1. 2

    A recent notable worthwhile example is China’s mass hacking against Uyghurs

    I’ve been trying to avoid language like this. Saying “China does X or Y” blames a lot of people, many of whom are themselves subjected to the single-minded authoritarianism of the Chinese Government, and as such I try to specify the government in particular. Thanks for sharing your blog post though!

    1. 2

      thanks & good call, updated.

    1. 5

      Is this token local or public? local: shared-key authenticated encryption, public: public-key digital signatures.

      If someone doesn’t know whether to pick between encrypting or signing or tagging [1] a token, it seems that asking whether the token is local or public could only confuse them. SWEs implementing their own encryption might be foolish, but not understanding the primitive cryptographic operations you can utilize seems to err in the other end of the possible delineations between researchers and practitioners.

      1. since this one is slightly less commonly known — https://en.wikipedia.org/wiki/Message_authentication_code
      1. 1

        If it’s local, you get authenticated encryption. No other choices.

        If it’s public (i.e. the token is signed by one party and verified by another), you get digital signatures.

        That’s the only choice that needs to be made.

        1. 4

          That misses quite a few use-cases, no? Most importantly, tagging, where I don’t need asymmetric signatures and I don’t need encryption, but I want to give you a token you can read but not modify before you pass it back to me.

          Also, why does “local” mean “authenticated encryption”? And “public” mean “digital signatures”? I might be getting dense towards the end of a long week, but the linguistic intuition seems non-obvious.

          1. 3

            Most importantly, tagging, where I don’t need asymmetric signatures and I don’t need encryption, but I want to give you a token you can read but not modify before you pass it back to me.

            If you want unencrypted-but-authenticated tokens, stick the raw data in the unencrypted footer. Strictly speaking, your options are AEAD or Ed25519.

            Also, why does “local” mean “authenticated encryption”? And “public” mean “digital signatures”?

            Local means local to a system. The issuer is the verifier.

            Public means it’s not local to a system, it’s going to be transmitted over the public Internet. The issuer is a different entity than the verifier. (It doesn’t make sense to use public-key cryptography for a purely-local use case.)

            1. 2

              If you want unencrypted-but-authenticated tokens, stick the raw data in the unencrypted footer.

              So instead of buttons and levers, there’s more the one place I can stick my data?

              The issuer is the verifier.

              The word for that use case is “symmetric”.

              Public means it’s not local to a system, it’s going to be transmitted over the public Internet.

              And if the data is public, but the token verification is local (i.e. symmetric), then you stick it in the unencrypted footer. Got it.

              Hope you don’t take it personally if I stick with { data, tag: SHA(secret + data) } and call it a day ;)

              1. 7

                { data, tag: SHA(secret + data) }

                I hope you don’t stick with that, since I can add my own data and produce a new, but valid SHA, via a length extension attack, no?

                1. 4

                  Just to really drive this home @anfedorov - the tldr from @apg’s link:

                  HMAC is the real solution. HMAC is designed for securely hashing data with a secret key.

                  1. 1

                    False! HMAC was designed for securely tagging data with poorly constructed hash functions. Sorry not sorry for being pedantic, but apg should really know better than trying to nitpick me ;)

                  2. 1
                    1. 2

                      You didn’t specify SHA3, and are replying months later….

        1. 0

          A lot of young adults have a lot of ideas like this, and part of a liberal arts education is to air, challenge, and discuss them. Good on Google to provide a space for such education for those who did not get a chance to do it elsewhere.

          1. 1

            A better article, with a copy of the internal memo and a response from Google’s Vice President of Diversity, Integrity & Governance: http://gizmodo.com/exclusive-heres-the-full-10-page-anti-diversity-screed-1797564320

            I agree with most of the contents of that memo and the only thing I’d add is that by requesting that a non-random sample should mirror the composition of the general population you are fighting against statistics and implicitly mathematics.

            The VP’s response is interesting in how it proves the point of the memo by trying to silence any honest conversation on the subject:

            I’m not going to link to it here as it’s not a viewpoint that I or this company endorses, promotes or encourages.

            So criticising something without reading it first is a sane policy among humble folks without temptation. Let the leaders read it and decide whether it’s good or bad. They know best, anyway.

            Part of building an open, inclusive environment means fostering a culture in which those with alternative views, including different political views, feel safe sharing their opinions. But that discourse needs to work alongside the principles of equal employment found in our Code of Conduct, policies, and anti-discrimination laws.

            You can have any colour you want, as long as it’s blue. It’s in the rule book - the one that only monsters could disagree with.

            1. 8

              The VP’s response is interesting in how it proves the point of the memo by trying to silence any honest conversation on the subject:

              I’m not going to link to it here as it’s not a viewpoint that I or this company endorses, promotes or encourages.

              So criticising something without reading it first is a sane policy among humble folks without temptation.

              Your stated position on this specific section here seems ridiculous.

              First, clearly the person read it, if they were responding to it. Second, it sounds like the document in question was already very widely disseminated inside the org, so no need to “provide a link to it”. Third, such statements are fairly commonly used as a literary device to express strong dislike for something. Fourth, it sounded like it might have been an official “company policy” response, and thus may have legal ramifications if not carefully worded to avoid even the appearance of endorsement.

            1. 1

              This sounds great on the surface, but it seems strange that the article mentions neither the total number of students taking the exam, nor the percentages of female or minority students. An increase in the number of females taking the APCS exam from 2,600 to 29,000 over ten years could be a statistical improvement, no improvement, or even a decline – it depends on the number of males. I don’t know what to think now.

              We desperately need more diversity in tech. Here’s hoping.

              1. 3

                Uh, yeah, it totally has charts of the percentage of female and underrepresented minorities. Did you read the whole thing!?

                1. 2

                  Ah, you’re right and I am an idiot for not registering the y axis on the second graph. But glad to be wrong.

