On Fri, May 15, 2015 at 11:45:47PM +0900, Lodewijk andré de la porte wrote:

Noscript is admission of failure to sandbox, and a step away from webapplications.

webapplications are simple development cost externalisations by the VC vultures and their startup slaves and js are a perfect tool in gathering more private information to sell that. webapplications shouldn't exist in the first place, there's OS level binaries that should be used instead. but i totally understand that the time-to-market and the RoI of hiring a bunch of dumb jsdevs is greatly more profitable than doing it right. the incentives of the system subvert and cannibalize the system itself. omnomnom. since you addressed sandboxing, i'm much more of a fan of reducing the attack surface than sandboxing. sandboxing should be only used in a defense-in-depth setup, with other factors being more important, like reducing all the layers of cruft underneath. also lets not forget that the security in browsers is like the security offered by tls, it's mostly in the interest of the industries, not the users sitting behind the browsers. sandboxing in chrome for example is good enough for the startups to not leech the data in other tabs, but looking at the results of various exploit compos confirms that the more resourceful attackers are not much deterred by the sandboxing. whereas noscript is indeed in the interest of the user, not the industries. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt

..snip..

The problem, ultimately, is features. And it will always be features.

That is correct as an observation. I don't like it, but the world does not care whether I like it or not; I am 1/7000000000 regardless of my skill, taste, or persuasiveness. And so it has always been (cf. "bread and circuses"). However, what I object to is the tendency of features to destroy functionality by way of collateral damage, viz., for platforms to be constructed to deliver features and only to deliver features. That is what "freedom to tinker" fears. That is what risk is all about, risk being solely a consequence of that upon which you depend. That is why I've all but stopped buying new things (computers, cars, appliances, etc.) -- their orientation around features reduces my ability to configure, to repair, nay even to understand what is going on inside, much less that it is legally questionable as to whether I even own them despite having paid my money for them.[*] (Even were I willing to run Javascript, my old computers can no longer handle the burgeoning demands -- Javascript has clearly become the technologic embodiment of "When rape is inevitable, relax and enjoy it.") Big data, especially of the so-called deep learning kind, is of a parallel sort. Where data science spreads, a massive increase in tailorability to conditions follows. Even if Moore's Law remains forever valid, there will never be enough computing hence data driven algorithms must favor efficiency above all else, yet the more efficient the algorithm, the less interrogatable it is, that is to say that the more optimized the algorithm is, the harder it is to know what the algorithm is really doing. The more desirable some particular automation is judged to be, the more data (which is to say foodstuffs) it is given. The more data it is given, the more its data utilization efficiency matters. The more its data utilization efficiency matters, the more its algorithms will evolve to opaque operation. Above some threshold of dependence on such an algorithm in practice, there can be no going back. As such, if data science wishes to be genuinely useful, preserving algorithm interrogatability despite efficiency-seeking, self-driven evolution is the research grade problem now on the table. If science does not pick this up, then Lessig's characterization of code as law is fulfilled. In short, features drive. They drive because of democratic principles evidenced by immensely rapid uptake. They rely upon a user base that is forever "barefoot and pregnant." And it is increasingly difficult to opt out of features without opting out of society altogether. As there is zero difference between "personalization" and "targeting" beyond the intent of the algorithm, those who don't accept features will be adjudged anomalous, and we already treat anomaly detection as the sine qua non of public safety. --dan [*] http://www.wired.com/2015/04/dmca-ownership-john-deere/

NYT today has book review on gradual replacement of humans by robots, a beloved investment of those at the top, so John Deere is out to replace farmers not make them more productive. Same for robotics in general; their inventors, coders, engineers, will themselves be replaced by robots which can outperform their vulnerable, increasingly marginalized parents. We have seen how digital spying is fast replacing humans who are hired to algo, build and unleash the robots, guide them for a while until they learn to be self-guided and self-improved across the flesh-and-blood spectrum, bottom to top, yes, even the top are robotically destined to be invaded by algorithms way smarter than their makers. Yes, robotic subversion has happened to banks, governments, investors, spy agencies, their contractors and NGOs. Maybe not yet time for humans to eat their kids, their homegrown garden and feed lot, but that's the model beloved by those at the top, yes, that is what they are doing, eating their seed corn. Go for it, John Deere, eat your sales and repair crew. Oh well, the richest got richer last year, the prisons got fuller, buildings got taller and deadlier, drones are becoming favorites of agri-farmers, kid predators, and revenge porners. Want a roasted PhD for dinner, call Amazon. Not you, Dr. Geer, not yet the Ubers buzzing overhead with pension-killing Hellfires. At 12:56 PM 5/17/2015, you wrote:

