BREAKING: No one cares about privacy

Posted on November 30, 2013 | Leave a comment

Via Hacker News, we have this headline: “Facebook reveals friends list even when it’s set to private”. It’s yet another example of Facebook (et al) leaking information that results in something of a privacy breach.

Does anyone really care?

The answer is simple: no. No one cares.

The world is easily segmented into two groups:

  1. A very tiny group of people who value their privacy and do all sorts of weird things to protect it, like not using Facebook or G+ or whatever. They use some strange 3rd-party email Tor reflector thing, use OpenGPG to encrypt all their cat pictures, etc.
  2. Literally everyone else.

I don’t know of a single person who left Gmail (or switched their default search, etc) as a result of the whole NSA thing. I don’t know a single person who has ever said, “Facebook is a massive time-sink/drama magnet whose purpose is to enrich the bank accounts of those who own Facebook stock, so there’s no reason for me to be there”. I don’t know a single person who has ever said, “The default search experience on Duck Duck Go is good enough that I don’t need Google”. I don’t know a single person who has ever said, “I don’t mind ads for Google products and services on my default new tab page in Chrome”. I don’t know a single person who has ever said, “I gain massive benefit from social networking, so these sorts of privacy breaches are unfortunately part of reaping said benefit”.

In other words, no one cares. Privacy breaches don’t matter until it hurts you directly.

(Addendum: I have seen people on Twitter remark that they’re switching to DDG; however I’m a veteran of the first great Linux On The Desktop war, and for every person who cast Windows aside and boldly embraced the Penguin, approximately 100% were back on Windows as soon as the newest CoD game was out. So I don’t even believe those who boldly Twitter-protested their switch: odds are they got annoyed at DDG and quietly switched back to Google.)

It’s not that security researchers shouldn’t continue to look for them; it’s that the tech press act like they remotely matter one bit. They don’t. No one cares. File it away in the giant list of ways Facebook sucks ass, and watch Facebook’s stock price soar.

→ Leave a comment

Posted in Uncategorized

Tagged

The NSA, PRISM, and legal compulsion

Posted on July 14, 2013 | Leave a comment

Something I haven’t seen talked about at all is this:

It’s stated over and over that the PRISM companies – Microsoft, Google, Apple, et al – are legally required to work with the NSA when the NSA asks.

My question is this: Do they actually have any options, if they don’t want to participate?

Everyone basically assumes that the PRISM companies eagerly and happily bend over the day the nice man from the government arrives. I don’t think that’s the case.

First, I work for a company that works closely with the government in various ways, and to be frank no one is really particularly thrilled with the long arm of The United States Government. I can’t imagine the PRISM companies, even with groups set up specifically to interact with the government, are thrilled by its intrusion.

Second, these are for profit companies. Does anyone in their right mind think that anything that detracts from either 1)profit or 2)good PR is something any of them want? Ever? Dealing with this adds time to development and testing, introduces bugs, and as we’ve seen is a PR nightmare.

It is entirely possible that they want to help The Global War Against Violent Extremism (or whatever we’re calling it this week) but I imagine they’d prefer some way that didn’t take any actual work or risk actual money.

Anyway, let’s assume the CEO has decided that it’s all crap, and they don’t want any part of it. Can they even do anything?

They could challenge it in court, unless of course said challenge was immediately made secret. In which case they’d be in a rough place: explain to everyone where all this money is going without telling them why. Or, maybe it happens in public, but in any event they are public companies. Shareholders and boards might not like this. The majority might think it’s best to work with the NSA, or at least not be distracted in a very public fashion; words to the effect of “it’s not our corporate mission to shape public policy” come to mind. Is this the fight CEOs want to have, especially if a majority of shareholders end up being OK with it?

It is suggested, for example, that the timing of Apple coming on board to PRISM has to do with Jobs death; that somehow he resisted the NSA by sheer force of will. Maybe; he was very, very persuasive. On the other hand mundane reasons answer the question just as easily (can you imagine integrating one secret organization into another? It was probably a total nightmare).

So anyway, that’s what I’ve been thinking about. I’m not trying to absolve them of anything; I’m not Protector Of Corporate Power. I genuinely don’t know if you can even say “hell no” to the NSA and the surveillance laws without dropping a bomb inside your company.

