The OpenAI / Oracle / nVidia deals are a clear cut example of circular finance. Also known as 'Enron accounting'.

nVidia 'invests' $100 billion in Open AI. OpenAI stock price soars.

Open AI 'pays' Oracle $100 billion for cloud services to support their AI. Oracle stock price soars.

Oracle 'pays' $100 million to nVidia to 'buy' GPUs, nVidia stock soars.

And all the time, the CEOs and top execs at all three companies are exercising and selling their stock options at ever inflated prices.

The scheme does require the parties to pay a tithe to the grifter in chief or the SEC would quickly put a stop to the scam. Legal or not, Trump demands his cut.

When the music stops, all three companies will collapse as the bubble bursts.

Spent some time thinking about what it would take to bind Mastodon and the ATmopsphere and the remains of the blogosphere into a single information space.

Yes, I do realize some folk would rather erect a little moat around their social space rather than to unite against the people yelling 'free speech' as pretext for censoring all opposition to the orange rapist. Well tough.

First dimension of welding together the social media is to enable people to use a single account anywhere. OAUTH provides a framework for doing just that but it is only a framework, to achieve account portability, we need a single standard that is widely supported. The BlueSky profile of OAUTH looks like it does just that. There is one dependency I would like to shear off but that is pretty much it.

Second dimension is to provide a standard means of presenting an index of a social media stream. This is the role RSS was originally developed for but being based on XML which only allows for one root element, the entire RSS document has to be rewritten every time a new entry is added.

I proposed a format that allows JSON and XML objects to be packaged up in a simple binary format for precisely that purpose some years back. I am now proposing it to IETF as part of my @nyone proposal. The idea is simple, wrap each JSON or XML object in a binary frame using the same varint length-data chunking scheme used in QUIC.

The third and final dimension is an efficient update notification mechanism so that any one of millions of users can be notified when any one of billions of information assets is updated.

RSS allows Alice to pull a document giving the last ten posts of Bob's blog. Expanding that to all the posts is an improvement but what Alice really wants is a scheme in which she is informed the minute any update occurs.

This is a problem that is solved to a degree in pretty much every modern social media system. What I want to do is to strip that mechanism down to the absolute bare minimum so that it can be used as a generic protocol building block across systems built for entirely different purposes.

For example, when Alice updates her JSContact card, she wants Bob and everyone she knows to start using the new contact immediately.

This part of the problem is the part that is still 'research'. Which is to say that it is a problem Blue Sky and Mastadon have only partial solutions for at the moment.

The part that makes it a really hard problem is that the advertisement mechanism is potentially under constant attack from parties attempting a denial of service attack. The goal of most Russian disinformation operations isn't so much convincing people of anything in particular, it is denying them the ability to think for themselves or discuss anything amongst themselves.

And to make my specific problem with the Mesh social media system harder still, all the content is encrypted end to end, none of the services know what it is saying.

So before I start, yes I am aware that much of this is supported by existing schemes. The different is not the features I am adding, IT IS THE FEATURES I TAKE OUT. The reason the Web worked when Xanadu did not is not because the Web has cleverer technology, the real breakthrough was junking features driven by Ted Nelson's peculiar ideological commitments that were very expensive adding complexity and computation overhead into the specification core. The Web doesn't guarantee referential transparency and doesn't support search directly and that is why it works.

The design I am looking at right now begins with the concept of an aggregation provider which accepts notifications from a set of producers and forwards them to a set of consumers.

Each notification is a fixed length data object specifying a unique notification identifier, the producer identifier, the object that was updated by means of a UUID, the time the update occurred an indicator of the update type and a logarithmic indication of the number of updates.

[Collections of notifications MAY be authenticated by means of an efficient digital signature scheme, e.g. ML-DSA over a Merkle Tree. Since this is only needed for an accountability control, it does not need to arrive with the notifications.]

This allows a blog to inform the aggregator that there have been ~200 like/dislike responses to a post. It also allows the aggregator to create summary notifications aggregating across producers responding to the same object.

It is not necessary for the update count to be very precise; a producer is likely to react differently 1,000,000 notifications that a hash tag is being used than ten but isn't going to be reacting any differently to 1,000,001.

On the consumer side, consumers respond to sets of notifications indicating relevance so that the aggregator can pick the items to forward in the future. This is the primary defense against flooding attacks. Producers generating notifications that are consistently flagged as irrelevant will be deprioritized and eventually dropped entirely.

Limiting the notification engine to just reporting the fact that an update has occurred allows the defenses against resource exhaustion attacks to be made more effective as they are not attempting to provide protection across a wider field.

