FOSS || GTFO
* Security Engineer
* Cypherpunk
* Founder of #! (hashbang.sh), stagex.tools
* Co-founder of Distrust.co, Caution.co
* Church Of Cryptography Priest
#infosec #security #opensource #foss #sysadmin #cryptoanarchy #cypherpunk #embedded #puzzles #privacy #locksport #programming #linux #homelab
| OpenPGP | openpgp4fpr:6B61ECD76088748C70590D55E90A401336C8AAA9 |
| Matrix | @lrvick:matrix.org |
| Resume | https://lance.dev |
| Community | https://hashbang.sh |
At the biggest Linux conference in the country right now.
Still not seen a single Linux laptop other than at the Framework booth, and the one in front of me I am using to type this.
That tells you pretty much everything you need to know about US tech culture.
Anthropic just legally threatened Opencode to make them drop support: https://web.archive.org/web/20260221041617/https://github.com/anomalyco/opencode-anthropic-auth/pull/15#issuecomment-3930558874
Archive link because they deleted the repo after to comply with demands.
In short, Anthropic only wants you using their official walled-garden clients to access the models trained on our open source code.
They are not a lesser evil. They are just as evil as OpenAI.
Stop giving these assholes money. Rent or buy hardware to self-host with privacy and freedom. It is not that hard, I promise.
Summary Normalize Anthropic OAuth requests to match Claude Code's headers, betas, metadata, tool casing, and model IDs. Remove tool_choice and inject metadata.user_id from ~/.claude.json to sa...
AI automated security review company that views human code review as unnecessary, gets hit by supply chain attack that their automation failed to detect. Beautiful.
How many more of these are required before we can seriously talk about Web of Trust, commit signing, and decentralized crowd-sourced FOSS code review?
The Sysdig Threat Reseaarch Team (TRT) reveals how TeamPCP’s supply chain attack spread from Trivy to Checkmarx, reusing stolen CI/CD credentials to compromise GitHub Actions and evade traditional detection.
Read more about our work on [Stageˣ] here: https://stagex.tools
All the pain of supply chain attacks is self inflicted. We actually can fix this.
Security celebrities have been shitting on the PGP Web Of Trust as an idea we should abandon in favor of centralizing trust on corpos.
Meanwhile the internet is filling with AI bots using fake corpo accounts and no one can tell who is human anymore. Huh.
WoT has never mattered more, and it is time we anchor modern tooling back to the human roots that built the internet.
My fellow [Stageˣ] maintainer Kron, Zoë Finja Emilia makes a strong visual case.
Who do you trust (… and how do you trust the new Linux Distribution StageX?) Do you trust your best friend from childhood? Do you trust your chosen Distribution for your Homelab? For your Workplace? Psychology says there are roughly two types of trust. Direct and Transitive trust. Direct trust is you trusting your best friend. Transitive trust is your best friend assuring you another person is also trustworthy and you listening to their word because you trust them.
As the founder of the Stagex Linux distribution and a California resident, my official position on operating system age verification mandates is that I personally will not implement it, and I doubt anyone else will.
Our decentralized and multi-party cryptographic signing design means no single person or entity has the power to make changes to the distribution alone.
But please, California lawmakers, try to make me. I would get off on making you look like idiots in court.
That is all.
Techlore
