diff options
33 files changed, 59 insertions, 59 deletions
diff --git a/content/entry/atom-and-rss.md b/content/entry/atom-and-rss.md index 770e208..db591a2 100644 --- a/content/entry/atom-and-rss.md +++ b/content/entry/atom-and-rss.md @@ -4,7 +4,7 @@ date: 2020-12-17T00:00:00 tags: ['computing'] draft: false --- -Most netizens are vaguely familiar with this symbol: +Most netizens are vaguely familiar with this symbol: [RSS icon [IMG]](/resource/feed-icon-28x28.png) It represents [Atom](https://www.wikipedia.org/wiki/Atom_%28standard%29) and [RSS](https://www.wikipedia.org/wiki/RSS). From Wikipedia ([CC BY-SA 3.0](https://creativecommons.org/licenses/by-sa/3.0/)): @@ -21,7 +21,7 @@ I'm not inherently against social media. I'm just against proprietary walled gar # How to Use Atom/RSS Now that you know what Atom/RSS is and you have an idea what it's used for, I'll move on to the meat of this post: how to use Atom/RSS. To begin using Atom/RSS yourself, you'll need to install a feed reader. There is mature feed reader software available for all major platforms including mobile. Decent feed readers support both Atom and RSS and you probably won't need to know which is which. Most sites including this one still use RSS. I do plan to eventually switch [my site feed](/atom.xml) over to Atom since it's more modern. -Once you find the feed symbol +Once you find the feed symbol [RSS icon [IMG]](/resource/feed-icon-28x28.png) on the webpage with the feed you want, just copy paste the link adding it into your feed reader and you're golden. After that your reader will take care of retrieving the content from that feed automatically. If you can't find a feed icon on a site, that doesn't mean the site doesn't support RSS. They may just not advertise it. Search the web for that site's RSS feed to see if anything turns up. If nothing turns up, there are websites that will parse the page you want turning it into a web feed. As long as you're not required to log in to view the content, you can probably find an RSS feed for it. diff --git a/content/entry/automation-and-the-meaning-of-work.md b/content/entry/automation-and-the-meaning-of-work.md index 248e22e..96d5235 100644 --- a/content/entry/automation-and-the-meaning-of-work.md +++ b/content/entry/automation-and-the-meaning-of-work.md @@ -14,7 +14,7 @@ What does this imply for the meaning of work? ## Starting Assumptions ### Basic Needs Are Still Met -Well, if people can't meet their basic needs after their jobs are automated, they won't care about finding meaning through work. So let's assume that the economy adapts so those whose jobs are automated can still meet basic needs. +Well, if people can't meet their basic needs after their jobs are automated, they won't care about finding meaning through work. So let's assume that the economy adapts so those whose jobs are automated can still meet basic needs. ### No Dystopian Outcomes Second, it may be the case that an AI-driven technological singularity or some other utopian/dystopian scenario follows shortly after large numbers of jobs are automated. If so, there won't be time enough to care about automation and its implications for the meaning of work. So let's assume there's a significant time gap between automation and any utopian/dystopian outcomes. diff --git a/content/entry/banning-facial-recognition-isnt-enough.md b/content/entry/banning-facial-recognition-isnt-enough.md index 92ba253..ae15ae2 100644 --- a/content/entry/banning-facial-recognition-isnt-enough.md +++ b/content/entry/banning-facial-recognition-isnt-enough.md @@ -18,12 +18,12 @@ There's also another related page on the same domain that focuses on corporate u [https://www.banfacialrecognition.com/stores/](https://www.banfacialrecognition.com/stores/) -Nowadays the empire of the megacorporations increasingly partners with the government and thanks to government mass surveillance programs, there isn't much difference in practice between corporate and government mass surveillance. Therefore it's equally if not more important to also ban corporations from using facial recognition on their customers. +Nowadays the empire of the megacorporations increasingly partners with the government and thanks to government mass surveillance programs, there isn't much difference in practice between corporate and government mass surveillance. Therefore it's equally if not more important to also ban corporations from using facial recognition on their customers. The website also provides a store "scorecard" rating each large retailer based on their facial recognition policies. If you click "learn more" on the stores that "won't use" facial recognition, you can see that the only verification that stores aren't using facial recognition is a statement they made to Fight for the Future. Given their strong incentives to use facial recognition for consumer tracking and data collection, I wouldn't be surprised to find out most of the "won't use" stores are just lying. To verify stores' claims about facial recognition use beyond taking their word for it would require an audit which is probably impractical because the camera software is almost certainly proprietary. # False Dichotomy -Both the government and the empire of the megacorporations present citizens with a false dichotomy: privacy versus safety. With government surveillance they say it's a balancing act between the right to privacy and public safety. Retailers try to do the same thing with the additional point of preventing theft. But this is a fallacy. Privacy and safety aren't opposed. My privacy is part of my safety. +Both the government and the empire of the megacorporations present citizens with a false dichotomy: privacy versus safety. With government surveillance they say it's a balancing act between the right to privacy and public safety. Retailers try to do the same thing with the additional point of preventing theft. But this is a fallacy. Privacy and safety aren't opposed. My privacy is part of my safety. The real motive for mass government surveillance such as law enforcement facial recognition databases is, boringly, increased government power and control: people controlling people. Suppression of minorities and dissent. In other words, business as usual. @@ -40,7 +40,7 @@ In summary: * Retail companies are using facial recognition tech to track consumers for profit, that data inevitably ends up in government hands and companies have every reason to lie about using it. * Both governments and retail companies are lying about their true motives for using the technology. * As technology continues to improve, facial recognition will become more and more dangerous. -* Continuous government auditing of corporate surveillance systems to prevent facial recognition tech being used by retailers would be impractical, costly and reactive, not proactive. +* Continuous government auditing of corporate surveillance systems to prevent facial recognition tech being used by retailers would be impractical, costly and reactive, not proactive. ## A New Law is Needed In light of these facts, I propose an outright ban on video surveillance of large public and private spaces. It's not enough to make laws against facial recognition. Retailers have every reason to lie and do it anyway. Once the data exists, it's already too late to control how it's used. The only way to guarantee the data won't be misused is to prevent it from being collected in the first place. Specifically, by physically removing the infrastructure of surveillance. @@ -51,7 +51,7 @@ Now I'm not proposing a total ban on private and public use of surveillance came It's all about giving people the freedom to decide whether they consent to surveillance or not. In today's society that freedom is disappearing fast and we need it back. There didn't used to be cameras everywhere polluting the urban and suburban landscape and we don't need them now either. They're too big of a risk. You may see this as an extreme solution, but it's not extreme. It's only far-sighted. -Looking at how facial recognition is already being used for targeted harassment of Uyghurs in China, it's not hard to imagine ways in which improved facial recognition technology and other dangerous A.I. could worsen the situation. We need to preemptively stop things like this from happening by more strictly regulating what surveillance cameras are allowed to surveil. Private citizens may still record things in public. My objection isn't to that. It's to persistent, mass scale video surveillance of large public or private areas where people more or less have to be or would strongly desire to be (e.g. at a park or at work). +Looking at how facial recognition is already being used for targeted harassment of Uyghurs in China, it's not hard to imagine ways in which improved facial recognition technology and other dangerous A.I. could worsen the situation. We need to preemptively stop things like this from happening by more strictly regulating what surveillance cameras are allowed to surveil. Private citizens may still record things in public. My objection isn't to that. It's to persistent, mass scale video surveillance of large public or private areas where people more or less have to be or would strongly desire to be (e.g. at a park or at work). ## The Free Market Can't Fix It The reason I'm suggesting government involvement is the free market can't solve the surveillance problem especially when consumers can't afford to shop elsewhere or they live too far. Not to mention free market incentives are what created the problem in the first place. Even if there weren't monopolies preventing competition (e.g. a private versus surveilled shop), that would do nothing to stop employee surveillance. You may be able to choose where you shop, but you can't just decide not to work. That's why there ought to be a generalized law limiting corporate and government