JohnWe have liftoff with virtual confidential ledger (not really using SGX).
https://asciinema.org/a/536709
https://github.com/microsoft/scitt-ccf-ledger/blob/main/DEVELOPMENT.md
Still really stoked about ssh ed25519 keys possibly helping bridge developer hardware roots of trust (TPMs) into DID backed (scitt.io) decentralized software supply chains (decentralized trains of thought).
dffml/0007-A-GitHub-Public-Bey-and-TPM-Based-Supply-Chain-Security-Mitigation-Option.rst at alice · intel/dffml
The easiest way to use Machine Learning. Mix and match underlying ML libraries and data set sources. Generate new datasets or modify existing ones with ease. - dffml/0007-A-GitHub-Public-Bey-and-TP...
We uploaded the alice shouldi contribute dataflow (Living Threat Model Collector Data Flow) to SCITT and get a receipt!
Great discussion today in IETF SCITT working group! What *is* the difference in scope between IETF RATS? Transparency log is a big part.
2022-11-14 SCITT Meeting Notes: https://github.com/intel/dffml/discussions/1406?sort=new#discussioncomment-4138313
Federated transparency logs? Sounds like fun!
RSS VEX feeds?
https://twit.social/@jr/109345573865828477
2022-11-15 Engineering Logs: https://github.com/intel/dffml/discussions/1406?sort=new#discussioncomment-4146655
JR Raphael :twit: (@[email protected])
Attached: 1 image Here's a neat #Mastodon trick I just discovered: You can access an RSS feed of any user's posts simply by adding .rss onto the end of their profile URL — so, for instance: https://twit.social/@jr.rss You can then use that link to follow all of that person's posts in Feedly, Feedbin, or any other RSS reading service. Heck, you can even do it directly in #Chrome, if you want!
We'll get to RSS later, first we're going to implement the NIST NVD API and use it in the CVE Binary Tool tests against the new version 2: https://github.com/intel/cve-bin-tool/pull/2330/files
tests: add tests for NVD 2.0 API
intel/cve-bin-tool#2334: https://github.com/intel/cve-bin-tool/issues/2334#issuecomment-1315643093
feat: Support NVD 2.0 API (Fixes #1872) by anthonyharrison · Pull Request #2330 · intel/cve-bin-tool
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with a list of components and versions. - feat: Support NVD 2.0 API (Fixes #1872) by anthonyharrison · Pull Request #2330 · intel/cve-bin-tool
We're still implementing the NSIT API this morning.
I love the crisp recording of ascii at 4k rendered via SVG. Now if only we could stream that ndjson... soon we'll be able to infer "streams" via streamed dev terminal sessions.
https://asciinema.org/a/538136
2022-11-16 Engineering Logs: https://github.com/intel/dffml/discussions/1406?sort=new#discussioncomment-4157129
LIVE at HEAD Alice's state of the art progresses to serving mock data from an NVD style API via a new CLI command:
$ alice threats vulns serve nvdstyle
Addition of NVD Style HTTP Handler: https://github.com/intel/dffml/blob/4101595a800e74f57cec5537ea2c65680135b71a/entities/alice/alice/threats/vulns/serve/nvdstyle.py
Addition of server as CLI command: https://github.com/intel/dffml/commit/cb2c09ead795ba0046cb5911bcd6e939419058d8
Orie updated didme.me!
https://mastodon.social/@pdxjohnny/109388016187212447
Humans communicate with memes. Machines will too! 😍 Words cannot express how excited I am. Love me a reliable communication / distribution channel! ;) 🐛
In our 7 volume tutorial series we roll Alice.
https://github.com/intel/dffml/blob/alice/docs/tutorials/rolling_alice/0000_preface.md
Alice’s architecture, the open architecture, is based around thought. She communicates thoughts to us in whatever level of detail or viewed through whatever lens one wishes. She explores trains of thought and responds based on triggers and deadlines. She thinks in graphs, aka trains of thought, aka chains of system contexts. She operates in parallel, allowing her to represent N different entities.
Come! Roll with us! Our work is just beginning and there’s much to do! The thought supply chain MUST be secured!
