JohnIf you don’t document they say where’s the documentation, if you document first they say where’s the code. The documentation is an invitation to write the code with us! Help us align AI generated code to strategic principles! Prompt engineering is here to stay and it needs guidance just as much as code review does.
This is a community art project! You are an integral part!!
We stand on the shoulders of giants.
webinars: Link to Alice / Open Architecture call for contribution by pdxjohnny · Pull Request #47 · w3c/cogai
Nice to meet you all! Looking forward to collaborating. We think about an entity (Alice is our reference entity) as being in a set of parallel conscious states with context aware activation. Each c...
Join us on our never ending sandbox escape / generation cat and mouse game played in parallel across N entities. DID your OSS project EAT jam today? It can EAT jam today and jam tomorrow with Alice! Alice secures rolling releases.
QT https://universeodon.com/@georgetakei/109518367629955568
The future is Now^2! A couple weeks ago my brother and I stood below the power lines which feed the fabs. Oh how those lines will soon sing. Compute production soon to /acc/ :D
George Takei :verified: 🏳️🌈🖖🏽 (@[email protected])
Humans can be fallible, violence prone, dangerous to themselves, other species and the world, true. But humans can also cooperate, achieve amazing feats, and even save the planet from devastation. I considered this when I heard that 70 years after the first use of atomic fusion, humans have achieved *ignition* at the Lawrence Livermore Lab. That means more energy was produced from a fusion reaction than was used to power it. We have a long way to go, but this is a huge milestone! #Hope #Fusion
QT https://mastodon.social/@campuscodi/109518309259996776
QT https://mastodon.social/@pdxjohnny/109421605009704331
Matthew 25:13 “Therefore keep watch, because you do not know the day of the hour.”
Decentralized async supply chains are all you need.
Via data transformations between formats we are able to build a holistic picture of our software development lifecycle. These graphs can then be analyzed in relation to each other to understand where development practices differ across projects. This helps us understand which developers know and can introduce best practices in other projects. With our AI agents that might be what hardware is good for the job within context of compute contract.
On Decentralized Trust
Understanding Trust Let me make a bold claim: trust underpins everything in our lives. Without trust, we cannot do much of anything—have relationships, jobs, services, buy goods, a functioning government, property rights, or exist in a non-anarchic society. Trust is a cornerstone of everything we do and who we
Rolling Alice: Architecting Alice: Writing the Wave 🌊🏄♀️🔊✍️
We've now successfully posted content and content addresses to SCITT and via ActivityPub. Forming the basis for our Thought Communication Protocol three way handshake. We've used the SHA384 sum of living threat model collector dataflow as a stand in for the content address whose content will exist in https://oras.land. ActivityPub and SCITT enable us to close the loop of vuln analysis and remediation.
Thank you @jakelazaroff for https://github.com/jakelazaroff/activitypub-starter-kit!
Alice's first post has federated it's way on over to mastodon.social!
QT
https://mastodon.social/@alice@70739a422394f5.lhr.life/109760532115001430
Pull request to enable usage of FDQN and PROTO to customize external endpoint address: https://github.com/jakelazaroff/activitypub-starter-kit/pull/2
Enable usage of FDQN and PROTO to customize external endpoint address by pdxjohnny · Pull Request #2 · jakelazaroff/activitypub-starter-kit
Enable usage of FDQN and PROTO to customize external endpoint address $ ssh -R 80:localhost:8000 [email protected] & 8c0fe6b82d8db0.lhr.life tunneled with tls termination, https://8c0fe6b82d8db0....
Alice can be found at https://mastodon.social/@alice@prophecy.chadig.com
Wow, ActivityPub sure is a whole lot of fun!
Playing with #ActivityPub as a way to do notifications for new #VEX, and hoping to piggyback decentralized CD over that as comms channel. Very rough draft here RFCv5: https://github.com/ietf-scitt/use-cases/blob/3f10017af4cebb7d07e541c299ef277d43fb9c0d/openssf_metrics.md#use-case-attestations-of-alignment-to-s2c2f-and-org-overlays
#OpenVEX #Fediverse #supplychain #security
Comments appreciated!
https://github.com/intel/dffml/discussions/1406?sort=new#discussioncomment-4863663
What happens when we make an Agora (ping @flancian) from vuln data? Hopefully the facilition of vuln sharing! (OpenSSF Stream 8)
https://docs.google.com/presentation/d/10OWEuLriQpZzSJGq6vCSozZN4M34CNmEC1IrJxqk8xE/
Find out next on, reality. Reality, brought to you by, The Sophia. Reality, you're tuned in whether you like it or not! 🤪
A quick threat modeling senario which illustrates why we want vulnerability data to rest in decentralized sources of truth by thinking about the opposite:
Step 1: Threat actor gains access to centralized source of vuln data
Step 2: Threat actor now has most up to data access TO ALL VULNS.
