Privacy-Enhancing Identity Federation is a very interesting problem. NIST has a call for collaborators to work on federated identity https://www.federalregister.gov/documents/2016/12/09/2016-29482/national-cybersecurity-center-of-excellence-nccoe-privacy-enhancing-identity-federation-building
@ploum Hamon est un candidat plus tourné vers l'avenir il me semble. Mélanchon n'a pas trop l'air de comprendre les impacts de la technologie, sauf quand il peut projeter un hologramme de son égo à plusieurs endroits en même temps.
Pour Assange, c'est un opportuniste et lui en voudra toujours d'avoir transformé WikiLeaks en front pour le FSB/GRU.
The Mastodon "Remote follow" feature could be so easily used to phish the average Mastodon user into signing into a fake instance.
⚠️ Important security reminder: Always make sure the URL shows your "home instance" when logging in.
Here's the Debian Project's statement about the arrest of Dmitry Bogatov, a Debian Maintainer who worked in the Debian Haskell group and currently maintains several packages for command line and system tools. He was arrested by Russian authorities, and Debian has removed his keys from their servers in case they're compromised. https://www.debian.org/News/2017/20170417
Spent a lovely day in the Alps. Taking advantage to test Mastodon image upload
I've published a technical explanation of how to get unsandboxed arbitrary code execution in Subgraph OS, and how this attack compares with Qubes https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/ cc @rootkovska
Sean Spicer Justifies Syria Strike By Claiming Hitler—Who Gassed Millions—Didn’t Use Chemical Weapons https://theintercept.com/2017/04/11/sean-spicer-justifies-syria-strike-by-claiming-hitler-who-gassed-millions-didnt-use-chemical-weapons/
Holy shit, Jack just tweeted about the #Mastodon Band/Social joke on #BirdSite! https://twitter.com/jack/status/850070169468649472
@martijn_grooten next step for Mastodon is to put all the usernames in a distributed ledger run by all the Mastodon servers to have a unique blockchain of usernames. #BlockchainAllTheThings #WhenAllYouHaveIsABlockchainEverythingLooksLikeANail
Mastodon's federation introduces UX challenges.
One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.
Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).
Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?
Wow, not sure what drugs the people who designed Swindon's Magic Roundabout were on.