Newsletter Archives » Page 18 of 28

Category: Newsletter (page 18 of 28)

Archives of the Exolymph email newsletter.

This website was archived on July 20, 2019. It is frozen in time on that date.
Exolymph creator Sonya Mann's active website is Sonya, Supposedly.

March 25, 2016

Mad Max but Computers Instead of Cars

Mad Max 2: The Road Warrior

Tonight I watched Mad Max 2: The Road Warrior (1981). The Mad Max world is dystopian, but not at all cyberpunk. As you may know if you watched 2015’s blockbuster Fury Road, the series postulates a universe — confined to the Australian Outback — where some kind of apocalypse has taken place and both gasoline and water are incredibly scarce resources. Especially gas.

The Outback — rechristened the Wasteland — is ruled by the equivalent of motorcycle gangs, who appear to be on meth all the time. (In the case of The Road Warrior, vaguely sadomasochistic motorcycle gangs, but that’s beside the point.) A few communities that actually deserve the label “community” have popped up, and they’re targeted by the psycho gangs.

Even though Mad Max is the opposite of a hyper-networked cybersphere, it poses some interesting questions for those of us who are fascinated by an oppressive computer-mediated future. As I see it, these are the issues to ponder:

What’s the scarce resource? Possible answers: attention, privacy, solitude.
Who are the strongman groups? Possible answers: law enforcement, hackers, corporations (especially corporations).
How can the genuine communities protect themselves? Possible answers: I’m really not sure.

I know it’s futile to end anything with a question, but I’d genuinely like to know what you think. I’m keen on protecting the communities that I participate in, but I guess I’m not feeling optimistic tonight. Email me?

March 24, 2016

Tay.ai, Speculative Comics, & Dentistry

Girly teenage robots? Photo by elkbuntu.

There are three things I want to talk about today:

Microsoft’s inadvertently racist Twitter bot, Tay.ai / @TayandYou.
A comic that a-u-t-o-x is releasing soon.
My visit to the dentist today (I swear I have a reason to bring it up).

Unless you’ve been off the internet for a few days, you ran into Tay, a Twitter bot that Microsoft released as PR (?!?!) for their in-house machine learning capabilities. This was an utterly predictable catastrophe. Tay processed the text people tweeted at her and mimicked it back. Trolls quickly figured out the mechanism and made her say a bunch of neo-Nazi nonsense.

“What Tay reminds us: AI may or may not be scary. Humans who train AI are terrifying. Or, humans in general are terrifying.” — Hugh McGuire

Usually I try to stay away from posting a bunch of links, but other people have already said all the smart things. These articles overview the facts:

Wisdom from people who have dealt with systems like this before:

And then Allison Parrish commented in the #botALLY Slack group:

“re: tay, yesterday before any of the really bad stuff went down, I quote-retweeted something that mentioned the account and then the account @-replied me… so I blocked it, thinking how annoying it was that this bot that has Twitter verified status isn’t complying with the letter or the spirit of the API ToS

like, many people must have been involved in decisions to get this bot live, on the part of the group at microsoft AND at twitter

and the fact that no one involved apparently thought of these obvious ways in which it would be a disruptive negative experience for people just… seems unfathomable

we have YEARS of precedents for applications of the Twitter API like this and even the greenest botmaker among us has a better grasp of the issues at stake than the people involved in this project”

So, that’s a whole big thing. In other news, a-u-t-o-x is releasing a comic, which will be available on his website. He told me: “it is titled WORLD L.S.D and ties in Cyberpunk aesthetics & Science Fiction themes. […] the story is simultaneously set in a futuristic city ‘Neo-F’ and outback Australia, as Neo-F is prone to jump through time sporadically.” Here is the title image:

And lastly, I went to the dentist today. (Shocker: I’m apparently brushing and flossing wrong! What a new thing to hear from a dental hygienist!) But seriously, it made me further contemplate what I said yesterday: “The future is beyond bodies. A few decades from now — and during some parts of the present — we will not be confined to flesh, nor even to brains.”

