Another short and insightful reply, but where are the mod points. (In my own case, I think they they've been permanently removed.)
And yet no one in this discussion has offered any constructive suggestions on the primary topic. I still have no idea what to do about Huawei's terrible customer support for my latest (and possibly final) Huawei device. They actually sent me email offering to exchange it, which is NOT what I want. Near as I can tell, there is nothing wrong with it, but I just don't understand it properly.
Very succinct response, though I suspect you're trying to argue with a troll. While I agree with you, I think there is actually an adversarial element involved because the corporations (and the fools who think they own and control the corporations rather than vice versa) are locked into the single dimension of money. Therefore they are focused on buying the cheapest politicians, which ultimately evolved into "investing" most of their money in the former Republican Party. Yes, they still make some donations to Democrats, but I think those are more like insurance payments than investments.
Were you talking to me? There is a tangential point of possible contact in my second paragraph.
Based on what you wrote, I think you are quite naive about how the CIA and NSA do things. Also misguided about China, though that's more in the area of exaggeration. There are more similarities in the behavior of corporate cancers than you seem to appreciate.
However your apparent attitude certainly makes it appear that you would hate to be confused by any actual facts that don't support what you've already decided to believe. If you actually want to learn about the topic, then I could recommend a number of books, but right now it does not appear to be worth the effort of checking my records. Up-to-date URLs would require even more effort.
The real problem would be finding evidence that American companies can be trusted, eh?
From the purely economic perspective, China has the most to lose if they allow any private companies to get involved in spying. I'd go even farther and say that the Chinese leaders (including Xi) have redefined "communism" to mean "whatever makes money". That means it would now be an attack on "The Party" if Huawei did anything that threatened their corporate profits.
Having said that, I think the real threat to Huawei's profits is bad customer service. I've actually owned about 6 Huawei devices going back more than a decade. Technically they have all been on the scale from good to excellent, and the prices have put them on the scale from excellent value to superior, but the customer service has always been on the scale from none to miserable. I think if Huawei seriously wants to be an international player in broader areas of consumer electronics, they desperately need to rethink and redo their entire customer service operation. Nuking the support part of their website would be a good start. (Maybe it isn't so gawdawful in Chinese? I'm sure it can't be worse.)
Then again, there are some features to look for to determine if ANY maker's devices have been designed with espionage in mind. Level 0 would be things like unmentioned microphones, but the google just won that boobie prize. Level 1 would be reasonable features like EEPROM that has legitimate purposes but which could be used to install malware. After all, every device may need an upgrade at some point.
Level 2 would be clever design for fail safe concealment of the espionage-related capabilities. For example, a DRAM without power protection could be used for holding malware that would automatically disappear when the power is cut for any reason. Part of the POST could check for the network environment so as to detect if the device has been moved into a trap or DMZ (thus preventing re-installation of the spyware).
Topic really touches a nerve for me, but I'm not going to write a novel-length contribution for Slashdot. Minimal background: My experiences with OSS and earlier forms goes back 3 or 4 decades and I think the potential remains unrealized on both sides. Both the programmers and the users have been let down, and I think the underlying problem is the money. No shit, Sherlock. Economics is about money and the overwhelming money is elsewhere.
As a recovering programmer, let me focus on that side: Why should programmers give away valuable things for free? Various motivations, but altruism is relatively rare. Idealism is probably more frequent, but doesn't pay the bills. I'm pretty sure some of them are hoping to win the lottery and become rich and famous without signing away all ownership to some corporate cancer, but that train left the station long ago... Various other motives, but the bottom line is that OSS remains minor...
So my best fantasy of an alternative solution approach would be to put the cart behind the horse with a charity share brokerage. The objective is cost recovery for the REAL costs (including time) of OSS with the payments committed up front. Kind of like the way you can detect a successful lawyer by the ability to accept only the desirable cases, the OSS programmer would get to accept only the desirable programming projects. That should include projects for new software, new features, support, and even ongoing-cost projects like keeping a server up and running. It also implies fail-safe programming practices, where compliant software would have to check its own update status before doing dangerous things.
Anyway, that's enough time for this can of worms for now, pending expressions of actual interest. Even better if you have a superior solution idea, but there has been little mention of "solution" in this discussion so far. So for now I bid you ADSAuPR, atAJG.
Interesting reply. However I wouldn't have seen it at all if it hadn't been moderated strongly into visibility. It really raises some important questions, though not any questions I have not already considered. I think I have substantive answers for your questions, but first you need to convince me I should make an exception to my policy against responding to ACs.
Okay, on that basis I will attempt to respond that it's (once again) a matter of time and prioritization. For example, I have stacks of manuals and supporting information around here, and I even used to read computer language manuals from cover to cover, but my time is limited. As I've grown older I've become more aware of how limited my time is to the point where my second email sig is now "It took me so long to learn patience that now I have no time to be patient!" I just can't RTFM (and all the manuals I've seen for Facebook are strong on the F).
Even worse, there are bad actors who will deliberately hide crucial information, or bury it in mountains of trivia. There are cases beyond that, as when what seems to be a non-adversarial relationship actually is adversarial, and I think that is largely the situation in Facebook's case. For all of these reasons, I don't think that the victims of Facebook (including yours truly) deserve as much opprobrium and scorn as you want to heap on them.