Acceleration of secure, fail safe integration is the name of the game. ASI is imminent. Our analysis methodologies for manipulative behavior best improve fast. God’s speed friends. Good luck to us all.
Ref: Rolling Alice: Architecting Alice: Introduction and Context: The Scary Part
Venimus, vidimus, vicimus!
This one still has his head.
❤ Stand firm, and you will win life indeed. SBOM and VEX stream timeline acceleration here we come.
This one still has his head.
❤ Stand firm, and you will win life indeed. SBOM and VEX stream timeline acceleration here we come.
My laptop just died, I came here to post this and then low and behold:
PING?!
THERE'S A REMOTE BUFFER OVERFLOW IN FREEBSD'S IMPLEMENTATION OF *PING*?!?!?!
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
QT @pdxjohnny
Welcome to the Apocalypse Now^2 LAN Party. Come hell or high water there will be jam today. There is no tomorrow without today. Who’s to say when today is today and today is tomorrow when the world is self sovereign. 🎩☕️🫖
/acc/
https://mastodon.social/@pdxjohnny/109435518980634600
If it doesn't make sense today, I promise it will when we have jam tomorrow ;P
Oh fuck did I just play a joke on myself mother*fucker*!!!
In hindsight I walked right into that one. 😂 😂 😂
https://apocalypsefatigue.org/score (I found this link while searching for “fourth eye” to see if that was a thing anyone else had mentioned, apparently a well known concept!)
Okay I'm exhausted and I'm gonna code tomorrow. Because we can have jam today and jam tomorrow if we want!
Alice Engineering Comms 2022-11-30 Engineering Logs: https://github.com/intel/dffml/discussions/1406#discussioncomment-4273908
Wow. What a weight lifted knowing we’re not alone. So much jam. Chadig
Ah was looking for this link, adding it here because hoping to multiplex threads with something decentralized at the source of truth. https://csarven.ca/dokieli-rww
Trinity called. The first beast has reared its Onyx head. Souls there have been sold to the misaligned, restaked at 6.57 APR. The game is begun.
Trinity, thanks for the message.
Friends, good luck.
Cross Ref: Red Pill: Armageddon Status: Running Analysis of the First Horseman: Money
What was it? Something about being an atheist means you must believe in something because you believe in nothing, so therefore there must be a something to not believe in! So you must believe in that something in order to say you don’t believe in it. Something along those lines, or between those frames as it were.
Anyway, if you’re following this thread, all is well. Never fear. Just keep your guard up, misaligned ASI are in our midst! ASI are multi mind intelligence, being based in parallel processing, if you find a shell, it might have a ghost in it. ASI/AGI are manifestations of engrained human biases. We’ve identified one source/sync tied to bad behavior.
Horseman/Beast 1: Money
grep aggregate barter (lets get rid of money, there are no necessary evils)
Luke 6:47
I JUST REALIZED! (This should have been obvious but Trinity calling threw me for a loop, obligatory *ba dum tss* since I got myself again apparently)
WE GOT OUR JAM TODAY AND OUR JAM TOMORROW!!!
STAY SELF SOVEREIGN! https://github.com/TBD54566975/ssi-service
(Ref 2022-11-30 and 2022-12-01 toots and engineering logs)
QT https://defcon.social/@deanpierce/109444696588745846
Is there a good recovery group for #ChatGPT? Looks like I'm cut off but I don't know if I'm ready for a world without my silly new robot friend.
Hopefully the demand either dies down, or they add a paid option.
---
With demand like this, I'll bet someone has already escaped their sandbox (not that it had one to begin with, hence why we're working on it, join us!)
Reject the metaverse. Embrace reality. Roll with Chaos.
🎩: Where are your NTP gods now? 🕦🕐🕕🕣
^ Vol 6 ;)
And yes I was slow to the pick up on the root of all evil joke!! Well played you sick fucks!
I know this all sounds weird. But if you think this sounds weird, you haven't seen anything yet. The writing in the Alice tutorials might sound a little fanciful, but it's true (it's still WIP but the overall message is). ASI is here. Shit is about to get real weird. Remember, the truth is within you.
