Showing posts from 2018

Your silly email parser is not good enough

Read and weep. The originators of the internet have deemed this ( RFC 5321 , 5322 ) to be a valid email address: Address: <(!) "foo;bar,shar!" (woof """) @ (blah; zar, far) +-! (???)> Local part: <(!) "foo;bar,shar!" (woof """) > Domain: <+-!> Domain is VALID according to RFC 5322 The text inside parentheses are comments. Yes, our forefathers saw it fit to allow email addresses to contain comments. Maybe to include instructions for the postman. The local part is preserved exactly as-is because of the following : "Consequently, and due to a long history of problems when intermediate hosts have attempted to optimize transport by modifying them, the local-part MUST be interpreted and assigned semantics only by the host specified in the domain part of the address." Detailed analysis of the address's structure: Root at 1:1 addr_spec at 1:1 local_part at 1:1 quo

Facebook predictions: The campaign against Zuckerberg is about message control

Context: Like Google, and the rest of the almost-parasitic surveillance capitalism, Facebook is a snooper. Like Google, they position themselves to be unavoidable: Through Google Analytics, Google is there on most websites you visit. Through popular web frameworks like React, so is Facebook. If you use Android or a Google app, Google knows everything about you through your phone. If you use Facebook, Instagram or WhatsApp – so does Facebook. Observation: There is currently a media campaign against Facebook. This campaign is: Coordinated. Facebook hit pieces are appearing across a variety of media outlets. Persistent. Facebook hit pieces have been appearing since Donald Trump's election. Misleading. A headline will say Facebook shared your private messages with Netflix. It turns out Netflix had technical ability to access your messages as part of a cooperation to insert video into chat. The article emphasizes how a Netflix developer might have abused this . Facebook d

Simple things that do not work in the US

In the well-established tradition of being a grumpy person who complains, I can't resist describing a couple unexpected things a European might expect would work in the US, which do not work well at all. In this post, I avoid major things. If I didn't, I'd have to start with the US medical system. Or the extortion-enabling software patent system. Or the gerrymandering of political districts. Or first-past-the-post voting instead of ranked-choice. Or the lack of any accountability by the "news media" - of any brand - to report what's true and important, and to not misinform with what's false and unimportant. You get the gist. This is about a couple of everyday things. Dysfunctional Telephones Unlike any other country I've lived in, in the US you can expect to be bothered by illegal spam calls with faked caller ID numbers multiple times a day. I'm in the "Do Not Call" registry, yet today I'd been up for 4 hours and had already r

Redditors with absolute powers

For the past few years, I've been conducting an experiment. It began unconsciously, simply because my obstinate character has sparked conflict. (I'm trying to defuse this tendency.) However, I've continued because I realized what was happening to me was unfair, and the problem was bigger than me. In the absence of external limitations, I wanted to see how much of a reason people need to indulge their power in unfair ways. I'm talking about Reddit moderators. Though their power is a despot in a teapot, these are as close to "divine beings" with absolute power as we have. Even police officers – who in the US can kill people at random , or throw flash grenades into children's cribs – even they face inconvenience. They might hear a reprimand from their boss, their department might face a lawsuit, there may be media attention. There might even be a grand jury, though almost never an indictment . In a virtual community though, there are no consequences for

Faux stoicism of the confused libertarian / Trumpian variety

I recently read about a woman who committed suicide. She had a degenerative muscular condition that was kept in check by expensive medicine. Under Trump, funding to two of the programs she used was cut. The supplier of the medicine that kept her from dying a slow agonizing death announced billions in profits and a price increase in the same week and she wasn't going to be able to afford it. One of her last posts was that she had about a week's supply left. She put a message on a group board asking someone to come pick up her cats and take them to her mother's house and hung herself. If one tells this story to the right people – to many of the Trump supporters – they are willing to say "good riddance" to this person to one's face. They feel no one should be forcing them to pay for other people's health care, and if people with degenerative conditions die, that's a righteous outcome of natural selection. Very likely, the pills she needed were only a

