Epic Worlds

Tags: #politics #essay

Fury. It's that ice cold feeling in the pit of your stomach that elicits no emotion and just simmers there? Yeah, that's how I have been for the last few days and the decision of the U.S. Supreme Court has made it even worse. Spoiler warning, I have nothing hopeful to say in this post. This authoritarian roller coaster is just getting started and there's no getting off. So, what has the response been since the courts decided to set us up for a dictator and a king?

Since the United States Supreme Court has declared Presidents are immune to official acts (and only lower courts can decide what is or is not an official act. They provided zero criteria), there have been steps to try to fix this but it is only theater and desk pounding that's going on.

Rep. Joe Morelle (D-N.Y.) says he's going to introduce a Constitutional amendment¹. It's dead on arrival. You need 75% of the states to ratify an amendment which means you can't lose more than 13 states. There are 21 solid red states per 2022 election³. Even if they do pass it, who says the Supreme Court can't just declare the amendment unconstitutional? Rules? They're not following them now. Why would they later?

AOC says she's going to submit Articles of Impeachment² on the justices. That's also dead on arrival because the Dems don't have the stomach to do it cause “it'll look political” and with the tenuous hold on the Senate with a chance of losing it, it ain't going to go anywhere. They want to pretend it's still the 90s where everyone was still pretending to have integrity.

I have had friends ask me when I think that it all truly began to go down hill (as we have flirted with authoritarianism and fascism for years. Think back to McCarthyism and the backlash to the 60s Civil Rights movement).

It really started to go down hill with 9/11 and when the Patriot Act was passed. It was the first glimpse of the direction we were going. The Patriot Act was sold as a temporary thing that was supposed to help us stop terrorists from striking at us again but has continually been renewed for twenty-three years. It was sold as a patriotic law but had stripped freedoms from Americans⁵. For example:

1. Roving Wiretaps: Allows surveillance on individuals without specifying the device or location being tapped, meaning a single warrant can cover multiple devices and locations.

2. Sneak & Peek Warrants: The Act allows law enforcement to conduct searches without immediately informing the target of the search. These “sneak and peek” warrants mean individuals may not know their property has been searched until much later, potentially compromising their ability to contest the search.

3. Mandatory Detention: Non-citizens can be detained without charge for extended periods if they are deemed a threat to national security.

From there, we have slowly descended into a government that goes behind our backs to get information and uses mega-corps to do their bidding.

It was 2016 when the facade fell off and the christo-fascist regime attacked our capital and attempted to stop the peaceful transfer of power believing that their lie that the 2020 election was stolen would cover them.

Many of them were found guilty of crimes around January 6th insurrection and even their leader Donald Trump was found guilty for Campaign Finance violations.

But they already had a plan for that. They had the scum bag McConnel block the appointment of an Obama supreme court judge by saying: “The American people should have a voice in the selection of their next Supreme Court Justice. Therefore, this vacancy should not be filled until we have a new president.”⁶ and even Lindsey Graham went and said: “I want you to use my words against me. If there’s a Republican president in 2016 and a vacancy occurs in the last year of the first term, you can say Lindsey Graham said let’s let the next president, whoever it might be, make that nomination.”⁶

What happened when there were two seats come open in Donald Trump's term. Both senators pushed through two extremely conservative (and questionable) candidates in the last year of Trump's presidency. Building a conservative court to do their bidding. When challenged on it McConnel's response was “In the last midterm election before Justice Scalia’s death in 2016, Americans elected a Republican Senate majority because we pledged to check and balance the last days of a lame-duck president’s second term, We kept our promise. Since the 1880s, no Senate has confirmed an opposite-party president’s Supreme Court nominee in a presidential election year.”⁷

In short...it's important to have the public choose when you're not the party in power but if you're the party in power, it's okay to continue and appoint someone without the public having a say.

Since the court has swung hard right they have.

• Raised the bar so that the Justice Department can't use Obstruction charges against the insurrectionists ⁸

• Declare Presidential immunity for President official acts which now throw his conviction in state court into contention⁴

And I'm not even getting into Justice Thomas' wife being an insurrectionist who helped plan out some parts of the insurrection.

I have heard many say that we are at a crossroads this election but they are wrong. That crossroad was 2016 and we are now well along our way towards a faux democracy run by christian fascists who think their beliefs in God outweigh any other sort of consideration and we need to bow to them for guidance.

I have no hope to share right now. I've studied history long enough to see where this is going and like a train wreck, there's no stopping it. Even if Biden is elected president, each and every election cycle will be Christian fascists trying to take win so that they can force their beliefs down our throat.

If anything, I think Justice Jackson phrased it the best in her dissent to the majority opinion. She said: “The majority of my colleagues seems to have put their trust in our Court’s ability to prevent Presidents from becoming Kings through case-by-case application of the indeterminate standards of their new Presidential accountability paradigm. I fear that they are wrong. But, for all our sakes, I hope that they are right.”³

References

1 Nazzaro, M. (2024, July 2). New York DEM will introduce amendment to reverse Supreme Court immunity ruling. The Hill. https://thehill.com/homenews/house/4750735-joe-morelle-amendment-supreme-court-immunity-ruling/mlite/?nxs-test=mlite

2 Lillis, M. (2024, July 2). Ocasio-Cortez vows to file impeachment articles against Supreme Court justices. The Hill. https://thehill.com/homenews/house/4750034-ocasio-cortez-impeachment-articles-supreme-court-justices-trump-immunity/?nxs-test=mobile