One more thing. I really doubt anyone fully understood the evil of Facebook while it was being created. Even Zuckerberg was mostly steering blind, though I think he may have "smelled" the power or the money or something lurking in the area. If I was sure that Zuck was evil, then I'd say he was eager to make a deal with the devil, but based on the books I've read about Facebook, I think he just woke up in bed with the devil, but it was okay with him because he was on the money side of the bed.
P.S. Your ad hominem stuff about politicians mostly seems justified, though I think you might be a bit nutty if you regard Obama as some sort of leftist. I would say that Obama is weakly principled but was effectively guided by pragmatism, while Hillary's true principles are probably pretty far to the left, though they are completely masked by her indoctrination as a lawyer. In contrast, I would say that Trump is completely unprincipled and delusional. #PresidentTweety may actually believe he's self-made and I definitely think he believes his own lies, at least for the instant in which he is lying. The interesting aspect of Trump is the volition element. He doesn't have any bad will to deceive, because the truth is irrelevant to him. Trump's bad will is to make the "thing" do what he wants. (The sociopathic aspect of Trump's "personality" sees all human beings as "things" to be manipulated.)
P.P.S. I feel like I was suckered into the Trump topic. I just promised to avoid all things Trump for the next few weeks... It's apparently quite hard to extirpate all things Trump. For example, the name keeps popping up in books published long before he entered politics.
From the description of your system, it sounds well-intentioned, but... People are not flat one-dimensional objects and it sounds like the point system is flattening people that way. On that basis, I guess I can reduce it to two questions, and then clarify how I wish it would work (in terms of MEPR).
(1) If your points are one-dimensional, then how do you justify reducing people to a single number?
(2) If your points are multidimensional, how do you control the dimensionality?
So now the attempt to clarify the context of my questions... First of all, let me say that there are some aspects of the idea that sound good, even excellent--but ANYTHING sounds good when compared to Facebook.
I think there should be a kind of symmetry between what you do and how you are perceived. MEPR (Multidimensional Earned Public Reputation) is my current handle for this idea. Essentially the people who do things should earn positive or negative ratings on various dimensions based on what they did, and the things they do should start with positive or negative ratings based on the person who did them.
Here are a few simple example: If a public comment is made by a person who has a track record of lying, then that comment should be tainted with a low score on the dimension of honesty. If a person has frequently made comments that people regard as funny, then that person should have a positive score on the dimensions related to humor. If politeness is less important to me than fresh ideas, I should be able to adjust my input weights accordingly.
In visible terms, I imagine a pair of icons. On the personal side, one would be the personal icon linked to the data that the person chooses to share. The second would be the MEPR icon, a standardized (radar?) image linked to the public behaviors and data that defines the MEPR values. (And it should be an opt-in system, too. If you want to disable your MEPR, you should be able to do so--but on Slashdot I am glad to ignore the ACs and I would also discount actions from people who reject or deny accountability for their public behaviors.)
As usual, I have wandered too far and used too much time, so I must again bid you ADSAuPR, atAJG.
I'm not doubting your evidence, but I still can't figure out your perspective. However, because I suspect you are blaming the victims it makes me think you are trying to frame the discussion from a Libertarian perspective, where it is "normal" to blame the victims because the Libertarians always think that they themselves are just too damn smart to be victimized. There are various responses (mostly related to information imbalances) that I could offer to your analysis, but if your framing of the "problem" is fundamentally "broken", then it would be a waste of time (for both of us).
Somewhat peripheral, but I think this is a related analysis. Some people are negatively deranged to believe Obama is a Kenyan Muslim Black Panther and Hillary is a super-criminal worse than El Chapo. However it is mostly the SAME people who are positively deranged to believe that Trump is honest and self-made. Maybe your framing is realistic, but you might be leading with your straight cards, like the Obama hater who starts with the "But he was a pothead" attack.
(P.S. I do not think I am deranged to hate liars--but...)
Are you trying to claim that the consent was informed? If so, I dismiss you as some sort of Libertarian. If not, then it is possible we have some underlying agreement on at least some aspects of the problem.
Potentially a distracting topic, but I mostly don't waste time with Libertarian BS these days. Last Libertarian-slanted book was Nudge, which was basically a paean to clever manipulation of the suckers for their own good.
Though I have basically started avoiding Libertarians in recent years, back when I "encountered" them more frequently I mostly concluded that they didn't have much understanding of what "liberty" or "freedom" mean--even though I admit my own understanding was relatively limited at that time. The first part of my Slashdot sig is dated and font-constrained here, but it captures some of my evolution on the topic. Now I think freedom exists, but it ain't easy.
On the other side, there seem to be an increasing number of materialists who disavow the idea of human freedom. They see humans as quite limited and easily manipulated machines. Currently reading 21 Lessons for the 21st Century by Yuval Noah Harari, and so far he seems to be taking that position on the issue.
In answer to the new Subject: question, I was asked by friends to communicate via Facebook. I still hate Facebook as a tool, and just made a kind of resolution to limit my usage of the tool, but it's also "The poor craftsman who blames his tools." But it's also the poor craftsman who doesn't know the differences among tools and who doesn't want the best tool for each job.
On the one hand, I sort of approve of tracking the threats, but on the other hand, who appointed Facebook gawd with the secret inside knowledge of who is and is not a REAL threat that deserves to be tracked?
Actually, it is quite conceivable to me that Facebook has a high-dimension personality profile of each identity. On that basis they might actually have some real basis to know who is actually dangerous and who is just a noisy fool looking for attention. If that hypothesis is valid, then why doesn't Facebook take the next step of discouraging the noisemakers to make it easier to focus on the actual problems?
