Emelia πΈπ»
Emelia πΈπ»@dansup@mastodon.social @deadsuperhero@social.wedistribute.org so you shipped followers collection synchronisation? And you published the CVE? Because to my knowledge you haven't done either.
Emelia πΈπ»@dansup@mastodon.social @deadsuperhero@social.wedistribute.org unless I'm missing something? https://github.com/search?q=repo%3Apixelfed%2Fpixelfed%20Collection-Synchronization&type=code
Emelia πΈπ»So @pixelfed@pixelfed.social still hasn't fully acknowledged nor fixed the security vulnerability from earlier this year, despite multiple people asking for updates over the past ~6 months.
Consider this friendly public encouragement to finish the fix and publish the security advisory
Emelia πΈπ»This is a program that I've been championing within @nivenly@hachyderm.io over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
You might remember my Pixelfed vulnerability from last year, where OAuth scopes weren't checked allowing for privilege escalation via the API (CVE-2024-25108), that was our very first test-case of this program.
I'm incredibly proud to be involved in launching the Fediverse Security Fund from Nivenly Foundation (a 501(c)4 not-for-profit cooperative)
#fediverse #security #nivenly #FediverseSecurityFund
RE: https://hachyderm.io/@nivenly/114268491892140498
Emelia πΈπ»If you see me poking the hachyderm
That's because I've just made an infrastructure change to @hachyderm@hachyderm.io and I'm just triple-checking that everything still appears to be working fine.
Emelia πΈπ»Reminder that most of my work on the fediverse is funded by the community, so if you like the work I'm doing, please do consider supporting me:
https://support.thisismissem.social/
Emelia πΈπ»Okay, okay, at @nova@hachyderm.io's prompting, an #introduction post:
Hi ππ»
I'm Emelia, from #berlin, #germany, I'm trans, queer, and kinky.
I'm a #tech princess πΈπ» currently working on Fediverse Trust & Safety tooling and contributing to various Fediverse projects. I'm on the infrastructure team for @hachyderm@hachyderm.io
I was tech lead at @iftas@mastodon.iftas.org (Nov 2023 β Sep 2024), I'm currently independent, funded by you and grants.
In 2020, I became the #founder of Unobvious Technology, aiming to improve the safety, #security and profitability of #sexworkers and advance the #adultindustry
p.s., the tech princess thing is a joke because I think it's fun to wear ballgowns to tech conferences.
Emelia πΈπ»Please, watch this:
https://youtu.be/vc-n852sv3E
#sexwork #equality #sexworkiswork