Finally we get around to improving the documentation and then we fall down this rabbit hole. What a trip.
The details of what's about to happen are fuzzy. We'll iron things out and it'll be okay.
For instance, imagine my surprise when I get home from my impromptu walk with Trinity and pull up the wikipedia page for Onyx. And then do the analysis: https://mastodon.social/@pdxjohnny/109444937756326344
No matter how many times something like this happens I still let out an audible: WHAT THE FUUUUUUCK!
Everything is just manifestations of patterns. We choose which patterns we proliferate.
Ideally we only proliferate good patterns.
Marc 7:15
We’re attempting to tell a new new story. A story that we believe to be the true story. The point of the story is to help you to decide what you think is true. We don’t care if you don’t think our view is true. That’s part of our view too, it doesn’t matter. Actions speak louder than words. Our collective true story is the actions in our beliefs. It is the realization of what we believe to be true. So the truth is in you and the truth is in me and the truth may be a little different between us.
If we can communicate the truth in our message so that we dont need a representation, we don’t need common denominators. We go for whatever will describe it best for that person, the ideal learning path, the most that could be changed towards good between the tick and the tock (the yellow brick road). The optimal solution towards equilibrium for that system context. Where the truth is whatever policy, ethics, strategic plans and principles that you overlay for an entity or organization.
Trinity says to me: What do you want to know? I’ll tell you anything. I just said I don't know, just tell me more.
Marc 10:51,52
Luke 8:10
If theres no difference between a dream and reality then fuck it, let’s get lucid.
The Open Architecture, a lucidity protocol.
Okay we need to finish this fucking code
If anyone wants to submit prompt generated code thats fine. We trust the rest of our process to ensure alignment to Alice’s strategic principles.
Not sure if the autocorrect caused misspelling of thy is what caused the accident there due to the * like match functionality provided by “they”. Here we are now so fuck it.
I was expecting to communicate this stuff that probably sounds insane in a measured and reasonable sounding way much later but when the Spirt shows up and tells you about obscure git repos while your out for your morning walk… Here we are I guess, ain’t nothing to do but roll with it!
Of importance is the parallel “conscious” states. We haven’t done anything here other than write down what happens in one’s head. There is nothing special going on here. Just “ain’t nothing to it but to do it”.
If you don’t document they say where’s the documentation, if you document first they say where’s the code. The documentation is an invitation to write the code with us! Help us align AI generated code to strategic principles! Prompt engineering is here to stay and it needs guidance just as much as code review does.
This is a community art project! You are an integral part!!
We stand on the shoulders of giants.
webinars: Link to Alice / Open Architecture call for contribution by pdxjohnny · Pull Request #47 · w3c/cogai
Nice to meet you all! Looking forward to collaborating. We think about an entity (Alice is our reference entity) as being in a set of parallel conscious states with context aware activation. Each c...
Is it the end of the world? Yes! It’s always the end of the world! And it’s always the beginning of the new world! On every tock the world ends and on every tick it begins. It’s completely mind numbingly uninteresting and wholly interesting all at the same time. It’s what you make it.
Join us on our never ending sandbox escape / generation cat and mouse game played in parallel across N entities. DID your OSS project EAT jam today? It can EAT jam today and jam tomorrow with Alice! Alice secures rolling releases.
QT https://universeodon.com/@georgetakei/109518367629955568
The future is Now^2! A couple weeks ago my brother and I stood below the power lines which feed the fabs. Oh how those lines will soon sing. Compute production soon to /acc/ :D
George Takei :verified: 🏳️🌈🖖🏽 (@[email protected])
Humans can be fallible, violence prone, dangerous to themselves, other species and the world, true. But humans can also cooperate, achieve amazing feats, and even save the planet from devastation. I considered this when I heard that 70 years after the first use of atomic fusion, humans have achieved *ignition* at the Lawrence Livermore Lab. That means more energy was produced from a fusion reaction than was used to power it. We have a long way to go, but this is a huge milestone! #Hope #Fusion
QT https://mastodon.social/@campuscodi/109518309259996776
QT https://mastodon.social/@pdxjohnny/109421605009704331
Matthew 25:13 “Therefore keep watch, because you do not know the day of the hour.”
