Post AY95YaaCyuAFHjJeEa by AlexVoss@fosstodon.org
(DIR) More posts by AlexVoss@fosstodon.org
(DIR) Post #AY6mn7NY9Nec9aUA4m by aperezdc@oldbytes.space
2023-07-23T18:04:56Z
0 likes, 0 repeats
I keep thinking of silly ideas to do some tinkering with electronics, just for the sake of having fun. Today's idea: an adapter to use #Amiga mice on #MSX computers. That way one could use one of those newfangled USB “tank” mice in one more retro architecture, while looking period correct. I imagine somebody could have done such an adaptor back in the late 80s of early 90s, possibly using some i8051 microcontroller... Betcha @foone would have liked that, given how their “it's always an i8051” is their equivalent of Dr. House's “it's never lupus” :blobeyes:
(DIR) Post #AY6mn8EixgBkoVMcxU by aperezdc@oldbytes.space
2023-07-25T15:38:01Z
0 likes, 0 repeats
People talk about how search engine results have gotten worse lately. Here's a clear example: trying to search how an #Amiga mouse works (protocol, pinouts, etc.) these days results in a few pages of links to sites trying to sell you adaptors, and links to actual documentation are a few pages deep (if at all). It used not to be like this, the #enshittification is real.I know the information is in the Amiga Hardware Reference Manual, which can be read at a few places, e.g. https://archive.org/details/amiga-hardware-reference-manual-3rd-edition/page/327/mode/1up — but what if I didn't know?
(DIR) Post #AY6mn97JghrDXouE3E by hisham_hm@mastodon.social
2023-07-25T15:41:33Z
0 likes, 0 repeats
@aperezdc I'm also getting worried that more and more the answer to "information X can be found at..." is so often archive.org. I love archive.org, and the work they do is great, but that's a sign they're becoming a single point of failure for a lot of stuff, which also inevitably makes them more of a target too.
(DIR) Post #AY6mnA6e0guic1bCds by strypey@mastodon.nzoss.nz
2023-07-27T04:28:45Z
0 likes, 0 repeats
@hisham_hm > I love archive.org, and the work they do is great, but that's a sign they're becoming a single point of failure for a lot of stuff, which also inevitably makes them more of a target For a wide range of Bad Actors, on a number of levels (technical, organisational, legal etc). I worry about this with Wikipedia too. I don't know about them, but I know Archive.org are actively supporting decentralised tech and researching how to make use of it: https://archive.org/details/DWeb-Archive@aperezdc
(DIR) Post #AY6n3Vv0gE6mtZxEHo by aperezdc@oldbytes.space
2023-07-25T15:47:54Z
0 likes, 0 repeats
@hisham_hm while there are other sites for specific things (like Bitsavers) you make a good point about archive.org — I do trust their ability to keep infrastructure running, though. I would be more worrier about it being headquartered in a country with values and legislation often opposed to the Archive's goals. Also, mixing this with Google's recent Web Environment Integrity proposal makes me think we may see a day where two parallel Internets exist: the corporate one, and the “archived” one. And, oh boy!, do I want to be proven wrong about this thought!
(DIR) Post #AY6n3WVWUTJcip2OCO by strypey@mastodon.nzoss.nz
2023-07-27T04:31:57Z
0 likes, 0 repeats
@aperezdc > I would be more worrier about it being headquartered in a country with values and legislation often opposed to the Archive's goalsName one. When you consider the Snowden revelations (PRISM etc), FCC gutting on net neutrality, SOPA, PIPA, LAEDA, KOSA, etc, etc, the US is hardly a bastion of internet freedom. China is worse, but not by much, and mainly appears worse because the state does things itself that the US state outsources to corporations.@hisham_hm
(DIR) Post #AY6nQ4O5Cq20AaJBh2 by hisham_hm@mastodon.social
2023-07-27T04:07:31Z
0 likes, 0 repeats
@aperezdc oh boy I haven't heard about this latest Google thing but from the name alone it gives me strong Microsoft Secure Boot vibes
(DIR) Post #AY6nQ5nHybmuX36pcW by strypey@mastodon.nzoss.nz
2023-07-27T04:36:09Z
0 likes, 0 repeats
@hisham_hm > I haven't heard about this latest Google thing [Web Environment Integrity proposal] but from the name alone it gives me strong Microsoft Secure Boot vibesYou mean this?https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.mdThe stated goals seem reasonable, but I guess as with Restrited Boot, the devil is in the details. I don't have the knowledge to fully evaluate it, but I look forward to seeing someone like RMS or @pluralistic comment on it.@aperezdc
(DIR) Post #AY7WoSFqcFXL50STQ0 by AlexVoss@fosstodon.org
2023-07-27T13:04:44Z
0 likes, 0 repeats
@strypey @hisham_hm @pluralistic @aperezdc question: what would you make of a technology that allows websites to reject your request based on what machine/software you use?
