cover photo

Mike Macgirvin

 High Range, Australia 
Look what just crawled out the woodwork...

PGP creator backs Openbook, a KickStarter privacy-first alternative to Facebook


A new privacy-oriented social network called Openbook has gained the support of notable security experts. The firm is due to launch its KickStarter on Tuesday to raise funds to build the new network.

It will be interesting to see how they pull this part off...

“Just drag-and-drop your old social media archive into Openbook and import all your photos, videos, chats and more!”

Obviously they haven't looked at the file format.
Hubzilla needs just some „little“ effort to catch the broader masses, why the hell all these intelligent people out there want to start over and over again with new and less functional projects? Just a little bit of UI, some code cleaning and dev docs ...
What the heck, sorry, running into rant mode :-D ...

Joel Levi Hernández Fernández: @Peter This is one of our most asked questions :-). It's a topic that I hope to address in a long a lengthy interview or post soon. In short: Decentralised systems are incredibly complicated. For example rolling out updates (security updates/improvements included), maintaining cross-version compatibility (for example when rolling out a feature that is by design non-backwards compatible) and tracking, modifying or deleting user information across the nodes (pretty much impossible to guarantee).

It is a mighty challenge by itself to develop a system that tackles all of these issues. It could take years of research and development.

The software giants are growing at an incredible pace, crushing or buying any sign of competition. Initiatives for social media decentralisation in all honesty and sadness, don't stand a chance.
Ignoring that in reality systems exist and are running with decentralization and federation.

Joel Levi Hernández Fernández: While decentralisation initiatives are focusing on building revolutionary technologies and ways to tackle the decentralisation system problems, the real users of such systems (people with a non-tech background) care little for that aspect of the product. They care about the experience, the features, the ease of use, the design. Once these initiatives solve the decentralisation challenges, they will be thousands of light years away from matching the features the software giants will then have. It would all have been for nothing.
Only truth here is that non-tech people do not care really about decentralisation. But this is because it is very hard to understand what are the problems with centralised services. The rest is just blaming and ignoring the running reality.

Joel Levi Hernández Fernández: We are tackling the problem the other way around. We will use existing technologies to build not only a product that competes with the software giants but beats them in the aspects that the general public cares about.
I assume "the other way around" here means just: We get out money of our users and than forget our proposed ideas on the long term.

Joel Levi Hernández Fernández: If we do manage to become the defacto social network (which at that point would already be a huge improvement over existing ones in regards to transparency, privacy and security), with that amount of users and public interest, we would then be able to afford the time and the best and brightest minds in tech to research decentralisation strategies.
This sounds a lot like the talk you hear from all these startup "CEOs" who think their product deserves your money because it's the next big thing. The only problem: in 999 out of 1000 cases it isn't. Just wait a couple of years until they have disappeared in the void and we are still here. It's just a little bit of history repeating.. ;-)
 High Range, Australia last edited: Thu, 05 Jul 2018 10:41:11 +1000  
It's a very long tunnel, but I can finally see a glimmer of light at the other end. I'm currently guesstimating about 6 weeks before a public preview of denim. Zap will be about 4 weeks behind that. Vassal and backporting Zot6 to Hubzilla probably around Xmas.

So what are all these things?

Denim is the basic Zot6 social app. It is nomadic and does social networking and nothing else. Really truly nothing else. Your first channel will be a social channel and you can also create either a restricted or public forum.  There are no other choices. There is not now and never will be federation with anything that doesn't support nomadic communications.

Zap is the Zot6 community app. It does a few additional things for those who want to use Zot in the workplace or with their community. It won't do nearly as much as Hubzilla. It also does not federate with anything that isn't nomadic. Not now. Not ever. Never.

