Category: Technology

Jay Graber on Billionaire Proofing Bluesky

This is truly the approach we need to social media going forward. Jay Graber:

The billionaire proof is in the way everything is designed, and so if someone bought or if the Bluesky company went down, everything is open source. What happened to Twitter couldn’t happen to us in the same ways, because you would always have the option to immediately move without having to start over.” and “There’s a lot on the road map, and I’ll tell you what we’re not going to do for monetisation. We’re not going to build an algorithm that just shoves ads at you, locking users in. That’s not our model.

There’s a saying they have at Bluesky, “the organization is a future adversary”. Meaning they are building atproto (the AT Protocol bluesky is based on) to be resilient against being locked in and made proprietary by Bluesky itself in the future when or if it is owned by people who are focussed only on monetising the user base and not on what’s best for an open network protocol that serves people. So even the CEO herself (who has majority ownership in the company), wants to build out atproto as an independent network before it can be polluted by the pressure of investors wanting to capitalise.

www.cnbc.com/2024/11/21/bluesky-ceo-jay-graber-says-x-rival-is-billionaire-proof.html

Via Email

Jay Graber Reveals Origins of Bluesky as a Company

Jay Graber had the foresight to get Bluesky out from under Twitter on the basis that “captains can change” and just as Bluesky was separated from Twitter and made into it’s own company, Musk took over Twitter. Musk had no interest in an open source protocol that he wasn’t fully in control of, so Bluesky would have been killed off under Musk.

Watch this interview from Decoderpod

@decoderpod

Bluesky CEO Jay Graber reveals the origins of the company as a project within Twitter and how it survived the takeover by Elon Musk. #bluesky #social #elonmusk #twitter #x #decentralization #socialnetworks

♬ original sound – Decoder with Nilay Patel

Crossposting from WordPress to Bluesky

Matthias Pfefferle has introduced a WordPress plugin that supports crossposting from your WordPress enabled website to a Bluesky account.

You can get the plug in here, or install through your plugin manager within WordPress: https://wordpress.org/plugins/share-on-bluesky/

The plug in is fairly simple with not a lot of explanation. On initial set up I found the field names to be poorly identified and it took a few tries to get the right settings before cross posting could happen. I will explain below exactly how to configure the plugin to get your WordPress posts zipping across to Bluesky.

i) In “Bluesky Domain” you will enter the instance address you wish to cross post to. For 99% of people at the moment this will be https://bsky.social. If you have a different instance, aka an AT Protocol server not managed by Bluesky, you will use the address of that server.

ii) In the Bluesky “Identifier” field, you will enter your username aka the username you use to login to Bluesky or your particular AT Protocol instance.

iii) In the password field you will enter an app password that you generate in your Bluesky settings (or settings of your AT Protocol instance). You can generate the password by going to https://bsky.app/settings/app-passwords and clicking “generate app password”. Once the password is created make a note of it before clicking away, as once created you will not be able to view it again.

NOTE: I have not tested this on a non-Bluesky server instance, so mileage and settings may differ (or may not work). But this is verified working on my installation for Bluesky, using WordPress 6.7.1 and PHP 7.4.33

And it’s as simple as that!

Sample username used below

Twitter Australia Facing Outages

Australian and New Zealand Twitter users found this morning that their twitter access was suffering timeouts and failures posting and loading threads. This is reportedly limited to Australia and New Zealand and not a world wide outage.

Users are facing slow page loads, as well as messages such as the following:

Guardian columnist Van Badham confirms to Twitter user “Kate” that they are also having problems:

Internet services in Australia are otherwise operating normally.

There’s no evidence of a connection yet, but on Christmas Eve, Musk shut down the Sacramento data centre, one of three data centres that serve twitter webpages.

More outage information is available at https://aussieservicedown.com/status/twitter

In case you have been living under a rock, or live in the alternative reality of facebook world, or have a good dose of selfcare and live more in the real world than social media, you will have noticed that twitter is melting down at the moment. Or more precisely, it’s new owner is melting down.

There’s a whole story there so I’ll leave that for another day. But there’s heaps of info online about that if you want to look into it. The upshot is that millions of people have been migrating from Twitter to other social media platforms. A large swathe of those have been attracted to the promises of Mastodon and platforms of that ilk, for the promise of corporate manipulation free social media – no ads, no algorithms, and since the recent Twitter takeover, the appeal of no inexplicable suspensions and arbitrary rule making.

The Fediverse: A Viable Alternative to Corporate Owned Social Media

So firstly let’s address the Pachyderm in the room. Specifically the Mastodon and related Fediverse species. With the imminent demise (some gleefully, if prematurely, predict) of Twitter, people have been flocking to a till now little known social media alternative called Mastodon. Mastodon is the most predominant of a range of social media platforms grouped under the taxonomy of open source interoperable social media platforms. What this means is that members of different platforms can follow, like and share content to and from other platforms that share the same protocol. In practice this would be like if you could follow twitter accounts on your facebook, or share your instagram pics to twitter.

There are a few different protocols but the one that has gained the most ground and has the most mature suite of features is ActivityPub. An example of platforms that use ActivityPub include Mastodon, Pixelfed, Peertube (respectively modelled loosely on Twitter, Instagram and Youtube). Collectively, ActivityPub platforms are called The Fediverse.

Some existing social media and web based companies are also planning to implement ActivityPub which would bring them into the Fediverse: Tumblr, Flickr, Mozilla (so far). There are also plugins to bring your WordPress site into the Fediverse. Then there are a bunch of other smaller platforms. ActivityPub is free and open source and anyone with the skill and inclination can design a platform that utilises ActivityPub.

You don’t have to design your own platform though to run your own social media service. Most of the platforms are open source and free; for example anyone can install their own Mastodon server. A Mastodon server (or pixelfed, hubzilla etc) is called an ‘Instance’, and is the end user’s ‘home’ on the Fediverse; when you join the Fediverse, you choose an instance to sign up to.

Anyone on any instance that uses ActivityPub can talk to, follow and be followed by anyone on any other Instance. There’s one caveat here; because anyone can run an instance, and because some instances operate under rules and moderation practices that other instances find questionable, an instance may decide to ‘defederate’ from a given instance. For example Trump’s social media network Truth.Social uses the ActivityPub protocol. In fact, it’s a Mastodon instance. However almost all other Mastodon and ActivityPub platforms have defederated Truth.Social.

So while most Instances are part of a global federation, there are examples of Instances which been excluded from this general federation. For most intents and purposes, most people in refuge from Twitter joining Mastodon or other ActivityPub instances will be fine with not having access to the few defederated instances.

Because there are many providers of Instances, none of which rely on any central authority, the network is decentralised. Communities can grow up around a given Fediverse instance without any corporate oversight, without ads or ad targeting, and without algorithms dictating who’s posts you see. Communities can manage their own moderation. Communities can federate with as many or as few other Instances as they like. They can potentially federate only with Instances that share common goals or interests. Or they can federate with everyone.

There is still room for improvement in ActivityPub and the many available platforms. Maybe something will take over Mastodon as the most popular Fediverse platform. But for now the pachyderm is leading the charge.

So How Does One Get Involved in the Fediverse?

I will follow up this article with an in depth explanation of how to join the Fediverse and what to expect when you do. But short answer is, join an instance that roughly matches your interests.

These two are a good place to start if you are keen to get going. However I advice doing some research first (or wait for my next article) before leaping in:
If you want a twitter like interface, try Mastodon: https://joinmastodon.org/#getting-started
If you want an Instagram like interface try Pixelfed: https://pixelfed.org/servers

Good luck, and happy hunting!

Australian Government Set To Approve GMO Cholera Vaccine Trials

The Australian government looks set to approve GMO Cholera vaccine trials on volunteers in Australia.

The cholera virus in the vaccine has been genetically modified to prevent it from damaging blood cells in the recipient, but still provide the immune response needed to develop immunity.

An initial concern has been whether the vaccine is being tested wholesale on cholera prone Indigenous communities – thus using them as guinea pigs. It doesn’t appear that that is the case. The vaccine is to be given to healthy volunteers (1000 participants) in drink form, and will not be sprayed or injected.

Testing areas throughout Australia include Queensland, South Australia, Western Australia and Victoria.  In Australia, parts of Northern Australia are prone to cholera outbreaks, due to the wet and humid environment.  However the point of testing in Australia and not in countries with more of a cholera problem is due to the low communal immunity to cholera in Australia.  Any immunity that is developed in trial participants can then be attributed to the vaccine.  This is even more evidence that the vaccine is not being tested on ‘Guinea Pigs’ in cholera prone areas, since efficacy would be difficult to gauge.