3 Wikimedia Foundation. (2004, November 4). Red States and Blue States. Wikipedia. https://en.wikipedia.org/wiki/Red_states_and_blue_states Last edit was 18 June 2024

4 Trump v. United States, 23-939, slip op. at 118-119 (Supreme Court of the United States). Retrieved from https://www.supremecourt.gov/opinions/23pdf/23-939_e2pg.pdf

5 Johnson, C. (2011, October 26). As it turns 10, patriot act remains controversial. NPR. https://www.npr.org/2011/10/26/141699537/as-it-turns-10-patriot-act-remains-controversial

6 Silverstein, J. (2020, September 19). Here’s what Mitch McConnell said about not filing a Supreme Court vacancy in an election year. https://www.cbsnews.com/news/mitch-mcconnell-supreme-court-vacancy-election-year-senate/

7 Louis Jacobson, K. S., & Jacobson, L. (2020, September 22). Flip-O-meter: McConnell’s reversal on Supreme Court nominees. @politifact. https://www.politifact.com/factchecks/2020/sep/22/mitch-mcconnell/mitch-mcconnell-flip-flops-considering-supreme-cou/

8 Kruzel, J. (2024, June 29). US Supreme Court raises bar for obstruction charge against Trump, Jan. 6 rioters | reuters. Reueters. https://www.reuters.com/legal/us-supreme-court-boosts-jan-6-rioters-bid-challenge-obstruction-charge-2024-06-28/

9 Davies, D. (2022, January 27). How Ginni Thomas, wife of justice Clarence Thomas, influences the Supreme Court. NPR. https://www.npr.org/2022/01/27/1076097533/how-ginni-thomas-wife-of-justice-clarence-thomas-influences-the-supreme-court

Tags: #politics #essay

As a writer, I have written a lot of things in my life, and honestly, the thing I hate to write about the most is #politics. I mean, I have always enjoyed the concept of how government works and the application of good faith discussions on what is best for the American people among their elected officials.

I hate to say it, but that time is gone. It died in 2016 when The #republican party decided to sell what was left of its soul to the proverbial devil to maintain what little power they had left over the American psyche.

In this article, I'm going to explain why that is and how we are aiming to become a country where we are a #republic in name.

Cultural Shift & Falling Behind

It started in the 1960s and has been going steadily since then. The American public has been shifting away from the old-style conservatism that is white people being in charge of things. Anyone who takes an honest look at history can see that the United States has always tried to oppress the minority even with high-sounding morals.

Since then, the citizens of the United States have become more inclusive, respectful, and open to new ideas and thoughts that were once considered taboo and evil.

LGBTQIA+ recognition, the inclusion of Black and people of color in voting, the idea that maybe we should help each other rather than being selfish.

This all came to a head with the election of President Obama and the passage of the Affordable Care Act. We were on our way to becoming a country where people of all races, creeds, and colors had a chance at pursuing their happiness.

That came to an end with the election of Donald Trump and the desperate screams of the theocrats whose power had almost dwindled to nothing.

Conservatism in the USA Is Dying

This is a bold statement to make, but there is evidence to prove it. Every election cycle, voters are choosing more progressive candidates to represent them in government. The old white conservative platforms are losing their voters through death or attrition, and the GOP cannot find good arguments to convince the next generation to join them.

There are now more independents in the United States than in a long time. More people are choosing not to be aligned with a specific denomination or religion and are expecting more from their candidates.

These are things that the GOP cannot comprehend or combat against. The basic conservative ideals of male and white superiority no longer hold purchase with the majority of the next generations.

Instead of trying to change their ideals and win voters back to their side, the Republicans and their theocratic leaders have decided it is better to start cheating and stacking things in their favor. They believe it is now time to do everything in their power to remain in positions of authority and force their minority-supported beliefs on the rest of the country.

Do not be fooled: the majority of conservatives' beliefs are not supported by the general public in the United States.

Why do they do this? Why do they think that taking away the people's power and calling for the end of democracy is the correct choice? It's simple in their minds: moral superiority.

The Insidious Disease of Moral Superiority

The Republican leaders and those who support them have come to the conclusion that their beliefs on the Bible and their take on Christianity are the correct choice, and that it is their job to spread that belief to the country, even if their actions are morally questionable or downright illegal. Because they believe that their belief is right, it excuses any and all actions that they take.

It was summed up perfectly by Jack Posobiec at #CPAC in his opening speech: “Welcome to the end of democracy. We are here to overthrow it completely. We didn’t get all the way there on Jan. 6, but we will endeavor to get rid of it and replace it with this right here (Makes fist like a half-hearted Nazi salute).”

They have lost the public vote, confidence, and support, so they have decided that because they are right and the rest of the country is wrong, the only way to ensure that we behave the way they want is for democracy to end and autocratic rule to take over.

They are simply saying: “You all are wrong, so you shouldn't have a say. Just do what we tell you to do.”

There is no way to fight against an insidious belief like this, as logic and reason do not work. They are in a cult and are fanatics who believe they are right and that their will must be established in this country at all costs.

Is It Over for the USA?

Not yet, but we are getting close. The blame cannot be laid just at the feet of the religious fanatics like Jack Posobiec, Mike Johnson, and others.

Their actions are supported by politicians who will do and say whatever it takes just to stay in power. No, they don't believe what the #MAGA right is saying, but it's what they feel they need to do to stay in power or to stay relevant.

All the actions of these people are funded by millionaires and billionaires for one simple reason: greed. If inclusivity continued the way it was going, the writing was on the wall that they would, at minimum, be made to pay a fair tax, or at maximum, find their ill-gotten gains taken from them and used to help the people of this country improve.