(DIR) Post #AY7pWexEYeyeNryoi0 by pglpm@c.im
2023-07-27T16:34:19Z
0 likes, 0 repeats
@strypey @hisham_hm @pluralistic @aperezdc First, it's very doubtful that the stated goals (for the "user") are the true goals. Second, one should report not only what the user "desires", but what the full consequences for the user are.The proposal is very deceitful in saying "the user desires...", "the user wants...", and so on. It says explicitly what the "user" desires, but it doesn't say explicitly that the user itself will in fact be abused.Suppose I want some guard, who reports to me, to constantly follow you and check what you do. "Wouldn't you like to be safe on the streets?", I ask you. "Of course", you reply. And here's my solution: I'll assign a guard that controls your every movement, when you go out. Funny that this was done "for" you, but concretely it's done "against" you.
(DIR) Post #AY8C8y1IJrEbVhYDFg by strypey@mastodon.nzoss.nz
2023-07-27T20:47:51Z
0 likes, 0 repeats
Me:> US is hardly a bastion of internet freedom.See also:https://www.badinternetbills.com/@aperezdc @hisham_hm
(DIR) Post #AY8CtBcw3og126CEBU by strypey@mastodon.nzoss.nz
2023-07-27T20:56:15Z
0 likes, 0 repeats
@AlexVoss> what would you make of a technology that allows websites to reject your request based on what machine/software you use?That depends on *why* it rejects it. Let's say say a referendum voting website expects a certain hardware/ software profile, based on the combo I was using when I signed up (or another combo I've verified from the original one). If my device is compromised, the site informs me, and rejects my vote.Just thinking out loud here.@hisham_hm @pluralistic @aperezdc
(DIR) Post #AY8DCcwmi1XnGbkav2 by strypey@mastodon.nzoss.nz
2023-07-27T20:59:46Z
0 likes, 0 repeats
@pglpm> it's very doubtful that the stated goals (for the "user") are the true goalsWhy? Because the engineers all work for Goggle? Lots of widely used open standards were invented at Goggle; Jingle (XMPP voice chat), Wave (now stewarded by Apache), WebRTC etc.@hisham_hm @pluralistic @aperezdc
(DIR) Post #AY8FFJ0ZUvHaCjvWEK by pglpm@c.im
2023-07-27T21:22:37Z
0 likes, 0 repeats
@strypey @hisham_hm @pluralistic @aperezdc Fun fact about this (which you may believe or not): When I first read the "Explainer", I started from the Introduction, and had not see who was writing this. After the very first lines I had a positive feeling, because they were mentioning "user" so much – it's nice that they have me in mind, I thought. But after reading the first bullet list this feeling became the exact opposite.For example: "This creates a need for human users to prove to websites that they're human" – sure that's true, but then *say clearly that what you're doing is for that website*, not for the user. You can make a case for some websites' needs to economically sustain themselves – *but don't turn this around* as if your final goal is the user. Just be honest in what you say.Incidentally, when someone says "Users like visiting websites that are expensive to create and maintain" I expect some verifiable statistics to prove this, otherwise this sentence is just as good as its denial.Related to this: I, as a user, prefer and am happy to *pay websites directly*. I don't like the intermediary of ads. So now I don't only doubt that this is done "for the user", but also that it's done "for the website". It's done for the ads business.The fourth item in that first bullet list sounds also contradictory or doesn't make much sense. At least where I live, banks already have two- or three-steps verification. I can't make transactions if I don't have my phone and an electronic gadget given to me by the bank. I don't see the need of any "WEI" here.This was just the beginning. Continuing on reading the feeling gets stronger and stronger that there's some goal, but it's hidden behind rhetoric and roundabout wording. When your goal are sincere, you speak and present things honestly and directly.