Vassal (formerly Mule) is a gateway between nomadic and non-nomadic networks. It speaks Zot6 and ActivityPub. Local channels are not allowed to replicate (they can only relocate), hence it federates with non-nomadic services. Vassal identities can be linked with nomadic identities on other sites and this provides the requisite bridging between the two universes. Identity linkage means that messages will flow back and forth but connections and other data will not. It's similar to API federation, so if you want to communicate with Diaspora folks from a nomadic platform, you'll need to create a separate channel on Vassal and link the identity to your nomadic channel. If the Vassal server goes down you can relocate the linked channel, but you'll lose any connections on services that don''t provide relocation. (Friendica supports relocation. Diaspora may or may not provide relocation by Xmas. Mastodon does not currently provide relocation, though it is being discussed.)
@Haakon Meland Eriksen (Els Mussols) Fair enough. It will now be known as Vassal.
@Mike Macgirvin exiting news! What will change for plugins likes chess?
There are a few changes to the way plugins work, but most should only take a couple of minutes to port. Those that hook directly into the delivery system will be harder.
 High Range, Australia 
Eating some left-over smoked ribs from the party last weekend. It's the fourth day of the month of July. Ironic.
Sounds yummy. :-)

I was experimenting with Jackfruit some time ago, but the smoked barbecue sauce from the store was too "smokey". Do you have a nice sauce recipe you can share? :-)
The wife makes the sauces. I just operate the machinery. But take any bbq sauce recipe and add a half cup of pureed raisins and it will keep people coming back for more.
Thanks for the tip! :-)
 High Range, Australia 
Bloody Twitter... I had a Twitter account a few years ago to try and make the Twitter post addon work (the person complaining about it not working couldn't read the obvious error message). Anyway at that time you couldn't actually delete a Twitter account. Don't know it it's still the case. So I "deleted all the content" (yeah right)  and changed the name to something random and set a random password so that at least people wouldn't be able to find that account and think they were following me.

Anyway they've been sending me email spam ever since. Every day. Mostly I just let it go. It's not like they're the only fucking company that sends me spam. But yesterday I thought - well enough is enough, wonder if they'll let me unsubscribe.

And they did!

This morning I've got twice as much Twitter spam.

Moral of the story: Twitter sucks.

The end.
Moral of the story: Twitter sucks.

In other news, a local man discovers that Facebook has been secretly looking at photos he shared with friends and that the company knows he likes cucumbers, a secret he has never revealed to anyone. More on this breaking story at 11...

Hey Mike, you should make a communication platform that can do what Twitter does, but that is decentralized, protects privacy, and supports freedom. I bet if you put your mind to it, you could come up with something. You might even find a way to support more than 140 character posts!
Twitter's entire existence is about being dysfunctional. To provide an alternative, get rid of decentralisation, freedom and privacy. Nobody cares about that shit. Then limit posts to 119.31672 characters.
  last edited: Thu, 05 Jul 2018 01:03:16 +1000  
..I had a Twitter account

I see where you went wrong.

Honestly, I have never signed up for a Twitter account. I could not make heads or tails of what it was all about until years later and by then I knew too much
 High Range, Australia 
Update: Channel discovery and making connections, posts, comments, likes are now federating over Zot6/ActivityStreams. Forums are mostly working. Yay. That's a big milestone. I'll probably take a break in the next few days because this shit has a tendency to fry your brain.
Enjoy your break!!!
:champagne: :-) Congratulations!
Looks like Facebook wants to pick up where SilverPush left off.
How can you patent a technique that is in use already?La Liga quiere usar móviles de particulares como espías a través de su aplicación


El organismo solicita el acceso al micrófono del teléfono para detectar posibles emisiones ilegales
Facebook patents system that can use your phone's mic to monitor TV habits

“The technology in this patent has not been included in any of our products, and never will be.”

Funniest thing I read all day!
 High Range, Australia 
To understand the magic of Lake Eyre, you have to see it from space


Piecing together months' worth of satellite imagery, we tracked flood waters for hundreds of kilometres on its remarkable journey from the top end to Lake Eyre.
 High Range, Australia 
Here's what I'm aiming for. Getting there slowly - there's a whole lot of code to refactor.

Wonderful! :-)
For complexity I'm currently thinking of putting most of the "additional features" and plugin configurations into Apps and do away with the additional features page. To do this, we need to split personal apps into "available" and "installed" and migrate many of the additional features into "available" apps. For example the Diaspora Protocol and Webpages should both be installable apps. For plugin configuration, you'll open the app - after you install it. The app description also needs to be extended so we can provide an extended info page about each one. Some apps which aren't already should migrate to addons.

