dr_analog
razorboy
No bio...
User ID: 583
dr_analog
razorboy
3mo ago
In the non digital world there are a lot more checks and balances. Getting a warrant to search a home is one thing, mass surveillance on millions of users is another. What is happening online is more like the police obtaining a search warrant for every building in a city and sending a robot with drug sniffing capacity into every room in the city. The police may follow a specific suspect around, while the state in many countries forces ISPs to keep a record of all visited websites for millions of people. Governments want to snoop mass amounts of data on cloud servers but don't have the right to routinely search hotel rooms or offices spaces. Why should data on the cloud be less protected than a letter laying on a desk in a hotel? Why can't digital services be as private as a taxi service? If I rent an uber the police can't set up a roadblock and search all documents in every car. So why can they do that for email?
In the olden days we used to argue that mass surveillance was actually useless because it generated far too much data and even detection systems with very low false positive rates still created an unworkably huge number of events that had to be manually reviewed.
I haven't seen anything that has changed the story on this, except in CSAM which is so radioactive that law enforcers have successfully pushed the burden onto companies to surveil and report them. There's been some criticism of the false positives here https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html but so far this doesn't seem like a huge problem. And again only something like CSAM appears to rise to this standard, for now.
To be clear, I still think police should have warrants to do stuff.
As for GDPR it did make a big difference. In my career as a developer I hear the acronym GDPR on a regular basis, and it has forced companies to be far more careful in how they store and handle data. GDPR put a lot of pressure on companies to think before they acted and made the non-tech portion of companies much more interested in data security. Thanks to GDPR I have had non tech boomers with a business background send long emails asking about how we encrypt data, TLS, when data is deleted and other issues that they never thought about 10 years ago.
I thought the Snowden leaks, specifically the revelation that the NSA was able to re-construct GMail inboxes without a warrant because they had tapped replication events on private lines between Google's datacenters, compelled an industry-wide effort to take security a lot more seriously, including TLS everywhere by default. Also it timed well with the fact that CPUs were now fast enough that encrypting by default didn't add an unacceptable burden. I'd be curious to see how the GDPR specifically made a difference here since it coincided with these two other events.
I'm currently working as a cybersecurity engineer and I'm a former Google SRE. So, I request you do not kneejerk dismiss me as some kind of technical ignoramus if you think that's what my argument hinges on.
Whenever privacy warriors complain about privacy I find myself rolling my eyes and thinking okay boomer. Even though more people than boomers say this and I do believe privacy is important. To be clear I mean privacy in the abstract. "I don't use Facebook because [privacy]". "I am looking to adopt a GrapheneOS based phone with no Google apps because [privacy]".
Privacy is obviously important. I don't want some rando, or worse, some personal enemy to rifle through my all of my digital data looking for ways to harm me. But the abstract privacy concern takes the form of a Motte and Bailey between the two. Google, Facebook and friends mostly act on your private data in the aggregate, but the privacy advocates generate worry that your intimate conversations or pictures are being personally viewed.
I also find privacy warrior claims rather, lets say, Joker-level anarchistic about rule of law. Everyone should have end-to-end encrypted messaging and the government should be locked out of private spaces no matter what. In no other domain do we accept a claim like "this dungeon in my house is off limits even to detectives with a court order because it is my private property" but apparently yes this digital cache of self-produced child pornography or evidence of a ticking time bomb terrorist plot[1] is something we can take to our graves regardless of any legitimate pursuit of justice. The level of hostility towards government here surpasses any of government's responsibility to protect its citizenry.
I'm not arguing against having digital security. It's very important for both organizations and individuals to have basic opsec lined up, especially because of how many automated and directed attacks there are trying to steal money and secrets. But in this battle companies like Google, who privacy advocates possibly fear only less than Facebook, are far closer to friend than foe because they provide a level of sophisticated and free security and direct privacy guarantee that almost nobody can achieve on their own.
The level of fear and worry privacy warriors generate rises to the level of conspiracy-adjacence. The word "qanon" pops into my head. Someone, Out There, is collecting all of your private information and you need to disconnect from the grid right now. Abandon all petty conveniences like being able to share photos with grandma, your life depends on it.
