The Institutions of Science With Lord Martin Rees
I love just about every answer that Martin Rees gives in this wide-ranging interview.
I love just about every answer that Martin Rees gives in this wide-ranging interview.
This observation feels spot-on to me:
The shift that I noticed, totally anecdotally, is literary writers are starting to write more dystopian climate futures and science fiction writers are starting to write about climate solutions.
There’s a repeated catchphrase used throughout Christopher Nolan’s film Tenet: ignorance is our ammunition.
There are certainly situations where knowledge is regrettable. The somewhat-silly thought experiment of Roko’s basilisk is one example. Once you have knowledge of it, you can’t un-know it, and so you become complicit.
Or, to use another example, I think it was Jason who told me that if you want to make someone’s life miserable, just teach them about typography. Then they’ll see all the terrible kerning out there in the world and they won’t be able to un-see it.
I sometimes wish I could un-learn all I’ve learned about cryptobollocks (I realise that the term “cryptocurrency” is the more widely-used phrase, but it’s so inaccurate I’d rather use a clearer term).
I sometimes wish I could go back to having the same understanding of cryptobollocks as most people: some weird new-fangled technology thing that has something to do with “the blockchain.”
But I delved too deep. I wanted to figure out why seemingly-smart people were getting breathlessly excited about something that sounds fairly ludicrous. Yet the more I learned, the more ludicrous it became. Bitcoin and its ilk are even worse than the occassional headlines and horror stories would have you believe.
The reason I have such a visceral reaction to crypto projects isn’t just that they’re irresponsibly designed and usually don’t achieve what they promise. It’s also that the thing they promise sounds like a fucking nightmare.
Or, as Simon responded to someone wondering why there was so much crypto hate:
We hate it because we understand it.
I have yet to encounter a crypto project that isn’t a Ponzi scheme. I don’t mean like a Ponzi scheme. I mean they’re literally Ponzi schemes: zero-sum racing to the bottom built entirely on the greater fool theory. The only difference between traditional Ponzi schemes and those built on crypto is that crypto isn’t regulated. Yet.
I recently read The Glass Hotel by Emily St. John Mandel, a novel with the collapse of a Ponzi scheme at its heart. In the aftermath of the scheme’s collapse, there are inevitable questions like “How could you not know?” The narrator answers that question:
It’s possible to both know and not know something.
I’ve been thinking about that a lot.
Clearleft recently took on a project that involves cryptobollocks. Just to be clear, the client is not a fly-by-night crypto startup. This is an established financial institution. It’s not like Mike’s shocking decision to join Kraken of all places.
But in some ways, the fact that this is a respected company almost makes it worse. It legitimises cryptobollocks. It makes it more likely for “regular” folk to get involved (and scammed).
Every Thursday we have an end-of-week meeting and get a summary of how various projects are going. Every time there’s an update about the cryptobollocks project, my heart sinks. By all accounts, the project is going well. That means smart and talented people are using the power of design to make the world a little bit worse.
What will the metrics of success be for this project? Will success be measured by an increase in the amount of Bitcoin trading? I find it hard to see how that can possibly be called successful.
And I haven’t even mentioned the environmental impact of proof-of-work.
Right now, Clearleft is in the process of trying to become a B corp. It’s a long process that involves a lot of box-ticking to demonstrate a genuine care for the environment. There’s no checkbox about cryptobollocks. And yet the fact that we might enable even a few transactions on a proof-of-work blockchain makes a complete mockery of all of our sustainability initiatives.
This is why I wish I could un-know what I know. I wish I could just hear the project updates and say, “Crypto? Don’t know much about it.” But I can’t.
For seventeen years, I’ve felt nothing but pride in the work that Clearleft has done. I’d happily talk about any one of the case studies we’ve worked on. Even on projects that didn’t pan out as expected, or that had all sorts of tricky complications, the work has always been second-to-none. To quote the Agile prime directive:
Everyone did the best job they could, given what they knew at the time, their skills and abilities, the resources available, and the situation at hand.
Now, for the first time, I can’t get past that phrase “what they knew at the time.” On the one hand, I’m sure that when they started this project, none of my colleagues knew quite how damaging cryptobollocks is. On the other hand, the longer the project goes on, the harder it is to maintain that position.
It’s possible to both know and not know something.
This is a no-win situation. If the project goes badly, that’s not good for Clearleft or the client. But if the project goes well, that’s not good for the world.
There’s probably not much I can do about this particular project at this point. But I can at least try to make sure that Clearleft doesn’t take on work like this again.
I really like this experiment that Jim is conducting on his own site. I might try to replicate it sometime!
