Identica / Statusnet users: Pay Attention
Identica users, please read: http://identi.ca/notice/93738693
Also, anyone running a federated StatusNet instance should also watch that thread, just in case it turns out to be a security issue.
Also, anyone running a federated StatusNet instance should also watch that thread, just in case it turns out to be a security issue.
SNI with Apache 2.2.8 & Mod_gnutls
@Lazy Admin
I'm currently running Ubuntu server 10.04 LTS, which features Apache 2.2.8. Because of previous problems configuring mod_ssl to work with a self-signed multi-domain certificate, I switched to mod_gnutls. I spent a few days working the duck to try to solve it before switching to mod_gnutls. I've been generally happy with it.
Once I decided to get subdomain-specific certs for ~friendica
instances on communic8ion.com, the advantages of mod_gnutls should have made it the only choice.
Specifically, prior to Apache 2.2.12, there was not any server name indicator support for using SSL with name-based vhosts, except for mod_gnutls. The problem is this: all other vhosts now show family.communic8ion.com's cert (and I'm still working on that--there is apparently a certain order required for 'cat' ing the StartSSL certs together--currently, only Opera validates the cert correctly). This is exactly what should not be happening if I use mod_gnutls instead of mod_ssl.
Does anyone have any pointers of where I should look? In addition to working the duck, I mean.
Note: I currently have too many other things running to blow this VPS away and install a different distro, so that option is out. I could possibly upgrade to UbuServer's 12.04 LTS version, but they don't recommend any LTS user (server or otherwise) upgrade before the point-release in July.
I'm currently running Ubuntu server 10.04 LTS, which features Apache 2.2.8. Because of previous problems configuring mod_ssl to work with a self-signed multi-domain certificate, I switched to mod_gnutls. I spent a few days working the duck to try to solve it before switching to mod_gnutls. I've been generally happy with it.
Once I decided to get subdomain-specific certs for ~friendica
instances on communic8ion.com, the advantages of mod_gnutls should have made it the only choice. Specifically, prior to Apache 2.2.12, there was not any server name indicator support for using SSL with name-based vhosts, except for mod_gnutls. The problem is this: all other vhosts now show family.communic8ion.com's cert (and I'm still working on that--there is apparently a certain order required for 'cat' ing the StartSSL certs together--currently, only Opera validates the cert correctly). This is exactly what should not be happening if I use mod_gnutls instead of mod_ssl.
Does anyone have any pointers of where I should look? In addition to working the duck, I mean.
Note: I currently have too many other things running to blow this VPS away and install a different distro, so that option is out. I could possibly upgrade to UbuServer's 12.04 LTS version, but they don't recommend any LTS user (server or otherwise) upgrade before the point-release in July.
I could not get SNI to work,here, and eventually purchased an additional IP address for free-haven.org
Friendica Day Goal Met, Plus A Little More
@Friendica Day
My family and friends @friendshostfriends site is up here, as I said.
It is sharing a VPS with #StatusNet and an upcoming #BuddyCloud instance, along with a second instance of ~friendica. (There are some other things there also, so if resource use gets too high and there is enough in my wallet, these may move to another VPS.) I'll be open to accept around 10 users by referral or request on the second instance, as soon as I've published a TOS and PP. (In other words, don't publish it, but if someone wants to move off a public server, you may suggest they contact me.)
Neither of these instances are going to have Facebook, but I am planning to enable some other addons and connectors. I also have not yet set up database backups.
I have hit my target, and a little more. Incidentally, if there is an addon that can directly federate XMPP, I'm interested in using to connect ~f with BC.
My family and friends @friendshostfriends site is up here, as I said.
It is sharing a VPS with #StatusNet and an upcoming #BuddyCloud instance, along with a second instance of ~friendica
. (There are some other things there also, so if resource use gets too high and there is enough in my wallet, these may move to another VPS.) I'll be open to accept around 10 users by referral or request on the second instance, as soon as I've published a TOS and PP. (In other words, don't publish it, but if someone wants to move off a public server, you may suggest they contact me.)Neither of these instances are going to have Facebook, but I am planning to enable some other addons and connectors. I also have not yet set up database backups.
I have hit my target, and a little more. Incidentally, if there is an addon that can directly federate XMPP, I'm interested in using to connect ~f with BC.
Encryption: SSL, Etc.
I am greatly in favor of encrypting all communication. I also don't trust the current system of Certificate Authorities, seeing that they have no incentive to admit when they screw up, and that they get paid to say that their clients are okay. Much like the bond rating agencies and the public accounting firms, the incentive is there to say "these people are okay" when the organization or its staffers have reason to suspect those people are not okay.
