cover photo

Mike Macgirvin

mike@macgirvin.com

 High Range, Australia 
Here's what I'm aiming for. Getting there slowly - there's a whole lot of code to refactor.


Image/photo
  
Image/photo
  
Private resources are shared with a "portable_id" (all the identifiers in the example are portable_ids) and these have always been valid across clones. In earlier iterations this was called an 'xchan'. As long as you have the same portable_id, you can view private resources assigned to it. In zot 6.x the xchan is no longer tied to a particular signature algorithm so it is even more portable.

There will eventually be a facility in zot 6.x to link two portable_ids together; providing you have all the keys to perform this operation. Once this happens you can visit a site with portable_id #2 and still access resources that were granted to portable_id #1.
  
In Zot 1.x we needed to provide all the communication details in the message packet in order to verify the sender and calculate/prove the portable_id. This added a lot of overhead to each message. In Zot 6.x the verification process is done separately.  To do this we use a variant of openwebauth (HTTP signatures and webfinger). It's all a lot faster and much less complicated.  

The location_id is a portable_id for the site and will change if the site is re-installed. We need this here to block certain classes of forgeries.
  
Excellent! :-)
Koalas

 High Range, Australia 
So 30km from here, they're building a housing subdivison on top of a Koala corridor. Koalas are specific about the types of eucalyptus leaves they eat. These only grow along river/stream beds, hence 'corridor'. If you destroy this corridor there is no escape route for the koalas. They need to cross what is essentially a barren desert to them in order to migrate out of the threatened territory. Once the corridor is destroyed, the Campbelltown koala population will vanish. These are the last koalas in the world that are still fertile, because they don't have chlamydia. There are still a few dozen koalas in the southern highlands (on the other side of the Campbelltown corridor) which don't have chlamydia.  They are hiding out in the Blue Mountains Heritage Area (across the street from me) and travelling along the last known corridor. There are also a few dozen koalas in Victoria and Queensland, but they have chlamydia and probably won't survive 2-3 more generations. This is it folks. This is the last stand of the koala.

I understand that you may not have any sympathy for an endangered species that is alien to you; seeing as how it only exists on the other side of the world.

A million species are going to be wiped out of existence from the planet earth in the next five years. You're next.  Hope you aren't depending on the koalas to protect and defend your corridors.
  
This initiative was instituted by local government in response to a state zoning change which opened the region for development. The city of Sydney has nothing to do with it, but we could use their help as well to convince the state leaders to back off and reverse their earlier decisions.

What happened was that some developers convinced the government to build a new Sydney airport at Wilton a few years ago. Then they did a bunch of studies and decided it was a bad idea (probably because of the koalas) and decided to put the airport at the eastern edge of the Blue Mountains instead (facepalm).   Meanwhile a lot of people had poured money into Wilton real estate in preparation for making it rich off the airport deal, and they were left hanging. But the land had already been rezoned, so they started calling in the developers.  Now that it's zoned for industrial/commercial/residential activity by the state, the local government can't stop the developers moving in without taking the state to court. This might happen.

View PDF
http://www.engage.wollondilly.nsw.gov.au/assets/pdf/wiltonnewtown/Wilton_Petition_.pdf


https://www.wollondilly.nsw.gov.au/resident-services/environment-and-sustainability/wollondilly-koala-conservation-project-2/
  
Glad to see you are organized. :-) Perhaps a Koala fan page on Hubzilla can source different new items related to this issue?
  
i will send this pdf to my friend, she owns like 900 Lush stores in North America and she's on the board of directors for the company. I see there are Lush stores in Australia, at least one in Sydney. It's something they should publicize IMHO. I'm pretty sure She could easily pick up the phone and call whoever owns the stores in australia and make something happen in like 2 minutes. But I cannot promise anything..



LUSH Cosmetics North America

Image/photo

Welcome to LUSH Cosmetics, North America. We'll take you behind the scenes and into our kitchens, share product how-to's, visit our shops, and keep you up to...


