The "Next RedHat"
Quantum Vegetarian Bacon Sammich Edition
Social Media Bridges
Post 6 of 8


Sneakysneaks 🥷 🔠🔠🔠🔠🔠🔠🔠🔠 🥷

Just like how Ledger Nano claimed they have NO BACKDOOR for hackers, they (like Mastodon) decided to open their FRONTDOOR to the white hats instead 😁😁😁


In 2023, the Mozilla Foundation contracted Cure53 to perform penetration testing on Mastodon's software, in preparation to bridge Mastodon with Mozilla's community. The testing "discovered" "several vulnerabilities", most notably one called "TootRoot" which would have enabled arbitrary code execution and another that would have enabled cross-site scripting attacks through oEmbed cards

Arbitrary Code Execution (ACE): an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process. ACE vulnerability is a security flaw in software or hardware that would allow arbitrary code execution to hijack any or all Mastodon nodes/servers

Cross-Site Scripting (XSS): security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users and may be used by attackers to bypass access controls

oEmbed: an open source form that enables embedding content from a website into another page. For example, Twitter uses it to embed tweets into blog posts. Squarespace, WordPress, Drupal, and LinkedIn all happen to embed content using oEmbed


✋✋✋✋✋✋✋✋✋
While these vulnerabilities were supposedly "patched" in July 2023, we know that this patch was actually a test to prepare Mastodon's servers to eventually allow "white hat hackers" to hijack all of their nodes/servers in order to push specific content to individual users in 2024 Social Media Bridges as well as block nefarious servers and users 😈😈😈
✋✋✋✋✋✋✋✋✋


https://arstechnica.com/security/2023/07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/


For example, in September 2023, the following bugs were discovered:

- Attackers can spoof domains they do not own

- By crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon, which can be used to perform confused deputy attacks if the server configuration includes ALLOWED_PRIVATE_ADDRESSES to allow access to local exploitable services

- Under certain conditions, attackers can abuse the translation feature to bypass the server-side HTML sanitization, allowing unescaped HTML to execute in the browser. The impact is limited thanks to Mastodon's strict Content Security Policy, blocking inline scripts, etc. However a CSP bypass or loophole could be exploited to execute malicious XSS

https://github.com/mastodon/mastodon/security/advisories/GHSA-2693-xr3m-jhqr


☕️☕️☕️☕️☕️☕️☕️☕️☕️☕️
So WHOSE private addresses are being allowed? 😬 and WHAT specific inputs are being crafted? 😬😬 and WHAT certain conditions are being met to execute "malicious XSS" that they just patched 2 months earlier? 😬😬😬
☕️☕️☕️☕️☕️☕️☕️☕️☕️☕️


📱 QSI Channel
📱 Stellar & QFS Training App

The "Next RedHat"
Quantum Vegetarian Bacon Sammich Edition
Social Media Bridges
Post 7 of 8


Why can 🐘🔠🔠🔠🔠🔠🔠🔠🔠🐘 survive the winter?

Because they can browse in places 🌲🌳🌴 where other animals get frozen out ❄️ In other words, just like on the Stellar blockchain, White Hat Mastodon hackers can exploit loopholes intentionally created for them to freeze out and deplatform unwanted Khazarian accounts and servers, just as Ben, WHH, and I have explained will begin around Q1-2 of 2024 for 🔤🔤🔤🔤🔤🔤 🔤🔤🔤🔤🔤 🔠🔠🔠🔠🔠🔠🔠 🍑🍑🍑


Reread posts on Social Media Bridges:
https://t.me/QuantumStellarInitiative/20572
March 2023 Twitter API changed:
https://t.me/QuantumStellarInitiative/21071
More SMB proofs:
https://t.me/QuantumStellarInitiative/21728
https://t.me/QuantumStellarInitiative/21831
https://t.me/QuantumStellarInitiative/22099
https://t.me/QuantumStellarInitiative/23338
https://t.me/QuantumStellarInitiative/24758
https://t.me/QuantumStellarInitiative/25211
https://t.me/QuantumStellarInitiative/25459
https://t.me/QuantumStellarInitiative/25483


On top of blacklisting accounts and servers, upgrading scripts to block bots and copycat/scammer accounts, it looks like in October 2023, Mastodon was tinkering with turning auto feed posting on/off

Also remember in Post 2 that changing servers means only your followers move with your account, but your content is not transferred, which means all subscribers to shitchanels will automatically and only see whatever content the white hats approve and block out the old shitposts 💩💩

In Post 4 the article states:

official WordPress plug-in for ActivityPub,

which will enable the protocol for something like half the internet all at once

...which means between BRICSTMedia + Mastodon, white hats will control 💯 of the global media AND be able to push the same content across ALL channels if they choose!!! so IFIFIF there is some global EBS-type scenario still in the works, this is how they would do it!! Not through Starlink 🤣🤣🤯🤯🤯