Ironically, the self-hosted Trust No One approach appears to make people even more vulnerable to attack. Even very technically sophisticated friends of mine who have hosted their own email have been hacked and their identities stolen (and used against them for extortion) in ways that would not have happened if they had stuck to GMail and used their FIDO2 two factor key for second factor.
I have another friend who decided to take his family's photos and files out of iCloud and Google Drive. He set up a home RAID array and was cruising along fine but neglected to monitor the drives. One failed and he didn't know, so when the second failed all of his data was gone. He didn't have backups, because why would you if you have RAID and snapshotting. He's not some noob either. He is also a sophisticated technology professional.
My argument against individual actions you can take on privacy are something like: you can do a few basic things to radically improve your personal opsec, and anything else is rapidly diminishing returns at increasingly greater inconvenience and, worse, may be a net increase in your vulnerability to attack or data loss.
My argument against regulatory action on this is, well: Europe leads the way on this. Does anyone think, say, GDPR has made Europeans much safer than Americans? At what regulatory and compliance cost? Mostly GDPR seems like a joke.
The fact that privacy fretting appears to primarily afflict men (with notable exceptions like Naomi Brockwell) suggests that there must be something autistic about it.
(Mostly, I can't shake the strange feeling that inside of all of this is a The Last Psychiatrist style phenomena (made with impeccable erudition that I could never live up to) that privacy worries are a proxy for dealing with some... thing(?) that people would never allow themselves to acknowledge consciously)
In the end, excessively fretting about privacy mostly is costly (in time), increases inconvenience and annoyance, increases the nanny/regulatory state, puts you at greater risk, and just makes the ads being served to you dumber.
- I'm aware this argument is cited derisively by other security professionals, but that doesn't make them correct. Ticking time bomb plots are a real thing.
I have a lot of sympathy (or maybe pity) for SBF. "Stole client funds" appears to have solidified as a meme much the same way "crossed state lines" had in the Rittenhouse case.
I think it's hard for people, including technologists who haven't worked as quants, to appreciate the level of technology risk that's present in quant trading. In most of tech your biggest risk is having all of your data destroyed, and you can address that with well worn improvements in backups. You also risk being hacked but those breaches tend to be embarrassing rather than company ending. Even Sony, which was pwned as hard as you could possibly be pwned, ultimately recovered. But an additional risk in quant trading is accidentally and irrecoverably giving all of your assets away in a few seconds.
Even companies that are following all of the rules and have the right number of members of the professional management class in their ranks can destroy themselves in a matter of minutes. Knight Capital Group destroyed itself in 30 minutes by (with some creative license) failing to follow heroic practices around retiring old flags in protobufs.
Alameda/FTX had a culture that resembled "move fast and break things". They grew extremely quickly. I'm highly skeptical they were able to stand up robust accounting and practices to mitigate technology risks in so short a time.
When SBF says he didn't realize they were leveraged due to accounting error, I believe him. It's not like you can just install the QuickBooks Enterprise Crypto Derivatives Exchange plugin. All of this stuff was bespoke, and in a hurry.
When you thought you had $30b in assets and minimal liabilities, you can spend a billion or two on indulgences, charitable giving and campaign contributions. Your can say confidently you're not investing client funds. If those assets are suddenly marked down 90% you look like a fraud and you're in deep shit.
That's the nature of the business and he knew the risks. But probably in hindsight I'm sure he wishes he had been even more careful.
This isn't to say that I believe he definitely didn't commit fraud. Rather this is me saying that as someone who has pushed code that I thought accidentally gave away $10 million of my employer's money (the gigantic exhale of relief came when we learned I failed to scale by 1000x in the reporting and not the ordering), I am defaulting to blaming it on stupidity before malice.
But if you are a business owner considering opening a new branch and you need, to know, say if workers or buyers will do something complex or buyers attempt to steal from you,
Business owners already suspect this and want to act on this. We call this behavior racist. Why would the general acceptance of race-IQ change this dynamic?
That is, racism doesn't necessarily stop being racism just because some of the stereotypes are true.
dr_analog
razorboy
1mo ago
Mm, I'll take your word for it. I'm pretty unimpressed by SQLite :P
dr_analog
razorboy
3mo ago
I was not holding it up as a loss in particular, just pointing out it's the only visible scar from all of that self-flagellation.