The time is not yet, but I expect the present CA system to be replaced by something close to a PGP/GPG-style web of trust.
Most importantly, I don't believe anyone should be fooled that any encryption technology that is available to the general public cannot be penetrated by government agencies. If it was impenetrable, it would not be available outside of governments themselves. The most you can hope for is to force the government to be sure it really wants to know before it expends the resources to get through the encryption.
Frankly, if you have anything to say that you seriously do not want governments to intercept and read, don't use any kind of electronic medium to carry the message.
The time is not yet, but I expect the present CA system to be replaced by something close to a PGP/GPG-style web of trust.
Most importantly, I don't believe anyone should be fooled that any encryption technology that is available to the general public cannot be penetrated by government agencies. If it was impenetrable, it would not be available outside of governments themselves. The most you can hope for is to force the government to be sure it really wants to know before it expends the resources to get through the encryption.
Frankly, if you have anything to say that you seriously do not want governments to intercept and read, don't use any kind of electronic medium to carry the message.
I heard about Convergence and another similar system, but I wasn't quite ready to replace one untrusted system with another. They need a way to try it out without affecting the functioning of the existing system.
I do believe that Convergence and the other project are on the right track.
One of the big issues I have with CAs is that users never see anything security-related until their browser vendor decides to distrust a site. I believe that people need to actively decide to trust someone (and more usually: to actively decide to trust a particular someone else's judgment about whom to trust).
One of the big issues I have with CAs is that users never see anything security-related until their browser vendor decides to distrust a site. I believe that people need to actively decide to trust someone (and more usually: to actively decide to trust a particular someone else's judgment about whom to trust).
[Definitions] Legaloid
Definition: legaloid — someone whose mind is damaged or corrupted by excessive contact with the legal system. A perjorative term.
Seth likes this.
Really tired tonight. #brain is fried at a time of day when it is usually still #fresh and clean as a whistle.
Partial Jury Verdict Reached in Oracle vs Google Patents Case (Java/Android)
In my opinion, the jury's inability to understand the issues hurts everyone.
Ars Technica
TechDirt
Groklaw
Ars Technica
TechDirt
Groklaw
FB And Other Bridging Plugins
As I understand it, each site (Facebook, Tumblr, etc) will require an API key, and someone with an account on that service to request that key.
If that's correct, I'll probably just skip any site where I don't currently have an account (FB), since it isn't worth all the hassle just to have my timeline filled with a certain nephew's whining.
If that's correct, I'll probably just skip any site where I don't currently have an account (FB), since it isn't worth all the hassle just to have my timeline filled with a certain nephew's whining.
You can enable Tumblr, LiveJournal, WordPress, InsaneJournal, and Dreamwidth if you like. You don't need an API for those.
Connectors that requires an API key are:
For StatusNet, you don't really need to wait, you can also enable it if you like and leave the settings on a per-user basis. The SN plugin allows each user to add their own SN instance. The Admin-side of SN plugin is only if you want to provide default SN instances, say for example identi.ca, parlementum.net, and brainbird.net.
For Twitter, I am not sure if it is advisable, but we can probably create a universal "Friendica" twitter app registration. Again, I'm not sure if that's advisable.
For Facebook, I think it is better to have our own because FB put restrictions to each app. If everyone uses a universal FB app registration, we will easily cap it out.
Connectors that requires an API key are:
- Twitter
- Each StatusNet instances
- Facebook
For StatusNet, you don't really need to wait, you can also enable it if you like and leave the settings on a per-user basis. The SN plugin allows each user to add their own SN instance. The Admin-side of SN plugin is only if you want to provide default SN instances, say for example identi.ca, parlementum.net, and brainbird.net.
For Twitter, I am not sure if it is advisable, but we can probably create a universal "Friendica" twitter app registration. Again, I'm not sure if that's advisable.
For Facebook, I think it is better to have our own because FB put restrictions to each app. If everyone uses a universal FB app registration, we will easily cap it out.
Attracting "People of Color" (or Why We Don't Attract ...)
Someone mentioned a lack of "people of color" on ~friendica . I thought it would be good to create a thread to discuss it. Please be aware that this thread is visible to everybody.
. I thought it would be good to create a thread to discuss it. Please be aware that this thread is visible to everybody.
@foonetic (nternetx) In Germany, many young trendsetters are Turks. I believe that goes for blacks in the USA to some extent, too. Wouldn't having a new platform upon which to set trends mean something? Being able to shape the platform itself as it grows?