This is kind of brilliant:
Maybe what’s needed for websites and web apps is a kind of Prepper Web Dev?
Not much stays in one place for one long, especially when it comes to digital artifacts. When the Yahoo Groups archive was summarily deleted by parent company Verizon just a few years ago, fandom suffered massive losses, just as it had during the Livejournal purges of the late 02000s, and during the Tumblr porn ban in 02018. Fandom preservation, then, ties into the larger issue of digital preservation as a whole, and specifically the question of how individual and group emotions and experiences — which make up so much of what it means to be a fan — can be effectively documented, annotated, and saved.
The best climate fiction can do more than spur us to action to save the world we have — it can help us conceptualize the worlds, both beautiful and dire, that may lie ahead. These stories can be maps to the future, tools for understanding the complex systems that intertwine with the changing climates to come.
The Long Now foundation has a write-up on my recently-lost long bet:
On February 22, 02011, Jeremy Keith made a prediction that he hoped would be proven wrong.
Comparing and contrasting two different takes on long-term thinking in sci-fi: Dune and Foundation.
In a moment of broader cultural gloominess, Dune’s perspective may resonate more with the current movie-going public. Its themes of long-term ecological destruction, terraforming, and the specter of religious extremism seem in many ways ripped out of the headlines, while Asimov’s technocratic belief in scholarly wisdom as a shining light may be less in vogue. Ultimately, though, the core appeal of these works is not in how each matches with the fashion of today, but in how they look forward through thousands of years of human futures, keeping our imagination of long-term thinking alive.
This speculative version of the internet archive invites you to see how websites will look in 2046.
A non-profit foundation dedicated to long-term digital preservation.
Imagine if we could place ourselves 100 years into the future and still have access to the billions of photos shared by millions of people on Flickr, one of the best documented, broadest photographic archives on the planet.
The Flickr Foundation represents our commitment to stewarding this digital, cultural treasure to ensure its existence for future generations.
Its first act is the renewal of the Flickr Commons.
On one hand, it shows optimism, hope and compassion for the future of the planet. On the other hand, it shows the ever lasting detriment of our actions when it comes to single-use plastic.
I should emphasize that rejecting longtermism does not mean that one must reject long-term thinking. You ought to care equally about people no matter when they exist, whether today, next year, or in a couple billion years henceforth. If we shouldn’t discriminate against people based on their spatial distance from us, we shouldn’t discriminate against them based on their temporal distance, either. Many of the problems we face today, such as climate change, will have devastating consequences for future generations hundreds or thousands of years in the future. That should matter. We should be willing to make sacrifices for their wellbeing, just as we make sacrifices for those alive today by donating to charities that fight global poverty. But this does not mean that one must genuflect before the altar of “future value” or “our potential,” understood in techno-Utopian terms of colonizing space, becoming posthuman, subjugating the natural world, maximizing economic productivity, and creating massive computer simulations stuffed with 1045 digital beings.
How do you keep knowledge alive over centuries? Stuff that seems big enough for a group of people to worry about at the time, but not so big it makes world news. Not the information that gets in all the textbooks, but just the stuff that makes the world gently tick over.
The World Wide Web at its best is a mechanism for people to share what they know, almost always for free, and to find one’s community no matter where you are in the world.
When we find remains of beavers, we assume they built beaver dams, even if we don’t immediately find remnants of such dams. The beaver dams are part of what biologists would call the animal’s extended phenotype, an unavoidable necessity of the ecological niche that the beaver occupies. When we find Homo sapiens skeletons, however, we instead imagine the people naked, feasting on berries, without shelter, and without social differentiation.
A terrific piece by Jonathan Zittrain on bitrot and online digital preservation:
Too much has been lost already. The glue that holds humanity’s knowledge together is coming undone.
Wait a minute. There is no real difference between the dataome—our externalized world of books and computers and machines and robots and cloud servers—and us. That means the dataome is a genuine alternative living system here on the planet. It’s dependent on us, but we’re dependent on it too. And for me that was nerve-wracking. You get to the point of looking at it and going, Wow, the alien world is here, and it’s right under our nose, and we’re interacting with it constantly.
I like this Long Now view of our dataome:
We are constantly exchanging information that enables us to build a library for survival on this planet. It’s proven an incredibly successful approach to survival. If I can remember what happened 1,000 years ago, that may inform me for success today.
The Long Now Foundation is dedicated to long-term thinking. I’ve been a member for quite a few years now …which, in the grand scheme of things, is not very long at all.
One of their projects is Long Bets. It sets out to tackle the problem that “there’s no tax on bullshit.” Here’s how it works: you make a prediction about something that will (or won’t happen) by a particular date. So far, so typical thought leadery. But then someone else can challenge your prediction. And here’s the crucial bit: you’ve both got to place your monies where your mouths are.