                  Percentage up about ten percent in ten years. That’s decent.

                  1. 1

                    It’s 18.34% => 23.25% on the engineering-bound test: https://code.org/promote/ap

              1. 4

                Worth noting that the “Principles” exam seems to be what Rutgers called “intro to CS for non-engineers”. Definitely great to see gender symmetry there, but not exactly the end of the asymmetry we’re seeing in tech workers.

                1. 1

                  Would someone explain the recurring spikes around January 1st?

                  1. 5

                    same as on the weekends, probabbly — home internet more likely to be ipv6 that office internet

                  1. 2

                    What does Apple care about NN? It’s a big fight affecting Verizon, Netflix, HBO, Google, all of which they have extensive business arrangements with, but Apple music streaming is tiny compared to Apple’s main business.

                    PS — they already engage in Zero Rating with Verizon, according to this piece: https://www.wired.com/2017/02/fcc-oks-streaming-free-net-neutrality-will-pay/

                    1. 3

                      tl;dr: in the long run, everyone has their moments of wealth and poverty, but at any given time, the distribution of wealth is exponential.

                      1. 8

                        Within that experiment, sure. Unfortunately in the real world, having more money allows you to acquire more money much easier (e.g., not having to pay the bank interest for loans, actually having money you can invest, etc.), so there’s a bit of a runaway problem where fairness won’t necessarily come in the end without intervention.

                        1. 1

                          Practical forms of “intervention” include exponential dilution via children, marriages, etc.

                          You can get around this with e.g. primogeniture but this is evolutionarily sub-optimal so most people don’t. Even the oldest banking families around today aren’t really all that old on a historical scale.

                          1. 2

                            I can see this could prevent long-lasting dynasties but when few hold money it’s still bad for the economy even if it was just for a single generation. The poor spend a much larger portion of their income than wealthy even in contrived environments. I do think the property rights (yes unlike the founding fathers I do view property as a right) of the few do not outweigh the rights of life liberty and the pursuit of happiness. If the income inequality is so extreme that those basic rights are infringed I think it is a responsibility of the government to normalize that effect.

                      1. 11

                        Let this be a lesson to companies that want to score easy PR points by hiring SJWs.

                        1. 3

                          Unless you mean very specifically hiring SJW’s indiscriminately, that’s not true and that’s not fair. If asked in an interview, I try to present a solid case for and a long-standing record of fighting for institutional justice internally and social justice at large everywhere I go. Many if not most of the great engineers I know can point to theirs, as well. I hope this helps me avoid the hassle of talking more to places which won’t be a good fit.

                          The author of this post is not motivated by a sensical attempt at social justice, but by petty personal revenge by someone who has an incredibly limited ability to evaluate the situation around her from a point of view separate from her personal desires and interests.

                        1. 57

                          PIPs are not there for your actual improvement; personal, professional, or otherwise.

                          1. 6

                            What should one do when presented with a PIP?

                            1. 58

                              Start looking for a new job immediately. That is the message.

                              1. 26

                                Exactly. The message is, “we’re firing you in 6 months and we made this PIP so we can cite it during the firing.”

                              2. 3

                                Depends on the company and your situation.

                            1. 31

                              Anyone who refers to their own teammates as their “opponent” must be an absolute pleasure to work with…

                              1. 3

                                Precisely this. Code review is impossible to get “right” when you have culture problems like folks wanting to help their friends get ahead (turning a blind eye to messy but working code) and see others fall behind (and nitpick senseless details). In almost every pre-commit review productive team I have been on, folks make little alliances to review quickly and honestly and ship each other’s code.

                              1. 8

                                full device takeover by Wi-Fi proximity alone, requiring no user interaction […] partial list of devices which make use of this platform includes the Nexus 5, 6 and 6P, most Samsung flagship devices, and all iPhones since the iPhone 4 […] demonstrate a Wi-Fi remote code execution exploit on a fully updated (at the time) Nexus 6P, running Android 7.1.1 version NUF26K

                                You have my attention.

                                1. 3

                                  I still haven’t found a good answer to “have ISP’s ever sold your browsing history to anyone?” and “how would they identify you if they did?”. Would they actually reach into your HTTP traffic and pull out cookies to serve as an identifier?

                                  Like, if I open http://somesite.com/ and it has a tracking pixel from http://userdatadepot.com with cookie uid=123, will my ISP then use “userdatadepot.com:uid=123” as an identifier for my browsing history? Not sure why, but that seems like something which will not happen, and even if it did, could easily be blocked by tracker blocking extensions like Ghostery.

                                  1. 5

                                    have ISP’s ever sold your browsing history to anyone?

                                    Yes. Likely not in general, but I used to work for a company that bought clickstream data from free dialup ISPs.

                                    1. 4

                                      Maybe I’m misunderstanding your question, but for most people and businesses, they know who you are because you have an account for them. So when you click on somesite.com they directly record the http/s request to the site. They don’t need trackers because your network traffic passes through their system.

                                      1. 1

                                        Yes, of course. The question is that when they have this nice bundle of all the news I’ve read and porn I’ve watched, and they go ahead and decide to sell it to the highest bidding data warehouse, how does the bidder resell that to someone who wants to target me with balloon and Trump ads?

                                        I guess the best answer might be “where there is a profit, there is a way”. I’d bet an extension like Ghostery or uBlock can interrupt that chain of cookie syncing, though.

                                        1. 2

                                          There’s a fairly large market of companies and organizations buying personal data that doesn’t need to be tied to a person online, only to their “RL” identity, so I’m not sure this even has to be solved to start making money. A lot of marketing is still offline, and with the growth in spending on U.S. election campaigns, there is also a huge amount of money being spent to amass personal profiles that are tied to physical addresses (which the ISP has, thanks to billing records).

