if you do not have permission to write in this forum, warn me!

Sometimes updates unpack the permissions.
 my house near the sea 
Zot universe NEWSZot universe NEWS escreveu a seguinte publicação Wed, 10 Jan 2018 16:25:28 -0200
Big Thank  Haakon ;-)

Voilà - Hubzilla 3.0! (In memory of Anthony Baldwin a.k.a. Tazman)
by Haakon Meland Eriksen on YouTube

@F O S W+
JeroenJeroen escreveu a seguinte publicação Sun, 07 May 2017 10:01:25 -0300
Imagem/fotoTodon.nl is now open for registrations!

Todon.nl is a #Mastodon instance for progressive people. Although we are located in the Netherlands, we like to welcome every progressive person from all over the world.
So if you are (among others) a leftist, socialist, anarchist, Marxist, ecologist, green, vegan, open-minded, anti-racist, social democrat or social liberal, please join us!
Curious, these days I am experimenting with  gnusocial.no various problems, and I can say that  its administrator is great, but these days the site has serious problems. This makes me think how important is the work of Mike about the nomadic identity, this independence from the server, this ability to have clones. I myself have my clone, and when cats.pm not work (already has happened  2 times), I do not care, I use my clone in another site/hub without problems.
While in the case of diaspora or gnusocial (and others ......) I can not do this.
But I must say it is very sad to see how people do not matter at all with these things...and do not consider this important feature in a decentralized, distributed, federated foss network.

cc @Hubzilla Support Forum+
@F O S W+
yes, of course you have nomadic identity in PRO, 'cause you have pure Zot in PRO.
BlaBlaNet, cats.pm is not mine, I have  channels here,  but is not mine, cats.pm has 'certificate problems ssl thing'... , I can not login in cats.pm, i'm using my clone ( got zot ;) )
Keith ( the cats.pm admin) is a good person, and experienced, but unfortunately somewhat absent now....
@giac hellvecio your hub is funny is sending me the post every day . They have serious issues there
Sean TilleySean Tilley escreveu a seguinte publicação Thu, 06 Oct 2016 18:53:56 -0300
Seeking Collaborators for We Distribute
When I started @We Distribute , I did so in the hopes of covering all of the exciting development going on in the federated / distributed communication space. I somewhat envisioned the channel to serve as a topical analogue to the likes of OMG! Ubuntu or WebUpd8.

Coverage has always been somewhat spotty, due to my own personal time constraints, as well as the fact that I am sometimes behind on covering announcements from various projects. While I hope to once again get back in the saddle soon, I'd like to take the opportunity to reach out to my contacts within the space.

In #Hubzilla, it is possible for multiple people to administrate a channel. This includes collaboration on the integrated wiki (found here, in its sparse form) as well as post creation and scheduling. From there, We Distribute federates to Diaspora and Friendica, and cross-posts to Pump.io, Libertree, and GNU Social.

In short, I am looking for volunteers who would like to write updates for their projects of interest (#Diaspora, #Friendica, #Hubzilla, #Pump, #Libertree, or anything else), and help coordinate on putting together regular updates for the rest of the federated web to read. We Distribute is something of a meta-syndication, in the fact that it is leveraging the federated web to report on the state of the federated web.

If anyone is interested in this undertaking, please shoot me an email: sean@deadsuperhero.com
So today I found this  (Get off WhatsApp now!)  and then this https://www.eff.org/deeplinks/2016/08/what-facebook-and-whatsapps-data-sharing-plans-really-mean-user-privacy-0  ...

and again I'm thinking "why #wtf  EFF continue using facebook?"
some people continue to say it : "to reach more people",
but what kind of blasphemy-excuse is this ?
seriously and honestly, you can not use something that you condemn if you're in the position of criticize certain things in front of the whole world..
But... seriously again, in what fucking shit world we are living?

