I don't know about the vest, but I use walking sticks and hydration. I'm 70, and I just spent several months hiking in the desert soouthwest US. With my knees I need the help of walking sticks, and every place I hiked warn you to bring hydration. People die because they are unprepared.
Hank G ☑️ reshared this.
Back in the 90s you could surf the web, just like today, with multiple tabs/programs, on less than 100 MB and it was speedy fast! And today.. it is all going in reverse. And I am not even talking about JavaScript here. Software keeps getting every bigger, forcing the world to build ever-faster computers to keep up, or else we'd be crushed under the weight of our own programs. If the developers of today were forced to live with the computers of the 90s perhaps the situation would improve.
Apple's imposition of cell phones did a lot to curb that, amazingly enough. It was bad for other reasons, but...
A little #dartlang tip for when you want to have an empty collection as your default argument in a constructor. #programming https://nequalsonelifestyle.com/2022/05/26/default-constructors-parameters-with-collections/
Dart Tip: Default Constructor Parameters With Collections
Personal Exploration of Engineering, Software, Food, and Longevitynequalsonelifestyle.com
Christoph S likes this.
I had already been living in Australia for about seven years when the Port Arthur massacre occurred. A conservative federal government brought in strict gun ownership reforms, combined with a buy back of people's weapons. Even conservatives in a country proud of its rough bush background felt things had gone too far.
I remember having people from the US asking me if Australia's crime had gone up "300%". This was being passed around in the US as a "fact" by people who had never stepped foot in Australia. No, Australian crime went down.
https://www.theguardian.com/world/2016/mar/15/it-took-one-massacre-how-australia-made-gun-control-happen-after-port-arthur
2 people like this
Hank G ☑️ reshared this.
I had already been living in Australia for about seven years when the Port Arthur massacre occurred. A conservative federal government brought in strict gun ownership reforms, combined with a buy back of people's weapons. Even conservatives in a country proud of its rough bush background felt things had gone too far.
I remember having people from the US asking me if Australia's crime had gone up "300%". This was being passed around in the US as a "fact" by people who had never stepped foot in Australia. No, Australian crime went down.
https://www.theguardian.com/world/2016/mar/15/it-took-one-massacre-how-australia-made-gun-control-happen-after-port-arthur
I remember having people from the US asking me if Australia's crime had gone up "300%". This was being passed around in the US as a "fact" by people who had never stepped foot in Australia. No, Australian crime went down.
https://www.theguardian.com/world/2016/mar/15/it-took-one-massacre-how-australia-made-gun-control-happen-after-port-arthur
11 people like this
3 people reshared this
It just occurred to me, it's not an obsession with guns, it's not a fetish ... it's an addiction.
As 12-Step programs note, 'Our lives have become unmanageable ...'
As 12-Step programs note, 'Our lives have become unmanageable ...'
It is a sickness. There's nothing rational about their dependency. It could as easily be cocaine. In fact it would be less destructive if it were.
Mental note: don't begin a refactoring before leaving for vacation without leaving some notes behind. #programming
2 people like this
@randygalbraith Ironically, now that I'm figuring out where I was going with it I don't like the new design either. With two weeks away I see where I went wrong with the original design and how to more properly refactor it so scrapping it and doing that instead :).
I am going to have this added to my funeral instructions too now...haha... #humor 
6 people like this
If you are looking for an alternative to Amazon/Kindle Bookshop.org and MyMustReads is one choice that has a lot of promise but needs a bit more to go before I could see switching over to it full time. Full review of MyMustReads App here: https://nequalsonelifestyle.com/2022/05/25/mymustreads-review/
MyMustReads Mobile E-Book Reader Review
Personal Exploration of Engineering, Software, Food, and Longevitynequalsonelifestyle.com
3 people like this
Susan ✶✶✶✶ reshared this.
Hank G ☑️ reshared this.