                                          1. 1

                                            There’s nothing to stop the ISP from selling bundles of data tagged with the name and address and phone number of the customer. Imagine Verizon collects all your browsing data from your cell and then markets phone number, name, browsing data, ip, as daily special. No cookies need apply. Now when you browse PDP11Porn.com the server can check your IP number against the database.

                                            1. 1

                                              An ISP providing a way to look up browsing history by IP seems crazy to me, even without name / address. I don’t think there exists an ISP that could stay in business a year after creating such a service.

                                        2. 3

                                          I just assume that if the ISP’s (and others) lobbied so hard for this law, they must have some reason to want the data. Just the fact that the ISP’s want to take it for free makes me not want to give it to them.

                                          1. 2

                                            So there’s the EFF article on Verizon’s tracking header: https://www.eff.org/deeplinks/2014/11/verizon-x-uidh

                                            There’s also the Verizon FAQ: https://www.verizonwireless.com/support/unique-identifier-header-faqs/

                                            I guess it comes down to who you choose to believe. Or how you define things like “selling browser history”.

                                            1. 1

                                              I can believe that Verizon puts a salted hash of your account_id into the header of each HTTP request unless you opt out. Then ad platforms can see that identifier and serve you ads based on the history they bought from Verizon. There’s probably a way to also link that to a https cookie id, but perhaps not on Safari defaults of no-third-party-cookies? And almost certainly not with Ghostery and uBlock installed. It seems like there would be a lot of limitations in comparison to Facebook or Google’s trackers, and very little advantage.

                                              The other advantage for advertisers to use existing trackers is that they target individuals specifically, not everyone who uses your internet connection, which is often a whole family or dorm or housemates…

                                          1. 3

                                            good article. one nit-pick:

                                            Memory safety will not prevent an attacker who has obtained your HMAC key from forging a malicious credential that, when deserialized, can call arbitrary Ruby methods (yes, this was a real vulnerability in older versions of Rails)

                                            HMAC keys are secrets, as MACs are symmetric signatures where the key is used to both sign and verify.

                                            and “I got your secret” => “I can execute code on your machine” is true for most server setups.

                                            1. 5

                                              Not all secrets are equivalent. Losing just the session HMAC key, it’s reasonable to expect an attacker would only be able to forge sessions, not be able to execute arbitrary code. (This was a bug in the deserializer, btw—the HMAC part is only a little bit relevant.)

                                              1. 4

                                                Care to make a list of the popular environments in which this is true, and why?

                                                1. 2

                                                  I don’t actually have the spreadsheet handy, but just about every web framework has had similar bugs where forged cookie results in deserialization hijinks or setting the admin flag and accessing some debug console or some other game over result. No?

                                                  More generally, people like to downplay file traversal vulns, but I kind of assume file traversal -> RCE is an easy escalation. Is that true(ish)?

                                                  1. 6

                                                    It’s truish. Like, candidly: if there was an HN thread where someone said “that’s no big deal it’s just file traversal” I’d play the “file traversal is usually RCE gameover” card, and if there was a thread where someone said “file traversal is always the end of the world” I’d play the “there are platforms where it isn’t” card.

                                                    1. 1

                                                      Heh, so the first draft of my comment was more like “I seem to recall you saying that losing the secret meant RCE”, but it wasn’t meant to be an accusation. Glad I didn’t misremember at least.

                                                  2. 1

                                                    SSH, GMail, Vanguard. It’s meant as a general statement — if you don’t keep your secrets secret, that’s a problem right there, not that giving away session tagging keys leads to RCE.

                                                    If cookie data is tagged, I think it’s reasonable to assume it might be executable (e.g. a Python pickle string), because you assume secrets stay secret and storing tagged pickle strings in cookies is a lot easier than serializing / deserializing objects more manually, and if secrets don’t stay secret, session tagging keys are probably not as high on your list of concerns as some API tokens.

                                                    1. 2

                                                      I think it’s worth observing that arbitrary-file-read is often worse than it looks, while also not accepting the legitimacy of designs where it is. We should work to avoid designs where file-read is RCE.

                                                1. 2

                                                  what? no u2f?

                                                  1. 32

                                                    Too bad I interpret all breach denials as tacit admissions of a coverup.

                                                    1. 56

                                                      Ha ha, it’s funny because a white supremacist hid a Nazi joke in a pop culture reference.

                                                      1. 10

                                                        I didn’t see that, was it in the article?

                                                        1. 91

                                                          Early in the article:

                                                          What is an app, anyway? It’s shared computing. Everyone’s data is one data structure, in one program, on one server, owned by one corporation.

                                                          This is a callout to the Nazi slogan Ein Volk, ein Reich, ein Führer.

                                                          And then the only other time “shared computing” appears in the document:

                                                          To paraphrase Walter Sobchak: say what you want about the tenets of shared computing, but at least it’s an ethos.

                                                          In the movie The Big Lebowski, the protagonists are harassed by by nihilists that the sort-of militantly Jewish Walter initially assumes are Nazis. When it finally gets through to him, he says, stunned, “Say what you want about the tenets of National Socialism, at least it’s an ethos.”

                                                          Yarvin is a deliberate, meticulous writer who prides himself on his references. This is not a coincidence, this is a white supremacist laughing at programmers not recognizing that he’s calling competing software Nazis. Well, I happen to be reading up on Yavin’s buddies and I understood that reference.

                                                          He’s laughing at programmers because he knows the technical and political are inseparable, and the longer programmers think so the longer he gets to use them to gain power.