ability to use surveillance cameras. diff --git a/content/entry/consumer-data-protection-is-a-distraction.md b/content/entry/consumer-data-protection-is-a-distraction.md index 66dfe94..1fe66a0 100644 --- a/content/entry/consumer-data-protection-is-a-distraction.md +++ b/content/entry/consumer-data-protection-is-a-distraction.md @@ -13,7 +13,7 @@ Businesses collect data from consumers for a variety of reasons. Data is collect I recommend reading [his full blog post](https://www.schneier.com/blog/archives/2016/03/data_is_a_toxic.html). But from just a consumer perspective, giving companies your data is dangerous for several reasons according to Schneier: > "Saving it is dangerous because many people want it. Of course companies want it; that’s why they collect it in the first place. But governments want it, too. In the United States, the National Security Agency and FBI use secret deals, coercion, threats and legal compulsion to get at the data. Foreign governments just come in and steal it. When a company with personal data goes bankrupt, it’s one of the assets that gets sold. -> +> > Saving it is dangerous because it’s hard for companies to secure. For a lot of reasons, computer and network security is very difficult. Attackers have an inherent advantage over defenders, and a sufficiently skilled, funded and motivated attacker will always get in." That last part is important. "...a sufficiently skilled, funded and motivated attacker will always get in". The problem is you cannot trust corporations to keep your data safe. There aren't exceptions to this that come to mind. Even if we suppose the data is encrypted on the server and only you control the encryption key, that's not the case of a corporation being trustworthy to hold your data. They couldn't leak it if they wanted to. That's what's called trustless design. The system is set up so you don't have to trust whoever you're doing business with. The best of systems are set up that way. It's good for the consumer and it minimizes risk for the business. diff --git a/content/entry/debugging-neomutt.md b/content/entry/debugging-neomutt.md index b4e2f84..ff40926 100644 --- a/content/entry/debugging-neomutt.md +++ b/content/entry/debugging-neomutt.md @@ -8,7 +8,7 @@ About a month ago, I was checking my emails in Neomutt. When I opened a particul I thought maybe this was a one-off. I started Neomutt again and tried to load the same email. It crashed again. Because the crash occurred when trying to open the contents of an email, I was concerned that it may be exploitable. So I started investigating. -I was using the fake system time option in GPG for privacy, which caused problems in other applications. Since the email that crashed my client was encrypted, I suspected the bug had something to do with my esoteric GPG configuration. I found that if I disabled gpgme in Neomutt, the crash went away. +I was using the fake system time option in GPG for privacy, which caused problems in other applications. Since the email that crashed my client was encrypted, I suspected the bug had something to do with my esoteric GPG configuration. I found that if I disabled gpgme in Neomutt, the crash went away. I wasn't sure how to further proceed in debugging, so I joined the Neomutt channel on [Libera Chat](https://libera.chat/), asking for help. I got in touch with [Flatcap](https://github.com/flatcap), the creator of Neomutt. He had me send him the raw email data for the email in question. Since he didn't possess my private key for decrypting it, he could not reproduce the bug. diff --git a/content/entry/documentary-line-goes-up-the-problem-with-nfts.md b/content/entry/documentary-line-goes-up-the-problem-with-nfts.md index bd54917..ff901cd 100644 --- a/content/entry/documentary-line-goes-up-the-problem-with-nfts.md +++ b/content/entry/documentary-line-goes-up-the-problem-with-nfts.md @@ -35,7 +35,7 @@ Unfortunately for me, almost no exchange accepted Safecoin any more. It was buil ## Monero I also made a new entry promoting [TheHatedOne's video promoting Monero](/2021/03/18/video-monero-more-anonymous-than-cash/). In fact, I even accepted Monero as a donation method at the time. I didn't invest in it. I just found Monero useful for performing anonymous online payments since there was no other way to privately buy things online. -I knew all about the massive energy usage of proof-of-work coins at the time. Like most cryptocurrency enthusiasts, I just dismissed it as "not a waste". But over the next four months, I realized I had just been making excuses for the energy usage because I found the technology cool. It was the only way to transact privately online, so it would be really inconvenient for me if I also believed it was destroying the planet. +I knew all about the massive energy usage of proof-of-work coins at the time. Like most cryptocurrency enthusiasts, I just dismissed it as "not a waste". But over the next four months, I realized I had just been making excuses for the energy usage because I found the technology cool. It was the only way to transact privately online, so it would be really inconvenient for me if I also believed it was destroying the planet. Eventually, I found I could no longer deny the energy impact any more. I decided to remove cryptocurrency as a donation method and make an entry [recommending that people don't use proof-of-work-based cryptocurrencies](/2021/07/18/avoid-using-cryptocurrency/). I even began criticizing others who promoted proof-of-work cryptocurrency. I reasoned I would accept cryptocurrency again after a mass-adopted proof-of-stake currency was released. diff --git a/content/entry/dont-rely-exclusively-on-a-vpn-for-online-privacy-and-security.md b/content/entry/dont-rely-exclusively-on-a-vpn-for-online-privacy-and-security.md index b197552..aaca3de 100644 --- a/content/entry/dont-rely-exclusively-on-a-vpn-for-online-privacy-and-security.md +++ b/content/entry/dont-rely-exclusively-on-a-vpn-for-online-privacy-and-security.md @@ -9,7 +9,7 @@ In 2018, After Skool published a video about how [the vital right to privacy is Lately, there's been an epidemic of sponsored videos where VPNs are promoted as an online privacy/security solution by people who don't know the first thing about online privacy/security. The After Skool video seems to say "just use NordVPN and you'll have privacy", as if it's the be all and end all of online privacy. After Skool deserves credit for raising awareness of surveillance, but VPNs are not the solution. To say that they are is to tout a simple non-solution to an extremely complex problem. -If you want real privacy advice, check out [TheHatedOne](https://yewtu.be/channel/UCjr2bPAyPV7t35MvcgT3W8Q?dark_mode=true)'s videos for well-researched information and tips. In the meantime, I'd like to set the record straight on what VPNs are and aren't good for. Before we get into that, let's quickly summarize what a VPN is. +If you want real privacy advice, check out [TheHatedOne](https://yewtu.be/channel/UCjr2bPAyPV7t35MvcgT3W8Q?dark_mode=true)'s videos for well-researched information and tips. In the meantime, I'd like to set the record straight on what VPNs are and aren't good for. Before we get into that, let's quickly summarize what a VPN is. ## What is a VPN? VPN stands for virtual private network. The type of VPN that you see ads for are remote access VPNs. They give you remote access to the VPN provider's network. Unlike enterprise remote access VPNs, you don't get access to any private network tools or resources. All the VPN does is forward traffic on your behalf. The connection between you and the VPN is encrypted, so your internet service provider (ISP) can't see what you're sending across the internet or who it goes to. diff --git a/content/entry/explore-neocities.md b/content/entry/explore-neocities.md index f1a0714..c23fbac 100644 --- a/content/entry/explore-neocities.md +++ b/content/entry/explore-neocities.md @@ -7,11 +7,11 @@ draft: false This story starts with GeoCities. I'll let [Wikipedia](https://www.wikipedia.org/wiki/GeoCities) do the explaining: > "GeoCities, later Yahoo! GeoCities, was a Web hosting service that allowed users to create and publish websites for free and to browse user-created websites by their theme or interest. GeoCities was started in November 1994 by David Bohnett and John Rezner, and was named Beverly Hills Internet briefly before being renamed GeoCities. On January 28, 1999, it was acquired by Yahoo!, at which time it was reportedly the third-most visited website on the World Wide Web. -> +> > In its original form, site users selected a "city" in which to list the hyperlinks to their Web pages. The "cities" were named after real cities or regions according to their content: For example, computer-related sites were placed in "SiliconValley" and those dealing with entertainment were assigned to "Hollywood", hence the name of the site. Soon after its acquisition by Yahoo!, this practice was abandoned in favour of using the Yahoo! member names in the URLs. -> +> > In April 2009, the company announced that it would end the United States GeoCities service on October 26, 2009. -> +> > There were at least 38 million pages displayed by GeoCities before it was terminated, most user-written. The GeoCities Japan version of the service endured until March 31, 2019." The third most visited website on the World Wide Web. 38 million mostly user-written pages before it was terminated in 2009. Just wow. That's impressive. I was only ten years old when GeoCities shut down, so it was before my time. I never got to experience it in its prime. diff --git a/content/entry/how-to-transfer-large-files-from-one-computer-to-another.md b/content/entry/how-to-transfer-large-files-from-one-computer-to-another.md index b909550..9b009cb 100644 --- a/content/entry/how-to-transfer-large-files-from-one-computer-to-another.md +++ b/content/entry/how-to-transfer-large-files-from-one-computer-to-another.md @@ -49,7 +49,7 @@ If you have large files you want to share with multiple people efficiently and y Unlike the client-server architecture used by Magic Wormhole and OnionShare where you act as a server sending the files to the client, peers in a torrent help upload chunks of your file to others who want a copy. Peers can continue to share the file even after you go offline. ## LAN File Sharing -For computers on the same LAN, there's plenty of software for managing a shared directory of large files. There's [Rsync](https://www.wikipedia.org/wiki/Rsync), [NFS](https://www.wikipedia.org/wiki/Network_File_System), [SSHFS](https://www.wikipedia.org/wiki/SSHFS), [Samba](https://www.wikipedia.org/wiki/Samba_%28software%29), and [SFTP](https://www.wikipedia.org/wiki/SFTP). +For computers on the same LAN, there's plenty of software for managing a shared directory of large files. There's [Rsync](https://www.wikipedia.org/wiki/Rsync), [NFS](https://www.wikipedia.org/wiki/Network_File_System), [SSHFS](https://www.wikipedia.org/wiki/SSHFS), [Samba](https://www.wikipedia.org/wiki/Samba_%28software%29), and [SFTP](https://www.wikipedia.org/wiki/SFTP). These programs can also share files to the public internet, but most of you reading this won't have a static public IP address or domain name, so it's irrelevant. I often use Rsync for its versatility, security, and efficient delta-transfer algorithm. diff --git a/content/entry/integrated-activism.md b/content/entry/integrated-activism.md index db1dcf0..f17e18a 100644 --- a/content/entry/integrated-activism.md +++ b/content/entry/integrated-activism.md @@ -4,7 +4,7 @@ date: 2021-06-30T00:00:00 draft: false --- # Tunnel Vision -The very first thing I want to talk about to kick off this post is something in activism that I call "tunnel vision". It happens when an activist judges the morality of every social situation through the lens of their preferred social causes only, neglecting other relevant social concerns. +The very first thing I want to talk about to kick off this post is something in activism that I call "tunnel vision". It happens when an activist judges the morality of every social situation through the lens of their preferred social causes only, neglecting other relevant social concerns. ## Cryptocurrency To break that down, let's think about cryptocurrency. Proponents of proof-of-work based blockchain cryptocurrencies often highlight the benefits. For instance, the blockchain's decentralized nature, resilience against various attack vectors, privacy benefits, freedom benefits, etc. But they either fail to mention or brush off its environmental impact and tax implications. @@ -22,7 +22,7 @@ The difference between darknet communities and cryptocurrency communities as I s There's a lot going wrong in the world and, as an activist, there are infinite social issues worth fighting for. Some of them conflict with each other. So the question becomes how to deal with conflicting social issues. Because the alternative is just ignoring them. It's just having tunnel vision. ## Clever Solutions -Sometimes there are clever ways to get around conflicts of interest between two social issues. For instance, using proof-of-stake consensus for blockchains instead of proof-of-work mitigates the energy consumption problem of cryptocurrencies. It preserves the good qualities of cryptocurrency while mitigating the purely bad qualities. +Sometimes there are clever ways to get around conflicts of interest between two social issues. For instance, using proof-of-stake consensus for blockchains instead of proof-of-work mitigates the energy consumption problem of cryptocurrencies. It preserves the good qualities of cryptocurrency while mitigating the purely bad qualities. ## Hard Conflicts ### Darknets - Good and Bad Content diff --git a/content/entry/its-not-necessarily-irrational-to-believe-things-you-cant-justify-to-others.md b/content/entry/its-not-necessarily-irrational-to-believe-things-you-cant-justify-to-others.md index db3ee8c..b50c8e0 100644 --- a/content/entry/its-not-necessarily-irrational-to-believe-things-you-cant-justify-to-others.md +++ b/content/entry/its-not-necessarily-irrational-to-believe-things-you-cant-justify-to-others.md @@ -13,15 +13,15 @@ I don't consider what Steven does unfair in the slightest, because the college s There's this idea that people who can't defend a belief to others are always unjustified in it, but this conclusion is wrong. What's really happening might be better explained by Hacker News commenter [TameAntelope](https://news.ycombinator.com/item?id=31004980): > "I think this is why it's hard sometimes to argue in support of something you believe, even if you're right. -> +> > At one point, all of the relevant facts and figures were loaded into your working memory, and with that information you arrived at a conclusion. Your brain, however, no longer needs those facts and figures; you've gotten what you needed from them, and they can be kicked out of working memory. What you store there is the conclusion. If it comes up again, you've got your decision, but not all of the information about how you arrived there. -> +> > So when your decision is challenged, you are not well equipped to defend it, because you no longer retain why you arrived at that decision, just the conclusion itself. -> +> > It's immensely easier to trust that you arrived at the right conclusion and the person who is in disagreement is missing something, than it is to reload all of the facts and figures back into your brain and re-determine your conclusion all over again. Instead, you can dig in, and resort to shortcuts and logical tricks (that you can pull out without needing to study) to defend what you've previously concluded (possibly correctly, but without the relevant information). -> +> > If this finding ends up being generally an approximation of how our brains work, it could explain a lot about what's happening to global conversations, particularly around the Internet and on social media specifically. It also suggests a possible solution; make the data quickly available. Make it as seamless as possible to re-load those facts and figures into your working memory, and make it as unpleasant as possible to rely on shortcuts and logical tricks when arguing a point." -> +> > - TameAntelope TameAntelope hits the nail on the head here. Believing something you cannot justify to others isn't necessarily irrational. If you recall a time when you did have all the relevant facts and figures in your head, and computed the conclusion, then it does make sense to stick to that conclusion even after you've long forgotten the justification for it. diff --git a/content/entry/learning-im-autistic-was-a-relief.md b/content/entry/learning-im-autistic-was-a-relief.md index f142a11..ee2bf14 100644 --- a/content/entry/learning-im-autistic-was-a-relief.md +++ b/content/entry/learning-im-autistic-was-a-relief.md @@ -24,6 +24,6 @@ It's amazing how far the right label gets you in neurotypical society. If I tell That's why finally learning I'm autistic was a good thing. It didn't make me sad. On the contrary, it was a huge relief to know there are other people out there like me with the same challenges I have, to hear their stories, what they've gone through and relate it back to my own experiences. It was a relief to learn that these harmful labels I got were also wrong and that I *am* misunderstood by society. And it was a relief to learn that there is an explanation for the way I am and resources and groups out there for people like me. -Maybe some of you out there suspect you're autistic or have some other condition and are avoiding getting diagnosed because you're afraid of the stigma or you're afraid it'll hurt your self-esteem. This is my train of thought on the subject (not medical advice): +Maybe some of you out there suspect you're autistic or have some other condition and are avoiding getting diagnosed because you're afraid of the stigma or you're afraid it'll hurt your self-esteem. This is my train of thought on the subject (not medical advice): You are the way you are. Getting a proper diagnosis doesn't make you autistic. Being autistic makes you autistic. Getting a diagnosis just means that you have the proper label. It means no longer being confused about what's going on in your life and, even if you don't pursue help, you know where to find it. And you don't have to tell anybody about your condition if you don't want to. In my personal experience though, being in the dark makes life a lot harder. It's better to know. diff --git a/content/entry/mourning-the-loss-of-privacy.md b/content/entry/mourning-the-loss-of-privacy.md index 830dee4..7584570 100644 --- a/content/entry/mourning-the-loss-of-privacy.md +++ b/content/entry/mourning-the-loss-of-privacy.md @@ -20,7 +20,7 @@ To start, I live in a civilized country which is a member of the Five Eye intell Not only that, but it subverts my 4th amendment rights because it's warrantless surveillance. Some of you constitutional scholars will be quick to point out that the 4th amendment protects only from government surveillance, not corporate surveillance. The problem is even though the video surveillance isn't explicitly performed by the state, Scamazon gives the state access any time they want. Let's call it what it is, a loophole for the state to get around the 4th amendment. It's 24/7 warrantless surveillance I never consented to. All because my neighbor decided that, for some strange reason, doorbells need to have cameras now. Short of asking my neighbor to remove the camera, there's nothing I can do. And that's just when I leave home. On its own that's bad enough, but it doesn't even scratch the surface. ## Interpersonal Surveillance -Nowadays everyone carries personal tracking devices called