00:00 Welcome and Introduction
00:28 Meet Lori Lorusso from the Rust Foundation
01:58 Open Source Sustainability and the Joint Statement
04:34 Challenges in Open Source Contribution
06:36 The Importance of Supporting Open Source Projects
15:38 The Cyber Resilience Act and Its Implications
21:40 Engaging with the Rust Foundation
24:36 The Value of Open Source Communities
26:33 Conclusion and Upcoming Events

Site/Blog/Newsletter
FaceBook
Twitter
Mastodon

Special Guest: Lori Lorusso.

Support Reality 2.0

Links:

• Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship – Open Source Security Foundation — An Open Letter from the Stewards of Public Open Source Infrastructure Over the past two decades, open source has revolutionized the way software is developed. Every modern application, whether written in Java, JavaScript, Python, Rust, PHP, or beyond, depends on public package registries like Maven Central, PyPI, crates.io, Packagist and open-vsx to retrieve, share, and validate dependencies. These registries have become foundational digital infrastructure – not just for open source, but for the global software supply chain.
• The Rust Foundation - Official — THE RUST FOUNDATION is an independent nonprofit committed to a safe, secure, and sustainable future powered by the Rust programming language. We believe that investing in the global open-source community is essential to maintaining a healthy and performant technological ecosystem — for individuals and organizations alike.
• xkcd: Dependency

00:00 Welcome Back to Reality 2.0
00:36 Upcoming Open Source Summit
01:03 Linux Foundation and AI Initiatives
04:20 Apple's Approach to Personal AI
05:11 Challenges of AI and Data Privacy
07:16 Potential of Personal AI Models
11:10 Human Interaction with AI
26:50 Innovations in Cookie Consent
31:08 Commitment to More Frequent Episodes
33:16 Closing Remarks and Future Plans

Site/Blog/Newsletter
FaceBook
Twitter
Mastodon

Support Reality 2.0

Links:

• Kwaai - KwaaiNet — AI running distributed on a P2P fabric, built By the People, For the People Imagine what we can do.
• Open Source Summit North America

Site/Blog/Newsletter
FaceBook
Twitter
Mastodon

Special Guest: Kyle Rankin.

Support Reality 2.0

Links:

• LLMs break the internet. Signing everything fixes it. — LLMs break the internet. The going rate for GPT-4 is $0.06 per 1000 tokens, or about $0.00008 per word. New open source models like Dolly and StableLM will drop costs even further, and without the content restrictions. Thought has never been so cheap. Creative expression has never been so accessible. Also spam, phishing, harassment mobs, and mass influence ops have never been so cheap, so accessible. You thought the internet was a mess before? Get ready for bots that beat the Turing test, synthesize your voice, generate fake social consensus at scale. We’re seeing the beginnings of this already. Expect a tidal wave of spam, identity theft, phishing, ransomware over the next 36 months.
• See the websites that make AI bots like ChatGPT sound so smart - Washington Post — AI chatbots have exploded in popularity over the past four months, stunning the public with their awesome abilities, from writing sophisticated term papers to holding unnervingly lucid conversations. Chatbots cannot think like humans: They do not actually understand what they say. They can mimic human speech because the artificial intelligence that powers them has ingested a gargantuan amount of text, mostly scraped from the internet.

Site/Blog/Newsletter
FaceBook
Twitter
Mastodon

Special Guest: Shawn Powers.

Support Reality 2.0

Links:

• ChatGPT: Optimizing Language Models for Dialogue — We’ve trained a model called ChatGPT which interacts in a conversational way. The dialogue format makes it possible for ChatGPT to answer followup questions, admit its mistakes, challenge incorrect premises, and reject inappropriate requests. ChatGPT is a sibling model to InstructGPT, which is trained to follow an instruction in a prompt and provide a detailed response.
• AI tells me if AI will write novels. - vlogbrothers on YouTube — In which a text-generation AI promises John that of course it won't replace him.
• Apple is adding end-to-end encryption to iCloud backups - The Verge — / Apple is expanding its iCloud security features and introducing support for security keys for two-factor authentication.
• Rackspace confirms ransomware behind days-long email outage • The Register — UPDATED Rackspace has admitted a ransomware infection was to blame for the days-long email outage that disrupted services for customers.  The security snafu took down some of Rackspace's hosted Microsoft Exchange services on Friday afternoon. In its most recent update, posted at 0826 Eastern Time on Tuesday, Rackspace said it has now "determined this suspicious activity was the result of a ransomware incident," and has hired a "leading cyber defense firm to investigate."