cc @F O S W+
Mario VavtiMario Vavti escreveu a seguinte publicação Wed, 24 Aug 2016 10:47:52 -0300
Hubzilla 1.12 officially released!
Here is a list of the most important changes:

  • Extensible permissions so you can create a new permission rule such as "can write to my wiki" or "can see me naked".
  • Guest access tokens can do anything you let them, including create posts and administer your channel
  • ACLs can be set on files and directories prior to creation.
  • ACL tool can now be used in multiple forms within a page
  • a myriad of new drag/drop features (drop files or photos into /cloud or a post, or drop link into a post or comment, etc.)
  • multiple file uploads
  • improvements to website import
  • UNO replaced with extensible server roles
  • select bbcode elements (such as baseurl) supported in wiki pages
  • bootstrap upgrade to version 3.3.7 (jquery 3 compatibility)

  • Diaspora Protocol: additional updates to maintain compatibility with and stop showing likes as wall-to-wall comments (except when the liker does not have any Diaspora protocol ability)
  • Cdav: continued improvements to the web UI
  • Pong: the classic pong game
  • Dfedfix: removed, no longer needed
  • Openid: moved from core to addon

  • fix unable to delete privacy groups
  • weird display interaction with code blocks and escaped base64 content containing 8 - O
  • workaround WordPress oembeds which are almost completely javascript and therefore filtered
  • restrict oembed cache url to 254 chars to avoid spurious failures caching google map urls
  • "Page not found" appeared twice
  • fix birthdays not being automatically added to event calendar
  • some iCal entries had malformed descriptions

Of course, as always, there where many other little issues fixed and the overall feel enhanced...

Get it while it's hot!

@Hubzilla Development+
@Hubzilla Support Forum+
@Channel One
Mike MacgirvinMike Macgirvin escreveu a seguinte publicação Thu, 07 Apr 2016 06:48:18 -0300

This is actually pretty cool.

Share a photo. Only with Bill.

Bill visits your website. He sees the photo. Debbie visits your website. She can't see the photo.

Bill's website has financial problems and shuts down.  He goes to another site. He visits yours. He can still see the photo. Debbie can't. Debbie goes to another site. She still can't.

Your service provider is having a bad day with a router so you go to another site until they get their stuff sorted. You still have your photo album, your profile, your stream and all your friends. In particular, you're still friends with Bill and Debbie. You write to them.

Bill visits your new (temporary) site. He can still see the photo in your photo album; even though you're now both on different sites than where you were when you first shared it with him. You've not touched the photo at all - only when you first published it and made it visible to Bill. In fact everything looks exactly the same. You look at your social stream. It's exactly the same - nothing missing. Nothing is different.

Debbie looks at your photo album on your temporary server. She still can't see the photo.  


@F O S W+
I seem to be unable to see the image due to a permissions issue.
Should be okay now.
I did run it and it looked neat. Although I'm wondering how an existing e.g. PHP site can run on it.


From https://zeronet.readthedocs.org/en/latest/:

What is ZeroNet?

ZeroNet uses Bitcoin cryptography and BitTorrent technology to build a decentralized censorship-resistant network.

Users can publish static or dynamic websites into ZeroNet and visitors can choose to also serve the website. Websites will remain online even if it is being served by only one peer.

When a site is updated by its owner, all nodes serving that site (previous visitors) will receive only the incremental updates done to the site content.

ZeroNet counts with a built-in SQL database. This makes content-heavy site development easy. The DB is also synced with hosting nodes with incremental updates.

