fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

10K
active users

#weboftrust

2 posts2 participants0 posts today
Colin Cogle :verified:<p><span class="h-card" translate="no"><a href="https://gaygeek.social/@vlpatton" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>vlpatton</span></a></span> The classic method is a key signing party. Get a bunch of people in the same room with legal photo identification and their fingerprints, and go around the room checking everyone else’s ID. Then, go home and sign everyone’s keys. Send the signed key to the key owner. Import signed keys and collect signatures!</p><p>Key servers sharing signatures haven’t been a thing since the attacks years ago. Any modern keyserver will strip the signatures, so you’ll have to distribute your key with signatures some other way (WKD, DNS, a file on your web site, etc.).</p><p>CAcert will do PGP key endorsements if you get enough assurances on their platform. Everyone with a signed key has had two forms of ID checked by two people. However, their infrastructure can only work on old-school RSA keys right now (they’re working on modernizing).</p><p><a href="https://mastodon.colincogle.name/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> <a href="https://mastodon.colincogle.name/tags/GnuPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GnuPG</span></a> <a href="https://mastodon.colincogle.name/tags/CAcert" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CAcert</span></a> <a href="https://mastodon.colincogle.name/tags/KeySigningParty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KeySigningParty</span></a> <a href="https://mastodon.colincogle.name/tags/cryptoparty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptoparty</span></a> <a href="https://mastodon.colincogle.name/tags/WebOfTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebOfTrust</span></a></p>
Ayzee 🏳️‍⚧️<p>how does one perhaps acquire signatures for their PGP key? I'm wanting to build a web of trust, but I'm unsure if there's anyone I know personally (and especially in-person) who would be able to sign my keys...</p><p>fwiw, I use my keys to sign Git commits, mostly.</p><p><a href="https://gaygeek.social/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> <a href="https://gaygeek.social/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Encryption</span></a> <a href="https://gaygeek.social/tags/WebOfTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebOfTrust</span></a> <a href="https://gaygeek.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GnuPG</span></a></p>
CarK :python:<p><span class="h-card" translate="no"><a href="https://bonn.social/@Sascha" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Sascha</span></a></span> </p><p>Ein ähnliches Beispiel ist das Recht auf Anonymität: Wichtig um Missstände aufzudecken ("Whistle-Blowing"), wird aber oft für Hetze und Desinformation benutzt.</p><p>→ Es braucht mittelfristig ein kluges Management von Vertrauen im Internet.</p><p>Das <a href="https://social.tchncs.de/tags/WebOfTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebOfTrust</span></a> [1] hat das Problem im Bereich <a href="https://social.tchncs.de/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>-basierter E-Mail-Authentizität eigentlich schon gelöst. Sowas ähnliches bräuchte es (zeitgemäß umgesetzt) für allgemeine Informationen.</p><p>[1] <a href="https://de.wikipedia.org/wiki/Web_of_Trust" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">de.wikipedia.org/wiki/Web_of_T</span><span class="invisible">rust</span></a></p>
jack 💥<p>I decree that <a href="https://mastodon.online/tags/mozilla" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mozilla</span></a> should create a <a href="https://mastodon.online/tags/weboftrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>weboftrust</span></a> mechanism. Kinda of like what keybase used to be. As way to very identity others so you can safety chat, share, exchange, etc. </p><p>In a world of bullshit ID (Azure, Google, Amazon, Apple, Etc) having an ID that wasn't tied to a billionaire corp, g-men, or government name it would be a valued service. Offer a premium version that makes it supercharged. place it behind firefox ID.</p><p>xoxo</p><p><a href="https://mastodon.online/tags/brainstorm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>brainstorm</span></a> <a href="https://mastodon.online/tags/firefox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firefox</span></a></p>
Benedikt Ritter (he/him)<p>The keybase.io proof for my domain just broke because I recreated my website. Does anybody still use keybase.io? It felt like it was a great idea in the beginning but then introduced crypto currencies which felt shady to me.</p><p><a href="https://chaos.social/tags/WebOfTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebOfTrust</span></a> <a href="https://chaos.social/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://chaos.social/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> <a href="https://chaos.social/tags/keybase_io" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>keybase_io</span></a></p>