I don't mean to condemn people who are doing it for fun. Or securitymaxxing as art. As a cybersec person I 100% appreciate the beauty of a blog tech stack that's pure OCaml all of the way down to the (virtual) metal and have fantasies that one day we will go further and synthesize bespoke hardware from the type graphs and there's nothing black-box between your code and the net. Holy shit, so good.
I'm specifically trying to grab and shake the person who, when setting up their new phone, sees the [x] use cloud backups/sharing for safety and convenience? option and unchecks it because they believe they're so subversive or outrageous that the state (or big corporations) are looking for them and they can't afford the risk of centralizing their photos and documents. And then they go further and get to work on their GrapheneOS game and turn off push notifications because of side channel attacks and really want to live in a world where they don't get your message until they take their phone out of a faraday sleeve, get on WiFi, open Signal and have it pull messages.
This is a type of person and they're afflicted with something and I'm surrounded by them and I don't fully understand what's going on. I understand liberals and conservatives and libertarians. I can change the sliders on my values and see how my thinking can have me end up in one tribe or another. But the amount of paranoia that I'd have to add to end up in privacymaxx zone seems untenable. Surely something else is going on.
dr_analog
razorboy
4mo ago
Makes sense. Can't smoke, drink alcohol and do drugs if you're too busy exercising.
(Unless you start running with the Hash House Harriers)
dr_analog
razorboy
6mo ago
This is basically all I seem to be hearing. Nobody knows what Israel should do (or rather: they have some sort of vague shopping list of 'hearts and minds' and 'developing Gaza'* with no idea how to make it happen in reality) but everyone apparently knows what it shouldn't do.
I basically go up to everyone condemning Israel and say "zap! you're now the PM of Israel. what's your next move?" and I generally get a range from "Israel should follow international law" (hand wave hand wave) with no specifics on how they protect their security and sovereignty doing that, all the way to something the Heath Ledger version of The Joker would say.
dr_analog
razorboy
9mo ago
Kind of a silly question: is being concerned with living a moral life a reliigous/ideological affliction that you shouldn't need to concern yourself with if you're enlightened?
Is there anything, well, "wrong" with being 100% self-interested? E.g. when you do work for mutual benefit, it's to build credit, not because you inherently care the benefit of others.
Is this nihilism? Or something else?
dr_analog
razorboy
1yr ago
He didn't simply "lose" customer money, as though he were a factory owner all whose warehouses burned down taking his entire stock with them, leaving nothing to sell for the lucrative Christmas quarter and the enterprise up to its ears in debt and bankrupt.
Permit me a moment to torture the analogy. Suppose you have warehouse full of valuable stuff that's been freshly manufactured ready to ship to buyers that have already paid for it. You spent all of the money the customers paid you (including profit) to build even more units than your customers ordered in anticipation of future demand. Right around this time your brother calls you up and asks you hey bro can you send me like a fuckton of units I've got a whale. You say sure. You look at your inventory list and ship only the extra units to your brother.
The units for your brother burn down in transit because of an accident. Nobody had insurance, because he was your brother and you both though you could manage the risk of casualty. Fuck. Well, I guess there's no profit but at least you can ship to your customers.
Then, while processing customer fulfillment someone looks at the accounting closer and realizes there was an error in inventory, you actually accidentally also gave away a huge portion of your customer's units to your brother too, which burned down in transit. Your warehouse is almost empty but still something like half of your customers got nothing. And you have no money to pay them back with.
Did you commit a crime? Or did you just flagrantly fuck up?
dr_analog
razorboy
1yr ago
This is like a bank drilling into a customer's safe deposit box to take their gold, lending out the gold and then losing it. It's theft, not merely a trading mistake.
You're assuming there was a bank account called CLIENT FUNDS and another account called EXCHANGE FUNDS and they decided to raid the CLIENT FUNDS one to make bets.
What if there was actually just a gigantic intermingled account and the separation between client funds and exchange funds were records in an accounting system that, when they snapped it to reality, they realized the funds they had left were smaller than what they were liable for in client redemptions?
dr_analog
razorboy
1yr ago
And when CPS knocks on your door?
... did I miss some news articles about CPS in blue enough cities paying parents a visit because they didn't immediately affirm their five year old's gender dysphoria?
Or is this hypothetical?
dr_analog
razorboy
15d ago
From a game theory POV I would think you'd want to hit back much, much harder to discourage future retaliation in the first place?
dr_analog
razorboy
17d ago
Be prepared to spend $ to keep up with the meta-game though.
