blake

danhulton, 3 months ago to random

I wanna surface this to my main timeline because it's kinda important to say out loud from time to time:

Businesses do NOT "have to" focus exclusively on their return to shareholders. Not legally, not morally.

That is the misguided OPINION of a 1970 essay by Milton Friedman, and the fact that everyone seemed to just hop on board that opinion is a significant reason why we switched gears into hyper-hell-capitaliam since then.

Push back on this every time you see it.

blake, 1 month ago to random

After seeing how the XZ maintainer's burnout and mental health decline was exploited to the potential detriment of the whole world, we're totally going to be supporting our developers more, right guys? We're totally going to fund critical OSS and pay maintainers enough to hire on other maintainers to take the burden off of them and reduce burnout, right? Right?

blake, 15 days ago to random

My Bridge Wizard now includes support for Bridgy Fed's ATProto-ActivityPub bridge in both directions! It tells you briefly how to opt in, and warns you that it might not work as expected.

blake, 4 months ago to random

#Kagi picked its side: it's a search engine for the alt-right. It has done so by refusing to listen to subscribers who are endangered (!!!) by their decision, by playing the AI card some time back, and by refusing to do remotely the right thing in other scenarios (i.e. fighting COVID misinformation).

Not to mention, declaring COVID or gay rights "political" is a tell tale sign that you're closeted right wing. Which is what the founder did. He's no different from Eich, he just doesn't want to admit it.

@Seirdy was the shining beacon of ethics and reason in that thread. I love and appreciate that they framed it as a business growth decision, something that they could maybe understand, but unfortunately it seems like they decided queer folk are not their intended audience.

blake, 5 months ago to random

Not my quote, but:
Who the fuck votes no to a ceasefire?

blake, 9 months ago to random

New instance, new #introduction (as I'm bombarded with "X followed you!" notifications from migrating)!

My name is Blake Leonard, I write software for fun and hope I can do the one thing I'm good at for a living. For now I make money to support my hobbies and family's Christmas presents at a grocery store, which isn't bad work but it doesn't pay much (so I haven't moved out yet 😔) and it's not well suited for me.

Like many others, I migrated away from #Fosstodon today. It's not the first migration I've done; last time, I came amicably from indieweb.social to a community (and timeline) that suited me better. Today's migration away from Fosstodon comes in response to a few things, in rough order of weight on my decision:

• Firefish's feature set is so much richer than Mastodon's. Quoting, longer posts, and markup are among the things I've missed most when on my main account.
• I found out this morning that some years ago one of the admins said some problematic things -- generally problematic with an ignorant use of the word "snowflake," followed by remarks about how pronouns in profiles are annoying. I'm not going to tolerate that from someone I trust as a custodian of my identity. This would have ranked higher if it weren't years ago and long resolved.
• I'm sure it wasn't meant to come across this way but I received some condescending responses from one admin to genuine questions about moderation decisions. It wasn't a one time incident. It's happened multiple times. That doesn't exactly make me feel welcome there.
• The biggest thing causing the rounds of drama right now is the English-only rule, which as a cis white American man who only (in any usable capacity) speaks English, I fully understand the long-established decision to keep the instance English-only for moderation reasons. At that scale though, they probably should have more than two moderators, and at least one of them should probably speak some other language. The policy, when brought to light that they seemed to be more strictly enforcing it (which they denied, of course, but I'm sure there's a reason why people are only now upset about it when it's been around forever), felt like it would further hinder my ability to reply to comments in German than my A1 level knowledge of the language does, despite them denying it.

Due primarily to the transphobia/right-of-center issue, I did cancel my Patreon membership at Fosstodon, because while I have enough reason to trust that they're not just pocketing the money, I don't trust them to handle it anymore (plus, I'm not on their server now).

I ended up picking this server at Kainoa's suggestion, which I agreed with because of Infosec Exchange's reputation, which is pretty good as far as Fedi servers go.

