The OpenAI / Oracle / nVidia deals are a clear cut example of circular finance. Also known as 'Enron accounting'.

nVidia 'invests' $100 billion in Open AI. OpenAI stock price soars.

Open AI 'pays' Oracle $100 billion for cloud services to support their AI. Oracle stock price soars.

Oracle 'pays' $100 million to nVidia to 'buy' GPUs, nVidia stock soars.

And all the time, the CEOs and top execs at all three companies are exercising and selling their stock options at ever inflated prices.

The scheme does require the parties to pay a tithe to the grifter in chief or the SEC would quickly put a stop to the scam. Legal or not, Trump demands his cut.

When the music stops, all three companies will collapse as the bubble bursts.

Spent some time thinking about what it would take to bind Mastodon and the ATmopsphere and the remains of the blogosphere into a single information space.

Yes, I do realize some folk would rather erect a little moat around their social space rather than to unite against the people yelling 'free speech' as pretext for censoring all opposition to the orange rapist. Well tough.

First dimension of welding together the social media is to enable people to use a single account anywhere. OAUTH provides a framework for doing just that but it is only a framework, to achieve account portability, we need a single standard that is widely supported. The BlueSky profile of OAUTH looks like it does just that. There is one dependency I would like to shear off but that is pretty much it.

Second dimension is to provide a standard means of presenting an index of a social media stream. This is the role RSS was originally developed for but being based on XML which only allows for one root element, the entire RSS document has to be rewritten every time a new entry is added.

I proposed a format that allows JSON and XML objects to be packaged up in a simple binary format for precisely that purpose some years back. I am now proposing it to IETF as part of my @nyone proposal. The idea is simple, wrap each JSON or XML object in a binary frame using the same varint length-data chunking scheme used in QUIC.

The third and final dimension is an efficient update notification mechanism so that any one of millions of users can be notified when any one of billions of information assets is updated.

RSS allows Alice to pull a document giving the last ten posts of Bob's blog. Expanding that to all the posts is an improvement but what Alice really wants is a scheme in which she is informed the minute any update occurs.

This is a problem that is solved to a degree in pretty much every modern social media system. What I want to do is to strip that mechanism down to the absolute bare minimum so that it can be used as a generic protocol building block across systems built for entirely different purposes.

For example, when Alice updates her JSContact card, she wants Bob and everyone she knows to start using the new contact immediately.

This part of the problem is the part that is still 'research'. Which is to say that it is a problem Blue Sky and Mastadon have only partial solutions for at the moment.

The part that makes it a really hard problem is that the advertisement mechanism is potentially under constant attack from parties attempting a denial of service attack. The goal of most Russian disinformation operations isn't so much convincing people of anything in particular, it is denying them the ability to think for themselves or discuss anything amongst themselves.

And to make my specific problem with the Mesh social media system harder still, all the content is encrypted end to end, none of the services know what it is saying.

So before I start, yes I am aware that much of this is supported by existing schemes. The different is not the features I am adding, IT IS THE FEATURES I TAKE OUT. The reason the Web worked when Xanadu did not is not because the Web has cleverer technology, the real breakthrough was junking features driven by Ted Nelson's peculiar ideological commitments that were very expensive adding complexity and computation overhead into the specification core. The Web doesn't guarantee referential transparency and doesn't support search directly and that is why it works.

The design I am looking at right now begins with the concept of an aggregation provider which accepts notifications from a set of producers and forwards them to a set of consumers.

Each notification is a fixed length data object specifying a unique notification identifier, the producer identifier, the object that was updated by means of a UUID, the time the update occurred an indicator of the update type and a logarithmic indication of the number of updates.

[Collections of notifications MAY be authenticated by means of an efficient digital signature scheme, e.g. ML-DSA over a Merkle Tree. Since this is only needed for an accountability control, it does not need to arrive with the notifications.]

This allows a blog to inform the aggregator that there have been ~200 like/dislike responses to a post. It also allows the aggregator to create summary notifications aggregating across producers responding to the same object.

It is not necessary for the update count to be very precise; a producer is likely to react differently 1,000,000 notifications that a hash tag is being used than ten but isn't going to be reacting any differently to 1,000,001.

On the consumer side, consumers respond to sets of notifications indicating relevance so that the aggregator can pick the items to forward in the future. This is the primary defense against flooding attacks. Producers generating notifications that are consistently flagged as irrelevant will be deprioritized and eventually dropped entirely.

Limiting the notification engine to just reporting the fact that an update has occurred allows the defenses against resource exhaustion attacks to be made more effective as they are not attempting to provide protection across a wider field.