I was definitely exaggerating. It’s going to take a helluva lot longer than that. My gums are receding (see: brushing wrong, also possibly genetics) and that is a thing that I have to worry about. We live in an absurd world where the random flesh accident that you’re born into has a huge effect on your quality of life. I admit it, but I’m not pleased.

March 24, 2016

Gender =/= Genitalia

As was reported in The New York Times (as well as other media outlets) and decried on Twitter:

“North Carolina legislators, in a whirlwind special session on Wednesday, passed a wide-ranging bill barring transgender people from bathrooms and locker rooms that do not match the gender on their birth certificates. […] The bill also prohibits local governments from raising minimum wage levels above the state level — something a number of cities in other states have done.”

Perhaps you’ll be unsurprised to hear that this was a Republican initiative. It’s telling that the bill reinforces poverty in the same breath as criminalizing free gender expression. If you want an overview of why this law is not only bigoted but impracticable, I recommend Andi McClure’s tweets on the topics.

So how does transphobic legislation tie into cyberpunk? The genre is about straining against a technologically mediated dystopia. You can’t necessarily jam every type of oppression into that framework. But gender typifies how the analogue world has been bounded in a way that the digital world can’t be.

Image by Restroom Genderator.

Our binary gender system is nominally based on reproductive phenotypes. It’s full of contradictions. If genitalia is what defines womanhood, then how does a cliterodectomy affect things? Or a hysterectomy? Is a post-op trans woman okay, even if her birth certificate lists her as male? What about intersex people, or those with three sex chromosomes? Why are we so beholden to this outdated set of assumptions? Why does it matter?

Mainstream opinion often conflates gender with reproductive capabilities, boiling identity down to our basic animal urges. I’m not anti-sex, but I do believe that we’re capable of acting on more than our primal mating impulse. The future is beyond bodies. A few decades from now — and during some parts of the present — we will not be confined to flesh, nor even to brains. It’s that old New Yorker joke: “On the Internet, nobody knows you’re a dog.” On the Internet, speech is an act, and you can create yourself anew with words and pixels.

I wish meatspace operated by the same principles. If you find the situation in North Carolina as appalling as I do, please join me in donating to Lambda Legal.

March 22, 2016

Cricket Compliance: Producing Food without the Humans Who Eat It

Photo by _paVan_.

Lacy was bored. She was proud to work in food production — Mama’s reaction made the drudgery feel worth it when Lacy got home — but the low buzz of the drone and the sameness of the landscape lulled her toward sleep. She was sure that some of her colleagues gave up and drowsed. Lacy wasn’t sure yet how she felt about the group. It was a mixed bag — of races, genders, and hygiene standards — but at least a couple of them seemed nice. Lacy didn’t mind the diversity, per se, but she was uncomfortable around strangers and their strange habits. On the first day another girl had said, “You’ll be broken in quick,” but the routine still felt unfamiliar.

Lacy glanced out the drone’s windshield at the cricket fields in front on her. The creatures teemed on the ground, bouncing and burrowing and fucking and killing each other and feeding voraciously on their synthetic pasture. She looked back over her shoulder to check that the pheromone broadcast was working. A swarm of late-stage adult crickets rolled forward in the wake of the drone.

Lacy gripped her knees and swallowed nausea. She hated the insects. The protein was vital, of course. Mama wouldn’t have brought them to the city otherwise. Accessing the resource density of the metropolis changed their survival baseline. Lacy had gained fifteen pounds in a couple of months. Her little sister’s teeth were sound in her gums, and she could run so far on the game tread. Sometimes when Lacy got home from work, she loaded up Cath’s saved worlds, wandering through fairylands that were like hyper-saturated versions of the home she remembered as a little kid.

They had lived by a river.

Crickets didn’t need rivers. They just needed space, sprinklers, and miscellaneous food stuffs hauled in from other fields where other workers got bored in the drones. Or did anyone watch those farms? Lacy wasn’t stupid. She knew that this job was provisional — it would only last until the FDA regulation changed in a matter of months. Lacy was a Compliance Technician, according to her contract. When her supervisor interviewed Lacy for the position, he explained that a remote observer system was being put in place. He went over the automated footage analysis (assigned to a certified third party) that would ensure production was up to code. Then he sighed and admitted that he didn’t know where the company was going to move him after there weren’t any workers to interview, train, fire, interview, train, and fire again.

