Posts by hallam@infosec.exchange
(DIR) Post #ARTmCGgNVZ69Tn8pyy by hallam@infosec.exchange
2023-01-09T20:35:08Z
1 likes, 0 repeats
@bobwyman There are two separate layers in an system of that sort.The first is what the protocol supports. On that basis, the Mesh is a vastly superior password vault than anything on the market because it guarantees a 120 bit work factor and does not allow the user to inadvertently weaken it.So yes, ActivityPub does support groups.The second level is the affordances built into the applications and that is a separate matter entirely. ActivityPub has groups but the clients, the services don't expose them in useful ways that make them equivalent to Facebook groups.Same problem with my password vault. It has all the cryptography but the only application is the command line client, there is no integration into any browser, etc. etc.What I am talking about here is designing the affordances in the client.
(DIR) Post #ARTsjPCnRNhpC5UOlU by hallam@infosec.exchange
2023-01-09T21:49:06Z
1 likes, 0 repeats
@fl0wn I am not in the habit of waiting for people to implement.Besides which, groups don't really mean anything without the ability to make them private which none of the existing protocols were built for.Except the Mesh.
(DIR) Post #ARTx2HNt8vvEFvvtDM by hallam@infosec.exchange
2023-01-09T23:29:26Z
1 likes, 0 repeats
@fl0wn One of the big problems with security is that folk who don't specialize in security tend to rely on it as a catch all reason to avoid thinking about things they would rather not consider.Mesh/Everything is a cryptographic framework. Nothing is visible to the host. The host doesn't even get to see user-names. Hosts can make inferences from meta-data but these are greatly limited relative to traditional approaches.
(DIR) Post #ARV005iy1APiXCOsS0 by hallam@infosec.exchange
2023-01-10T00:06:48Z
1 likes, 0 repeats
@fl0wn The issue of who owns a group and how they persist is an important one though and something that I think needs to be closely considered.First, forget the limitations of existing platforms. They probably don't apply. Let us decide what groups should look like.One of the things I spent some time on over the past few years was looking at how Putin's people seized control of a large number of Facebook political groups and used them to peddle Putin's propaganda.Most of the Facebook groups for US candidates ended up being created by Russian trolls who used them to push for Tulsi Gabbard in the case of the D. accounts. There are real issues of transparency and accountability there.So I think there have to be communities hosting these things and the communities need to be able to manage who owns a group because I for one got really sick of every CNC group on Facebook being run by a MAGA hatting fascist because they happened to start it. I think there has to be some community ownership and the fact someone is an admin should not make them a little Hitler who can kick folk out for pointing out Mint Press News is a Russian propaganda site or objecting to people posting CNC cut Dixie swastikas.This is a stronger set of conditions than the hosting provision issue. But I have a fi for that. Like every other Mesh account the unique identifier for a group is the fingerprint of the root signature key. Moving the group from one host to another merely requires a pointer to the new host in one of more lookup tables somewhere.A bit trickier is how to fund hosting for such a site. Especially if a success disaster ensues. The folk running Game of Thrones sites were a little surprised when HBO turbocharged everything...But that whole area is something I think we can leave to when we consider the general content funding problem. I pay Apple News $10/mo to get access to a lot of content. Perhaps we can get some similar model going for the Fediverse. The way I would see it working is that I pay my MSP $8/mo ($96 /year) and some of that goes to pay for my local storage needs and some of it goes to fund access to a wider selection of shared content.So I start a Dalek builders' group and that is hosted by my MSP with me as sponsor. Then say it becomes something bigger and we have thousands of members, my MSP continues to host but it goes into a federated tier with multiple admins.Maybe you get one or two such groups for free but if you want to get hundreds of groups, well you need to be on the premium tier and a little chunk of change goes out to each of the groups you join and that means that the MSP hosting them doesn't get slammed and have to ask their customer to pay up.And because it is easy to move groups to a new MSP, the MSPs can periodically bid to host the group at a lower cost. That is not the only business model I think we need for content but it is one of them and it is the one that probably best fits club type activities where they are primarily social and the real goal is to avoid someone becoming the stuck-ee for the costs.I think we need the Patreon/Substack model and some form of pay per article model in addition.