I think there are several different issues here:
1) USsians in general are not aware or concerned about owning and controlling their data or online presence. You can see this with all the companies that are shutting down their blogs and websites and relying on Facebook pages and a Twitter account.
2) There is also the "my friends are not there" argument. If this was as true as people think, however, we'd all still be on AOL, Friendster, and MySpace. Some people that were on #Facebook and refused to try anything else are now on FB and #GPlus.
3) ~friendica, Diaspora
, #StatusNet, #BuddyCloud, #OneSocialWeb, #Jappix, and so on need to understand that proprietary and centralized networks are the competition and start cooperating. I have some comments about this below. Most of these networks have failed to understand this, and so they are "federated" in isolation.
4) Topics and standards of behavior: Most of the networks I frequent do tend to have mostly technical and political topics. Some science and some religion also (although they tend to be sorely bigoted against people with any religious beliefs). On the other hand, most people want to be where the topics include popular television/movie/music celebrities and the media they make. For most of the year or so that I was on Facebook, Justin Bieber and Rebecca Black probably filled my screen more often than anything except the latest Zynga game (until I blocked it) and one of my nephews' whining.
5) As a Black USsian, I think blacks in general are years behind understanding that the future is not about getting some for-profit or non-profit LOOAC (large, out-of-area corporation) to come to your aid, but about creating and controlling smaller entities that work for your benefit. I would guess that you won't find as many blacks on Diaspora or StatusNet, and that you won't find as many blacks using independent domains for their mail or instant messaging, either. This issue can be partially-corrected, I believe, through more and better marketing.
6) The US in general seems to admire big companies (the "FORTUNE500" type). We admire "small" companies only when they are rapidly growing ( the "INC500" type ). We admire big non-profits (the Red Cross), but not smaller, locally-focused ones. We like big, centralized government agencies(left-wingers like big domestic agencies, right-wingers like big militaries). We join the big political parties that big corporate lobbyists own and control, but won't help or participate in any way with the smaller ones that are still controlled by their members. We buy computer software made by that big corporation, then pay someone to fix it, rather than take a chance with smaller organizations' offerings (including FOSS).
7) We (Black USsians) fail to understand that having a large corporation between you and your data or between you and your contacts means that corporation controls your data and your access to those contacts. Whether that organization is for-profit or non-profit, that is a bad thing. If that corporation's main income source isn't paid (by users like you) hosting, your data and your contacts are subject to exploitation at any time. I believe this one issue can be partially corrected by increased and better marketing.
It would be great to get some input from people in other ethnic minority groups and other countries.
Footnote: Federated,Distributed Networks MUST Work Together
I tried several times to convince the guy behind #Appleseed to work together with #Friendica and StatusNet to make #federation better for all of us (users, hosts, and developers alike). Likewise, I've tried to convince the Diaspora people. The BuddyCloud people, #StatusNet / #OStatus, and #MediaGoblin sound like they are interested. OSW is "on hiatus" but still accepting pull requests, and Jappix (so far) seems like it is just a web front-end for your existing Jabber/XMPP accounts and they've been silent in response to inquiries about #interfederation.
The #rstatus people appear to be serious about federation with other OStatus-using applications, but there is an annoying bug that prevents their application from sending posts to StatusNet. Until that is corrected, I see little likelihood that they'll be willing to connect to other federation protocols.
1) USsians in general are not aware or concerned about owning and controlling their data or online presence. You can see this with all the companies that are shutting down their blogs and websites and relying on Facebook pages and a Twitter account.
2) There is also the "my friends are not there" argument. If this was as true as people think, however, we'd all still be on AOL, Friendster, and MySpace. Some people that were on #Facebook and refused to try anything else are now on FB and #GPlus.
3) ~friendica
, Diaspora, #StatusNet, #BuddyCloud, #OneSocialWeb, #Jappix, and so on need to understand that proprietary and centralized networks are the competition and start cooperating. I have some comments about this below. Most of these networks have failed to understand this, and so they are "federated" in isolation.4) Topics and standards of behavior: Most of the networks I frequent do tend to have mostly technical and political topics. Some science and some religion also (although they tend to be sorely bigoted against people with any religious beliefs). On the other hand, most people want to be where the topics include popular television/movie/music celebrities and the media they make. For most of the year or so that I was on Facebook, Justin Bieber and Rebecca Black probably filled my screen more often than anything except the latest Zynga game (until I blocked it) and one of my nephews' whining.