Christian Thäter<p>Just a Brainfart:</p><p>How about a verify button next to the fav button to a post. People who verified the content of a post can check this.</p><p>One can tag people/accounts as 'trustworthy'.</p><p>Toots then be shown differently:<br> * gray '?' when validity is unknown<br> * blue :verified: when someone trusted verified it<br> * green checkmark when oneself verified it</p><p>In account settings one could configure<br>a warning/error when sharing unverified content.</p><p>Building a <a href="https://karlsruhe-social.de/tags/WebOfTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebOfTrust</span></a> on <a href="https://karlsruhe-social.de/tags/mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mastodon</span></a> against <a href="https://karlsruhe-social.de/tags/fakenews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fakenews</span></a>.</p>
ManiMeWe made a WoT thing…<br><a href="https://grapevine.my" rel="nofollow noopener noreferrer" target="_blank">https://grapevine.my</a><br>Checkout this client demo using the GrapeRank algorithm. It scans the (almost) entire Nostr network to find people “close to you” that may NOT be on your radar. <br><br>The GrapeRank algorithm was designed by <span class="h-card"><a class="u-url mention" href="https://mostr.pub/users/e5272de914bd301755c439b88e6959a43c9d2664831f093c51e9c799a16a102f" rel="nofollow noopener noreferrer" target="_blank">@<span>e5272de9</span></a></span> as a better way to do “Web of Trust”. Last year, he and I worked together to refine it and develop this demo of its capabilities. The algo itself is open source and configurable (in what kind of events it pulls from Nostr and how to interpret these for calculating GrapeRank scores) and has its own repository.<br><a href="https://github.com/Pretty-Good-Freedom-Tech/graperank-nodejs" rel="nofollow noopener noreferrer" target="_blank">https://github.com/Pretty-Good-Freedom-Tech/graperank-nodejs</a><br><br>If you are interested in developing or using algorithms on Nostr, please take a look at this demo (and repo) and share with others. <br><br>Freedom of choice is powerless without a thriving and open market of choices. This is (part of) our contribution to this market. <br><br><a class="mention hashtag" href="https://mostr.pub/tags/wot" rel="nofollow noopener noreferrer" target="_blank"><span>#</span>wot</a><br><a class="mention hashtag" href="https://mostr.pub/tags/weboftrust" rel="nofollow noopener noreferrer" target="_blank"><span>#</span>weboftrust</a><br><a class="mention hashtag" href="https://mostr.pub/tags/nostrdev" rel="nofollow noopener noreferrer" target="_blank"><span>#</span>nostrdev</a><br><a class="mention hashtag" href="https://mostr.pub/tags/algo" rel="nofollow noopener noreferrer" target="_blank"><span>#</span>algo</a><br><a class="mention hashtag" href="https://mostr.pub/tags/foss" rel="nofollow noopener noreferrer" target="_blank"><span>#</span>foss</a>
Rob Pegoraro<p><strong>Weekly output: Internet founders in D.C., Tim Berners-Lee at Web Summit, Bluesky account-verification advice</strong></p><p>This holiday-shortened week still had a lot of work–just not all the kind that yielded bylines, in some cases not the kind that will yield bylines this year.</p><p>11/25/2024: <a href="https://www.pcmag.com/news/internet-founders-open-architectures-are-best-but-big-tech-makes-it-difficult" rel="nofollow noopener noreferrer" target="_blank">Internet Founders: Open Architectures Are Best, But Big Tech Makes It Difficult</a>, PCMag</p><p>As I <a href="https://robpegoraro.com/2024/11/23/reminder-its-neat-covering-a-technology-when-its-inventors-are-still-around-to-talk-about-it/" rel="nofollow noopener noreferrer" target="_blank">wrote last week</a>, it’s a treat seeing Internet pioneers speak about how their collective invention has been working out and what we ought to be doing with it.</p><p>11/27/2024: <a href="https://www.fastcompany.com/91231379/tim-berners-lee-solid-inrupt-pod-digital-wallet" rel="nofollow noopener noreferrer" target="_blank">The man who gave us the web is building a better digital wallet</a>, Fast Company</p><p>My Fast Company editor Harry McCracken asked if I wanted to join him to quiz the inventor of the Web at Web Summit, and I quickly said I’d clear my schedule for that. Like&nbsp;<a href="https://robpegoraro.com/2022/11/13/weekly-output-web-summit-tim-berners-lee-1password-slingbox-rocket-lab/" rel="nofollow noopener noreferrer" target="_blank">two years ago</a>,&nbsp;Harry asked most of the questions and then wrote up our conversation.</p><p>11/29/2024: <a href="https://www.pcmag.com/how-to/real-or-imposter-how-to-verify-that-a-bluesky-account-is-legit" rel="nofollow noopener noreferrer" target="_blank">Real or Imposter? How to Verify That a Bluesky Account Is Legit</a>, PCMag</p><p>My inspiration for this how-to came from <a href="https://bsky.app/profile/robpegoraro.com/post/3lbfkwvwi4k2r" rel="nofollow noopener noreferrer" target="_blank">seeing some bozo try to impersonate Rep. Don Beyer</a> (D.-Va.) on Bluesky, then wondering why my congressman had not <a href="https://bsky.social/about/blog/4-28-2023-domain-handle-tutorial" rel="nofollow noopener noreferrer" target="_blank">domain-verified</a> his account with a house.gov handle, then <a href="https://bsky.app/profile/robpegoraro.com/post/3lbfvcaomt22h" rel="nofollow noopener noreferrer" target="_blank">personally shaming Bay Area Rapid Transit into tweeting its Bluesky handle from its verified X account</a> (BART has since domain-verified its account). My editors then updated the post Sunday with details from <a href="https://bsky.app/profile/safety.bsky.app/post/3lc4h7p676225" rel="nofollow noopener noreferrer" target="_blank">posts Friday afternoon by Bluesky’s safety account</a> about how the platform is dealing with this impersonation problem–including a recognition that “users want more ways to verify their identity beyond domain verification.”</p><p><a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/account-impersonation/" target="_blank">#accountImpersonation</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/bluesky/" target="_blank">#Bluesky</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/domain-name-verification/" target="_blank">#domainNameVerification</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/project-liberty/" target="_blank">#ProjectLiberty</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/social-media-fraud/" target="_blank">#socialMediaFraud</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/social-media-verification/" target="_blank">#socialMediaVerification</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/steve-crocker/" target="_blank">#SteveCrocker</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/tbl/" target="_blank">#TBL</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/tim-berners-lee/" target="_blank">#TimBernersLee</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/vint-cerf/" target="_blank">#VintCerf</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/web-of-trust/" target="_blank">#webOfTrust</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/web-summit/" target="_blank">#WebSummit</a></p>
Hugo Trentesaux<p><strong>Toile de confiance animée #6</strong></p> <p><a href="https://tube.p2p.legal/videos/watch/56295b07-2cae-4d3e-8d81-e4f4f4317a67" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tube.p2p.legal/videos/watch/56</span><span class="invisible">295b07-2cae-4d3e-8d81-e4f4f4317a67</span></a></p>
Rowan the Selfsame<p>If you know me, you know I am an Invisible Internet Project [<a href="https://c.im/tags/I2P" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>I2P</span></a> &amp; <span class="h-card" translate="no"><a href="https://mastodon.social/@i2p" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>i2p</span></a></span>] enthusiast. (See the <a href="https://geti2p.net/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">geti2p.net/</span><span class="invisible"></span></a> <a href="https://c.im/tags/homepage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homepage</span></a>.) I2P is similar to Tor, but differs in that _every_ client instance of the I2P software, while connected to the Internet, _participates in routing traffic_ around Internet blockages.</p><p>I just read <a href="https://www.diva.exchange/en/privacy/i2p-interview-with-the-developer-idk-part-2/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">diva.exchange/en/privacy/i2p-i</span><span class="invisible">nterview-with-the-developer-idk-part-2/</span></a> and came across a link to a <a href="https://c.im/tags/SoftwareLibrary" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SoftwareLibrary</span></a> for the "SAM API" of I2P. In the past, I had thought the SAM <a href="https://c.im/tags/API" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>API</span></a> cumbersome and clunky (perhaps this was due to the format of the documentation).</p><p>The <a href="https://www.diva.exchange/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">diva.exchange/</span><span class="invisible"></span></a> team have created a <a href="https://c.im/tags/Typescript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Typescript</span></a> wrapper for the I2P SAM API. It seems that Diva Exchange uses <a href="https://c.im/tags/I2PD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>I2PD</span></a> (the <a href="https://c.im/tags/CPlusPlus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CPlusPlus</span></a> variety of the available I2P applications) rather than the reference <a href="https://c.im/tags/Java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Java</span></a> implementation.</p><p>**If you are affiliated with diva.exchange/, please reach out to the editors to include back-links to the I2P Homepage and <a href="https://c.im/tags/SourceCode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SourceCode</span></a> repositories &amp; documentation!** Even if the links are subtle and get overlooked by casual readers (attentive readers will cite the links additionally), the publicity gained by linking to the relevant I2P pages _should_ help the I2P to climb the ranks of search engine results. Mutual aid is a social duty — even on the Internet!</p><p>----</p><p>The I2P SAM library that excites me: <a href="https://github.com/diva-exchange/i2p-sam" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/diva-exchange/i2p-s</span><span class="invisible">am</span></a> (Note: this library _is not listed_ in the table of libraries on the I2P SAM documentation page.)<br>The I2P SAM canonical documentation: <a href="https://geti2p.net/en/docs/api/samv3" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">geti2p.net/en/docs/api/samv3</span><span class="invisible"></span></a></p><p>----</p><p>If you would like to play with I2P, here are the links to download the software:</p><p>- <a href="https://geti2p.net/en/download#windows" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">geti2p.net/en/download#windows</span><span class="invisible"></span></a><br>- <a href="https://geti2p.net/en/download#mac" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">geti2p.net/en/download#mac</span><span class="invisible"></span></a><br>- <a href="https://geti2p.net/en/download#unix" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">geti2p.net/en/download#unix</span><span class="invisible"></span></a><br>- <a href="https://geti2p.net/en/download#deb" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">geti2p.net/en/download#deb</span><span class="invisible"></span></a><br>- <a href="https://geti2p.net/en/download#android" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">geti2p.net/en/download#android</span><span class="invisible"></span></a><br>- <a href="https://geti2p.net/en/download#source" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">geti2p.net/en/download#source</span><span class="invisible"></span></a></p><p>----</p><p>Here are a few other links of interest, relating to I2P:</p><p>- "Bitcoin core adds support for I2P!" at <a href="https://geti2p.net/en/blog/post/2021/09/18/i2p-bitcoin" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">geti2p.net/en/blog/post/2021/0</span><span class="invisible">9/18/i2p-bitcoin</span></a>, posted 2021-09-18 by idk. **Blurb**: "A new use case and a signal of growing acceptance.". [<a href="https://c.im/tags/BTC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BTC</span></a> <a href="https://c.im/tags/Bitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bitcoin</span></a> <a href="https://c.im/tags/BitcoinCore" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BitcoinCore</span></a> <a href="https://c.im/tags/Proxy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Proxy</span></a>]<br>- "Help your Friends Join I2P by Sharing Reseed Bundles" at <a href="https://geti2p.net/en/blog/post/2020/06/07/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">geti2p.net/en/blog/post/2020/0</span><span class="invisible">6/07/</span></a>, , posted 2020-06-07 by idk. **Blurb**: file-based-reseed "Create, exchange, and use reseed bundles". [<a href="https://c.im/tags/NetworkHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetworkHub</span></a> <a href="https://c.im/tags/WebOfTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebOfTrust</span></a>]<br>- "Gitlab over I2P Setup" at <a href="https://geti2p.net/en/blog/post/2020/03/16/gitlab-over-i2p/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">geti2p.net/en/blog/post/2020/0</span><span class="invisible">3/16/gitlab-over-i2p/</span></a>, posted 2020-03-16 by idk. **Blurb**: "Mirror I2P Git repositories and Bridge Clearnet repositories for others." [<a href="https://c.im/tags/Git" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Git</span></a> <a href="https://c.im/tags/SSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSH</span></a>]<br>- "Blizzard (I2P Router Plugin)" at <a href="https://i2p-pt.github.io/blizzard/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">i2p-pt.github.io/blizzard/</span><span class="invisible"></span></a>, whose **blurb** is: "blizzard, I2P Plugin for Donating a Snowflake.", and "Plugins — I2P" at <a href="https://geti2p.net/en/docs/plugins" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">geti2p.net/en/docs/plugins</span><span class="invisible"></span></a>:<br> &gt; Blizzard is a standalone version of the Tor Project’s Snowflake proxy. It can be used to produce an I2P Plugin that will donate a Snowflake to Tor Browser users. The Snowflake uses I2P to manage its lifecycle. That means when you start and stop your I2P router you start and stop the Snowflake.<br>- "I2P — Wikipedia § Software" at <a href="https://en.wikipedia.org/wiki/I2P#Software" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">en.wikipedia.org/wiki/I2P#Soft</span><span class="invisible">ware</span></a>.</p>