@F O S W+
If this is all true, we are all fucked. @F O S W+ @Linux User Group+ @LibrePlanet 2016+

ErdmolchErdmolch escreveu a seguinte publicação Sun, 06 Mar 2016 14:06:07 -0300
security alert: modern cpus from intel and amd have an build-in backdoor
Modern cpus from intel and amd have build-in co-processors, which run besides the operating system and the code is proprietary. So even if you are running gnu/linux, it can leak your private keys! For more details, read on: (and don´t forget to #share this post, thanks)

Why is the latest Intel hardware unsupported in libreboot? #intel
It is extremely unlikely that any post-2008 Intel hardware will ever be supported in libreboot, due to severe security and freedom issues; so severe, that the libreboot project recommends avoiding all modern Intel hardware. If you have an Intel based system affected by the problems described below, then you should get rid of it as soon as possible. The main issues are as follows:

Intel Management Engine (ME) #intelme
Introduced in June 2006 in Intel's 965 Express Chipset Family of (Graphics and) Memory Controller Hubs, or (G)MCHs, and the ICH8 I/O Controller Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip. In Q3 2009, the first generation of Intel Core i3/i5/i7 (Nehalem) CPUs and the 5 Series Chipset family of Platform Controller Hubs, or PCHs, brought a more tightly integrated ME (now at version 6.0) inside the PCH chip, which itself replaced the ICH. Thus, the ME is present on all Intel desktop, mobile (laptop), and server systems since mid 2006.

The ME consists of an ARC processor core (replaced with other processor cores in later generations of the ME), code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through an Intel Gigabit Ethernet Controller. Its boot program, stored on the internal ROM, loads a firmware "manifest" from the PC's SPI flash chip. This manifest is signed with a strong cryptographic key, which differs between versions of the ME firmware. If the manifest isn't signed by a specific Intel key, the boot ROM won't load and execute the firmware and the ME processor core will be halted.

The ME firmware is compressed and consists of modules that are listed in the manifest along with secure cryptographic hashes of their contents. One module is the operating system kernel, which is based on a proprietary real-time operating system (RTOS) kernel called "ThreadX". The developer, Express Logic, sells licenses and source code for ThreadX. Customers such as Intel are forbidden from disclosing or sublicensing the ThreadX source code. Another module is the Dynamic Application Loader (DAL), which consists of a Java virtual machine and set of preinstalled Java classes for cryptography, secure storage, etc. The DAL module can load and execute additional ME modules from the PC's HDD or SSD. The ME firmware also includes a number of native application modules within its flash memory space, including Intel Active Management Technology (AMT), an implementation of a Trusted Platform Module (TPM), Intel Boot Guard, and audio and video DRM systems.

The Active Management Technology (AMT) application, part of the Intel "vPro" brand, is a Web server and application code that enables remote users to power on, power off, view information about, and otherwise manage the PC. It can be used remotely even while the PC is powered off (via Wake-on-Lan). Traffic is encrypted using SSL/TLS libraries, but recall that all of the major SSL/TLS implementations have had highly publicized vulnerabilities. The AMT application itself has known vulnerabilities, which have been exploited to develop rootkits and keyloggers and covertly gain encrypted access to the management features of a PC. Remember that the ME has full access to the PC's RAM. This means that an attacker exploiting any of these vulnerabilities may gain access to everything on the PC as it runs: all open files, all running applications, all keys pressed, and more.

Intel Boot Guard is an ME application introduced in Q2 2013 with ME firmware version 9.0 on 4th Generation Intel Core i3/i5/i7 (Haswell) CPUs. It allows a PC OEM to generate an asymmetric cryptographic keypair, install the public key in the CPU, and prevent the CPU from executing boot firmware that isn't signed with their private key. This means that coreboot and libreboot are impossible to port to such PCs, without the OEM's private signing key. Note that systems assembled from separately purchased mainboard and CPU parts are unaffected, since the vendor of the mainboard (on which the boot firmware is stored) can't possibly affect the public key stored on the CPU.

ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) include an ME application for audio and video DRM called "Protected Audio Video Path" (PAVP). The ME receives from the host operating system an encrypted media stream and encrypted key, decrypts the key, and sends the encrypted media decrypted key to the GPU, which then decrypts the media. PAVP is also used by another ME application to draw an authentication PIN pad directly onto the screen. In this usage, the PAVP application directly controls the graphics that appear on the PC's screen in a way that the host OS cannot detect. ME firmware version 7.0 on PCHs with 2nd Generation Intel Core i3/i5/i7 (Sandy Bridge) CPUs replaces PAVP with a similar DRM application called "Intel Insider". Like the AMT application, these DRM applications, which in themselves are defective by design, demonstrate the omnipotent capabilities of the ME: this hardware and its proprietary firmware can access and control everything that is in RAM and even everything that is shown on the screen.

The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can't be ignored.

Before version 6.0 (that is, on systems from 2008/2009 and earlier), the ME can be disabled by setting a couple of values in the SPI flash memory. The ME firmware can then be removed entirely from the flash memory space. libreboot does this on the Intel 4 Series systems that it supports, such as the Libreboot X200 and Libreboot T400. ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include "ME Ingition" firmware that performs some hardware initialization and power management. If the ME's boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.

Due to the signature verification, developing free replacement firmware for the ME is basically impossible. The only entity capable of replacing the ME firmware is Intel. As previously stated, the ME firmware includes proprietary code licensed from third parties, so Intel couldn't release the source code even if they wanted to. And even if they developed completely new ME firmware without third-party proprietary code and released its source code, the ME's boot ROM would reject any modified firmware that isn't signed by Intel. Thus, the ME firmware is both hopelessly proprietary and "tivoized".

In summary, the Intel Management Engine and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely. Since recent versions of it can't be removed, this means avoiding all recent generations of Intel hardware.

More information about the Management Engine can be found on various Web sites, including me.bios.io, the smashthestack network, coreboot wiki, and Wikipedia. The book Platform Embedded Security Technology Revealed describes in great detail the ME's hardware architecture and firmware application modules.

Firmware Support Package (FSP) #fsp
On all recent Intel systems, coreboot support has revolved around integrating a blob (for each system) called the FSP (firmware support package), which handles all of the hardware initialization, including memory and CPU initialization. Reverse engineering and replacing this blob is almost impossible, due to how complex it is. Even for the most skilled developer, it would take years to replace. Intel distributes this blob to firmware developers, without source.

Since the FSP is responsible for the early hardware initialization, that means it also handles SMM (System Management Mode). This is a special mode that operates below the operating system level. It's possible that rootkits could be implemented there, which could perform a number of attacks on the user (the list is endless). Any Intel system that has the proprietary FSP blob cannot be trusted at all. In fact, several SMM rootkits have been demonstrated in the wild (use a search engine to find them).

CPU microcode updates #microcode
All modern x86 CPUs (from Intel and AMD) use what is called microcode. CPUs are extremely complex, and difficult to get right, so the circuitry is designed in a very generic way, where only basic instructions are handled in hardware. Most of the instruction set is implemented using microcode, which is low-level software running inside the CPU that can specify how the circuitry is to be used, for each instruction. The built-in microcode is part of the hardware, and read-only. Both the circuitry and the microcode can have bugs, which could cause reliability issues.

Microcode updates are proprietary blobs, uploaded to the CPU at boot time, which patches the built-in microcode and disables buggy parts of the CPU to improve reliability. In the past, these updates were handled by the operating system kernel, but on all recent systems it is the boot firmware that must perform this task. Coreboot does distribute microcode updates for Intel and AMD CPUs, but libreboot cannot, because the whole point of libreboot is to be 100% free software.

On some older Intel CPUs, it is possible to exclude the microcode updates and not have any reliability issues in practise. All current libreboot systems work without microcode updates (otherwise, they wouldn't be supported in libreboot). However, all modern Intel CPUs require the microcode updates, otherwise the system will not boot at all, or it will be extremely unstable (memory corruption, for example).

Intel CPU microcode updates are signed, which means that you could not even run a modified version, even if you had the source code. If you try to upload your own modified updates, the CPU will reject them. In other words, the microcode updates are tivoized.