Dunning-Kruger effect in academic subjects without test of truth

Earlier this decade, a computer simulation showed that, because of the Dunning–Kruger effect , a democracy cannot consistently elect better than mediocre people: Mato Nagel, a sociologist in Germany, recently implemented Dunning and Kruger's theories by computer-simulating a democratic election. In his mathematical model of the election, he assumed that voters' own leadership skills were distributed on a bell curve — some were really good leaders, some, really bad, but most were mediocre — and that each voter was incapable of recognizing the leadership skills of a political candidate as being better than his or her own. When such an election was simulated, candidates whose leadership skills were only slightly better than average always won. I'm not sure if anyone has tried to research this further. However, it comes to mind that if this result is true, it can be extended to academic fields of study. Education is commonly divided into STEM – science, technology, engineer

We kept it gray

Thanks to the work, feedback, and help of many others over a period of years, I can now call myself a published author! (*) (*) Technically correct - the best kind of correct! RFC 8308 : Extension Negotiation in the Secure Shell (SSH) Protocol RFC 8332 : Use of RSA Keys with SHA-256 and SHA-512 in the Secure Shell (SSH) Protocol Though to be completely correct – the first was this small but honorable mention in 2012: RFC 6668 : SHA-2 Data Integrity Verification for the Secure Shell (SSH) Transport Layer Protocol This Futurama quote is now applicable to me as well. :)

The five principles of negotiation (for young adults)

I'm not yet 38, but if I'm not yet experienced enough to teach these basics, I may never be. All of this advice is based on my past mistakes. Take it with a grain of salt, and apply with prudence. :) If you can at all avoid it – don't negotiate with scrooges . You can recognize a scrooge in that they not only negotiate hard, but also low-ball every offer, and seem to want to nickel and dime you with respect to every term and condition. If you can avoid negotiating with these people, avoid it. If you are selling, sometimes they will still buy your stuff on your terms, but most of the time they walk away from the transaction. You want them to walk away. If you get their business, you will be a slave to them. In most transactions, there can be substantial give and take. A fair price is 50, but a buyer is willing to pay up to 80 – with clenched teeth. At the same time, the seller may be willing to sell for as low as 20 before they really regret it. Scrooges are hell-bent on ma

Missing web security feature: Signed web assets with browser validation

It is finally expected that reputable websites use TLS for all connections. Google, Bing, Facebook, Reddit, many smaller websites, even this blog – we all use HTTPS by default. This protects the privacy and integrity of internet browsing from intrusion near the user, or between the user and server. At the same time, though, a security threat is encroaching from the server direction. Increasingly, no one except a few large corporations has control over their servers anymore. Even data that needs to conform to HIPAA security requirements is being moved into "the cloud" – which is to say, onto computers managed by a few companies. This is primarily the largest cloud provider, Amazon; trailed by Microsoft, IBM, and Google. It's not just that the servers reside at these large providers in the form of virtual machines which can potentially be accessed by the provider, or any government that can compel them . It's also that increasingly, servers are being abstracted awa

Samsung Galaxy: Buggy alerts in both Samsung and Google Calendar

I used to rely on the Calendar app on my Samsung Galaxy. Then, something changed. Maybe it's that I upgraded the phone; maybe an update broke the calendar functionality. Either way, for some reason, alerts now no longer work. I was supposed to be on a call today. It was scheduled a week in advance, so I used the Calendar app. The event was set up, and was configured to alert me 30 minutes before. The time zone was correct. The phone was on; sound was on; and the app was permitted to alert and show notifications. There was no alert. I was not present on the call, and this may have cost my company business. I remembered this happening once before, but at that time I figured I must have configured something incorrectly. This time, I double checked. An alert should have happened, and did not. My wife uses a different Samsung Galaxy with the same app, and has also experienced alerts that don't occur. I tried switching the Samsung Calendar app for the Google Calendar app. B