@blake@infosec.town

blake

@blake@infosec.town

A software developer with a passion for the powers, rights, and freedoms of users. Developer of dahliaOS, LucidLog, Bodacious, and more. Sometimes tries to design and write. Cool tech enthusiast.

Likely to post about #FOSS, #FreeSoftware, and #OpenSource (specifically, my various projects), radio stuff, and some other technology-related stuff. For my climate activism and solarpunk adjacent stuff, see my alt account linked below.

  • I hereby opt in my public posts to be searchable on tootfinder
  • My profile picture is not up to date, even though I just took some for this purpose
  • Recovering from being a lot of bad things, still have more to go. Keep me in check please

This profile is from a federated server and may be incomplete. Browse more on the original instance.

blake, to random

My Bridge Wizard now includes support for Bridgy Fed's ATProto-ActivityPub bridge in both directions! It tells you briefly how to opt in, and warns you that it might not work as expected.

blake, to random

decided to look into (the Tim Berners-Lee related one) and, why the hell isn't it in everything by now, or at least able to be?!

Like, why can't I have my files on a Solid pod show up in Nautilus yet?!

In particular, I think it might be really great for a "metaverse passport," a common ID that would include a display name and avatars, and you could potentially use Solid's existent profile and friends stuff too.

blake,

There are definitely a few unfortunate shortcomings with Solid as an ecosystem at the moment:

  • The default web UI, apart from the login process, feels really clunky. Some clever CSS could probably completely fix this.
  • It looks like it's still rather difficult to host your own pod server; they say it's possible but don't tell you how to do it, instead just saying it's not for the faint of heart.
  • It would be great if I could connect a local file server, maybe even one hidden on a local network, or host on multiple pod servers for redundancy of my own data.
  • Is there a way to set up multi-factor authentication or Passkeys yet?

Other improvements I think could be made:

  • A server's home/login page should list a few apps, perhaps configurable by the server administrator (...within Solid itself, of course). A file manager, Penny, and an inbox viewer would be great here.
  • I feel like setting up the inbox as one append-only Resource would be a good idea. Or, you get even more advanced with the ACL, and have it so that each authorized app can see all its own inbox entries.
  • Someone should make a Solid file manager plugin, maybe even with metadata support, for Nautilus and Dolphin, at least. You sign in and authenticate with your pod server, and your available Pods all show up as network filesystems (if there are multiple, they should probably all not be on the sidebar, but if there's just one it's fine).

Seeing as it's been in development for 8 or more years and it's not out of the experimental phase yet, I don't expect it'll ever come to light, but if it does, yeah this could very well change the world...!

blake,

I take back the "default web UI" being clunky. The IDP pages look great; the home pages do not, but that should be easily fixable with a simple index.html, which should be hosted on Solid.

I wonder if any Podserver out there can host a pod container (folder) as a website? i.e. just host the files in the folder, ignoring any content-empty ones? That would be a good use for Solid as well. Hell, give it a Gemini interface, host Gemtext on it!

...You know what, what if I did just that? What if I wrote a Gemini interface to Solid? Could I do that? I don't mean (just) an app, it would have to handle the login and maybe registration too, so you can do it all within Gemini itself. That would at least have to interface with the podserver with elevated permissions...

blake,

I also take back that second paragraph (most of it). I'm not 100% sure how but there is a mechanism for hosting webpages on a Solid podserver, because solid.redpencil.io (which is the one I'm using) does have apps hosted on it. Maybe this is default behavior for world-readable files (or, folders with index.html?)

blake,

Can you use XSLT with RDF? Like, to build a static site or blog type thing with it?

It would be nice if some servers could also pre-render XSLTs on Solid things, so you could have a Web-log and a Gemini-log from the same source (discriminating by output type, probably), or a pretty profile page rendered off of your ~/profile/card#me...

Hey, what if I went a little further and let Things have RDF-marked redirects and headers, executed by the server, basically an equivalent of the Cloudflare Pages _redirects and _headers file formats?

Could you set up a server so that some external domain can get A/AAAA/CNAME'd to it and it serves a pod from it? I'm thinking, a podserver is hosted on fightingthe.foo or something and you could have podname.fightingthe.foo host the actual pods themselves? Or, even better, let people use, say, example.cloud to host their pod and make it available at personal.website, maybe as a kind of alias? Or, maybe just host a sub-folder there, so you can use it as web hosting... the possibilities are endless!

J12t, to fediverse
@J12t@social.coop avatar

I have a 3D avatar that's connected to the !

HTC's Viviverse virtual world turned on their Fediverse connection yesterday I think.

This is actually major news. HTC is a major company!!

Say Hi to @j12t !

blake,

@J12t @j12t I'm not a Vive user (I'm too poor for that) so I don't really know what Viverse is. What sets it apart from VRChat or Horizon Worlds?

joel, to random
@joel@fosstodon.org avatar

I just realized that in more than half of the married couples I know, the woman is older, so yeah :blobcatderpy:

blake,

@joel weird, in every married couple I've ever known well enough, the husband is always older than his wife by usually several years... Then again most of the married couples I've known have been my family and church people...

babadookspinoza, to random
@babadookspinoza@mastodon.social avatar

The ruling class is going to do everything they can to increase their control over what people can see on the Internet. The support for Palestine took them by surprise and they are in panic mode over the possibilities that exist online for the sharing of information and experiences across borders, the extension of solidarity between oppressed peoples everywhere.

blake,

@babadookspinoza That's exactly why AIPAC funded the TikTok ban (oh sorry, "mandatory divestment bill").

