#Twitter is just another example of why Ambien authority is bad. *ba-dum-tss*

#CapabilityBasedSecurityJokes #ObjectCapabilities #OCaps #OCap

@vyr

I don't know if this will help you, or is the same as the #OCap article your refer to, but @spritelyinst are dedicated to take ocaps to the next level.

See: https://spritely.institute/static/papers/spritely-core.html

They have a #Spritely IRC channel where some true experts exchange thoughts.

On the old https://spritelyproject.org is also interesting information to find.

people keep suggesting #OCAP will solve all of #ActivityPub's problems but literally how does it solve the most basic problem of "any asshole can respond to or boost a post"

yes i read the OcapPub article, it's incredibly vague and doesn't seem to address the issue that you don't need to be able to resolve a capability to refer to it

what am i missing

Finishing my #OCAP training today on #Indigenous #Data stewardship and protection. Fun slide near the end and thanks to the #FNIGC and #AlgonquinCollege for the learning opportunity.

Last was an important talk by Aaron Franks on #FirstNations #data sovereignty and #OCAP at the Canadian Open Data Society. I continue to be impressed by the depth of OCAP, and this talk gives a great overview of that framework. Anyone who deals with people data should familiarize themselves with this approach to get a sense of the investment necessary to ethically engage with people data. Highly recommend https://www.youtube.com/watch?v=8rcTI9HlDkc (7/7)

@shibayashi @cwebber @ariadne congrats on the paper! I wish #OCAP patterns were standard training for software development. I guess it doesn't help that so few languages *leave the right things out* to make capability discipline enforceable.

@drq @ZySoua @cwebber @torgo @evan @deadsuperhero @Gargron i've heard some people propose ideas based on #OCAP that would make interactions between users and instances more consent-based, but i don't understand it enough myself

Taking some time in 2023 to learn about the #OCAP principles of #Indigenous #DataSovereignty

@birch agreed... long term blocking is not the answer. My main goal here at this point is awareness. Medium term the best mitigation is to encourage people to switch their accounts to manually approve follow requests and also for instance admins to disable automatic approval of new accounts or to disable open registrations entirely...getting into a different mindset about sharing and reach and so on.

Ultimately the solution to these kinds of issues will rely on protocol level changes...perhaps implementing an #OCAP (object capabilities) permission model or a revamp/new protocol. The "fedi founders" aren't standing still but it will take time.

One of the things I already love about the #ocap / #ocapn #spritely community is the cross-generational diversity and support: it feels like people of all ages are welcome and respected for what they can bring.

The webinar & outputs were guided by the First Nations Information Governance Centre's Principles of #OCAP & Global Indigenous Data Alliance's #CARE Principles.

As a non-Indigenous settler, it’s been a privilege to work alongside the 40+ First Nations knowledge-holders, technical staff, & the #WFI to create these materials. Thank you! 🙏

#IDSov #IDS #FNIGC #GIDA

So rather than "to run me, please fill out the config here", it's "to run me, I will need a database connection, a file connection, and an inbound http connection".

That's hugely, grossly simplified, but it's what I've latched onto so far. #ocap #programming

For those wondering about the technology underlying this platform, I suggest this summary of where-we-were/where-we're-going https://gitlab.com/spritely/ocappub/blob/master/README.org #ActivityPub #fediverse #ocap

If I were to quit everything and become some kind of weird knowledge monk, I think I would try to devise a theory of maximally secure user interfaces for permissionless computer systems. I mean, that's arguably what I'm doing now, but I wouldn't mind more time diving into theory. I'm presently constantly forced into practice by necessity. I think we have a pretty good idea, but there are parts I'd like to nail down more. #secureui #ocap #ocaps

@Ronkjeffries the main technology difference is probably the additional incorporation of crypto stuff in AT. I am not familiar enough with AT to know the specifics...I don't believe it specifies its own blockchain but there has been more attention to "monetizing" federation through crypto--attaching a nominal cost to participation to dissuade spammers and other abusers and a similar reward for engaging content and other "good behaviour". Additionally there has been talk of verifiable IDs...a sort of universally unique key independent of any given instance.

ActivityPub and the projects that use it tend to place priority on interoperability, participation, community etc. Frankly a lot of what the BlueSky people are trying to address are concerns of businesses not people IMO. Not to say ActivityPub couldn't use improvements like #Ocap.

@cwebber would be able to say more and correct my mistaken assumptions since she both co-authored ActivityPub and worked with people on the BlueSky side I believe?

Apparently these aren't as well known as I assumed they were, so here is some tech that I think would make a good #web0 . (like #web3 but more actual #decentralization and less bullshit)

#namedDataNetworking
https://named-data.net/

#Spritely (and #OCAP in general)
https://spritelyproject.org/

#Yggdrasil (could cooperate with NDN)
https://yggdrasil-network.github.io/

#Yatima
https://github.com/yatima-inc/yatima

Invest in these instead of NFTs.

I stumbled upon this book today while reading my e-mail. Thought it would be of interest to others here. This might be old news for some; I've not seen this before, and thought I'd share.

https://homes.cs.washington.edu/~levy/capabook/

#capabilities #capability #objectcapabilites #descriptor #descriptors #ocap #ocaps

@drwho yep, though I don't recall seeing it being applied so blatantly and aggressively before where they both follow and spam in parallel posting at a rate of almost once per minute right out of the gate with zero effort towards evading detection.

I'm surprised but relieved by the complete lack of sophistication. Still concerned about what happens when they finally learn evasion techniques and hoping #OCap and other measures establish themselves in some way on the fedi.

@jalcine I am glad this is getting some attention, and I hope careful consideration is given to how it is designed.

* I think that @cwebber is doing the most promising work with #OCAP and #CapTP concerning federated/distributed moderation, a "web of consent" centred on sharable, revokable permissions instead of managing lists.

* as fun as Mastodon is I think it is unfortunate that federation is dominated by a Twitter clone which encourages bad behaviour, A BBS/forum would be more manageable.

What Are Capabilities?
Chip Morningstar
Habitat Chronicles

An comprehensive intro to #OCap theory with plenty of links.

http://habitatchronicles.com/2017/05/what-are-capabilities/