From The Office of the Gene Technology Regulator:

“This vaccine will not be sprayed into the environment;
It will be given as a drink to the volunteers willing to participate in the trial;
No decision has been made on the licence application;
Public comments on the risk assessment and risk management plan will be sought in late January 2014”

Office of the Gene Technology Regulator

The vaccine has been on the market before as Orochol, manufactured using the same process, but with different facilities – which therefore requires re-testing to ensure the new version retains the same safety profile as the previous.  Orochol has been used around the world and is tested and well tolerated and safe. The GM method used for this vaccine was under development in the late 90’s and was commercialised around 2003.

Orochol, and the new vaccine being developed by PaxVax, are single dose vaccines which mean immunity is developed quickly (within 8 days) and can be used in disaster response.  Current non-GMO double dose vaccines on the market can not be rolled out in response to outbreaks; hence Orochol and it’s derivatives stand to make a big difference to health of disaster survivors.  Orochol has also been found to safe and effective for use on HIV infected people, and so is suitable for deployment in sub-Saharan Africa and for use with HIV infected individuals.

Formaldehyde

Formaldehyde is used in the manufacture of this vaccine, which prevents its use in people who are allergic to formaldehyde.

Some people are concerned about the use of formaldehyde in vaccines due to the poisonous and carcinogenic nature of the substance.  Formaldehyde breaks down quickly in the body and does not accumulate. Short term exposure to small amounts of formaldehyde has no lasting or dangerous effects unless the recipient is allergic.

Long term exposure to formaldehyde is linked to cancer, so those at risk are the workers in the vaccine factories and those who handle formaldehyde during it’s use or transport.

The use of formaldehyde is regulated by National and State standards. The national occupational exposure standard:

“The current national occupational exposure standard for formaldehyde is 1 ppm 8-hour time-weighted average (TWA) and 2 ppm short-term exposure limit (STEL). The NICNAS report recommends that the occupational exposure standard be lowered to 0.3 ppm 8h TWA and 0.6 ppm STEL. Formaldehyde has been shown to cause nasal cancers in animals at levels not found in the majority of workplaces.

The basis for lowering the current exposure standard is sensory irritation. The recommended exposure standards not only provide adequate protection against discomfort of sensory irritation, but also provide a high level of protection against cancer. The recommended standard is being considered by the Office of the Australian Safety and Compensation Council, the national agency responsible for setting national occupational exposure standards.”

NICNAS Factsheet

The risk to a cholera vaccine taker from formaldehyde is limited due to it’s quick break down in the stomach and low toxicity in small doses.  Of far more concern is the sustained exposure to formaldehyde in, for example, 2nd hand cigarette smoke, or indoor exposure in a carpeted room. Some plastics, nylon and other household items also emit formaldehyde.

Risks

Sister vaccines to that being proposed have been thoroughly tested and about 60,000 doses have been administered in the field with no issues arising.  The primary concern of anti-gmo advocates seems to be whether the genetically modified  organism can somehow pollute the host.  There is no evidence that this is even possible.  The GMO is not released into the wild and is only used in the vaccine itself, which is destroyed by the host body.

The small potential for problems needs to be weighed up against the advantage of a vaccine that is single dose, can be deployed in disaster areas as they happen to prevent the outbreak of cholera, that can be used in areas where HIV is prevalent and is safe for use in children.

Sources:

http://nsnbc.me/2013/11/18/australian-government-to-begin-gmo-cholera-vaccine-trials-on-citizens/
http://www.cancer.gov/cancertopics/factsheet/Risk/formaldehyde
http://toxicology.usu.edu/endnote/a2beeca34492f54429.pdf
http://www.atsdr.cdc.gov/phs/phs.asp?id=218&tid=39
http://www.fda.gov/biologicsbloodvaccines/scienceresearch/ucm349473.htm
http://www.ogtr.gov.au/internet/ogtr/publishing.nsf/Content/new-index-1
http://www.ncbi.nlm.nih.gov/pubmed/9615498

Million Mask March Brisbane

Brisbane anonymous groups today (5 November 2013) converged on Brisbane CBD in support of Anonymous and the international November 5 Million Mask March.  The march proceeded from Emma Miller Place and traced a circle around the CBD before returning to King George Square for speeches.