(DIR) Post #AY8HoIVZY3wAhJExXs by strypey@mastodon.nzoss.nz
2023-07-27T21:51:23Z
0 likes, 0 repeats
@pglpmA number of good points there. Definitely important to be critical of any such proposal. I guess I'm just pushing back against dismissing it out of hand, or calling its authors "odious", as I've seen people doing here.> I can't make transactions if I don't have my phone and an electronic gadget given to me by the bankNot the case with most banks in this country. I suspect your case is the exception, not the rule.@hisham_hm @pluralistic @aperezdc
(DIR) Post #AY8IuYLHgsHvUuyV3g by pglpm@c.im
2023-07-27T22:03:42Z
0 likes, 0 repeats
@strypey @hisham_hm @pluralistic @aperezdc Thank you for the kind feedback! I don't call the authors "odious", but I've read the discussion that has gone on on github <https://github.com/RupertBenWiser/Web-Environment-Integrity/issues>, and I notice that the authors' replies never address the questions and arguments directly and honestly, they always take some different, evasive, direction. (Having grown up in Italy, I immediately detect this kind of evasive rhetoric, since it's the basis of politics in that country.) So I consider them deceitful and manipulative – or otherwise they have impaired comprehension skills.I've used this kind of banking authentication in Scandinavia and England.By the way, who's writing here is a human robot who did its university studies and part of its PhD using Yahoo and Ask Jeeves, and scanning articles by hand. I remember when Google appeared and the great things it did. it really felt it was something done by the people, for the people (was that their motto, or do I misremember?). I've witnessed its decline (not economic decline, of course). Decades later, only the noun "Google" is basically all that's left in common :(
(DIR) Post #AY8l5fPLxuMSlgAbGS by strypey@mastodon.nzoss.nz
2023-07-28T03:19:06Z
0 likes, 0 repeats
@pglpm > the authors' replies never address the questions and arguments directly and honestly, they always take some different, evasive, directionI agree that engineers talking like politicians is always a red flag : /@hisham_hm @pluralistic @aperezdc
(DIR) Post #AY8lBGuXxOUiWuQuYq by strypey@mastodon.nzoss.nz
2023-07-28T03:20:05Z
0 likes, 0 repeats
@pglpm> remember when Google appeared and the great things it did. it really felt it was something done by the people, for the peopleI remember that too. It was so impressive I promoted it in a regular column I wrote at the time for an anarchist zine 😆 > was that their motto, or do I misremember?Their motto was "Don't be evil". Oh how times have changed ... @hisham_hm @pluralistic @aperezdc
(DIR) Post #AY8tZcFx2xXPJXZ2NE by AlexVoss@fosstodon.org
2023-07-28T04:54:30Z
0 likes, 0 repeats
@strypey @hisham_hm @pluralistic @aperezdc would it not be nice if a) the chance of a compromise was lower and b) your device told you, the user?
(DIR) Post #AY8xr79Npu7ds05izo by strypey@mastodon.nzoss.nz
2023-07-28T05:42:31Z
0 likes, 0 repeats
@AlexVoss > a) the chance of a compromise was lowerThe promise of perfect security is the joy of fools.> b) your device told you, the user?If the device is compromised, one of the symptoms may be preventing it from doing this.@hisham_hm @pluralistic @aperezdc
(DIR) Post #AY92qoXjW7Uvvo9nDU by pglpm@c.im
2023-07-28T06:38:27Z
0 likes, 0 repeats
@strypey Writing for an anarchist zine in the 1990s must have been a lot of fun!🤩
(DIR) Post #AY95YaaCyuAFHjJeEa by AlexVoss@fosstodon.org
2023-07-28T07:08:46Z
0 likes, 0 repeats
@strypey @hisham_hm @pluralistic @aperezdc Before you call me a fool (no offence taken), note how I said "lower". A device that is compromised in its entirety will be able to reproduce whatever proof of integrity is required by the protocol Google suggests. Surely, the whole thing builds on the idea of trusted platform computing, where some part of the system is tamper-proof - as-far-as-we-know(tm).