Image/photo
 High Range, Australia 
Currently working on the hardest of all nomadic identity problems - what to do if your nomadic identity is hijacked or stolen and you can no longer prove that you are really you. There is no possible automatic solution to this problem. The only thing that will work (to my knowledge) is if you make the hijack claim to all your friends and let them decide whether your new identity is actually you or somebody else; and let them a) accept your new identity as absolute, b) allow both identities to exist until they have more information, or c) reject your claim.

The dilemma is that making such a tool available actually makes it easier to hijack an identity, because anybody off the street can then claim that they're the realDonaldTrump (for instance); with no supporting documentation and force you to decide.  But it's absolutely vital that such a tool exists, because Vladimir Putin might have hijacked the account and left poor Donald with no way to babble to his faithful followers.
  
My take on the problem in two parts:

Part 1

First, as I see it, the largest attack surface for identity theft is you having a few clones and then a hub hosting one of your clones getting compromised. In other words, your resilience to occasional system failure should not be directly proportional to your risk of identity theft.

Second, most people can't handle certificates. Moreover, even most people who can, won't. Practice teaches us that somebody else needs to do it for them. In Zot world the entity that handles certificates for you is called a Hub. Moreover, people who can and are willing to handle their own certificates can and likely ultimately will handle their own hub.

This calls for assigning a hub as your one-and-only "trusted hub", which by default would be your "primary hub", but could be set to something different.

The trusted hub is just a hub that holds a "secret key", different from the channel's private key. The secret key isn't transmitted to other hubs upon cloning, nor exported with a channel backup. Ordinarily, it never leaves the trusted hub. (Remember, if you are capable and willing to trust yourself with your secret key, you're probably already running your own hub.)

The secret key has the power to give and revoke the authority of hubs hosting channel clones, beyond regular cloning. This is done by generating a new channel key pair, broadcasting the new public key, and distributing the new private key only to hubs whose clones it recognizes as legitimate. Hubs will in turn recognize and respect the boradcasted channel key change only - or with higher priority - when it is signed by the channel's secret key.

In turn, changing your trusted hub would involve the future trusted hub to generate its own secret key, the public part of the new secret key getting signed with the current trusted hub's secret key and then distributed everywhere.

Now, the scheme as described would allow channels to recover in case of loss of the trusted hub's domain name, and I kinda favor that. Still, one could argue for also keeping track of the trusted hub's domain name and verifying the origin of signed messages so that even a leaked secret wouldn't suffice to take over your identity. This may be of interest to some organisations, so perhaps this could be eventually added as an option.

In either case, really paranoid admins could keep their member's secret keys encrypted or even air gapped and require them to personally contact them to be able to resort to those.

Part 2

I don't think we can do better than this within the platform. Anything else goes into the realm of the particular and it will only cause confusion and facilitate identity theft to automate it. However, we can still do something to alleviate the pain when all your base got usurped despite every precaution.

That would be to allow a channel to declare a list of "conflicting channels". With such lists, if a member has two active channels in his address book where either of them lists the other as conflicting, then both channels' avatar and name, wherever they appear, would give out a signal alerting that there is a conflict claim involving that channel.

Clicking on the signal would take you to a page with details on the claim, like the involved webbies linked to their respective channel home and some directly useful info such as connection date and cloned locations. Plus, general suggestions on how to resolve the conflict, but no automated or guided resolution. Suggestions should instruct members to not trust either side of the claim, and try to find confirmation through the surest of means before deleting or archiving one of the connections.

There is also the case where you request to connect, or receive a connection request, from a channel that would conflict with one already in your address book. Then, the connection page should have an additional step so you can decide not to enact the connection. It would carry a warning and info about the conflict with an existing connection, with similar suggestions as above. Again, no automated or guided resolution. However, you should be able to confirm and connect to the channel should you choose to, for example to communicate with both and make up your mind. In this case, the previous situation would applly.

In any case, there should be no way to ever have two active conflicting channels in your address book without displaying the conflict signal. Perhaps even an undismissable notification is due. Members should get a clear message that there is a serious problem and that they must get rid of either contact.