Meaning, like, usual costs of socializing? Cover fees, food, etc? Or something else?
dr_analog
razorboy
1mo ago
I've had a reasonable amount of hands on time with Claude Opus, and I would rate it as indistinguishable from GPT-4 in terms of usefulness, or at least I can't tell any obvious disparities after tens of thousands of tokens of conversation.
So, if I'm only going to pay for one, ChatGPT4 or Opus, is it worth switching from ChatGPT4?
dr_analog
razorboy
1mo ago
Fair enough, perhaps my sense of humor is too dark and absurdist. Should I delete?
dr_analog
razorboy
3mo ago
Where I live I already don't have freedom of speech or association, and the government recently froze the bank accounts of protesters whom the state-run news agency had already demonized.
Do you believe Canada is on the slippery slope towards gas chambers?
Again, how do you think anyone ends up in a gas chamber?
I've read about a couple of these situations and the best answer I can take away is: they live in a place that has gone insane.
dr_analog
razorboy
3mo ago
Yes, this completely. Smaller platforms, including things you'd use for self-hosting, are very easy to fool with (e.g.) completely forged subpoenas.
dr_analog
razorboy
3mo ago
I think it's probably worth a penny, at most?
Anyway, my research suggests these goodrx.com coupons are actually drug manufacturer rebates to the pharmacy off of their wholesale purchase. The manufacturer is effectively using this channel to quote much lower prices to uninsured poor people who would otherwise be forced to go without.
Just FWIW as someone engaged on academic work on these issues, I broadly agree with your take. That said, two quick points of disagreement -
Wow, okay, good timing. I was just about reserved to believe I was debating with 100 swords pointed at me until this falls below the fold (thanks everyone for engaging!)
What's the line of your academic work?
(1) Even supposedly friendly personalisation can be dangerous. Really effective personalised advertised can boost consumption, but if you're anything like me, you should probably be consuming less. You're like a dieter walking through a buffet restaurant filled with dishes perfectly targeted to your palate. By controlling the data held on you by third parties, you can limit how appealing the menu they offer you is. Now, of course, sometimes it will be your cheat day and you can eat to your heart's content, and having an amazing menu offered to you is positively desirable. But most of the time, having this personalised menu is going to be bad for your ability to achieve your reflectively-endorsed goals. Data privacy is one way to protect yourself from having your own most voracious instincts exploited.
Well, right from a healthy living perspective, ads that are very targeted and appealing might be a problem. But isn't it said (advocated) that "good ads" are in fact, "content"? If that premise holds, don't we already widely suffer from this problem?
(2) Privacy concerns don't seem to me to be male-coded. If anything, more of my female students are very worried about it. More than anything else, I'd say it skews continental European; Germans above anyone else seem obsessed with it. Brits are radically unconcerned about it.
I agree it makes more natural sense that women have higher privacy concerns because there's a lot pervs trying to get inside of their digital devices to exfiltrate nudes (and be otherwise generally creepy). But the level of inconvenience and fringe-ness men take on in pursuit of privacy is more extreme than what women do, in my read.
dr_analog
razorboy
3mo ago
Yes. His life is in danger. He thinks getting a gun himself will solve this problem. He probably actually needs fulltime private security, though I think he is not there yet.
He's a Bitcoin maximalist. There's not much I can do about it.
dr_analog
razorboy
3mo ago
Going to jail forces them to mostly stop being floridly actively addicted for a bit. Those few months where they can think some thoughts aside from how to get their next hit of meth/fentanyl 100% of the time is the valuable opportunity here. Jail has bad parts too: person's re-integration in society becomes harder because they have a record, and they meet a lot more criminals who can teach them to do more crime.
But, this forced sobering up might also be the only tool our society has that stops them from being a junkie destined to overdose in the near future committing crime the whole way.
Touched on here: https://www.themotte.org/post/851/culture-war-roundup-for-the-week/183560?context=8#context
I'm not denying it doesn't happen, it obviously does sometimes. So, that said, what's the argument in response? Because parallel construction could happen (and sometimes does), that means the government therefore should not have access to these tools without a court order ahead of time and if it wrecks their ability to counter terrorist plots or organized crime or handle fast-moving cases, so be it?
More options
Context Copy link