#Capitalism didn't give us the #internet.
Large-scale #cooperation, open #protocols, and free #software gave us the internet. Capitalism gave us mobile sites that don't work because fifteen ads cover the screen.
Recent searches
Search options
Administered by:
#protocols
0 posts0 participants0 posts today
Web 3.0 Requires Data Integrity
If you’ve ever taken a computer security class, you’ve probably learned about the three legs of computer security—confidentiality, integrity, and availability—known as the CIA ... https://www.schneier.com/blog/archives/2025/04/web-3-0-requires-data-integrity.html
Schneier on Security · Web 3.0 Requires Data Integrity - Schneier on SecurityIf you’ve ever taken a computer security class, you’ve probably learned about the three legs of computer security—confidentiality, integrity, and availability—known as the CIA triad. When we talk about a system being secure, that’s what we’re referring to. All are important, but to different degrees in different contexts. In a world populated by artificial intelligence (AI) systems and artificial intelligent agents, integrity will be paramount. What is data integrity? It’s ensuring that no one can modify data—that’s the security angle—but it’s much more than that. It encompasses accuracy, completeness, and quality of data—all over both time and space. It’s preventing accidental data loss; the “undo” button is a primitive integrity measure. It’s also making sure that data is accurate when it’s collected—that it comes from a trustworthy source, that nothing important is missing, and that it doesn’t change as it moves from format to format. The ability to restart your computer is another integrity measure...
“The #Signal #leak was never about an #app. It was a diagnostic stain, exposing the rot festering beneath the Mythic US’s #veneer of #democracy and #law. The fleeting obsession with #encryption #protocols and personnel errors encapsulated the farce: a society expertly trained by its #distraction #machine to fixate on trivialities while the Operational US – the militarist-oligarchic core – wages #illegal #wars with #psychopathic #impunity”
The Geopolitical Compass · Beyond the App: America's Willing Acceptance of Imperial Crime
'Identifying, Engaging, and Supporting Care Partners in Clinical Settings: Protocol for a Patient Portal–Based Intervention' - a JMIR #Research #Protocols article on #ScienceOpen:
https://www.scienceopen.com/document?vid=5af4004c-3562-43d6-813b-5c8e1f63764f
ScienceOpenIdentifying, Engaging, and Supporting Care Partners in Clinical Settings: Protocol for a Patient Portal–Based Intervention<div xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="section">
<a class="named-anchor" id="d13359648e562">
<!--
named anchor
-->
</a>
<h5 class="section-title" id="d13359648e563">Background</h5>
<p dir="auto" id="d13359648e565">In the United States, the landscape of unpaid care delivery is both challenging and
complex, with millions of individuals undertaking the vital role of helping families
(broadly defined) manage their health care and well-being. This includes 48 million
caregivers of adults, 42 million of whom are caregivers of adults aged 50 years or
older. These family care partners provide critical and often daily support for tasks
such as dressing and bathing, as well as managing medications, medical equipment,
appointments, and follow-up care plans.
</p>
</div><div xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="section">
<a class="named-anchor" id="d13359648e567">
<!--
named anchor
-->
</a>
<h5 class="section-title" id="d13359648e568">Objective</h5>
<p dir="auto" id="d13359648e570">This study aimed to implement a novel patient portal–based intervention to identify,
engage, and support care partners in clinical settings.
</p>
</div><div xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="section">
<a class="named-anchor" id="d13359648e572">
<!--
named anchor
-->
</a>
<h5 class="section-title" id="d13359648e573">Methods</h5>
<p dir="auto" id="d13359648e575">The project team collaborated with 3 health care organizations (6 primary care practices
in total) to design and implement a patient portal–based intervention. Three days
in advance of a visit, patients were invited to log on to their patient portal account
and answer a brief questionnaire as part of the routine electronic check-in process
asking them to (1) identify themselves as the patient or someone answering for the
patient, (2) report major life changes, (3) set the agenda for the upcoming visit,
and (4) report on care partner responsibilities. Respondents’ answers to this brief
questionnaire were available to providers ahead of the visit. Patients with care partner
responsibilities, as well as care partners answering the questionnaire on behalf of
patients, were provided a link to the ARCHANGELS Caregiver Intensity Index to measure
the intensity of their caregiving role and motivate care partners to connect with
suggested state and local resources.
</p>
</div><div xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="section">
<a class="named-anchor" id="d13359648e577">
<!--
named anchor
-->
</a>
<h5 class="section-title" id="d13359648e578">Results</h5>
<p dir="auto" id="d13359648e580">The intervention was launched in September 2022 at Organization A. Organization B
launched in May 2023 in one clinic and June 2023 in the other. In focus groups, staff
and clinicians reported that the intervention was easy to implement and did not cause
workflow disruption. At 6 months post implementation, across both organizations, a
total of 22,152 patients had received questionnaires and 13,825 (62.4%) had submitted
completed questionnaires. Full data will be reported at the completion of the intervention
period.
</p>
</div><div xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="section">
<a class="named-anchor" id="d13359648e582">
<!--
named anchor
-->
</a>
<h5 class="section-title" id="d13359648e583">Conclusions</h5>
<p dir="auto" id="d13359648e585">Early results suggest that the intervention could be an easily scalable and adaptable
method of identifying and supporting care partners in clinical settings.
</p>
</div><div xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="section">
<a class="named-anchor" id="d13359648e587">
<!--
named anchor
-->
</a>
<h5 class="section-title" id="d13359648e588">International Registered Report Identifier (IRRID)</h5>
<p dir="auto" id="d13359648e590">DERR1-10.2196/66708</p>
</div>
A great video about why #Bluesky is NOT recommended as a truly open and independent alternative to mainstream #socialmedia.
@niccolove @niccolo_ve
#activitypub #fediverse #atproto #protocols #thefutureisfederated
Replied in thread
Which #Messenger To Replace the #DataKraken #WhatsApp with? 
(5/n)
... I still have one, but federated #XMPP just somehow can't seem to take hold outside of its own niche" .
If you wanted to dig down even further, you'd get to the point where you'd have to deal with #Protocols:
https://eattherich.club/@jmhorner/110991346559623491
A French 
librarian association made an...
ETRJM Horner ™️ (@jmhorner@eattherich.club)@HistoPol@mastodon.social @smallcircles@social.coop
Sweet! :-) For those who do not know, XMPP is a protocol (similar to the ActivityPub protocol being used by various fediverse services) that has many client applications. I can't think of any proprietary clients, though one or more may exist somewhere. XMPP actually spawned from Jabber (the protocol Google Talk originally used), and it is generally used for instant messaging style communications. It has the ability to include media, and can be end-to-end encrypted with [most commonly] OTR, OMEMO, or PGP.
Jitsy on the other hand is a little more complicated, and in fact includes some XMPP interoperability. It has video conferencing services similar to what you might find in Teams or Zoom. It is open source, and can support end-to-end encryption when using a Chromium based browser.
Both XMPP and Jitsy servers may or may not log IP addresses in the same way a web server like Apache or NGINX does. Though I imagine if that were added to the list for them, it would need to be added to the list for all of the others as well. Unique identifiers such as email address and phone number are simply not required for using either, and I am not aware of any XMPP or Jitsy services that have any advertising.
Thanks for making the chart and if you have any other questions, do please let me know. :-)
The fact DoS-ing a server is even effective as a method of silencing anyone/anything is an indicator of the wrong design being used.
Server-centric design is almost always the wrong architecture to use for anything that is not strictly and invariably hierarchical (and even then, a *lot* of cases can do with message-centric and/or content-addressed distributed protocols).
#SoftwareDesign #Software #Servers #Protocols #Architecture #DoingItWrong
Server-centric design is almost always the wrong architecture to use for anything that is not strictly and invariably hierarchical (and even then, a *lot* of cases can do with message-centric and/or content-addressed distributed protocols).
#SoftwareDesign #Software #Servers #Protocols #Architecture #DoingItWrong
When it comes to #Dentralised social media, #ActivityPub (and #Mastodon by extension ) offers a good middle ground. Other #protocols either are too technical for normal people or they rely on a company for funding ( e.g #Bluesky )
Bluesky SocialBluesky
Replied in thread
@ayo did you come across #radicle yet? Looks really intriguing. They did a lot of R&D, seem to have nailed the #protocols now. I'm going to try it for my next #opensource project
radicle.xyzRadicleSovereign code infrastructure.
Pairwise Authentication of Humans
Here’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations.
To mitigate that risk, I have develop... https://www.schneier.com/blog/archives/2025/02/pairwise-authentication-of-humans.html
Schneier on Security · Pairwise Authentication of Humans - Schneier on SecurityHere’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations. To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons. This is how it works: Two people, Person A and Person B, sit in front of the same computer and open this page; They input their respective names (e.g. Alice and Bob) onto the same page, and click “Generate”; The page will generate two TOTP QR codes, one for Alice and one for Bob; ...
