I've always believed that displaying the software version allowed malicious users to determine which vulnerabilities affect your software.
For example, NodeBB sends x-powered-by header, but only ever sets the value to NodeBB, this has been the case for many years.
The other line of thinking is that relying on security by obscurity is fallacious, but since it's only one facet of a broader security posture (the rest of it being keeping up with updates, writing as secure code as you can, reporting/bounty systems, audits, etc.), I honestly don't see a problem with transmitting as little information as I can.
The downside of hiding that information is that sites that gather statistics on fediverse software use wouldn't be able to discern software versions for NodeBB in their charts, but I don't think that's necessarily a problem.
It was nearly two years ago that I wrote this article1 about the EU #ChatControl surveillance directive on behalf of the @cryptpad team.
Very little has changed since then. Experts in technology, law, and policy all agree that the proposal undermines basic European rights, that it will be abused by authoritarian member states, and that the proposed tech solutions cannot possibly do the job the supporting legislators have claimed.
Nevertheless, they have persisted, claiming the support of "expert testimony" that overwhelmingly consists of unsupported claims by lobbyists associated with law enforcement and defense contractors who stand to benefit financially from its implementation.
A vote is expected to take place on June 19th. These have been scheduled and delayed multiple times already, but this it feels like they might get away with it. There is a lot going on in the EU at the moment, and people are both distracted and tired from fighting this for so long.
I'll try to make resistance easier by collecting some suggested actions below, with links.
Basically, they want to scan everyone's chat messages for illegal stuff, which is completely disproportionate and a #privacy nightmare.
Chat Control violates fundamental rights (according to the European Data Protection Board), and the German Child Protection Association says it's not suitable to combat child abuse.
Please tell your government to vote against it! I already have.
I've tried to take on the question of what it would take to make the internet public interest technology. This took me on a trip through transnational infrastructure, standards, governance, industrial policy, and a whole cast of creative thinkers and next-generation projects.
Maybe one day #EC will take a similar step to these German organisations at https://byebyeelon.de and no longer support the hate platform #Xitter with their presence. Say #ByeByeElon ..
The fact that we can’t remove essential complexity with a software redesign doesn’t mean that there’s nothing we can do about it. What if the problem definition wasn’t outside of our purview? What if we could get the world to conform to the software, and not just the other way around?
@JamesGleick@cstross
Don’t worry! There’s probably an AI tool that’ll neatly revise it down to the precise target length. Even in iambic pentameter! 😬🤪😁🙄