Facebook will NEVER do it because it would require sharing some of the personal information they've collected on us. They'd have to share it WITH us, and heaven forbid that much honesty. It might reduce the value of OUR personal information that Facebook is hoarding.
Just joking on the theory that Facebook could be more valuable, but it would waste less of my time if the trolls and sock puppets were helped in rendering themselves invisible. (ADSAuPR, atAJG.)
Not sure what triggered your late reply, but sort of curious what you mean by the pain of "having to work with gmail".
I was actually a postmaster for what was probably, at that time, the largest free email system in Tokyo. My vague recollection is that the cooperation among postmasters was always limited.
Other places were mentioned, too, but initially I was most impressed by the number of new employees the google wants to hire. Then I went back to consider where. Why do I smell some sort of propaganda offensive over technical considerations? Or maybe you have a more substantive interpretation? Why does the google want more human baggage?
I feel like I need to clarify that I believe corporate cancers like the google really hate to hire human beings. Real estate speculations might be more attractive, but humans are expensive and unreliable and extremely resistant to upgrades, plus the "smartest people" (whatever that means) tend to be "politically unreliable" (ditto), to boot. My fundamental position is that we need fewer cancers and more choices from smaller corporations.
A few minutes ago I noticed the "Comments Filter" below the post button. It has tabs for the primary dimensions of moderation, so (for example) clicking on the "Funny" tab immediately shows the current 2 funny comments on this story.
Is this a new feature? Or have I been blind, and if so, for how long? Now I don't have to waste time with the text searches on "funny"? Fewer annoying false positives (as distinct from actually bad moderation)?
By the way, the "Funny" comment to which this reply is attached is not very funny. At all. But that's just part of the general brokenness of the moderation system.
I still can't get over the possibility that an actual change has occurred. A new feature?
Naw, I must have been blind and just never noticed it. Probably been there for years if not decades.
If I ever got a mod point to give, I'd have "invested" one in that. However, if you were looking for the uncertain state between insight and funny you would have needed something about the war between natural stupidity and artificial intelligence.
Still not sure it applies to #PresidentTweety. I can't believe that anyone can become that stupid without a whole lot of effort. The ignorance might be natural, but it takes real effort to build such a monumental stupidity on top. Yes, some things have continued to improve, but that's only because Trump has also demonstrated incompetence in tipping over the rest of the apple carts.
No mod for "polemic"? Actually, I'm not sure what dimensions it should get (and which ways) if MEPR was properly implemented.
Well said, and even worth emulating. I'd go farther and wish I sometimes got mod points to help release Shrodinger's Cats.
However, I think the comment about trolls with funny mod points was also insightful, except for the peculiar link to karma. Also, the moderation system remains pretty much broken these years. (MEPR is my favored solution approach, but Slashdot lacks resources to do more than barely survive.)
Question: What is the underlying motivation for creating fake Twitter accounts?
Answer: Cheap credibility. A fresh sock puppet looks just about the same as any other identity on Twitter.
Yes, there's a slight advantage to the accounts with the little blue checked circle, but not much considering the sock puppets can use similar names and there will be plenty of fools who overlook the circle that isn't there.
The generalized solution approach is to reduce the value of the fake accounts. One way to do that would involve MEPR (Multidimensional Earned Public Reputation) as a way to render most identities much less visible until AFTER they earned some more credibility. One of the dimensions should be age, by the way. If the fake accounts start at 0 on all dimensions, but the visibility threshold is just slightly above 0, then they have disappeared (except to each other or to people who want to change the defaults to play with them).
MEPR should be an opt-in metric, of course, though even that is kind of complicated. The degree of participation should be controllable, but essentially you should be able to earn visibility by being a nice person and lose it for being a troll. It might even motivate some people to be nicer to become more visible, eh?
Anyway, enough time spent for now, so I bid you the usual ADSAuPR, atAJG.
Hmm... I don't have hard stats but my feeling is that the spam that actually originates within Gmail is a relatively small part of it. However there is a large fraction of spam that uses Gmail accounts as the drop boxes for the suckers, either with Reply-to: headers or in the body of the pitch.
Since I do most of my spam analysis within Gmail, it is not clear if that is a Gmail-specific problem (of better spammer support) or if the spammers just use that approach for each target email system. In that hypothesis, they would favor Gmail drop boxes for spam to Gmail addresses, but favor Outlook drop boxes for spam to Outlook email addresses, and so on.
(I do have accounts on a couple of other email systems, partly as legacies, but mostly to see if any of them EVER get around to offering decent anti-spam features. Most of my Outlook spam is actually fake identity stuff, but I get almost no email of any kind there.)
You managed to remind me of what I still think is the best solution approach. It's actually another aspect of MEPR (Multidimensional Earned Public Reputation). In this application, the dimensions of concern are those that would indicate a particular person with ACTUAL human intelligence is (or is not) skilled at recognizing spam.
One implementation (but the google will never implement it) would be as an opt-in spammer-fighting tool beyond the incredibly naive Spam button. (The additional phishing-report option is not a real solution, but it's a tiny bit better than nothing.) The spammer-fighting tool I fantasize about would parse the suspected spam and let the human being help assess the various aspects of the spam (and recommend appropriate countermeasures) in a kind of automated dialog. MEPR is relevant so that the email server or website can weight the responses and respond appropriately.
