HackerTrans
TopNewTrendsCommentsPastAskShowJobs

pdkl95

no profile record

comments

pdkl95
·5 years ago·discuss
Vi Hart - "How to Microwave Gracefully"

https://www.youtube.com/watch?v=T9E0zSpULFY
pdkl95
·5 years ago·discuss
edit: fixed formatting problem

> sentinel values

Using in-band signaling always involves the risk of misinterpreting types.

> This is part of more general problem

DWIM ("Do What I Mean") was a terrible way to handle typos and spelling errors when Warren Teitelman tried it at Xerox PARC[1] over 50 years ago. From[2]:

>> In one notorious incident, Warren added a DWIM feature to the command interpreter used at Xerox PARC. One day another hacker there typed

    delete *$
>> to free up some disk space. (The editor there named backup files by appending $ to the original file name, so he was trying to delete any backup files left over from old editing sessions.) It happened that there weren't any editor backup files, so DWIM helpfully reported

    *$ not found, assuming you meant 'delete *'
>> [...] The disgruntled victim later said he had been sorely tempted to go to Warren's office, tie Warren down in his chair in front of his workstation, and then type 'delete *$' twice.

Trying to "automagically" interpret or fix input is always a terrible idea because you cannot discover the actual intent of an author from the text they wrote. In literary criticism they call this problem "Death of the Author"[3].

[1] https://en.wikipedia.org/wiki/DWIM

[2] http://www.catb.org/jargon/html/D/DWIM.html

[3] https://tvtropes.org/pmwiki/pmwiki.php/Main/DeathOfTheAuthor
pdkl95
·6 years ago·discuss
If you really haven't heard the term "surveillance capitalism" before, this[1] interview is a very good overview of the topic, including this explanation of the term:

>> So even early on in the theorizing of capitalism it was understood that capitalism takes on different market forms and different eras in the context of different technologies. We’ve had mercantile capitalism, and we’ve had factory capitalism, and mass-production capitalism, and managerial capitalism, financial capitalism. And typically what happens in these new concepts is that modifier, like “mass production,” or in my case “surveillance” capitalism, what that modifier is doing is pinpointing the pivot of value creation in this new market form.

> engender anti-surveillance support from anti-capitalists

Every anti-capitalist I know has already been anti-surveillance for a long time.

[1] https://nymag.com/intelligencer/2019/02/shoshana-zuboff-q-an...
pdkl95
·6 years ago·discuss
All problems are solved by humans; sometimes problem solving humans may use tools such as computers. Algorithms are just an automation that a human decided to use to solve a problem.
pdkl95
·6 years ago·discuss
> "anonymization" generally just involves replacing a name or credit card number with some other identifier.

DJB's description of "anonymization" while talking[1] about his job as the man in the middle at Verizon:

>> Hashing is magic crypto pixie-dust, which takes personally identifiable information and makes it incomprehensible to the marketing department. When a marketing person looks at random letters and numbers they have no idea what it means. They can't imagine that anybody could possibly understand the information, reverse the hash, correlate the hashes, track them, save them, record them.

> lots of industry standard analyses unachievable with those identifiers out of the picture.

Calling something "standard" doesn't mean it's ethical. If someone wants use that type of identifier, they need to get explicit informed consent from everyone involved, and they need to be liable for any damages that derive from their database of identified records.

[1] https://projectbullrun.org/surveillance/2015/video-2015.html...
pdkl95
·6 years ago·discuss
reCAPTCHA increasingly doesn't even give me a captcha. Instead, they simply deny me from even trying; They send this instead of the challenge:

  <div>
    <noscript>
      Please enable JavaScript to
      get a reCAPTCHA challenge.<br>
    </noscript>
    <div class="if-js-enabled">
      Please upgrade to a
      <a href="[1]">supported browser</a>
      to get a reCAPTCHA challenge.
    </div>
    <br><br>
    <a href="[2]" target="_blank">
    Why is this happening to me?</a>
  </div>
They probably don't like my non-standard user agent string and they definitely don't like that I block a lot of their spyware, but reCAPTCHA used to work properly for many years with the same/similar browser configuration.

[1] https://support.google.com/recaptcha/?hl=en#6223828

[2] https://support.google.com/recaptcha#6262736
pdkl95
·6 years ago·discuss
> That would make the existence of anonymous data practically speaking impossible to have on the web

For almost every type of data that is true. Transforming or substituting data doesn't make it anonymous; the patters in the data are still present. To produce actually anonymous data you have to do what the GDPR instructed: corrupt the data ("rendered anonymous") severely enough that the "data subject is ... no longer identifiable". You need to do something like aggregate the data into a small number of groups such that individual records no longer exist. Techniques like "differential privacy" let you control precisely how "anonymous" your data is by e.g. mixing in carefully crafted noise.

> 8192 bucket

While others have pointed out that this isn't actually limited to 13 bits of entropy for most people, there are at least two reasons that field is still very personally identifying. First, "x-client-data on its own" never happens. Google isn't wasting time and money implementing this feature to make an isolated database with a single column. At no point will the x-client-data value (or any other type of data they capture) ever sit in isolation. I used the IPv4 Source Address as an example because it will necessarily be present in the header of the packets that transport the x-client-data header over the internet. Suggesting that Google would ever use this value in isolation is almost insulting to Google; why would they waste their expensive developer time to create, capture, and manage data that is obviously useless?

