lol I saw a comment by a mufo on Fedi on a video I was watching.

lol I saw a comment by a mufo on Fedi on a video I was watching.

I thought I wanted to study atoms as a kid but I found it to be a real Bohr

shame you can't make a joke about locked-in syndrome

They're using AI to make NFTs. It's like they're renewing the shit from the last hype cycle with the shit from this one.

There's too much shit in this image to summarise so I recommend looking at jarvis dot foundation's feature page.

Periodic reminder to check in on your friends with poor mental health. Even if it seems like it does nothing for them.

This post did not contain any content.

This post did not contain any content.

I have a proposal for those "white ethnostate" people:

Put them in a special prison.

Not just any prison.

The prison has the walls painted white. Give the prisoners white gowns and white gloves. For food, give them rice and bread and milk. The guards are dressed in white. Their weapons are white. The floors and furniture are all white. The lighting is 6500K white.

They want white, they get white.

This post did not contain any content.

@mcc Oh! Yeah. It's because they don't have a well-defined canonical composition order, unlike modern Jamo, which do.

A weird bit of trivia: there is no composition for hanzi/kanji/hanja/chữ Hán characters (what many call "Chinese characters"). You can't just build one in Unicode. If you could, they'd also be in this list, for the same reason that Old Hangul Jamo are disallowed (which were only added because scholars needed them).

Making a pizza from scratch

My plans for moderation:

• I plan to allow sharing of blocklists of did:keys that are known to spam
• Allow clientside filtering of what replies you see to your posts (followers-only, etc.)

Future things also:

• In the future I plan to add RFC9420/MLS support for limited-audience posts (which will mean posts are ACTUALLY encrypted, including DM's). Right now for public posts, that is completely pointless, so I am not doing that. Because... why. If it's public, what's the point in encryption beyond, say, HTTPS?
• Maybe a standalone app or something so you're not running this all as a mystery meat blob of JavaScript.
• Other database/relay backends besides OrbitDB.
• Maybe a proof-of-work system akin to HashCash to prevent spam.

Preferences:

This is subtle. But I think this is cool.

Your preferences are globally stored. But they are encrypted.

What is stored:

• Who you follow
• Muted users
• Block lists
• Client UI preferences
• Custom feeds
• Personal notes

These are not public information.

Fireweed stores these as encrypted blobs. Only people with the password can decrypt them (so... use a strong password).

In the future I plan to add webauthn support as well (also probably going to do this for the root key).

Each preferences update is signed by your device key. Same check flow as posts. If the signature fails, it's not a valid preference.

But basically: your entire social graph becomes sovereign. It is yours. No company can see it.

Now. Posts.

Every post is:

• Content
• Metadata
• Timestamp
• Signed by a device key

Peers verify:

• Device key signature
• Device key signed by root
• Certificate capabilities
• Root consistency

If that chain holds, the post is authentic.

No central server needed to vouch for it. Cryptography does it for you.

Now... deletions...

Deleting content in distributed systems is messy. You can't actually un-send stuff and distributed databases tend to work with append-only logs.

Fireweed handles this with signed tombstones.

A tombstone is a signed message that says:

"Post X is revoked / deleted by the same identity that created it."

It is signed by a valid device key, traceable to root, and verifiable.

Peers don't erase history from existence (because that’s impossible in distributed systems), but they respect the tombstone, hide the content, and mark it revoked.

It’s consent-based deletion instead of magical deletion.

Also, if you revoke a device, all posts that were created by the device are instantly repudiated.

NB: It doesn't guarantee the content was never saved elsewhere. Nothing can guarantee that. Not even on a centralised system. Especially not on Fedi. It guarantees that the canonical record says "this is withdrawn."

How it works:

You generate a root keypair (Ed25519, small, fast, modern elliptic curve, supported by almost every browser).

That key is:

• Your identity.
• Your authority.
• Your signature stamp.

If you lose it, you’re done. There is no "forgot password." Eventually you will be able to export your keypair and save it somewhere, but you absolutely need this keypair to use it.

This is not far off from how SSH works, actually.

The root never touches the Internet, at least the private key doesn't. Or ideally, shouldn't.

It is encrypted at-rest in your browser and only loaded into memory when needed, decrypted via a password. It's... not perfect, because browser-based crypto is not perfect, but it's irretrievable in direct form.

This is brutal, yes, but it is clean. Also, if you destroy the key? No one can cryptographically prove it was you.

Anyways.

The root key signs:

• Device keys
• Identity metadata
• Potential revocations
• Anything that defines "you"

Obviously, posting from your root key directly would be clunky and having a lot of key material around you really don't want widely duplicated

Instead: the root key generates and signs a device key.

Device key is what signs posts, preferences updates, etc..

Each device key is:

• Separately revocable
• Linked to root
• Explicitly authorized
• Has capabilities attached like posting and preferences updates

If your laptop gets owned? You revoke that device key. The root signs a revocation. Network sees the revocation. That device stops being valid. Posts and preferences updates from it are ignored.

So this is Fireweed.

It is a distributed forum / social protocol thing I'm making built around cryptographic identity instead of accounts. It is a proof-of-concept in essence, to prove it can be done.

No usernames as authority. No central database as truth. Just local cryptographic identity. In the future I plan to allow attestation via signing a nonce you can put on a site or something.

Anyway.

Your identity is a keypair. That’s it. That's the pitch. Everything else revolves around that.

🧵

If you're curious what this is:

It's a little implementation of a distributed social media system, for now using a local server but will use OrbitDB in the future once I'm more confident in it.

It deserves a whole-ass writeup, but I honestly consider it more proof-of-concept than I do a real thing I feel comfortable people using right now.

I am doing a weird thing. Nowhere near done.

@oblomov Do you know why it hasn't had explosive growth?

IMO:

0) It is hostile to normal people on a cultural level

1) "What instance do I use"

2) Instances dying

3) Shitty T&S game that very much depends on your instance admin, and what kind of abuse your instance admin tolerates (some will tolerate it from the "right" crowd for the "right" reasons)

4) You still can't use Fedi like a normal person without it being weird. Someone will start demanding you CW topics they consider normal (giving the perception that basically this platform is used by weirdos... which it is... but also the perception that it is hostile to difference... which it can be at times). You can't talk about politics. In trying to be a safer place, it has ironically become *unsafe* to normal expectations of "I just wanna talk about the Zeitgeist and not have a Communist tell me about the labour theory of value but wrongly"

d / dx ln(x) ^ e = (e * ln(x) ^ (e - 1)) / x

Not 1, as you'd expect.