Notices by Christopher Lemmer Webber (cwebber)

New blogpost: Content addressed vocabulary https://dustycloud.org/blog/content-addressed-vocabulary/

(Or: how to make vocabulary extensions not a nightmare in ActivityPub and elsewhere.)

MediaGoblin community meeting this weekend - 4pm Sat Feb 15 UTC-5 (aka 9pm UTC) https://lists.gnu.org/archive/html/mediagoblin-devel/2020-02/msg00009.html

The first one in a really long while!

@lain On making Crash Bandicoot:

> We called it the “Sonic’s Ass” game. And it was born from the question: what would a 3D CAG be like? Well, we thought, you’d spend a lot of time looking at “Sonic’s Ass.”

https://all-things-andy-gavin.com/2011/02/02/making-crash-bandicoot-part-1/

Joint statement on the GNU Project https://guix.gnu.org/blog/2019/joint-statement-on-the-gnu-project/

In the meanwhile, we have some difficult work in front of us; while again I think RMS stepping down was completely correct, we can at least say that RMS was stubbornly principled. Right now if you look at the OSI license lists, I think you can see a lot of people trying to chip away at the principles of FOSS, maybe even unintentionally.

We need to re-examine and clearly be able to articulate the reasons we are taking these positions ourselves.

@lain the best trash we have, but not the best trash we could have ;)

I am still optimistic that it's possible to do better with activitypub as the framework; with the exception of sharedInbox (and maybe whether or not we could give people something that causes less community strife than currently has existed with json-ld), AP's foundations (as written in the spec) are good.

I think it is possible to do better, without throwing all the trash in the trash at once ;) https://gitlab.com/spritely/ocappub/blob/master/README.org

It would be better if the internet were modeled off of something like Tor .onion services, where you *know* you have a secure path, because the address is literally the fingerprint of the server. "But how can I make sense of which site is which?" You guessed it, petnames https://github.com/cwebber/rebooting-the-web-of-trust-spring2018/blob/petnames/draft-documents/making-dids-invisible-with-petnames.md

And, bookmarks *are* petnames, with a minor UI tweak https://www.w3.org/2005/Security/usability-ws/papers/02-hp-petname/

The DNS + SSL CA model puts users at risk. I hope we can move past it.

Would you buy/use a computer that ran 3x slower than modern machines if it were more secure (less vulnerable to side-channel attacks)?

I hate the "own your data" meme in the decentralized social web. A friend of mine pointed out how useless the phrase is a few years ago and I agree. "Ownership" sounds an awful lot like digital "property", which is nonsense when moving from physical to digital stuff because copying doesn't destroy the original. The path you go down there is the path to artificial constraints like DRM. Yikes!

We should be talking about user autonomy instead. That's a much better meme.

Here's @drak's Wisp: Lisp, minus the parentheses https://bitbucket.org/ArneBab/wisp

Arne gave a talk about it at this FOSDEM, highly recommended: https://video.fosdem.org/2019/K.4.201/experiencewithwisp.webm

I've written about it before: https://dustycloud.org/blog/wisp-lisp-alternative/

And, relevant to Golem, here's downloading chunked files over a p2p network in Wisp code: https://bitbucket.org/ArneBab/wisp/src/cca15c7abc86a500a313315344f9f46bc90e9ce8/examples/downloadmesh.w?fileviewer=file-view-default

It's public now! Spritely (and myself) have been awarded a Samsung Stack Zero grant! I'm funded for the next two years to bring ActivityPub and the fediverse to the next level. Secure interactions, object capabilities, p2p content delivery, all that stuff! https://samsungnext.com/whats-next/category/podcasts/decentralization-samsung-next-stack-zero-grant-recipients/

2) The reason DNS/SSL are so hard is *because* of the coordination with central authorities.
3) If your address was your key fingerprint, no need for a CA; you already know how to make a secure connection (why .onion does not need https)
4) SSL CAs are as weak as the *weakest* CA in your CA list. It only takes one badly acting CA for you to be man in the middled.
5) DNS and SSL CAs centralize the otherwise decentralized fediverse.

Down with DNS, down with SSL CA cartels.

Google is shutting down Google Plus in just a couple of months from now. https://support.google.com/plus/answer/9195133

In the meanwhile I know of people desperately trying to pull their G+ data out of Google Takeout and it isn't working.

I feel like the lessons of this speak for themselves?

@jalcine It's too bad our years aren't as precise to the second as we'd like because of leap years / seconds or one could make a great modular arithmetic joke, like

"Happy $time % 31536000 == 0"

There's a new episode of @librelounge out where we interview Karen Sandler about herself and her work as Software Freedom Conservancy's executive director https://librelounge.org/episodes/episode-5-karen-sandler-and-software-freedom-conservancy.html

Can I also just take a moment to say... WOW! Karen Sandler is our first guest on Libre Lounge! Karen co-hosted Free as in Freedom and that show is an obvious direct inspiration for Libre Lounge; it's *amazing* to me that she's our first guest!

Hope you like the episode! I think it's our best yet!

"They had a lot of power, and they used a lot of that power to affect things, and I think that's a point worth respecting"

Who's ready for the next episode of Libre Lounge?

Episode 2: Thanksgiving, NPM and Malware in Free Software https://librelounge.org/episodes/episode-2-thanksgiving-npm-and-malware-in-free-software.html

Happy to see that the fediverse response to https://librelounge.org seems so positive. Makes me excited about producing more episodes!

My friend Serge (emacsen) and I just kicked off a new podcast, Libre Lounge: https://librelounge.org/

"Episode 1: Corporate control, org-mode, mobile phones and PDAs" is out: https://librelounge.org/episodes/episode-1-corporate-control-org-mode-mobile-phones-and-pdas.html https://archive.org/download/librelounge-ep-001/librelounge-ep-001.mp3

It disappoints me that Etherium did such a good job of making people think that "smart contracts" are only for code that runs on a blockchain. That term exists before blockchains has, and was used for distributed transactional agreements between parties since the 90s. While smart contracts on blockchains is absolutely an application, in the 90s smart contracts ran on even just the actor model. You can read more here: http://erights.org/smart-contracts/index.html