However, lets say they did make and isolated system that only ever received 13 bit integers stripped of all other data. Surely that wouldn't be personally identifiable? If they store it with a locally generated high resolution timestamp they can re-associate the data with personal accounts by correlating the timestamps with their other timestamped databases (web server access logs, GA, recaptcha, etc).

> you'd need to describe a scheme such that, given an x-client-data header, and only an x-client-data header, you could identify one (and only one) unique person to whom that header corresponds

You should first describe why google would ever use that header and only that header. Even if they aren't currently using x-client-data as an identifier or as additional fingerprintable entropy, simply saving the data gives Google the option to use it as an identifier in the future.

[1] https://www.youtube.com/watch?v=pT19VwBAqKA https://en.wikipedia.org/wiki/Differential_privacy
pdkl95
·6 years ago·discuss
This is impressive doublespeak.

> This ... header ... will not contain any personally identifiable information

> a seed number which is randomly selected on first run ... chosen between 0 and 7999 (13 bits of entropy)

They are not including any PII... while creating a new identifier for each installation. 13 bits of entropy probably isn't a unique identifier iff you only look at that header in isolation. Combined with at least 24 additional bits[1] of entropy from the IPv4 Source Address field Google receives >=37 bits of entropy, which is almost certainly a unique ID for the browser. Linking that browser ID to a personal account is trivial as soon as someone logs in to any Google service.

> Experiments may be further limited by country (determined by your IP address)

They even admit to inspecting the IP address...

> operating system, Chrome version and other parameters.

...and many additional sources of entropy.

[1] why 24 bits instead of 32? The LSB of the address might be zeroed if the packet is affected by Googles faux-"anonymization" feature ( https://news.ycombinator.com/item?id=15167059 )
pdkl95
·7 years ago·discuss
While topics like privacy and DRM are important, framing the discussion in those terms de facto obscures/distracts from the issue of property rights. Using someone's property (to e.g. to spy on them) after they purchased it is usually some sort of crime: trespassing, theft, vandalism, etc. If "intellectual property" is "property", then destroying someone's property (with DRM or other remote control) is a crime such as vandalism. The manufacturer lost their rights at the first sale of the good to the customer.

This is why tech companies have been pushing to reframe the sales of their goods as a service. They abuse[1] copyright by claiming yu need to license the software/firmware. This is like claiming when you purchase a book it isn't your property because they only "licensed" the book's story. However, trying to extend copyright (which only grants rights related to making more copies) into property rights is a misuse of copyright[1].

[1] https://en.wikipedia.org/wiki/Copyright_misuse
pdkl95
·7 years ago·discuss
Animaniacs Episode 7, "Piano Rag":

    [The Warners try to hide form Dr, Scratchandsniff in
     a piano recital, where Tymannini is about to perform]
  
    TYMP: Franz Schubert intended the scherzo
          to reflect the struggle between intellect
          and the creative process.
    TYMP: However, Schubert was simply incapable
          of expressing such delicate nuance.
          But, thanks to *my* genius,
          I will perform this great work,
          *not* as the composer wrote it,
          but as he *intended*.
DWIM ("Do What I Mean")[1] has always been impossible; it's a fallacious belief that what a user intended is different from what they actually said, and that this intent can somehow be divined form a few words, typos, etc.

> as a sysadmin

It doesn't even require any advanced technical knowledge. Most people understand basic keyword searching. Over the last ~6-12 months, I've seen a wide variety of people complain about Google ignoring their search terms.

[1] https://news.ycombinator.com/item?id=15628014
pdkl95
·7 years ago·discuss
> (they are all scratched out as 'missing')

The 'missing' notes are incredibly condescending. Not only are the results irrelevant/incorrect, they also had to arrogantly point out exactly how they are choosing to ignore the user's request.
pdkl95
·7 years ago·discuss
There is always Tk. It's a very friendly (no sudden unexpected behavior), easy to use toolkit.

https://tkdocs.com/tutorial/index.html

Tk works more or less everywhere and sometimes already installed: https://tkdocs.com/tutorial/install.html

and you don't need to use tcl: https://tkdocs.com/resources/languages.html

If you don't like Python, Ruby, Perl, or Tcl, other bindings are available: https://wiki.tcl-lang.org/page/Languages+with+a+Tk+binding https://en.wikipedia.org/wiki/Tk_%28software%29#Language_bin...

While the stock look-and-feel is functional-but-bland on all platforms, modern Tk is completely customizable and can approximate native widgets: https://tkdocs.com/tutorial/windows.html#dialogs
pdkl95
·7 years ago·discuss
I recently tried to use Swing (for compat. and interop. reasons). While it was obviously "quirky" (partly just from it's age - some of those "quirks" were expected behavior at the time), it appeared to at least be functional. I have very simple GUI needs for this project, slapping a basic UI onto the project shouldn't be that hard, right?

Then I discovered the multiple layers of hell of Swing's various layout managers. I never thought I'd actually find something worse than packing GTK+ {h,v}boxes. I think I might end up retreating back to Tk...
pdkl95
·8 years ago·discuss
Also, has anybody actually proposed making it "illegal for you to pay someone for anonymous health care"? The government funding some type of minimum health care doesn't mean they are actually providing the health care.
pdkl95
·8 years ago·discuss
> any app can subscribe to events of any other app

Yes, that's a feature I have used many times in the past. If you want to sandbox an app, run it through a nested X server.
pdkl95
·8 years ago·discuss
I, the user, do that. It's not the app's responsibility.