I'll probably spend the next couple hours switching my website to pull posts from a "clip" on this account instead of all public posts from my old account. If you have any questions about me, or my decision to migrate here; ask away!

blake, 7 months ago to random

My other server, firefish.social, is becoming increasingly painful... it is guaranteed to "error" every time I post, and it also takes forever to load any posts. Now, it will actually error sometimes when posting, and give a different error if it succeeds. I also get zero feedback on the success of certain actions, like boosting, favoriting, and reacting. I have no idea what's going on there and I suspect neither does Kainoa. So I'm looking for another server to house that account, where I post about climate, personal life stuff, and US/NC politics (and trans rights!).

I'm trying out @blake but the/an admin there is immediately making me uncomfortable right off the bat with provocative, argumentative comments (doesn't matter if they're right or wrong, the point is it's far from the kind of thing I want to see or engage with). The server is also not very well federated. So maybe another Firefish server... there aren't a lot on joinfirefish.org. I'd consider hosting my own if it wasn't so goddamn expensive, and getting it well federated is pretty much impossible on a single user instance (the Fedibuzz relay doesn't work, and regular relays don't include servers I want to hear from!).

blake, 1 month ago to random

Has anyone tried checking #liblzma #xz against known symbols to see what mismatches? Any differences in these differences between 5.6.0 and 5.4.5 (I expect there should be)?

I would do this but I don't know how.

blake, 3 months ago to random

Recently I've noticed a lot of moderative issues that have (potential) solutions and mitigations.
The spam issue, as @devnull pointed out, could be reduced with some kind of reputation system (although doing that in a federated environment could prove difficult).
I've said numerous times we could really use some kind of approval-based federation (I propose both "newly discovered instances must be approved" and "newly discovered users from specific instances must be approved"). This is something between block-by-default and allow-by-default. Maybe you could let lookups from a logged-in local user bypass these, too.
It was either @hrefna or someone else, I forget, who said treating the "replies" collection as the definitive collection of replies would enable moderating or restricting replies to a post.
I think the available time and attention is probably being well spent but these things probably deserve more time and attention than something like quote posts.

blake, 3 months ago to random

I went outside and thought up a system of "Federation protection levels." When applied "globally," it applies to all undiscovered/unapproved instances and controls whether they can be added. Approval of an instance involves setting its protection level. When applied at the "(remote) instance" level, it applies to a specific instance, similar to the existing "suspend" and "silenced/limited" actions, which should remain as they also do different things. The most specific level always applies; so if a level is applied to an instance, that instance is unaffected by the "global" level. Note that this system is designed for Mastodon's simplicity principles and more advanced software should adopt more granular controls.

Maybe I'll turn this into a blog post later with more details.

Platinum - Maximum protection

• (When set at the "global" level:) Incoming activities from newly discovered instances are completely ignored and must be added manually (allow-list federation).
• (When set at the "global" level:) Authorized Fetch (HTTP signatures) are enforced. Unknown signatures are not checked and are automatically denied/dropped (as if interacting from a suspended instance).
• Newly discovered actors are completely ignored, along with their posts, and also must be added manually by administrators or moderators
• Media from unknown remote instances is completely blocked
• (When set at the "global" level:) Boosts of posts by unknown users or users from unknown instances are ignored.
• (When set at the "instance" level:) Boosts of posts by unknown users from this instance are ignored.
• Follow requests are forced ON for follows from the remote instance.
• A severe rate limit is applied to all affected remote instances.

Gold - Elevated protection

• (When set at the "global" level:) Newly discovered instances are flagged for approval.
• (When set at the "global" level:) Authorized Fetch (HTTP signatures) are enforced.
• Newly discovered actors are flagged for approval. They are allowed to publish and subscribe, under the limitations from the protection level.
• A strict rate-limit is applied.
• Incoming notes from users/accounts from this instance who are not followed by a local user/account are dropped.
• (When set at the "global" level:) Boosts of posts by unknown actors or users from unknown instances are only federated if the booster is followed locally.
• (When set at the "instance" level:) Boosts of posts by unknown actors from this instance are only federated if the booster is followed locally.
• Media is cached/proxied only when directly posted by locally followed actors.
• Direct messages from an actor A to an actor B which does not follow actor A are dropped (or maybe hidden away somewhere).
• Follow requests are forced ON for follows from the remote instance.