In a turnout that surprised some and sent a clear message to Premier Newman that there is ample support for Anonymous in Brisbane, well over 300 people marched the streets drawing looks of curiosity and interest.  The protesters sported masks and other costumes, including many a black suited and mask wearing “Anonymous agent”.

Apart from general support for Anonymous, many participants question Newman’s recent ‘bikie’ laws and chanted anti-corporate greed slogans.

See here for pictures

Million Mask March Brisbane 2013

There are two ways to vote for the Senate in Australian elections. One way (“above-the-line”) is simple and quick, but it means the politicians you vote for get to control who gets to use your vote if they don’t win. Why should you hand your power over to them like that? The other way gives you 100% control: it’s called “below the line” voting, but it’s a lot more involved. Here in the state of Queensland, we have 82 people running for the Senate in this Saturday’s election, so if I want to vote “below the line”, I have to fill out every single box next to each candidate’s name, from 1 to 82.

This is complex, so only about 3.8% of people do it across Australia. And it still has disadvantages. Even if I have no strong opinions on more than a few parties, or even if I ONLY want people from a few parties to get in and actively don’t want anyone else to use my vote, I still have to pretend that I like the person who gets my “50” vote more than the one who gets my “82” vote. I’m pretty interested in and engaged with politics, but there’s no way I have an opinion on 82 different people. There’s only ten people I actively want to support in this election, and I reckon groups like Family First and One Nation are just as bad as each other. So are parties like the Sex Party, Animal Justice Party and Senator Online Party, who did grubby deals that give One Nation’s Pauline Hanson a very good chance of winning a seat.

Fortunately, there’s a little trick hidden away in the law about how the votes are counted. The trick is probably meant to make sure people who make honest mistakes filling out the ballot paper still get to have their vote counted. But we can manipulate this trick to make sure that only the people we actually WANT to vote for get to use our vote.

THE TRICK:

1) Vote for the candidates you actually want to get in. I have ten people I want to support, so I am going to vote 1-10 for them.

2) MAKE A DELIBERATE MISTAKE. The best way (in my case) is to write down the number 11 twice.

3) Then you have to fill in all the rest of the boxes. The order does not matter one bit, so you can just start from the left and go to the right. But you HAVE to fill them all in consecutively. I’m going to start from 13, so that I know the last number I write still has to be 82. You can also write from 12-81, as Dr Cam Sexenheimer pointed out on Twitter this morning.

So, what exactly will this do, and what are the risks?

It means that only the top ten people I voted for will get to use my vote. If none of them get elected, my vote will just drop out and not go to anyone. Because I voted “11” twice, the rules say the vote-counters can’t know who I wanted to “really” vote for. But the other rule they put in to make sure votes with a couple of honest mistakes get counted means my vote gets counted, too.

Yes, but what about the risks?

The first risk is that you make too *many* errors and your vote doesn’t get counted at all. The rule says that IF:

You could correct three (or fewer) of the numbers on your voting paper,

and IF those corrections would mean 90% or more of the numbers were filled out properly

THEN your vote counts.

That means if you made FOURTEEN numbering errors (including your deliberate error), your vote would simply not be counted at all. For instance, if you voted 1,2,3,3,3,3,3,8,9,10… your vote WOULD be counted because changing three of your numbers would mean 90% or more of the boxes were filled out correctly. But if you voted 1,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,17,18,19… your vote would NOT be counted because changing three numbers would still leave ten boxes labelled incorrectly, and 10 out of 82 means you’ve only filled in 88% of the boxes correctly.

Yes, that’s a little complex. So if you’re going to take advantage of this hack, make sure you only make ONE error, the deliberate error. Because if you vote this way, and if the race is tight when your vote gets counted, there will be angry, smart politicians who know the rules backwards arguing VERY LOUDLY INDEED about whether your vote is valid or not. So why give those major-party-mongrels the pleasure of throwing your vote out?