NEWSCARD: Decentralized, Encrypted Paste Bin via Usenet Newsgroups
NEWSCARD Publish and fetch permanent named records via Network News
Newscard creates a decentralized, encrypted, named record paste bin.
[git repo] https://codeberg.org/OCTADE/newscard (use most recent version only)
With a single command, name the card, snarf the file and encrypt it.
With another command, push the encrypted file to the public network.
With another short command, snarf a file from the network.
Only users knowing the name [key] of the record will be able to decrypt it.
If a strong passphrase is used to name the file, it will be very secure.
This is useful for quickly snarfing, encrypting, and publishing a text file:
$~: card enc [passphrase] [file]
$~: card put [passphrase]
It is useful for retrieving a text file with just a key:
$~: card get [passphrase]
$~: card show [passphrase]
If and when you want the general public to access the record just share the keyword.
Newscard uses nine (9) (NINE) layers of encryption with OpenSSL chacha20 cipher.
Newscard generates 9 each of: cipher keys, salts, key iteration parameters.
It would be nice if something like this were added to the ActivityPub protocol, such that keyword[@]host.url would do the same thing. Then secret text records could be stored securely for later retrieval or revelation.
#NewsCard #Pastebin #Usenet #NNTP #NetworkNews #Encryption #Cryptography #Messaging #Anonymity #Protocols #OpenSource #FreeSoftware #BlackHackJack #Censorship #Retro #InfoSec #Ciphers #Codes #FOSS
@infostorm@a.gup.pe @crypto@a.gup.pe @infosec@a.gup.pe
NEWSCARD Publish and fetch permanent named records via Network News
Newscard creates a decentralized, encrypted, named record paste bin.
[git repo] https://codeberg.org/OCTADE/newscard (use most recent version only)
With a single command, name the card, snarf the file and encrypt it.
With another command, push the encrypted file to the public network.
With another short command, snarf a file from the network.
Only users knowing the name [key] of the record will be able to decrypt it.
If a strong passphrase is used to name the file, it will be very secure.
This is useful for quickly snarfing, encrypting, and publishing a text file:
$~: card enc [passphrase] [file]
$~: card put [passphrase]
It is useful for retrieving a text file with just a key:
$~: card get [passphrase]
$~: card show [passphrase]
If and when you want the general public to access the record just share the keyword.
Newscard uses nine (9) (NINE) layers of encryption with OpenSSL chacha20 cipher.
Newscard generates 9 each of: cipher keys, salts, key iteration parameters.
It would be nice if something like this were added to the ActivityPub protocol, such that keyword[@]host.url would do the same thing. Then secret text records could be stored securely for later retrieval or revelation.
#NewsCard #Pastebin #Usenet #NNTP #NetworkNews #Encryption #Cryptography #Messaging #Anonymity #Protocols #OpenSource #FreeSoftware #BlackHackJack #Censorship #Retro #InfoSec #Ciphers #Codes #FOSS
@infostorm@a.gup.pe @crypto@a.gup.pe @infosec@a.gup.pe
NEWSCARD: Decentralized, Encrypted Paste Bin via Usenet Newsgroups
NEWSCARD Publish and fetch permanent named records via Network News
Newscard creates a decentralized, encrypted, named record paste bin.
[git repo] https://codeberg.org/OCTADE/newscard (use most recent version only)
With a single command, name the card, snarf the file and encrypt it.
With another command, push the encrypted file to the public network.
With another short command, snarf a file from the network.
Only users knowing the name [key] of the record will be able to decrypt it.
If a strong passphrase is used to name the file, it will be very secure.
This is useful for quickly snarfing, encrypting, and publishing a text file:
$~: card enc [passphrase] [file]
$~: card put [passphrase]
It is useful for retrieving a text file with just a key:
$~: card get [passphrase]
$~: card show [passphrase]
If and when you want the general public to access the record just share the keyword.
Newscard uses nine (9) (NINE) layers of encryption with OpenSSL chacha20 cipher.
Newscard generates 9 each of: cipher keys, salts, key iteration parameters.
It would be nice if something like this were added to the ActivityPub protocol, such that keyword[@]host.url would do the same thing. Then secret text records could be stored securely for later retrieval or revelation.
#NewsCard #Pastebin #Usenet #NNTP #NetworkNews #Encryption #Cryptography #Messaging #Anonymity #Protocols #OpenSource #FreeSoftware #BlackHackJack #Censorship #Retro #InfoSec #Ciphers #Codes #FOSS
@infostorm@a.gup.pe @usenet@lemmy.world @crypto@a.gup.pe @infosec@a.gup.pe
NEWSCARD Publish and fetch permanent named records via Network News
Newscard creates a decentralized, encrypted, named record paste bin.