Now obviously, generating plaintext notifications on the basis of the content of encrypted posts is going to compromise confidentiality.
That is going to require some degree of encryption of the notifications and we are probably going to have to accept that there will be some residual leakage even then but certainly less than what leaks from S/MIME because the subject line isn't encrypted.

Big progress on my @nyone scheme which allows people to exchange contact card information by means of DNS handles or QR codes in an industry standard format (JSContact) with extensions that support inclusion of cryptographic credentials linked to specific applications and automatic updates.

Why is this important? Because once Alice and Bob exchange their contact information, they each have all the contact addresses and all the cryptographic credentials they support, both today and in the future.

If Alice adds a Signal account to her card after they exchanged contacts, Bob can contact her on Signal without any need for them to meet up again. The Signal option simply appears in his contacts app.

[Now yes, this does raise the problem of how to efficiently notify a set of subscribers to one or more elements in collection of objects of an update to that object. But that is a very general problem and we could apply a solution to that problem to many things. Yes, yes, Bloom filters to you as well].

The piece of the puzzle I solved today is the problem of maintaining multiple identities which I perhaps referred to a little flippantly at HOPE 2025: If you don't want your grandmother knowing you are on FetLife, don't put it in your contact card.

While this advice is surely sound, what if Alice is exchanging her contact information for her addiction support group? We want that to still use modalities like QR codes and NFC and DNS Handles. How can we do that and avoid accidental disclosures?

My solution is that the organization runs a key service for members which will provide keys to decrypt documents encrypted under the club key but ONLY to members of the club.

I won't go into the technical details here but of course I would use threshold cryptography for this. The club service can control decryption but cannot decrypt and has no idea who they are decrypting for.

So, 'all' Alice needs to do is to use an additional layer of encryption to encrypt the club contact card under the club key and to specify that in a format that doesn't reveal which key was involved to anyone that isn't a member of the club.

Can all be built with code I already have.

I am spending most of my time on BlueSky right now. They seem to have got decentralization more right than Mastodon has to date.

There is really no reason why the two systems need to be separate.

@hallam is an identifier that is controlled by infosec.exchange rather than me.

If Mastodon supported use of the BlueSky handle system, I could be @phill.hallambaker.com in both places, post to both under the same handle, interact with both.

Maybe merging with BlueSky doesn't seem very appealing right now. But one big advantage of their handle system over the Mastodon approach is I can completely control my identity in that forum where here I can't. And I can use my BlueSky identity outside BlueSky.

So I now have a private forums scheme that people can post at using the same account they use with BlueSky.

There are some rough edges but we could knock them off if we got a group of people together to discuss how to get from where we are today to where we really want to be.

Right now, I can only authenticate to my BlueSky account using the BlueSky OAUTH server. Where I want to get to is I can pick my own authentication server and use that to log in anywhere.

@idlestate Interesting. Having tried to build decentralized, I am thinking BlueSky is doing about as good as can be expected at this stage.

People have to start building alternative sites and transferring accounts between them before we really know how open the service is.

And I am engaged in some pretty aggressive adversarial interop...

Change is coming to Social Media and the X-odus and the explosive growth of Blue Sky is just the start.

Blue Sky grew from a few million users to 23 million in three weeks. And not just any users, pretty much all of the core contributors on Twitter have joined the X-odus. Blue Sky has critical mass now, Twitter is starting to deflate.

I have seen a lot of social media go from dominant to dead in the space of a few months: AOL, MySpace, GeoCities, USENET. All gone like tears in the rain.

And don't think that Facebook can't fall as well. It's the toe, not the whole jackboot on the scales at Facebook. But the whole algorithm is skewed for facists. I received the content strike for mentioning The Zuck breaking bread with the Rapist of Mar-a-Largo.

Whether the Fediverse survives or thrives is going to depend on whether it stays on the sidelines of the transformation or is a part of making it happen.

The ATmosphere protocol used by Blue Sky is at least in theory a federated protocol. Whether that is true in practice has yet to be seen. I plan to be setting up my own PDS and testing that federation claim. But more importantly, I am looking at ways to bridge from the ATmosphere to other protocols and communities.

What Facebook offers and Blue Sky does not is forums for private groups. And it is really not clear how the AT protocol lends itself to that mode. Contrawise, the Mathematical Mesh I developed is designed for end-to-end secure private groups with encrypted data at rest. So why not try to put the two together?

I think I have an approach worked out that allows me to use OAUTH2 to bind an account on a private group forum to a Blue Sky account. So this would allow me to use one credential to log into Blue Sky and my private groups. Joining a group is inevitably going to introduce a bit of friction because the whole point of having private groups is they are private, you have to be allowed to join.

I have already bound my Blue Sky account to my private domain so I am @phill.hallambaker.com there.

I would really like to be the same here in the Fediverse.