There’s also a deeper risk I should mention. When you run for the Senate, you normally have to get about 14% of the vote to win. If none of the people you vote for wins a seat, your vote drops out of the count completely. That means the 14% someone needs to win gets a tiny bit smaller. If, say, 100,000 people were to vote this way in Queensland, and all their votes dropped out, that means the candidates still in the race would need about 14,000 fewer votes to win a seat. It’s practically impossible to predict beforehand how this sort of thing is going to play out at an election, with complex interlocking preference deals between dozens of different parties, but it could possibly lead to weird results you don’t want.

So, think about those risks before you do this. I’m prepared to risk it myself, so I am definitely going to vote this way. It’s not a huge thing really, but it’s good to be able to assert control over my life in small ways, and large ones too.

NOTE: Amusingly enough, I got turned onto this trick by the loathsome @Karwalksi of the Wikileaks Party, who thinks exposing their website’s visitors to US Government spying is cool and edgy.

NOTE: Similar info to this was published over a week ago on the Indpendent Australia website. However there are errors in that post, including the idea that the revolutionary communist activist formerly known as Albert Langer (who now chooses to be known as Arthur Dent, NOT “Albert Langer”) “discovered” this loophole.

SOURCES:

1) Tweets from the Australian Electoral Commission this morning:

2) The official guidelines the Electoral Commission use to decide if a vote gets counted or not

3) Section 270 of the Commonwealth Electoral Act.

The Wikileaks Party in Australia is officially on the ballot in elections due to be held by November 30 this year. Wikileaks’ founder and its most famous personality, Julian Assange, will run for the Senate in the state of Victoria. On Thursday July 25 2013 they announced their slate of candidates, only to immediately suffer a DDOS attack for which US hacker @th3j35t3r claimed responsibility.

On July 26 the Wikileaks Party website was still down. An error message was provided by Cloudflare , a company which assists websites in surviving attacks by monitoring their traffic, detecting hostile activity and blocking that activity before it stops the original website working:

Wikileaks Party using Cloudflare

Cloudflare is already credited with protecting the main Wikileaks website from a DDOS attack in August last year. However, Cloudflare has a more sinister side, one that should give anyone connected with Wikileaks second thoughts about trusting any private information to it, and that knowledge has been public since 2011 thanks to Yasha Levine writing in The Exiled. Cloudflare founder Matthew Prince has a long history of working directly with US law enforcement, since he managed the anti-spam Project Honey Pot in 2003:

“Mr. Prince has…focused effort on providing enforcement officials with the necessary information and tools to prosecute violators of the federal CAN-SPAM Act and other anti-spam laws. To that end, Mr. Prince managed the development of Project Honey Pot, an Unspam community-service project that consists of a distributed system of decoy e-mail addresses that website administrators can include on their sites in order to gather information about the robots and spiders that spammers use”

So Prince happily says he has already started one company to work directly with US Federal law enforcement. His current project, Cloudflare is potentially even closer to the national security apparatus:

“We ran [Project Honey Pot] as a hobby and didn’t think much about it until, in 2008, the Department of Homeland Security called and said, “Do you have any idea how valuable the data you have is?” That started us thinking about how we could effectively deploy the data from Project Honey Pot, as well as other sources, in order to protect websites online. That turned into the initial impetus for CloudFlare”.

So, while the Wikileaks Party says it will be “fearless in its opposition to the creeping surveillance state, driven by globalised data collection and spying agencies”, and says it supports protection for whistleblowers, the Party is funnelling all traffic to its website through computers belonging to a company with close and friendly links to that very same surveillance state. This could give the US government very easy access to the IP address of all visitors to the Wikileaks Party website. How could this hurt Wikileaks supporters?

Well for example, one day Wikileaks may well release official Australian information that is embarrassing to the the US government. If the US Government had already issued a National Security Letter to Cloudflare telling it to retain details of which IP addresses visited the Wikileaks Party site, they could look at those records and see if anyone had visited the Wikileaks Party website from a government computer, or if an unusual or new pattern of visits had been logged in the time before the leak. If anything looked promising, for instance if many visits were logged from an Internet cafe that had never accessed the website before, that may well narrow the search for the leaker down a lot. Comparing records of visitors to both the Wikileaks’ Party website and the main Wikileaks website could make it yet easier to track down a would-be-anonymous leaker. These sort of techniques are how General David Petraeus’ lover was tracked down last year after she sent threatening emails from anonymous addresses connected to hotel Wi-Fi networks last year.