With this in place, in case even your heavily guarded trusted hub gets pwned, you can set up a new channel and claim a conflict with your old channel. You'd then have to figure out yourself the best way to get the message to your folks in a way that they will trust, and that probably and best involves using means of communication and context beyond the platform itself.

In the particular case where realDonaldTrump gets his secret key stolen and Putin sets up a Zot-authoritative clone at hub.kremlin.ru, the simple fact that the new channel's connection request will raise a conflict with the old one, while having hub.whitehouse.gov as its primary hub, will make everyone but Hillary converge to the right side, keeping the new channel.

Well, that is my long long take. And, of course, there should be no surprise when @Mike Macgirvin comes up with a better idea (-:
  
Actually, that's pretty good.
  
I like the idea of having a passphrase/secret to lockdown a compomised key. That could be backed up in various ways. Written down and taken away in a steel safe. With this secret you should be able to declare a key as invalid and locked down. So further communication is prohibited and all connections get a warning.

I think there should be no direct renewal option, because the case of a hijacked identity should enforce massive investigation.
 High Range, Australia last edited: Sun, 27 May 2018 18:13:45 +1000  
Consider that the project that is the gold standard of ActivityPub compatibility (think extinct elephant) doesn't work with Example2, Example3, Example4, or Example5 of the ActivityPub spec. It will reject these activities and silently drop them as "malformed". These four examples describe in detail how basic, simple communications work in ActivityPub.
 High Range, Australia 
Since the heavy lifting is being done in a repository none of you can see, here's what's happening at the moment with zot6.

The basic protocol is just about defined. It's not *too* much different than zot, but there are still substantial changes in the way data is organised and transferred. So far I have only had to add one table column to the database. There will be more.

Sometime in the next week (or so) I expect to be able to connect two channels. The last remaining hurdle is (yet another)  permission system upgrade.  This is a hard slog as I'm trying to do away with a static permission list completely and let permissions like 'can shave my cat' appear at any time and just work. The current architecture does this but there's a nasty little upgrade process to merge it into the system.

Sometime in the next 2-3 weeks I expect to be able to start sending messages.

On the longer term roadmap and in rough order (I can't define a timeline until the earlier components start to materialise):

- Finish the protocol supporting documentation
- remove bbcode as the base content type
- Release the zot6 base project 'zap' for pioneers to play with
- Strip out everything that isn't a social network suitable for the intellectually challenged and release it as 'denim'.
- add support for the activitystreams data type
- migrate the new protocol to hubzilla
  
Sometime in the next 2-3 weeks I expect to be able to start sending messages.
Faster than light you are :-)
  
It just keeps getting better...

Image/photo

(The "from ActivityPub" is leftover code in the ActivityStreams parser that hasn't yet been removed).

So here's why this matters...  it's "sort of" like ActivityPub and you can use the same messages and libraries, but with all the goodness of zot (nomadic identity, strong encryption, reliable third-party signatures, minimal and encrypted metadata, none of Mastodon's "quirks" like removing all the interesting HTML tags and generating warnings when you add summaries and forcing you to mention people to deliver anything private to them,  as well as the federation benefits of an 'open' network that doesn't block delivery of messages to third parties from authors who use different protocols).

Anyway, there's a lot of work left to do, but that is what I'm up to and this is why I'm doing it.
  
Superb! :-)
 High Range, Australia 
Facebook to change terms of service for Australian users to avoid EU privacy law

Image/photo

The world's largest social network is keen to reduce its exposure to a new European privacy law.
  
They want European standards for everybody in the world... but just in case that could cost money they move the data to America...

I guess the new terms are something like "We want to protect your data and whatever. Just click ok, we don't care anyway" ;)
  
It goes to show that multi-nationals don't play by the same rules as the rest of us. Despite the claims to the contrary, Australians are considered as Irish in the Facebook ledger because this allows Facebook to not pay any taxes in Australia (literally zero - ever). This came out in questioning by the tax office a few years ago. American taxes are too high so this move is temporary until they convince another country to give them a low tax rate and also shield them from international privacy laws. This isn't too hard if you've got money clout. If I were a Facebook lawyer I'd be bribing talking to North Korea, Somalia, or Cuba.
  