I have a 1hr talk on the past, present, futures of #ActivityPub last week. Here is a recording.
https://youtu.be/c17gjxEoyMQ
https://youtu.be/c17gjxEoyMQ
Benjamin Goering on "ActivityPub W3C Recommendation"
Benjamin Goering on "ActivityPub W3C Recommendation"was originally presented for Papers We Love (SF) on Thursday, May 19, 20227:00 PM to 8:30 PM PThttps://ww...YouTube
Hank G ☑️ likes this.
2 people reshared this
Ideal would be if you can run a hub, then post a message about a second publically accessible hub where people can reach you. Then that hub would sync with your primary hub, whenever you started it up and connected to the secondary one.
Like Scuttlebutt's "pub" record.
Like Scuttlebutt's "pub" record.
Nah, it looks like Hubzilla requires that you have a DNS record, and an SSL certificate, and an always-up server, and nginx, and the ability to configure nginx to proxy through Hubzilla. So nomadic identity is kind of a lie.
an opportunity to insert myselfnomadic identity in zot (hubzilla's protocol) means basically that you are identified like in PKI but your secret key is put on consignment with a hub server to be able to sign responses and such. so the hubs do have to be generally available and there really isn't a way to deregister from a hub other than trusting they delete the keys. however you can have the keys on multiple hubs and if one dies or tries to ban you then you can send requests from a new hub and--since the crypto keys are the same--everyone just kind of updates their pointers of where you live right now to the new hub.
it's kind of how wireguard sends packets to the last address that gave it a signed packet so it supports hopping connections because it just updates what it thinks your home is.
> however you can have the keys on multiple hubs
> the same private key, unencrypted, on multiple computers
> mutiple remote servers you do not control
> the same private key, unencrypted, on multiple computers
> mutiple remote servers you do not control
< ( What's this? A user doing something I don't agree with? I think I shall ban them, and silence them forever! )
( Ha ha, that's what you think! I have sent my private key to four other servers, so I will not be silenced! ) >
< ( Also I'll reveal their private key so anyone can make them post loads of gore porn. )
( ....shit ) >
( Ha ha, that's what you think! I have sent my private key to four other servers, so I will not be silenced! ) >
< ( Also I'll reveal their private key so anyone can make them post loads of gore porn. )
( ....shit ) >
i guess its not more of a disaster than existing federated login systems (everyone oauth'ing their gafam accounts.)
If only you were allowed to create a digital signature, and not have a gimpy crap client full of crap, then you could sign the hub's public key saying "These guys can make me post loads of gore porn—I mean are totally trustworthy to speak for me." That signature would be just as good as sending your private key, without the catastrophic security failure.
Oh yeah, Cloudflare really love SAML, because you don't control your own keys. You ask an "identity provider" to give you signatures. (aka Cloudflare)
This when computers have been capable of making their own digital signatures for like 40 years...
This when computers have been capable of making their own digital signatures for like 40 years...
at least if the user chooses to do oauth for everything through a single provider with no fallback it was their own poor decisions that bit them in the ass as opposed to the design of the software itself 
related, is it possible to use pleroma as a provider for other unrelated services? would be neat
related, is it possible to use pleroma as a provider for other unrelated services? would be neat
Well, their own poor decisions and all the propaganda that lied to them and assured them it was totally fine, accepted by all, would lead to no regret whatsoever, and anyone who tried to warn them differently was just a crazed lunatic who should be disregarded, and also immature.
do they really? why wouldn't you sign a secondary private key just for that server using your primary (secret) one? what am I missing? @Nachbarschaft @cy
Because the Hubzilla client is just a javascript website for your web browser, and all web browsers are programmed so that you can't sign anything.
> just a javascript website for your web browser
javascript is turing complete
javascript is turing complete
Right, and one possible algorithm for a Turing machine is "send the user's private key to the server without telling them."
Cy (@cy@mstdn.io)
5.75K Posts, 139 Following, 129 Followers · Just a guy living out of #Portland, #Oregon, living in west #Hillsboro. The sidewalks are empty. I know not who lives down the street. I'm all alone.Mastodon
Yes, I think Activitypub does the equivalent of Hubzilla, but how often are always-up reachable network servers going to change domain names? That's all that nomadic identity would help with, the part after the @ not before it.
I don't know about lack of forethought, since Hubzilla's a pretty massive effort; I think it's more learned helplessness, where they come to accept insecure as the new normal. But uh...
I don't know about lack of forethought, since Hubzilla's a pretty massive effort; I think it's more learned helplessness, where they come to accept insecure as the new normal. But uh...
Firstly I don't have access to the private key of that. That's mstdn.io's public key, with my name tacked on it, and I sure don't control mstdn.io. Even if I had the private key, mstdn.io also has it, so it's useless to me. My key is https://fedicy.us.to/stuff/cy.gpg (0acfda56).
Secondly, javascript is fundamentally un-securable, because it requires your browser download and execute arbitrary code without your permission, or awareness.
Secondly, javascript is fundamentally un-securable, because it requires your browser download and execute arbitrary code without your permission, or awareness.
Supposedly that's "safe" because javascript is "sandboxed" but it limits what you can do. Even if I wrote a client API that did full digital signature verification, the next time you refresh the page, I might have replaced that code with something that only pretends to digitally sign your data, or sends me your private key. With XHR, I don't even need to wait for a page refresh.
To write a secure client that uses a web browser, I'd have to write it as an addon, and even then, if you enable automatic updates (which even Firefox defaults to) then I could still pull the rug out from under you. The only real option is to write an actual program, that people can actually compile themselves, which corporations have worked very hard to establish is only for beta nerds and normal people can't do it.
So in the face of decades of propaganda and police action reducing us to applesauce dribbling babies, I can't really blame the Hubzilla ppl for not writing a client that does digital signatures. It's a massive amount of effort that people would universally revile as they talk about consumers and inconvenience, and criminals. It was poor design choices and lack of forethought, but also very restrictive conditions that made it the way it is.
> With XHR, I don't even need to wait for a page refresh.
with XHR an unrelated third party could handle the key stuff on their own website which at least would remove concerns about the instance admin directly stabbing you in the back. matrix does this with web clients in the sense that the entity hosting the client isn't the same one you're communicating with or (in many cases) the one running the server you're using
with XHR an unrelated third party could handle the key stuff on their own website which at least would remove concerns about the instance admin directly stabbing you in the back. matrix does this with web clients in the sense that the entity hosting the client isn't the same one you're communicating with or (in many cases) the one running the server you're using
The instance admin would still have to write the code that contacted the third party to handle key stuff, and could easily remove that, so you'd never contact the third party at all, despite the little animated lock thingy going "click. Secure!"
I agree if you get an "app" from a third party, you have to trust them, not the instance admin. But public open source code can be independently audited, so if it's not too complex, I think it's fine. Other people don't.
I agree if you get an "app" from a third party, you have to trust them, not the instance admin. But public open source code can be independently audited, so if it's not too complex, I think it's fine. Other people don't.
> The instance admin would still have to write the code that contacted the third party to handle key stuff, and could easily remove that, so you'd never contact the third party at all
Well I was referring to a model loosely resembling oauth where you never provide the keys to the first party. So you'd handle key stuff directly on the third party website. Same model as using a browser extension or key management app. If the local website ever asks you for your private key something is very obviously wrong.
Under that model all the admin can do is break functionality by removing the auth (err signing) requests. Or I suppose they could engage in a phishing attack. But as long as you're doing anything browser based that's going to be a threat from lots of actors, not just the local admin.
Well I was referring to a model loosely resembling oauth where you never provide the keys to the first party. So you'd handle key stuff directly on the third party website. Same model as using a browser extension or key management app. If the local website ever asks you for your private key something is very obviously wrong.