smartphones. Unless the person I'm with is as privacy-aware as I am (virtually zero probability), they have apps on their phone that are probably listening to our conversation, even though it's supposed to be private. Even if I'm talking to a privacy-conscious person, anyone else nearby with a smartphone with TikTok, Facecrook or Spotify installed instantly nullifies the privacy we had. I swear, every time I hear a crApple iBad ding with that familiar tone letting me know Siri just sent our conversation over to crApple servers because Siri thought I was addressing her, I just want to take the device and throw it as far as I can. But I can't. +Nowadays everyone carries personal tracking devices called smartphones. Unless the person I'm with is as privacy-aware as I am (virtually zero probability), they have apps on their phone that are probably listening to our conversation, even though it's supposed to be private. Even if I'm talking to a privacy-conscious person, anyone else nearby with a smartphone with TikTok, Facecrook or Spotify installed instantly nullifies the privacy we had. I swear, every time I hear a crApple iBad ding with that familiar tone letting me know Siri just sent our conversation over to crApple servers because Siri thought I was addressing her, I just want to take the device and throw it as far as I can. But I can't. The same for smartphone cameras. If anyone is using their smartphone near me, they probably have proprietary apps that can't be trusted with the camera permission. Those apps could use the camera in the background, watching whoever is in view at any time. My privacy in who I associate with is negated because someone is pointing a camera at me which is connected to a device that can't be trusted not to covertly send footage to private monopolies and, subsequently, the state. When someone sits across from me with their rear-facing smartphone camera pointed at me I just want to say "Hey, excuse me. Can you please not point a camera at me. I really don't want to be recorded and the proprietary apps on your phone might be doing that". But I'd probably be looked at like I have 2 heads if I actually said that to anyone. I don't do that because I don't believe it would do any good. Since everyone always has their phone with them, in effect I have zero privacy around others. It gets even worse if I visit somebody. diff --git a/content/entry/my-career-path.md b/content/entry/my-career-path.md index d4f4af2..0589fb8 100644 --- a/content/entry/my-career-path.md +++ b/content/entry/my-career-path.md @@ -45,7 +45,7 @@ Nevertheless I feel very out of place working low wage entry-level positions, bu ## Looking For Internships I've tried applying for free software internships, but no luck so far. The only place I'm certain I wouldn't have any freedom issues is the granddaddy organization of the free software movement, the FSF. I haven't had any luck there yet either. According to the statistics I've read, less than 5% of applicants get approved for many of the free software internships. There's just not as much money and positions available in free software as there is in proprietary software. A lot of internships are targeted towards minorities and being a straight, white male doesn't help. A lot of them are exclusive to students, which I am no longer. -Something that has been discouraging is seeing so-called "open source" internships use proprietary software for project development and communication. It makes no sense to use Goolag docs, Slack and Github for project development when you're developing free software. User freedom matters, but what about developer freedom? Don't developers deserve freedom too? Many of the sites for free software internships require proprietary JavaScript to apply and they include Goolag Analytics, which goes to show how seriously they're taking the whole freedom thing. +Something that has been discouraging is seeing so-called "open source" internships use proprietary software for project development and communication. It makes no sense to use Goolag docs, Slack and Github for project development when you're developing free software. User freedom matters, but what about developer freedom? Don't developers deserve freedom too? Many of the sites for free software internships require proprietary JavaScript to apply and they include Goolag Analytics, which goes to show how seriously they're taking the whole freedom thing. ## Interacting with Free Software Communities Since dropping out, I've communicated in various free software communities. @@ -124,7 +124,7 @@ The first part of my plan is applying for more internships. So far I've just bee I need to broaden the scope of my search and consider other career options that fall within my interests. I have an Associate of Science degree and a minor in Mathematics. I also have this blog and some code samples on git.nicksphere.ch to show to potential employers. So it's not as if I'm locked into applying for computer-related internships. The worst thing that can happen is I get rejected and apply somewhere else. The best that can happen is I get hired and advance my career. ## Network -To get a better idea of potential career paths, I should network with people who already work in careers I'm interested in. It would help me get an idea whether that's something I really want to do, what ethical concerns there might be and it could help me get my foot in the door. +To get a better idea of potential career paths, I should network with people who already work in careers I'm interested in. It would help me get an idea whether that's something I really want to do, what ethical concerns there might be and it could help me get my foot in the door. ## Avoid Formal Education If I need to learn something for a career, I'm confident in my ability to teach myself. I know how to read textbooks. I don't need to pay for an expensive human text-to-speech engine. I'd like to avoid the expenses. @@ -145,7 +145,7 @@ Since I refuse to use non-free software, it would be better for me to get a loca It will be much easier to avoid proprietary software and other ethical problems working for small businesses where I might can retain some degree of control over some aspects of the work versus at a large corporation where there's already well-established ways of doing things that aren't going to change. Also unless I'm mistaken non-profits tend to be more ethical to work for than for-profit organizations. ## Keep Blogging -While blogging hasn't helped me get an internship yet, it does help me organize my thoughts. It has helped me put more thought into my career plan than I otherwise would have. So I'm going to keep doing it. +While blogging hasn't helped me get an internship yet, it does help me organize my thoughts. It has helped me put more thought into my career plan than I otherwise would have. So I'm going to keep doing it. ## Consider Self-Employment Being self-employed would give me more freedom in my work. It would allow me to use the free software tools I want to use rather than being commanded to use proprietary garbage by an employer. It would also allow me to do some actual good. Perhaps I could find a niche that there is demand for but hasn't been occupied yet. @@ -219,7 +219,7 @@ I have the least respect for this argument because it's so easily refuted. It's The first reason is that it's impossible to know for sure that individual actions won't make a big difference. Most of the time individual actions don't cause any major changes. But occasionally they do. Just look at Greta Thunberg. -Her claim to fame was skipping school sitting alone outside the Swedish parliament. She has inspired millions and is now a household name. But it didn't have be that way. One can easily imagine it going the other way. Maybe in an alternate universe no one took notice, she never became famous and the strikes inspired by her never happened. +Her claim to fame was skipping school sitting alone outside the Swedish parliament. She has inspired millions and is now a household name. But it didn't have be that way. One can easily imagine it going the other way. Maybe in an alternate universe no one took notice, she never became famous and the strikes inspired by her never happened. The only way to guarantee failure, in most important contexts, is by not trying at all. Therefore as long as there's any chance at all, one must try. diff --git a/content/entry/newcombs-paradox-resolved.md b/content/entry/newcombs-paradox-resolved.md index a5928f0..1c5d3b2 100644 --- a/content/entry/newcombs-paradox-resolved.md +++ b/content/entry/newcombs-paradox-resolved.md @@ -16,8 +16,8 @@ Here's the problem from Wikipedia ([CC BY-SA 3.0](https://creativecommons.org/li > There is an infallible predictor, a player, and two boxes designated A and B. The player is given a choice between taking only box B, or taking both boxes A and B. The player knows the following: > Box A is clear, and always contains a visible $1,000. > Box B is opaque, and its content has already been set by the predictor: If the predictor has predicted the player will take both boxes A and B, then box B contains nothing. If the predictor has predicted that the player will take only box B, then box B contains $1,000,000. -> -> +> +> > The player does not know what the predictor predicted or what box B contains while making the choice. ## The Paradox @@ -36,13 +36,13 @@ As I suggested in the "telescoping method", we're going to break down the abstra > Let p be the probability that the predictor is correct. Then: > 1000000p is the expected value if you choose only box B. > 1000000(1-p) + 1000 is the expected value if you choose both boxes. -> +> > 1000000p > 1000000(1-p) + 1000 > -> 1000p > 1000(1-p) + 1 > -> 1000p > 1000 - 1000p + 1 > -> 2000p > 1001 > -> p > 0.5005 -> +> > Therefore the expected value if you choose only box B is greater than the