September 2023: We expect ActivityPub will play a significant role in the social media space, but we're mentioning it here because we're intrigued by the possibilities beyond the obvious use cases in social media. An example is ActivityPub support for merge requests, recently proposed for GitLab: ActivityPub is built on HTTP, JSON, and is a W3C standard that already has multiple implementations (W3C = World Wide Web Consortium (W3C) develops standards and guidelines to help everyone build a web based on the principles of accessibility, internationalization, privacy and security)

Being piloted by the w3c is a guarantee of stability and quality work. They have profusely demonstrated in the past through their work on HTML, CSS or other web standards that we can build on top of their work

without the fear of it becoming deprecated or irrelevant after a few years

So as of November 2023, the ActivityPub integration & interoperability includes:
- Mastodon
- Telegram
- Discord
- Drupal
- Flipboard
- Gab
- Instagram
- LinkedIn
- Medium
- Mozilla
- Squarespace
- Threads (by Meta/Instagram)
- Trump's Truth Social
- Tumblr
- WordPress
- YouTube

Coming soon:
- Bluesky
- Forgejo/Gitea (software dev hosting, bug tracking, code review, continuous integration)
- GitLab (DevOps)
- X.com


☃️☃️☃️☃️☃️☃️☃️☃️☃️
And best of all, as of September 2023, Mastodon/ActivityPub is now interoperable with OG Quantum Bacon Sammich RedHat itself via its brand new JSON tool via "snaps" update 🎉🎉🆒🔥

Which is super exciting because as of November 20, 2023, RedHat just released a new .NET 8 update for RHEL and OpenShift with a sneaky something called 🔍 FrozenDictionary ❄️ and 🔍 FrozenSet ❄️
☃️☃️☃️☃️☃️☃️☃️☃️☃️


Link to QSI's original "6 Degrees of Kevin Bacon's Quantum Sammich" aka Red Hat Intel: https://t.me/RedHatDecode/3


🆒😮 I know I'm excited, but the real question is: is Nick excited yet??? 🤣🤣🤣


📱 QSI Channel
📱 Stellar & QFS Training App

Proofs for The "Next RedHat"
Quantum Vegetarian Bacon Sammich Edition
Social Media Bridges
Post 7 of 8


Install json-tool on Red Hat Enterprise Linux
10 September 2023 - latest/stable
17 November 2023 - latest/edge
https://snapcraft.io/install/json-tool/rhel


.NET 8 now available for RHEL and OpenShift
.NET 8 comes with many API additions that improve performance, like the new FrozenDictionary and FrozenSet types optimized for “write once, read many'' scenarios, and the new IUtf8SpanFormattable interface that enables directly writing out a UTF-8 string representation for an object. .NET 8 also brings many enhancements to its JSON support.
November 20, 2023
https://developers.redhat.com/articles/2023/11/20/net-8-now-available-rhel-and-openshift#

https://t.me/QuantumStellarInitiative/32334

📱 QSI Channel
📱 Stellar & QFS Training App

QSI - Biglier Bomb Stellar End Game part1of3 (March 8, 2024)

Replay link:
https://rumble.com/v4i31hf-qsi-biglier-bomb-stellar-end-game-part1of4-march-8-2024.html
https://youtu.be/cOMxvf7xJu8

Link to slides: https://t.me/QuantumStellarInitiative/36503

Link to Part 2: https://t.me/QuantumStellarInitiative/36504
Link to Part 3: https://t.me/QuantumStellarInitiative/36520


📱 QSI Channel
📱 Stellar & QFS Training App

QSI - Biglier Bomb Stellar End Game part2of3 (March 8, 2024)

Replay link:
https://rumble.com/v4i33n6-qsi-biglier-bomb-stellar-end-game-part2of3-march-8-2024.html
https://youtu.be/QC5xnVbvQGg

Link to slides: https://t.me/QuantumStellarInitiative/36503

Link to Part 1: https://t.me/QuantumStellarInitiative/36502
Link to Part 3: https://t.me/QuantumStellarInitiative/36520


📱 QSI Channel
📱 Stellar & QFS Training App

QSI - Biglier Bomb Stellar End Game part3of3 (March 8, 2024)

Replay link:
https://rumble.com/v4i3bpi-qsi-biglier-bomb-stellar-end-game-part3of3-march-8-2024.html
https://youtu.be/3aPvocKPjhc

Link to slides: https://t.me/QuantumStellarInitiative/36503

Link to Part 1: https://t.me/QuantumStellarInitiative/36502
Link to Part 2: https://t.me/QuantumStellarInitiative/36504


📱 QSI Channel
📱 Stellar & QFS Training App

Slides for QSI - Biglier Bomb Stellar End Game (March 8, 2024)

Link to replays (will be updated, I need to upload first)
Part 1: https://t.me/QuantumStellarInitiative/36502
Part 2: https://t.me/QuantumStellarInitiative/36504
Part 3: https://t.me/QuantumStellarInitiative/36520


📱 QSI Channel
📱 Stellar & QFS Training App