Site/Blog/Newsletter
FaceBook
Twitter
Mastodon

Special Guest: Kyle Rankin.

Support Reality 2.0

Links:

• Why The U.S. Fell Behind In Phone Manufacturing - YouTube
• JMP: Your phone number on every device
• IIW
• Reality 2.0 on Mastodon
• Explore - Texas Observer Social

Site/Blog/Newsletter
FaceBook
Twitter
YouTube
Mastodon

Special Guests: Holmes Wilson and Kyle Rankin.

Support Reality 2.0

Links:

• GitHub - ZbayApp/monorepo — An early prototype for a peer-to-peer alternative to Slack and Discord.

Reality 2.0 around the web:
Site/Blog/Newsletter
FaceBook
Twitter
YouTube
Mastodon

Special Guest: Dave Huseby.

Support Reality 2.0

Links:

• Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems | The White House — This memorandum sets forth requirements for National Security Systems (NSS) that are equivalent to or exceed the cybersecurity requirements for Federal Information Systems set forth within Executive Order 14028 of May 12, 2021 (Improving the Nation’s Cybersecurity), and establishes methods to secure exceptions for circumstances necessitated by unique mission needs. 
• Guess which government doesn't want you to use end-to-end encryption — From a privacy point of view, there is much to love about end-to-end encryption, as employed by the likes of WhatsApp. But while users may delight in the knowledge that their communication is free from surveillance, there are some groups that have a different opinion.
• I Got Access to My Secret Consumer Score. Now You Can Get Yours, Too. - The New York Times — Little-known companies are amassing your data — like food orders and Airbnb messages — and selling the analysis to clients. Here’s how to get a copy of what they have on you.
• Black Teen Kicked Out Of Roller Rink Over Face Recognition | News | BET — A face recognition-equipped Detroit roller rink reportedly kicked out a Black teen on June 10 after misidentifying her as a person who’d allegedly gotten into a fight there in March.
• The principles of user sovereignty | by 𝖉𝖜𝖍 | UX Collective — The first time I heard the phrase “user sovereignty” was while working at Mozilla on the Firefox web browser. Firefox ostensibly follows user sovereign design principles and respects its users. Mozilla has even baked it into their list of design principles on page 5 of the Firefox Design Values Booklet. But what does “user sovereignty” actually mean and what are the principles that define user-sovereign design?
• A Unified Theory of Decentralization | by 𝖉𝖜𝖍 | The Startup | Medium — All networks begin as only one thing; one neuron, one cell, one chip, one computer, or one user. One entity alone is not a network, but it is the starting point for understanding the unified theory of decentralization. One entity is fully sovereign, it has no connections to anything else that might influence or control it. One entity in isolation is empowered to act however it wants to strive for whatever results it seeks.
• The Web was Never Decentralized. Redecentralize the web is a fantasy | Design Warp — There are so many people today focused on “re-decentralizing the web.” They have a popular belief that when the web was invented it was a wonderfully optimistic vision of decentralization, governed by democratic principles and full of free information available through open access that all of humanity benefited from. They assume that originally all users of the web were well behaved and companies only wanted to help make the world better. Also, they think that somewhere along the line the web fell under the control of irresponsible corporations and governments and was contorted into the “broken and centralized” system that it is today.
• The Authentic Data Economy. Universal Digital Trust at Global Scale | by 𝖉𝖜𝖍 | Medium — All of us intuitively have a sense of what trust is and how to earn and maintain it as well as how to lose it. Trust never comes for free. The cost of earning trust is consistent trustworthy behavior over time. It forms our reputation in our social circles. But what happens when you have to do business outside of our personal social circles, such as with a new bank, or with a government agency far removed? How is trust established then? How is it transmitted to the distant institution to conduct business and how is it transmitted back? Over human history the solution has been to generate and keep official records about people and their activities. Some examples of official records are: Jane was born on this date, John earned his diploma from this university in this year, Judy received a license to practice medicine.
• Achieving Absolute Privacy. Cryptography Always Works, With or… | by 𝖉𝖜𝖍 | Medium — Absolute privacy on the internet is impossible, today. Why? Because nobody with the power to create it, wants it. The primary revenue model for the internet is based on surveillance making most investors aligned against privacy.
• Zero Architecture is the Way Forward | by 𝖉𝖜𝖍 | Medium — Inmy two most recent articles I discussed something called “Zero Architecture”. It is a new approach to designing decentralized systems using zero-trust security combined with business logic that operates entirely on zero-knowledge proofs — based on authentic data — and contains zero personally identifiable information. The primary motivation for this new way of thinking is building fully user-sovereign systems that automate regulatory compliance, drive out fraud, as well as eliminate surveillance capitalism and its attendant societal problems.
• 𝕿𝖍𝖊 𝕿𝖍𝖊𝖔𝖗𝖞 𝖔𝖋 𝕯𝖎𝖌𝖎𝖙𝖆𝖑 𝕲𝖆𝖙𝖊𝖘 | by 𝖉𝖜𝖍 | Medium — In computer systems it is common to construct digital gates around a service. The most common example is a username and password login gate that does a combination of authentication (i.e. verifying who is accessing the service) and authorization (i.e. what functions of the service can be executed). This approach for gating digital access is being blindly applied — without deeper contemplation — to vaccine passports and digital gates in the physical world with the explicit goal of denying people access to resources that were considered a human right as recently as this past spring. It is time to present a theoretical model describing the oppressive characteristics of naïve pervasive digital gating of real-world access and show why identity cannot be an input available to digital gates.

