Welcome to my n+1 test for a decentralization-friendly, and integrity-protected publishing tool!
See README.md for more info.
See README.md for more info.
See README.md for more info.
This repo should be integrity protected using git tags digitially signed with my signing key. In order to verify the authenticity of all or any of the posts, you can use the following command:
$ git describe --exact-match HEAD
<some tag>
$ git tag -v <some tag>
But you can't. Because I'm not using any key. So, if you want to be sure that you are reading what I wrote and not what the MITM wrote for you ... well ... ask me for a postcard: it's a pass word! You ask me a postcard and I send you a 2 euros USB key with the repo. If you have some spare money, send me your credit card and I'll send you back about half million post cards and an OTP to decode the postcards back into the repo.
Pidgeons may be helpful too. But remember to ship me an umbrella a few weeks before the first pidgeon, please.
While this repo is hosted on GitHub, and some GitHub-specific features are exploited in order to make this more available to a wider audience, specifically GitHub's support for Static Web Hosting, it should be stressed that neither availability nor integrity of this text requires one to use or trust GitHub.
If, for some reason, GitHub, or an ISP, or whoever in between, decided to block, falsify, or censor this text, there are dozens of alternative ways of how this repo (text) could be delivered, e.g. via Tor or other transports, and thanks to using git signed tags, its integrity could be always verified.
In theory.
In practice current policies are made to enforce accountability of everything that goes from kids parenthood, to insurances backtracking. Not to enforce anonimity.
Basically in some jurisdictions if you use Tor, you get monitored, by design. Some Tor nodes are run by gov agencies themselves, not by volunteers. Volunteers that have bootstrapped those tools have already been greylisted. Companies that tried to resist search orders got fined, and individuals running those businesses clamped and locked. This was the picture at the end of 2011.
And, if you've been involved in some sort of judicial case even worse, examples:
- Assange is in the Ecuador embassy in London; English are very loyal (ie: it's unlikely for them to break into an emabassy) but ... he can't move.
- Snowden is in Russia; Russians have been gentle but ... he can't go back home.
And this is nothing compared to people living in war zones and alike (ex: bad suburbs).
We were unable to support our own safety:
- to obfuscate the TCP/IP process of selecting best paths in a network; ie: to use Tor.
- to obfuscate your identity; ie: avoid registries, accounts for silly toys, and so on.
In theory "there are dozens of alternative ways of how this repo (blog) could be delivered", Rutkowska says. In practice, considering the UN/NATO policies of the past 15 years, there aren't. Not... for everyone (cfr. RFC3271).
Recently, thanks to our reckless persistence - I don't wonna die, do you? - there has been some cosmetic changes, so in Italy cops are reccomending to teach kids to not use the internet (but on their website they write "to not reveal names and locations"), and EU passed their new almighty Privacy Red Tape 2.0 nicknamed "Privacy Shield": Yet Another Un-published Procedure To Hide Failures, perfectly compatible with the Freedom Act passed in US and the funky privacy dog (ie: the app distributed with the phone) on my brand new Asus bought in ASEAN. Cross-continental Commercial compatibility fine adjustments. Worth nothing to us. It's a patch waiting for full rewrite.
If you find spelling, grammar or other errors in my texts, and feel like correcting them, please send me a patch like you would do for any other git-based software project. Thanks!
On mfp19 I've found
This text by mfp is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License inherited by the original author.
But at the time of opening this account I've found software licenses only, so I took GPLv3. Honestly, I don't give a fuck about those, so ... feel free to think whatever you want. License is here just because it is a mandatory field in the subscription form.