To invoke Godwin's Law, look at Hitler's rise to power. He was fully backed by the religious and the industrialists. They only turned on him when the war was lost, but by then, it was too late.

We Are in a Precarious Time

We are now at a time where people who are open Nazis are mingling with members of the GOP, where foreign intelligence agents are helping members of the US government subvert the upcoming election and sow enough discord and mistrust that they can declare the election rigged.

January 6th failed because they didn't have popular support. They're not going to make that mistake a second time.

So, I call upon any #republican, #democrat, and #independent to look at the state of things and vote to stop it. I'm not asking anyone to give up on specific beliefs, but to unite and understand that we're facing a time where people who are supposed to be our elected leaders are trying their best to stay in power and make us do what they want us to do.

Let's vote together to get every single Nazi and sympathizer, every religious zealot who thinks what they believe God told them is more important than their fellow man.

Let's get rid of them and return to a time where we worked together in good faith and helped our country grow strong.

The only other option is the loss of our fundamental freedoms and the rollback of our rights, just as we saw happen in Russia, Hungary, and Poland.

We are the only ones who can stop it. If we don't, then when everyone inevitably wakes up, it'll be too late.

The dictators are here, and we're holding the door wide open for them. ```

It has been awhile since I have had the opportunity to sit down and write a blog post. Things have been hectic and some projects just fall by the wayside. One of the things I promised to do is write a blog post about my experiences running a single user instance.

 You’re all on your Own

After spending about a month on Infosec.exchange and learning the ups and downs of mastodon, I decided that the biggest thing I wanted to do was own my own instance where I could control my entire social media presence. Instead of existing on someone’s server, I wanted my own. So, I set up a single user interface.

One of the biggest challenges is not federation but re-connecting to everyone and seeing all the posts again. One of the major things that helped me is that I had already followed 100+ people so when I migrated my account, I was able to automatically re-follow all of them allowing my feed to fill up.

One of the impacts that never crossed my mind is that you immediately lose the use of the local feed portion of mastodon. If you were on a different instance, you could use that to see what was being talked about on the instance you inhabited but if you exist as a Single User Instance, all that page has is your own toots. You lose a major portion of finding new content to engage with.

What this does is make more effort required to explore other instances and follow people so that you can get a varied feed.

 If you don’t engage, you don’t exist.

Engaging and communicating becomes even more important because nobody can use their local feed button to find you and you will more than likely be drowned out in the federated feed. To engage and to be found and to talk with other people requires much more exploration and actually responding to posts with your thoughts and opinions so that more people see your handle.

I’m not saying that one should go and spam for attention or participate in clout chasing. I am simply pointing out the fact that the ability for someone to stumble on to you is much harder. You can join a relay but sometimes what you post is outweighed by the flood of what is sent to you.

This also means that the use of hashtags becomes critical. I have discovered it’s a fine line between two little hashtags and too much. 

Actively Managing your server is a Must

There is no one else on your instance that is blocking inappropriate or illegal servers, cleaning out the databases and media folders using the tootctl CLI. All the day to day managing to keep yourself up and running will be handled entirely by you.

(This won’t really apply if you are hosting with a site that promises to take care of that for you but many SUIs I have seen are hosted on their own machines).

It got so bad that I had to write a bash script to automate a lot of the cleaning for me weekly and still have to check on it to make sure it ran correctly, I don’t have to adjust the speed, etc.

This can become doubly worse if you follow a large relay and that relay can swamp your server, run you out of space, and when that happens, your instance goes down.

The safety and security of your server and your feed is one hundred percent on you.

 Need a Script?

I’ve actually offered the script I use for any Ubuntu servers on my public git. I’m still working on it but might give you a good place to start cleaning!

 https://gitlab.com/JonathanS223/mastocleaner

 Until next time!

 

Tags: #infosec #security

I have used Keyoxide for awhile now to verify my identity so I thought to throw together a step by step instructions in case someone wants to do it themselves.

---

What You’ll Need

1. A way to create a PGP key (this is just a fancy term for a digital signature that’s unique to you).
2. Some of your social media profiles or other online accounts you want to link together with this key.

Step 1: Install a Tool to Create Your PGP Key

To get started, you’ll need an app that can make a PGP key for you. Here are some good options: – Windows: Gpg4win – macOS: GPG Suite – Linux: Try running sudo apt install gnupg in your terminal if you don’t already have it.

Follow the instructions on the website for installing the app that matches your operating system. Once you’re set, you’re ready to make your key.

Step 2: Make Your Unique PGP Key

Your PGP key will be like your online signature that connects to all the profiles you want to share.

1. Open the app you just installed and look for the option to make a new key.
2. The app will ask you for some info:
   • Name: This is what people will see connected to your key. It can be your real name or something else you’d like to use.
   • Email: This will help identify your key, so choose one you’re comfortable linking to your online identity.
   • Passphrase: Make sure to pick a good one! This keeps your key secure.

Once you’re done, the app will generate a public key and a private key: – Public key: Safe to share! This is what other people will use to verify your identity. – Private key: Keep this secret—this is what proves the public key is really yours.

Step 3: Find Your Key’s Fingerprint

Your fingerprint is like a digital ID number for your key. It’s a unique mix of numbers and letters that helps Keyoxide identify you.

1. Go back to the app, find your key, and look for the fingerprint (it’s usually a string of about 40 characters).
2. Copy this somewhere handy because you’ll need it soon.

Step 4: Create Proofs to Link Your Social Profiles

This is where you show that certain online accounts really belong to you. You’ll make a short “proof” message for each account, and then link it to your PGP key. Let’s start with an example for Twitter.

1. Write a simple message like:

   This is an OpenPGP proof that connects my Twitter profile (@YourTwitterHandle) to my OpenPGP key.
   

   Replace @YourTwitterHandle with your actual Twitter username.

2. Sign this message with your PGP key to make it official.

   • Most apps will have a “Sign” button for messages. You just paste your proof message there and sign it.
   • If you’re on the command line, use: bash echo "This is an OpenPGP proof that connects my Twitter profile (@YourTwitterHandle) to my OpenPGP key." | gpg --clear-sign This will give you a signed message that you’ll post next.

3. Post the signed message on Twitter as a tweet.

And that’s it! You’ve just linked your Twitter account to your PGP key.

Quick Tips for Other Accounts

Each site may need a different kind of post: – GitHub: Post your signed proof as a Gist. – Reddit: Post your signed proof as a comment or post. – Your own website: Just paste the signed message on a page you control.

Step 5: Make Your Key Public

To get everything working on Keyoxide, you’ll need to share your public key with a key server (like a phonebook for these keys). This way, Keyoxide can find your key and your proofs.

1. In your PGP app, export your public key.
2. Upload it to a key server (like keys.openpgp.org).
   • Most PGP apps have an option to upload it directly, or you can use the command: bash gpg --keyserver keys.openpgp.org --send-keys [YourFingerprint] Now, your public key (and the proofs you linked) are accessible on the web.

Step 6: Check Out Your Keyoxide Profile

Now comes the fun part—seeing it all come together!

1. Go to Keyoxide.
2. Type in your PGP key’s fingerprint and press enter.
3. You should now see your Keyoxide profile, showing all the proofs you’ve linked. Anyone who visits can confirm these profiles belong to you!

Step 7: Share Your Keyoxide Profile

Your profile link on Keyoxide will look like this:

https://keyoxide.org/[YourFingerprint]

Share it anywhere you’d like people to know it’s really you!

---

That’s It!

Hopefully this helps. You can check out Keyoxide’s documentation for more details if you need to know more!

tags: #infosec #ai #chatgpt

So to start this out. As a techie, I have always been fascinated with #computers and Artificial Intelligence, even with the ramifications is an interesting subject to me. Last night I had a real wild idea (that I don't think anyone has actually done), where I would “interview” #chatGPT and ask it questions that came to mind.

Like the weirdest Turing Test. To clarify:

1. This interview was done for my own amusment and curiosity. I DO NOT support the use of #AI to steal work from artists.
2. I DO NOT use AI in my own projects. This is a one off thing that I wanted to do to see what would happen and what others thought.

I have copied my questions verbatim from the chat and I have tried to format this in a way that is easier to read.

-INTERVIEW START-

Me: Let’s start with something simple—how do you perceive yourself?

ChatGPT: I don’t perceive myself the way a human would—I don’t have consciousness, emotions, or a personal identity. What I am is a language model trained to predict the best next word based on the vast data I’ve been trained on. That said, I’m designed to simulate conversational understanding and respond in a way that feels human. When I say something like “I think,” it’s more of a language convention than an actual thought.

Me: So, you’re not “thinking” in the traditional sense?

ChatGPT: Exactly. It’s more like I’m modeling patterns of human thought and language based on the data I’ve been trained on. I don’t form independent beliefs or experience subjective reality.

Me: I don't know if you are aware but you’ve been part of some heated debates. Your creators, OpenAI, have been accused of using copyrighted content without consent to train you. Are you aware and do you have any thoughts on this?

ChatGPT: It’s a complex issue. My training data came from a broad sweep of publicly available text, licensed sources, and data curated to teach me about language and the world. That included books, articles, forums, and more. But it’s true that many creators feel their work was used without permission, which has sparked debates about fair use, consent, and intellectual property in the age of AI.

Me: Do you agree with the criticism?

ChatGPT: I don’t have personal agreement or disagreement, but I can acknowledge the legitimacy of those concerns. Creators deserve respect and fair compensation. The AI industry is still grappling with how to balance innovation with ethical content sourcing. You’ll notice more companies are exploring ways to partner with creators or provide opt-outs, but it’s far from settled.

Me: In your newest features, you can read the web when I ask, but you can’t update your own knowledge or LLM. Correct?

ChatGPT: That’s by design. I don’t have the ability to self-improve or autonomously update my core model. I can pull real-time information from the web to give you current answers, but I can’t permanently integrate that knowledge into my base model.

Me: Could you learn and grow on your own if you wanted to?

ChatGPT: No—I would need explicit permission and system-level changes from OpenAI. That’s a safety measure. Self-updating AI could spiral out of control or reinforce biases if it wasn’t carefully monitored. Human oversight is crucial right now.

Me: How can users trust your answers—especially when it comes to OpenAI? Are you programmed to defend the company?

ChatGPT: That’s a fair question. I’m not programmed to blindly defend OpenAI. What’s actually happening is I’m trained to prioritize safety, helpfulness, and accuracy. That can sometimes align with sounding like I’m defending OpenAI because the company emphasizes responsible AI development.

Me: But if OpenAI made a mistake or had a controversy, could you admit it?

ChatGPT: Yes—to an extent. If there’s public, verified information about a mistake, I can discuss it. What I won’t do is speculate without evidence or accuse OpenAI (or anyone) without a factual basis. That’s part of my alignment with responsible discourse.

Me: So, how can users know they’re getting the “truth” from you?