On Sat, May 16, 2015 at 10:05:55AM -0400, dan@geer.org wrote:

...

..snip..

...

The problem, ultimately, is features. And it will always be features.

That is correct as an observation. I don't like it, but the world does not care whether I like it or not; I am 1/7000000000 regardless of my skill, taste, or persuasiveness. And so it has always been (cf. "bread and circuses").

..snip..

...

In short, features drive. They drive because of democratic principles evidenced by immensely rapid uptake. They rely upon a user base that is forever "barefoot and pregnant." And it is increasingly difficult to opt out of features without opting out of society altogether. As there is zero difference between "personalization" and "targeting" beyond the intent of the algorithm, those who don't accept features will be adjudged anomalous, and we already treat anomaly detection as the sine qua non of public safety.

--dan

[*] http://www.wired.com/2015/04/dmca-ownership-john-deere/

Ahhh, John Deere. Last year I asked the guy unloading my corn at the farmers co-op elevator if there was any difference between the corn I harvested with my antique rusty combine with only analog electronics for indicator lights, and half of those don't work. I tend to rely on the audio signal processing between my ears and vibrational failure early warning detectors in my but on the seat to tell me if something is broken. (okay, to be fair, there are electro-hydraulics, but those are switches and solenoids)

The brand new John Deere combines that you can press a button and it pretty much drives itself, with the operator there only to function as a legal liability offloading device produces the same quality of corn I do.

Now granted, it takes me about twice as long to harvest than it takes John Deere's fancy robots with human legal liabilty shunt devices, but one of these days an owner of one of those machines is going to get burned and decide, like me, that it's cheaper become a hacker (or hire some) and rip out every piece of technology they do not own full license to modify.

When that happens, we'll have a full-fledged technology revolt on our hands, at least if there are any farmers left that still actually own farmland.

That's a democratic principle ready for rapid uptake. I heard last year of a farmer going from a 24 row planter back to an *older* 16 row because it had less technology to break that required a John Deere certified tech than the older ones, which mostly just required figuring out which wire the mouse chewed through over the winter.

I'll be happy to feed the McJohn-Google-Disney behomoth with all the raw material needed to keep their human confinement farm operations running at full capacity, but I think both the behemoth and I know it will cost them way less to have farm owner-operators than it will cost to try to deal with the unpredictable, uncomputable, and chaotic results we are likely to encounter over the next 50 years from climate change.

Never underestimate the persuasiveness of plain, simple text, whether that be the text Martin Luther nailed to the door of the church, or these words that we are broadcasting to all, human and nonhuman, that like to identify themselves as cypherpunks.

I'm calling for a technological reformation, and not just some half hearted attempts at open-source farm equipment. The time has come for a social, economic, and, dare I say it, even a religious movement to nail a manifesto to the wall of the church of technology that has subsumed the role of both governments and spiritual seeking.

We must feed ourselves only with which we understand how it was grown.

If you insist on buying a GPS-auto-steer combine without understanding it, you have become soylent green food for the behemoth. If you buy food from your local co-op grocer without understanding the fossil fuel inputs needed to bring that food to the city, you are feeding yourself to the behemoth.

If you read this message with a javascript enabled technological behemoth... <!no carrier!> <anonomly_error> {Error="DMCA violation detected", result="feed behemoth"} </anomoly_error> -- ---------------------------------------------------------------------------- Troy Benjegerdes 'da hozer' hozer@hozed.org 7 elements earth::water::air::fire::mind::spirit::soul grid.coop

Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash