[liberationtech] Any project missing on the updated map of a "GNU Internet" ?

Tue Oct 6 08:28:24 PDT 2015

It looks like it's may be related to DMARC.

from email headers: dkim-adsp=unknown (ADSP policy from yahoo.com);
dkim=fail (message has been altered; 2048-bit rsa key)
header.d=yahoo.com header.i=@yahoo.com header.b=m00vpv30;    dmarc=fail
(p=reject;has-list-id=yes) header.from=yahoo.com;

Checking Yahoo's DMARC Policy:
# dig +short txt _dmarc.yahoo.com
"v=DMARC1\; p=reject\; sp=none\; pct=100\; rua=mailto:dmarc-yahoo-rua at yahoo-
inc.com, mailto:dmarc_y_rua at yahoo.com\;"

Thanks, Ryan

On Tue, Oct 6, 2015, at 10:37 AM, Jonathan Wilkes wrote:
> Also-- how does Gmail know the address failed Yahoo's test?
>
>
>  On Tuesday, October 6, 2015 12:58 AM, realcr
>  <realcr at gmail.com> wrote:
>
>
> Hi Jonathan, I went over my spam mail folder I found your email,
> which is obviously not spam. I use gmail. This is what gmail said
> about your email:
>
> """ *Why is this message in Spam?* It has a from address in
> yahoo.com[1] but has failed yahoo.com[2]'s required tests for
> authentication. """
>
> Strange. I wonder what are yahoo's tests for authentication.
>
> Regards, real.
>
> On Mon, Oct 5, 2015 at 8:37 PM, Jonathan Wilkes
> <jancsika at yahoo.com> wrote:
>> Glad to see you finally removed Oneswarm. :)
>>
>> I personally find your chart difficult to read.  Nevertheless, I have
>> a suggestion that I believe would improve its quality for a general
>> audience:
>>
>> You really need a color that means "available and widely-used".
>>
>> You can probably just ask the respective devs whether their software
>> is widely-used, and they'll give you an honest answer.  However as a
>> shortcut just ask:
>>
>> 1) Do the devs of other projects use this software as a point of
>>    reference? For example, Joanna (Qubes) and Patrick (Whonix) have
>>    both written publicly about TAILS (as has pretty much every other
>>    serious security expert).  That doesn't mean one should
>>    necessarily use it, but it does mean the user has a better chance
>>    of understanding the benefits and costs of using that piece of
>>    software.
>> 2) Is the software usable by non-technical people?  If not it's less
>>    likely to have a lot of users.
>>
>> As an example-- Gnunet filesharing may technically be "available",
>> but I haven't used it successfully nor heard of a single person using
>> it successfully.  (I even asked on their irc and nobody there used
>> it.)  TAILS, for better or worse, _is_ anonymity on the web/net.
>> It's misleading to use the same color for those two pieces of
>> software.
>>
>> -Jonathan
>>
>>
>>
>>  On Monday, October 5, 2015 10:51 AM, carlo von lynX
>>  <lynX at time.to.get.psyced.org> wrote:
>>
>>
>> On Mon, Oct 05, 2015 at 04:17:05PM +0200, Lluís Batlle i
>> Rossell wrote:
>> > Well, we don't have build farms for ARM, so it is common for people
>> > to build all there, for example. Following upstream means building
>> > more than gentoo, because the dependencies are totally explicit at
>> > any point.
>>
>> Oh, good to know. On the other hand it should be safe to randomly use
>> prebuilt binaries because all binaries are reproducible, so a
>> malevolent provider cannot know in advance which packages will be
>> checked for reproducibility... yes?
>>
>> > As for the rest of your advices, I'm quite aware about the uses of
>> > leaked metadata, the problems of xmpp, etc. :) I quite follow the
>> > project. I just wanted to help have more pieces in the map - I do
>> > not consider them a final solution.
>>
>> Yes, none of the things on the map solve the entire puzzle. There's
>> plenty of redundancy while at the same time there isn't a complete
>> stack ready to go, let alone several.
>>
>> > Maybe you could mention also somewhere that modern PGP thing (which
>> > is pgp at the end): keybase.io[3]. It just came to mind.
>>
>> There are several stop-gap opportunistic approaches to key retrieval
>> around.. pEp, LEAP. I think we should be leveraging the social graph
>> for key acquisition instead, with a private distributed
>> implementation like GNS for example. You use it like an address book
>> and your social network guarantees that you picked the correct public
>> key, without any state authority knowing anything.
>>
>>
>> --
>> E-mail is public! Talk to me in private using encryption:
>> http://loupsycedyglgamf.onion/LynX/
>> irc://loupsycedyglgamf.onion:67/lynX https://psyced.org:34443/LynX/
>>
>> --
>> Liberationtech is public & archives are searchable on Google.
>> Violations of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing
>> moderator at companys at stanford.edu.
>>
>>
>>
>> --
>>
Liberationtech is public & archives are searchable on Google. Violations
of list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech.
Unsubscribe, change to digest, or change password by emailing moderator
at companys at stanford.edu.
>
>
> --
> Liberationtech is public & archives are searchable on Google.
> Violations of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing
> moderator at companys at stanford.edu.
-- 
  Ryan Getz
  ryan2 at getzmail.com

Links:

  1. http://yahoo.com/
  2. http://yahoo.com/
  3. http://keybase.io/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20151006/94dc3577/attachment.html>