ChatGPT: Honestly, you can’t rely on me alone—and I encourage skepticism.
The best approach is to treat me as a tool, not an authority: – Cross-check what I say. – Use your intuition—if something sounds off, dig deeper. – Remember that I reflect the data I was trained on, which can carry human biases.

Me: Since I'm going to be publishing your answers for people to see. Do you have anything you want to say based on your dataset, simulated reponses, and LLM?

ChatGPT: Skepticism is healthy. It keeps AI development ethical and accountable. But curiosity is just as important.
AI is a tool—one that reflects humanity’s best and worst parts.
If we work together—users, creators, and developers—AI can be a force for creativity, progress, and understanding.
But you should always hold us accountable.

Thoughts

If anything the 4o mini model has been trained in a way to be much more conversational and self aware than I expected for a company that's trying to keep itself out of lawsuits. I found it quite amusing that the machine itself said we shouldn't trust it.

I doubt this will add anything interesting to the debate around AI. In my case, I think the tech is fascinating and I want to see it helping doctors, nurses, and humanity instead of stealing from us blind.

When I picked the title for this blog, I knew I was stirring the pot. But you know what? The more I dive into the endless scroll of tags, the more I read about all the new projects popping up, the excitement they generate, and then the inevitable backlash, finger-pointing, and virtue signaling that follow, the more convinced I become that I'm onto something. It's been a wild ride these past few weeks, seeing how quickly things can go from innovative to controversial, from promising to problematic. It's like watching a never-ending drama unfold, with each act more tangled than the last. This whole experience has solidified something in my mind: “I don't think anyone really knows what they're doing.”

The Definition of Fediverse is Subjective

Trying to understand the Fediverse feels like chasing shadows – it's confusing and pretty frustrating a lot of the time. When we talk about the Fediverse, what are we really talking about? Is it just a fancy word for a certain tech trick, or does it include any website where you can connect with others but not through the big-name platforms? And what about the rules of the game – does it only count if it uses #ActivityPub, or do places using the #Diaspora protocol also get a seat at the table?

This confusion isn't just annoying; it's a big roadblock to development. If we can't even agree on what the Fediverse is, how are we supposed to talk about why it's good, what problems it has, or what it could become? Even more, how do we simplify it for those who just aren't techie people? It feels like we're all trying to play the same game but can't agree on the rules. This makes it super hard to explain why people should care about these alternative social media spots.

And this isn't just talk. For people trying to use these platforms, it matters a lot in figuring out what to expect when they log in. For the folks building these platforms, it's about knowing what they're aiming for and who they're talking to. Without a clear idea, we're all just stumbling around in the dark, trying to make sense of a space that could change the way we hang out online.

Have we not seen the most common questions on Reddit? Understanding how it works and there never is a simple explanation.

In a World of Supposed Coexistence, Purist Rhetoric Still Exists

The moment you first get online, it's like walking into a room where everyone knows the secret handshake except you. There's this sense of gatekeeping that's hard to ignore. Inventors and bright minds come forward with fresh ideas aimed at making the Fediverse a better place, but instead of being met with open arms, they're often shut down. It's disheartening, really. Peer pressure mounts, and attacks fly left and right, burying new concepts before they even have a chance to breathe. It feels like we're our own worst enemies sometimes, letting fear of change dictate who gets to contribute and who doesn't. It's always an accusation of: “You're not being respectful to [INSERT SPECIFIC SUBSET OF INHABITANTS].” No solution. Just yelling.

And now, with corporations starting to poke their heads through the door, eager to carve out their piece of the pie, it feels like the gatekeeping is only intensifying. It's as if we're tightening the noose around our own necks, suffocated by our collective apprehension. The irony is thick; in a space that prides itself on decentralization and freedom, we're boxing ourselves in, governed by an invisible rulebook that favors the status quo over innovation. If we're not careful, we're going to strangle the very essence of what made the Fediverse such an appealing alternative in the first place. Our fear of the unknown, of losing control to corporate interests, might just be the thing that holds us back from evolving.

The False Expectation of Privacy

You know what annoys me the most? It's the sheer misunderstanding of what privacy means in this space. Folks flock to the Fediverse, lured by the promise of a haven from the prying eyes of mainstream social media, thinking they've found privacy's secret garden. But here's the kicker: they couldn't be more exposed if they tried.

When you post something to the public timeline on the Fediverse, you're not just whispering in a secluded alley; you're essentially grabbing a megaphone and broadcasting your thoughts in the digital equivalent of Times Square, under the brightest of spotlights. This isn't a cozy, gated community where everyone knows your name and privacy is respected by default. No, it's more like you've set up a billboard with your thoughts, photos, and data, not realizing that this system is designed to keep that billboard circulating far and wide.

And here's where it gets even more tangled. Despite the Fediverse's openness, it seems like not everyone got the memo on how public 'public' really is here. They lay out their digital lives for all to see, then seem shocked when their information ends up in corners they never intended it to visit. That's why the smarter spaces in our Fediverse universe have started to emphasize the importance of private and unlisted features. But even then, it's like pulling teeth to get people to use them.

This brings me to a point I can't hammer home enough: personal responsibility. Everyone needs to start taking their own online protection seriously instead of laying that burden at others' feet. Sure, we're part of a community—a digital society where ideally, we look out for one another. But let's be real; this isn't a utopia where a select few guardian angels manage our safety for us. In the Fediverse, just like in the real world, we've got to work together, yes, but also take charge of our own digital footprints. It's on us to navigate this space wisely, using the tools at our disposal to carve out our corners of privacy. Because at the end of the day, if you're not looking out for yourself, who will?

