Notices by Christine Lemmer-Webber (cwebber@octodon.social), page 5

Added section on Accountability to OcapPub. https://gitlab.com/spritely/ocappub/blob/master/README.org

BTW, feedback most welcome on this doc... I'm still writing tho

Misread a graph online, thought it was a climate change temperature map but where they showed hotter temperatures as more blue.

It wasn't, but it got me thinking about how that would be a cleverly sneaky tactic and how susceptible we are to cues like that.

ActivityPub Conf's organization has happened from extremely limited resources, but I think at this point I think it's going to be amazing. Looking at the list of people registered and talks already submitted gives me confidence that this is going to be a heck of an event.

There's still slots open if you were thinking about registering, and talk proposals are still open until Monday! https://dustycloud.org/blog/activitypub-conf-2019/

Announcing ActivityPub Conf 2019! September 7th & 8th in Prague, immediately following Rebooting Web of Trust. https://dustycloud.org/blog/activitypub-conf-2019/

Space is limited, see post for details. We are also soliciting talks.

Hope to see you there!

To "protect" myself from dungeon crawl stone soup, I:
- don't have it installed in my default profile (but I can just run `guix environment --ad-hoc crawl` to make one)
- Have a bash alias which admonishes me for trying to run crawl (so I just type `which crawl` instead)

It's not very effective...

@Thib This is partly why I say I think this is a lot like when Mastodon rolled out "private messages" to OStatus that weren't private messages at all, and instead people who shouldn't have seen the messages started seeing them, and it caused a big ruckus. Sounds to me like this is that, volume 2.

It's *worse* to tell users they're having direct messages that don't resemble such at all. Similarly, it's *worse* to tell users that nazis can't see their public posts, when they easily can.

I've finished writing part 1 of "OcapPub: Towards networks of consent", which is to say the "Conceptual Overview" section https://gitlab.com/spritely/ocappub/blob/master/README.org

There's a lot there already, and we haven't even gotten to Part 2, the "How to Build It" section yet. I'll begin work on that tomorrow.

What's here already is more or less an explanation of *why* OcapPub is taking the particular direction it is taking, and why other approaches run into serious problems.

Backdoor discovered in Ruby "strong password" library, takes your "strong passwords" and uploads them into a pastebin https://nakedsecurity.sophos.com/2019/07/09/backdoor-discovered-in-ruby-strong_password-library/

Hi, do you believe me when I say we need ocap security yet

U.S. border authorities hold migrant families in a pen under an El Paso bridge https://www.latimes.com/world/mexico-americas/la-na-asylum-migrants-el-paso-camp-20190329-htmlstory.html

I strongly encourage looking at the pictures; it's important for people to know what this situation looks like.

Chinese activist students posting videos saying they are afraid they will be disappeared by the government, and then they disappear https://www.washingtonpost.com/world/asia_pacific/if-i-disappear-chinese-students-make-farewell-messages-amid-crackdowns-over-labor-activism-/2019/05/25/6fc949c0-727d-11e9-9331-30bc5836f48e_story.html

What do we mean by "the fediverse should move to a more p2p design"? Wikipedia explains:

> Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the application. They are said to form a peer-to-peer network of nodes.
https://en.wikipedia.org/wiki/Peer-to-peer
[cotd...]

More #Spritely Crystal docs updated: https://gitlab.com/spritely/crystal/blob/master/crystal/scribblings/intro.org

The narrative tutorial section of the spec is starting to be fleshed out. It involves two friends who play a pen-and-paper rpg together. So far, Alyssa has uploaded her enchantress' character sheet and Ben has been able to pull it down and take a look at it.

@Framasoft is doing a funding campaign to build activitypub-powered event-hosting software https://joinmobilizon.org/en/

They have a good track record of following through, seems worth supporting

The team I've been working with for the last couple years at the US House of Representatives is looking for a software engineer. Javascript, some linked data (json-ld) stuff, etc. Good people... https://www.indeed.com/cmp/U.S.-House-of-Representatives---Office-of-the-Clerk/jobs/Software-Engineer-7ff68652d160cadc?sjdu=QwrRXKrqZ3CNX5W-O9jEvRFd8FQI4DEv5V74lSpSnHbxJnLlAbxxVsPZ_Y4vN8iG_MQJGesPTee6w99LYyCXz-5dzVLsKUZcPpqC926FtzA7EcIIVbXBV3qHsQVZg79J&tk=1dank0lakhop3803&adid=290133940&vjs=3

@mikegerwitz @lxoliva However, we shouldn't believe that just because something is free software that it is trustworthy, or that we have the capacity to fully audit our software systems for security. The sad reality is that people run way too much code to be able to trust or audit systems, and Ka-Ping Yee's thesis showed that if an attacker wants to add vulnerabilities to (even free) software, even the best programmers won't detect it http://zesty.ca/pubs/yee-phd.pdf

@mikegerwitz @lxoliva I'm glad you ack'ed the "not signed" aspect; regarding the nonfree vs free software: mark the metadata of javascript as librejs compatible, then perform a read or write attack against the system. (Heck, it even *could* be free software compliant; most likely the target isn't checking the licensing situation when they're under such attack, but it's also trivial to lie about it.)

Would you buy/use a computer that ran 3x slower than modern machines if it were more secure (less vulnerable to side-channel attacks)?

Guix 1.0 is out at last! YEAH!
https://www.gnu.org/software/guix/blog/2019/gnu-guix-1.0.0-released/
It even includes a "graphical" (read, curses-like) installer now! (The oldschool DIY route is still available if you like that though!) Lots of other stuff too!

Congrats Guix team!

Lemmy is apparently a federated Reddit alternative using ActivityPub written in Rust https://github.com/dessalines/lemmy

Mark Zuckerberg leveraged Facebook user data to fight rivals and help friends, leaked documents show https://www.nbcnews.com/tech/social-media/mark-zuckerberg-leveraged-facebook-user-data-fight-rivals-help-friends-n994706

a n t i t r u s t