Under that model all the admin can do is break functionality by removing the auth (err signing) requests. Or I suppose they could engage in a phishing attack. But as long as you're doing anything browser based that's going to be a threat from lots of actors, not just the local admin.
Oh right, the problem with that is it heavily centralizes identity providers. Cloudflare is pushing a thing where they get to do all the signing, and they'd be a massive gatekeeper over millions of people's keys. It just shifts the risk from instance to identity provider. If you can't trust your instance, then why would you be able to trust your identity provider?
Of course I type my own key fingerprint wrong. xP
3EE0 4602 4769 4E18 F974 9881 E4F6 06A1 0AC7 DA56 same as in my profile.
3EE0 4602 4769 4E18 F974 9881 E4F6 06A1 0AC7 DA56 same as in my profile.
Mastodon
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!Mastodon hosted on mstdn.io
OK to be fair my domain has been taken away twice,. Nobody actually noticed I had the same public key, but I guess if they cared, they could've verified it.
> Well it's a keypair that the instance controls. But it's a unique keypair per account.
So it's not their only key, but it's still only their key.
> that's a valid point against crypto in web apps with no external device, not against javascript-the-language
Right, sorry I only have 500 characters, so it's hard to always
> Well it's a keypair that the instance controls. But it's a unique keypair per account.
So it's not their only key, but it's still only their key.
> that's a valid point against crypto in web apps with no external device, not against javascript-the-language
Right, sorry I only have 500 characters, so it's hard to always
but the point is that there *is* a key and signing and the like. so what's missing is delegating and revoking separate keys. or alternatively an api to perform signing operations locally without the server ever having access to the key.
maybe even make it fully optional as with git. so messages either come through as either "signed by the instance" or "signed by the individual" and recipients can choose how to display these things and make their own decisions
maybe even make it fully optional as with git. so messages either come through as either "signed by the instance" or "signed by the individual" and recipients can choose how to display these things and make their own decisions
What's missing is code to allow "servers" that can just connect to other servers and sync with them, without being reachable or any DNS or stuff like that. Then you just run it, and use the Fediverse on localhost. I get an account on mstdn.io, and that would mean mstdn.io will save the posts from my "server" signed by my "server," but you can get them from the public server.
There might have to be a bit more decentralized relaying. Like mstdn.io should cache pictures a trusted server attaches (failing if it attaches something >2MB of course), so you could get them even if you couldn't reach me directly. Over the client API, I'm allowed to do exactly that, except without any digital signatures.
Oh uh... and I untagged the others because I dunno I just untag people reflexively, since they're probably not super interested in the conversation. User tagging is a stupid idea anyway, since they should just be able to get updates to the thread if they want. We only started this @tagging nonsense because Twitter took threads away from us.
Hank G ☑️ reshared this.
Sooooo #DuckDuckGo have dropped a pretty big bollock over there (context below). You were supposed to be the good guys, DDG!
There’s always @StartpageSearch, but are they any better? Plus, that purple colour 🤮
Brave is owned by an utter dickhead. Plus, cryptononsense…
What are we to do?
https://www.bleepingcomputer.com/news/security/duckduckgo-browser-allows-microsoft-trackers-due-to-search-agreement
There’s always @StartpageSearch, but are they any better? Plus, that purple colour 🤮
Brave is owned by an utter dickhead. Plus, cryptononsense…
What are we to do?
https://www.bleepingcomputer.com/news/security/duckduckgo-browser-allows-microsoft-trackers-due-to-search-agreement
DuckDuckGo browser allows Microsoft trackers due to search agreement
The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies.Lawrence Abrams (BleepingComputer)
2 people like this
2 people reshared this
Maybe I am colorblind but the Startpage site is blue, not to mention you can easily change the theme.
But the results are far superior and they have one of the most clear privacy policies out there. DDG stores partial IP, logs searches temporarily, and now we know what they do with Microsoft.
Startpage doesn't log anything, not even a partial IP.