Now obviously, generating plaintext notifications on the basis of the content of encrypted posts is going to compromise confidentiality.
That is going to require some degree of encryption of the notifications and we are probably going to have to accept that there will be some residual leakage even then but certainly less than what leaks from S/MIME because the subject line isn't encrypted.

Big progress on my @nyone scheme which allows people to exchange contact card information by means of DNS handles or QR codes in an industry standard format (JSContact) with extensions that support inclusion of cryptographic credentials linked to specific applications and automatic updates.

Why is this important? Because once Alice and Bob exchange their contact information, they each have all the contact addresses and all the cryptographic credentials they support, both today and in the future.

If Alice adds a Signal account to her card after they exchanged contacts, Bob can contact her on Signal without any need for them to meet up again. The Signal option simply appears in his contacts app.

[Now yes, this does raise the problem of how to efficiently notify a set of subscribers to one or more elements in collection of objects of an update to that object. But that is a very general problem and we could apply a solution to that problem to many things. Yes, yes, Bloom filters to you as well].

The piece of the puzzle I solved today is the problem of maintaining multiple identities which I perhaps referred to a little flippantly at HOPE 2025: If you don't want your grandmother knowing you are on FetLife, don't put it in your contact card.

While this advice is surely sound, what if Alice is exchanging her contact information for her addiction support group? We want that to still use modalities like QR codes and NFC and DNS Handles. How can we do that and avoid accidental disclosures?

My solution is that the organization runs a key service for members which will provide keys to decrypt documents encrypted under the club key but ONLY to members of the club.

I won't go into the technical details here but of course I would use threshold cryptography for this. The club service can control decryption but cannot decrypt and has no idea who they are decrypting for.

So, 'all' Alice needs to do is to use an additional layer of encryption to encrypt the club contact card under the club key and to specify that in a format that doesn't reveal which key was involved to anyone that isn't a member of the club.

Can all be built with code I already have.

I am spending most of my time on BlueSky right now. They seem to have got decentralization more right than Mastodon has to date.

There is really no reason why the two systems need to be separate.

@hallam is an identifier that is controlled by infosec.exchange rather than me.

If Mastodon supported use of the BlueSky handle system, I could be @phill.hallambaker.com in both places, post to both under the same handle, interact with both.

Maybe merging with BlueSky doesn't seem very appealing right now. But one big advantage of their handle system over the Mastodon approach is I can completely control my identity in that forum where here I can't. And I can use my BlueSky identity outside BlueSky.

So I now have a private forums scheme that people can post at using the same account they use with BlueSky.

There are some rough edges but we could knock them off if we got a group of people together to discuss how to get from where we are today to where we really want to be.

Right now, I can only authenticate to my BlueSky account using the BlueSky OAUTH server. Where I want to get to is I can pick my own authentication server and use that to log in anywhere.

Change is coming to Social Media and the X-odus and the explosive growth of Blue Sky is just the start.

Blue Sky grew from a few million users to 23 million in three weeks. And not just any users, pretty much all of the core contributors on Twitter have joined the X-odus. Blue Sky has critical mass now, Twitter is starting to deflate.

I have seen a lot of social media go from dominant to dead in the space of a few months: AOL, MySpace, GeoCities, USENET. All gone like tears in the rain.

And don't think that Facebook can't fall as well. It's the toe, not the whole jackboot on the scales at Facebook. But the whole algorithm is skewed for facists. I received the content strike for mentioning The Zuck breaking bread with the Rapist of Mar-a-Largo.

Whether the Fediverse survives or thrives is going to depend on whether it stays on the sidelines of the transformation or is a part of making it happen.

The ATmosphere protocol used by Blue Sky is at least in theory a federated protocol. Whether that is true in practice has yet to be seen. I plan to be setting up my own PDS and testing that federation claim. But more importantly, I am looking at ways to bridge from the ATmosphere to other protocols and communities.

What Facebook offers and Blue Sky does not is forums for private groups. And it is really not clear how the AT protocol lends itself to that mode. Contrawise, the Mathematical Mesh I developed is designed for end-to-end secure private groups with encrypted data at rest. So why not try to put the two together?

I think I have an approach worked out that allows me to use OAUTH2 to bind an account on a private group forum to a Blue Sky account. So this would allow me to use one credential to log into Blue Sky and my private groups. Joining a group is inevitably going to introduce a bit of friction because the whole point of having private groups is they are private, you have to be allowed to join.

I have already bound my Blue Sky account to my private domain so I am @phill.hallambaker.com there.

I would really like to be the same here in the Fediverse.

So trudging through Ivan Jablonka's History of Masculinity, some thoughts.

