@clacke @SuricrasiaOnline no, it's not zero--lots of people enjoy getting their hands dirty in computers.
But they are the people that enjoy the process, tinkering with the metaphorical engine. They're generally not in it to just make a website.
@clacke @SuricrasiaOnline no, it's not zero--lots of people enjoy getting their hands dirty in computers.
But they are the people that enjoy the process, tinkering with the metaphorical engine. They're generally not in it to just make a website.
@SuricrasiaOnline I mean, the problem is that the set of people that want to have a website and the set of people that want to run a server are pretty distinct.
I guess you could imagine a managed server hardware product, but then you have a higher barrier to entry (more expensive).
I think we need more stuff like geocities and Tumblr and myspace.
@cwebber So the one thing I'm looking forward to hearing more about is a very practical question: How do we avoid every user having their own version of the fediverse collective database?
Like, ocap'd LD objects would embed authz concerns in their identifiers (URLs), right? So each user would get their own set of URLs for all the stuff they interact with?
This sounds bad for scaling? And also I suspect will break some things unless AP/AS/LD can deal with "object identity" vs "object handle.
@ben @cwebber let me repeat: assuming you trust your browser and the TLS ecosystem, u2f is not phishable.
@cwebber also, with that specific definition of MiTM, some 2fa can be.
If you trust your browser has not been compromised and the TLS ecosystem is intact, otp and sms can be MiTM, while u2f cannot be.
(U2f does a bunch of device-side crypto that incorporates the host information)
@cwebber ummm... That's not a MiTM. Like, if the code of a service is compromised, that is Game Over and you're helpless as a user.
There's steps you can take to prevent this as an operator.
I've only seen man in the middle to refer to "i control the network between you and the service." I've never seen it refer to "I've compromised the service."
@VyrCossont @cwebber I think the point is that code is internally limited so different libraries can't access data or services they're not supposed to?
So in this case, the library can't exfiltrate data because it can't network.
Chirp! is a social network. It runs on GNU social, version 2.0.1-beta0, available under the GNU Affero General Public License.
All Chirp! content and data are available under the Creative Commons Attribution 3.0 license.