But the results are far superior and they have one of the most clear privacy policies out there. DDG stores partial IP, logs searches temporarily, and now we know what they do with Microsoft.
Startpage doesn't log anything, not even a partial IP.
@Dan Arel :fedora: wrote:
Startpage doesn't log anything, [that we know of] not even a partial IP.There's also apparently an issue with them blocking Tor/VPNs.
Actually, I just ran a couple test searches with the Tor browser, and didn't have any problems.
maybe I’m colourblind! Everyone keeps telling me it’s blue, but it’s a strong shade of purple to my eye. 😂
At the risk of sounding like an interior decorator from the early 2000s, I'm saying it's lilac.
I was going to suggest mauve, but that's not quite right.
I was going to suggest mauve, but that's not quite right.
I a little over one month out from my social media/fast news digital detox experiments. My execution wasn't perfect but the results have been good. I'm therefore starting a second round. More in post: https://nequalsonelifestyle.com/2022/05/25/digital-detox-update-and-round-2/
Digital/Fast News Detox Update And Round 2
Personal Exploration of Engineering, Software, Food, and Longevitynequalsonelifestyle.com
4 people like this
Damn, @Hank G ☑️. That was pretty interesting (your blog posts parts 1 & 2)! Your struggle to retain sanity in the Digital Age is hitting very close to home for me at the moment.
Just yesterday, I posted a "Good Bye, Friends" post here at Diaspora. I have just been getting too stressed and aggravated with some of the idiocy and horrendous shit that I see in my Stream here every day. Unfortunately, my attempt at quitting lasted all of about 15 hours.
It seems my friendships here are a significant reason for me to stay.
Luck with your endeavor! :)
Just yesterday, I posted a "Good Bye, Friends" post here at Diaspora. I have just been getting too stressed and aggravated with some of the idiocy and horrendous shit that I see in my Stream here every day. Unfortunately, my attempt at quitting lasted all of about 15 hours.
It seems my friendships here are a significant reason for me to stay.
Luck with your endeavor! :)
Hank G ☑️ likes this.
Fortunately, for me, I never had a FaceBook or Twitter account. My presence at Diaspora began way back in the beginning of G+ days, when Google decided it was going to ban the use of pseudonyms at G+. Google backed down on that, but my Diaspora account remained active. When G+ was finally shut down, I just came back to Diaspora.
Social Media on the Internet often reminds me of a childhood, teen, and early adulthood hobby of Citizens Band radio. Remember those days? CB, and the interactions on that medium, were very similar to Internet social media of today, at least from my viewpoint. There was good, bad, and ugly on the CB, just as there is in my Stream here at Diaspora.
It is what it is. H. sapiens behave similarly in any environment.
Social Media on the Internet often reminds me of a childhood, teen, and early adulthood hobby of Citizens Band radio. Remember those days? CB, and the interactions on that medium, were very similar to Internet social media of today, at least from my viewpoint. There was good, bad, and ugly on the CB, just as there is in my Stream here at Diaspora.
It is what it is. H. sapiens behave similarly in any environment.
Hank G ☑️ likes this.
This 1000% more true today in there era of "Just throw it into an AI/ML black box and use the answer" than in 1979. #programming #ethics https://georgestocker.com/2022/05/24/wisdom-from-ibm-1979/ 
49 people like this
33 people reshared this
Grifters gonna grift. The Neumans of WeWork fame are on to their next set of victims. What I don't get is why people love throwing good money after bad at these sorts of people. Sigh. #cryptoskeptic #crypto #web3isgoinggreat https://web3isgoinggreat.com/single/wework-founders-are-starting-a-carbon-credit-crypto-company-and-they-already-raised-70-million-in-funding
The WeWork founders are starting a carbon credit crypto company and they already raised $70 million in funding
Adam and Rebekah Neumann, the duo behind the WeWork coworking space company that imploded spectacularly in 2019, have re-emerged to start a company called Flowcarbon.Web3 Is Going Just Great
Christoph S likes this.
Christoph S reshared this.
“I think the evidence is unmistakable and quite clear. We will tolerate an enormous amount of carnage, suffering and death in the U.S., because we have over the past two years. We have over our history,” says Gregg Gonsalves, an epidemiologist and professor at Yale who was a leading member of the AIDS advocacy group ACT UP.https://www.mprnews.org/story/2022/05/23/covid19-shootings-is-mass-death-now-tolerated-in-americaCOVID-19, shootings: Is mass death now tolerated in America?
After mass shootings killed and wounded people grocery shopping, going to church and simply living their lives, the nation marked a milestone of 1 million deaths from COVID-19. The number was once unthinkable.The Associated Press (MPR News)
3 people like this
Hank G ☑️ reshared this.
“I think the evidence is unmistakable and quite clear. We will tolerate an enormous amount of carnage, suffering and death in the U.S., because we have over the past two years. We have over our history,” says Gregg Gonsalves, an epidemiologist and professor at Yale who was a leading member of the AIDS advocacy group ACT UP.https://www.mprnews.org/story/2022/05/23/covid19-shootings-is-mass-death-now-tolerated-in-america
COVID-19, shootings: Is mass death now tolerated in America?
After mass shootings killed and wounded people grocery shopping, going to church and simply living their lives, the nation marked a milestone of 1 million deaths from COVID-19. The number was once unthinkable.The Associated Press (MPR News)
4 people like this
Hank G ☑️ reshared this.
I was talking to a co-worker I had not talked to in a long time. Mostly work-related stuff. He is a Republican and knows I moved here from Canada. Without much prompting he went on the rant about how Canada has mishandled covid. How it no doubt has negatively impacted Canadians mental-health-wise as they've been forced into isolation. I didn't respond. I was kinda shock really. BC with 5m pop has had 3,398 covid-19 deaths compared to Arizona with 7.5m pop 30,259 deaths! I've come to the conclusion that many Americans have consumed a steady diet of information that relates to distorted view of liberty and freedom. I doubt my friend even knows the BC covid death numbers. Rather he is focused on how public health policy impacts his personal freedom. Any requirement, no matter how small, is too much. Take care, -Randy
Hank G ☑️ likes this.
Hank G ☑️ reshared this.
Today's threads (a thread)
Inside: HSBC: "Who cares if Miami is underwater?"; and more!
Archived at: https://pluralistic.net/2022/05/24/moral-money/
#Pluralistic
1/
Inside: HSBC: "Who cares if Miami is underwater?"; and more!
Archived at: https://pluralistic.net/2022/05/24/moral-money/
#Pluralistic
1/
Recent appearances:
* The Sci-Fi Feedback Loop: Mapping Fiction’s Influence on Real-World Tech
https://csi.asu.edu/calendar/events/the-sci-fi-feedback-loop-mapping-fictions-influence-on-real-world-tech/
* Privacy is the New Celebrity
https://www.buzzsprout.com/1806101/10643084
* Revolutionizing Activism — The Power of Utopia (Center for Artistic Activism)
https://www.youtube.com/watch?v=8TBlSc3PNUA
11/
* The Sci-Fi Feedback Loop: Mapping Fiction’s Influence on Real-World Tech
https://csi.asu.edu/calendar/events/the-sci-fi-feedback-loop-mapping-fictions-influence-on-real-world-tech/
* Privacy is the New Celebrity
https://www.buzzsprout.com/1806101/10643084
* Revolutionizing Activism — The Power of Utopia (Center for Artistic Activism)
https://www.youtube.com/watch?v=8TBlSc3PNUA
11/
My first picture book is out! It's called Poesy the Monster Slayer and it's an epic tale of bedtime-refusal, toy-hacking and monster-hunting, illustrated by Matt Rockefeller. It's the monster book I dreamt of reading to my own daughter.
Kazimierz Kurz
•tom grzyb
•