(DIR) Post #AS0pY6PjwecKz9Bbqy by hallam@infosec.exchange
2023-01-25T17:27:05Z
1 likes, 0 repeats
@Julf The ‘or’ clause is doing a lot of work there.I remember when the Holocaust deniers hit USENET in the 90s. It is important to understand the tactics they used then because they have not changed since.One very important tactic was to leverage the fact that some people would react to disputing the smallest detail of the narrative as they had learned it as being the same thing as holocaust denial itself. They used that to set the people correcting the record on each other.There was only one actual neo-NAZI but he used multiple socks and reposted lots of material by other people from neo-NAZI publications.What he would do is to start an argument by disputing a specific detail. Usually, this was pure bad faith relying on fabricators like David Irving as sources. But it wasn’t always. There were some accurate statements there such as the fact Anne Frank died of tuberculosis, not in a gas chamber and the UN report on the holocaust gave the figure of 5 million Jews murdered.Now both of these statements while literally true were of course besides the point. Anne Franke died because the NAZIs put her in a concentration camp in unsanitary conditions which killed her before they could get round to murdering her as was their plan. And the UN report was the lower bound on a range of 5-6 million. The principal source of the uncertainty is that the NAZIs only recorded the first reason they arrested someone. A lot of trades unionists, homosexuals, dissidents, etc. who were also Jewish were murdered for other reasons. The UN found the total number of civilians and POWs outright murdered by the NAZIs was around ten million.So when you look into the claims being raised to dispute the numbers, they are entirely bad faith distinctions without a difference. But folk who didn’t take the time to examine the claims and reacting according to their incorrect assumptions ended up playing into the neo-NAZIs hands by vehemently insisting on ‘facts’ that the neo-NAZIs could disprove.The neo-NAZIs themselves are nowhere near numerous enough to run any sort of effective disinformation operation. But they don’t have to because Putin is always happy to oblige with funding and organization. Putin’s people had other nationalist causes to back in Britain (Brexit, independence), Spain (independence), France (immigration), etc. etc. None of those had quite the same valence in the Netherlands so they doubled down on their anti-semitism peddling holocaust denial.Putin doesn’t care about policy outcomes, he happily funds anti-Semitic thugs in AfD, Golden Dawn, Britain First, etc. and at the same time funds rabidly racist Zionist parties in Israel. All Putin cares about is creating division.So yes, the numbers are bad, but understanding what is causing it is more important.
(DIR) Post #ASbmJWi9uPWqKNQMV6 by hallam@infosec.exchange
2023-02-12T16:06:43Z
0 likes, 0 repeats
@lauren Different people have different views but a large number want two, mutually inconsistent things.First, they want to replace Twitter and become a forum with global reach.Second they don't want Mastodon to change.It isn't unusual for people to make inconsistent demands and in this case, it might actually be possible to square this circle.Mastodon hasn't been big enough for interest groups to be viable until recently. What if they were done a bit differently from the way Facebook does them so Mastodon becomes one feed among many?What if there were curation services that people could opt into which provide 'posts I am likely to want to view' based on positive and negative feedback from the individual user. (Downvoting content is absolutely necessary).And maybe you subscribe to several of them and your client continuously rates their performance and only uses the ones that are working. I think these approaches would provide the social scaling required for Mastodon to expand by another order of magnitude without becoming another Facebook with a smirking billionaire in a hoodie whose biggest idea is a VR simulation of his office making all the decisions for everyone.Twitter and Facebook hate downvotes because it hurts their wallets. Making the worst actors most visible is what drives engagement and profits. It also makes Facebook the online version of the Jerry Springer show.Put downvotes into the equation and I am not just going to respond to Klu Klux Kruella's hate posts, I am going to downvote them. And so the hatemongers gradually fade from public view because only the fascists want to hear them.
(DIR) Post #ASeKs18t3hCXJNSpaC by hallam@infosec.exchange
2023-02-13T21:43:48Z
0 likes, 0 repeats
@misty Not so difficult from a technical point of view - provided people are using a dedicated client which can be told to keep a local copy of everything.
(DIR) Post #ATQA5LvZzn6HrJjGUK by hallam@infosec.exchange
2023-03-08T23:02:01Z
0 likes, 1 repeats
OK so I have this problem, I want to have a brain floating in a jar in my office. I want it to be floating in potable water and for it to be possible to reach into the jar and pull it out to show there are no wires attached.The brain will light up in response to internet commands with the ability to light different parts of the cortex in different colors.So far, so good, got all of that worked out. 3D print brain in PLA, paint. Alternatively, make mold, cast in silicone. Take power off an inductive loop built into the base of the display. Low power RaPi or similar takes instructions over WiFi, lights up LEDs.Here is the part I haven't worked out: How do I get my brain to float in the dead center of the jar so that it is completely submerged and not touching the bottom? I can make it close to neutrally buoyant, but that isn't going to be enough. I want it to settle at a specific depth.Easy enough to cause the volume of the brain to shrink as it descends, just fill it with air. I want the volume to do the opposite so that I can trim it to the precise level I want.My goal is of course to make two of these so that I can be the man with two brains.
(DIR) Post #AU9JHq89LfDZU4eSjg by hallam@infosec.exchange
2023-03-30T18:13:28Z
0 likes, 0 repeats
@lauren They have been saying that since Putler's invasion of Ukraine.