In Brazil we've got Xote.
  
Thank you, @elmussol and @Marshall Sutherland ! :-) Remember, there are also 364 unbirthdays! :-D
  
Happy Day Old Man!
  
Thank you, @Adam Robertson ! :-)
 High Range, Australia 
The duke and duchess of Wild Meadow send their best wishes to the duke and duchess of Sussex. May they live long and prosper.
 High Range, Australia 
  
holy canoly
 High Range, Australia 
Music Videos of the World

Image/photo

Traffic ~ Full Concert ~ Live  Santa Monica 1972
 High Range, Australia 
Blue eggs offered as a solution to identify pasture-raised produce

Image/photo

Smaller producers will think it's a cool egg but the big guys probably wouldn't be interested. So it could naturally become known as a sign of pasture-raised.


So smaller producers will be able to charge more money. And the big producers will never notice or want to increase their margins. Uh-huh. Got it. Wink.
  
I have seen green and blue eggs for the first time when I was in Indonesia. In the last years I have seen them also here in some small markets.
In here every single egg has a number on it which already tells the provenance of the egg. I am still wondering how they are doing this.
  
Just have your own chickens ;-)
 High Range, Australia 
Frank Zappa on The Steve Allen Show March 4, 1963.mp4

Image/photo

Frank promotes his new record How's Your Bird & The Worlds Greatest Sinner movie and then plays a bicycle with Steve. Fun for all.
  last edited: Tue, 08 May 2018 17:27:17 +1000  
Gorgeous!

Edit: there is Frank Rosolino sitting in in the horn section.
  last edited: Sat, 12 May 2018 05:56:41 +1000  
was he clairvoyant writing about 'plastic people' with the currently trendy 'software photo filters'
the first girl i did it with, her father had a great music collection. that's where i first got into MOI and Zappa. A friend of mine bought me Ship Arriving Too Late to Save a Drowning Witch (on vinyl) in the 1980's, it had valley girl and i think Steve Vai on guitar.
  
on mother's day (in the USA anyway. mexico was last week and dominican republic is 27th, it's probably different everywhere?) anyway it's MOI day.

this is a great find on youtube. 200 motels promo with soundtrack.

Frank V Zappa's 200 Motels 100 200 MOTELS PROMO

Image/photo

Promo TV spot for 200 Motels (1971)
 High Range, Australia 
Somebody was asking about this recently. The version needs to be updated, and imagick added to apk but otherwise this should get you started.

https://hub.docker.com/r/silviof/hubzilla-docker/
  
Here's an update to 3.2 which is the last stable release. Also need to do something about the php5, but that will come later. This isn't the actual image - it's what you need to build it.
  
History is to be learned from.
  
Haha! This is amusing on multiple levels.

I bet the thought of mirroring a post made originally on Google+ has literally never crossed anyone's mind who is using Hubzilla.
  
there was someone mirroring all the posts on twitter a few years ago, mine included, it was kind of annoying. i have not noticed it going on lately. i do not personally see any use in posting the same message across multiple networks.
 High Range, Australia 
eBay: We are updating our User Privacy Notice

Didn't realise I still had that account. Haven't used it since 1999.

But it's a perfect time to once again roll out this quote by former co-worker Hans Lachman:

We've upped our standards. So up yours.
  
I had to look. Last time I heard from Hans he was a bit of a global wanderer living off the grid in rural China. Now it seems he's a marginally successful Hollywood producer/director. He's got a Mastodon account but hasn't posted since December. Another former co-worker is CTO and co-founder of an AI healthcare startup. Not surprising, but he was also off grid for the better part of 20 years. You couldn't find him on the internet. That's how deep under cover he went. Once you've played a part in changing the world, it kind of stays with you - no matter how much you try to put it behind you.
 High Range, Australia 
Apparently carotene affects the kangaroo brain in the same ways as bootleg #homebrew and prolonged exposure to #AC/DC.

'There was a guy who got his stomach gashed open': Carrot-addicted kangaroos attack tourists

Image/photo

Kangaroos at a tourist hotspot are attacking people after becoming addicted to carrots and junk food.
  
