fsebugoutzone.org:9999

       Post B6BTJuEe7b8vuWkAKm by headmold@mastodon.social
 (DIR) More posts by headmold@mastodon.social
 (DIR) Post #B6BTJpzbtYjskjg6LI by mjg59@nondeterministic.computer
       2026-05-11T04:36:42Z
       
       0 likes, 0 repeats
       
       People will complain that a technology can be used to oppress user freedom while contributing to free software that gets used in literal weapons of war
       
 (DIR) Post #B6BTJrTQOCBLLUdQS8 by mjg59@nondeterministic.computer
       2026-05-11T05:42:38Z
       
       0 likes, 0 repeats
       
       I do entirely understand the idea that functionality that can be used against users (even if it can also be used to enhance user security) is bad, I just don&#39;t understand why people will simultaneously make that argument and support the idea that a software license that says &quot;You may not use this software to murder people&quot; is incompatible with the ideals of free software
       
 (DIR) Post #B6BTJswWvT3du3GBSS by mjg59@nondeterministic.computer
       2026-05-11T05:51:35Z
       
       0 likes, 0 repeats
       
       DRM is pretty obviously something that inherently removes user freedom without benefit, and decrying it is entirely reasonable. Hardware identity and state attestation *can* be used for DRM, but can also be used for other purposes that improve things for users (like Signal verifying that it&#39;s communicating with a genuine enclave before disclosing any sensitive data), and attacking the technology rather than the ways it&#39;s used seems short-sighted
       
 (DIR) Post #B6BTJuEe7b8vuWkAKm by headmold@mastodon.social
       2026-05-11T06:21:52Z
       
       0 likes, 0 repeats
       
       @mjg59I don&#39;t have the nuance of whomever you&#39;re replying to, so broadly:(Approximately) no one complains about Yubikeys, datacenter HSMs, etc., because context matters. FIDO deployment wasn&#39;t going to lead to controlling what computers you can use the web with. But Google&#39;s ReCAPTCHA replacement has as a specific tactic to stop people operating outside the phone duopoly from using portions of the web.And it probably won&#39;t even be good at their alleged goal: https://bsky.app/profile/retr0.id/post/3mljwh4k4k225
       
 (DIR) Post #B6BTJvTZVafzl6jbEm by mjg59@nondeterministic.computer
       2026-05-11T06:24:00Z
       
       0 likes, 0 repeats
       
       @headmold People are turning this into an argument about attestation in general, not the specific instance of it
       
 (DIR) Post #B6BTJwDIlZFw2w87W4 by headmold@mastodon.social
       2026-05-11T06:52:42Z
       
       0 likes, 0 repeats
       
       @mjg59 Ah OK, yeah I can&#39;t go so far as to oppose all attestation yet. If you had to bring up &quot;free software gets used in weapons, ya know&quot;, I can only imagine.Where I sit right now: Yubikeys and secure elements are pretty good. Google Play Integrity is bad.
       
 (DIR) Post #B6BTJwzrr06WTYquDQ by mjg59@nondeterministic.computer
       2026-05-11T06:59:34Z
       
       0 likes, 0 repeats
       
       @headmold Yeah, but from a technology perspective there&#39;s basically no difference between Yubikey attestation (and some banks do insist on actual Yubikeys, not other valid WebAuthn tokens!) and what Google&#39;s doing here - which is why I think it&#39;s important to talk about the ways people use it, rather than the technology
       
 (DIR) Post #B6BTJxoYoWeb0mZOEK by hughcb@sc.sigmaris.info
       2026-05-11T08:05:08Z
       
       1 likes, 0 repeats
       
       @mjg59 @headmold I think there&#39;s a big difference between attestation tech that&#39;s tightly coupled with computer/phone hardware and vendor-provided OSes and doesn&#39;t work on LineageOS/PostmarketOS/etc, versus attestation done by a relatively cheap pluggable external device. Only the former is restricting the OS &amp; software people can run on devices they own. OTOH Yubikeys and other pluggable/NFCable tokens can work with basically any OS.
       
 (DIR) Post #B6BTJyYI4VEXIbxuVc by headmold@mastodon.social
       2026-05-11T06:22:25Z
       
       0 likes, 0 repeats
       
       @mjg59 The thing is, I think you know all this better than I do based on what I&#39;ve read from you, so I&#39;m genuinely confused where you&#39;re coming from.
       
 (DIR) Post #B6CVIMo3JmpF0eesm8 by Suiseiseki@freesoftwareextremist.com
       2026-05-11T14:01:41.264992Z
       
       0 likes, 0 repeats
       
       @mjg59 Such license would be brainded and proprietary and not even valid, considering the only country where copyright grants the power to restrict execution of software is Brazil.Also, even if such restrictions on usage are valid, governments who are going to murder people aren&#39;t going to hesitate when it comes to carrying out the lesser act of copyright infringement (what are you going to do, sue them in a governmental court and lose?).Restrictions on usage totally violate freedom 0, even if the restrictions currently only apply to things that are bad; https://www.gnu.org/philosophy/programs-must-not-limit-freedom-to-run.html
       
 (DIR) Post #B6CVeaPvOUJDary4Tw by Suiseiseki@freesoftwareextremist.com
       2026-05-11T14:03:52.645358Z
       
       0 likes, 0 repeats
       
       @mjg59 I would contribute to the software used in GNUke for the holy GNU/War ですぅThose proprietary software companies aren&#39;t going to nuke themselves.
       
 (DIR) Post #B6CVfqxdN1cTC0L5qy by Suiseiseki@freesoftwareextremist.com
       2026-05-11T14:02:46.887384Z
       
       0 likes, 0 repeats
       
       @mjg59 &quot;Attestation&quot; has only ever been used for harmful things - it has never once ever been used from something helpful.Signal is proprietary software, thus you would be a fool to trust it with sensitive data.