Lacy’s drone beeped softly and the computer’s androgynous voice intoned, “We are approaching the docking station. Initiate the checklist process.” Lacy leaned forward in her seat and started reviewing the figures on the dashboard screen. Number of crickets. Estimated protein values — both nutritional and market. Toxicity and contamination. The numbers always hit their targets.

March 21, 2016

Hacking as a Business

Update 1/19/2018: The interviewee asked me to redact his identity from this blog post, and I obliged.

[Redacted] describes himself as a “web application penetration tester.” I asked him a bunch of questions about what that entails. [Redacted] answered in great depth, so I redacted my boring questions, lightly edited hisanswers, and made it into an essay. Take a tour through the 2000s-era internet as well as a crash course in how an independent hacker makes money. Without any further ado, here’s the story…

Origin Story

I got into my line of work when I was thirteen, playing the game StarCraft. I saw people cheating to get to the top and I wanted to know how they did it. At first I wasn’t that interested in programming, purely because I didn’t understand it. I moved my gaming to Xbox (the original!) shortly thereafter and was a massive fan of Halo 2. Again, I saw people cheating (modding, standbying, level boosting) and instantly thought, “I want to do this!” I learned how people were making mods and took my Xbox apart to start mucking with things.

I moved away from Xbox and back to the computer (I can never multitask). Bebo was just popping up. With an intro to coding already, I saw that you could send people “luv”. Based on my mentality from the last two games I played… I wanted the most luv and to be rank #1. I joined a forum called “AciidForums” and went by the names [redacted] and [redacted]. Suddenly I was surrounded by people who shared my interests. I started to code bots for Bebo to send myself luv. My coding got a lot better and so did my thinking path. I’d come home from school and instantly go on my computer — it was a whole new world to me. I still have old screenshots of myself with seventy-six million luv.

As my coding came along I met a lot of different types of people. Some couldn’t code but had ideas for bots; some couldn’t code but knew how to break code. We all shared information and formed a team. Suddenly I became the main coder and my friends would tell me about exploits they found. We got noticed. I’m not sure how, or why, but I seem to always get in with the right people. Perhaps it’s the way I talk or act — who knows. I made friends with a couple of Bebo employees. They were interested in how I was doing what I was doing.

This was my introduction to hacking and exploiting. I moved on from Bebo after coming to an agreement with the company that I’d leave them alone. Sadly my friends and I all lost contact, and it was time to move on.

Next came Facebook. At this point I already knew how to code and exploit. I instantly found exploits on Facebook and started again, getting up to mischief. Along the way I meet [redacted] and we became best friends because we share the same ideas and interests. Two years passed and again, my mischief went a bit far, so I got in trouble with Facebook. We resolved the issue and I vowed to never touch Facebook again.

I guess three times lucky, hey? I moved my exploiting to porn sites. After a year I was finally forced to make peace with the porn site I was targeting. I was getting fed up with always having to stop… but I was also getting annoyed at how easy it was to exploit. I needed a challenge.

I took a year off from exploiting to focus on improving my coding skills. I worked for a few people and also on some of my own personal projects, but it got repetitive and I needed a change. At this point, I was actually arrested by the eCrime Unit for apparently being [redacted] from [a hacking group; name redacted]. The charges were dropped since I was innocent. My former friend [redacted] was in prison for hacking so I was feeling quite lonely and not sure what to do. I’ll be honest, he had become like a brother to me.

I kept on coding for a bit, feeling too scared to even look for exploits after what happened to [friend’s name redacted]. (A few years have passed since then — [redacted] is out and he’s learned his lesson.) I knew that hacking was illegal and bad. I’d just like to note that I’ve never once maliciously hacked a site or stolen data, in case you think I was a super blackhat hacker, but the incident also scared me. Especially since I got arrested too.

Because of this and through other life changes, I knew I wanted to help people. I took my exploiting skills and starting looking. I found some exploits instantly and started reporting them to companies to let them know, and to also help fix them. 99% of the companies replied and were extremely thankful. Some even sent me T-shirts, etc.