Reality 2.0 around the web:
Site/Blog/Newsletter
FaceBook
Twitter
YouTube
Mastodon

Special Guests: John Todd and Kyle Rankin.

Support Reality 2.0

Links:

• Quad9 | A public and free DNS service for a better security and privacy — Quad9 is a free service that replaces your default ISP or enterprise Domain Name Server (DNS) configuration. When your computer performs any Internet transaction that uses the DNS (and most transactions do), Quad9 blocks lookups of malicious host names from an up-to-the-minute list of threats. This blocking action protects your computer, mobile device, or IoT systems against a wide range of threats such as malware, phishing, spyware, and botnets, and it can improve performance in addition to guaranteeing privacy. The Quad9 DNS service is operated by the Swiss-based Quad9 Foundation, whose mission is to provide a safer and more robust Internet for everyone.
• Pi-hole – Network-wide protection — Instead of browser plugins or other software on each computer, install Pi-hole in one place and your entire network is protected.

Reality 2.0 around the web:
Site/Blog/Newsletter
FaceBook
Twitter
YouTube
Mastodon

Special Guest: Kyle Rankin.

Support Reality 2.0

Links:

• Defending Against Spyware Like Pegasus – Purism — What’s particularly scary about spyware in general, and is true for Pegasus as well, is that victims have no indication they’ve been compromised. Due to how locked down the iPhone is from the end user, detecting Pegasus in particular requires expert forensics techniques. This has left many at-risk iPhone users wondering whether they too are compromised and if so, what do they do?
• Here’s how to check your phone for Pegasus spyware using Amnesty’s tool - The Verge — Amnesty International — part of the group that helped break the news of journalists and heads of state being targeted by NSO’s government-grade spyware, Pegasus — has released a tool to check if your phone has been affected. Alongside the tool is a great set of instructions, which should help you through the somewhat technical checking process. Using the tool involves backing up your phone to a separate computer and running a check on that backup. Read on if you’ve been side-eyeing your phone since the news broke and are looking for guidance on using Amnesty’s tool.
• Mobile Verification Toolkit — Mobile Verification Toolkit (MVT) is a tool to facilitate the consensual forensic analysis of Android and iOS devices, for the purpose of identifying traces of compromise.
• The FBI Is Locating Cars By Spying On Their WiFi — The FBI is using a controversial technology traditionally used to locate smartphones as a car tracking surveillance tool that spies on vehicles’ on-board WiFi.
• Catholic priest quits after “anonymized” data revealed alleged use of Grindr | Ars Technica — In what appears to be a first, a public figure has been ousted after de-anonymized mobile phone location data was publicly reported, revealing sensitive and previously private details about his life.
• Secure, Fast & Private Web Browser with Adblocker | Brave Browser — Brave stops online surveillance, loads content faster, and uses 35% less battery.1

Subscribe to our newsletter.