expected value if you choose both boxes so long as the predictor is over 50.05% accurate, slightly better than a coin toss. An AI system that can predict slightly better than a fair coin toss could create the Newcomb Paradox. Given what AI is already capable of, this is a realistic scenario. It also shows that the infallible predictor isn't the root cause of the paradox. diff --git a/content/entry/nobody-knows-how-many-bullshit-jobs-exist.md b/content/entry/nobody-knows-how-many-bullshit-jobs-exist.md index b1bc4fc..81acd6b 100644 --- a/content/entry/nobody-knows-how-many-bullshit-jobs-exist.md +++ b/content/entry/nobody-knows-how-many-bullshit-jobs-exist.md @@ -6,7 +6,7 @@ draft: false Before I get into this, I need to define what bullshit jobs are exactly. To do that, I'll quote the person who popularized the idea, deceased American anthropologist [David Graeber](https://www.wikipedia.org/wiki/David_Graeber): > "Bullshit jobs are jobs which even the person doing the job can’t really justify the existence of, but they have to pretend that there’s some reason for it to exist. That’s the bullshit element. A lot of people confuse bullshit jobs and shit jobs, but they’re not the same thing. -> +> > Bad jobs are bad because they’re hard or they have terrible conditions or the pay sucks, but often these jobs are very useful. In fact, in our society, often the more useful the work is, the less they pay you. Whereas bullshit jobs are often highly respected and pay well but are completely pointless, and the people doing them know this." Here are a few examples: movie executives, sign spinners, academic administrative staff, telemarketers, middle management, gas pumpers, door assistants, etc. diff --git a/content/entry/on-drug-checking-tools.md b/content/entry/on-drug-checking-tools.md index 6bdb45d..83483ee 100644 --- a/content/entry/on-drug-checking-tools.md +++ b/content/entry/on-drug-checking-tools.md @@ -22,7 +22,7 @@ Thugs want to prolong the war on drugs to get fatter budgets. Drugs are their ex The cartels rely on drugs as a major source of profit. Without it, they'll lose money. Crime and violence would go down, but that only directly benefits non-rich people, so politicians don't care. ## Big Banks -The banksters also take their cut of the war on drugs. Big banks launder billions worth of illegal cartel money. Destroying people's lives is very lucrative. +The banksters also take their cut of the war on drugs. Big banks launder billions worth of illegal cartel money. Destroying people's lives is very lucrative. # Conclusion Weakening of drug laws means these three groups lose money. They're determined to make sure that doesn't happen because apparently money is more important to them than the millions of lives the war on drugs is ruining. diff --git a/content/entry/on-nick-bostrom.md b/content/entry/on-nick-bostrom.md index e38a404..a95cd66 100644 --- a/content/entry/on-nick-bostrom.md +++ b/content/entry/on-nick-bostrom.md @@ -6,9 +6,9 @@ draft: false For those who don't know [Nick Bostrom](https://nickbostrom.com), I'll include a snippet of his bio on his website: > "Nick Bostrom is a Swedish-born philosopher with a background in theoretical physics, computational neuroscience, logic, and artificial intelligence, as well as philosophy. He is the most-cited professional philosopher in the world under the age of 50. -> +> > He is a Professor at Oxford University, where he heads the Future of Humanity Institute as its founding director. He is the author of some 200 publications, including Anthropic Bias (2002), Global Catastrophic Risks (2008), Human Enhancement (2009), and Superintelligence: Paths, Dangers, Strategies (2014), a New York Times bestseller which helped spark a global conversation about the future of AI. He has also published a series of influential papers, including ones that introduced the simulation argument (2003) and the concept of existential risk (2002). -> +> > Bostrom’s academic work has been translated into more than 30 languages. He is a repeat main TED speaker and has been interviewed more than 1,000 times by various media. He has been on Foreign Policy’s Top 100 Global Thinkers list twice and was included in Prospect’s World Thinkers list, the youngest person in the top 15. As a graduate student he dabbled in stand-up comedy on the London circuit, but he has since reconnected with the heavy gloom of his Swedish roots." Bostrom is obviously a very accomplished guy. I believe I first discovered him through his oft-misunderstood paper on the [Simulation Argument](https://www.simulation-argument.com/simulation.pdf). I studied his simulation argument and its criticisms very closely. After many hours of researching criticisms and his responses to criticisms, I concluded that his argument is sound and even intuitive if you change your perspective to 4th-dimensional thinking. He adequately addressed some of the criticisms in his own responses and for those criticisms he didn't address, I was able to come up with my own responses. diff --git a/content/entry/on-spirituality.md b/content/entry/on-spirituality.md index 61256cf..c3a2e38 100644 --- a/content/entry/on-spirituality.md +++ b/content/entry/on-spirituality.md @@ -5,7 +5,7 @@ draft: false --- # Clarification > "The fundamental game of being is like the game of hide and go seek. We hide in the thoughts we don't know we're having. They become who we are. Then one day, something or someone wakes us up and we realize we were playing a game the entire time. This could take 10 seconds or 10 years depending on the person. But, the game goes on several times in a single human life, played out in a different way each time. Just imagine all the ways the game is being played across all of humanity. The game of being a good person and not an evil one. The game of seeking happiness. The game of seeking enlightenment..." -> +> > -- Me in [Ego Traps](/2020/08/02/ego-traps) Some of you just read that thinking something along the lines of "What on earth is he talking about? He's gone off the deep end". Skeptics would say I'm peddling [Deepak Chopra](https://rationalwiki.org/wiki/Deepak_Chopra) level [woo-woo](https://rationalwiki.org/wiki/Woo). And I can't blame them for thinking that. Take the first sentence "The fundamental game of being is like the game of hide and go seek". If you read that as a literal statement, it's unfalsifiable at best and meaningless at worst. The rest of that paragraph and parts of other posts tagged "spirituality" have the same problem. For that, I apologize. I never meant to peddle woo-woo. I am definitely no Deepak Chopra and I have no intentions of promoting pseudoscience or irrational thinking. @@ -13,9 +13,9 @@ Some of you just read that thinking something along the lines of "What on earth At the time I probably wasn't even sure how I wanted those posts to be interpreted. I was unsure of my writing because I was unsure of my thinking. You can see that in my protracted preface to [Doublethink](/2020/06/14/doublethink): > As a quick note, what people post online is often taken as something they will forever agree with and are forever held to. This is unreasonable. There needs to be some equivalent of forgiveness if one posts something horrible online, but that's a topic for another post. I'm not saying people aren't responsible for what they post. But I am saying we should aspire to take the most charitable interpretation of what people post if we care about advancing the conversation. Obviously a person's character is a factor in how you interpret what they post. -> +> > On my blog, I want to retain the right to post not only ideas that I understand well. But I also want the freedom to talk about things I'm not sure about. That means I run the risk of being wrong. No one posting their ideas online openly should expect to be immune to criticism. Criticism comes with the territory. But I want to say I'm interested in sharing ideas. If it's clear to me you're only interested in taking my words out of context, twisting what I write or using cheap gotchas because I didn't state something perfectly, then I probably won't respond. If you want clarification about anything I discuss, visit my [about page](/about) for contact details. With that cleared up, let's move on to the meat of this post. -> +> > -- Me in [Doublethink](/2020/06/14/doublethink) Anyone who has tried to express spiritual experiences and concepts can attest to the difficulty of conveying them to others without sounding like a [quack](https://rationalwiki.org/wiki/Quackery). I don't have a good remedy for that. What I do have is an explanation for why it's so difficult. @@ -27,7 +27,7 @@ There's a simple reason talking about spirituality is hard. It's because words n The problem skeptics readily point out is most spiritual orators are all too sympathetic to pseudoscience, religion and woo-woo. This leads them to conclude that spiritual experiences are just forms of mental illness and irrationality. What they don't realize is spiritual orators gravitate to pseudoscience, religion and woo-woo precisely because skeptics fail to connect to the character of spiritual experiences. That is to say if I want to talk about spirituality I have a much better chance at effectively imparting my experiences to a priest than a skeptic. To quote Sam Harris' blog post [What's the Point of Transcendence?](https://samharris.org/whats-the-point-of-transcendence/): > "...experiences of self-transcendence are generally only sought and interpreted in a religious or “spiritual” context—and these are precisely the phenomena that tend to increase a person’s faith. How many Christians, having felt self-transcending love for their neighbors in church or body-dissolving bliss in prayer, decide to ditch Christianity? Not many, I would guess. How many people who never have experiences of this kind (no matter how hard