(Update: Noted pageview troll/complete moron Dvorak brings up the flip-side of my arguments here. I like his points but the fact remains, he’s a pageview troll and a moron, and will never in his life do something like switch to Linux. But stopped clocks, etc.)

→ Leave a comment

Posted in Uncategorized

Tagged ,

Is my Dropbox going to sell me out?

Posted on June 9, 2013 | Leave a comment

Let us assume for a moment that I have NSFW content on my personal (paid for by me) Dropbox, which I connect to my work computer. 

Am I then “storing” NSFW content on my work computer? After all Dropbox locally caches pretty much everything. If I’m using Dropbox at work for things like 1Password or syncing application config, am I obligated to ensure that no NSFW content is part of the bargain?

(Note that I am not looking at the NSFW content at work. It is just passively there. Obviously if I use Dropbox to sync NSFW content so I can look at it at work, I’m in the wrong.)

→ Leave a comment

Posted in Personal

Simpler, but vulgar

Posted on June 2, 2013 | Leave a comment

Allow me to make a stronger, simpler, and far more vulgar point than this post:

Hacker News is awful. The “community” is mostly bored shitheads posting from work, or massively self-important assholes who are bitter their TODO app didn’t get into YCombinator after 15 tries. 

Twitter accounts like Shit HN Says could be 10x as content-rich if they wanted to. Most of the things posted on HN are just truly awful, in terms of a community of ostensibly technical people. 

You can see craven, callow, shallow, mean, bitter, obnoxious, stupid … the entire range of awful human interactions. Honestly, when’s the last time a HN comment really improved anything? Really made a strong contribution to your job, your hobby? 

As a community-curated link site, Hacker News has good stuff most of the time. As a place for community discussion, Hacker News is just You Tube comments with better grammar.

→ Leave a comment

Posted in Annoyances

Tagged

MongoDB and FUD

Posted on June 1, 2013 | Leave a comment

The Problem:

Our data set consists of gigabytes upon gigabytes of pickled Python dictionaries, CSV files, and plain text, with the odd bit of Excel or Word. I have three goals:

  • Maintain this monstrosity
  • Create a searchable index
  • Build a new version for the future.

The entire app is a single monolithic Python app: there is no such thing as a “front end” or a “back end” or “middleware”. It’s a web app but there’s no templates; it generates HTML via print statements. The same Python file may include standalone logic,or  shared logic to be used by other components. It’s a bit of a mess. Lastly the framework it uses is basically abandonware; I haven’t tried to see if it runs under any Python after 2.4, and you can be sure it won’t work under 3.

My first task was the search problem. I started with Whoosh but after about a year, it started to run into performance problems, and I’d also learned enough about information retrieval that I wanted some more features. The Whoosh guy is awesome and he’s done a hell of a thing, though; I cannot recommend it enough for smaller projects, but I needed more. I’d attended a talk at Pycon about Elasticsearch, so I switched to that, and it’s been awesome. 

My strategy was pretty simple: a cron job to regenerate the world. Since Elasticsearch is really, really fast, it took perhaps 30 minutes to reindex the entire data set, and since it’s not a 24/7 use case running it at night is no big deal. (I’d like to provide real-time search but my users rarely need it; they’re content to have today’s new data appear tomorrow)

This worked so well for 2 reasons. First, I’d learned enough about the “common data set” that I could make the custom indexer pretty easy to work with since I knew enough about my users search needs that I could ignore 99.9% of the data. And second, Python dictionaries map really well to JSON, which Elasticsearch uses as its input and output.

In building the regenerate-the-world scripts, I had written a huge amount of code to 1)walk the entire flat-file “database” and 2)make lots and lots of sense of it all. I did stuff like, “ensure that every disparate part of the app always refers to a Project by the faux-primary-key ‘projectid’ instead of ‘pj’ and ‘projid’ and whatever else”. My indexer did a pretty decent job of cleaning up this semi-schemaless data; so now what?

Since our app uses CouchDB, it was my first choice, and very quickly abandoned. I loathe CouchDB. It makes a lot of sense in our app, but not for a general-purpose data store. 

Up next was “any ol’ RDBMS”, which means MySQL. Attempts to hammer the semi-schemaless data into relational format resulted in a data model so complex and byzantine, it was practically recursive. Instead of 3rd normal form I made a wormhole into a hell-dimension. So, no.

Despondent and generally upset, I tried MongoDB. And it worked! Experiments worked really well! 

  • As I said, Python dictionaries map very well to JSON/BSON so the amount of friction in import/export was minimal.
  • Ad-hoc queries
  • easy blob storage for stuff like Word documents
  • It’s fast (importing the world took perhaps 20 minutes)
  • It’s easy to set up (compile and go, basically)
  • Support for every language and platform I could think of
  • Has some replication capability in case I ever need it

I wasn’t really sure about a couple things, mainly backup-and-restore, but that was really my only concern, and the Mongo docs on the topic seemed straightforward enough; my users can tolerate an hour of downtime.

And now, the point of my little story: I think Mongo DB is picked on more than just about any platform save PHP. There is so much fear, uncertainty, and doubt spread about it, it’s started to leak into my world and freak me out.

Consider the most recent thing, the “randomly log stuff” bit in the Java driver. Places like /r/shittyprogramming were all over it with digital brickbats. Every thread was then a free-for-all of “here’s now MongoDB screwed me over/Here’s why MongoDB sucks” stories from all over the internets.

Panic set in. This data is mission-critical; while my users can tolerate small amounts of downtime and don’t need OTP-type features, it’s still mission-critical data. Have I fucked up royally here? Have I set myself up for epic fail? Or am I just giving in to the sort of FUD that pervades every goddamn internet discussion about any sort of technology? Let’s face it: people pile on and rarely are they anywhere nearly as awesome as they think they are. 

At this point I’m not entirely sure what to do. My thought was to return to the cold comfort of MySQL, using a Friendfeed-style schemaless system. It’s a huge orthogonal step but I’ve recovered horribly fucked MySQL databases after three-too-many bottles of Tequila, so it’s safe and well-understood. It puts the impetus on me to write the entire friggin’ access layer, but whatever. I know about Postgres and JSON, but I don’t know Postgres at all.

Am I giving in to FUD? Do I stay the course, trusting that my proven, real-world positives outweigh potential negatives?

→ Leave a comment

Posted in Python, Technology

Tagged , ,

World Design and “instant-only” magic

Posted on April 13, 2013 | Leave a comment

So to go into detail a little further on last night’s little thought, I keep thinking about fantasy world design with traditional D&D magic, and how utterly illogical they are.

My main point is that the presence of long-lasting magical effects would pretty much always result in something that is no longer a feudal society.

You can throw around the handwave of “but it’s FANTASY” all you want, but the fact is every society faces pretty much the same problems: food preservation, sickness, transportation, and war. Humans invented agriculture so as to allow food to be created literally while they were sleeping; medicine, because people get sick and die over the dumbest things, like a small infection; transportation, because sitting in one place eventually exhausts its local resources; and war, because fuck those other guys. The first 3 also serve to make war more efficient: moving troops and their food, and healing their injuries.

So your average fantasy world (as shipped by whatever edition of D&D is current) has spells for all those things, yet every game world is pretty much late feudal in structure. What total crap.

(SIDEBAR: Yes, I am aware of Eberron, which is I think the first mass-market not-dumb-feudal setting. Sadly I have yet to meet anyone who actually plays it.)

Anyway, I think the “fix” for this is to simply disallow any spell or effect that does anything that persists. It fixes every problem!

  1. No stupid “colleges of Magic”. Magic effects happen as a result of some unknown, unquantifiable process. There is no correspondence course to learn how to shoot lightning bolts from your butt.
  2. Great and mighty empires happen mostly as a result of conquest, not superior economics, which is what happens when you can preserve food, acquire resources, and keep your people healthy.
  3. Trap-laden holes in the earth are now essential means of guarding treasure, as you cannot simply ward them with impenetrable force fields.

And so on. The exact definition of “instant-only” is a little fuzzy at times: obviously “continual light” is out, but “cure disease”? In my mind, “cure disease” is not instant, but I suppose opinions vary.

→ Leave a comment

Posted in Uncategorized

Tagged

A brief D&D nerd thought

Posted on April 12, 2013 | Leave a comment

What if “magic” was defined as only momentary violations of the laws of physics?

So one of the things that define D&D magic is things like enchantment of items, the “continual light” spell, and so on; things that persist. What if the world only allowed only momentary violation of physics, causality, whatever?

It seems like a small change on the surface, but it’s probably huge: it’s a world without “magic” swords, or whatever. Most fantasy game worlds are built on persistent magic.

→ Leave a comment

Posted in Uncategorized