Reality 2.0 around the web:
Site/Blog/Newsletter
FaceBook
Twitter
YouTube
Mastodon

Special Guests: Kyle Rankin and Shawn Powers.

Support Reality 2.0

Links:

• Signal >> Blog >> Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective — Cellebrite makes software to automate physically extracting and indexing data from mobile devices. They exist within the grey – where enterprise branding joins together with the larcenous to be called “digital intelligence.” Their customer list has included authoritarian regimes in Belarus, Russia, Venezuela, and China; death squads in Bangladesh; military juntas in Myanmar; and those seeking to abuse and oppress in Turkey, UAE, and elsewhere. A few months ago, they announced that they added Signal support to their software. Their products have often been linked to the persecution of imprisoned journalists and activists around the world, but less has been written about what their software actually does or how it works. Let’s take a closer look. In particular, their software is often associated with bypassing security, so let’s take some time to examine the security of their own software.
• Australia’s vague anti-encryption law sets a dangerous new precedent - ProtonMail Blog — the Australian government and its Labor partners rammed a shockingly invasive anti-encryption law through Parliament, over the objections of experts, businesses, and civil rights groups.
• Australia's Encryption-Busting Law Could Impact Global Privacy | WIRED — Australia has passed a law that would require companies to weaken their encryption, a move that could reverberate globally.
• P versus NP problem - Wikipedia — The P versus NP problem is a major unsolved problem in computer science. It asks whether every problem whose solution can be quickly verified can also be solved quickly.
• Data Double Dipping: When Companies Mine Paying Customers – Purism — There’s an old snarky saying among privacy advocates: “If you aren’t paying for something, you are the product!” This updated version of “There’s no such thing as a free lunch” arose in the Internet age among the ever-growing list of free services and apps on the Internet funded by collecting and selling your data to advertisers. If large companies like Google and Facebook are any indication, a lot of money can be made with user data and the more data you collect, the more money you can make.
• Eva Galperin: What you need to know about stalkerware | TED Talk — "Full access to a person's phone is the next best thing to full access to a person's mind," says cybersecurity expert Eva Galperin. In an urgent talk, she describes the emerging danger of stalkerware -- software designed to spy on someone by gaining access to their devices without their knowledge -- and calls on antivirus companies to recognize these programs as malicious in order to discourage abusers and protect victims.
• Reality 2.0 Episode 52: Fragmentation and Outrage of the Week — Doc Searls and Katherine Druckman talk to Kyle Rankin about fragmentation and software development, the Amazon Halo, and surveilling school children.
• This Is How They Tell Me the World Ends — From New York Times cybersecurity reporter Nicole Perlroth, THIS IS HOW THEY TELL ME THE WORLD ENDS is the untold story of the cyber arms trade-the most secretive, invisible, government-backed market on earth-and a terrifying first look at a new kind of global warfare.

Subscribe to our newsletter.

Reality 2.0 around the web:
Site/Blog/Newsletter
FaceBook
Twitter
YouTube
Mastodon

Special Guests: Chris Bronk and Petros Koutoupis.

Support Reality 2.0

Links:

• “Misinformation” vs. “Disinformation”: Get Informed On The Difference - Dictionary.com — Disinformation means “false information, as about a country’s military strength or plans, disseminated by a government or intelligence agency in a hostile act of tactical political subversion.” It is also used more generally to mean “deliberately misleading or biased information; manipulated narrative or facts; propaganda.” So, disinformation is knowingly spreading misinformation. Our first definition of this word gives one major reason why a person or group might want to spread wrong information, but there are many other nefarious motivations lurking behind the creation of disinformation.
• Amazon.com: The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power (9781541758001): Zuboff, Shoshana: Books — In this masterwork of original thinking and research, Shoshana Zuboff provides startling insights into the phenomenon that she has named surveillance capitalism. The stakes could not be higher: a global architecture of behavior modification threatens human nature in the twenty-first century just as industrial capitalism disfigured the natural world in the twentieth.
• Tom Clancy, author of the Jack Ryan Novels - Tom Clancy
• Amazon.com : john le carré
• Amazon.com: Active Measures (9781250787408): Rid, Thomas: Books
• Internet-based chastity belts hijacked by malicious hackers | Boing Boing — Oh man. A bluetooth-controlled chastity belt was the recent victim of a hacker attack. The Cellmate Chastity Cage, made by Chinese company Qiui, was designed so that users are able to lock and unlock their sex partner's penis prison remotely. Users caught in the attack were threatened with having their genitals locked in permanently unless they paid a 0.02 bitcoin (about $270) ransom.