they try) become atheists? I don’t know, but there is no question that these states of mind act as a kind of filter: they get counted in support of ancient dogma by the faithful; and their absence seems to give my fellow atheists yet another reason to reject religion. -> +> > Reading the comments on Jerry’s blog exposes the problem in full. There are several people there who have absolutely no idea what I’m talking about—and they take this to mean that I am not making sense. Of course, religious people often present the opposite problem: they tend to think they know exactly what I’m talking about, in so far as it can seem to support one religious doctrine or another. Both these orientations present impressive obstacles to understanding." Harris has even had to [defend his use of the word spiritual](https://samharris.org/a-plea-for-spirituality/) and argue that [spiritual experiences actually happen](https://samharris.org/on-spiritual-truths/). Us spiritual skeptics have always been on the defense of spirituality against skeptics that seem to have never had a spiritual experience in their life. Or if they have had such an experience they somehow failed to see [the significance of it](https://samharris.org/whats-the-point-of-transcendence/). diff --git a/content/entry/organization-let-grow.md b/content/entry/organization-let-grow.md index 9325586..6c9d6cd 100644 --- a/content/entry/organization-let-grow.md +++ b/content/entry/organization-let-grow.md @@ -17,7 +17,7 @@ The playground monitor who watched over us, a woman probably between the ages of I now suspect that, if pressed, the playground monitor would have said something to the effect of "that game isn't appropriate", because people were getting sick from the swine flu. But what does "inappropriate" even mean? We were kids with no bad intentions and it was a fun game. I suspect if we called it something different, the monitor wouldn't have had a problem with the game. Looking back, it still makes no sense to me why that game was canceled for us. -# Dragon Ball +# Dragon Ball I have yet another similar story. Some kids get into comics, Harry Potter, Pokemon, or Yu-Gi-Oh!. For me it was Dragon Ball Z. I liked watching Dragon Ball Z. I had the well-taken-care-of action figures. I had the video games. I watched the new episodes on television when they came on. I loved it. One day on the playground at recess, I learned a few other kids were into it as well. So naturally, we picked our characters and started fighting. We weren't even hitting each other. We were sticking our hands out with open palms going "Kamehameha!", Goku's signature technique. I pretended to be the feared, ruthless galactic emperor Frieza, and the others holding me in place were pretending to be the good guys. We were all having fun until, again, the playground monitor shut us down and told us we were being too rough, even though no one was hurt. diff --git a/content/entry/predicting-the-near-term-consequences-of-ai.md b/content/entry/predicting-the-near-term-consequences-of-ai.md index bcd27f2..aabab0a 100644 --- a/content/entry/predicting-the-near-term-consequences-of-ai.md +++ b/content/entry/predicting-the-near-term-consequences-of-ai.md @@ -57,9 +57,9 @@ Perhaps some forms of automation could be banned to prevent mass unemployment, b ## Life Purpose In my entry "[Automation and The Meaning of Work](/2022/09/07/automation-and-the-meaning-of-work/)", I predicted how automation would affect how people find meaning. I think it will have some positive benefits like no more child labor and freeing people from miserable and dangerous jobs, giving people more time to do things they like doing. But it will also have negative effects such as taking away work people find meaningful. I predict some jobs will still remain, specifically those where human workers like doing them and the people who benefit from the labor prefer humans doing them. -I predict that if nothing is done to incentivize students, they'll be discouraged from attending higher education since their future jobs will be automated anyways. Perhaps students won't be discouraged though if going to university is more of a sociocultural expectation than a rational economic choice they're making. +I predict that if nothing is done to incentivize students, they'll be discouraged from attending higher education since their future jobs will be automated anyways. Perhaps students won't be discouraged though if going to university is more of a sociocultural expectation than a rational economic choice they're making. -With the dramatic reduction in useful human labor, I predict that culture will be forced to adapt so that human meaning is no longer associated with what one does for money. +With the dramatic reduction in useful human labor, I predict that culture will be forced to adapt so that human meaning is no longer associated with what one does for money. ## The Law I'm very concerned about how AI will affect the (in)justice system. There are worrying trends that I hope reverse themselves, such as AI surveillance taking U.S. prisons by storm. That terrifies me because U.S. prisons are already farcically punitive unlike [reasonable prison systems](/2021/02/03/documentary-the-norden-prison/), [there are far too many Americans in jail](/2022/03/05/website-visualizing-wealth-inequality-and-mass-incarceration/) many of which haven't even been convicted, and many of which have been convicted, but for breaking [unjust laws](/2020/11/08/legalize-all-drugs/). diff --git a/content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md b/content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md index c7d52e3..1f02dfe 100644 --- a/content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md +++ b/content/entry/re-against-risk-based-authentication-or-why-i-wouldnt-trust-google-cloud.md @@ -7,7 +7,7 @@ draft: false I found another [article](https://www.devever.net/~hl/logindenial "Against risk-based authentication (or, why I wouldn't trust Google Cloud)") written by Hugo Landau which discusses the unavailability of risk-based authentication (non-deterministic login). For those who don't want to read the entire article, here's a short quote which captures the essence of Hugo's critique: > "The problem is precisely this: The credentials you require to access a Google account are essentially indeterminate. Supposedly, for a simple Google account without 2FA enabled, knowledge of the account email and password should be sufficient to access an account; except sometimes, they aren't. Sometimes, Google might randomly decide your login attempt is suspicious, and demand you complete some additional verification step. -> +> > This sounds potentially innocuous until you then realise that there's no guarantee you can actually complete this additional verification step. There are to my recollection numerous stories of people being locked out of accounts which they have the passwords for because Google has decided that things are suspicious and having the password is not enough." Apart from the availability issue that Hugo brought up, my problem with risk-based authentication is that it usually relies on collecting and indefinitely storing sensitive data about the user for later comparison, which violates their privacy and creates needless risk of sensitive data exposure. diff --git a/content/entry/re-dkim-show-your-privates.md b/content/entry/re-dkim-show-your-privates.md index 3aac7b1..ef9a2ee 100644 --- a/content/entry/re-dkim-show-your-privates.md +++ b/content/entry/re-dkim-show-your-privates.md @@ -14,8 +14,8 @@ As Ryan notes in their blog post though, email deniability probably won't protec The Session team's blog post, "[Session Protocol: Technical implementation details](https://www.getsession.org/blog/session-protocol-technical-information)", says more or less the same in the context of their own private messaging protocol: -> "As previously mentioned, cryptographic deniability is often something that is largely ignored by the court system and the media. If contextual information can be provided around screenshots, this is often enough to lead to a conviction or personal damages, regardless of the presence or absence of cryptographic deniability. -> +> "As previously mentioned, cryptographic deniability is often something that is largely ignored by the court system and the media. If contextual information can be provided around screenshots, this is often enough to lead to a conviction or personal damages, regardless of the presence or absence of cryptographic deniability. +> > Instead of designing a cryptographic protection, Session will add the ability to edit other users’ messages locally, thus providing a way to completely forge conversations. Since signatures are deleted after messages are received, there will be no way to prove whether a screenshot of a conversation is real or edited, diminishing the value of screenshots as evidence." Programmers could still change the Session source code to save the message signatures anyways, but I highly doubt anyone is doing this. By contrast, email servers *do* retain email signatures even after emails are already validated. So there's more of a concern for email being cryptographically undeniable than Session Private Messenger. diff --git a/content/entry/re-why-even-let-users-set-their-own-passwords.md b/content/entry/re-why-even-let-users-set-their-own-passwords.md index 1f09c16..06e53fb 100644 --- a/content/entry/re-why-even-let-users-set-their-own-passwords.md +++ b/content/entry/re-why-even-let-users-set-their-own-passwords.md @@ -7,7 +7,7 @@ draft: false This entry is a yet another commentary on an article written by Hugo Landau, titled "[Why even let users set their own passwords?](https://www.devever.net/~hl/passwords)". > "Today we seem to be living through a war on passwords. This is manifested in various ways ... The