I started targeting a few sites (I can’t name which because we have NDAs now; I’m still actively helping many). By using my words right, I managed to get in with a few people. I start reporting vulnerabilities and helping many companies. Months passed and one company showed a lot of interest in what I was doing. I got invited to fly over to meet them. I knew something was going right at this point, so I knuckled down and put all of my focus on finding vulnerabilities and reporting them to this company. Things were going great and I soon overloaded their team with more than they could handle. I started looking further afield at more sites, and suddenly I was introduced to HackerOne. I saw that LOADS of sites had bounties and paid for vulnerabilities. I instantly knew that this was where I wanted to stay. To this day I am still active on HackerOne, but normally I run in private programs now (better payouts).

Fast forward through a year of exploiting and helping companies and now we’re here. I’ve been a nerd for ten years. Eight years coding, and around seven years exploiting.

Business Practices

For companies that don’t have a bug bounty, I tend to spend thirty minutes to an hour finding simple bugs such as XSS (cross-site scripting) or CSRF (cross-site request forgery). I’ll try find a contact email and send them a nice detailed email about what I’ve found and what the impact is. I also supply them with information about how they can fix it. I never ask for money or anything over the first few emails — I tend to get their attention first, get them to acknowledge what I’ve found, and get them to agree that I can look for more. At that point I’ll ask if they offer any type of reward for helping them. The majority reply that they are up for rewarding me, due to the amount of help I’ve given them.

After I’ve helped the company for a while and they’ve rewarded me, etc, I usually suggest that they join HackerOne for a much cleaner process of reporting bugs and rewarding me (it also helps my rep on HackerOne). So far two have joined and one started their own private bounty system.

To sum it up, I’ll start of with basic bugs to get their attention, then once I’ve gotten the green light to dig deeper, I’ll go and find the bigger bugs. This helps me not waste my time on companies who don’t care about security. (Trust me, I’ve reported bugs and gotten no reply, or a very rude response!) I like to build a good relationship with companies before putting a lot of hours into looking for bugs. A good relationship with companies is a win-win situation for everyone — they get told about vulnerabilities on their site, and I get rewarded. Perfect.

In case you wanted to know, I’ve helped around ten companies who didn’t have a bug bounty. Nine of them have rewarded me (with either money, swag, or recognition on their website). Only one has told me they don’t offer any type of reward, but welcomed me to look for bugs to help them (pfft, who works for free?). Out of the nine who rewarded me, I’ve built a VERY close relationship with three of them. (Met with one company in January, and meeting with another in June.)

There are two types of companies. Those who simply can’t afford to reward researchers and those who think, “Well, no one has hacked us yet, so why bother paying someone to find bugs?” [Redacted] is probably the worst company I’ve dealt with after reporting a few critical bugs. They rarely reply to bugs, let alone fix them. It took an email letting them know that I was disclosing one bug to the public, to warn users that their information on [redacted] was at risk. After that they finally replied and fixed it.

100% of companies should change their perspectives. Again I’ll use [redacted] as an example. I only really look at their site when I’m bored (which is rarely) and I’ve uncovered a ton of vulns. I wonder what I could find if I spent a week looking for bugs (and if they rewarded me). Companies need to stop thinking, “No one has hacked us yet, so we’re good.”

If a company can’t afford to pay researchers to find bugs, then they should reconsider their business. Hacking is on the rise and it’s not going anywhere anytime soon (if ever). If you honestly can’t afford it, though, then my suggestion (if I was the CEO of a company that couldn’t afford security) would be to run a hackathon within the company. Let the devs go look for bugs and run a competition in-house. Your devs not only learn about writing secure code, but it’s fun too!

Many thanks to [redacted] for writing great answers to my questions.

March 20, 2016

Indifference To Libre Software

Illustration by Christopher Dombres.

I want to quote some passages from an astute but idealistic essay that security developer Matthew Garrett wrote in 2014 about libre software. (If you’re not familiar with that term, go read this long explanation on GNU’s website. Then dive into Richard Stallman’s bonkers absolutist computer habits.) Garrett’s blog post is called “My free software will respect users or it will be bullshit”. He proposes that…

“the freedoms guaranteed by free software are largely academic unless you fall into one of two categories — someone who is sufficiently skilled in the arts of software development to examine and modify software to meet their own needs, or someone who is sufficiently privileged [read: has enough money or social capital] to be able to encourage developers to modify the software to meet their needs.”