[git repo] https://codeberg.org/OCTADE/newscard (use most recent version only)
With a single command, name the card, snarf the file and encrypt it.
With another command, push the encrypted file to the public network.
With another short command, snarf a file from the network.
Only users knowing the name [key] of the record will be able to decrypt it.
If a strong passphrase is used to name the file, it will be very secure.
This is useful for quickly snarfing, encrypting, and publishing a text file:
$~: card enc [passphrase] [file]
$~: card put [passphrase]
It is useful for retrieving a text file with just a key:
$~: card get [passphrase]
$~: card show [passphrase]
If and when you want the general public to access the record just share the keyword.
Newscard uses nine (9) (NINE) layers of encryption with OpenSSL chacha20 cipher.
Newscard generates 9 each of: cipher keys, salts, key iteration parameters.
It would be nice if something like this were added to the ActivityPub protocol, such that keyword[@]host.url would do the same thing. Then secret text records could be stored securely for later retrieval or revelation.
#NewsCard #Pastebin #Usenet #NNTP #NetworkNews #Encryption #Cryptography #Messaging #Anonymity #Protocols #OpenSource #FreeSoftware #BlackHackJack #Censorship #Retro #InfoSec #Ciphers #Codes #FOSS
@infostorm@a.gup.pe @usenet@lemmy.world @crypto@a.gup.pe @infosec@a.gup.pe
Ok - I've been told that HTTP 418 belongs in the 400 block because it's the same as requesting a non-existent file. This argument claims that 418 is the same as 404.
I tend to think of 418 as being more analogous to 501. You cannot put coffee in a teapot, which is a statement about the teapot.
My wife and I have two cards for an account with a major credit card. Traveling recently, she'd made a purchase on that card that triggered texts and emails to me worrying about fraud. This really bugs me.
Don't ask me why they're asking ME, not her. They CAN tell the cards apart. They should have asked her directly. It'd have been even faster. Delay was due to asking the wrong person.
"Charge OK? Yep. OK, done." That's all it should have been.
I verified things with my wife and texted back to the card's SMS query that it was OK.
But even after I inefficiently confirmed all was well, upon going to the web site, I was again confronted with the Fraud Department wanting to confirm purchases that I had already, through their clumsy interface, dismissed as non-issues.
Also at the site, I saw that they were playing a back-and-forth thing where the vendor was repeatedly retrying apparent new transactions to get an affirmative response. Every vendor in the universe likely knows there's no other way to get past this than to keep trying.
Given how bad their internal bookkeeping is, that they don't know I've dismissed this alert, I kept wondering what the chances are that sometimes people just get double-billed. You'd like to think there was a consistent state, a database, a single source of authority with data integrity and a unique view, but then again, they're not showing evidence they're good at that.
And now today I got mail from their fraud department asking me about my experience and whether, based on that, I'd recommend the card to a friend.
It WASN'T an incident of fraud. It was confirmed normalcy. It should have been finished now. Having already wasted my time once, they want to waste it more?
And let's leave aside my annoyance at the fact that every business in the universe has converged on this practice which (a) assumes I make recommendations based on a single experience, and/or (b) seems to be trying to single out an agent for blame, rather than considering process.
I seriously doubt that feedback from these surveys ever reaches the people designing the offending processes because modern customer service seems to have as its bedrock principle that no one inside the company should ever learn what the customer experience is. It feels like the purpose of customer service is as armor to make sure that the business can really see, much less absorb, the vast amount of useful information that customers would willingly provide about just how bad their product is. I think this because the worst parts never change, no matter how many of these surveys I fill out.
Here's what I wrote today:
«Declining a valid charge is not the answer to fraud. You may feel hampered by existing protocols, but the credit card companies all have this problem and all profess helplessness. They/you own this problem.
The problem is that every time you decline a purchase, the person we're buying from can't tell the difference between a stolen card, someone who doesn't manage money right, and you just being nervous. Create a way to send an error code that distinguishes these. A temporary error that says "I'm querying the customer, please retry this transaction." or even a way to just ask a question before responding. It's completely preposterous that the correct solution to this problem is to leave egg on my face because you can't have rational network protocols that fairly represent the actual information that needs to be represented.
