Parler is gone

Obligs

566×577 51.3 KB

If Trump hasn’t paid Twitter to use the service (valuable consideration), he can’t complain about having his service cut off - especially since he’s flagrantly violated Twitter’s TOS for years.

It’s hard to claim the high ground when they’ve just voluntarily jumped into an abyss.

They were using AWS, so they almost certainly used DNS for their endpoints. They just need to recreate those with proper backing infrastructure. Unless they pinned an SSL cert that they generated with AWS’ tools (then they don’t have the private key and they’re fucked on the app side).

This is a non trivial chunk of work. They first have to find someone to host them and then they have to rebuild. If they are down for only a week or two, I will be impressed.

(Sorry, sqlrob, meant to reply to Tom, not sure how I fat fingered it.)

Desktop (and not being a bloodthirsty bigoted fascist) FTW!

Powerful friends.

That takes time. Professional sanctions often take a long time. We’re just getting to the point of people really going after Giulliani’s license and Wood was a little later to the completely off the rails party.

They weren’t silenced and they are roughly the last group to face this. Beyond that, we’re not as much talking about a political stance as actual direct incitement to violence.

Reminder:

Please take the inevitable “but, free speech!” discussions/derails here:

Evidently the technical explanation in @jaded’s first post isn’t accurate, at least as far as how the general archival of the site went. It seems that Parler just sequentially numbered all of their media, so it was possible to just scrape the entire site’s media CDN by counting up from 1. On top of that, their app’s API was reverse-engineered before it was removed from the Google and Apple app stores, and I suspect it had the ability to just query for posts by date range, so the whole thing ended up being devastatingly easy to index.

It depends though. If it was using an URL for a DNS entry they own, they can seamlessly bring up the service on another host and get the DNS entries updated and it will start to work again. If they were using an AWS provided URL that Amazon owns like blah.amazonaws.com then they’re screwed with out updating the app.

Then there’s a bunch of stuff related to certificates and such that could screw them over as well.

So long and short, it’s definitely possible, but depends on how they set their system up and how forward thinking the development team was. Good software teams don’t code to be host dependant!

Agreed , but honestly in this day and age it’s not trivial to convert from one cloud provider to another, despite the promises that companies like Hashicorp make with regards to Terraform. In order to properly leverage a cloud provider, there is definitely a level of specific programming that has to be done that is unique only to that cloud provider and is not transferrable to other providers.

source, am software engineer and have migrated plenty of stacks from one cloud provider to another

So much this.

I’ve often thought that the main difference between liberals and conservatives is whether you trust government more than corporations, or vice-versa. Of course, we really trust neither, but government has accountability built into it all over the place at every level. Corporations are just used car salesmen at every level, getting away with as much as they can until they get caught.

Some additional levity for your Monday afternoon:

I don’t think a private domain registrar (or semi-private organization like ICANN ) could simply take away someone’s domain name.

But a private registrar can refuse service:

And the government does have the power to seize a domain name with a court order:

Yeah, I definitely understand that. I am also a software engineer, though embedded systems, and I’m sure it’s pretty similar to saying good software teams don’t code to be processor/platform dependant. There is the goal and there is reality. There is no such thing as a zero-time port.

But I still stand by my original statement, as long as the team planned correctly, it’s not impossible to get the platform back up and running. If they did some dumb things and used Amazon URLs or Amazon owned Certificates for software signing, remote attestation, or encryption, then they’re screwed unless they can push new versions of their app out to devices.

Though one piece of the puzzle I’m not completely sure of, when Apple de-platformed them, do the apps disappear from phones they’re already installed on? Or does it just prevent them from having new installs and updates to the app?

One could argue that Parler has in general not attracted the very best people anywhere in their stack: not coders, admins, or users.

I’ve done some lift-and-shifts in my day. It’s challenging even without the entire civilized world gunning for you because whoops Nazis.

Unfortunately its not like one compiler will work with may target microprocessors. Amazon web services is absolutely shameless about building features into their services which are designed to lock customers into their way of doing things. Their own education system teaches engineers to use those services, which are only provided by AWS. If you want to be in business you need to hire those engineers and their ability to migrate to another service is extremely limited.

Lockin in hardware is limited by the limitations of hardware itself. Amazon does not have those limitations. Its a scandal and I have so far avoided doing any significant AWS training.

If only some security professional warned about using services that don’t strip out Exif by giving a large presentation with tools that help in the scanning of Exif data. If only. https://www.veggiespam.com/exif-2015-02/

TLDR: I found the homes of yoga teachers because their distance-yoga school site did not scrub EXIF. I stopped a corporate merger because of this. Woot.

So I’m still a bit puzzled about one aspect of the hack, which is that what, 70 terabytes plus of data was downloaded over a few days? Isn’t that the kind of thing that database administrators might notice? Like all of a sudden the download activity massively increases, and all via freshly-minted admin accounts, whose numbers expanded dramatically as the crowd-sourcing proceeded? Maybe Parler hired some complete neophytes? Or the whole database team went to the riot and came back too hungover to check the logs? And even so you would think it would have raised some red flags on the AWS side. Or did they withdraw all support after they gave Parler notice that their contract was being terminated?

They might not have noticed because of The huge up spike in activity after Trump got dumped from Twitter. They might have been thrilled at how much use they were getting rather than realizing that they were getting methodically scraped.