                                                          1. 13

                                                            Fantastic explanation, thank you. I totally understand that the technical and political are inseparable. But one thing still doesn’t make sense to me: Urbit is designed to be “eventually-distributed”, meaning there is no central company (like Facebook or Google) that can control it (ofc Yarvin’s company, Tlon, owns a large part of the Urbit network, but for the sake of argument let’s give the benefit of the doubt and assume Tlon won’t be evil). As such, Yarvin believes he is fighting against technical fascism. And yet he is (or we believe him to be) a white supremacist; white supremacy as an ideology includes the idea of one race “ruling over” or being superior to another race – which is also a form of fascism. So even though Yarvin is building a product to subvert fascism, he also believes in fascist ideals? How do these two things make sense? I figure either

                                                            1. he’s lying about the “eventually-distributed” goal of Urbit, and actually he intends to use Tlon to enact some kind of elitism in the Urbit network. I’m thinking analogously to institutionalized racism, where gerrymandering and obscure laws can be (and have been) enacted to suppress votes from certain demographics.
                                                            2. his ideology is more nuanced than we give him credit for - perhaps what we read as “white supremacy” is something closer to “population genetics”.
                                                            3. he has compartmentalized his white supremacy so as to focus on the less controversial part of his ideology: fighting technical fascism.

                                                            That’s all I can think of. Not sure how much time I want to spend analyzing this stuff. Urbit is technically interesting, but politically confusing, so is it worth investigating? ¯\_(ツ)_/¯

                                                            1. 65

                                                              He’s not subverting fascism, he’s enacting a fuedalist fascism. The Nazism references are a winking joke.

                                                              Look back at early docs before he’d invented all the jargon obscuring it. He’s not building a flat, distributed system, he’s building a hierarchy where he and his handpicked buddies literally own the world. Everything else (like the crowdsale) is just a noisy distraction.

                                                              Yarvin believes that some humans exist to be ruled and that historical racial oppressions should be regarded as the normal, desirable expressions of this state of affairs. He also knows that a lot of this is outside the Overton window, so he dances around how he expresses things, burying it under tens of thousands of words of historical references and smirking “but of course I never actually said that” when someone summarizes it or he accidentally says something a little too on the nose.

                                                              Urbit’s fundamental technical structure is an expression of Yarvin’s political philosophy. Urbit exists to create a new serfdom.

                                                              1. 14

                                                                That’s a pretty solidly damning link to that design doc, and it makes the rest of your argument seem a lot sounder to me.

                                                                1. 5

                                                                  And yet, from the same doc he goes on to talk about how to avoid monopoly ownership.

                                                                  Therefore, the solution to decentralization is to distribute rootkeys as broadly as possible, in such a way that it is as unlikely as possible that they will coalesce.

                                                                  1. 3

                                                                    I wouldn’t be so quick to condemn a metaphor. Feudalism isn’t necessarily fascist, although certain feudal lords could certainly employ fascist devices like taking people’s wages or limiting speech. The question should be: is specifically Urbit fascist? I’m not convinced either way (yet).

                                                                    1. 23

                                                                      I wouldn’t be so quick to condemn a metaphor.

                                                                      Programming is metaphor reified.

                                                                      1. -5

                                                                        As long as we are condemning metaphors, why are so many OSS projects named after women? Cassandra, MariaDB, Apache Jena. I always thought it was creepy the way we name databases especially - you know that place we inject our data into - after women. Freud would have a heyday with the OSS community.

                                                                      2. 4

                                                                        He’s not building a flat, distributed system, he’s building a hierarchy where he and his handpicked buddies literally own the world. Everything else (like the crowdsale) is just a noisy distraction.

                                                                        That’s the bit I agree with–I’m not fascism is the correct term either. But the feudal aspect is pretty undeniable.

                                                                        Yarvin justifies it as:

                                                                        My answer is simple. The dukes are the developers of Urbit. They created it - they get to own it. This is standard Lockean libertarian homesteading theory. Lend a hand - earn a slice. Thus Urbit, unlike most open-source projects, offers a rational motivation for contribution. For starters, everyone invited to the urbit-dukes mailing list is, if he accepts, a duke. One may decline this honor, of course.

                                                                        1. 41

                                                                          Yarvin on feudalism:

                                                                          Someday I will read all of Froude’s twelve-volume history of England from Henry VIII through Elizabeth I, but I have only read a bit of the first volume. That bit was so impressive and stunning that I thought I might want to wait a year or two before taking in any more.

                                                                          Froude describes a Tudor society which is completely ordered - which consists, from top to bottom, king to knave, of these relationships of mutual obligation. They are relationships of family, of feudalism, of guild traditions such as apprenticeship, of the Church, of political patronage, of commercial patronage and monopoly, and of course of law and government. It was impossible to live a normal human life outside this tapestry, and nor is it at all clear why anyone would have wanted to.

                                                                          This dazzling idea has been seen recently and is why I also use the term “fascist”. To quote from “They Thought They Were Free”, a 1955 book on the lives of the unexceptional civilians who enabled Nazi Germany:

                                                                          Herr Kessler went on after a pause, “it was not just a matter of how it would look for the Party. There was something else. You ask why the hospitals would call the Party office when a soldier died who had left the Church. It was because people called the Party in all difficulties arising from the reconstruction of the country, and the Party always helped. This pattern was established from the first, long before the war. It was what made the Party so strong–it would always help. In religious matters, in domestic problems, in everything. It really watched over the lives of the people, not spying on them, but caring about them.

                                                                          “You know, Herr Professor, we are told that not a sparrow falls without God’s care; I am not being light when I say this– thhat not a person ‘fell,’ fell ill or in need, lost his job or his house, without the Party’s caring. No organization had ever done this before in Germany, maybe nowhere else. Believe me, such an organiztion is irresistible to men. No one in Germany was alone in his troubles–”

                                                                          Yarvin says “feudal” because he expects a multipolar world, but the system he describes is a fascist one. A place for everyone, and everyone in their place. Not a “place”, really, but the lowest-order bits of a variable-length bitfield encoded as syllables to form the address of a node in an internet-overlaying virtual network running code distributed hierarchically and written in a mostly-punctuation programming language compiled down through an intermediate language to an abstract lambda-calculus-like core language with every single thing given a new name and defined only with reference to their own lower-level terminology until you’re so overwhelmed you can’t see the shape of the whole thing is that he gets to be king and you get to be a serf.