The microcode updates alter the way instructions behave on the CPU. That means they affect the way the CPU works, in a very fundamental way. That makes it software. The updates are proprietary, and are software, so we exclude them from libreboot. The microcode built into the CPU already is not so much of an issue, since we can't change it anyway (it's read-only).

Intel is uncooperative #intelbastards
For years, coreboot has been struggling against Intel. Intel has been shown to be extremely uncooperative in general. Many coreboot developers, and companies, have tried to get Intel to cooperate; namely, releasing source code for the firmware components. Even Google, which sells millions of chromebooks (coreboot preinstalled) have been unable to persuade them.

Even when Intel does cooperate, they still don't provide source code. They might provide limited information (datasheets) under strict corporate NDA (non-disclosure agreement), but even that is not guaranteed. Even ODMs and IBVs can't get source code from Intel, in most cases (they will just integrate the blobs that Intel provides).

Recent Intel graphics chipsets also require firmware blobs.

Intel is only going to get worse when it comes to user freedom. Libreboot has no support recent Intel platforms, precisely because of the problems described above. The only way to solve this is to get Intel to change their policies and to be more friendly to the free software community. Reverse engineering won't solve anything long-term, unfortunately, but we need to keep doing it anyway. Moving forward, Intel hardware is a non-option unless a radical change happens within Intel.

Basically, all Intel hardware from year 2010 and beyond will never be supported by libreboot. The libreboot project is actively ignoring all modern Intel hardware at this point, and focusing on alternative platforms.

Why is the latest AMD hardware unsupported in libreboot? #amd
It is extremely unlikely that any post-2013 AMD hardware will ever be supported in libreboot, due to severe security and freedom issues; so severe, that the libreboot project recommends avoiding all modern AMD hardware. If you have an AMD based system affected by the problems described below, then you should get rid of it as soon as possible. The main issues are as follows:

AMD Platform Security Processor (PSP) #amdpsp
This is basically AMD's own version of the Intel Management Engine. It has all of the same basic security and freedom issues, although the implementation is wildly different.

The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013), and controls the main x86 core startup. PSP firmware is cryptographically signed with a strong key similar to the Intel ME. If the PSP firmware is not present, or if the AMD signing key is not present, the x86 cores will not be released from reset, rendering the system inoperable.

The PSP is an ARM core with TrustZone technology, built onto the main CPU die. As such, it has the ability to hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, login data, browsing history, keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM "features" to work as intended), which means that it has at minimum MMIO-based access to the network controllers and any other PCI/PCIe peripherals installed on the system.

In theory any malicious entity with access to the AMD signing key would be able to install persistent malware that could not be eradicated without an external flasher and a known good PSP image. Furthermore, multiple security vulnerabilities have been demonstrated in AMD firmware in the past, and there is every reason to assume one or more zero day vulnerabilities are lurking in the PSP firmware. Given the extreme privilege level (ring -2 or ring -3) of the PSP, said vulnerabilities would have the ability to remotely monitor and control any PSP enabled machine. completely outside of the user's knowledge.

Much like with the Intel Boot Guard (an application of the Intel Management Engine), AMD's PSP can also act as a tyrant by checking signatures on any boot firmware that you flash, making replacement boot firmware (e.g. libreboot, coreboot) impossible on some boards. Early anecdotal reports indicate that AMD's boot guard counterpart will be used on most OEM hardware, disabled only on so-called "enthusiast" CPUs.

AMD IMC firmware #amdimc
Read https://www.coreboot.org/AMD_IMC.

AMD SMU firmware #amdsmu
Handles some power management for PCIe devices (without this, your laptop will not work properly) and several other power management related features.

The firmware is signed, although on older AMD hardware it is a symmetric key, which means that with access to the key (if leaked) you could sign your own modified version and run it. Rudolf Marek (coreboot hacker) found out how to extract this key in this video demonstration, and based on this work, Damien Zammit (another coreboot hacker) partially replaced it with free firmware, but on the relevant system (ASUS F2A85-M) there were still other blobs present (Video BIOS, and others) preventing the hardware from being supported in libreboot.