(DIR) Post #AUE1YJM4lpCX3WnN1E by hallam@infosec.exchange
2023-04-02T00:48:54Z
0 likes, 0 repeats
@lauren Greece in the time of Socrates. Fix Plato.
(DIR) Post #AUEdZg73RK7KBYqdma by hallam@infosec.exchange
2023-04-01T18:27:51Z
0 likes, 0 repeats
Every discussion of the future of Mastodon and the broader Fediverse seems to keep comming back to a set of closely interconnected issues which to my view are actually different aspects of the same issue. These are:1) Moderation2) Content discovery3) Abuse4) Blocking5) CensorshipI put moderation first because it is more than simply blocking bad actors or bad posts. It can also mean writing codes of conduct, establishing norms of good behavior, etc. All of the things that follow can be part of moderation.The architecture of a social media space can greatly affect the need for moderation. Remember the secret of how Disney keeps its parks clean is that the park is already clean. The fact that there is no visible litter anywhere prompt guests to comply. Conversely, Zuckerberg lets people bigot and bully and broadcasts their spew far and wide because making people angry keeps them engaged and the greedy little shit wants to have more money from advertising.So, content discovery has to be a part of the moderation design and yes, that includes the ability to opt into search. And if people don't like the fact that some people want their content to be discovered by others, well, it is not always about you (NAAY). I like the fact that I spontaneously discovered new content providers in Facebook and Twitter. I do not like the fact that the only new content I am seeing on the bird site is from the fellow members of Musk's fascist cults.Musk's brand of libertarianism turns to fascism in three steps, Libertarianism means no government, no government means no checks on private power, no checks on private power means feudalism, hierarchy and slavery.One very powerful means of content discovery is curation. I follow some people because they curate vast amounts of interesting posts. I want that model of curation and I also want to be able to select feeds curated using my positive and negative feedback. Again, some people don't but NAAY with knobs on. I want that mode but I want to have it on my terms. I want to be able to select multiple curated feeds and have my client select from them according to which most closely matches my reaction feedback. If someone produces a spammy curated feed that I don't find useful, that will automatically fall to the bottom of the pile in terms of notice.Producing that sort of feed in the current Mastodon model would be hard as each curator has to ingest vast quantities of data, not practical. So there have to be aggregators to reduce the computational load. All the curator needs to do then is to build their eigenvectors and crunch 'em on new posts as they come in, recommending them to the relevant users.Yes, opt in, permissions, etc. etc. One way to establish that would be for subscribers to a curation feed to follow a particular account and that in turn causes a notification to be sent to the aggregation engine they use to collect that user's posts.If we need finer grain 'opt out', well the core protocols will have to adapt to support that.OK so what happens when people start being abusive? Well one protection that might well be built in here is for linked images to be automatically scanned against existing abuse databases at some point in the chain, could be the aggregator, could be the client.Now before getting too excited, there is absolutely nothing stopping the GRU, Met police, FBI, etc. from doing the same thing today. And the IRA people are definitely monitoring Titter and Facebook which is why my accounts get so many bad faith strikes - they always come after I post about Putin's people and their tactics.It seems to me that having that type of control in the aggregator is best in that it conceals data about user's reading habits. If is it child abuse, the aggregator isn't going to be presenting it in anyone's feed. It can however send a signed attestation to the instance operator stating that their user posted an illegal image.If said illegal image is simply pointing out Putin is a war criminal or the blasphemous Iranian mullahs are frauds, well instance operator probably doesn't take much notice...And yes, it does get more complicated as users often post links and the image they thought they were posting might change. Yes, seen a lot of tricks in my day...OK that is criminal abuse, what about lesser forms of abuse, the person who just keeps spamming their feed with Trump propaganda? Well, let them, that is free speech and the second biggest party in the US has turned itself into a white grievance engine spewing bigotry at every target they can think of. Can't stop them publishing their bigotry but we can sure make it really easy for people who don't want to see any of that bigotry to do so.When I got started at the birth of the Web, lots of people were really worried about individuals peeling away from the general population to live in epistemic bubbles of their choosing with like minded individuals forming cliques that turn into cults, etc. etc.That happened of course. But it was happening before, the Web didn't start that. The problem created by the Web was when BigotBook and the bird site put a great big megaphone in the hands of these deranged cults and allowed them to shout down everyone else.So the correct penalty for the bigots in my view is they don't get an audience. And that is mostly what they are really after. Having watched a lot of these neo-NAZI etc. types, it seems to me that what they are really into is the bullying and the violence. All they want is to find a pretext and an audience.Take away Trump's audience and he is a really miserable person, it isn't any fun bigoting when there is nobody being offended by the bigoting.No, I am not saying 'just don't listen', I am saying 'make it clear that they are being ignored'.Same for the likes of Charles Koch, the greedy little blighter who inherited daddy's fortune literally made in Stalin's gulags and uses it to lecture us all on 'freedom' through a network of fake thunk tanks staffed by propagandists paid to lie about climate change. Wouldn't it be nice if Charles Koch could see that his ideas and his lies are being rejected because daddy's fortune made by slave labor doesn't give him the right to the loudest voice in politics after all?This gets us onto the last point which is censorship. Who do we trust with such power? Well the only person I trust to make such decisions for me is me. And you should be the same.That is why algorithmic curation using positive and negative feedback is so powerful.Sing if your glad to be woke. I am, don't t let the bullies intimidate you. If the curator I choose sees that thousands of people whose likes and dislikes closely match mine do not find Jordan 'Benzo' Peterson's work interesting, sounds good to me. That isn't censorship, it is a better, more open form of curation than letting a 90 year old Australian bigot facing a $1.6 billion defamation suit decide what I see.And people who like to jackboot, well they can jackboot but they end up doing it in private, alone in small circles without the ability to inflict their jackboots on other people like they crave.So, as you might have realized already, this type of infrastructure is about more than just Mastodon, it can be applied to a whole host of different social media modalities as well. Hey, here is a video you might like, and here is an article on cryptography that seems important, what about these conferences coming up? etc. etc.Remember Delicious? the bookmark sharing service that Yahoo took away from us? We can recreate that but with one major difference.This time we make sure it is ours and they can't take it away.