                                                                          And then when it’s boiled down, Yarvin smirks “but I never said that” and anyone who skimmed one technical document goes, “well, let’s not be hasty here”.

                                                                          I challenge anyone who thinks I’m mischaracterizing the system to find Yarvin describing what it means for the namespace to be “hierarchical” in standard technical language. What specific power does a “duke” (I think this is “galaxy” in the current branding) have over their vassals? I don’t think you can find such a document. That’s the con. Everything else exists to distract you from the power he wants to wield over you.

                                                                          1. 15

                                                                            Someday I will read all of Froude’s twelve-volume history of England from Henry VIII through Elizabeth I, but I have only read a bit of the first volume.

                                                                            snip

                                                                            It was impossible to live a normal human life outside this tapestry, and nor is it at all clear why anyone would have wanted to.

                                                                            Lord. “I read an overview of the organizational structure of feudal England, skipped all the messy parts where it was an increasingly intolerable mess, and so I have trouble understanding the impulse to reform it”.

                                                                            1. 7

                                                                              What specific power does a “duke” (I think this is “galaxy” in the current branding) have over their vassals?

                                                                              It’s an address-space.. The owner of an address-space can grant a piece of it to you, and take it away again. This has been an explicit & core idea of Urbit since the first incomprehensible blog posts.

                                                                              1. 26

                                                                                Revocation is not actually listed in this article. I have no charity left for this project or author, so I don’t believe this is the only omission.

                                                                                1. 7

                                                                                  I oversimplified the rules, but they’re spelled out in detail in the whitepaper that page links to - the deed to a moon belongs to its parent, but planets, stars & galaxies are self-owned and can change parents.

                                                                                  “I haven’t read the documentation but this is definitely a sinister Trojan horse in some way that I can’t specify” is not much of an argument.

                                                                                  1. 20

                                                                                    My actual argument is “I have read way too much of his smirking bullshit and believe the author when he says he wants to recreate feudalism.”

                                                                                    1. 5

                                                                                      I agree! But I also think that Urbit is interesting, and “it’s dangerous, don’t look at it!” is a unsatisfying & ineffective response to it.

                                                                                      1. 13

                                                                                        Then you should keep an eye out for people who have made that claim.

                                                                            2. 0

                                                                              Well, what is so bad about feudalism? From a historical perspective, feudalism was great at distributing a region’s economic/agricultural risk across smaller fiefdoms. With nation-states and globalism, all the risk is centralized, so one error between e.g. Russia and the US could lead to disastrous consequences for the rest of the world. In feudalism, two fiefs warring will not affect the entire world or even country. (This argument has been made by many historians, I recently found it in DeLanda’s 1000 Years of Nonlinear History, which I highly recommend, it’s an exciting read.)

                                                                              As for the second block quote, this sounds much like what we have now. For the most part, the people controlling the development of Linux are Linus and his lieutenants, the people that own most of the IPs are some governments and companies that got in when the internet was just starting. Of course new ones come along but they don’t have as large of a slice. But Urbit isn’t competing with Linux, it’s competing with Facebook and Google, which is about as centralized and dictatorial as you get. Feudalism could be an improvement over a Facebook dictatorship.

                                                                              1. 25

                                                                                Well, what is so bad about feudalism?

                                                                                Well, from a historical perspective, it was an absolute dogshit deal for the 99.99999% of humanity who wasn’t king or at best lord. Zero freedom of movement, no possessions, no say in governance, your station in life determined entirely by the accident of your birth, wild inequality in legal treatment, zero freedom of religious belief, etc, etc. It’s rather well documented in all those things societies wrote while they were in the midst of overthrowing these systems. Those French peasants were certainly rather powerfully mad about something.

                                                                                The “region’s” (aka, the one guy who owns everything) risk is well distributed? Hard to care about that.

                                                                                In feudalism, two fiefs warring will not affect the entire world or even country.

                                                                                Because they were fighting with pointy pieces of metal and not nuclear warheads. Feudalism had nothing to do with the limited scope of the conflict. If Russia and the US wanted to go to war with broadswords it would be a lot less dangerous, too.

                                                                                1. 1

                                                                                  Yes but you’re comparing it with the improvements that came after. Was feudalism not an improvement on what came before it? Anyway, the French peasants revolted against monarchy, not feudalism.

                                                                                  Perhaps it’d be best to avoid the medieval baggage by simple arguing in favor of federalism, something that’s easier to agree with.

                                                                                  1. 19

                                                                                    Yes but you’re comparing it with the improvements that came after. Was feudalism not an improvement on what came before it?

                                                                                    Sure, just like amputating a limb because of a broken bone was better than dying of sepsis. There’s still rather a lot bad about needlessly cutting off limbs, though.

                                                                                    And since we’re discussing Yarvin’s political theories for the modern world it’s also a wee bit important to consider how much worse it is than the current state of affairs.

                                                                                    Anyway, the French peasants revolted against monarchy, not feudalism.

                                                                                    Both, actually. They coexisted in various forms until 1789 when the revolutionary National Assembly passed a set of Manorial reforms that put a final end to vassalage (theoretically the peasants were supposed to pay out the seigneuriage, but they refused, so that theory didn’t last long and by 1800 it was well and truly dead)

                                                                                    1. 5

                                                                                      And since we’re discussing Yarvin’s political theories for the modern world it’s also a wee bit important to consider how much worse it is than the current state of affairs.

                                                                                      The current state of affairs is Google and Facebook own most of the trust w.r.t. user identities and data, thus they own most of the users' computing abilities. This makes a Muslim registry very easy to create, for example. It’s not as easy to do under Urbit’s identity model because its decentralized.

                                                                                      1. 3

                                                                                        Thanks for the history lesson!

                                                                                        Anyway, I was just rereading the Urbit page on address space, and all the references are to republicanism, not feudalism.