You're using outdated ways of doing things because you're too lazy to make a new standard, and you figure it's just fine if you sully the reputation of every customer every time they make a nervous-making transaction, that they'll be fine about it, that they won't mind the uncomfortable conversations, that they love to have email, text, etc. in a zillion different places for a single transaction, information that confusingly lingers after-the-fact an that is just clutter.
So you're asking me now whether I think that was a kind of fun experience that would make me recommend your card to someone else? Do you hear yourself? Did this question really need to be asked?
What you did does not instill confidence. It just makes a mess of a routine situation that should have a routine interaction, and there is nothing about this interaction that has the look of routine, other than that customers are used to getting dumped on big Big Credit and having to take whatever you dish out.»
After more multiple choice questions, they asked if I had any other comments to add. I did add some reminders about alert fatigue and how real problems are likely to slip through the cracks when they're doing these other things.
Is it any wonder that not all of us are reassured by billionaires taking over the US and saying "don't worry, we're good at this", "deregulate us", "run the US like a business"?
Just read this in-depth article by @cwebber - known as one of the founders of ActivityPub spec - on the question 'How decentralized is Bluesky really?'
https://dustycloud.org/blog/how-decentralized-is-bluesky/
Recommended reading if you want to understand a bit more about the architectural approach Bluesky is taking.
Spoiler:
"[..] Bluesky is not meaningfully decentralized and that it is certainly not federated according to any technical definition of federation [..]"
dustycloud.orgHow decentralized is Bluesky really? -- Dustycloud Brainstorms
"…there will always have to be a large corporation at the heart of #Bluesky or the #ATprotocol, and the network will have to rely on that corporation to control things like identity, illegal content and spam. This may be a good enough for most users (many of whom likely don't know or care about #decentralization or #protocols, etc) but it's likely to be a centralized system that relies on trusting a central authority.
Decentralized in theory, but centralized in practice."
https://torment-nexus.mathewingram.com/is-bluesky-decentralized-its-complicated/
The Torment Nexus · Is Bluesky decentralized? It's complicatedA couple of weeks ago, I wrote at The Torment Nexus about whether Bluesky could become the new Twitter, and whether that would be a good thing or not. Since then, the network has just continued to ramp up its growth — it now has more than 23 million members, up
I hate how #Mastodon and #Bluesky fight over which one is better. We should just be happy that people are using #ActivityPub and #atproto!
Security Analysis of the MERGE Voting Protocol
Interesting analysis: An Internet Voting System Fatally Flawed in Creative New Ways.
Abstract: The recently published “MERGE” protocol is designed to be used in t... https://www.schneier.com/blog/archives/2024/11/security-analysis-of-the-merge-voting-protocol.html
Schneier on Security · Security Analysis of the MERGE Voting Protocol - Schneier on SecurityInteresting analysis: An Internet Voting System Fatally Flawed in Creative New Ways. Abstract: The recently published “MERGE” protocol is designed to be used in the prototype CAC-vote system. The voting kiosk and protocol transmit votes over the internet and then transmit voter-verifiable paper ballots through the mail. In the MERGE protocol, the votes transmitted over the internet are used to tabulate the results and determine the winners, but audits and recounts use the paper ballots that arrive in time. The enunciated motivation for the protocol is to allow (electronic) votes from overseas military voters to be included in preliminary results before a (paper) ballot is received from the voter. MERGE contains interesting ideas that are not inherently unsound; but to make the system trustworthy—to apply the MERGE protocol—would require major changes to the laws, practices, and technical and logistical abilities of U.S. election jurisdictions. The gap between theory and practice is large and unbridgeable for the foreseeable future. Promoters of this research project at DARPA, the agency that sponsored the research, should acknowledge that MERGE is internet voting (election results rely on votes transmitted over the internet except in the event of a full hand count) and refrain from claiming that it could be a component of trustworthy elections without sweeping changes to election law and election administration throughout the U.S...
Replied in thread
@Etche_homo @pomarede i decided not to establish my presence in any service that doesn't allow me to #migrate my #social #network to another #server / #selfhost easily. There are really good posts detailing how #enshittification happens for every service with high exit cost. Therefore I'm fully supporting open #protocols (such as activity pub, rss or email) over services.
Title: #Protocols, Not #Platforms: A Technological Approach to #FreeSpeech
Subtitle: Altering the internet's economic and digital infrastructure to promote free #speech
Link: https://knightcolumbia.org/content/protocols-not-platforms-a-technological-approach-to-free-speech
Knight First Amendment InstituteProtocols, Not Platforms: A Technological Approach to Free Speech