(DIR) Post #AUFXFGxOqxr5o9B8k4 by hallam@infosec.exchange
2023-04-02T17:53:33Z
0 likes, 0 repeats
@lauren he has now. Congratulations.Mine is gawn as well
(DIR) Post #AUFYKadXDE5CFFzDH6 by hallam@infosec.exchange
2023-04-02T18:30:48Z
0 likes, 0 repeats
@lauren yeah, thought this wuz the bird site, my mobile apps don’t distinguish much
(DIR) Post #AUIR4UCp8DK8hJzrwu by hallam@infosec.exchange
2023-04-04T03:53:26Z
0 likes, 0 repeats
@lauren Execution?
(DIR) Post #AUb7qyQwhtQR7fLe2S by hallam@infosec.exchange
2023-04-13T04:17:50Z
0 likes, 0 repeats
@alex Turning himself in, he might get as little as two years. If he gets caught instead, he is likely looking at ten or more.
(DIR) Post #AUbBG9sdaMCvj408Su by hallam@infosec.exchange
2023-04-13T04:55:58Z
0 likes, 0 repeats
@alex They will want him alive to be able to debrief. But most likely, they will pick him up on his base when he reports for duty.
(DIR) Post #AUospqjWCmNCnky1RI by hallam@infosec.exchange
2023-04-19T19:35:18Z
0 likes, 0 repeats
@lauren Interesting. I guess that they prefer to start from a ruling that is not as absurdly partisan.
(DIR) Post #AW3ACCG1gY5Rye6QQy by hallam@infosec.exchange
2023-05-26T14:47:51Z
0 likes, 0 repeats
@lauren "“After almost four incredible years at Twitter, ..."Almost four years means almost certainly means he will be fully vested after accumulated PTO is factored in.Musk sacked the engineers with the most in unvested stock options which he is obliged to buy out at the purchase price. This chap was likely allowed to stay on only because he was relatively cheap. Now that his options are fully vested, there is no reason to continue to work for Space Elmo.The notion that any technical failure is the fault of the engineers rather than the guy who sacked all but three of the 100 person spaces team is ridiculous.
(DIR) Post #AW4xpeSlqDolf2T0TY by hallam@infosec.exchange
2023-05-26T14:54:59Z
0 likes, 0 repeats
@spaf Fusion power is almost certainly going to be a bust. But not because the National Ignition Facility failed, rather the reverse.An MIT team, Quaise had the idea of using the gyrotron developed for NIF to make deep bore holes for geothermal power. It is not certain that it will work but there is at least a 50/50 chance it will be delivering power at the test site within five years. And if it does, we will have absolutely no use for fusion because we will be able to exploit the natural fission reactor we are all sitting on safely and cheaply pretty much anywhere not on an actual fault line.So like the space program, blue sky research has real benefits but not necessarily the benefits expected. I remember something about some Internet project coming out of CERN a while back.
(DIR) Post #AY1rFudw0atJ4wKrYm by hallam@infosec.exchange
2023-07-24T19:25:32Z
0 likes, 0 repeats
@dave The x.com thing is utterly stupid and bizarre. But it might be what ultimately saves Twitter.At some point, likely sooner rather than later, Musk's whole world is going to come crashing down. Tesla is a mess financially, SpaceX eats money like there is no tomorrow and Twitter is worth at least $30 billion less than the $44 billion Space Elmo paid for it.Chances of Twitter being spun off are very high. And when that happens, the return of the blue twitter bird is going to be the signal that the fascist druggie billionaire is no longer in charge.