If they did decide to sell to an American company, which iirc they said they wouldn't, the American government and other American corporate interests get to fully own and control them. That's the end-goal of the TikTok bill.

mttaggart, to random

Almost nobody has grappled with what it really means for truth when anyone can appear to say anything, do anything. This will impact everything from economic stability to climate policy. It will also impact individual lives in deeply intimate and hurtful ways.

Which is why I believe combating generative content will be one of the most important technical efforts of the next decade.

arstechnica.com/information-technology/2024/04/microsofts-vasa-1-can-deepfake-a-person-with-one-photo-and-one-audio-track/

blake,

@AAKL @mttaggart There's one kinda-cool use for deepfakes, which is a translation thing that makes it look like you're speaking a different language, but I don't think the one or two valid uses for this tech outweigh the infinite harms it's already doing.

blake, to fediverse

idea: a honeypot MITM instance that server admins/mods can use to report who is accessing specific instances. Admins can use that to get rid of problematic users to begin with instead of letting them bring Nazi bullshit onto their instance.

blake, to random

I kinda wish #iceshrimp and/or #sharkey had a tumblr-style queue, I have a ton of unrelated Thoughts but don't want to spam the timeline with them.

It could work if there was a Iceshrimp/Sharkey compatible external client and if they had support for the post scheduling APIs (or just ran in the cloud).

evan, (edited ) to random
@evan@cosocial.ca avatar

I'm sort of interested in "Civil War", but I'm a lot more interested in the idea of nonviolent revolution in the USA; that is, a discontinuous change in the rules of government based on popular demonstrations.

https://en.wikipedia.org/wiki/Nonviolent_revolution?wprov=sfla1

blake,

@evan I wouldn't equate this with an attempted coup with the stated goal of installing an authoritarian leader despite the evidence that the claims they used to justify said coup were completely unfounded.

blake, to random

I'm considering starting a new project (yes, I know), an External Component that is a full MIX implementation -- particularly including MIX-MUC, crucial for backwards compatibility.

At this point I'd only do it with a sponsorship or grant or some such. I don't want to take on the responsibility and sacrifice my free time for it just for it to blow up in my face, I'd much rather have some support structure in place.

blake, to random

Oh hey people, if you know of a bot I can debug my ad-hoc commands and data forms implementations against, let me know... I'm going to need one.

blake,

@Goffi @debacle I think I'm looking for the opposite. I have a client that is supposed to be able to call ad-hoc commands. That's what I'm trying to test.

evan, to random
@evan@cosocial.ca avatar

THE TOTAL ECLIPSE

blake,

@evan I think I'd have to travel to see the total eclipse in person. Something I'll probably never be able to afford to do.

hrefna, to random
@hrefna@hachyderm.io avatar

Captcha: "Click on pictures created by humans"

<includes multiple horses and a cupcake>

Me: Okay but really now we should talk about the horses…

blake,

@hrefna Is that seriously what they're asking in captchas now?

blake, to random

I can't believe the Verge used AI to write half an article about Brother printers and SEO. At the same time, they did it so right.

www.theverge.com/2024/4/2/24117976/best-printer-2024-home-use-office-use-labels-school-homework

hello, to fediverse
@hello@social.wedistribute.org avatar

It's now possible to follow President Biden and the White House on the . Both accounts have enabled the integration via .

https://wedistribute.org/2024/04/president-biden-on-fedi/

blake,

@hello Needless to say it would be best if the government set up an official server to run these accounts with.

blake, to random

The Threads hate is reasonable.

I even agree with it.

And yet I choose to federate with it, under careful supervision and with no hesitation to block at the user level (which I have done several times, with brands).

That's because I'm a cishet white man. I face little threat from Threads.

If I can put this another way: I'm on the team that can try to get "good" Threads users to come over here, like the Green brothers and Joe Biden (people I want to hear from). For many, many other people, the risks outweigh this, so they'll choose to block Threads, which is a valid choice and for them is the correct one, far and away.

Harassment over it is not the answer and will solve nothing.

kerfuffle, to fediverse
@kerfuffle@mastodon.online avatar

Apparently, are looking at to create one global "Gitlab network", so that can interact between various projects without having to register on each of their hosts. https://gitlab.com/groups/gitlab-org/-/epics/11247

blake,

@kerfuffle They're totally doing this in cooperation with Forgejo and Forgefed, right???

evanprodromou, to random

To celebrate the cherry blossom animation on Threads, I'm starting a thread about some of our lovely nativeplants in North America in the Prunus genus. Please give them likes so they can get the little bloom.

blake,

@evanprodromou @evan minor curiosity: what's the cherry blossom animation you speak of?

blake,

@evan @evanprodromou So it's like a custom like animation when that hashtag is present? Neat!

blake, to random

After seeing how the XZ maintainer's burnout and mental health decline was exploited to the potential detriment of the whole world, we're totally going to be supporting our developers more, right guys? We're totally going to fund critical OSS and pay maintainers enough to hire on other maintainers to take the burden off of them and reduce burnout, right? Right?

blake,

Something that makes this so difficult is that there are so many of these (critical infrastructure projects) just littered everywhere. This kind of thing could happen anywhere, and probably has happened undetected elsewhere for years! Finding all of these would be a day job of its own. Then you have to figure out where all that money is coming from, and what's important enough to get how much money.

Most of this is too complex for me to understand.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • normalnudes
  • tsrsr
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • hgfsjryuu7
  • Youngstown
  • InstantRegret
  • slotface
  • khanakhh
  • rosin
  • ngwrru68w68
  • kavyap
  • PowerRangers
  • Leos
  • tacticalgear
  • cubers
  • everett
  • vwfavf
  • ethstaker
  • osvaldo12
  • Durango
  • mdbf
  • modclub
  • cisconetworking
  • GTA5RPClips
  • tester
  • anitta
  • All magazines
    •