Frederic Jacobs is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Privacy-Enhancing Identity Federation is a very interesting problem. NIST has a call for collaborators to work on federated identity federalregister.gov/documents/

@ploum Hamon est un candidat plus tourné vers l'avenir il me semble. Mélanchon n'a pas trop l'air de comprendre les impacts de la technologie, sauf quand il peut projeter un hologramme de son égo à plusieurs endroits en même temps.

Pour Assange, c'est un opportuniste et lui en voudra toujours d'avoir transformé WikiLeaks en front pour le FSB/GRU.

@ploum le côté rageur de Mélanchon, ses positions à défendre Assange, sa politique anti-européenne le rend à mes yeux un candidat non désirable

@ploum Je dirais pas supporter. Mais j'apprécie sa position pro-Européenne, pro-Snowden, soutient au revenu universel ...

Malheureusement ces chances sont presque nulles donc je n'ai d'autre choix qu'espérer que Macron gagne pour éviter le pire (Mélanchon, Le Pen, Fillon)

@ploum @xdamman Not on the Brussels instance though. Great initiative from @monnoliv @JeroenB @Davidmonnom who are running that instance. Should consider having an open-collective for the costs ;)

The Mastodon "Remote follow" feature could be so easily used to phish the average Mastodon user into signing into a fake instance.

⚠️ Important security reminder: Always make sure the URL shows your "home instance" when logging in.

Here's the Debian Project's statement about the arrest of Dmitry Bogatov, a Debian Maintainer who worked in the Debian Haskell group and currently maintains several packages for command line and system tools. He was arrested by Russian authorities, and Debian has removed his keys from their servers in case they're compromised. debian.org/News/2017/20170417

<p>Fun fact: The number of <a href="https://mastodon.cloud/tags/mastodon">#<span>mastodon</span></a> users now exceeds the population of <a href="https://mastodon.cloud/tags/iceland">#<span>iceland</span></a>.</p>

Spent a lovely day in the Alps. Taking advantage to test Mastodon image upload

I've published a technical explanation of how to get unsandboxed arbitrary code execution in Subgraph OS, and how this attack compares with Qubes micahflee.com/2017/04/breaking cc @rootkovska

@martijn_grooten next step for Mastodon is to put all the usernames in a distributed ledger run by all the Mastodon servers to have a unique blockchain of usernames. #BlockchainAllTheThings #WhenAllYouHaveIsABlockchainEverythingLooksLikeANail

@martijn_grooten Sure but it will still appear as "fj@mastodon.cloud" on people's clients. Domains just don't show up when you're on the same server as the other person, then they are implicitly assumed.

Mastodon's federation introduces UX challenges.

One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.

Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).

Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?

<p><a href="https://mastodon.social/@fj">@<span>fj</span></a> immediately had to think of this: <a href="https://twitter.com/paulblom/status/849294679145422848"><span class="invisible">https://</span><span class="ellipsis">twitter.com/paulblom/status/84</span><span class="invisible">9294679145422848</span></a><br> <a href="https://witches.town/media/vts215Zw-EzluPtxY9k"><span class="invisible">https://</span><span class="ellipsis">witches.town/media/vts215Zw-Ez</span><span class="invisible">luPtxY9k</span></a><br>Amsterdam appears to be another interesting case</p>