬𝐨𝐧. (...) Links were shared for projects, tools, and apps they claimed to be building"

🔹 𝐀 𝐫𝐞𝐥𝐚𝐭𝐢𝐨𝐧𝐬𝐡𝐢𝐩 𝐡𝐚𝐝 𝐛𝐞𝐞𝐧 𝐞𝐬𝐭𝐚𝐛𝐥𝐢𝐬𝐡𝐞𝐝, 𝐜𝐨𝐧𝐭𝐫𝐢𝐛𝐮𝐭𝐨𝐫𝐬 𝐝𝐢𝐝𝐧'𝐭 𝐭𝐡𝐢𝐧𝐤 𝐭𝐰𝐢𝐜𝐞 𝐰𝐡𝐞𝐧 𝐜𝐨𝐥𝐥𝐚𝐛𝐨𝐫𝐚𝐭𝐢𝐧𝐠 𝐝𝐢𝐠𝐢𝐭𝐚𝐥𝐥𝐲. Drift presumes there may have been multiple technical attack vectors: One contributor may have been compromised after cloning a code repository shared by the group as part of efforts to deploy a frontend for their vault. A second contributor was persuaded into downloading a wallet product via Apple's TestFlight to beta test the app.

On April 1, 2026, as the $285 million was drained, the attackers scrubbed their Telegram chats and vanished.

(Full Incident Background Update from Drift is on X.)

Using wiki software, old photos, family stories, bank transactions, social media posts, and an LLM to sift through everything to build a personal encyclopedia. https://whoami.wiki/blog/personal-encyclopedias

The most effective way to steal from a nation isn’t to break its laws — it’s to rewrite them. That’s state capture.

Join our OCCRP Briefing on tackling state capture and the role of investigative journalism.
Free access for all OCCRP members: https://mailchi.mp/occrp/whos-really-in-charge-tackling-state-capture-in-the-age-of-democratic-backsliding