                                                                                        In either case, the emphasis is on decentralized federation.

                                                                          2. 6

                                                                            You wanna get even more freaked out? They have custom phonetic representations for all the punctuation (runes) their language uses. This includes ‘~’, pronounced ‘sig’. So what is their logo? A sig rune…!

                                                                            (Personally I don’t give a shit about the politics and find these stupid edgy jokes almost hilarious. I wouldn’t take it too seriously, given that this stuff is probably less likely to help and more likely to harm their prospects in the long run…)

                                                                            1. 24

                                                                              Personally I don’t give a shit about the politics and find these stupid edgy jokes almost hilarious.

                                                                              I don’t know you from Adam, but maybe give some thought to the idea that it’s possible to be a little too uncaring about politics when you’ve reached the point where “we need to overthrow democracy and return to the good ol' days of feudalist monarchy” merits just another “yeah whatever politics is politics” shrug.

                                                                              Some things are legitimately crazy enough that they should cause almost anyone to raise an eyebrow.

                                                                              1. 6

                                                                                You’re right, I shouldn’t be so flippant.

                                                                                I’ve actually thought about Urbit quite a bit. I believe the federated system could potentially offer a lot more freedom than the current web.

                                                                                A lot of my feminist friends are incensed by the idea that Facebook bans female nipples - they believe they have the right to freedom of expression, but on Facebook, there’s nowhere else to go. We’re all serfs to Facebook.

                                                                                If these people had, say, planets on a star which started revoking the right to post nipples, everybody would have the freedom to up sticks and move to a star more amenable to freedom of expression.

                                                                                At least, that’s how it should work in theory. I like to believe that despite Yarvin’s political leanings, one can put together a libertarian, or even a progressivist argument for Urbit’s architecture - we all want roughly the same thing, freedom. And this is why I am willing to overlook his politics.

                                                                                1. 3

                                                                                  If these people had, say, planets on a star which started revoking the right to post nipples, everybody would have the freedom to up sticks and move to a star more amenable to freedom of expression.

                                                                                  Isn’t that like up and leaving Facebook for a social network you control or have influence over - or at least one that’s friendlier to the content you want to express? I’m sure there are examples of websites where the users can post with more autonomy than Facebook without having to invent a new paradigm for computing.

                                                                                  1. 2

                                                                                    You really don’t remember what the web used to be do you? It used to be decentralized. Our ISP uses to be run by some guy down the street with a closet full of computers. Our email was run by that guy or our university, or ourselves. Social networks were links across websites and web rings. It became decentralized when all the corporations decided they wanted to own the internet and the web. The future isn’t decentralized, the past was. We forget what we lost.

                                                                                  2. 3

                                                                                    Eh, they’re just words. Words will never, ever, get more than a shrug from me, no matter what they are (c.f. “sticks and stones…”). I’m willing to at least half entertain almost any notion, and bounce it around in my head for a bit, even if I disagree.

                                                                                    I’ll believe Moldbug wants to “overthrow democracy” when I see him leading a crowd of people with guns.

                                                                                    1. 13

                                                                                      I’ll believe Moldbug wants to overthrow the government when I see him leading a crowd of people with guns.

                                                                                      Do you also turn up your nose at preventative healthcare? Is there no benefit in nipping fascism in the bud, or do people have to die before we take action?

                                                                                2. 2

                                                                                  He’s not subverting fascism, he’s enacting a feudalist fascism.

                                                                                  I’m not sure whether you can have feudalism (lords controlling independent fiefs) and fascism (authoritarian nationalism) at the same time, since feudalism is federated and fascism is centralized.

                                                                                  I do think you’re on to something with the feudalism label… but that could actually be an improvement for the internet, though it would be a regression in real life.

                                                                                  The internet is currently a wild-west that relies on trust. We’re bumping up against the limits of that now. Spam, sibyl attacks, centralized DNS (which can and does have outages)… Urbit provides a more robust, federated structure.

                                                                                  1. 6

                                                                                    I’m not sure whether you can have feudalism (lords controlling independent fiefs) and fascism (authoritarian nationalism) at the same time, since feudalism is federated and fascism is centralized.

                                                                                    Feudalism was historically widespread because it enabled taxation and control in ways that were otherwise uneconomical. It was created and promulgated to support centralization, and began to fall away once centralization could exist without it.

                                                                                    1. 3

                                                                                      What’s a more decentralized alternative to federation? Other than complete non-communication.

                                                                                      1. 3

                                                                                        Fully automated luxury space communism

                                                                                        1. 1

                                                                                          I wonder what that would look like manifested as internet architecture :) resource-sharing of some kind?

                                                                                        2. 2

                                                                                          polycentric law

                                                                                      2. 5

                                                                                        Urbit provides a more robust, federated structure.

                                                                                        In what meaningful sense of the word “robust” is a niche project dealing with less than one one-millionth (one-billionth, even) of the traffic, issues, or attacks the DNS system currently withstands “more robust”?

                                                                                        1. 9

                                                                                          Architecturally and conceptually robust. Admittedly their system is not under heavy load so I have no idea how much traffic they can actually handle, but that’s not what I was driving at.

                                                                                          Let’s face it, the architecture of the internet is broken. There are so many systems which rely on trust to operate.

                                                                                          • BGP requires a router to trust its neighbors, and is easily spoofed. Accidental spoofing can cause massive outages.
                                                                                          • DNS relies on you to trust your provider, and is trivially middle-manned by any network operator. Public wifi does this all the time in order to force you to accept a EULA. There is a whole host of issues listed on Wikipedia. DnsSec is a band-aid.
                                                                                          • TLS helps solve the problem of cryptographically asserting a website’s identity, but relies on centralized certificate authorities who (until the advent of LetsEncrypt) charged thousands of dollars per year for a certificate. Certificate authorities are open to government subversion.
                                                                                          • TCP’s complete lack of cryptography allows injection/spoofing attacks, replay attacks, SYN flooding, etc.
                                                                                          • Rogue DHCP servers are able to perform man-in-the-middle attacks on the network they are plugged into.