Ubuntu Korea Community<p><a href="https://mastodon.social/tags/UbuCon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UbuCon</span></a> <a href="https://mastodon.social/tags/Korea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Korea</span></a> 2024, 어느덧 한 달도 남지 않았는데요. 올해도 작년에 이어 <a href="https://mastodon.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> 키사이닝 파티가 프로그램의 일부로 진행 될 예정입니다. 서로의 신원 확인과 상호 OpenPGP 키 서명을 통해 <a href="https://mastodon.social/tags/WebOfTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebOfTrust</span></a> 도 구축하고, 다른 참가자와 네트워킹도 쉽게 시작해 볼 수 있습니다. OpenPGP 키사이닝 파티는 사전 <a href="https://mastodon.social/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> 키 제출 등 준비가 조금 필요한데요, 올해는 조금 더 쉽게 준비할 수 있도록 개선이 되었으니 올해도 많은 참여 부탁드리겠습니다!</p><p>참여 방법 안내 및 OpenPGP키 제출 <a href="https://github.com/ubuntu-kr/ksp-toolkits/blob/master/ksp/ksp-20240810/readme.md" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/ubuntu-kr/ksp-toolk</span><span class="invisible">its/blob/master/ksp/ksp-20240810/readme.md</span></a></p><p>UbuCon Korea 2024 참가등록 <a href="https://2024.ubuntu-kr.org" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">2024.ubuntu-kr.org</span><span class="invisible"></span></a></p>
🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸<p>&gt; In Coracle, this number is equal to how many people you follow that also follow a given person, minus pow(2, log(n)), where n is how many people you follow who have muted this person. </p><p><a href="https://coracle.social/help/web-of-trust" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">coracle.social/help/web-of-tru</span><span class="invisible">st</span></a></p><p><a href="https://mastodon.social/tags/nostr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nostr</span></a> <a href="https://mastodon.social/tags/webOfTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webOfTrust</span></a> <a href="https://mastodon.social/tags/trust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>trust</span></a> <a href="https://mastodon.social/tags/socialMedia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>socialMedia</span></a> <a href="https://mastodon.social/tags/coracle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>coracle</span></a></p>
CAcert<p><span class="h-card" translate="no"><a href="https://mstdn.social/@resmo" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>resmo</span></a></span> <br>Do you know the Web of Trust from <a href="https://mastodon.social/tags/CAcert" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CAcert</span></a>.org?<br>At the moment, we have very few applications that are based on this. There could easily be more ;-)<br>If you have an idea: welcome!</p><p>(We also have a few more ideas, but our resources are rather scarce and we can't work on more than one at a time. We want to present something new at Froscon this summer).</p><p><a href="https://mastodon.social/tags/weboftrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>weboftrust</span></a> <a href="https://mastodon.social/tags/cacert" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cacert</span></a> <a href="https://mastodon.social/tags/wot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>wot</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
GigiFollower count is a lie anyway. <br><br>Maybe <span class="h-card"><a class="u-url mention" href="https://mostr.pub/users/266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5" rel="nofollow noopener noreferrer" target="_blank">@<span>266815e0</span></a></span> can build this into the <a class="mention hashtag" href="https://mostr.pub/tags/WoT" rel="nofollow noopener noreferrer" target="_blank"><span>#</span>WoT</a> stuff he is currently working on? Quality of connection could be determined by number of interactions, at least in part. Also age of connection, realness of peer, etc. <br><br>Any additional thoughts from the <a class="mention hashtag" href="https://mostr.pub/tags/SovEng" rel="nofollow noopener noreferrer" target="_blank"><span>#</span>SovEng</a> crew? <a class="mention hashtag" href="https://mostr.pub/tags/WebOfTrust" rel="nofollow noopener noreferrer" target="_blank"><span>#</span>WebOfTrust</a>
René Moser (resmo) レネ<p>Looking at the <a href="https://mstdn.social/tags/xz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>xz</span></a> drama and how to solve it: </p><p>a working "web of trust" kind a thing (like <a href="https://mstdn.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GnuPG</span></a> was trying to provide in the past but failed somehow) is more than needed. </p><p>We need to re-establish a web of trust. A working one. A easy to use one. A well integrated one.</p><p><a href="https://mstdn.social/tags/webOfTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webOfTrust</span></a></p>