Now it's time for some defeatist moron (or shill) to pop in with the idiotic options-based form letter explaining why you can't fight spam. (I'll ignore it, of course. I'm much too stupid to just give up--but again I remind you of the pump-and-dump stock scam spam.) Therefore I'll just bid you ADSAuPR, atAJG.
Any chance they are correlational attacks from the spammers? I've seen some evidence that at least one of the main spammers has managed to link many of the email address for better impersonation attacks. In that case, what you are describing could be an overreaction from the Gmail filters, perhaps based on pairings that are completely out of your scope...
I always wonder if people who praise Gmail's filters are shills or sycophants, or they just never notice the failures. Anecdotal evidence, but here are a few low points of my experience with Gmail, which I continue to use only because the alternatives seem no better (though some are clearly worse).
(1) I just had another false negative this morning. Especially relevant to today's story because the slightest intelligence, artificial or otherwise, would have known it could not possibly be valid email for me.
(2) There has been a long stream of stupid phishing probes from the same source. My intelligence can clearly tell that they are NOT the google, but they all claim to be from Gmail admins with various kinds of threats of account termination and such.
(3) Biggest problem with false positives is a bit complicated to describe. One of my "professional" email addresses is actually an alumni email address which was switched to Gmail a couple of years ago. As a naive forwarder there had been no problems for many years, but my theory is the google made them an offer they couldn't refuse, so they switched. Therefore I set up the forwarding to my regular working address, which is my first Gmail account, and it seemed to be working normally. Later on I rejoined a professional organization using that alumni email address, but after a year of communication problems I finally discovered that some of the organization's email was being tossed as false positives and NOT being forwarded. I don't really know how much was lost, though I am sure it interfered with my involvement in the organization. Nor was I able to figure out the basis on which Gmail was tossing some of the email, but it certainly has become a major nuisance to try to work with yet another account because I can't trust the google, and even worse because the two accounts are fighting with each other. Near as I can understand the situation, the alumni email account is not a "real" google identity, but some kind of organizational account with slightly different functions.
(4) Other false positives and false negatives continue unabated. Usually they are tilted towards false negatives, which is probably better than more false positives--as long as I'm checking. Oh, wait. That kind of defeats the purpose of the filters, doesn't it?
(5) Perhaps most importantly on the filtering topic is that the spammers have proven that they can live with filters. Their marginal cost remains close enough to zero that they are always willing to spawn another million or billion spam messages. If the google is doing anything to put them out of business, they are certainly hiding it well. And don't give me the sob story about it being impossible before explaining where the pump-and-dump stock scam spam went. The spammers' business models CAN be broken, but the google don't care. (Of course that is sadly true of the alternatives, too. At least all the alternatives I currently know about.)
That's the spamming problem, but going on to other email features... There are a number of features I want, but I am absolutely convinced the google is incapable of moving in such directions. The features they have added over the last few years are mostly features I want to disable, especially this confidential mode garbage. If you don't trust me enough, then I do NOT want to receive your email. The only aspect of confidential email I want is to bounce any such email that is sent to me. (I am not sure if it is a positive thing that the spammers have not yet figured out how to abuse confidential email. But I'm sure they will, given the google's "Live and let spam" attitude.)
Disappointed by the rest of the discussion, but maybe there was some good stuff and my keyword searches failed to find it. These days I'm expecting the moderation to fail (though I also checked the moderated categories).
However, in addition to the presence of DRAM that is not backed up against power outages I did think of one more general category of features the hardware should have. I'm sure there are others, but...
The premise of the DRAM idea is that you (the spy) want the spyware to vanish easily, but that implies you need to be able to install and reinstall it relatively easily. Assuming (dangerously) that you have installed it correctly the first time and in the correct place, then you would want to make sure you don't reinstall it again if that time and place has changed, for example because someone has gotten suspicious and moved the device into a more controlled environment. Therefore the hardware should include some capabilities to help confirm where the device is or that nothing about the environment has changed BEFORE the spyware is restored (after it has erased itself for any reason). Some sort of special diagnostic routines at power on?
Good opening comment, insightful mod deserved, even though it was so short. For now just expressing my surprise.
What I am actually looking for in this discussion of the topic is an analysis of who has the most to lose by getting caught spying on their customers. In theory the players with the most to lose might be the most likely to deliver truly secure devices.
Based on my understanding of how the laws are made in the US, I rather doubt it is the American companies. Corporations are clearly in charge in the American legal system, as most recently proven by the corporation that has (so far) been able to conceal its involvement with Trump's financial shenanigans. Even though it's a foreign corporation, professional courtesy (among sharks and cancers) is more important than other considerations.
Hmm... On that basis, I think I may have surprised myself. A self-ambush of some sort? It could be an argument why Chinese companies could be less trustworthy. Perhaps they aren't proper corporate cancers?
Oh yeah. The other thing I am looking for is consideration of how to do it. I think that shipping the hardware with built-in spying capabilities would be stupid. Too much threat of reverse engineering. Either you want the capability to create special versions for espionage (and there is some evidence that the CIA has done this in the past) or you want to design the software so carefully that a special firmware upgrade can be delivered (and removed) as needed (and this is the approach that I would recommend, if'n anyone asked my opinion).
Hmm... Physical evidence might be the use of DRAM without power backup?
Slashdot Mirror
Another short and insightful reply, but where are the mod points. (In my own case, I think they they've been permanently removed.)
