@jerry - before it is misunderstood: I am aiming for global blocking of spam accounts and AI generated content. It should not address obvious human accounts.

Hey, @jerry , by any chance, does a #Mastodon administrator have access to a ranked list of #blocked #accounts by its users?

A cool idea would be to have a #cleanuptuesday or the likes where the most blocked accounts/instances are tooted about and democratically decided to be globally blocked a day later? "Most blocked" as in most blocked by #infosecexchange users, of course.

#fedicleanup #spam #antispam #cleanfediverse

@fox - Just something to briefly read through on the concept of Alpine, the init system, etc. I use the wiki a lot, but I'd love to have an offline copy of stuff I can read through whenever I have a few minutes :)

Sure thing, all of that would be documented in the Wiki, but it's nice to have a string of thoughts that the author already organized for the reader.

Is there any great book on #AlpineLinux ? I love the concept, and love the considerations of the operating system. Yet, I usually opt for #Debian since I am much more familiar with it. It would be great to change that in the mid-term.

#Alpine #Linux #Sysadmin #askfedi #askmasto #askinfosec #unix

@masek - Great read. On the points left out, I would love a piece on the cyber warfare you listed there. Any intention of working on it and sharing more details?

@jmeyer - yes, I tested yesterday too, and made the same observation. Even better: the IPv6 resolver had the same latency for the protected and unfiltered services. Great work from the folks at Whalebone and #DNS4EU

@drajt @jpmens @quux - you can submit it. Its a community project AFAIK

@GuillaumeRossolini - the project just went live. These folks put much effort into the anonymzation without losing the threat intelligence aspect at it. This had priority.

Still, critic is surely adequate, but ask again where the priorities are, and whether or not you could live with the de facto state. After all, its still a step in the direction the EU aims for

@GuillaumeRossolini - well, it depends on how you look at it. Yes, Cloudflare provides the WAF, but do we already have a European alternative to use?

Yes, it looks like CDN77 is the upstream, and since its a CDN, it perhaps acts as a DNS caching system or load balancer. We don't know, since the documentation is sparse. But then again, I am not aware of a Europeam CDN alternative.

Yet, as far as I understand it, the DNS4EU instances will be deployed within ISP networks, wont they? That means, over time the AS will be propagated by more and more SPs, meaning that it will become a truly European project.

I agree, there could be more thought on whether or not you want to use Google mail servers, or use European ones. Still, the service of Google is unmatched, and since a European DNS is the goal, it might be of secondary priority that mail traffic is it not (yet) for #DNS4EU

@quux - thats what I thought as well, yet your proposition still holds. Great writeup, no matter what:)

A great write-up by @quux on the new #DNS4EU resolver: How much EU is in DNS4EU?.

The final statement is tough: "And then there is the issue of being single homed."

But wait a second, AS60068 sounds familiar. It's Datacamp Limited, which operates #CDN77. Yes, the announced prefix appears to be single-homed, but it peers to a CDN.

Nevertheless, my understanding is that an instance of DNS4EU will be hosted in various service provider networks, right? Given that, I would assume that the project by now is just in an early stage?

Curious about a short public discourse :)

@joost @a - I appreciate the public discourse on this project. After all, for geeks like the #infosec community #DNS4EU is a big deal.

Considering the horizontal scaling, I would argue that many #Internet facing services are easily horizontally scalable. For many application layers, there exist load balancers out there. If those are not enough, #anycast is the answer. More often than not, for real Internet-scale projects, it's a mix of both.

In the case of #DNS, what I have often heard, is that #dnsdist is used as a frontend, with one or more nameserver implementations running on the backend. This, in combination with an anycasted prefix usually suffices to host services around the globe to massive scales.

@joost @a - this is actually an interesting case you mention. I was taught at university that one cornerstone of Internet service resiliency is to not rely on a single software stack, and instead diversify. There are multiple battle tested resolver implementations. Why rely on a single one?

@patrick - dein punkt mit dem staatlich veranlassten blocking ist vor allem dann interessant, weil sanktionierte Russische News Outlets nichtmals geblockt werden (soweit). Habe dazu schon kurz was gepostet :)

@voland - why not?

@bjoern @quad9dns - done right, AI and ML can be a huge game changer in protecting users of a service. My two cents:)

@GuillaumeRossolini - afaik its not meant to be free of companies. Quite the opposite actually. But it was introduced and funded by the EU. Whalebone as a company was the accepted company to develop it. Competing companies were the French NextDNS, which shortly after not bein the selected company, launched DNS0 to already have some foothold in the market.

However, DNS4EU was supposed to be centrally managed, but hosted in plentyful European datacenters, transit and eyeball networks. Having the political support of hosting an instance of a public resolver in all those networks this is a huge thing when it comes to telemetry.

What this project distinguishes itself from other is the European reach backed.by political motivation to run instances everywhere in Europe. That was convincing politics, I guess. While having a central collection of telemetry is the incentive for Whalebone to host such a project. Furthermore, they probably receive quite some funds from the European Union

Ever dreamed of running an LLM on a Raspberry Pi, like the good old days of hacking? Check out our blog on how these tiny computers stack up in LLM performance. #cybersecurity #LLMs #AI
https://www.stratosphereips.org/blog/2025/6/5/how-well-do-llms-perform-on-a-raspberry-pi-5

@teilweise - Since you have the means to do so, go ahead. For anyone incapable of doing that, and who is still concerned about their privacy, they can opt for a European alternative to the big players like #Google, #Cloudflare, ...

@riaschissl - I tried the most restrictive service, which also blocks sensitive material and ads. Even there, the sanctioned media outlets are properly resolved. Even though, you can interpret propaganda as "advertisement" in a broader sense. /s