more material changes are the general trend towards no longer treating passwords as a sufficient condition for access in favour of either mandatory “2FA” or, where 2FA is not used, risk-based authentication, in which some extra authentication step is non-deterministically and randomly demanded. -> +> > This step is commonly something like “enter the code in an email we just sent” when trying to login. Since this process is literally the same as most password recovery processes, it raises the question of what the point of a password is in the first place if you always have to go through this process when trying to login." There are several flaws with this email token approach to account security as described by Hugo. @@ -39,7 +39,7 @@ My browser also erases cookies, so I also have to log in every time, but this is I agree that using email tokens as a login system is problematic, but that's a separate issue. I agree that websites shouldn't use third-party cookies, but third-party cookies aren't required for "remember this device" that I'm aware of. So it's not exactly clear to me what Hugo's complaint is here or what they want done about it. > "While at the same time every website for the masses now seems to be designed around the assumption that everyone is going to set their password to “password1”, web-based HTTP APIs are also widely popular nowadays. These services almost invariably perform authentication via use of a token or “API key”. -> +> > An API key is basically a password, except that it is randomly generated by a website with a large amount of entropy and thus assumed to be secure. A given website might obnoxiously refuse to trust in my ability to set a secure password, assume the 24-character randomly generated password I keep in my password safe is insecure, and demand I complete an email challenge every time I login because I actually bother to exercise control over browser privacy and persistent cookies, yet that same website is happy to let me authenticate using an API key for API access as a single authentication step. No “2FA” here." API keys are used by programs and automated systems, so they can't use 2FA. As Hugo observes, this nullifies 2FA. This is why API key access should be limited by default so someone with the key can't just change the account login credentials as they could if they'd logged in normally with 2FA. Some online services do limit the scope of the API by default, but some don't. They ought to. @@ -53,7 +53,7 @@ By logging in, users trade their 2FA for a 1FA session cookie. If the attacker c Some online services are keen on this and require an additional 2FA step to change important account settings while logged in, such as account credentials. This extra 2FA step still doesn't make the account fully secure, but it's better to have it than not and many websites don't have it. > "There are agreed best practices for the handling of passwords, namely, to not reuse passwords between accounts, use randomly generated passwords, and keep those unique passwords for each account in a password safe. This raises the question: if the industry agrees this is the (more or less only) correct way to handle passwords, why actually allow users to set their own passwords? -> +> > Rather than allowing a user to set their own password, passwords can be issued in exactly the same way as API keys are now: a high-entropy password is randomly generated by the issuing website, and the user is shown the password once only and asked to record it. If the password is lost, a new password must be generated using the same process. The user cannot choose their password, but can get a new randomly generated one in the event of compromise. The password essentially becomes indistinguishable from an API key." I agree. I also think it would be a good idea to include a notice telling the user to store the token in a password manager. Some might object "You can't require users to store randomly generated passwords. Since they can't remember it, they'd take a picture of it which would be synced to Google Photos and Apple iCloud. They'd write it down in an insecure location. They'd save it in a text file which they'd accidentally delete. They'd do everything except learn to use a password manager." diff --git a/content/entry/robert-miles-makes-accessible-ai-safety-videos.md b/content/entry/robert-miles-makes-accessible-ai-safety-videos.md index e306b7d..1bae43a 100644 --- a/content/entry/robert-miles-makes-accessible-ai-safety-videos.md +++ b/content/entry/robert-miles-makes-accessible-ai-safety-videos.md @@ -8,7 +8,7 @@ I remember being in class once introducing a small group of students to the AI s The questions were along the lines of "Would it be like Terminator?", "Why would it have a utility function?", "Wouldn't it be smart enough to realize maximizing paperclips is a dumb goal?", "Why would it want to acquire resources or self-improve?", "What makes you think it would become superintelligent?", "Why couldn't we just turn it off?", so on and so forth. All great questions, but I unfortunately didn't have the time to cover them all. -I realized that the group I was trying to teach lacked the necessary background to understand why the paperclip maximizer would behave the way I was describing. It's not just lay people and students though. Many people who work in the field of AI are unaware of AI safety. Their job only requires them to think about how they can make their AI model less racially biased. It doesn't require that they consider AI as an [existential risk](https://www.wikipedia.org/wiki/Global_catastrophic_risk#Defining_existential_risks). +I realized that the group I was trying to teach lacked the necessary background to understand why the paperclip maximizer would behave the way I was describing. It's not just lay people and students though. Many people who work in the field of AI are unaware of AI safety. Their job only requires them to think about how they can make their AI model less racially biased. It doesn't require that they consider AI as an [existential risk](https://www.wikipedia.org/wiki/Global_catastrophic_risk#Defining_existential_risks). Maybe you don't think it matters because that person isn't intending to work on artificial general intelligence (AI as smart as or much smarter than humans). I would argue that that's besides the point. We may live in a universe where the technological development path of AGI is such that it's highly probable that it gets invented accidentally. In other words, someone with no intentions to invent AGI and only rudimentary understanding of AI safety ends up inventing it. That scenario would be disastrous for humanity. diff --git a/content/entry/shit-neurotypicals-say-to-autistics.md b/content/entry/shit-neurotypicals-say-to-autistics.md index eae9bcc..3f6aea6 100644 --- a/content/entry/shit-neurotypicals-say-to-autistics.md +++ b/content/entry/shit-neurotypicals-say-to-autistics.md @@ -5,7 +5,7 @@ tags: ['autism'] draft: false --- > "I don't have a problem with autistic people, but I hate weird people." - + *Heavy sigh*. You might be fooling yourself by using the terms weird, awkward, strange, etc. as a euphemism, but you're not fooling me. You're not the first person to call me those things. I've heard it all a thousand times from elementary school up until college. I know what those phrases really mean. **People use words like weird to insult autistic people without it being too obvious to others or themselves that they're an ableist.** diff --git a/content/entry/struggle-to-graduate-without-nonfree-software.md b/content/entry/struggle-to-graduate-without-nonfree-software.md index f402057..a2c2ae6 100644 --- a/content/entry/struggle-to-graduate-without-nonfree-software.md +++ b/content/entry/struggle-to-graduate-without-nonfree-software.md @@ -121,7 +121,7 @@ Now, there are still some possible pitfalls, e.g. getting statement from my supe When I look behind, I'm actually glad I acted how I acted. Perhaps I won't be able to please those who want to see me graduate. But I don't think graduating by surrendering to nonfree platforms would bring any long-term benefits. Only more compromises. Come back in some time to see how this compromise-less effort ends. This article will be updated :) ## Notes -I called all university teachers professors, although only the Framsticks and seminar ones have that title. +I called all university teachers professors, although only the Framsticks and seminar ones have that title. # Concluding Thoughts This first draft doesn't say it, but Wojciech ended up graduating and successfully defending his thesis. Hurray! diff --git a/content/entry/the-addiction-to-thinking.md b/content/entry/the-addiction-to-thinking.md index 5ea1633..853bce2 100644 --- a/content/entry/the-addiction-to-thinking.md +++ b/content/entry/the-addiction-to-thinking.md @@ -12,7 +12,7 @@ This activity doesn't require you to believe superstitions or unsubstantiated cl Here are the instructions: > Pick up the pen and hold it to the paper. Whenever you notice a thought that can be written down in words, you write it down. Don't worry about grammar or spelling, that's not the point. Don't worry if it's even coherent or continuous. Don't scratch anything out. Redundancy is perfectly fine. Just write down whatever is on your mind. If it's kind, peaceful, helpful, write it down. If it's hateful, vulgar, taboo, write it down anyway. It's important that you don't censor anything. Just let there be a continuous flow of thoughts from your mind to the paper. -> +> > Write until you notice enough thoughts that your mind outpaces your hand. Try to at least fill up 1 full page with thoughts. The more, the better. The goal is to write down as much of your own [self-talk](https://www.wikipedia.org/wiki/Self_talk) as you can. ## Limitations diff --git a/content/entry/the-cult-of-productivity.md