Hey mastodon, i've got an question:
My smtp serveur got a certificate for TLS on port 587. Another guy try to send me email but receive the response:
Diagnostic-Code: SMTP; 403 4.7.0 TLS handshake failed.

Then i checked their certificate:
openssl s_client -starttls smtp -connect their_smtp_server:587

and it appear to have no certificate...
Frankly i'm not very pleased to accept insecure connection on my server.
Any idea ? Or do i didn't understood the trouble ?

"Princeton Web Census Data Release
We are releasing the entire Princeton Web Census data containing privacy measurements of 1 million sites conducted each month from December 2015 to June 2018. "

What could go wrong ???
"A Chinese research group claims to have used CRISPR to genetically edit human embryos leading to the birth of healthy twin girls"
"Most importantly, the research has yet to be independently verified and has not yet been published in a journal, which makes He's video seem more like an exercise in marketing the breakthrough than having it scrutinized. [...] the announcement should be taken with a helping of skepticism."

Psilocybin Could Soon Be a Legal Treatment for Depression.

Johns Hopkins Professor, Roland Griffiths, Explains How Psilocybin Can Relieve Suffering openculture.com/?p=1058283 t.co/vPXZWoOLJR

Mozilla a mis en route un site web pour construire une voix de synthèse en alternative à celles des GAFAM.

Il y a une base de donnée libre (licence CC-0) en cours de construction : voice.mozilla.org/

Les contributions peuvent être rapides !


An Ingenious Data Hack Is More Dangerous Than Anyone Feared:
Previously, Rowhammer was understood to impact typical random access memory used in many off-the-shelf computers. Rowhammer has also been shown to threaten the memory in Android phones. But on Wednesday, researchers in the VUSec research group [...] published details of a next-generation Rowhammer ambush that can target what's known as "error-correcting code" memory.

Oops: "Security researchers have found a vulnerability in the backbone of the electronic ID (eID) cards system used by the German state. The vulnerability, when exploited, allows an attacker to trick an online website and spoof the identity of another German citizen when using the eID authentication option."

Oups, it seems that some @ProtonMail claims about end-to-end encryption and Zero-Knowledge Password Proof authentication are not actually fully functional...
Result from an independent analysis: eprint.iacr.org/2018/1121.pdf

Show more
Mastodon @ SDF

"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko