Post AF1fUuAl4E2RwW1ZKa by hejowhat@fosstodon.org
(DIR) More posts by hejowhat@fosstodon.org
(DIR) Post #AF0UUtOkeWtit5OvnE by aral@mastodon.ar.al
2022-01-01T20:03:50Z
0 likes, 8 repeats
web0 manifesto“…web0 is web3 without all the corporate right-libertarian Silicon Valley bullshit.”https://web0.small-web.orgSign your name and join me in starting the year as you mean to go on: without tolerating any bullshit.Happy New Year! :)#web0 #SmallWeb #SmallTech
(DIR) Post #AF0UXtQyyXCTrrsL5s by realcaseyrollins@social.teci.world
2022-01-01T20:06:33.821953Z
0 likes, 0 repeats
@aral So, is the #Fediverse #Web0 then?
(DIR) Post #AF0UgJOYKzQ6hUklmK by meeper@udongein.xyz
2022-01-01T20:07:51.971373Z
0 likes, 0 repeats
@realcaseyrollins @aral more or less
(DIR) Post #AF0Wa6cv63E9GsdraC by inference@pleroma.inferencium.net
2022-01-01T20:29:19.821863Z
1 likes, 0 repeats
@aral Web 3.0.1 (bug fix).
(DIR) Post #AF0XB3JeMw5LiYFK7M by aral@mastodon.ar.al
2022-01-01T20:23:34Z
0 likes, 0 repeats
@realcaseyrollins Yep.
(DIR) Post #AF0c0wemlvcvwK8Euu by aral@mastodon.ar.al
2022-01-01T20:30:58Z
1 likes, 0 repeats
@inference Haha :)
(DIR) Post #AF0vM9TYCnheuHhcPY by ailurocrat@scicomm.xyz
2022-01-01T20:21:44Z
0 likes, 0 repeats
@aral what do i put if i don't have a website yet?
(DIR) Post #AF0vM9wcSixIMRIpii by ailurocrat@scicomm.xyz
2022-01-01T20:22:57Z
0 likes, 0 repeats
@aral (LOVE this, btw...)
(DIR) Post #AF0vMAPKjxvLnUjlTc by aral@mastodon.ar.al
2022-01-01T20:28:18Z
0 likes, 0 repeats
@ailurocrat Thank you! 💕
(DIR) Post #AF1LHbdOgKznbGnjJQ by Natris1979@social.linux.pizza
2022-01-02T05:32:17Z
0 likes, 0 repeats
@realcaseyrollins Let me drop some "math":web3 = decentralisation + blockchain + NFTs + metaversefediverse ∉blockchainfediverse is ∉ NFTsfediverse ≠ metaversefediverse ⊂ decentralisation ∴ fediverse ⊂ web0 ∎More readable version:web3 = decentralisation + blockchain + NFTs + metaversefediverse is not part of the blockchainfediverse is is not part of NFTsfediverse is not the metaversefediverse is a form decentralisation therefore fediverse is web0. QED.
(DIR) Post #AF1LHc1VEiHIo24ysy by realcaseyrollins@social.teci.world
2022-01-02T05:57:27.598205Z
0 likes, 0 repeats
@Natris1979 Math? Logic! But logic is math...
(DIR) Post #AF1fR2G73niZrcgSMC by aral@mastodon.ar.al
2022-01-02T09:36:26Z
0 likes, 2 repeats
G’morning folks, how lovely to wake up and see the new signatures on the web0 manifesto(https://web0.small-web.org)By the way, if you are having trouble signing because your email server implements an archaic anti-spam technique called greylisting. I’m going to look into adding basic support for it but please also contact your email provider and remind them it’s 2022. Spammers have long worked around greylisting. Today, it just makes things harder for legitimate small web use cases.
(DIR) Post #AF1fR2JIrwGo1WB0KW by muppeth@fe.disroot.org
2022-01-02T08:53:53.035178Z
0 likes, 0 repeats
@aral Should fix the form against greylisting.
(DIR) Post #AF1fR2z8MPjM7FkPWy by aral@mastodon.ar.al
2022-01-02T09:18:03Z
0 likes, 0 repeats
@muppeth Going to look into it today. Greylisting is such an ineffective policy, it’s amazing that folks still use it. But yes, from initial reports it appears a few places still do :)
(DIR) Post #AF1fR3SCcKyzZPLcq8 by muppeth@fe.disroot.org
2022-01-02T09:24:57.904025Z
0 likes, 0 repeats
@aral Actually it blocks ton of potential spam. Sure it has flaws (specially when sending one time passwords/tokens etc from not frequently used domains) but the amount of shit that gets blocked is I think worth it, or at least it was. I should do some stats on that to see if it’s still the case, but last time I checked it was pretty obvious lot of annoying spam was out the window before hitting the server.
(DIR) Post #AF1fR3s547gOrfSIAy by aral@mastodon.ar.al
2022-01-02T09:29:50Z
0 likes, 1 repeats
@muppeth I think the key word here is *was*. Spammers caught on quickly that all they needed to do was retry after a while. It wasn’t much in terms of “proof of work”. Today, from the research I’ve done, it’s as effective to use other anti-spam techniques. And since folks like gmail send email from lots of separate IPs it means transactional emails can be delayed for hours. So, in a nutshell: doesn’t really affect modern spammers, makes life harder for everyone else :)
(DIR) Post #AF1fR4IfTGwyC7tWcK by muppeth@fe.disroot.org
2022-01-02T09:36:37.819902Z
0 likes, 0 repeats
@aral indeed worth checking again after years of just adding it by default to every mail server.
(DIR) Post #AF1fR4lNkVv1dBKSNE by aral@mastodon.ar.al
2022-01-02T09:37:39Z
0 likes, 1 repeats
@muppeth Neat, thank you :) Fix the defaults, fix the web ;P
(DIR) Post #AF1fR5a4i2T6AP2wO8 by aral@mastodon.ar.al
2022-01-02T09:30:35Z
0 likes, 1 repeats
@muppeth * as effective today as greylisting was in circa 2007 or so, that is.
(DIR) Post #AF1fTW579SQMw6iqau by michael@social.balsillie.net
2022-01-01T22:33:15Z
0 likes, 0 repeats
@aral I don't understand the need to include blockchain when federated systems like #Mastodon and #Matrix already seem to work well? What am I missing?
(DIR) Post #AF1fTWev0L42j9TROy by aral@mastodon.ar.al
2022-01-01T22:43:28Z
0 likes, 0 repeats
@michael There isn’t a need; that’s why it’s not included :)
(DIR) Post #AF1fTXCF0RieOV43LE by michael@social.balsillie.net
2022-01-01T22:58:42Z
0 likes, 0 repeats
@aral Ah, apparently what I'm missing is functioning eye sight 😅
(DIR) Post #AF1fTXb3WBZJdSfs1I by aral@mastodon.ar.al
2022-01-02T09:23:32Z
0 likes, 1 repeats
@michael Haha, no worries :)
(DIR) Post #AF1fUuAl4E2RwW1ZKa by hejowhat@fosstodon.org
2022-01-02T01:11:32Z
0 likes, 0 repeats
@aral sorry for my ignorance: what is the goal here?And happy new year.
(DIR) Post #AF1fUuclO6RLLN7vyy by aral@mastodon.ar.al
2022-01-02T09:19:49Z
0 likes, 1 repeats
@hejowhat To have a no-bullshit word we can use to counter the bullshit term web3.Happy New Year! :)
(DIR) Post #AF1oV6krBaNkYN54OO by bonifartius@qoto.org
2022-01-02T11:24:50Z
0 likes, 0 repeats
@aral 95% of the spam my rspamd filters is prevented by greylisting. greylisting is perfectly fine if one implements SMTP correctly, which means that there will be multiple attempts to deliver mail.what really makes shit hard is stuff like dkim, spf, dmarc, because everyone has a different idea what is required and they make configuration of a mail server even harder.sorry for the rant.
(DIR) Post #AF256tWERYSBm2HQHY by cnx@nixnet.social
2022-01-02T10:32:44.371519Z
1 likes, 0 repeats
GoogleIndeed @aral it iswithout all the corporate right-libertarian Silicon Valley bullshit.
(DIR) Post #AF2AmPwhHlEjzIHIIa by aral@mastodon.ar.al
2022-01-02T09:49:36Z
0 likes, 0 repeats
Also, some folks have mentioned on the fediverse that they don’t have a web site to link to… please feel free to use the link to your fediverse account (Mastodon, etc.)But please don’t link to people farmers like Twitter, Facebook, etc., or to sites with trackers from them.I’m going to look through the links today and contact you to see what we can do if any look problematic.https://web0.small-web.org#web0
(DIR) Post #AF2AmQSFOSTRZ92UTY by xarvos@nixnet.social
2022-01-02T15:34:28.076418Z
0 likes, 0 repeats
@aral For signing on behalf of projects it's ok to link to the repository or something similar right?
(DIR) Post #AF2AmRhsjoZfRvMUU4 by aral@mastodon.ar.al
2022-01-02T09:56:26Z
0 likes, 0 repeats
Finally, a couple of you have reported not being able to add your site if it doesn’t load over a secure connection (TLS).That’s by design :)It’s 2022 and we should all be doing our best to encourage good practices. HTTP is not secure. It means people who visit your site could be hit with man-in-the-middle attacks.Thankfully, we have a free/automated way to implement TLS now with Let’s Encrypt.And servers like Site.js (https://sitejs.org) do it automatically for you.#web0
(DIR) Post #AF2XLRaVN0sKCv0MEq by aral@mastodon.ar.al
2022-01-02T18:36:25Z
1 likes, 1 repeats
I’ve now implemented a retry feature on the web0 manifesto if your email provider implements an archaic and ineffective anti-spam technique called greylisting (which very effectively messes with legitimate transactional emails, however) 🤷♂️ #web0
(DIR) Post #AF2XLUJFFdqqeFx7Fg by aral@mastodon.ar.al
2022-01-02T18:44:24Z
0 likes, 0 repeats
PS. Huge freaking typo in error title that I missed has now been fixed. Thanks to https://m.nintendojo.fr/@mortal/107554328900163291 for the heads up :)
(DIR) Post #AF47c0AiLX9Hbp60rA by Shamar@qoto.org
2022-01-03T14:08:22Z
0 likes, 0 repeats
@aralHow sad...you've been fooled by #BigTech propaganda about TLS. Who pay the bills of Let's Encrypt?How secure is a system that enable any certification authority in the world to impersonate any HTTPS website?#HTTP is inheritely decentralized through proxies. And you don't need TLS to have cryptographically signed contents that let clients avoid MitM attacks.HTTPS instead force your client to connect the server even for non sensible contents that could be safely cached by middle proxies.And that, in turn, enable servers to track people with higher precision.So, yes, it 2022 and I don't want to enable HTTPS on websites that do not need it (no sensible components and no form or js).And I do so exactly to spread awareness about the limits and implications of HTTPS everywhere propaganda.
(DIR) Post #AF5rXZLWvnSCInwIa0 by jgoerzen@floss.social
2022-01-03T15:25:21Z
0 likes, 0 repeats
@aral I am a big fan of #LetsEncrypt and use it on many systems. However, there is a legitimate opposing viewpoint: 1) it prevents self-sufficiency; 2) A small set of large orgs decide who's a legit CA for billions; 3) Let's Encrypt won't issue certs for countries the USA has sanctioned.#NNCP author has expressed his thoughts in more detail on this: http://lists.cypherpunks.ru/archive/nncp-devel/2109/0356.html and http://lists.cypherpunks.ru/archive/nncp-devel/2107/0276.html and http://lists.cypherpunks.ru/archive/nncp-devel/2108/0290.html . It led me to hosting a TLS mirror of the site
(DIR) Post #AF5rXZpJ95Gzn9s4zg by jgoerzen@floss.social
2022-01-03T19:40:50Z
0 likes, 0 repeats
@aral Alternatives to #TLS [thread]1/There are lots of alternatives to TLS out there. At the protocol layer, things such as #Yggdrasil and #ipsec can make things secure. #Yggdrasil, like @cjd 's #Hyperboria (#cjdns) before it, is an overlay network where every target IP is essentially a public key. #DNSSEC also helps here.
(DIR) Post #AF5rXaJnJjexJi8QVs by jgoerzen@floss.social
2022-01-03T19:42:38Z
0 likes, 0 repeats
@aral @cjd Alternatives to #TLS 2/Moving up a layer, TLS can be used without public CA infrastucture (eg, #Syncthing) by exchanging key validation information in other means. Also, the #Noise protocol is a viable TLS alternative in many cases.
(DIR) Post #AF5rXaodT4KUrMZ3aK by jgoerzen@floss.social
2022-01-03T19:45:29Z
0 likes, 0 repeats
@aral @cjd Alternatives to #TLS 3/Multiple app-level projects exist to build a distributed Internet (or web), and most of them have E2E encryption built in. Examples: #IPFS and #DAT/#Hyperdrive as distributed filesystems/websites, #libp2p for general communication, #Scuttlebutt (gossip) for social, #Syncthing for data sync, #NNCP for asynchrnous transfer, #Meshtastic #jami and #briar for E2E IM, etc.
(DIR) Post #AF5rXbNNNu7Qb6onjc by jgoerzen@floss.social
2022-01-03T19:48:08Z
0 likes, 0 repeats
@aral @cjd Alternatives to #TLS 4/TLS only protects data in motion. It does not protect against, eg, hacked webserver. Things such as #OpenPGP (#gpg or #sequoia) signatures still have a place and prove more about authenticity than TLS does. With signed content, in fact, TLS is much less useful (maybe preventing an attacker from showing you outdated content) which is why many Debian mirrors -- whose content is fully authenticated by apt -- have historically been non-https.
(DIR) Post #AF5rXbuhO0m2GSPPfs by jgoerzen@floss.social
2022-01-03T19:50:48Z
0 likes, 0 repeats
@aral @cjd Alternatives to #TLS 5/Projects such as #FreedomBox aim to put many of the technologies I've mentioned here, and then some (eg, #BitTorrent) in the hands of people via very low cost hardware and Open Source software on it.
(DIR) Post #AF5rXcPXXLRZo6q2kK by jgoerzen@floss.social
2022-01-03T19:53:41Z
0 likes, 1 repeats
@aral @cjd Alternatives to #TLS end/If you're thinking of #SmallWeb and #SmallTech and a #decentralized #Internet, think about security more broadly than TLS. TLS is useful, but the security story is more broad than that. I could go on: #Tor hidden services, #ssh, #freenet, etc., are all things that secure without TLS. Many of the things I've mentioned secure BETTER than TLS, at least on some respects.#web0 should be broad, about all this!
(DIR) Post #AFtw1iD1lTIWjVcK2K by bonifartius@qoto.org
2022-01-28T14:03:29Z
0 likes, 0 repeats
@jgoerzen @aral while letsencrypt is frictionless, i'm still pissed that _for decades_ http://www.cacert.org wasn't "good enough" to be included in browsers (cf. point 2). all of a sudden some big tech builds let's encrypt and that's totally peachy to include. my guess is that in the end it's about control (cf. point 3).why on earth should i trust silicon valley more than some random folks on the net?