He goes on to say:

“Concentrating on philosophical freedoms without considering whether these freedoms provide meaningful benefits to most users risks these freedoms being perceived as abstract ideals, divorced from the real world — nice to have, but fundamentally not important.”

My reaction to this was basically, “Well, yeah. That’s not a risk; that’s a reality. Zero normal people care about libre sofware.” Unless you want to study, change, or redistribute the source code, why even think about the license? The closest you’re going to get to a regular ol’ person who cares about libre software is someone like me, a tech commentator with an inferiority complex because she doesn’t know how to code. And I’m lukewarm on it. Sure, I’m glad that libre software exists, but I don’t think the movement’s priorities are moral imperatives.

By nature, libre software is a niche concern. The majority is never going to care. People vote with their eyeballs and their wallets, and by those measures they’ve overwhelmingly elected proprietary products like Facebook and Apple’s sprawling empire. That’s fine! An influential minority of hackers and their ilk will continue to love and make libre software. We’ll be okay.

March 20, 2016

Tripping Toward Terror

We’re not in the darkest timeline. The darkest timeline wouldn’t be Apple versus FBI and Hulk Hogan versus Gawker and Donald Trump versus Hillary Clinton. The darkest timeline would be drones blowing up American citizens (yes, I do focus on my own country like a dirty jingoist, thanks).

The premise of this newsletter is that cyberpunk is happening now, but that doesn’t mean we occupy the worst possible reality. Our reality is… well, I’d say mediocre. It’s bearable — given my white and middle-class privilege, anyway — but more B- than A+. We could do better. We could do worse, definitely, but we could also do better.

Image via Matt Lyon. Source unknown.

In the darkest timeline, “civil liberties” would be a meaningless phrase everywhere, not just in Turkey, Russia, and the like. The darkest timeline would mean that Trump wins instead of merely having a frighteningly successful candidacy. The darkest timeline would bear most of the features of modern life, plus a lot more dystopian power-fracturing. War, famine, and biological weapons would be unleashed on the poorest places as well as the richest. (I know, this does sound a lot like the future that we’re already building. Shh.)

Personal finance website The Billfold recently posted an interesting anonymous article about someone with a lot of student debt who ended up working in the expat war industry, albeit for an NGO:

“My job was ostensibly to plan the IT and communications infrastructure for the newly established Independent Electoral Commission for Iraq (IECI). Nationwide elections were scheduled for January 2005, only five months away. Given that no one had a firm grasp on how any of this was going to work, my job was initially little more than an intellectual exercise, but concepts had a disconcertingly rapid way of becoming reality in Baghdad. By the end of my second week, I was asked to stay on through February to build what I had planned.”

Aside from the professional pressure, the writer’s story describes bombings as a banal recurring element of daily life. Are we all headed there? I’m skeptical — for example, ISIS poses no material threat to the US. Police officers kill more citizens than terrorism. But we keep pushing ourselves toward escalated violence.

My friend Samio pointed out on Facebook that it’s pretty goddam rich for me to say all of this from the cushy United States. Here is a slightly edited version of his comment:

“In México City we have such poor breathing conditions that we’ll have to filter indoor air soon and only go out with breathing masks. We’re gonna have water shortages. Don’t even get me started on the murders of women, which have become normal. Hell, earlier today the metro line I was on had a major malfunction and chemical smoke burst out. I still can’t breathe fully.

AND EVEN THAT IS NOTHING compared to what someone in Palestine or a Chinese mega-slum is having to deal with right now. The general sentiment that our world is a brutal and nasty place, that life is cheap and everything is gonna get worse, is what the phrase ‘darkest timeline’ seeks to express. In that sense, yes, we’re undeniably fucked.”

Fair enough, Samio. (This is why it’s good to know people with different life experiences! You find out when you’re being arrogant in your assessments of the world!)

March 19, 2016

Universal Basic Income: Is It Feasible?

