Well thanks #DuckDuckGo for helping to destroy the planet a little bit quicker by making all searches default to LLM/AI 🤮
It even has a small print disclaimer saying "These results are not checked for accuracy"... well why the F are you putting these results at the top then? Why are you even showing them at all?
I think I'm becoming utterly disillusioned on tech stuff lately. I'm hugely aware of the "you like stuff you grew up with" and "you have less patience for stuff as you age" biases, but even so...
Streaming is shit.
Searching is shit.
Researching is shit.
Shopping is shit.
Troubleshooting is shit.
My phone is shit. Autocorrect, touchscreen keyboards, Bluetooth, AI, Android Auto, Spotify, all shit.
It's not even capitalism or consumerism, I'm just tired of arguing and fighting with things I own.
And here's the thing: None of this stuff makes me angry. Annoyed, sure, but I've been around computers since I was a toddler, and I have to solve shit problems like these for myself every day.
What makes me angry is: What about all the folks who aren't computer people? How the absolute fuck do they survive in a world where you can no longer function as an employee, a family member, any sort of citizen without encountering this stuff?
Those people are fucking heroes, and I'm angry for them.
This shit is why, when banks announced they were going to stop processing physical checks and a whole wave of elderly folks protested, I understood. It's one of the last fleeting vestiges of anything in their lives that still makes sense, and arguing about the cost of supporting obsolete systems is an absolute red herring.
It's not about the money. It's not about the tech. It's about kindness, and being fucking human to each other.
I'm hoping to recruit more friends and professional contacts over here.
The post includes mentions of some of my favorite accounts including @bookgaga@molly0xfff@triketora@film_girl@fj (if you have advice about how to get more people on Mastodon, I'm all ears)
It’s starting to feel like Threads isn’t integrating ActivtyPub in good faith. Besides no new fediverse features in many months, now they’re popping up this message which will likely discourage many users from keeping it on. And if they’re influencing people to turn it off, they could then say the data suggests people aren’t interested in the feature.
feeling pretty stressed right now, having to make a couple important payments while having basically no money available and unsure about how this is gonna work out
this would be an excellent time for nice fedi beings to give me some money so i can be a little less stressed
I've always believed that displaying the software version allowed malicious users to determine which vulnerabilities affect your software.
For example, NodeBB sends x-powered-by header, but only ever sets the value to NodeBB, this has been the case for many years.
The other line of thinking is that relying on security by obscurity is fallacious, but since it's only one facet of a broader security posture (the rest of it being keeping up with updates, writing as secure code as you can, reporting/bounty systems, audits, etc.), I honestly don't see a problem with transmitting as little information as I can.
The downside of hiding that information is that sites that gather statistics on fediverse software use wouldn't be able to discern software versions for NodeBB in their charts, but I don't think that's necessarily a problem.
I'm confused about a particular aspect of Inbox Forwarding as detailed in the ActivityPub spec:
... the server needs to forward these to recipients that the origin was unable to deliver them to. To do this, the server MUST target and deliver to the values of to, cc, and/or audience...
... The server MUST only target the values of to, cc, and/or audienceon the original object being forwarded, and not pick up any new addressees whilst recursing through the linked objects (in case these addressees were purposefully amended by or via the client).
Emphasis mine.
My reading suggests that only the values of to, cc, and audience on the referenced object should be used, and not those values on the activity itself.
But doing so would preclude the use of Inbox Forwarding in scenarios where the Activity wrapper contains additional addressees that the underlying object does not have.
e.g. A Note by A contains a single addressee: as:Public. It is then Announced by B and C. Later, A updates the Note, and their server sends out Update(Note) with the following addressees: as:Public, B, B/followers, C, C/followers, but the object referenced still contains a single addressee: as:Public.
In that case, when received by B and C, should they forward the activity to their followers?
julian: If the activity is the thing being forwarded, then an additional complication could arise in that I cannot simply re-sign the activity, as my instance key does not belong to the originating actor. this is indeed an issue that arises due to the following: ActivityPub does not specify any authentication/verification mechanism HTTP Signatures, which the current fediverse uses, are not replayable or relayable. If you're concluding that this makes inbox forwarding impossible with HTTP Signatures, then congratulations, you understand why LD Signatures ended up being used for this (and why FEP-8b32 proposes using Data Integrity Proofs at the LD level as well). It's either that, or find a way to replay entire HTTP messages (so that the HTTP Signature can be validated against the original HTTP interaction). Or otherwise rethink the fundamentals of the fediverse's entire security model.
@julian @trwnh
Mbin handles inbox forwarding like this: if the signature does not match, but the url in the id field is from the same domain as a receiver in the to , cc or audience field, we consider it a forwarded message and fetch the original activity from the url in the id field
It was nearly two years ago that I wrote this article1 about the EU #ChatControl surveillance directive on behalf of the @cryptpad team.
Very little has changed since then. Experts in technology, law, and policy all agree that the proposal undermines basic European rights, that it will be abused by authoritarian member states, and that the proposed tech solutions cannot possibly do the job the supporting legislators have claimed.
Nevertheless, they have persisted, claiming the support of "expert testimony" that overwhelmingly consists of unsupported claims by lobbyists associated with law enforcement and defense contractors who stand to benefit financially from its implementation.
A vote is expected to take place on June 19th. These have been scheduled and delayed multiple times already, but this it feels like they might get away with it. There is a lot going on in the EU at the moment, and people are both distracted and tired from fighting this for so long.
I'll try to make resistance easier by collecting some suggested actions below, with links.
Basically, they want to scan everyone's chat messages for illegal stuff, which is completely disproportionate and a #privacy nightmare.
Chat Control violates fundamental rights (according to the European Data Protection Board), and the German Child Protection Association says it's not suitable to combat child abuse.
Please tell your government to vote against it! I already have.