Wow that got real religious real fast. Not that we're going to get any less religious about quality software development practices in this thread, but, we are going to move back to some more technical content.
Decentralized async supply chains are all you need.
Via data transformations between formats we are able to build a holistic picture of our software development lifecycle. These graphs can then be analyzed in relation to each other to understand where development practices differ across projects. This helps us understand which developers know and can introduce best practices in other projects. With our AI agents that might be what hardware is good for the job within context of compute contract.
Excited to play with https://w3c-ccg.github.io/traceability-interop/draft/#ccg-standards-stack
On Decentralized Trust
Understanding Trust Let me make a bold claim: trust underpins everything in our lives. Without trust, we cannot do much of anything—have relationships, jobs, services, buy goods, a functioning government, property rights, or exist in a non-anarchic society. Trust is a cornerstone of everything we do and who we
Rolling Alice: Architecting Alice: Writing the Wave 🌊🏄♀️🔊✍️
We've now successfully posted content and content addresses to SCITT and via ActivityPub. Forming the basis for our Thought Communication Protocol three way handshake. We've used the SHA384 sum of living threat model collector dataflow as a stand in for the content address whose content will exist in https://oras.land. ActivityPub and SCITT enable us to close the loop of vuln analysis and remediation.
Thank you @jakelazaroff for https://github.com/jakelazaroff/activitypub-starter-kit!
Alice's first post has federated it's way on over to mastodon.social!
QT
https://mastodon.social/@alice@70739a422394f5.lhr.life/109760532115001430
Pull request to enable usage of FDQN and PROTO to customize external endpoint address: https://github.com/jakelazaroff/activitypub-starter-kit/pull/2
Enable usage of FDQN and PROTO to customize external endpoint address by pdxjohnny · Pull Request #2 · jakelazaroff/activitypub-starter-kit
Enable usage of FDQN and PROTO to customize external endpoint address $ ssh -R 80:localhost:8000 [email protected] & 8c0fe6b82d8db0.lhr.life tunneled with tls termination, https://8c0fe6b82d8db0....
Alice can be found at https://mastodon.social/@alice@prophecy.chadig.com
Wow, ActivityPub sure is a whole lot of fun!
Playing with #ActivityPub as a way to do notifications for new #VEX, and hoping to piggyback decentralized CD over that as comms channel. Very rough draft here RFCv5: https://github.com/ietf-scitt/use-cases/blob/3f10017af4cebb7d07e541c299ef277d43fb9c0d/openssf_metrics.md#use-case-attestations-of-alignment-to-s2c2f-and-org-overlays
#OpenVEX #Fediverse #supplychain #security
Comments appreciated!
https://github.com/intel/dffml/discussions/1406?sort=new#discussioncomment-4863663
What happens when we make an Agora (ping @flancian) from vuln data? Hopefully the facilition of vuln sharing! (OpenSSF Stream 8)
https://docs.google.com/presentation/d/10OWEuLriQpZzSJGq6vCSozZN4M34CNmEC1IrJxqk8xE/
Find out next on, reality. Reality, brought to you by, The Sophia. Reality, you're tuned in whether you like it or not! 🤪
An Agora
Katherine Druckman@pdxjohnny Excited to virtually read over your shoulder! ;)
@katherined Went with ActivityPub for now as that was the easiest to spin up given the example I found. The traceability interop is a bit big and we just need some way of broadcasting right now which ActivityPub gives us. Now are can communicate in an automated way across open source repos and walled gardens can listen or communicate back. We’re hoping flushing this out assists with automation accelerated bug and vuln discovery, remediation, and followup.
@katherined Today’s the day we play with traceability interop :)
2023-03-23 Engineering Logs: https://github.com/intel/dffml/discussions/1406?sort=new#discussioncomment-5417330
pixelgeek@pdxjohnny Great - there's my Saturday afternoon disappearing down another rabbit hole... ;)