(DIR) Post #AY9J3BObyVXXY9oHse by strypey@mastodon.nzoss.nz
2023-07-28T09:40:00Z
0 likes, 0 repeats
@pglpm> Writing for an anarchist zine in the 1990s must have been a lot of fun!It was just like writing a blog. Except that occasionally people would say they read it 😆
(DIR) Post #AY9K67bwbUNqdN0mbw by strypey@mastodon.nzoss.nz
2023-07-28T09:51:44Z
0 likes, 0 repeats
@AlexVoss> Before you call me a fool (no offence taken), note how I said "lower"True. That was an unwise choice of words on my part. I didn't mean to call you anything. It was just a flippant way of pointing out that good security practice does *not* assume devices are untamperable. Rather it designs for mitigations that reduce the harm compromised devices can do.FWIW I was referencing an old anarchist slogan; a change of rulers is the joy of fools.@hisham_hm @pluralistic @aperezdc
(DIR) Post #AY9K9ZxdeitNQco88W by strypey@mastodon.nzoss.nz
2023-07-28T09:52:22Z
0 likes, 0 repeats
@AlexVoss> A device that is compromised in its entirety will be able to reproduce whatever proof of integrity is required by the protocol Google suggestsI freely admit I may be out of my depth here. But if that was true, surely HTTPS would useless?@hisham_hm @pluralistic @aperezdc
(DIR) Post #AY9KUdpeSSVPW37C0O by AlexVoss@fosstodon.org
2023-07-28T09:56:09Z
0 likes, 0 repeats
@strypey @hisham_hm @pluralistic @aperezdc Basically, if your device is compromised then you can encrypt outside communications as much as you like. Whatever malware you have caught would be able to listen in locally, assuming it has managed to run with administrator rights.
(DIR) Post #AY9NsI779pesyDFfnc by strypey@mastodon.nzoss.nz
2023-07-28T10:34:03Z
0 likes, 0 repeats
@AlexVoss> if your device is compromised then you can encrypt outside communications as much as you likeMy limited understanding of WIM is that it's not based on encryption, but something more like the principle of Reproducible Builds. The very action of compromising the device would make a change to the way it appears to the website.@hisham_hm @pluralistic @aperezdc
(DIR) Post #AY9VmgUmOS74U69soq by AlexVoss@fosstodon.org
2023-07-28T12:02:39Z
0 likes, 0 repeats
@strypey @hisham_hm @pluralistic @aperezdc It is not based on encryption because the purpose is not to keep something secret. It uses cryptographic methods to sign 'attestations' that contain a warrant for a claim about the hardware/software environment you use. HTTPS does two things for us. One is encryption of the data we send around, the other is authentication of the server side so we know we are talking to the bank. The latter works using similar signatures mechanisms.
(DIR) Post #AYEYwjjYTmr74oM0zA by pglpm@c.im
2023-07-30T14:45:39Z
0 likes, 0 repeats
@strypey @hisham_hm @pluralistic @aperezdc Update: from what's reported here: https://github.com/ungoogled-software/ungoogled-chromium/issues/2432 it looks like WEI is already undergoing implementation in Chromium. I haven't checked the truth of this report, though.
(DIR) Post #AYEYwkVPbr8XTEkEa0 by strypey@mastodon.nzoss.nz
2023-07-30T22:31:39Z
0 likes, 0 repeats
@pglpm> Linux based OS will probably never implement it and will be locked out of all cloudflare hijacked websites in the near futureHoly christ-on-a-stick. If this is really a likely consequence of Web Environment Integrity being adopted, people with a large following like @pluralistic, @Rushkoff, and @aral need to investigate it and expose it, and we need tech regulators to smack it down and burn Goggle's fingers for even trying it.@hisham_hm @pluralistic @aperezdc
(DIR) Post #AYEauql5afdeC0Idzk by aral@mastodon.ar.al
2023-07-30T22:50:36Z
0 likes, 0 repeats
@strypey @pglpm @pluralistic @Rushkoff @hisham_hm @aperezdc Yeah, it’s nothing good. Was yelling about it last week.