If we take Cloudflare’s assurances at face value, however, we have nothing to worry about. They tell us “If the NSA is listening in on any transactions traversing our network, they are not doing so with our blessing, consent, or knowledge“, and in the same post on the company blog they go into some detail about how SSL is used to encrypt traffic on Cloudflare, and why they think it is unlikely that the NSA is able to break Cloudflare’s 2048-bit encryption. Which is a lovely story to tell children at bedtime, but utterly irrelevant to your online privacy. What SSL does is encrypts your messages. So if you sent me an email saying “Let’s go to the pub tonight”, and I sent you an email back saying “Great!”, then an online snooper wouldn’t be able to read the contents of our messages. But what they could know is that you had sent me a short email, and that I had sent you a short email in reply. If that snooper already knew that the two of us often go to the pub, and that we usually arrange our drinking by email, it’s pretty easy to work out, without breaking any encryption, where she could snoop on us that evening. This is described in much more detail in a paper by Shuo Chen, Rui Wang, Xiao Feng Wang and Kehuan Zhang (pdf file):

“Specifically, we found that surprisingly detailed sensitive information is being leaked out from a number of high-profile, top-of-the-line web applications in healthcare, taxation, investment and web search: an eavesdropper can infer the illnesses/medications/surgeries of the user, her family income and investment secrets, despite HTTPS protection; a stranger on the street can glean enterprise employees’ web search queries, despite WPA/WPA2 Wi-Fi encryption”.

So the NSA may not be “listening in”. But they don’t have to listen in, as such, to find out a lot about you.

What has Cloudflare already provided the US government? We can get some idea by looking at another part of that Cloudflare blog post:

“To date, CloudFlare has never received an order from the Foreign Intelligence Surveillance Act (FISA) court…As a policy, we challenge any orders that have not been reviewed and approved by a court. As part of these challenges, we always request the right to disclose at least the fact that we received such an order but we are not always granted that request…CloudFlare fully supports the calls for transparency today by other web companies like Google, Microsoft, and Facebook. At a minimum, we request the law be updated to allow companies to disclose the number of FISA orders and National Security Letters (NSLs) they have received”.

So Cloudflare mentions orders from the secret FISA court, and National Security Letters. They deny that they’ve ever received FISA orders, but don’t deny receiving any National Security Letters. So we can infer that they have received NSLs, and that they have complied with them. In their security policy they say:

“It is possible that CloudFlare may be required by court order to provide information about our customers. CloudFlare may also be required to provide information pursuant to law, applicable regulation, subpoena or other legal process”.

Which once again implies that while they may challenge orders that are not issued by a court, in the end they are willing to comply with US Government orders for information.

When I asked the Wikileaks Party on Twitter why they were using Cloudflare, I was answered by their Chief Technology Officer who apparently chooses to be known online only as @karwalski. Karwalski said that Cloudflare was keeping the site online despite the attack. When I asked why Wikileaks was funnelling information through servers of an organisation closely linked to the national security state, karwalksi asked if I had an alternative suggestion. I responded that it wasn’t my job to help Wikileaks do it’s job of protecting the privacy of visitors to its site (19), and was told:

“Ok, you had better not ever be a passenger or driver of a car, they are dangerous. Cool logic dude“.

So that’s what the Wikileaks Party in Australia thinks of your privacy. If you’re ever thinking of leaking anything to anyone, don’t let it be to Wikileaks – you can’t trust them with your online security.

—-

UPDATE:

After a week of me calling out the Wikileaks Party by name on Twitter about the privacy risks with their website, Assange’s running-mate in Victoria, Leslie Cannold, finally decided to respond tonight (Monday August 12 2013), when Twitter user @BenHarkin asked her about it:

It’s not my area of control or expertise. If tone were different I would have referred it. But rude irks me. @benharkin @djackmanson

So, there’s some handy information. If you want to hold the Wikileaks Party accountable for anything bad they might be doing, remember that you have to ask nicely, or they don’t have to worry about it.

UPDATE TWO:

Cannold thinks my rude, aggressive, presumptious tone should insulate the WikiLeaks Party from answering questions about the security risk its website poses to visitors:

U r outrageously rude & entitled. I wouldn’t dream of following yr barked orders in real life & won’t online. @djackmanson @benharkin

I thought Wikileaks was all about aggressive journalists demanding answers and accountability from the powerful?