                                                                                          There’s almost no end to the ways in which the current internet is totally busted. We keep trying to paper over the flaws, but the system simply was not designed for security from the beginning.

                                                                                          In contrast, Urbit:

                                                                                          • Uses a functional and minimal base language Nock, which is useful for doing proofs.
                                                                                          • Cryptographic identity means you know you’re communicating with the intended target.
                                                                                          • Scarce identity (32-bit “planets”) helps to prevent sibyl attacks, and reputation helps to prevent spam.
                                                                                          • The address space is an interesting middle-ground between raw IP addresses, which are hard to memorize, and DNS names, which are human readable but require lookup.
                                                                                          1. 1

                                                                                            The Internet is not broken. It worked the day it was turned on an has never been turned off. What’s broken is our governments, economies, and laws.

                                                                                      3. 1

                                                                                        Thank you, great detective work. So many things pissed me off about Unit’s network model. I learned more and decided it was created by fascists. This is the final nail and damning proof for me.

                                                                                    2. 8

                                                                                      great analysis… ugh. deep crap there. Did you see Politico mention that Bannon and Yarvin chat: http://www.politico.com/magazine/story/2017/02/steve-bannon-books-reading-list-214745 followed by this denial: http://www.vox.com/policy-and-politics/2017/2/7/14533876/mencius-moldbug-steve-bannon-neoreactionary-curtis-yarvin I was more afraid that urbit.gov was in the works.

                                                                                      That said technically it’s interesting… kind of like the V2 I suppose.

                                                                                      Not even sure how we got to this point of Godwin’s Law becoming Godwin’s Presidency. The ‘ethos’ of National Socialism was so half baked (and then fully baked in firebombing hue hue hue) that I don’t really understand how people could dig it up when there’s so much new and classical thinking that supports fair and just treatment of all humans. These blips of self imagined superiority always get stomped by unified diversity, yet here we are watching one pop up like a case of idea acne here in 21st century.

                                                                                      1. 4

                                                                                        When I heard about Urbit and learned the network structure, I was like “what is this neo fudalist bullshit. I thought this was p2p”. Then read Yarvins work and was like “oh, how cute, a fascist. That makes sense”. Nope, won’t touch with a ten foot pole.

                                                                                        1. 2

                                                                                          He’s not wrong, though, is he? Some companies are better about exporting data, but everyone’s Facebook emails and messages are in one data structure, shuffled by proprietary source code, in one company’s control, and restricted from access via anything but the interfaces they create & permit. Last I checked, Facebook isn’t run by a democratically elected leader, either…

                                                                                          1. -1

                                                                                            He’s clearly describing the “one"s of apps as undesirable qualities.

                                                                                            That bit from The Big Lebowski is a pretty standard joke.

                                                                                            There’s plenty to object to in his writings, you don’t need to stretch like this.

                                                                                        2. 9

                                                                                          I think this is the first time we’ve had a slayed dragon (see “2017-02-09 19:44:02” entry). Kudos to @pushcx, @angersock, @bsima, @matt, @bsima, @ChadSki and others for pulling it back from the brink :)

                                                                                          1. 3

                                                                                            I have no idea what’s that supposed to mean.

                                                                                            1. 4

                                                                                              Contentious threads are flagged as “dragons”. This one was briefly a dragon before being unflagged (see the moderation log).

                                                                                          2. 1

                                                                                            Attack the work, not the man. Cmon dude.

                                                                                            1. 41

                                                                                              It’s totally reasonable to reject someone’s work if they’re using it to propel an agenda of dividing the community. The idea that we should blindly accept contributions independent of social consequences is a bit half baked. It’s one thing if someone is just a dick, it’s another entirely if they are actively trying to divide the community arbitrarily for the sake of personal gain. This is after all what ________ supremacists do, and to overlook it is genuinely harmful to the progress of open source. In short, if someone isn’t willing to listen or respect others, they don’t get to demand respect.

                                                                                              1. 8

                                                                                                If we’re willing to abandon tools and techniques because the people who came up with them don’t agree with our ideology, we’re doing ourselves a disservice and we will be surpassed by people who do not use such a subjective metric.

                                                                                                To bring out some old examples…should we have ignored rocketry because von Braun was an actual Nazi (a Major in the SS)? Should we have given up synthetic fertilizers because Haber basically invented chemical warfare?

                                                                                                Or on the other side, should Turing’s work been disowned because he was a homosexual and his existence divided the (nominally God-fearing, straight) English community? Should English and German banks have avoided the practice of interest-bearing loans pioneered by the Jews that they viewed as an other (which is actually a fascinating bit of history into itself)?

                                                                                                Only somebody who lives with either extreme luxury or extreme fundamentalism that can afford the position you’re advocating.

                                                                                                1. 5

                                                                                                  It depends how much of the repellent ideology is encoded into the tools, and how much ‘not giving it up’ helps the repellent causes.

                                                                                                  Also, your counterfactual is kind of weird, as through various points in history English and German financial instruments did (and many Islamic financial instruments still do) avoid interest as a mechanism for deriving profit, and Turing’s work was stopped (through the mechanism of Turing dying) due to the state disliking his sexuality, and I would argue that operation paperclip (and other similar efforts) were disastrous for the world - we should have executed all the Nazis, and just potentially taken longer to build rockets.

                                                                                                  So, this is more akin to rejecting (say) credit default obligations - an invention that encoded the repellent idea of the traders call and byzantification, while claiming to produce miraculous wealth decoupled from the underlying economy.

                                                                                                  1. 8

                                                                                                    This is a ridiculous mischaracterization. Try to engage in good faith here.