5) As a Black USsian, I think blacks in general are years behind understanding that the future is not about getting some for-profit or non-profit LOOAC (large, out-of-area corporation) to come to your aid, but about creating and controlling smaller entities that work for your benefit. I would guess that you won't find as many blacks on Diaspora or StatusNet, and that you won't find as many blacks using independent domains for their mail or instant messaging, either. This issue can be partially-corrected, I believe, through more and better marketing.
6) The US in general seems to admire big companies (the "FORTUNE500" type). We admire "small" companies only when they are rapidly growing ( the "INC500" type ). We admire big non-profits (the Red Cross), but not smaller, locally-focused ones. We like big, centralized government agencies(left-wingers like big domestic agencies, right-wingers like big militaries). We join the big political parties that big corporate lobbyists own and control, but won't help or participate in any way with the smaller ones that are still controlled by their members. We buy computer software made by that big corporation, then pay someone to fix it, rather than take a chance with smaller organizations' offerings (including FOSS).
7) We (Black USsians) fail to understand that having a large corporation between you and your data or between you and your contacts means that corporation controls your data and your access to those contacts. Whether that organization is for-profit or non-profit, that is a bad thing. If that corporation's main income source isn't paid (by users like you) hosting, your data and your contacts are subject to exploitation at any time. I believe this one issue can be partially corrected by increased and better marketing.
It would be great to get some input from people in other ethnic minority groups and other countries.
Footnote: Federated,Distributed Networks MUST Work Together
I tried several times to convince the guy behind #Appleseed to work together with #Friendica and StatusNet to make #federation better for all of us (users, hosts, and developers alike). Likewise, I've tried to convince the Diaspora people. The BuddyCloud people, #StatusNet / #OStatus, and #MediaGoblin sound like they are interested. OSW is "on hiatus" but still accepting pull requests, and Jappix (so far) seems like it is just a web front-end for your existing Jabber/XMPP accounts and they've been silent in response to inquiries about #interfederation.
The #rstatus people appear to be serious about federation with other OStatus-using applications, but there is an annoying bug that prevents their application from sending posts to StatusNet. Until that is corrected, I see little likelihood that they'll be willing to connect to other federation protocols.
♲ Martin Farrent
Self-hosting - Friendica is your chance to learn
There are many reasons why you should self-host your Friendica site: You get more control over your data and the features you need. You get the only admin you should really trust 100% - yourself.
See here: http://friendica.com/node/33
Self-hosting is a new survival skill for people who value their privacy and freedom in a digital age. And Friendica gives you an ideal way of learning it, because Friendica is made for people with everyday computer skills. Friendica can be your exit ticket from the post-privacy era - that crucial first step you can easily learn and be proud of. Here's how: http://friendica.com/download
Self-hosting - Friendica is your chance to learn
There are many reasons why you should self-host your Friendica site: You get more control over your data and the features you need. You get the only admin you should really trust 100% - yourself.
See here: http://friendica.com/node/33
Self-hosting is a new survival skill for people who value their privacy and freedom in a digital age. And Friendica gives you an ideal way of learning it, because Friendica is made for people with everyday computer skills. Friendica can be your exit ticket from the post-privacy era - that crucial first step you can easily learn and be proud of. Here's how: http://friendica.com/download
Sensible Upgrades Method & Timing
Do most ~f hosters use git to upgrade, or do they manually download tarballs from github? Is everyone trying to stay pretty close to the newest, or do they wait to hear that X.Y.Z is pretty stable?
I'm trying to decide which method to use for installation and I recognize that I'll probably want to use the same method that I use for upgrades.
I'm trying to decide which method to use for installation and I recognize that I'll probably want to use the same method that I use for upgrades.
I'd recommend for anybody that isn't comfortable digging around php/mysql to stick with weekly updates.
This reduces the system load on me.
This reduces the system load on me.
I was awakened this morning by a very minor earthquake. It got the dogs and cats up also. There was no damage anywhere.
Browsers And Certificates
Browser vendors trust CAs. Users never see one except when browser vendor distrusts it. this is #disturbing and #problematic.
sasiflo likes this.
Point is that the entire system was set up for financial transactions - to establish vendor identity as much as to encrypt content. It's not really what we need, most of the time. We're in a different context.
Two peanuts were walking through the New York. One was assaulted.
This website is tracked using the Piwik analytics tool. If you do not want that your visits are logged this way you can set a cookie to prevent Piwik from tracking further visits of the site (opt-out).
