Hacker Neue

Preferences
viraptor parent
Average person aware of trust on social network / internet - because https://hachyderm.io/@simontatham has a validated link to the author's homepage.

Others - they don't understand the trust anyway, so there prerequisite steps missing before the main question anyway.

zo1
It was bad enough that we had to tell developers to trust some rando website to download a tool that we'd use to potentially plug in sensitive production usernames + credentials.

A link that looks like this:

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.ht...

And now they've gone and made it worse by posting some new site and confirming the new link is real on their weird "hachyderm" social media post thing. Yeah, talk about a grey-beard get-off-my-lawn developer screaming at the wind and wanting to make it worse for themselves and their "brand".

viraptor OP
> on their weird "hachyderm" social media post thing

At this point tech people should understand what Mastodon is. For their own benefit. It's been years.

closewith
10 MM MAU estimated. Not exactly foundational to online discourse.
viraptor OP
We're talking in context of Putty which is itself an extremely niche software. But if you think of just the software/tech people - Mastodon is quite an important place.
jstanley
hachyderm.io says it has a validated link to his homepage, but if you don't already trust hachyderm.io that means nothing.
viraptor OP
It means a lot - you need to check the other side's meta to confirm yourself. https://fedi.tips/how-do-i-verify-my-account/
mjmas
For example, at https://www.chiark.greenend.org.uk/~sgtatham/ : (the rel=me is the important part)

    [...] <a rel="me" href="https://hachyderm.io/@simontatham"> [...]
nottorp
And that's why the fediverse thing is so niche :)

Looks like it's as complicated as a parts inventory system developed in house for a half a million employee company...

viraptor OP
There's a link on one side and a meta tag on the other. It's as simple as you can make the validation between two sites. It's not even fediverse-specific really - there were other services doing something similar before.
bentinata
It's because freedom and correctness is hard. Yeah, most people prefer convenience and would rather someone be the source of authority to do it for them, but people on fediverse are not those kind of people.
closewith
No, it really means nothing. Identity on the internet is not a solved problem.
pferde
You are wrong.

It means that whoever owns the website marked as verified also owns the social account. See https://joinmastodon.org/verification for a quick overview of how it works.

closewith
No, it means a certain link exists on the website. On Hacker News of all sites, I would think we should all know that's not sufficient evidence of identity for an update regarding the source of critical software like a terminal.
10 More Comments →
aembleton
If you check the source of the website that it links to [1], on line 168, we have this

<p>I'm on Mastodon as <a rel="me" href="https://hachyderm.io/@simontatham">@simontatham@hachyderm.io</a>.</p>

If you trust that website, then you can be sure that this Mastodon account is the right one.

1. https://www.chiark.greenend.org.uk/~sgtatham/

kelnos
Sure, but by the time you've verified that, you could also have just visited the PuTTY website (the old/current one) to verify that putty.software is legit.

This item has no comments currently.

Keyboard Shortcuts

Story Lists

j
Next story
k
Previous story
Shift+j
Last story
Shift+k
First story
o Enter
Go to story URL
c
Go to comments
u
Go to author

Navigation

Shift+t
Go to top stories
Shift+n
Go to new stories
Shift+b
Go to best stories
Shift+a
Go to Ask HN
Shift+s
Go to Show HN

Miscellaneous

?
Show this modal