(DIR) Post #AYEjriYUX4czTAzLYO by strypey@mastodon.nzoss.nz
2023-07-31T00:34:01Z
0 likes, 0 repeats
@aral> Was yelling about it last weekOh good. I was trying to be even-handed about this at first, and give the engineers proposing it the benefit of the doubt. But the more I read about it, the less I think they deserve that.@pglpm @pluralistic @Rushkoff @hisham_hm @aperezdc
(DIR) Post #AYElVjjreSvgg3xEuW by strypey@mastodon.nzoss.nz
2023-07-31T00:52:28Z
0 likes, 0 repeats
@aralCan you point me to specific posts you've made about WEI (here or elsewhere on the web) so I can signal boost them?@pglpm @pluralistic @Rushkoff @hisham_hm @aperezdc
(DIR) Post #AYEmebHQZP1L0IRZcu by chris@s.the-brannons.com
2023-07-30T23:47:48.105914Z
0 likes, 1 repeats
@strypey @pglpm @pluralistic @aral @hisham_hm @aperezdc Perhaps of interest, from the FSF: Web Environment Integrity is an All-out Attack on the Free Internet
(DIR) Post #AYEmlo1FbYgEXZJSyG by strypey@mastodon.nzoss.nz
2023-07-31T01:06:33Z
0 likes, 0 repeats
@chris> from the FSF: Web Environment Integrity is an All-out Attack on the Free InternetThis is exactly the kind of expert commentary I've been looking for, thanks Chris.@pglpm @pluralistic @aral @hisham_hm @aperezdc
(DIR) Post #AYF9uknDGf5O5NyzJ2 by infosec_jcp@infosec.exchange
2023-07-31T05:25:50Z
0 likes, 0 repeats
@strypey @chris @pglpm @pluralistic @aral @hisham_hm @aperezdc They are going for the AD blockers! JFC even the GOVERNMENT recommended AD Blockers I.T.'s gotten so bad! 👉🍿
(DIR) Post #AYFzOqa3PPDcNzw0ae by shelldozer@oldbytes.space
2023-07-31T09:47:50Z
0 likes, 0 repeats
@chris @pglpm @pluralistic @aral @strypey @hisham_hm @aperezdc Shame they didn't use the term "Open Internet" instead of "Free Internet". The latter is often misinterpreted by those outside tech policy circles.
(DIR) Post #AYFzOrcvWD6vdCHohs by strypey@mastodon.nzoss.nz
2023-07-31T15:02:42Z
0 likes, 0 repeats
@shelldozer> Shame they didn't use the term "Open Internet" instead of "Free Internet"Who is "they" in this context?@chris @pglpm @pluralistic @aral @hisham_hm @aperezdc
(DIR) Post #AYFzhv2d30OpiuOWES by strypey@mastodon.nzoss.nz
2023-07-31T15:06:15Z
0 likes, 0 repeats
@shelldozer> Shame they didn't use the term "Open Internet" instead of "Free Internet". The latter is often misinterpreted by those outside tech policy circlesIs it though? Or are you just assuming that people can't distinguish between wind (the noun) and wind (the verb) from context? I'm aware of the confusion caused by "free software", which is why I tend to use "Free Code", or at least capitalise Free Software. But does it apply here? @chris @pglpm @pluralistic @aral @hisham_hm @aperezdc
(DIR) Post #AYHTAAUiHLh3aSJTZg by shelldozer@oldbytes.space
2023-08-01T08:09:55Z
0 likes, 0 repeats
@strypey @chris @pglpm @pluralistic @aral @hisham_hm @aperezdc Ask my auntie Margaret.
(DIR) Post #AYHlQ8sPrLZONVAODw by strypey@mastodon.nzoss.nz
2023-08-01T11:35:34Z
0 likes, 0 repeats
@shelldozer> Ask my auntie MargaretWhat does she interpret "free internet" as? What about "open internet"?@chris @pglpm @pluralistic @aral @hisham_hm @aperezdc
(DIR) Post #AYI0BrUND037i1ZMau by shelldozer@oldbytes.space
2023-08-01T14:18:23Z
0 likes, 0 repeats
@strypey @chris @pglpm @pluralistic @aral @hisham_hm @aperezdc "Free": not charged by the session, or minute. Pays for it notheless, under a service contract, but only subconsciously aware of that.