And yet no one in this discussion has offered any constructive suggestions on the primary topic. I still have no idea what to do about Huawei's terrible customer support for my latest (and possibly final) Huawei device. They actually sent me email offering to exchange it, which is NOT what I want. Near as I can tell, there is nothing wrong with it, but I just don't understand it properly.
Very succinct response, though I suspect you're trying to argue with a troll. While I agree with you, I think there is actually an adversarial element involved because the corporations (and the fools who think they own and control the corporations rather than vice versa) are locked into the single dimension of money. Therefore they are focused on buying the cheapest politicians, which ultimately evolved into "investing" most of their money in the former Republican Party. Yes, they still make some donations to Democrats, but I think those are more like insurance payments than investments.
Were you talking to me? There is a tangential point of possible contact in my second paragraph.
Based on what you wrote, I think you are quite naive about how the CIA and NSA do things. Also misguided about China, though that's more in the area of exaggeration. There are more similarities in the behavior of corporate cancers than you seem to appreciate.
However your apparent attitude certainly makes it appear that you would hate to be confused by any actual facts that don't support what you've already decided to believe. If you actually want to learn about the topic, then I could recommend a number of books, but right now it does not appear to be worth the effort of checking my records. Up-to-date URLs would require even more effort.
The real problem would be finding evidence that American companies can be trusted, eh?
From the purely economic perspective, China has the most to lose if they allow any private companies to get involved in spying. I'd go even farther and say that the Chinese leaders (including Xi) have redefined "communism" to mean "whatever makes money". That means it would now be an attack on "The Party" if Huawei did anything that threatened their corporate profits.
Having said that, I think the real threat to Huawei's profits is bad customer service. I've actually owned about 6 Huawei devices going back more than a decade. Technically they have all been on the scale from good to excellent, and the prices have put them on the scale from excellent value to superior, but the customer service has always been on the scale from none to miserable. I think if Huawei seriously wants to be an international player in broader areas of consumer electronics, they desperately need to rethink and redo their entire customer service operation. Nuking the support part of their website would be a good start. (Maybe it isn't so gawdawful in Chinese? I'm sure it can't be worse.)
Then again, there are some features to look for to determine if ANY maker's devices have been designed with espionage in mind. Level 0 would be things like unmentioned microphones, but the google just won that boobie prize. Level 1 would be reasonable features like EEPROM that has legitimate purposes but which could be used to install malware. After all, every device may need an upgrade at some point.
Level 2 would be clever design for fail safe concealment of the espionage-related capabilities. For example, a DRAM without power protection could be used for holding malware that would automatically disappear when the power is cut for any reason. Part of the POST could check for the network environment so as to detect if the device has been moved into a trap or DMZ (thus preventing re-installation of the spyware).
Topic really touches a nerve for me, but I'm not going to write a novel-length contribution for Slashdot. Minimal background: My experiences with OSS and earlier forms goes back 3 or 4 decades and I think the potential remains unrealized on both sides. Both the programmers and the users have been let down, and I think the underlying problem is the money. No shit, Sherlock. Economics is about money and the overwhelming money is elsewhere.
As a recovering programmer, let me focus on that side: Why should programmers give away valuable things for free? Various motivations, but altruism is relatively rare. Idealism is probably more frequent, but doesn't pay the bills. I'm pretty sure some of them are hoping to win the lottery and become rich and famous without signing away all ownership to some corporate cancer, but that train left the station long ago... Various other motives, but the bottom line is that OSS remains minor...
So my best fantasy of an alternative solution approach would be to put the cart behind the horse with a charity share brokerage. The objective is cost recovery for the REAL costs (including time) of OSS with the payments committed up front. Kind of like the way you can detect a successful lawyer by the ability to accept only the desirable cases, the OSS programmer would get to accept only the desirable programming projects. That should include projects for new software, new features, support, and even ongoing-cost projects like keeping a server up and running. It also implies fail-safe programming practices, where compliant software would have to check its own update status before doing dangerous things.
Anyway, that's enough time for this can of worms for now, pending expressions of actual interest. Even better if you have a superior solution idea, but there has been little mention of "solution" in this discussion so far. So for now I bid you ADSAuPR, atAJG.
Interesting reply. However I wouldn't have seen it at all if it hadn't been moderated strongly into visibility. It really raises some important questions, though not any questions I have not already considered. I think I have substantive answers for your questions, but first you need to convince me I should make an exception to my policy against responding to ACs.
Okay, on that basis I will attempt to respond that it's (once again) a matter of time and prioritization. For example, I have stacks of manuals and supporting information around here, and I even used to read computer language manuals from cover to cover, but my time is limited. As I've grown older I've become more aware of how limited my time is to the point where my second email sig is now "It took me so long to learn patience that now I have no time to be patient!" I just can't RTFM (and all the manuals I've seen for Facebook are strong on the F).
Even worse, there are bad actors who will deliberately hide crucial information, or bury it in mountains of trivia. There are cases beyond that, as when what seems to be a non-adversarial relationship actually is adversarial, and I think that is largely the situation in Facebook's case. For all of these reasons, I don't think that the victims of Facebook (including yours truly) deserve as much opprobrium and scorn as you want to heap on them.
One more thing. I really doubt anyone fully understood the evil of Facebook while it was being created. Even Zuckerberg was mostly steering blind, though I think he may have "smelled" the power or the money or something lurking in the area. If I was sure that Zuck was evil, then I'd say he was eager to make a deal with the devil, but based on the books I've read about Facebook, I think he just woke up in bed with the devil, but it was okay with him because he was on the money side of the bed.
