Bahahahaha very clever @lyse@lyse.isobeef.org I look forward to reading your report ! 🤣 However…
$ yarnc debug https://twtxt.net/user/prologic/twtxt.txt | grep -E '^pqst4ea' | tee | wc -l
0
I very quickly proved that Twt was never from me 🤣
@prologic@twtxt.net right, because it was deleted, and purged from cache, of course! Good try, mister, you are in trouble. Call the Yarn Police! 😂
@bender@twtxt.net Bahahahahaha 🤣
@prologic@twtxt.net Care to explain how that proves anything when someone else already got the spoofed twt with no way to tell it was? can’t an old twt just be deleted and give a similar result when grep-ed for?
Le me is worried! 😅
@aelaraji@aelaraji.com No that is absolutely correct. Without cryptographic identities and signatures there is no way to verify authenticity. That is correct. And I don’t think we need to necessarily. What I was just showing and proving was that I didn’t write that spoofed Twt in the first place, which was only provable at the time of @lyse@lyse.isobeef.org short-lived attack 🤣 He essentially forked yarnd, hosted it temporarily (I think locally) and used it to poison the caches of a few production pods.
Thankfully the gossip protocol used by yarnd as part of its “peering” between pods isn’t fully trusted, twts are not archived for example into permanent storage. So the moment my pod re-fetched my own feed, the spoofed Twt was obliterated 😅
Eventual consistency 🤣