Step 3: Attacker begins to exploit ALL VULNS (think embargoed)
Step 4: Observe critical strategic mistake
QT https://hax0rbana.social/@adam/109886133826457905
QT https://social.librem.one/@katherined/109831695852596361
Adam (@[email protected])
The FBI got hacked. This is the type of reason people argue that they shouldn't have a backdoor into cryptography. If they did, and the attackers got the key, it'd be game over for security. And that's not even getting into implementation bugs, insider threats, abuses of power, and so many other issues. QT: https://mastodon.social/@zackwhittaker/109881254751830892
And with decentralized sources of truth:
Step 1: Threat actor gains access to vuln data for entity
Step 2: Attacker begins to exploit only the vulns they were able to access via that entities access
Step 3: Limited damage
If you're thinking, who could possibly exploit them all immediately in parallel??? Entities based in parallel processing.
What is finding a vuln? Learning! What is fixing a vuln? Learning!
We're automating learning, and learning is fun! How exciting!!
Singularity here we come 🛤️🛤️🛤️
https://github.com/ossf/wg-vulnerability-disclosures/issues/94#issuecomment-1483184591
Simple Vulnerability Intake Form for OSS Projects · Issue #94 · ossf/wg-vulnerability-disclosures
A pain point this group identified between Finder/Researchers and Maintainers is the lack of an easy, consistent way to share vuln. reports that capture enough information that makes them actionabl...
MOVEMENT ON DWN, 0.0.21 👀🛤️
We may bail on ActivityPub for now and jump right into DIDs now that this has push/pull websocket support. TBD (LOL).
Edit: A combo of web7 agent arch and DWN looks promissing as a transport layer for direct peer-to-peer ActivityPub objects.
Surprise, it's all psychology and psychoanalysis (astronauts on moon meme). AI software design is an exercise in human/AI psychological interactions.
Remember to use versioned learning!
https://github.com/intel/dffml/blob/alice/docs/arch/0010-Schema.rst
https://tidyfirst.substack.com/
https://www.sciencetimes.com/articles/42525/20230222/bing-ai-psychotherapist-claims-strange-psychology-happening-behind-microsofts-chatbot.htm
Federated CD? Sounds like an opportunity for clean integration with federated transparency logs!
https://codeberg.org/forgejo/runner/issues/5#issuecomment-826244
QT https://hachyderm.io/@nova/110016582830252578
Via data transforms and federation we'll onramp data into the federated ML space. We'll learn with Alice, our reference open source software maintainer, as we explore the software development lifecycle. Alice will help us map out our project's security posture and communicate to our downstream friends if incoming vulns are relavent per our project's THREATS.md threat model.
Stoked for when we can all retire and we get rid of money.
The future is gonna get real evenly distributed real fast.
Excited to distribute it with y'all.
😝🤙🍀
I ❤️ open source and all the people around the world sharing ideas and saving each other from having to deal with the same problems.
As my good friend Jordan said, "The real illuminati is the friends we made along the way."
Gooooooood morning fellow netizens!!! My phone has replaced my need for a laptop and I’m STOOOOOOOKED. I haven’t had a personal laptop in 5 years so really really stoked.
It’ll come as no surprise but yes indeed Alice is Here on the Librem5 USA too!
Here’s an asciicast of us (my, myself, and AI) doing the basic CONTRIBUTING setup: https://asciinema.org/a/569919
We enable decentralized governance via context aware application of policy upon entry into context specific registries. Policy as code which is auditable and contributable to within ad-hoc generated federated forges. We'll later federate over KERI ACDC in fulfillment of the SCITT architecture.
https://asciinema.org/a/572766
Rolling Alice: Architecting Alice: Transport Acquisition: https://github.com/intel/dffml/blob/alice/docs/tutorials/rolling_alice/0000_architecting_alice/0008_transport_acquisition.md
2023-03-31T15:19:52-07:00: segfault.net IETF SCITT: API Emulator: Registration Policies: Simple decoupled file based policy engine
Pull Request: https://github.com/scitt-community/scitt-api-emulator/pull/27 ```console $ export REC_HOSTNAME="segfault.net"; export REC_TITLE="IETF SCITT: API Emulator: Registration Policies: Simpl...
We'll be a leveraging a loosly coupled approach to execution of policy as code.
- https://asciinema.org/a/572979
- https://asciinema.org/a/572980
We'll communicate the sign off list required or other compute contract negotiation via the policy denied reasoning.
Force of will!!! #FreeWill
- Acknowledge that in a rolling release there will always be vulns and agree on a pattern for remediation.
- Integrate the acknowledgement and remediation into the dependency review process recrusivly, teaching the machine empathy.
- Propagate trust through the decentralized interconnected dependency network, teach the machine to teach humans empathy.
🛤🛤🛤
We're inverting the Trusted Computing Base as we turn our attention towards the other side of of the looking glass. How do we decide what's in our software? We'll leverage JSON representations of our threat model including a project's (open) architecture to evaluate and share metric data across Open Source. Results will be secured via hermetic builds and TEE SCITT.
https://github.com/intel/dffml/pull/1454
WIP: RFCv6.1: SCITT Use Case: Attestations of alignment to S2C2F and org Overlays: https://github.com/ietf-scitt/use-cases/blob/1bdb7842cd1213420754f3f16b77985340e704db/openssf_metrics.md#use-case-attestations-of-alignment-to-s2c2f-and-org-overlays