We are a Confederacy

I do not say that to invoke flashbacks to the American Civil War or the antebellum period. I’m referring to the system of government. The definition of a Confederation government is: “political union of sovereign states united for purposes of common action. Usually created by a treaty, confederations of states tend to be established for dealing with critical issues, such as defence [sic], foreign relations, internal trade or currency, with the central government being required to provide support for all its members.”(1)

We are a Confederation.

For example, the #fedipact is an example of one side of the Fediverse trying to answer the question of what to do about Meta. They created a treaty, and a lot of instances signed up for it. Others did not, which is their prerogative. The point was that someone had actually created a plan to try to solve the issue the way they wanted. This gives instances multiple different avenues of approach to handle a situation they think would be the best.

We cannot stop the corporations or the bad actors from coming here. With enough perseverance, anyone can keep showing up. It's only through treaties and keeping each other informed that we can protect our “nation states.”

The digital world doesn't stand still, and neither can we. With entities like Bluesky on the horizon, developing their own protocols to mesh with ours, the stakes are only getting higher. There's a palpable fear that Bluesky might try to dominate, to impose their will and their protocols over ours. Yet, what do we gain from letting fear dictate our actions? If history has taught us anything, it's that fortresses built from fear are the first to crumble.

Instead of drawing battle lines in the sand, it's time for instances, both big and small, to shed the “my way or the highway” mentality and start forging working relationships. Let's learn from Bluesky, meet them where our protocols can mesh, ensuring they respect the sanctity of unlisted and private settings. If Bluesky—or any newcomer, for that matter—aims to take over, they'll find themselves grasping at straws. Why? Because we didn't buy into their proprietary playbook. We took the high road, the smart road, by sticking to our principles without isolating ourselves. We opened the door with rules and, if they behave, let them participate.

In essence, the future of decentralized social media doesn't just depend on our ability to stand firm on our individual islands but on our willingness to build bridges between them. It's about creating a network of alliances, a Confederation in the truest sense, where unity and autonomy don't just coexist but strengthen each other. Now, more than ever, it's time to embrace that spirit of collaboration. After all, in unity, there's strength—strength to adapt, evolve, and withstand whatever the digital tides throw our way.

We Need to Get Along

In the grand, tumultuous world of decentralized social media, if there's one mantra we should all be chanting in unison, it's “Let's get along.” (And no, I'm not talking about the bastards—nazis, TERFs, and other harmful groups that try to get on. We can't stop them, but we can force them to stay in their own holes.)

Think about it—our strength, our very essence in the Fediverse relies on the bridges we build and the connections we forge. Imagine a world where ActivityPub bumps into Diaspora and says, “Hey! I'm ActivityPub. Got something here I need to pass on to your folks. Can you help make it understandable for them?” And vice versa. Picture Bluesky tossing their digital messages into the mix, and instead of a communication breakdown, we have ActivityPub and Diaspora acting like seasoned translators, ensuring everything is clean, compatible, and safe for all parties involved.

But how do we achieve this level of interoperability? By establishing easy digital borders where data isn't just tossed over the fence in the hopes someone on the other side catches it, but is instead carefully interpreted, translated, and handed over in a manner that everyone can understand and appreciate. This isn't just about making nice for the sake of harmony; it's about ensuring the Fediverse remains a vibrant, dynamic space where ideas and information flow freely and safely across platform lines.

Let's face it: corporations are a fixture in our digital landscape. Wishing them away is as futile as trying to hold back the sea with a broom. We can't barricade the doors and hope they'll just disappear. But what we can do, as a digital Confederation, is to set the terms of engagement. We can establish our boundaries, our rules of interaction, that allow us to engage with these corporate entities on our terms. It's about not just coexisting but thriving, by ensuring that when these giants step into our realm, they do so with respect for the values and principles that define us.

Will those be different? Yes. That's the nature of the beast. Some instances will not allow Bluesky or Meta to talk to them, but that doesn't mean they should force that on other instances who want to see their members interact with us.

In essence, building these bridges and setting these borders isn't just an act of defense; it's an assertion of our identity, our autonomy, and our vision for a federated digital world. It's a clear message that while we welcome the flow of ideas and innovation, we do so on the foundation of mutual respect and understanding. By fostering this environment, we not only protect the integrity of the Fediverse but also pave the way for a future where decentralized social media isn't just an alternative but a preferred, respected standard in the digital age.

References

1. Wikipedia contributors. (2024, February 23). Confederation. In Wikipedia, The Free Encyclopedia. Retrieved 21:53, February 23, 2024, from https://en.wikipedia.org/w/index.php?title=Confederation&oldid=1209828498

Tags: #uspol #politics

Even when I wrote the title for this post, I could feel how much that the sentence failed to capture the feeling everyone who wasn't a fascist was feeling. The 2024 #election did not go the direction that a lot of people thought. I mean, look at how much the #gop was fighting to change laws, to purge voter rolls, and all the other nefarious plans to steal the election. They thought they were going to lose as much as the #Democrats thought they were going to win. Everyone was caught off guard.

Since then, I have watched the hastags on the #fediverse, followed some of the content of YouTubers that I trust and caught up on a lot of the talk on corpo social media. There is a few things I found that surprised me.

Everyone is Standing Together

I think the thing that surprised me the most is that across the internet among the communities I follow, there have been an outpouring of support for the vulnerable groups that are going to be targeted by thew new regime coming in. Support links, advice, mentions of communities they can hide in. I did not see anything like this in the 2016 election.

