Decentralized IDs (DIDs) have been made into a W3C recommendation. There were some objections, but they were overruled.
w3.org/2022/06/DIDRecommendati

Here's a passing thought for you:

If misinformation is outlawed, it would literally be illegal to be wrong on the internet.

The old, sarcastic comment of "It must be true, it's on the internet! You can't put things on the internet that aren't true." would take on an entirely new meaning.

Mastodon has a ticket open for passwordless authentication (webauthn).

It would allow you to use a hardware token to log in. These tokens have built in two factor auth (hardware + PIN for hardware). That same hardware/PIN would also let you into Office 365, be the second + third factor for Gmail and eventually work everywhere.

And if you want to keep password, you can.

If you have a github account, give it a 👍 if you like this request. Boosts welcome.

github.com/mastodon/mastodon/i

All hardware issues have been addressed and the ceph cluster is now in a clean state again.

No data lost despite multiple drives having issues concurrently.

USPOL 

I'm not going to boost it due to a lack of content warning, but this artist makes a good point.

What actions are people actually willing to take? Organizing and getting out the vote, lawful protests, peaceful protests that disrupt logistics (e.g., traffic), assassinations, or will people just complain on the internet? Or something else?

kolektiva.social/@thebonoboage

Digital currency legislation in US 

I have only read the article, not the entire 69 page bill, but based on the overview, it sounds pretty good to me.

One part that made me laugh out loud was that "The [government is] expected to develop rules for such cybersecurity standards." I hope they're better than the standards that the NSA used to prevent the Snowden leaks, or that the OPM used, or the military, or... you get the idea.

en.m.wikipedia.org/wiki/Office
legalbites.in/american-militar

Show thread

Digital currency legislation in US 

It was just yesterday that I was lamenting the paperwork burdon that disincentivises using digital currencies as digital currencies

Today, I found that there is legislation that would eliminate that if it were under $200 in gains!

bitcoinmagazine.com/business/h

The legislation is bipartisan, which means it has a better chance of passing if it makes it through the 4 committees that need to approve it. The main thing is that it tells the [C]FTC that it's their problem

This wiki explicitly says that the raspberry pi playforms are NOT a bedrock platform, despite being around and supported for a decade. permacomputing.net/bedrock_pla

I see their point about it being a single company that produces the hardware, but is there any better choice?

Show thread

Hey folks,

Do you know where people can go to find a list of projects that implement the principles?

I see things like permacomputing.net/hardware/ that talk about what properties to strive for, but not any lists that are actionable.

For example, "These software projects run on old hardware and the community is committed to continue support for them.

Or "These are projects that produce hardware that is designed to last, be repairable, and be expandable."

Hey folks,

Do you know where people can go to find a list of projects that implement the principles?

I see things like permacomputing.net/hardware/ that talk about what properties to strive for, but not any lists that are actionable.

For example, "These software projects run on old hardware and the community is committed to continue support for them.

Or "These are projects that produce hardware that is designed to last, be repairable, and be expandable."

If you have 100B parameters in your machine learning algorithm, we need to talk... about feature set reduction.

Boost if you remember the times when GIFs were used for transparency instead of animation.

humanitarians weigh in on bitcoin 

Tech bros: Bitcoin is horrible, it's a scam, it has no purpose except laundering money, etc

Human rights advocates: Bitcoin is essential

“One could almost excuse the 25 technologists who wrote the anti-crypto letter for not understanding the global impact of bitcoin,” Gladstein said in an interview.
cnbc.com/2022/06/07/human-righ

For context, Alex Gladstein is the chief strategy officer of the Human Rights Foundation.

And I see Mastodon also has some open tickets about passwordless authentication.

github.com/mastodon/mastodon/i
github.com/mastodon/mastodon/i

Prepare to get some contributions. I am on a mission!

Show thread

I'm going to personally help improve security (and ideally end passwords) in a bunch of software

I've already:
- updated the build scripts for u2f-pam and signed up for an account to contribute that to Debian.
- written a **simple** webauthn demo (2 JS function, no libraries, < 100 lines of code) gitlab.com/adam949/webauthn_de

Now I:
- Have the @matrix ticket github.com/matrix-org/synapse/ in my sights
- A couple Nextcloud tickets github.com/nextcloud/server/is github.com/nextcloud/server/is

And I'll be looking for more

Tweet from Birdsite, promotes decentralization 

"Logging into 100+ sites to change your address is fun. This is why decentralized identity is great. Let us own an identity ourselves and we share that with websites. Update in one place and it updates in all."

twitter.com/FrankMcG/status/15

The security and convenience upgrades continue! Now Icm using my hardware security device to log into my computer (both from the terminal and in the GUI), switching users with "su", and if I used sudo, I could use it there too.

I've used it to log into Mozilla's demo site, so I know it work for the web too.

It reportedly also works to unlock Full Disk Encryption.

, , , here I come!!!

Show thread

OMG, I just made the most amazing security upgrade I've made in a LONG time: hardware security for my SSH key.

This isn't like a second factor (2FA/OTP), I mean that I literally do not have my private keys on my computer!

No extra software to install either.

Furthermore, the hardware authentication device is open source, yes both hardware and software.

Instructions: blog.trezor.io/openssh-with-fi

Punchline is just this:
ssh-keygen -t ecdsa-sk -O application=ssh:user@example.com

Show older
hax0rbana.social

Mostly hackers, mostly in Urbana, IL, talking to each other & our friends on like-minded servers without giving our personal data to the marketing machine.