AMD AGESA firmware #amdagesa
This is responsible for virtually all core hardware initialization on modern AMD systems. In 2011, AMD started cooperating with the coreboot project, releasing this as source code under a free license. In 2014, they stopped releasing source code and started releasing AGESA as binary blobs instead. This makes AGESA now equivalent to Intel FSP.

AMD CPU microcode updates #amdmicrocode
Read the Intel section #microcode. AMD's updates are practically the same, though it was found with much later hardware in AMD that you could run without microcode updates. It's unknown whether the updates are needed on all AMD boards (depends on CPU).

AMD is incompetent (and uncooperative) #amdbastards
AMD seemed like it was on the right track in 2011 when it started cooperating with and releasing source code for several critical components to the coreboot project. It was not to be. For so-called economic reasons, they decided that it was not worth the time to invest in the coreboot project anymore.

For a company to go from being so good, to so bad, in just 3 years, shows that something is seriously wrong with AMD. Like Intel, they do not deserve your money.

Given the current state of Intel hardware with the Management Engine, it is our opinion that all performant x86 hardware newer than the AMD Family 15h CPUs (on AMD's side) or anything post-2009 on Intel's side is defective by design and cannot safely be used to store, transmit, or process sensitive data. Sensitive data is any data in which a data breach would cause significant economic harm to the entity which created or was responsible for storing said data, so this would include banks, credit card companies, or retailers (customer account records), in addition to the "usual" engineering and software development firms. This also affects whistleblowers, or anyone who needs actual privacy and security.

source: https://libreboot.org/faq/ https://www.coreboot.org/Binary_situation

#security #alert #backdoor #surveillance #pleaseshare #sharingiscaring #managementengine #me #activemanagementtechnology #amt #government #nsa #gchq #bnd #intelligenceagencies #nationalintelligence #coreboot #libreboot #fsf #blob #proprietary #freesoftware #freehardware
  de AndStatus
@Jeroen van Riet Paap so... basically no modern cpus are secure. What does the NSA use? The Chinese intelligence? The Russians? They all have desktop computers and servers. If I'm reading this right, Intel and AMD now have control of all the computers of the world's three largest military and inteligence complexes. That's remarkable. How do those agencies protect themselves? Or can they?
A lot of questions and assumptions, but no one (except those agencies, and mayve Intel and AMD) have the final answers. That's why I started with 'If this is all true'.
I bet intelligence agencies have their own custom CPUs for their networks, would be utterly stupid to rely on private corporate servers for their deepest secrets.

I guess the rest of us, mortals, are fucked. Are there no other x86-compatible manufacturers other than Intel and AMD left?
Mike MacgirvinMike Macgirvin escreveu a seguinte publicação Thu, 03 Mar 2016 23:41:40 -0300
Hubzilla 1.3 Release
Wollongong, Australia 04-March-2016

We are please to announce the immediate availability of Hubzilla Community Server V1.3, our web software for building and linking decentralised community websites. The current release is building on our momentum to provide a much more configurable and adaptable platform for creating and linking website communities of all sizes and descriptions while providing autonomous privacy controls for all web resources.

The highlights are
1) ability to attach metadata to more stored resources which allows new types of plugins/addons to be created,
2) radically simplified setup and operation provided by the "Hubzilla UNO" configuration, and
3) continued work on the web interface to provide a pleasant and smooth flowing experience.

Please find out more about the project at http://hubzilla.org or visit our project page at https://github.com/redmatrix/hubzilla .

