Anton Livaja

@[email protected]
27 Followers
111 Following
64 Posts
security engineer - working on privacy, security and freedom: https://caution.co, https://distrust.co, http://stagex.tools, http://git.distrust.co/public

openpgp4fpr:F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
Websitehttps://distrust.co
Websitehttps://caution.co
Anton LivajaMar 22
zoë finjaMar 22

How do you trust a new Linux Distribution? Here is a dive into 5458 Keys coloring the groundlayer of trust the whole internet powers 💗

https://kron.fi/en/posts/stagex-web-of-trust/

How do you trust a new Linux Distribution?

Who do you trust (… and how do you trust the new Linux Distribution StageX?) Do you trust your best friend from childhood? Do you trust your chosen Distribution for your Homelab? For your Workplace? Psychology says there are roughly two types of trust. Direct and Transitive trust. Direct trust is you trusting your best friend. Transitive trust is your best friend assuring you another person is also trustworthy and you listening to their word because you trust them.

Zoë's Blog
Anton LivajaMar 22
Lance R. VickMar 22

Security celebrities have been shitting on the PGP Web Of Trust as an idea we should abandon in favor of centralizing trust on corpos.

Meanwhile the internet is filling with AI bots using fake corpo accounts and no one can tell who is human anymore. Huh.

WoT has never mattered more, and it is time we anchor modern tooling back to the human roots that built the internet.

My fellow [Stageˣ] maintainer Kron, Zoë Finja Emilia makes a strong visual case.

https://kron.fi/en/posts/stagex-web-of-trust/

How do you trust a new Linux Distribution?

Who do you trust (… and how do you trust the new Linux Distribution StageX?) Do you trust your best friend from childhood? Do you trust your chosen Distribution for your Homelab? For your Workplace? Psychology says there are roughly two types of trust. Direct and Transitive trust. Direct trust is you trusting your best friend. Transitive trust is your best friend assuring you another person is also trustworthy and you listening to their word because you trust them.

Zoë's Blog
Anton LivajaMar 22
Lance R. VickFeb 26

Veritasium just dropped a video on ethics of the FOSS movement, right to repair, digital sovereignty, and the idea that closed source software has absolutely no role in supply chain security.

In recent years my teammates and I have shifted our entire careers to FOSS supply chain security engineering in spite of constantly being told our work is a waste of time. We feel seen!

https://yewtu.be/watch?v=aoag03mSuXQ

Shameless plugs @ https://caution.co https://distrust.co and https://stagex.tools

Anton LivajaMar 17
It’s highly likely this has already happened and is being suppressed, but deepfakes will be used to circumvent account recovery mechanisms. Companies need to act now to implement stronger protection measures.
Anton LivajaFeb 6
Lance R. VickFeb 6

An insane amount of personal data is getting routed to proprietary LLM providers directly and indirectly.

Worse, all that personal data is going to get used to sit on the scales of otherwise "fair" weights to produce an entirely new form of toxic and manipulative targeted advertising.

Since we can't un-invent LLMs, the way forward is to make sure they exist with provable privacy and integrity.

We just released the first FOSS stack to do exactly that.

https://caution.co/blog/verifiable-llms.html

Anton LivajaJan 30
d@nny disc@ mc²Jan 28
this is the only project that i think even remotely gives a shit about doing container-based bootstrapping right https://mastodon.social/@lrvick/115971880005974213 what everyone else is pretending to be
Anton LivajaJan 28
Lance R. VickJan 28

I should wait until this release is published next week, but I am too excited.

Stagex is the first production ready Linux distro to be:

- 100% deterministic
- 100% full source bootstrapped
- Maintainer signed on every commit and review
- Reproduced and signed by multiple maintainers on every artifact
- OCI container native
- LLVM/compiler-rt/libunwind native

https://codeberg.org/stagex/stagex/pulls/761

All the confs that turned us down and the people who said it could not be done can eat my entire ass.

release/2026.01.0

### Changes - Introduce new "core-profile" package which includes global build defaults to make tree more DRY - Migrate tree from being a gnu/linux distro being an llvm/linux distro - Update bootstrap to have everything needed to build llvm directly - Update llvm packages to no longer require li...

Codeberg.org
Show threadAnton LivajaJan 28

@amutable @blixtra @brauner @pid_eins

Nice concept. Would be great to connect sometime as we are building in a similar "spirit".

https://stagex.tools

Home | [Stageˣ]

A container-native, full-source bootstrapped, and reproducible toolchain to build all the things.

Anton LivajaJan 22
Lance R. VickJan 22

The bare minimum for running security critical services is multi-party verified deterministic builds running on remotely attestable enclaves.

My teammates and I at Distrust have been helping teams architect and build this way for 5+ years now.

It was tough watching people repeatedly struggle to do everything from zero.

So we built the first 100% FOSS general purpose verifiable compute platform: Caution.

For prioritized early access join #caution-platform:matrix.org

https://caution.co

Verifiable Compute Platform

Caution is the generalized verifiable compute platform. Deploy to TEEs in minutes and let anyone verify exactly what's running.

Caution
Show threadAnton LivajaDec 4

here are some blogs on the topic

* https://caution.co/blog/introducing-caution.html (15 min read - easy) - explains how the hosting platform / verifiable compute framework works

* https://distrust.co/blog/enclaveos.html (26 min read - technical) - explains how the core operating system behind verifiable compute works , EnclaveOS