This writeup of my #LibrePlanet2018 keynote on BoingBoing is more eloquent and concise than the talk. Thanks to Cory for the awesome summary, reflections, and signal boost! https://boingboing.net/2018/06/21/digital-enclosure.html
@joeyh If you're an ActivityPub implementor, you should *make sure your software is not vulnerable to these kinds of attacks*. The redirect one is especially tricky.
@joeyh posted about two security vulnerabilities he uncovered http://joeyh.name/blog/entry/two_security_holes_and_a_new_library/
Notably the ActivityPub appendix warns about these kinds of security vulnerabilities: don't fetch from uri schemes you don't know (be sure your http lib doesn't accept file://) and don't fetch from localhost (though sadly it's hard not to do this one... "localhost-only" is mostly doomed).
But Joey's post also points out that even if you filter out the scheme and localhost yourself, redirects may bite you
ActivityPubConf
A yearly online conference with presentations from AP developers and others, hosted on PeerTube and accessible to everyone. I think this will be my next project!
"Both Bitcoin and Ethereum mining are very centralized, with the top four miners in Bitcoin and the top three miners in Ethereum controlling more than 50% of the hash rate.
The entire blockchain for both systems is determined by fewer than 20 mining entities."
In other words: decentralization in the crypto space is a myth, just as it is a myth that cryptos are currencies at all.
http://hackingdistributed.com/2018/01/15/decentralization-bitcoin-ethereum/
I've written a lot, in other places about how the modern web is a trashfire. I'm not going to re-hash all those ideas here, but I'll sum up:
- Massive downloads for no reason
- Arbitrary code execution
- Tracking you constantly (advertising)
- Increasingly silo'd
- Tracking you constantly (NSA Panopticon)
- Bad Laws (we'll discuss this at length.)
- EME/DRM in browsers
tired: techies
wired: tech workers
inspired: tech class-conscious workers
Go Vitalik Buterin! Use your massive following to make some change in the world!
As I now have both #mastodon and #pleroma running on my #raspberrypi, I played around a bit with pleroma.
Its main assets are that it has very low resource and is very quick to start. It is also simpler to install than mastodon.
On the other hand, it lacks several features that I really like, in particular CW and post privacy. Posts from mastodon to pleroma only work if they are public or unlisted. Posts from pleroma to mastodon are always public.
I'd like something that has some affinity with social.coop because I want to test federation, which I was unable to do from pump.io. And I don't want to annoy people here with my federated connection.
Also I do not want to annoy people in a Pleroma space with this guy who is basically just testing.
I'd like to get some experience using Pleroma in my quest for an ActivityPub instance to use for economic networks. @mayel suggested social.coop which I like a lot.
I am aware that the fediverse contains a bewildering variety of social contexts and conflicts, so I am asking for recommendations.
.@mhall119 is developing an ethical alternative to #MeetUp called #GetTogether.
There's already a flagship site up and running:
https://gettogether.community/
The dev is working on #ActivityPub support and is requesting feedback on what more needs to be done:
https://github.com/GetTogetherComm/GetTogether/issues/60
If you're interested in helping federate GetTogether, join the discussion at the link above.
More of the same (I think): https://social.coop/media/X-r1dqiUpQRpYfpW--E
http://pump.io/ was one of the AP implementations suggested by @cwebber
I tried their remote registration with my social.coop id:
https://datamost.com/main/remote
got this:
> Error: social.coop does not implement registration_endpoint
...etc...
Co-ops, democratically run and emphasizing long-term sustainability over short-term profits, are a key part of the #SolidarityEconomy.
Earlier this month, Wired UK published a brief but interesting profile of "CoTech, a growing network of tech co-operatives in the UK. There are currently 30 tech businesses united under the CoTech banner, which range from filmmakers to programmers; they collectively employ more than 250 staff and have revenues of over £10.2 million."
http://www.wired.co.uk/article/cotech-tech-cooperatives-blake-house-outlandish
"Amazon staff have called on CEO Jeff Bezos to stop selling facial recognition technology to law enforcement and government agencies, due to the potential that the tech is used to "harm the most marginalized." This follows similar demands from Microsoft employees and Google workers over those companies' contracts with Immigration and Customs Enforcement (ICE) and the Department of Defense, respectively."
Working people are the last bastion of ethics under capitalism.