Summary of changes in this release:

    Admin Security configuration page created which consolidates several previously hidden settings:
        Communication white/black lists
        Channel white/black lists
        OEmbed white/black lists
    Admin Profile Fields page created which manages the availability and order of standard profile fields and allows new fields to be created/managed
    Allow guest/visitor access to view personal calendar
    "Poke" module reworked - page UI updated and "poke basic" setting introduced which limits the available poke "verbs".
    "Mood" module UI reworked
    "profile_photo" module UI reworked
    "cover_photo" module UI reworked
    "new_channel" module UI reworked
    "register" module UI reworked
    "pubsites" module UI reworked
    item-meta ("iconfig") created which implements arbitrary storage for item metadata for plugins
    abook-meta ("abconfig") created which implements arbitrary storage for connection metadata for plugins
    "Strict transport security header" made optional as it conflicts with some existing Apache/nginx configurations
    "Hubzilla UNO" (Hubzilla with radically simplified and locked site settings) implemented as an install configuration.
    .well-known directory conflict worked out to support LetsEncrypt cert ownership checks without disrupting webfinger and other internal uses of .well-known
    Lots of work on 'zcards' which are self-contained HTML representations of a channel including cover photos, profile photos, and some text information
    Long standing bug uncovered which failed to properly restrict the lower time limit for public feed requests
    A number of fixes to "readmore" to fix page jumping
    Bugfix: persons other than the channel owner who have permission to upload photos to a channel could not do so if the js_upload plugin/addon was enabled
    Siteinfo incorrectly identifying secondary directory servers
    Allow admin to set and lock features when UNO is configured
    Atom feeds: alter how events are formatted to be compatible with GNU-social
    Moved several more classes to "composer format" and provided an autoloader.
    Bugfix: require existing password to change password
    Bugfix: allow relative_date() to be translated to Polish which has more than two plural forms.
    Plugin API: add "requires" keyword to module header to indicate dependent addons
    ActivityStreams improvements and cleanup: photo and file activities
    UI cleanup for editing profile when multiple profiles enabled
    Removed the "markdown" feature as there are numerous issues and no maintainer.
    Provide "footer" bbcode to ease theming of post footer content
    Bugfix: install issues caused by composer code refactor and typo in postgres load file

        keepout - "block public on steroids"
        pubsubhubbub - provides PuSH support to Atom feeds, required for GNU-social federation
        GNUsocial protocol - under development
        Diaspora protocol - some work to ease migration to the new signing format
        Diaspost - disabled; numerous issues and no maintainer
        smileybutton - theme work and fixed compatibility with other jot-tools plugins
Mwaha... another security hole to scare us!


The DROWN security hole – what you need to know
by Paul Ducklin on Naked Security

@Linux User Group+ @F O S W+
Nice logo.
LibrePlanet 2016LibrePlanet 2016 escreveu a seguinte publicação Mon, 29 Feb 2016 18:00:00 -0300
Christopher Webber - Federation and GNU (LibrePlanet2015)

(if you can't see the embedded video in this post, you can watch it directly here:
Christopher Webber - Federation and GNU — GNU MediaGoblin)

The effort to re-decentralize the web has been under way for a number of years, but what's really happening under the hood? Various projects like #Diaspora, #GNUsocial, #MediaGoblin, #Friendica, and #Pump all exist, but not all these projects can talk to each other. How can we fix that? A demo of PyPump will be given, as well as a rundown on the progress of the W3C Social Working Group.

Chris does a great job detailing the history of projects within the space, as well as the underlying concepts as to how most of them work.
on the use of non-free tools by fsf eff and others who claim to fight for freedom...

Radio GiacoRadio Giaco escreveu a seguinte publicação Sat, 13 Feb 2016 21:41:41 -0200
alternatives have existed for years, eff fsf etc ... should use free alternatives,
to use non-free networks is to give credit to their power of information, and this is not a good message.

@F O S W+
  última edição: Fri, 05 Feb 2016 15:15:58 -0200  
@F O S W+

Simple way to explain #federation to people who don't understand why #facebook / #twitter / et al sucks:
Imagine you have a T-mobile phone plan, and your friend has Verizon. In order to call, or send a text, or in any way communicate from your T-mobile phone to their Verizon, you must first sign up for an account with Verizon, and agree to their terms of service. Would you ever accept that?
What if the only way to actually do it from your T-mobile phone, is if you wrote a special app using Verizon's toolkit, and using your custom app on your phone you could then connect to Verizon with your Verizon account (after accepting Verizon terms of service) and then could finally txt or call the Verizon friend from your phone with your custom code written using the Verizon API.