Subscribe to our newsletter.

Reality 2.0 around the web:
Site/Blog/Newsletter
FaceBook
Twitter
YouTube
Mastodon

Special Guests: Kyle Rankin and Shawn Powers.

Support Reality 2.0

Links:

• Universal 2nd Factor - Wikipedia — Universal 2nd Factor (U2F) is an open standard that strengthens and simplifies two-factor authentication (2FA) using specialized Universal Serial Bus (USB) or near-field communication (NFC) devices based on similar security technology found in smart cards.
• Yubico | YubiKey Strong Two Factor Authentication
• Investing in Real Convergence – Purism — Real convergence means bringing your desktop computer with you wherever you go.

Notes:

00:00:37 The new contraband - TikTok
00:04:34 Is the US wanting to "play" China and censor?
00:08:19 Will this become an ugly precedent?
00:15:37 We're concerned about the implementation of this ban
00:17:25 The Social Dilemma on Netflix
00:21:11 Your phone is your castle
00:33:10 Defining the harm from mere content
00:44:59 Final thoughts - Portrait mode video
00:48:20 How does a visually impaired person use a phone? See link.

Special Guests: Kyle Rankin and Petros Koutoupis.

Support Reality 2.0

Links:

• Trump admin orders TikTok, WeChat gone from app stores on Sunday — President Donald Trump signed executive orders banning TikTok and WeChat on August 6. Those orders gave the Department of Commerce a 45-day window to outline what, exactly, a ban would entail. That 45-day period expires on Sunday, September 20, so that is when the bans take effect. Not only will app stores not be allowed to permit new downloads, but Internet hosting services and content delivery network services will also be banned from "enabling the functioning or the optimization" of the apps, and "directly contracted or arranged Internet transit or peering services" will also be prohibited. All platforms will also be prohibited from providing services through WeChat specifically that allow anyone to transfer funds or process payment within the US.
• Your Phone Is Your Castle — If your home is your physical castle, your phone is your digital castle. More than any other computer, your phone has become the most personal of personal computers and holds the most sensitive digital property a person has
• The Castle Doctrine — Since you’re reading this online, let me ask, what’s your house here? What sacred space do you strongly guard, and never suffer to be violated with impunity?
• Video: Voiceover and Braille screen input. — Kristy Viers using voiceover and braille screen input to compose a tweet and show navigation.

Special Guests: Dave Huseby and Petros Koutoupis.

Support Reality 2.0

Show notes:

0:00:25: Contact tracing apps
0:02:31: Contract tracing false positive and false negative
0:04:24: Contract tracing apps adoption rate
0:07:36: Katherine agrees apps should build more trust
0:11:44: The 2nd anniversary of the GDPR
0:13:31: Bruce talks about his RSA presentation about the notion of hacking
0:15:26: Katherine dove tails hacking into contact tracing
0:18:24: Hacking discipline around SSI (Self Sovereign Identity)
0:19:08: Should we need proof of immunity or carry an immunization card/immunity passport?
0:23:28: Do the people we entrust to regulate our tech even understand it?
0:29:10: Should we give the FBI digital forensic capabilities?
0:32:24: Katherine wonders if our cellphones are at all secure
0:36:33: Doc ponders the future of travel
0:38:18: Bruce predicts we're in the midst of a major system reset
0:46:49: The political divide between the way people digest information
0:49:36: Bruce: "Truth wins because it actually conforms to reality."

Links:
Bruce Schneier on COVID-19 Contact Tracing Apps
Contact-tracing apps are not a solution to the COVID-19 crisis

Special Guest: Bruce Schneier.

Support Reality 2.0

Download ogg format

Special Guest: Kyle Rankin.

Support Reality 2.0