First off, the alleged history of masculinity has very little mention of men or masculinity. Which, OK so playing the game of excluding men from their narrative like women are, yada yada. Problem is, I was already familiar with most of his material. What I was after was more insight into the mostly male crap heads who cause most of the problems in the world and Jablonka didn't really deliver.

We are given a received frame through which we are told to view the world. While it is true that the frame is biased towards the male gender and masculinity, patriarchy is a consequence of the frame, not the frame itself.

To understand the essence of the frame, it is necessary to look at the rubes following the cults of MAGA and Boris Johnson, mostly but not exclusively men who have invested their entire self-actualization in the service of what they see as a cause greater than themselves. And so, they praise men who are so obviously frauds as their personal messiah.

The first frame we are given is a hierarchy and we are told that our objective must be to climb to its apex. After a while this simplistic frame is replaced with a new one which admits that the hierarchy we are born into is in competition with other hierarchies: nation, religion, culture. And it is our duty to ensure that our hierarchy wins against its competitors.

And as George Orwell explains in 1984, this struggle between hierarchies is in fact a sham, a deliberate fiction maintained for the sole purpose of maintaining the hierarchy. And so in 1989 as the Brelin wall was starting to crumble, Margaret Thatcher was dispatched by Bush the elder to tell Gorbachev to ignore protests on behalf of the protestors, he should crush dissent with an iron fist.

It is that betrayal, a betrayal which I knew about long before it was revealed by the Gorbachev archives, which has informed my politics and led to my work on the Web. The real goal of the Web was to give people direct access to information without the frame inserted by the press, the academy, the church.

Once we can find a place outside the frame, we can see how the system works. Men like Boris Johnson found people who could further his career with the promise that if they helped him climb the greasy pole, he would pull them up as well once he got to the top.

And so social media is filled with angry old men shouting loudly that Trump is the messiah, that only a fool, an idiot, a communist would oppose him. Angry old men franticly demanding that the hierarchy be preserved so that they can take their rightful place within it.

Yesterday, J.D. Vance gave an angry speech about the 'fact' that a dozen eggs now cost $4 under Vice-President Harris while in a supermarket standing in front of signs selling a dozen eggs for $2.

It isn't an accident that Vance is the very best the patriarchy could find to defend it, Vance and Trump represent a type of masculinity most men now reject because just like Trump's tax cuts only benefited the 0.1%, the 'benefits' of the patriarchy are distinctly skewed as well.

I don't see the image of strength and power Vance and Trump want to project. I see two frightened little men who are desperate to gain position and power but have absolutely no idea how to use either.

Patriarchy provides an alternative frame through which we can understand the power dynamics that drive authoritarian bigots like Trump and Putin, but it is a flawed frame because it reduces all relations to gender and is counterproductive in that it encourages men to imagine they have a stake in maintaining it.

Some on the far left employ a similarly flawed frame of colonialism which holds the US, NATO and the democratic nations generally as being responsible for all the misery in the world and that therefore Putin's aggression against Ukraine is legitimate.

If we instead look at history as the result of the actions of individuals rather than states, we can see that every country has a war party and that the invasion of Iraq was the result of neo-colonialists who had the ear of George W. Bush and that we have to look at individual circumstances to decide what causes to support and not the frame we are given and told we must not question.

And the last is the really important part because if we blindly follow those in authority without question, we are going to end up following incompetent clowns like Boris Johnson and incompetent rapist clowns like Trump.

If you were wondering how bad it is in the rest of social media, Facebook is now a worse fascist s-hole than Twitter.

Or at least that is the case if you use Twitter Control Panel to purge the HTML of all Musk features, the For Fascism Feed, restore the bird, etc. etc.

My Facebook feed is now 80% Russian bot clickbait memes trying to praise the US Confederacy, claim various celebrities are being cancelled for being 'woke' and praising the mighty Russian military and its stupendous T72 tanks.

The only reason to look at Twitter or Facebook these days is if you study the Russian propaganda efforts which account for a vast amount of traffic on both sites. And so of course it is TikTok which does not have a Russian bot problem which is in court today trying to protect its first amendment rights.

On that front, after years of having these creeps attack me as 'deluded', it gives me great satisfaction to see Tim Pool outed as a $400,000/mo Kremlin prostitute. His claim to not know where the money came from should not be believed. Any organization employing him as a 'journalist' has to be considered to be another Kremlin front.

Had to reset my DNS server because some S-head was using it to mask the source of their DDoS attack.

Anyone know of a bind9 switch that reduces the number of requests handled to no more than 200/hr?

The service is on a Digital Ocean droplet and serves 'example.com' so that the test services can perform unit testing and build example material for Internet Drafts.