Make any sense? Well that's what twitter, facebook, and the rest all are.
Mike MacgirvinMike Macgirvin escreveu a seguinte publicação Wed, 06 Jan 2016 20:02:54 -0200

Hubzilla 1.1
Announce: Hubzilla 1.1 release

High Range, Australia

Greetings and Happy New Year. The Hubzilla developers are pleased to announce the immediate release of Hubzilla 1.1, our decentralised community platform specialising in cross-domain identity and privacy


Hubzilla 1.1

        Rewrote and simplified the Queue manager and delivery system
        Rewrote and simplified the outer layers of the Zot protocol
        Use a standard version numbering scheme in addition to the snapshot tags
        Provide a channel blacklist for blocking channels with abusive or illegal content at the hub level
        Make the black/white lists pluggable
        Update template library
        Support for letsencrypt certs in various places
        Cleanup of login and register pages
        Better error responses for permission denied on channel file repositories
        Disabled the public stream by default for new installs (can be enabled if desired)
        Cleanup of API authentication and rework the old OAuth1 stuff
        Add API "status with media" support compatible with Twitter and conflicting method for GNU-social
        Rework photo ActivityStreams objects to align better with ActivityStreams producers/consumers
        Several minor API fixes to work better with AndStatus client
        Invitation only site - experimental support added, needs more work
        Fix delivery loop condition due to corrupted data which resulted in recursive upstream delivery
        Provide more support for external (git) widget collections.
        Extend the Queue API to 3rd-party network addons which have experienced downtime recently.
        Regression: Inherited permissions were not explicitly set
        Regression: "Xyz posted on your wall" notification sent when creating webpages at another channel
        Regression: Custom permissions not pre-populated on channel creation with named role.
        Provide "Public" string when a post can be made public, instead of "visible to default audience"
        Allow hub admin to specify a default role type for the first channel created, reducing complexity
        Ability for a hub admin to set feature defaults and lock them, reducing complexity
        Change default expiration of delivery reports to 10 days to accomodate sites with reduced resources

                Pageheader addon ported from Friendica
                Hubwall (allow admin to send email to all accounts on this hub) created
                GNU-social - queueing added
                Diaspora - fixes for various failures to update profile photos, updates to queue API
                Cross Domain Authenticated Chess (Andrew Manning's repository)

        And... the normal "lots of bugs fixed, translations updated, and documentation improved"

@F O S W+
what name we could use? "freeweb" is still valid or too vague?

Jim  LamentinoJim Lamentino escreveu a seguinte publicação Fri, 01 Jan 2016 18:27:58 -0200
in 2016 this might be time to find a real name for this network (someone used #freeweb ), yes, this network consists of : diaspora, hubzilla aka redmatrix, friendica. Obviously the name diaspora would be foolish because diaspora is just one of the three, we should find something nice.
And we should also explain to all newcomers (but also the old 'cause many in diaspora for example do not know about this thing) that once you start using  diaspora, in truth you enter into a network much larger and made of several parts .
Perhaps using a good and nice name and an explanation on the homepage of each pod would be appropriate and useful. ;-)

cc @F O S W+
freefednet ?
Comrades, I really hope that 2016 will be better for our decentralized networks, and also hope that more of you abandon centralized services as fb, twitter, g+ etc … I really hope that our networks can grow even more, and that the conscience, the perception of the people about the ‘downside of the famous networks’ will be greater.
#fosw !fosw

@F O S W+
I am also hoping that there will be more awareness and use of decentralised systems in 2016. Freedombox is beginning to look like it might be viable and could become a shippable product.