Silver - Medium protection

• (When set at the "global" level:) Newly discovered instances are flagged for approval. They are allowed to publish and subscribe, under the limitations from the protection level.
• (When set at the "global" level:) Authorized Fetch (HTTP signatures) are enforced.
• Newly discovered users/accounts are flagged for approval. They are allowed to publish and subscribe, under the limitations from the protection level.
• Direct messages from an actor A to an actor B which does not follow actor A are dropped (or maybe hidden away somewhere).

Bronze - Minimal protection
This is the only protection level available today.

• (When set at the "global" level:) Authorized Fetch (HTTP signatures) are not enforced; that is, you are able to look up any public post simply by not including the relevant headers.

blake, 4 months ago to random

Something New on The Mystery Signal on 155.52 MHz: it came on, kept repeating two patterns (we'll call them "data", the random-looking one, and "pause", the one that comes out like a bunch of straight or wavy lines on the waterfall), occasionally cut off and started the preamble tones again and kept going, until it broke the pattern, sent something with longer data and shorter pauses, and then cut off.

Usually, the "pause" is quite short, but during this transmission, it was almost the same length as the "data" portions.

Also, in SSB or DSB modes, the outro tone sounds like a DTMF tone. The intro tones don't, I think, although the first of the three intro tones is the same as the outro tone.

I should have recorded that long burst to see if the restarts were a specific time apart or something.

blake, 3 months ago to forum

A #forum that takes on #Discord would have to:

• Have some kind of real-time interface. The chat-like style Spectrum.chat used was great for this (apart from Spectrum (source linked) being slow as hell).
• Provide plenty of single sign-on. IndieAuth on by default could be a big help.
• Have a cheap/free (at least sponsor open-source projects to be free), dead-simple way to host your own

Other nice-to-haves:

• Fediverse support of some kind.
• Integration with Discord (hell, using Discord's forums, and bi-directional! It's possible with Discord's API, last I checked).

blake, 3 months ago to random

Well now we know what Fediverse server software has a 9.8/10 severity vulnerability... and now we're just waiting for them to haggle over putting out the fix!

blake, 3 months ago to random

Not all things need to be federated. Wikis probably shouldn't be openly federated (although closed federation a la IRC and pushing to mirrors isn't a terrible idea). Forums can get away with not being federated. Both should probably support something like IndieAuth to make it far simpler to participate, though.

blake, 2 months ago to fediverse

#fediverse app idea: voice/audio oriented. so, kinda like Pixelfed but for audio. The idea is that it's entirely voice-navigable and accessible too, maybe uses text-to-speech to read text notes, maybe use speech-recognition to create a transcript of the note and set it as the alt text. Maybe even stick a native mobile app with it and have it run when the phone's locked until you stop interacting with it or swipe off the app, so you can use it through your headphones, earbuds, or what have you. I feel like the blind or visually impaired might like this, as well as anyone who doesn't want to stare at a screen all the time.

chillicampari, 1 month ago to linux

Is there concern for snaps or flatpaks? Checking my own stuff it looks like applications using bundled liblzma are running in the 5.2.* - 5.4.* versions, but if someone has a bleeding edge application running an affected version, what would the remediation be? Would uninstalling it be sufficient?

#snap #flatpak #linux #xz #liblzma

blake, 1 month ago to fediverse

#Fediverse idea: a honeypot MITM instance that server admins/mods can use to report who is accessing specific instances. Admins can use that to get rid of problematic users to begin with instead of letting them bring Nazi bullshit onto their instance.

blake, 4 months ago to fediverse

I think either I or someone else had this idea before, maybe someone with more spoons than me can build it: a federated Thing directory, powered by #ActivityPub.