The effect of this change is to symbolically (if not in fact) isolate all the additional cruft from the core project and get rid of all the complicated settings that are currently shown together and which can be overwhelming. If you want to install the E2EE app or ActivityPub Protocol app, go to the app "store". What many people do first thing in Hubzilla is to set their level to 'expert' and turn on every feature. Then they complain about the overwhelming complexity. You wouldn't install every app available from Google Play or F-Droid and then complain about the complexity of Android. Anyway, that's where I'm going with this. Hubzilla core is zot social networking, the files/photos, and events. All of these work well and work well together. For everything else, go to the app store.

 High Range, Australia 
So 30km from here, they're building a housing subdivison on top of a Koala corridor. Koalas are specific about the types of eucalyptus leaves they eat. These only grow along river/stream beds, hence 'corridor'. If you destroy this corridor there is no escape route for the koalas. They need to cross what is essentially a barren desert to them in order to migrate out of the threatened territory. Once the corridor is destroyed, the Campbelltown koala population will vanish. These are the last koalas in the world that are still fertile, because they don't have chlamydia. There are still a few dozen koalas in the southern highlands (on the other side of the Campbelltown corridor) which don't have chlamydia.  They are hiding out in the Blue Mountains Heritage Area (across the street from me) and travelling along the last known corridor. There are also a few dozen koalas in Victoria and Queensland, but they have chlamydia and probably won't survive 2-3 more generations. This is it folks. This is the last stand of the koala.

I understand that you may not have any sympathy for an endangered species that is alien to you; seeing as how it only exists on the other side of the world.

A million species are going to be wiped out of existence from the planet earth in the next five years. You're next.  Hope you aren't depending on the koalas to protect and defend your corridors.
i will send this pdf to my friend, she owns like 900 Lush stores in North America and she's on the board of directors for the company. I see there are Lush stores in Australia, at least one in Sydney. It's something they should publicize IMHO. I'm pretty sure She could easily pick up the phone and call whoever owns the stores in australia and make something happen in like 2 minutes. But I cannot promise anything..

LUSH Cosmetics North America


Welcome to LUSH Cosmetics, North America. We'll take you behind the scenes and into our kitchens, share product how-to's, visit our shops, and keep you up to...

she said she would check into it. I know she cares about animals, about 10 years ago she pretended to be a bloody seal in the street in toronto to bring attention to the seal killing issue.


hopefully they will get behind the koalas !
I've seen a couple of save the koalas commercials on prime time Sydney TV, produced by the Wollondilly council; so somebody is apparently helping out financially. That's good but we still need to raise awareness further. Better yet if we could shine a light on the state agency/bureaucrat that has the power to fix this. The Aussie housing bubble is also hitting a plateau which might buy us a bit more time; since it could slow development on the short term.
 High Range, Australia 
Currently working on the hardest of all nomadic identity problems - what to do if your nomadic identity is hijacked or stolen and you can no longer prove that you are really you. There is no possible automatic solution to this problem. The only thing that will work (to my knowledge) is if you make the hijack claim to all your friends and let them decide whether your new identity is actually you or somebody else; and let them a) accept your new identity as absolute, b) allow both identities to exist until they have more information, or c) reject your claim.

The dilemma is that making such a tool available actually makes it easier to hijack an identity, because anybody off the street can then claim that they're the realDonaldTrump (for instance); with no supporting documentation and force you to decide.  But it's absolutely vital that such a tool exists, because Vladimir Putin might have hijacked the account and left poor Donald with no way to babble to his faithful followers.
My take on the problem in two parts:

Part 1

First, as I see it, the largest attack surface for identity theft is you having a few clones and then a hub hosting one of your clones getting compromised. In other words, your resilience to occasional system failure should not be directly proportional to your risk of identity theft.

Second, most people can't handle certificates. Moreover, even most people who can, won't. Practice teaches us that somebody else needs to do it for them. In Zot world the entity that handles certificates for you is called a Hub. Moreover, people who can and are willing to handle their own certificates can and likely ultimately will handle their own hub.

This calls for assigning a hub as your one-and-only "trusted hub", which by default would be your "primary hub", but could be set to something different.

The trusted hub is just a hub that holds a "secret key", different from the channel's private key. The secret key isn't transmitted to other hubs upon cloning, nor exported with a channel backup. Ordinarily, it never leaves the trusted hub. (Remember, if you are capable and willing to trust yourself with your secret key, you're probably already running your own hub.)