P.S. Your ad hominem stuff about politicians mostly seems justified, though I think you might be a bit nutty if you regard Obama as some sort of leftist. I would say that Obama is weakly principled but was effectively guided by pragmatism, while Hillary's true principles are probably pretty far to the left, though they are completely masked by her indoctrination as a lawyer. In contrast, I would say that Trump is completely unprincipled and delusional. #PresidentTweety may actually believe he's self-made and I definitely think he believes his own lies, at least for the instant in which he is lying. The interesting aspect of Trump is the volition element. He doesn't have any bad will to deceive, because the truth is irrelevant to him. Trump's bad will is to make the "thing" do what he wants. (The sociopathic aspect of Trump's "personality" sees all human beings as "things" to be manipulated.)
P.P.S. I feel like I was suckered into the Trump topic. I just promised to avoid all things Trump for the next few weeks... It's apparently quite hard to extirpate all things Trump. For example, the name keeps popping up in books published long before he entered politics.
From the description of your system, it sounds well-intentioned, but... People are not flat one-dimensional objects and it sounds like the point system is flattening people that way. On that basis, I guess I can reduce it to two questions, and then clarify how I wish it would work (in terms of MEPR).
(1) If your points are one-dimensional, then how do you justify reducing people to a single number?
(2) If your points are multidimensional, how do you control the dimensionality?
So now the attempt to clarify the context of my questions... First of all, let me say that there are some aspects of the idea that sound good, even excellent--but ANYTHING sounds good when compared to Facebook.
I think there should be a kind of symmetry between what you do and how you are perceived. MEPR (Multidimensional Earned Public Reputation) is my current handle for this idea. Essentially the people who do things should earn positive or negative ratings on various dimensions based on what they did, and the things they do should start with positive or negative ratings based on the person who did them.
Here are a few simple example: If a public comment is made by a person who has a track record of lying, then that comment should be tainted with a low score on the dimension of honesty. If a person has frequently made comments that people regard as funny, then that person should have a positive score on the dimensions related to humor. If politeness is less important to me than fresh ideas, I should be able to adjust my input weights accordingly.
In visible terms, I imagine a pair of icons. On the personal side, one would be the personal icon linked to the data that the person chooses to share. The second would be the MEPR icon, a standardized (radar?) image linked to the public behaviors and data that defines the MEPR values. (And it should be an opt-in system, too. If you want to disable your MEPR, you should be able to do so--but on Slashdot I am glad to ignore the ACs and I would also discount actions from people who reject or deny accountability for their public behaviors.)
As usual, I have wandered too far and used too much time, so I must again bid you ADSAuPR, atAJG.
I'm not doubting your evidence, but I still can't figure out your perspective. However, because I suspect you are blaming the victims it makes me think you are trying to frame the discussion from a Libertarian perspective, where it is "normal" to blame the victims because the Libertarians always think that they themselves are just too damn smart to be victimized. There are various responses (mostly related to information imbalances) that I could offer to your analysis, but if your framing of the "problem" is fundamentally "broken", then it would be a waste of time (for both of us).
Somewhat peripheral, but I think this is a related analysis. Some people are negatively deranged to believe Obama is a Kenyan Muslim Black Panther and Hillary is a super-criminal worse than El Chapo. However it is mostly the SAME people who are positively deranged to believe that Trump is honest and self-made. Maybe your framing is realistic, but you might be leading with your straight cards, like the Obama hater who starts with the "But he was a pothead" attack.
(P.S. I do not think I am deranged to hate liars--but...)
Are you trying to claim that the consent was informed? If so, I dismiss you as some sort of Libertarian. If not, then it is possible we have some underlying agreement on at least some aspects of the problem.
Potentially a distracting topic, but I mostly don't waste time with Libertarian BS these days. Last Libertarian-slanted book was Nudge , which was basically a paean to clever manipulation of the suckers for their own good.
Though I have basically started avoiding Libertarians in recent years, back when I "encountered" them more frequently I mostly concluded that they didn't have much understanding of what "liberty" or "freedom" mean--even though I admit my own understanding was relatively limited at that time. The first part of my Slashdot sig is dated and font-constrained here, but it captures some of my evolution on the topic. Now I think freedom exists, but it ain't easy.
On the other side, there seem to be an increasing number of materialists who disavow the idea of human freedom. They see humans as quite limited and easily manipulated machines. Currently reading 21 Lessons for the 21st Century by Yuval Noah Harari, and so far he seems to be taking that position on the issue.
In answer to the new Subject: question, I was asked by friends to communicate via Facebook. I still hate Facebook as a tool, and just made a kind of resolution to limit my usage of the tool, but it's also "The poor craftsman who blames his tools." But it's also the poor craftsman who doesn't know the differences among tools and who doesn't want the best tool for each job.
On the one hand, I sort of approve of tracking the threats, but on the other hand, who appointed Facebook gawd with the secret inside knowledge of who is and is not a REAL threat that deserves to be tracked?
Actually, it is quite conceivable to me that Facebook has a high-dimension personality profile of each identity. On that basis they might actually have some real basis to know who is actually dangerous and who is just a noisy fool looking for attention. If that hypothesis is valid, then why doesn't Facebook take the next step of discouraging the noisemakers to make it easier to focus on the actual problems?