b/content/entry/the-cult-of-productivity.md index 787c299..07ce15f 100644 --- a/content/entry/the-cult-of-productivity.md +++ b/content/entry/the-cult-of-productivity.md @@ -42,7 +42,7 @@ Experiencing the benefits of unproductivity can be a strong antidote to the cult Now I'm not giving a free pass to be lazy and not hold your own weight in society. That's not what I mean by unproductivity. All I mean is taking some time to be unproductive and not feel bad about it. "Unproductive" has become a pejorative, for no good reason really. It's actually healthy to be unproductive sometimes, something we in modern society never emphasize. # Conclusion -In conclusion, just ask questions and practice unproductivity. Why is working long hours something to be proud of? How much of your job is actually productive and how much is just procedure? Would you be more productive during work if you spent more time being unproductive outside of work? What unproductive activities do you enjoy? Is all the production of labor in the world really needed or would we be just as happy producing far less? Do we even need as much production of goods as we have? +In conclusion, just ask questions and practice unproductivity. Why is working long hours something to be proud of? How much of your job is actually productive and how much is just procedure? Would you be more productive during work if you spent more time being unproductive outside of work? What unproductive activities do you enjoy? Is all the production of labor in the world really needed or would we be just as happy producing far less? Do we even need as much production of goods as we have? See? Questioning the assumptions of the cult of productivity is easy. You can apply these questions to your own personal life and come up with new ones. All it takes is some out-of-the-box thinking. You can encourage others to do the same and deprogram themselves. Form your own opinions. Don't just go along with whatever the corporate media and the government tells you. They want good, obedient workers that produce without ever questioning why. But you don't have to blindly follow what they say. Choose to be your own independent thinking person. I'll end with a quote. diff --git a/content/entry/the-electronic-frontier-foundation-defends-your-digital-rights.md b/content/entry/the-electronic-frontier-foundation-defends-your-digital-rights.md index 0e3a4cd..16bf036 100644 --- a/content/entry/the-electronic-frontier-foundation-defends-your-digital-rights.md +++ b/content/entry/the-electronic-frontier-foundation-defends-your-digital-rights.md @@ -7,9 +7,9 @@ draft: false The [Electronic Frontier Foundation](https://www.eff.org) (EFF) is a nonprofit that has been tirelessly defending your digital rights since 1990. Here's a quote from the about page of their website: > "Today, EFF uses the unique expertise of leading technologists, activists, and attorneys in our efforts to defend free speech online, fight illegal surveillance, advocate for users and innovators, and support freedom-enhancing technologies. -> +> > Together, we forged a vast network of concerned members and partner organizations spanning the globe. EFF advises policymakers and educates the press and the public through comprehensive analysis, educational guides, activist workshops, and more. EFF empowers hundreds of thousands of individuals through our Action Center and has become a leading voice in online rights debates. -> +> > EFF is a donor-funded U.S. 501(c)(3) nonprofit organization that depends on your support to continue fighting for users." Organizations like the EFF are more important now than they've ever been. They run [campaigns](https://act.eff.org/action "EFF Campaigns") and [events](https://www.eff.org/events/list?type=event "EFF Events"), host [podcasts](https://www.eff.org/taxonomy/term/11579/ "EFF Podcasts"), make [press releases](https://www.eff.org/updates?type=press_release "EFF Press Releases"), fight [legal battles](https://www.eff.org/cases "EFF Legal Cases"), promote [digital privacy tools](https://www.eff.org/pages/tools "EFF Tools"), document [police surveillance tech](https://atlasofsurveillance.org/ "EFF Atlas of Surveillance"), and much more in the name of protecting digital civil liberties. diff --git a/content/entry/why-disappearing-messages-are-important-for-private-messaging.md b/content/entry/why-disappearing-messages-are-important-for-private-messaging.md index 49b18b3..23adfbd 100644 --- a/content/entry/why-disappearing-messages-are-important-for-private-messaging.md +++ b/content/entry/why-disappearing-messages-are-important-for-private-messaging.md @@ -14,6 +14,6 @@ The benefit of the online implementation is that all parties can be confident th Another way to mitigate private information disclosure is requiring the user to set a password for the messaging app. People will still choose weak passwords, but for most common threat models, attackers will simply give up after seeing a password prompt anyways. -In general, password protected apps are not a bad idea. But the problem with password protecting *messaging* apps is they must stay logged in on the user's device after the password is entered. App developers could require entering the password every time the app is opened or after some set interval, but that's too much inconvenience for most people. Since most people message on smartphones which would have the app logged in 24/7, password protection offers no real additional security. +In general, password protected apps are not a bad idea. But the problem with password protecting *messaging* apps is they must stay logged in on the user's device after the password is entered. App developers could require entering the password every time the app is opened or after some set interval, but that's too much inconvenience for most people. Since most people message on smartphones which would have the app logged in 24/7, password protection offers no real additional security. In conclusion, online disappearing messages offer an important mitigation against common threat models, they reduce private information disclosure even when your contacts' are clueless about cybersecurity, and there doesn't seem to exist any convenient alternative. So it's my opinion that **all messaging apps which call themselves private should at least offer online disappearing messages**. Luckily almost all the ones I'm familiar with already do. diff --git a/content/entry/why-i-dont-have-a-smartphone.md b/content/entry/why-i-dont-have-a-smartphone.md index 9bc01d2..6ff4f7b 100644 --- a/content/entry/why-i-dont-have-a-smartphone.md +++ b/content/entry/why-i-dont-have-a-smartphone.md @@ -57,7 +57,7 @@ Regular readers of this journal are probably wondering when I'm going to mention ## Smartphones Are Surveillance Devices Well actually no. It's possible to have a smartphone that isn't a mass surveillance device. When I had the Google Pixel, I enabled airplane mode and MAC randomization. I used free software from F-droid exclusively. Traffic was onion-routed via Tor. Bluetooth was disabled and wifi as well when I wasn't using it. [I taped both front and rear cameras.](/2021/04/07/cover-your-cameras/) So privacy wasn't an issue for me. -The average person's smartphone is a surveillance device with dozens of proprietary apps tracking them every which way and a crippled, vendor-locked excuse for the latest version of Android. As for iPhones, there's no excuse for having that trash. They're even worse for your freedom than vendor-locked Androids. +The average person's smartphone is a surveillance device with dozens of proprietary apps tracking them every which way and a crippled, vendor-locked excuse for the latest version of Android. As for iPhones, there's no excuse for having that trash. They're even worse for your freedom than vendor-locked Androids. Non-techies don't know how to protect themselves from mass surveillance, so surveillance still counts as a reason for others not to have a phone. diff --git a/content/entry/will-you-support-my-work.md b/content/entry/will-you-support-my-work.md index 10c869f..61ad0c9 100644 --- a/content/entry/will-you-support-my-work.md +++ b/content/entry/will-you-support-my-work.md @@ -5,7 +5,7 @@ draft: false --- Thanks to all of you who read my journal. Over the past three years, I've went through multiple iterations of its design, settling on a first-of-its-kind Gemini-supporting [Hugo theme](https://git.nicholasjohnson.ch/hugo-theme-journal "Hugo Theme Journal") I built from the ground up. As for the journal itself, I've averaged about one entry every five days, discussing a wide variety of topics and I have no plans on stopping. I've also made several contributions to the libre software community. -All the public work I've done so far except for [this LibrePlanet talk](/2022/04/08/taking-back-the-web-with-haketilo/ "Taking Back The Web With Haketilo") has gone unpaid, which I'm fine with since there was never any expectation of payment. I'm content to make my journal and software available at no cost forever and always. +All the public work I've done so far except for [this LibrePlanet talk](/2022/04/08/taking-back-the-web-with-haketilo/ "Taking Back The Web With Haketilo") has gone unpaid, which I'm fine with since there was never any expectation of payment. I'm content to make my journal and software available at no cost forever and always. However, I've had tremendous difficulty finding work that I'm capable of doing as [an autistic person](/2022/05/16/coming-out-as-autistic/ "Coming Out as Autistic") that doesn't cause me cognitive dissonance with all the [proprietary software](/2023/09/05/gaining-clarity-after-walking-off-a-job-on-orientation-day/ "Gaining Clarity After Walking Off a Job on Orientation Day") I'd be required to use. This has left me in a tough spot financially, which is why I'm making this journal entry. |