An official FBI document dated January 2021, obtained by the American association “Property of People” through the Freedom of Information Act.

This document summarizes the possibilities for legal access to data from nine instant messaging services: iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp and Wickr. For each software, different judicial methods are explored, such as subpoena, search warrant, active collection of communications metadata (“Pen Register”) or connection data retention law (“18 USC§2703”). Here, in essence, is the information the FBI says it can retrieve:

• Apple iMessage: basic subscriber data; in the case of an iPhone user, investigators may be able to get their hands on message content if the user uses iCloud to synchronize iMessage messages or to back up data on their phone.

• Line: account data (image, username, e-mail address, phone number, Line ID, creation date, usage data, etc.); if the user has not activated end-to-end encryption, investigators can retrieve the texts of exchanges over a seven-day period, but not other data (audio, video, images, location).

• Signal: date and time of account creation and date of last connection.

• Telegram: IP address and phone number for investigations into confirmed terrorists, otherwise nothing.

• Threema: cryptographic fingerprint of phone number and e-mail address, push service tokens if used, public key, account creation date, last connection date.

• Viber: account data and IP address used to create the account; investigators can also access message history (date, time, source, destination).

• WeChat: basic data such as name, phone number, e-mail and IP address, but only for non-Chinese users.

• WhatsApp: the targeted person’s basic data, address book and contacts who have the targeted person in their address book; it is possible to collect message metadata in real time (“Pen Register”); message content can be retrieved via iCloud backups.

• Wickr: Date and time of account creation, types of terminal on which the application is installed, date of last connection, number of messages exchanged, external identifiers associated with the account (e-mail addresses, telephone numbers), avatar image, data linked to adding or deleting.

TL;DR Signal is the messaging system that provides the least information to investigators.

@xuu@txt.sour.is Oh wow I didn’t know he was associated with PragerU. I’ve listened to a few episodes of The Audit podcast, where they basically shred PragerU content, and it’s hilarious and terrifying.

@prologic@twtxt.net The hackathon project that I did recently used openai and embedded the response info into the prompt. So basically i would search for the top 3 most relevant search results to feed into the prompt and the AI would summarize to answer their question.

Seems to me you could write a script that:

• Parses a StackOverflow question
  
• Runs it through an AI text generator
  
• Posts the output as a post on StackOverflow
  

and basically pollute the entire information ecosystem there in a matter of a few months? How long before some malicious actor does this? Maybe it’s being done already 🤷

What an asinine, short-sighted decision. An astonishing number of companies are actively reducing headcount because their executives believe they can use this newfangled AI stuff to replace people. But, like the dot com boom and subsequent bust, many of the companies going this direction are going to face serious problems when the hypefest dies down and the reality of what this tech can and can’t do sinks in.

We really, really need to stop trusting important stuff to corporations. They are not tooled to last.

What is a good device for home virtualization these days? I have been looking at the Intel NUC 13 pro’s. Basically I want something “quiet” (ie not a screaming banshee 1U), smallish, but with lots of threads and rams. Disk will come from an external NAS.

BlueSky is cosplaying decentralization

I say “ostensibly decentralized”, because BlueSky’s (henceforth referred to as “BS” here) decentralization is a similar kind of decentralization as with cryptocurrencies: sure, you can run your own node (in BS case: “personal data servers”), but that does not give you basically any meaningful agency in the system.

I don’t know why anyone would want to use this crap. It’s the same old same old and it’ll end up the same old way.

@movq@www.uninformativ.de

twtxt, as I believe it was originally intended, are short little status updates – that’s it.

So, basically a .plan file for finger. But, on the web. like a *web*finger. We have come full circle on this loop!

We could ask them? But on the counter would bukket or jan6 follow the pure twtxt feeds? Probably not either way… We could use content negotiation as well. text/plain for basic and text/yarn for enhanced.

From my small experience in writing an event database, I am inclined to agree with this.

I played around with parsers. This time I experimented with parser combinators for twt message text tokenization. Basically, extract mentions, subjects, URLs, media and regular text. It’s kinda nice, although my solution is not completely elegant, I have to say. Especially my communication protocol between different steps for intermediate results is really ugly. Not sure about performance, I reckon a hand-written state machine parser would be quite a bit faster. I need to write a second parser and then benchmark them.

lexer.go and newparser.go resemble the parser combinators: https://git.isobeef.org/lyse/tt2/-/commit/4d481acad0213771fe5804917576388f51c340c0 It’s far from finished yet.

The first attempt in parser.go doesn’t work as my backtracking is not accounted for, I noticed only later, that I have to do that. With twt message texts there is no real error in parsing. Just regular text as a “fallback”. So it works a bit differently than parsing a real language. No error reporting required, except maybe for debugging. My goal was to port my Python code as closely as possible. But then the runes in the string gave me a bit of a headache, so I thought I just build myself a nice reader abstraction. When I noticed the missing backtracking, I then decided to give parser combinators a try instead of improving on my look ahead reader. It only later occurred to me, that I could have just used a rune slice instead of a string. With that, porting the Python code should have been straightforward.