Facebook will NEVER do it because it would require sharing some of the personal information they've collected on us. They'd have to share it WITH us, and heaven forbid that much honesty. It might reduce the value of OUR personal information that Facebook is hoarding.
Just joking on the theory that Facebook could be more valuable, but it would waste less of my time if the trolls and sock puppets were helped in rendering themselves invisible. (ADSAuPR, atAJG.)
Not sure what triggered your late reply, but sort of curious what you mean by the pain of "having to work with gmail".
I was actually a postmaster for what was probably, at that time, the largest free email system in Tokyo. My vague recollection is that the cooperation among postmasters was always limited.
Other places were mentioned, too, but initially I was most impressed by the number of new employees the google wants to hire. Then I went back to consider where. Why do I smell some sort of propaganda offensive over technical considerations? Or maybe you have a more substantive interpretation? Why does the google want more human baggage?
I feel like I need to clarify that I believe corporate cancers like the google really hate to hire human beings. Real estate speculations might be more attractive, but humans are expensive and unreliable and extremely resistant to upgrades, plus the "smartest people" (whatever that means) tend to be "politically unreliable" (ditto), to boot. My fundamental position is that we need fewer cancers and more choices from smaller corporations.
As usual, I bid you ADSAuPR, atAJG.
Deserves a Funny mod, but I never get any to give.
A few minutes ago I noticed the "Comments Filter" below the post button. It has tabs for the primary dimensions of moderation, so (for example) clicking on the "Funny" tab immediately shows the current 2 funny comments on this story.
Is this a new feature? Or have I been blind, and if so, for how long? Now I don't have to waste time with the text searches on "funny"? Fewer annoying false positives (as distinct from actually bad moderation)?
By the way, the "Funny" comment to which this reply is attached is not very funny. At all. But that's just part of the general brokenness of the moderation system.
I still can't get over the possibility that an actual change has occurred. A new feature?
Naw, I must have been blind and just never noticed it. Probably been there for years if not decades.
If I ever got a mod point to give, I'd have "invested" one in that. However, if you were looking for the uncertain state between insight and funny you would have needed something about the war between natural stupidity and artificial intelligence.
Still not sure it applies to #PresidentTweety. I can't believe that anyone can become that stupid without a whole lot of effort. The ignorance might be natural, but it takes real effort to build such a monumental stupidity on top. Yes, some things have continued to improve, but that's only because Trump has also demonstrated incompetence in tipping over the rest of the apple carts.
No mod for "polemic"? Actually, I'm not sure what dimensions it should get (and which ways) if MEPR was properly implemented.
Well said, and even worth emulating. I'd go farther and wish I sometimes got mod points to help release Shrodinger's Cats.
However, I think the comment about trolls with funny mod points was also insightful, except for the peculiar link to karma. Also, the moderation system remains pretty much broken these years. (MEPR is my favored solution approach, but Slashdot lacks resources to do more than barely survive.)
Question: What is the underlying motivation for creating fake Twitter accounts?
Answer: Cheap credibility. A fresh sock puppet looks just about the same as any other identity on Twitter.
Yes, there's a slight advantage to the accounts with the little blue checked circle, but not much considering the sock puppets can use similar names and there will be plenty of fools who overlook the circle that isn't there.
The generalized solution approach is to reduce the value of the fake accounts. One way to do that would involve MEPR (Multidimensional Earned Public Reputation) as a way to render most identities much less visible until AFTER they earned some more credibility. One of the dimensions should be age, by the way. If the fake accounts start at 0 on all dimensions, but the visibility threshold is just slightly above 0, then they have disappeared (except to each other or to people who want to change the defaults to play with them).
MEPR should be an opt-in metric, of course, though even that is kind of complicated. The degree of participation should be controllable, but essentially you should be able to earn visibility by being a nice person and lose it for being a troll. It might even motivate some people to be nicer to become more visible, eh?
Anyway, enough time spent for now, so I bid you the usual ADSAuPR, atAJG.
Hmm... I don't have hard stats but my feeling is that the spam that actually originates within Gmail is a relatively small part of it. However there is a large fraction of spam that uses Gmail accounts as the drop boxes for the suckers, either with Reply-to: headers or in the body of the pitch.
Since I do most of my spam analysis within Gmail, it is not clear if that is a Gmail-specific problem (of better spammer support) or if the spammers just use that approach for each target email system. In that hypothesis, they would favor Gmail drop boxes for spam to Gmail addresses, but favor Outlook drop boxes for spam to Outlook email addresses, and so on.
(I do have accounts on a couple of other email systems, partly as legacies, but mostly to see if any of them EVER get around to offering decent anti-spam features. Most of my Outlook spam is actually fake identity stuff, but I get almost no email of any kind there.)
You managed to remind me of what I still think is the best solution approach. It's actually another aspect of MEPR (Multidimensional Earned Public Reputation). In this application, the dimensions of concern are those that would indicate a particular person with ACTUAL human intelligence is (or is not) skilled at recognizing spam.
One implementation (but the google will never implement it) would be as an opt-in spammer-fighting tool beyond the incredibly naive Spam button. (The additional phishing-report option is not a real solution, but it's a tiny bit better than nothing.) The spammer-fighting tool I fantasize about would parse the suspected spam and let the human being help assess the various aspects of the spam (and recommend appropriate countermeasures) in a kind of automated dialog. MEPR is relevant so that the email server or website can weight the responses and respond appropriately.