                                                                                                    should we have ignored rocketry because von Braun was an actual Nazi

                                                                                                    He didn’t have a monopoly on the idea of rocketry. We could have courtmartialed him for war crimes instead of celebrating him.

                                                                                                    Should we have given up synthetic fertilizers because Haber basically invented chemical warfare?

                                                                                                    Haber didn’t have a monopoly on fertilizer ideas. We should give up chemical warfare, and refuse to support Haber personally for his crimes.

                                                                                                    Urbit is owned by moldbug and his mates. Contributing to it is contributing to his prosperity.

                                                                                                    1. 5

                                                                                                      Haber didn’t have a monopoly on fertilizer ideas.

                                                                                                      Yeah he actually kinda did. There’s a reason it’s referred to as the Haber Process. It was fucking huge.

                                                                                                      We could have courtmartialed him for war crimes instead of celebrating him.

                                                                                                      And then the Apollo program never would’ve happened, because he and the rest of the Operation Paperclip scientists were instrumental in the United States being able to catch up with the Soviets who had both the German rockets and tooling and the engineering talent to reverse and improve them.

                                                                                                      You know, this in turn resulting in the free world losing to a USSR with functional theater and ballistic missles.

                                                                                                      Urbit is owned by moldbug and his mates. Contributing to it is contributing to his prosperity.

                                                                                                      But the architecture and source is open-source, and so anybody is free to improve on it and use it for their own gain. Yarvin himself even says as much.

                                                                                                      ~

                                                                                                      To quote a certain movie:

                                                                                                      Forget it, Donny, you’re out of your element!

                                                                                                      1. 2

                                                                                                        Haber didn’t have a monopoly on fertilizer ideas.

                                                                                                        Yeah he actually kinda did. There’s a reason it’s referred to as the Haber Process.

                                                                                                        That is just one of many processes. In fact, it’s predated by the Ostwald Process. The Haber Process was a great idea, but it wasn’t the only idea.

                                                                                                        1. 4

                                                                                                          You’ve mixed up the two processes as interchangable–they’re not.

                                                                                                          The Ostwald produces nitric acid from ammonia–the ammonia is made by the Haber process.

                                                                                                          From your link:

                                                                                                          Frank-Caro process and Ostwald process dominated the industrial fixation of nitrogen until the discovery of the Haber process in 1909.

                                                                                                          The Haber process was markedly more efficient than the Frank-Caro process.You probably mean to compare it with the Frank-Caro or similar cyanamide methods for producing ammonia. All those methods are not similar at all in yield to the Haber process, and require a lot more energy and, I believe, material.

                                                                                                        2. 1

                                                                                                          Yes, some free world we seem to have here. I bet we can do better

                                                                                                          1. 1

                                                                                                            Yeah he actually kinda did. There’s a reason it’s referred to as the Haber Process. It was fucking huge.

                                                                                                            He also invented it before doing any work at all on chemical weapons.

                                                                                                            And then the Apollo program never would’ve happened, because he and the rest of the Operation Paperclip scientists were instrumental in the United States being able to catch up with the Soviets who had both the German rockets and tooling and the engineering talent to reverse and improve them.

                                                                                                            Just so I’m clear here: is your argument that the US should pardon anyone who is likely to prove useful to national security, regardless of their crimes? (I don’t think they should, but that’s at least a coherent, self-consistent argument).

                                                                                                            But the architecture and source is open-source, and so anybody is free to improve on it and use it for their own gain. Yarvin himself even says as much.

                                                                                                            I have no problem with a forked universe. I’m calling on you not to support Yarvin.

                                                                                                            To quote a certain movie:

                                                                                                            I am indeed - ad hominem attacks have never been my strong suit.

                                                                                                          2. 4

                                                                                                            We could have courtmartialed him for war crimes […]

                                                                                                            I don’t these some of those words mean what you think they mean.

                                                                                                            We should give up chemical warfare, and refuse to support Haber personally for his crimes.

                                                                                                            If you’re replying to @angersock, I think you need to engage in good faith. We aren’t going to give up chemical warfare because other groups who want power aren’t going to give it up.

                                                                                                            And your revisionist history isn’t helpful. Other people were working on rockets, chemical warfare, nukes, cryptography, modern financial instruments, and hell probably agriculture; but, when the race is on for power, societies back winning teams. Operation Paperclip wasn’t a one-time thing, it’s happened numerous times throughout history.

                                                                                                            “Bad” people have, time and time again, made “bad” things for “good” people.

                                                                                                            (I note that you didn’t even touch @angersocks' “on the other side” examples. Goddamn, have I been trolled?)

                                                                                                            1. 1

                                                                                                              I don’t these some of those words mean what you think they mean.

                                                                                                              Good spot - tried would be more appropriate (and very kind of you to soften the blow by reordering your words)

                                                                                                              We aren’t going to give up chemical warfare because other groups who want power aren’t going to give it up.

                                                                                                              Most major powers have agreed to give up the proliferation of weapons that cause excessive collateral damage.

                                                                                                              “Bad” people have, time and time again, made “bad” things for “good” people.

                                                                                                              Yep - and I don’t have a problem with using the things - but I do have a problem with supporting their creators.

                                                                                                              (I note that you didn’t even touch @angersocks' “on the other side” examples. Goddamn, have I been trolled?)

                                                                                                              My time isn’t unlimited; the principles in my response extend just fine to the rest of his examples.

                                                                                                              If you have a moral problem with homosexuality it’s follows naturally that you would not want to support Turing.

                                                                                                          3. 2

                                                                                                            That’s not what I said, but cool argument against whatever ghost it is you’re fighting.

                                                                                                          4. 3

                                                                                                            I am unable to find any indication anywhere that Urbit is being used to propel an agenda of dividing the community. There are indeed things he says that I find disagreeable but Urbit has nothing nothing to do with any of them.

                                                                                                          5. 21

                                                                                                            Clever Nazi references are now part of the work.