Quite aggressive those junky roos... maybe you just should not feed wild animals.

The link contains pictures of wounds inflicted by kangoroo attacks, if anybody is sensitive about that kind of stuff.
 High Range, Australia 
If you decide to upgrade to Ubuntu 18.04 LTS and think it might be best to lock the screen in case a kitty cat walks across the keyboard while it's upgrading, DON'T DO IT.

I hope this little tip saves somebody some grief.
  
Gnome3 replacing Unity?


Yeah, and I'm not impressed. There is now a menu bar in addition to the window title bar and this takes up an obscene amount of screen real estate. Meanwhile the scrollbars have shrunk to 3-4 pixels wide and there doesn't seem to be any way to make them more accessible (they used to grow if the mouse got near, now they stay 3-4 pixels wide and are very hard to activate on large screens). Most everything starts off in maximised windows and there's apparently no setting to undo this. Ditto for auto-maximise when you move it within an inch or two of a screen border. There used to be a way to turn off this annoying behaviour, but now it seems we're stuck with it. They reversed the direction of touchpad scrolling - which they insist is "natural" but fortunately you can turn this one off. It may be more natural for people who grew up with smartphones, but isn't natural at all if you've been doing it a different way since touchpads first appeared in 1994.
  
I had some chance fiddling with gtk's css files and specifically sliders width properties on xfce, but it did not work for all windows though.
  
Thanks - I'm giving that a try now. To make it consistent it appears you need to apply it to gtk-3.0 and gtk-2.0 and the syntax is a bit different between the two. I'll just try 3.0 now and see how it goes; but first it seems that the lockscreen prevented autoremove of old packages so I've got about 8G of obsolete stuff to clean out.
Important: anonymous comment permission patch

 High Range, Australia 
!Hubzilla Support Forum !Hubzilla Announcements

It was brought to our attention that some channels have been configured with anonymous (WordPress style) comment permissions which should not have been. This affects a number of newly created channels.

Step 1:

If you are a hub administrator and are running master (3.2.x), dev (3.5), or 3.4RC, please execute 'git pull' from the project root directory now. If you are running a prior release, this particular issue may not affect you; but you are encouraged to update in any event.

If you are running the dev branch on your site, no further action is necessary.

Step 2:

If your site is running a release or pre-release version such as master (3.2.x) or 3.4RC please change to your project root directory and create a new file using the following code snippet. This file should be named Zotlabs/Module/Fix20180421.php and the text '<?php' should be on the very first line of the file. The capitalisation in the filename is important.


<?php
namespace Zotlabs\Module;

class Fix20180421 extends \Zotlabs\Web\Controller {

    function get() {

        if(! is_site_admin())
            return;

        $r = q("select channel_id from channel where true");
        if($r) {
            foreach($r as $rv) {
                $role = get_pconfig($rv['channel_id'],'system','permissions_role');
                if($role !== 'custom') {
                    $role_permissions = \Zotlabs\Access\PermissionRoles::role_perms($role);
                    if(array_key_exists('limits',$role_permissions) && array_key_exists('post_comments',$role_permissions['limits'])) {
                        set_pconfig($rv['channel_id'],'perm_limits','post_comments',$role_permissions['limits']['post_comments']);
                    }
                }
            }
        }

        return 'Update has been applied';

    }

}


Step 3.

Visit https://macgirvin.com/fix20180421 while logged into the hub administrator account. Note that you will use lowercase for the path here.

You should see the text 'Update has been applied'. When you see this text, from the command shell

% rm Zotlabs/Module/Fix20180421.php

Apologies for the inconvenience.
  
Thnaks @Brian Christensen
so I uploaded the  PermissionLimits.php file to Zotlabs/Access/ ... thats all? I´m done?
  
Step 2 +  Sep 3 ... got it
  
only got "Page not Found" here with those instructions.

I guess this version is too old (looks like Zotlabs\Web\Controller isnt there)

I probably need to look at doing a full update.
  
Image/photo
  
Had to read it four times to realize it only works if you imagine an Aussie person actually saying that.