The secret key has the power to give and revoke the authority of hubs hosting channel clones, beyond regular cloning. This is done by generating a new channel key pair, broadcasting the new public key, and distributing the new private key only to hubs whose clones it recognizes as legitimate. Hubs will in turn recognize and respect the boradcasted channel key change only - or with higher priority - when it is signed by the channel's secret key.

In turn, changing your trusted hub would involve the future trusted hub to generate its own secret key, the public part of the new secret key getting signed with the current trusted hub's secret key and then distributed everywhere.

Now, the scheme as described would allow channels to recover in case of loss of the trusted hub's domain name, and I kinda favor that. Still, one could argue for also keeping track of the trusted hub's domain name and verifying the origin of signed messages so that even a leaked secret wouldn't suffice to take over your identity. This may be of interest to some organisations, so perhaps this could be eventually added as an option.

In either case, really paranoid admins could keep their member's secret keys encrypted or even air gapped and require them to personally contact them to be able to resort to those.

Part 2

I don't think we can do better than this within the platform. Anything else goes into the realm of the particular and it will only cause confusion and facilitate identity theft to automate it. However, we can still do something to alleviate the pain when all your base got usurped despite every precaution.

That would be to allow a channel to declare a list of "conflicting channels". With such lists, if a member has two active channels in his address book where either of them lists the other as conflicting, then both channels' avatar and name, wherever they appear, would give out a signal alerting that there is a conflict claim involving that channel.

Clicking on the signal would take you to a page with details on the claim, like the involved webbies linked to their respective channel home and some directly useful info such as connection date and cloned locations. Plus, general suggestions on how to resolve the conflict, but no automated or guided resolution. Suggestions should instruct members to not trust either side of the claim, and try to find confirmation through the surest of means before deleting or archiving one of the connections.

There is also the case where you request to connect, or receive a connection request, from a channel that would conflict with one already in your address book. Then, the connection page should have an additional step so you can decide not to enact the connection. It would carry a warning and info about the conflict with an existing connection, with similar suggestions as above. Again, no automated or guided resolution. However, you should be able to confirm and connect to the channel should you choose to, for example to communicate with both and make up your mind. In this case, the previous situation would applly.

In any case, there should be no way to ever have two active conflicting channels in your address book without displaying the conflict signal. Perhaps even an undismissable notification is due. Members should get a clear message that there is a serious problem and that they must get rid of either contact.

With this in place, in case even your heavily guarded trusted hub gets pwned, you can set up a new channel and claim a conflict with your old channel. You'd then have to figure out yourself the best way to get the message to your folks in a way that they will trust, and that probably and best involves using means of communication and context beyond the platform itself.

In the particular case where realDonaldTrump gets his secret key stolen and Putin sets up a Zot-authoritative clone at, the simple fact that the new channel's connection request will raise a conflict with the old one, while having as its primary hub, will make everyone but Hillary converge to the right side, keeping the new channel.

Well, that is my long long take. And, of course, there should be no surprise when @Mike Macgirvin comes up with a better idea (-:
Actually, that's pretty good.
I like the idea of having a passphrase/secret to lockdown a compomised key. That could be backed up in various ways. Written down and taken away in a steel safe. With this secret you should be able to declare a key as invalid and locked down. So further communication is prohibited and all connections get a warning.

I think there should be no direct renewal option, because the case of a hijacked identity should enforce massive investigation.
 High Range, Australia last edited: Sun, 27 May 2018 18:13:45 +1000  
Consider that the project that is the gold standard of ActivityPub compatibility (think extinct elephant) doesn't work with Example2, Example3, Example4, or Example5 of the ActivityPub spec. It will reject these activities and silently drop them as "malformed". These four examples describe in detail how basic, simple communications work in ActivityPub.
 High Range, Australia 
Since the heavy lifting is being done in a repository none of you can see, here's what's happening at the moment with zot6.

The basic protocol is just about defined. It's not *too* much different than zot, but there are still substantial changes in the way data is organised and transferred. So far I have only had to add one table column to the database. There will be more.

Sometime in the next week (or so) I expect to be able to connect two channels. The last remaining hurdle is (yet another)  permission system upgrade.  This is a hard slog as I'm trying to do away with a static permission list completely and let permissions like 'can shave my cat' appear at any time and just work. The current architecture does this but there's a nasty little upgrade process to merge it into the system.