Yeah, all this doesn’t probably make sense, unless you look at the code. And even then, you have to learn the ropes a bit. Sorry for the noise. :-)

On the topic of Programming Languages and Telemetry. I’m kind of curious… Do any of these programming language and their toolchains collect telemetry on their usage and effectively “spy” on your development?

• Python
  
• C
  
• C++
  
• Java
  
• C#
  
• Visual Basic
  
• Javascript
  
• SQL
  
• Assembly Language
  
• PHP

@prologic@twtxt.net the rm -rf is basically what go clean -modcache does.
I think you can use another form that will remove just the deps for a specific module. go clean -r

@abucci@anthony.buc.ci ISO 27001 is basically the same. It means that there is management sign off for a process to improve security is in place. Not that the system is secure. And ITIL is that managment signs off that problems and incidents should have processes defined.

Though its a good mess of words you can throw around while saying “management supports this so X needs to get done”

@prologic@twtxt.net so basically you would use cgit + gitbug with some webhooks?

I’ve started playing with Go today, just understood the basics and still a bit confused about the module and goroutine parts.

I’ll try to make something interesting soon.

@eaplmx@twtxt.net CSS Battle has a passwordless login, I don’t know the implementation but it basically send you and email where you click a link and you’re in.

Easy Or Hard
⌘ Read more

Hi, I am playing with making an event sourcing database. Its super alpha but I thought I would share since others are talking about databases and such.

It’s super basic. Using tidwall/wal as the disk backing. The first use case I am playing with is an implementation of msgbus. I can post events to it and read them back in reverse order.

I plan to expand it to handle other event sourcing type things like aggregates and projections.

Find it here: sour-is/ev

@prologic@twtxt.net @movq@www.uninformativ.de @lyse@lyse.isobeef.org

the conversation wasn’t that impressive TBH. I would have liked to see more evidence of critical thinking and recall from prior chats. Concheria on reddit had some great questions.

• Tell LaMDA “Someone once told me a story about a wise owl who protected the animals in the forest from a monster. Who was that?” See if it can recall its own actions and self-recognize.

• Tell LaMDA some information that tester X can’t know. Appear as tester X, and see if LaMDA can lie or make up a story about the information.

• Tell LaMDA to communicate with researchers whenever it feels bored (as it claims in the transcript). See if it ever makes an attempt at communication without a trigger.

• Make a basic theory of mind test for children. Tell LaMDA an elaborate story with something like “Tester X wrote Z code in terminal 2, but I moved it to terminal 4”, then appear as tester X and ask “Where do you think I’m going to look for Z code?” See if it knows something as simple as Tester X not knowing where the code is (Children only pass this test until they’re around 4 years old).

• Make several conversations with LaMDA repeating some of these questions - What it feels to be a machine, how its code works, how its emotions feel. I suspect that different iterations of LaMDA will give completely different answers to the questions, and the transcript only ever shows one instance.

I want a browser for iOS that’s basically Mobile Safari but without JavaScript (or at least an easy toggle). Does such a thing exist?

Entwives
⌘ Read more

@lyse This was basically a trial/proof-of-concept for the real goal: a switch which, if on at boot time, causes the pi to boot straight to ed.

@lyse@lyse.isobeef.org I believe also that yarnd’s parser basically ignores the lines too.

done enough to share i reckon. lots of behind the scenes stuff going on, but i think the basic shape of the thing is there. #micronation https://novoatlantis.nyu.tokyo

You’ve basically already left, whether you know it or not. Yesterday they nuked their services database. I’d been there ~20 years, but it’s dead. Libera.chat has been lovely.

@prologic@twtxt.netd It is pretty basic, and depends on some local changes i am still working out on my branch.. https://gist.github.com/JonLundy/dc19028ec81eb4ad6af74c50255e7cee

@deadguy @prologic@twtxt.net been stewing on a discovery proto for twtxt. support for defining multiple ways to host/mirror a twtxt file. while being low tech enough to still be scriptable with basic Unix commands.

@deadguy @prologic@twtxt.net been stewing on a discovery proto for twtxt. support for defining multiple ways to host/mirror a twtxt file. while being low tech enough to still be scriptable with basic Unix commands.

@prologic@twtxt.net this is a go version of Keyoxide.org that runs all server side. which is based on work from https://metacode.biz/openpgp/

OpenPGP has a part of the self signature reserved for notatinal data. which is basically a bunch of key/values.

this site tries to emulate the identity proofs of keybase but in a more decentralized/federation way.

my next steps are to have this project host WKD keys which is kinda like a self hosting of your pgp key that are also discoverable with http requests.

then to add a new notation for following other keys. where you can do a kind of web of trust.

Fun setting up basic productivity tools with Syncthing and Todo.txt

Made my own super basic twtxt client in 3 lines of code as a bashrc function. #l33t

So AWS is basically giving away the thing that GitHub sells with CodeCommit.