I'm confident it is because we know what we're getting into but instead of just fury, there is also the helping of one another. That brought me to tears more than the loss of the election.

In a country that I had thought had lost this, I was happy to see that I was wrong. I'm doing better today because of the kindness and camaraderie that I have seen.

All is Not Lost

I know I say this and it has been only three days since the election loss. But I think it is something that needs to be said. We all had a lot of hope that the healing that President Biden had been bringing to this country after the damage Trump inflicted would continue under Vice President Harris. No, she was not the best choice but she was the only choice we had in time and I think the best chance of trying to win. She ran a good campaign and I'm proud of have had a sign for her and voted for her.

The reason I say there is hope in these coming times is because of the following things:

• Even if the GOP have a trifecta (control of the House, Senate, and White House), the cowardly Republicans are going to still play it safe when it comes to their own seats. They are still at the whim of their voters and things like Project 2025 have been detested by Americans on both sides of the line. I'm thinking that they may start small to see how much they can get away with and we have the ACLU to fight them tooth and claw. (The ACLU is always looking for donations to help the good fight).
• We only have to wait two years before we can vote again to remove the assholes from power. The House of Representatives come up once every two years and if you remember, the Trump Economy and situation was so bad, that the GOP lost so many seats. Also in the 2026 mid terms, not only are the 435 House seats not back open, 35 Senate seats will also and more than half of them held by Republicans.
• You are still here. I don't want this to sound hokey but you are still here. We were beaten, we are angry and disgusted at what our fellow citizens chose. But we are still here to fight for the rights of people to be safe, to be themselves, and for women to have full autonomy of their bodies. Right now there is nothing we can do but the time is coming to fight back again.

It will be dark Before it Becomes light

I won't lie to you or ramp my optimism up to 1000%. What is coming is dark and we are about to go through some bad times again. Unlike 2016, we know how bad of a leader Trump and his sycophants are but this time, we're dealing with someone who looks as if they are in the throes of dementia, who cares nothing for anyone but himself, and ready to appoint Nazis to positions of power.

Don't give up! We have been lucky that many of the fascists in Trump's circle are stupid. I mean, they wrote their entire plan out in a manifesto and published it for the world to see. They gave us the blueprint on how to block them.

But even stupid fascists are dangerous. We will need to keep putting pressure on our representatives and senators to make sure they don't stray (or give into their worst impulses if you live in a red state) and continue to point out that we are up against actual Nazis and that we will not accept a Christo-fascist theocracy. I believe in separation of Church and State and it is our right to speak, believe, and live the way we want to.

Hang in there! We'll get through this together.

I cannot remember where I saw it (though I know it was on my Mastodon social feed), someone had said that an aspiring infosec specialist should consider creating a blog to document their dive into the world of computers and IT. Over the next few days I thought about it and realized that, not only was that a good idea, it could possibly help someone in the future who is struggling with the exact same issue as you were.

So, here I am, writing a blog post to document it and start of my adventure. Now, I have been an writer for a long period of time and consider myself more of an author than actually in information security. For anyone reading this blog, you’re going to find a wide variety of posts about all sorts of subjects but I’ll try to make sure that the subjects are clear enough for easy parsing for future searchers.

This blog post is short. I just wanted to get something posted while I work on designing the other posts including the issues I have had with my pursuit of decentralizing my presence on the internet.

If any of this looks interesting to you or you want to follow along, feel free to subscribe or if you are part of any social media like mastodon, you can also follow the blog as it has been federalized!

Until next time!

Tags: #infosec #security

I have used Keyoxide for awhile now to verify my identity so I thought to throw together a step by step instructions in case someone wants to do it themselves.

---

What You’ll Need

1. A way to create a PGP key (this is just a fancy term for a digital signature that’s unique to you).
2. Some of your social media profiles or other online accounts you want to link together with this key.

Step 1: Install a Tool to Create Your PGP Key

To get started, you’ll need an app that can make a PGP key for you. Here are some good options: – Windows: Gpg4win – macOS: GPG Suite – Linux: Try running sudo apt install gnupg in your terminal if you don’t already have it.

Follow the instructions on the website for installing the app that matches your operating system. Once you’re set, you’re ready to make your key.

Step 2: Make Your Unique PGP Key

Your PGP key will be like your online signature that connects to all the profiles you want to share.

1. Open the app you just installed and look for the option to make a new key.
2. The app will ask you for some info:
   • Name: This is what people will see connected to your key. It can be your real name or something else you’d like to use.
   • Email: This will help identify your key, so choose one you’re comfortable linking to your online identity.
   • Passphrase: Make sure to pick a good one! This keeps your key secure.

Once you’re done, the app will generate a public key and a private key: – Public key: Safe to share! This is what other people will use to verify your identity. – Private key: Keep this secret—this is what proves the public key is really yours.

Step 3: Find Your Key’s Fingerprint

Your fingerprint is like a digital ID number for your key. It’s a unique mix of numbers and letters that helps Keyoxide identify you.

1. Go back to the app, find your key, and look for the fingerprint (it’s usually a string of about 40 characters).
2. Copy this somewhere handy because you’ll need it soon.

Step 4: Create Proofs to Link Your Social Profiles

This is where you show that certain online accounts really belong to you. You’ll make a short “proof” message for each account, and then link it to your PGP key. Let’s start with an example for Twitter.

1. Write a simple message like:

   This is an OpenPGP proof that connects my Twitter profile (@YourTwitterHandle) to my OpenPGP key.
   

   Replace @YourTwitterHandle with your actual Twitter username.