Sometime in the next 2-3 weeks I expect to be able to start sending messages.

On the longer term roadmap and in rough order (I can't define a timeline until the earlier components start to materialise):

- Finish the protocol supporting documentation
- remove bbcode as the base content type
- Release the zot6 base project 'zap' for pioneers to play with
- Strip out everything that isn't a social network suitable for the intellectually challenged and release it as 'denim'.
- add support for the activitystreams data type
- migrate the new protocol to hubzilla
Sometime in the next 2-3 weeks I expect to be able to start sending messages.
Faster than light you are :-)
It just keeps getting better...


(The "from ActivityPub" is leftover code in the ActivityStreams parser that hasn't yet been removed).

So here's why this matters...  it's "sort of" like ActivityPub and you can use the same messages and libraries, but with all the goodness of zot (nomadic identity, strong encryption, reliable third-party signatures, minimal and encrypted metadata, none of Mastodon's "quirks" like removing all the interesting HTML tags and generating warnings when you add summaries and forcing you to mention people to deliver anything private to them,  as well as the federation benefits of an 'open' network that doesn't block delivery of messages to third parties from authors who use different protocols).

Anyway, there's a lot of work left to do, but that is what I'm up to and this is why I'm doing it.
Superb! :-)
 High Range, Australia 
Facebook to change terms of service for Australian users to avoid EU privacy law


The world's largest social network is keen to reduce its exposure to a new European privacy law.
They want European standards for everybody in the world... but just in case that could cost money they move the data to America...

I guess the new terms are something like "We want to protect your data and whatever. Just click ok, we don't care anyway" ;)
It goes to show that multi-nationals don't play by the same rules as the rest of us. Despite the claims to the contrary, Australians are considered as Irish in the Facebook ledger because this allows Facebook to not pay any taxes in Australia (literally zero - ever). This came out in questioning by the tax office a few years ago. American taxes are too high so this move is temporary until they convince another country to give them a low tax rate and also shield them from international privacy laws. This isn't too hard if you've got money clout. If I were a Facebook lawyer I'd be bribing talking to North Korea, Somalia, or Cuba.
In Brazil we've got Xote.
Thank you, @elmussol and @Marshall Sutherland ! :-) Remember, there are also 364 unbirthdays! :-D
Happy Day Old Man!
Thank you, @Adam Robertson ! :-)
 High Range, Australia 
The duke and duchess of Wild Meadow send their best wishes to the duke and duchess of Sussex. May they live long and prosper.
 High Range, Australia 
holy canoly
 High Range, Australia 
Music Videos of the World


Traffic ~ Full Concert ~ Live  Santa Monica 1972
 High Range, Australia 
Blue eggs offered as a solution to identify pasture-raised produce


Smaller producers will think it's a cool egg but the big guys probably wouldn't be interested. So it could naturally become known as a sign of pasture-raised.

So smaller producers will be able to charge more money. And the big producers will never notice or want to increase their margins. Uh-huh. Got it. Wink.
I have seen green and blue eggs for the first time when I was in Indonesia. In the last years I have seen them also here in some small markets.
In here every single egg has a number on it which already tells the provenance of the egg. I am still wondering how they are doing this.
Just have your own chickens ;-)
 High Range, Australia 
Frank Zappa on The Steve Allen Show March 4, 1963.mp4


Frank promotes his new record How's Your Bird & The Worlds Greatest Sinner movie and then plays a bicycle with Steve. Fun for all.
  last edited: Tue, 08 May 2018 17:27:17 +1000  

Edit: there is Frank Rosolino sitting in in the horn section.
  last edited: Sat, 12 May 2018 05:56:41 +1000  
was he clairvoyant writing about 'plastic people' with the currently trendy 'software photo filters'
the first girl i did it with, her father had a great music collection. that's where i first got into MOI and Zappa. A friend of mine bought me Ship Arriving Too Late to Save a Drowning Witch (on vinyl) in the 1980's, it had valley girl and i think Steve Vai on guitar.
on mother's day (in the USA anyway. mexico was last week and dominican republic is 27th, it's probably different everywhere?) anyway it's MOI day.

this is a great find on youtube. 200 motels promo with soundtrack.

Frank V Zappa's 200 Motels 100 200 MOTELS PROMO


Promo TV spot for 200 Motels (1971)