Security celebrities have been shitting on the PGP Web Of Trust as an idea we should abandon in favor of centralizing trust on corpos.

Meanwhile the internet is filling with AI bots using fake corpo accounts and no one can tell who is human anymore. Huh.

WoT has never mattered more, and it is time we anchor modern tooling back to the human roots that built the internet.

My fellow [Stageˣ] maintainer Kron, Zoë Finja Emilia makes a strong visual case.

https://kron.fi/en/posts/stagex-web-of-trust/

As the founder of the Stagex Linux distribution and a California resident, my official position on operating system age verification mandates is that I personally will not implement it, and I doubt anyone else will.

Our decentralized and multi-party cryptographic signing design means no single person or entity has the power to make changes to the distribution alone.

But please, California lawmakers, try to make me. I would get off on making you look like idiots in court.

That is all.

Veritasium just dropped a video on ethics of the FOSS movement, right to repair, digital sovereignty, and the idea that closed source software has absolutely no role in supply chain security.

In recent years my teammates and I have shifted our entire careers to FOSS supply chain security engineering in spite of constantly being told our work is a waste of time. We feel seen!

https://yewtu.be/watch?v=aoag03mSuXQ

Shameless plugs @ https://caution.co https://distrust.co and https://stagex.tools

I wonder if there were people that thought Stallman was a bad person for using a proprietary compiler to build the first version of GCC.

I exclusively write FOSS, but sometimes I don't understand the purity tests of the FOSS community.

As long as a PR author fully read the the code, and it was not largely copied from any other project, I don't care what kind of autocomplete magic was used.

FOSS is at too big of a disadvantage to be picky about useful contributions that respect the license.

When you work on OS development, you spend a -lot- of time waiting on compiling experiments. Wasted time.

So, finally broke down on a big workstation upgrade:

So I trained an LLM on myself, and it sounded like a complete idiot so I deleted it immediately.

I am starting to consider that it might be a me problem.

The biggest life lesson I have internalized this year:

The greatest skill in the world without sufficient motivation as a catalyst can accomplish nothing, but with enough motivation one can pick up just enough skills as they go to accomplish almost anything.

An insane amount of personal data is getting routed to proprietary LLM providers directly and indirectly.

Worse, all that personal data is going to get used to sit on the scales of otherwise "fair" weights to produce an entirely new form of toxic and manipulative targeted advertising.

Since we can't un-invent LLMs, the way forward is to make sure they exist with provable privacy and integrity.

We just released the first FOSS stack to do exactly that.

https://caution.co/blog/verifiable-llms.html