Now it's time for some defeatist moron (or shill) to pop in with the idiotic options-based form letter explaining why you can't fight spam. (I'll ignore it, of course. I'm much too stupid to just give up--but again I remind you of the pump-and-dump stock scam spam.) Therefore I'll just bid you ADSAuPR, atAJG.
Any chance they are correlational attacks from the spammers? I've seen some evidence that at least one of the main spammers has managed to link many of the email address for better impersonation attacks. In that case, what you are describing could be an overreaction from the Gmail filters, perhaps based on pairings that are completely out of your scope...
I always wonder if people who praise Gmail's filters are shills or sycophants, or they just never notice the failures. Anecdotal evidence, but here are a few low points of my experience with Gmail, which I continue to use only because the alternatives seem no better (though some are clearly worse).
(1) I just had another false negative this morning. Especially relevant to today's story because the slightest intelligence, artificial or otherwise, would have known it could not possibly be valid email for me.
(2) There has been a long stream of stupid phishing probes from the same source. My intelligence can clearly tell that they are NOT the google, but they all claim to be from Gmail admins with various kinds of threats of account termination and such.
(3) Biggest problem with false positives is a bit complicated to describe. One of my "professional" email addresses is actually an alumni email address which was switched to Gmail a couple of years ago. As a naive forwarder there had been no problems for many years, but my theory is the google made them an offer they couldn't refuse, so they switched. Therefore I set up the forwarding to my regular working address, which is my first Gmail account, and it seemed to be working normally. Later on I rejoined a professional organization using that alumni email address, but after a year of communication problems I finally discovered that some of the organization's email was being tossed as false positives and NOT being forwarded. I don't really know how much was lost, though I am sure it interfered with my involvement in the organization. Nor was I able to figure out the basis on which Gmail was tossing some of the email, but it certainly has become a major nuisance to try to work with yet another account because I can't trust the google, and even worse because the two accounts are fighting with each other. Near as I can understand the situation, the alumni email account is not a "real" google identity, but some kind of organizational account with slightly different functions.
(4) Other false positives and false negatives continue unabated. Usually they are tilted towards false negatives, which is probably better than more false positives--as long as I'm checking. Oh, wait. That kind of defeats the purpose of the filters, doesn't it?
(5) Perhaps most importantly on the filtering topic is that the spammers have proven that they can live with filters. Their marginal cost remains close enough to zero that they are always willing to spawn another million or billion spam messages. If the google is doing anything to put them out of business, they are certainly hiding it well. And don't give me the sob story about it being impossible before explaining where the pump-and-dump stock scam spam went. The spammers' business models CAN be broken, but the google don't care. (Of course that is sadly true of the alternatives, too. At least all the alternatives I currently know about.)
That's the spamming problem, but going on to other email features... There are a number of features I want, but I am absolutely convinced the google is incapable of moving in such directions. The features they have added over the last few years are mostly features I want to disable, especially this confidential mode garbage. If you don't trust me enough, then I do NOT want to receive your email. The only aspect of confidential email I want is to bounce any such email that is sent to me. (I am not sure if it is a positive thing that the spammers have not yet figured out how to abuse confidential email. But I'm sure they will, given the google's "Live and let spam" attitude.)
Disappointed by the rest of the discussion, but maybe there was some good stuff and my keyword searches failed to find it. These days I'm expecting the moderation to fail (though I also checked the moderated categories).
However, in addition to the presence of DRAM that is not backed up against power outages I did think of one more general category of features the hardware should have. I'm sure there are others, but...
The premise of the DRAM idea is that you (the spy) want the spyware to vanish easily, but that implies you need to be able to install and reinstall it relatively easily. Assuming (dangerously) that you have installed it correctly the first time and in the correct place, then you would want to make sure you don't reinstall it again if that time and place has changed, for example because someone has gotten suspicious and moved the device into a more controlled environment. Therefore the hardware should include some capabilities to help confirm where the device is or that nothing about the environment has changed BEFORE the spyware is restored (after it has erased itself for any reason). Some sort of special diagnostic routines at power on?
Is the solution too obvious?
Not fair. China hasn't been in the game long enough.
That's if you start from 1949. If you do it the other way, then the United States hasn't been in the game long enough.
Still I would agree the insightful mod was earned.
Good opening comment, insightful mod deserved, even though it was so short. For now just expressing my surprise.
What I am actually looking for in this discussion of the topic is an analysis of who has the most to lose by getting caught spying on their customers. In theory the players with the most to lose might be the most likely to deliver truly secure devices.
Based on my understanding of how the laws are made in the US, I rather doubt it is the American companies. Corporations are clearly in charge in the American legal system, as most recently proven by the corporation that has (so far) been able to conceal its involvement with Trump's financial shenanigans. Even though it's a foreign corporation, professional courtesy (among sharks and cancers) is more important than other considerations.
Hmm... On that basis, I think I may have surprised myself. A self-ambush of some sort? It could be an argument why Chinese companies could be less trustworthy. Perhaps they aren't proper corporate cancers?
Oh yeah. The other thing I am looking for is consideration of how to do it. I think that shipping the hardware with built-in spying capabilities would be stupid. Too much threat of reverse engineering. Either you want the capability to create special versions for espionage (and there is some evidence that the CIA has done this in the past) or you want to design the software so carefully that a special firmware upgrade can be delivered (and removed) as needed (and this is the approach that I would recommend, if'n anyone asked my opinion).
Hmm... Physical evidence might be the use of DRAM without power backup?