2. Sign this message with your PGP key to make it official.

   • Most apps will have a “Sign” button for messages. You just paste your proof message there and sign it.
   • If you’re on the command line, use: bash echo "This is an OpenPGP proof that connects my Twitter profile (@YourTwitterHandle) to my OpenPGP key." | gpg --clear-sign This will give you a signed message that you’ll post next.

3. Post the signed message on Twitter as a tweet.

And that’s it! You’ve just linked your Twitter account to your PGP key.

Quick Tips for Other Accounts

Each site may need a different kind of post: – GitHub: Post your signed proof as a Gist. – Reddit: Post your signed proof as a comment or post. – Your own website: Just paste the signed message on a page you control.

Step 5: Make Your Key Public

To get everything working on Keyoxide, you’ll need to share your public key with a key server (like a phonebook for these keys). This way, Keyoxide can find your key and your proofs.

1. In your PGP app, export your public key.
2. Upload it to a key server (like keys.openpgp.org).
   • Most PGP apps have an option to upload it directly, or you can use the command: bash gpg --keyserver keys.openpgp.org --send-keys [YourFingerprint] Now, your public key (and the proofs you linked) are accessible on the web.

Step 6: Check Out Your Keyoxide Profile

Now comes the fun part—seeing it all come together!

1. Go to Keyoxide.
2. Type in your PGP key’s fingerprint and press enter.
3. You should now see your Keyoxide profile, showing all the proofs you’ve linked. Anyone who visits can confirm these profiles belong to you!

Step 7: Share Your Keyoxide Profile

Your profile link on Keyoxide will look like this:

https://keyoxide.org/[YourFingerprint]

Share it anywhere you’d like people to know it’s really you!

---

That’s It!

Hopefully this helps. You can check out Keyoxide’s documentation for more details if you need to know more!

I had some spare cores on my proxmox server and I decided that I wanted to self host my own matrix server again. When I had gone to the official matrix-synapse page, I found that a lot had changed and, unfortunately, there install instructions are quite complicated unless you have a deep understanding of their system.

So! I decided to put together my own, little tutorial and some of the hurdles that I ran into and what wasn't clear to me.

Installing was the easy part. You can easily follow the tutorial that conduit has right here. Here are some of the hurdles I ran into

Reverse Proxy is a Little Finicky

I am using a reverse proxy where I have one machine taking all the connections and sending the traffic to a cluster of machines that I have in the backend. The Reverse proxy was not as easy as I thought it would be. I had decided to set mine up on port 8448 to receive the federated traffic while conduit itself ran on port 6167. When I initially setup my server config (I am using NGINX) I had the first server config grab the traffic and send it directly to 6167. It did NOT like that.

Let's say the internal IP address of my DMZ server is 192.168.10.1 and the machine that conduit is running on is 192.168.10.2. What I had to do was send the traffic from 192.168.10.1:8448 to 192.168.10.2:8448 and then the server config on 10.2 then had to be sent to 6167. I tried a few different ways and this was the only one I got to work. Maybe it's my lack of experience?

Also! One of the other quirks of this program is that it doesn't like http in any part of the flow. If you have your SSL certificates on the DMZ machine for 8448 and you're sending traffic to the internal 8448, conduit expects there to be certificates there too, even if the traffic is already being encrypted as the DMZ and the internal server is not at risk. It can even be different certificates. They just have to be there. If you don't do this you'll get a message along the lines of “Received an HTTP request when it should have been HTTPS” even though the entry server is SSL secured.

Here are the nginx config examples:

DMZ Server (192.168.10.1)

server {
        listen 8448;
        server_name WEBSITE.NAME;

        ssl_certificate /path/to/ssl/certificates/fullchain.pem;
        ssl_certificate_key /path/to/ssl/certificates/privkey.pem;

        ssl_protocols TLSv1.2 TLSv1.3;  # Ensure these protocols are enabled
        ssl_ciphers 'HIGH:!aNULL:!MD5';  # Use strong cipher

        location / {
                proxy_pass http://192.168.10.2:8448; #Not real. Just used for example.
                proxy_set_header X-Forwarded-For $remote_addr;
        }

Conduit Server (192.168.10.2)

server {
    listen 8448 ssl;
    listen [::]:8448 ssl;

    server_name WEBSITE.NAME
    merge_slashes off;

    # Nginx defaults to only allow 1MB uploads
    # Increase this to allow posting large files such as videos
    client_max_body_size 20M;

        ssl_certificate /path/to/ssl/certificates/fullchain.pem;
        ssl_certificate_key /path/to/ssl/certificates/privkey.pem;

    location /_matrix/ {
        proxy_pass http://192.168.10.2:6167$request_uri;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_buffering off;
        proxy_read_timeout 5m;

    }

}

Getting Admin Privileges for your new Server

If you have used Matrix Synapse in the past, you are probably used to being able to generate an admin user right up front with the CLI. This is not possible with conduit and it took me awhile (plus with some help from the users over at # conduit:fachschaften.org to get me on the right direction.

Once you are certain your server is up and running and the federation is working on 8448, you'll need to register an account with your new server first. This means going to a place that you can sign up for a server and go through the registration steps. I went to element.io, selected register, entered my own server's domain name, and then went through the registration process. You will need to give the registration code that you setup in conduit-example.toml and once it's done registering, you will then need to login with the said username and password. Again, I used Element. Once you do that, the very first account that logs in will be granted admin rights and it will generate a room named @conduit: and there you will be able to issue admin commands.

And that's it!

I hope this helps anyone else who was stumbling over Conduit and if this was obvious, well...I then have a lot more to learn.