There was an astute exchange about universal basic income on Hacker News today. Jon Stokes, one of the founders of Ars Technica and a former Wired editor, posted this:

I have the following summary of the how I think that many tech people like [Sam Altman, president of startup accelerator Y Combinator] believe UBI is going to work:

Companies innovate by doing things more cheaply with automation than human workers can do them.

As a result of automation, the more efficient companies reap all the profits in a market as they drive the less efficient companies out of business (and the humans out of jobs).

This bonanza of profits that automation yields is taxed.

The taxes from the accumulated wealth of the winners — wealth that, again, exists because the winning companies’ machines were able to do things more efficiently than the losing companies’ human laborers — go toward paying the laid-off laborers a basic income.

Photo by Nacho Pintos.

Roy Murdock replied:

Optimizing companies will do everything possible to avoid the corporate taxes (>60%) required to make universal basic income a reality. If you are assuming that winning companies are the best at implementing automation and reducing cost, it is a fatal mistake to assume that they will suddenly become charitable when it comes to wealth redistribution — no, they will ‘win’ because they optimize every single aspect of their balance sheets. They’ll move their capital offshore where it will be taxed at a fraction of the US rate. They’ll pay lobbyists to make sure tax loopholes stay open, and that the wealth accretes to the few at the top of the company who run the business. […]

UBI for everyone creates a large misdirection of resources that perpetuates the problem of too many people, too few jobs, social unrest. We have solved this problem in the past through war, which stimulates the economy through government spending, reduces excess labor (especially young, angry, dangerous men), reignites nationalism and social cohesion (against a common and clearly evil enemy such as Hitler), and realigns national incentives towards R&D and infrastructure investment. I am not advocating for war, merely making an observation. Does UBI get distributed to everyone who is unemployed, or only those who are laid off from jobs?

It’s a fair question. How on earth will we fund this endeavor? I’ve written about the intuitive consequence before — if people can’t work, how can they buy?

March 17, 2016

Frankenstein Robotics

Still from a YouTube video by Diamond Dogs.

The gadget (creature?) pictured above is a Dwarf Gekko from the Metal Gear Solid video game series. According to an MGS fan site:

“Beyond using its three manipulator arms to move about, these unmanned weapons possess the dexterity to enter homes and office buildings, operate computer keyboards and open drawers to collect intelligence, and operate a handgun. Small enough to function unhindered in any space designed for human use.”

Something is profoundly creepy about the human-shaped limbs mounted on a robotic ball. It’s like an evil BB-8 designed by HR Giger with input from Hans Bellmer.

Drawing by Hans Bellmer. See more here (NSFW).

In real life, we make humanoid robots because they can navigate “any space designed for human use” — AKA the built environment as it currently exists. We can integrate them into manufacturing, warehouse stocking, and other types of repetitive manual labor. This will potentially have a huge economic impact within a couple of decades, and it’s much easier to get there if we don’t need to rebuild every facility that will be affected. We can slide into the automated future factory by factory instead of jumping in everywhere all at once.

Despite its potential to shape this trend, Boston Dynamics, originator of the infamous BigDog robot, has been put up for sale by Alphabet (Google’s parent company). Apparently the executives at BD haven’t tried hard enough to generate revenue in the near-term. Bloomberg Business also reported that Google’s internal PR apparatus was not keen on BD’s efforts to make androids:

“After [Boston Dynamics’] latest robot video was posted to YouTube, in February, Google’s public-relations team expressed discomfort that Alphabet would be associated with a push into humanoid robotics. […] ‘There’s excitement from the tech press, but we’re also starting to see some negative threads about it being terrifying, ready to take humans’ jobs,’ wrote Courtney Hohne, a director of communications at Google and the spokeswoman for Google X. […] ‘We’re not going to comment on this video because there’s really not a lot we can add, and we don’t want to answer most of the Qs it triggers,’ she wrote.”

The term “uncanny valley” usually refers to the point when an animated human is not quite perfect, but really close — it turns out that being slightly off is much more unsettling than an obvious caricature. We need a similar term for the visceral reaction to repurposed humanness, like the Dwarf Gekko’s three limbs.

Disclosure

Recents Posts

Search