Francesco P Lovergine :debian:<p>Ok, let's talk about the elephant in the room. Why is a totally anonymous contribution to any significant <a href="https://floss.social/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSS</span></a> program still admitted in 2024? IMHO, this idea should be eradicated. In <a href="https://floss.social/tags/Debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Debian</span></a>, we have used a <a href="https://floss.social/tags/weboftrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>weboftrust</span></a> for more than 20 years. It is not perfect, but that would probably have mitigated/avoided the <a href="https://floss.social/tags/xz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>xz</span></a> fiasco, and today, we could probably have a subject to prosecute. Instead, today, we have exactly none but for an avatar.</p>
tunda<p>Stimmt das wirklich, dass der Keyserserver keys.openpgp.org sämtliche bisherigen Signaturen unter dem publickkey wegschneidet?</p><p><a href="https://layer8.space/tags/CLT2024" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CLT2024</span></a> <a href="https://layer8.space/tags/WebofTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebofTrust</span></a></p>
David Runge<p>Another set of sshd-openpgp-auth and ssh-openpgp-auth releases is out:<br>This server and client-side tooling for managing the <a href="https://chaos.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> of <a href="https://chaos.social/tags/SSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSH</span></a> host keys with the help of an <a href="https://chaos.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> <a href="https://chaos.social/tags/certificate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>certificate</span></a> as trust anchor is now feature complete.<br><a href="https://crates.io/crates/sshd-openpgp-auth" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">crates.io/crates/sshd-openpgp-</span><span class="invisible">auth</span></a><br><a href="https://crates.io/crates/ssh-openpgp-auth" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">crates.io/crates/ssh-openpgp-a</span><span class="invisible">uth</span></a><br>Many thanks to <span class="h-card" translate="no"><a href="https://metacode.biz/@wiktor" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>wiktor</span></a></span> for the great collaboration and <a href="https://chaos.social/tags/NLnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NLnet</span></a> / <a href="https://chaos.social/tags/NGIAssure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NGIAssure</span></a> for funding this work!<br><a href="https://chaos.social/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a> <a href="https://chaos.social/tags/KeyOxide" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KeyOxide</span></a> <a href="https://chaos.social/tags/KnownHosts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KnownHosts</span></a> <a href="https://chaos.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> <a href="https://chaos.social/tags/PGPKI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGPKI</span></a> <a href="https://chaos.social/tags/Rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rust</span></a> <a href="https://chaos.social/tags/Rustlang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rustlang</span></a> <a href="https://chaos.social/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Software</span></a> <a href="https://chaos.social/tags/SSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSH</span></a> <a href="https://chaos.social/tags/WebKeyDirectory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebKeyDirectory</span></a> <a href="https://chaos.social/tags/WebOfTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebOfTrust</span></a> <a href="https://chaos.social/tags/WKD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WKD</span></a> <a href="https://chaos.social/tags/WoT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WoT</span></a></p>
wakest ⁂<p><span class="h-card" translate="no"><a href="https://swecyb.com/@nopatience" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nopatience</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@jerry" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jerry</span></a></span> <span class="h-card" translate="no"><a href="https://ioc.exchange/@seb" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>seb</span></a></span> <a href="https://social.wake.st/tags/WebOfTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebOfTrust</span></a> is the only way forward</p>
immibisWhat if there was a web-of-trust-style informal network for discovering non-enshittified non-AI content on the Internet?<br><br>It could be as simple as a text list of URLs to websites you vouch for, and to other similar files.<br><br>Somehow <a href="http://www.webofpeople.org" rel="nofollow noopener noreferrer" target="_blank">www.webofpeople.org</a> wasn't already taken. Give me an hour...<br><br><a class="hashtag" href="https://social.immibis.com/tag/smallweb" rel="nofollow noopener noreferrer" target="_blank">#SmallWeb</a> <a class="hashtag" href="https://social.immibis.com/tag/weboftrust" rel="nofollow noopener noreferrer" target="_blank">#WebOfTrust</a> <a class="hashtag" href="https://social.immibis.com/tag/webofpeople" rel="nofollow noopener noreferrer" target="_blank">#WebOfPeople</a>