Some aspects of such an app:

• No "content" would be hosted there. Instead it would point to where it should be, which could include federated platforms like Peertube, in which case it would "boost" instead of "link."
• It wouldn't be built directly compatible with Mastodon (i.e. it wouldn't use Notes for published links). It might just be coincidental.
• It probably wouldn't use WebFinger because there's not much of a point. (I guess it could use it to refer to users, but that sounds out of scope, and potentially confusing as link collections would probably exist too)
• Each directory (instance) would search itself by default, and it could probably use a minified index to determine when it should try searching another directory, which would be done on that directory.
• Metadata included, but not passed around.
• Directories (and/or collections?) would have their own set of key-words which other directories would use to know when to search that directory. There would be a hard cap for how many are stored for each directory, although maybe it could be adjustable.
• The intent is to make things like Fediverse instances and media streams discoverable in a decentralized way. It's not built for things like article sharing (like Lemmy) or bookmarks (like Postmarks), and that use should be discouraged.
• Each entry would include a key or a hash to verify or decrypt the content with. Hashes aren't needed if the entry points to something content-addressable, i.e. DIDs or IPFS. Also they'd probably be "highly recommended," maybe penalized if it's not included or something, instead of outright required, since media streams likely won't be signed nor will they be hashable by its nature as perpetually changing.

blake, 3 months ago to random

I'm beginning to think that the (Mastodon/ActivityPub) Fediverse actually can't be what we're trying to make it (i.e. the definitive social web). Mastodonians are so brazenly hostile towards things like search and quote posting that would help everyone from Black people calling out impostors to experts offering helpful commentary, and bridges that bring more people on¹, and towards anyone who knowingly or not violates the norms. If you bully everyone off the Fediverse, nobody's going to be here. You'll have your little sheltered corner and that's it. So many respectable people have been bullied off of here, to the point that Threads and Bluesky with all of their moderation problems are more comfortable to them.

We also just don't have the tools necessary to effectively expel hate or control spam. (Or rather, we do, but they're not added in or deployed really anywhere.) Instead, we have feudal forum admins who ban everyone they disagree with, cutting thousands of people off from their friends at a whim. Even corporate moderation isn't this bad.

Defederation culture is already making Fedi unusable for pretty much fucking everyone -- like COVID, everyone knows someone who's been defederated, and there's a pretty good chance you have been or will be defederated too. And once it's happened, there's no going back to how it was before.

Plus, our software is built for the old web where federation was the norm, not the new web many people are used to. This makes it very confusing for newcomers and old-timers alike. This is probably the one real advantage Nostr has. Bluesky kinda does this but they're mostly a centralized silo (for now) so maybe they don't count for this point.

The unfortunate thing about having a world that could be whatever you want is that nobody can agree on what it should be.

¹ I totally understand the problems with this; my point was that blocking so many people from joining is counterproductive. See my points about the software and the moderation tools.

blake, 1 month ago to random

I can't believe the Verge used AI to write half an article about Brother printers and SEO. At the same time, they did it so right.

www.theverge.com/2024/4/2/24117976/best-printer-2024-home-use-office-use-labels-school-homework

blake, 4 months ago to random

STOP BUILDING LUXURY CARS/HOUSES

NOBODY CAN AFFORD THEM

"Oh let me pay a million dollars for a fucking closet because there's nowhere else to go!"

THEY HAVE PLAYED US FOR ABSOLUTE FOOLS

mttaggart, 1 month ago to random

Almost nobody has grappled with what it really means for truth when anyone can appear to say anything, do anything. This will impact everything from economic stability to climate policy. It will also impact individual lives in deeply intimate and hurtful ways.

Which is why I believe combating generative content will be one of the most important technical efforts of the next decade.

arstechnica.com/information-technology/2024/04/microsofts-vasa-1-can-deepfake-a-person-with-one-photo-and-one-audio-track/

blake, 1 month ago to random

The Threads hate is reasonable.

I even agree with it.

And yet I choose to federate with it, under careful supervision and with no hesitation to block at the user level (which I have done several times, with brands).

That's because I'm a cishet white man. I face little threat from Threads.

If I can put this another way: I'm on the team that can try to get "good" Threads users to come over here, like the Green brothers and Joe Biden (people I want to hear from). For many, many other people, the risks outweigh this, so they'll choose to block Threads, which is a valid choice and for them is the correct one, far and away.

Harassment over it is not the answer and will solve nothing.