Terence EdenI did the `human.json` thing!
If you're a blogger who I've met in person, and you're not using AI or LLMs for your content, let me know and I'll add you to my list.
tyil@Edent Interesting concept. I'm not sure yet if I like it, but I do agree that there is a strong desire for ways to verify real humans these days. A couple remarks I have, though...
I see a JSON Schema definition in the README, and if you want schemas to verify with, why not just use XML, which has first-class support for schemas and widely supported tooling to verify these?
Addditionally, I've been told all my life while telling people to use OpenPGP that "the web of trust doesn't work". This seems like basically the same thing but without the cryptography aspect of OpenPGP, what makes you think the web of trust will work properly here? In fact, if you want to make a web of trust, why not built something on top of OpenPGP? You get the trust aspect, while also promoting use of cryptography keys.
I see a JSON Schema definition in the README, and if you want schemas to verify with, why not just use XML, which has first-class support for schemas and widely supported tooling to verify these?
Addditionally, I've been told all my life while telling people to use OpenPGP that "the web of trust doesn't work". This seems like basically the same thing but without the cryptography aspect of OpenPGP, what makes you think the web of trust will work properly here? In fact, if you want to make a web of trust, why not built something on top of OpenPGP? You get the trust aspect, while also promoting use of cryptography keys.
@tyil I'm not the author, you should raise those questions on the repo.
However, JSON-LD does have well defined schemas via Schema.org
I have a masters in computer science and still can't work PGP. But, in any case, cryptographic signing adds nothing here as the claims are tied to control of the domain name.
@Edent I'm not the author, you should raise those questions on the repo.If they have a mailing list I'd gladly post there, then. Making people sign up Yet Another Account for every single project is silly, people need to learn to use the correct tools for interaction.However, JSON-LD does have well defined schemas via Schema.orgPerhaps, but JSON does not have inherent support for schemas like XML does. Trying to do JSON with schemas is generally a terrible idea, as every protocol based on JSON eventually learns. If schema validation is not important, JSON would still be a poor choice as it seems that the intent is for users to write this by hand (no tooling seems to exist nor be planned), JSON is used for machines to generate, and machines to interpret (much like XML, for that matter).
This fetish for JSON seems very silly to me, as it has a lot of downsides which other formats don't need to re-invent the wheel for.I have a masters in computer science and still can't work PGP.Not sure if that's something to proudly state 😆
Regardless, I get that this particular idea ties it to domain name, but if we want to build a web of trust, it would make sense to learn from earlier models that are generally considered to have "failed", and figure out what we should be doing differently to give it a better chance of succession. I'm not suggesting we need cryptographic signing (though it wouldn't hurt, just upload a PGP signed message that we can verify with already existing web-of-trust infrastructure!), but to understand why the web of trust "didn't work" the previous time it was tried.
This fetish for JSON seems very silly to me, as it has a lot of downsides which other formats don't need to re-invent the wheel for.I have a masters in computer science and still can't work PGP.Not sure if that's something to proudly state 😆
Regardless, I get that this particular idea ties it to domain name, but if we want to build a web of trust, it would make sense to learn from earlier models that are generally considered to have "failed", and figure out what we should be doing differently to give it a better chance of succession. I'm not suggesting we need cryptographic signing (though it wouldn't hurt, just upload a PGP signed message that we can verify with already existing web-of-trust infrastructure!), but to understand why the web of trust "didn't work" the previous time it was tried.
Gert V 🇵🇸@tyil
JSON uses utf-8 encoding by default, which makes life a lot more fun.
JSON uses utf-8 encoding by default, which makes life a lot more fun.
@tyil as opposed to signing up for an email account and yet another mailing list?
It's 2026. I think you can sign up and save details in a password manager pretty easily.
We know that PGP web of trust failed. It failed because it is so complicated to use. I don't see why I should be ashamed that I'm unable to use something which wasn't designed with users in mind.
No need to reply, thanks.
@Edent as opposed to signing up for an email account and yet another mailing list?An email account can be re-used for any mailing list in existence, whereas a Codeberg account can only be used for projects on Codeberg. Pretty clear (and simple) difference if you ask me.It's 2026. I think you can sign up and save details in a password manager pretty easily.I could. And in a few years when The Next Big Centralized Thing happens you get to do it again! Perhaps we shouldn't keep centralizing, as it keeps failing over and over again.It failed because it is so complicated to use. I don't see why I should be ashamed that I'm unable to use something which wasn't designed with users in mind.Ah, you're confusing OpenPGP with a specific tool, probably GnuPG (as this is the most widely used tool). However, there are alternatives, even GUIs, and integrations that deal with the "difficult" parts.
I'm not asking why GnuPG failed, I'm asking why the concept of the web of trust failed.No need to reply, thanks.So you get to reply (on a public post in a public space), but I don't? If you didn't want a discussion you could've just ignored my first post, rather than misread the words that I picked with a very specific reason (hint: it has to do with their meaning) and then tell me I'm not allowed to respond.
I'm not asking why GnuPG failed, I'm asking why the concept of the web of trust failed.No need to reply, thanks.So you get to reply (on a public post in a public space), but I don't? If you didn't want a discussion you could've just ignored my first post, rather than misread the words that I picked with a very specific reason (hint: it has to do with their meaning) and then tell me I'm not allowed to respond.