Ten years ago, I made a prediction on the Long Bets website. It’s kind of meta:
The original URL for this prediction (www.longbets.org/601) will no longer be available in eleven years.
I made the prediction on February 22nd, 2011 when my mind was preoccupied with digital preservation.
One year later I was on stage in Wellington, New Zealand, giving a talk called Of Time And The Network. I mentioned my prediction in the talk and said:
If anybody would like to take me up on that bet, you can put your money down.
Matt was also speaking at Webstock. When he gave his talk, he officially accepted my challenge.
So now it’s a bet. We both put $500 into the pot. If I win, the Bletchly Park Trust gets that money. If Matt wins, the money goes to The Internet Archive.
As I said in my original prediction:
I would love to be proven wrong.
That was ten years ago today. There’s just one more year to go until the pleasingly alliterative date of 2022-02-22 …or as the Long Now Foundation would write it, 02022-02-22 (gotta avoid that Y10K bug).
It is looking more and more likely that I will lose this bet. This pleases me.
Two-factor authentication is generally considered A Good Thing™️ when you’re logging in to some online service.
The word “factor” here basically means “kind” so you’re doing two kinds of authentication. Typical factors are:
Asking for a password and an email address isn’t two-factor authentication. They’re two pieces of identification, but they’re the same kind (something you know). Same goes for supplying your fingerprint and your face: two pieces of information, but of the same kind (something you are).
None of these kinds of authentication are foolproof. All of them can change. All of them can be spoofed. But when you combine factors, it gets a lot harder for an attacker to breach both kinds of authentication.
The most common kind of authentication on the web is password-based (something you know). When a second factor is added, it’s often connected to your phone (something you have).
Every security bod I’ve talked to recommends using an authenticator app for this if that option is available. Otherwise there’s SMS—short message service, or text message to most folks—but SMS has a weakness. Because it’s tied to a phone number, technically you’re only proving that you have access to a SIM (subscriber identity module), not a specific phone. In the US in particular, it’s all too easy for an attacker to use social engineering to get a number transferred to a different SIM card.
Still, authenticating with SMS is an option as a second factor of authentication. When you first sign up to a service, as well as providing the first-factor details (a password and a username or email address), you also verify your phone number. Then when you subsequently attempt to log in, you input your password and on the next screen you’re told to input a string that’s been sent by text message to your phone number (I say “string” but it’s usually a string of numbers).
There’s an inevitable friction for the user here. But then, there’s a fundamental tension between security and user experience.
In the world of security, vigilance is the watchword. Users need to be aware of their surroundings. Is this web page being served from the right domain? Is this email coming from the right address? Friction is an ally.
But in the world of user experience, the opposite is true. “Don’t make me think” is the rallying cry. Friction is an enemy.
With SMS authentication, the user has to manually copy the numbers from the text message (received in a messaging app) into a form on a website (in a different app—a web browser). But if the messaging app and the browser are on the same device, it’s possible to improve the user experience without sacrificing security.
If you’re building a form that accepts a passcode sent via SMS, you can use the
autocomplete attribute with a value of “one-time-code”. For a six-digit passcode, your
input element might look something like this:
<input type="text" maxlength="6" inputmode="numeric" autocomplete="one-time-code">
With one small addition to one HTML element, you’ve saved users some tedious drudgery.
There’s one more thing you can do to improve security, but it’s not something you add to the HTML. It’s something you add to the text message itself.
Let’s say your website is example.com and the text message you send reads:
Your one-time passcode is 123456.
Add this to the end of the text message:
So the full message reads:
Your one-time passcode is 123456. @example.com #123456
The first line is for humans. The second line is for machines. Using the @ symbol, you’re telling the device to only pre-fill the passcode for URLs on the domain example.com. Using the # symbol, you’re telling the device the value of the passcode. Combine this with
autocomplete="one-time-code" in your form and the user shouldn’t have to lift a finger.
I’m fascinated by these kind of emergent conventions in text messages. Remember that the @ symbol and # symbol in Twitter messages weren’t ideas from Twitter—they were conventions that users started and the service then adopted.
It’s a bit different with the one-time code convention as there is a specification brewing from representatives of both Google and Apple.
Tess is leading from the Apple side and she’s got another iron in the fire to make security and user experience play nicely together using the convention of the
/.well-known directory on web servers.
You can add a URL for
/.well-known/change-password which redirects to the form a user would use to update their password. Browsers and password managers can then use this information if they need to prompt a user to update their password after a breach. I’ve added this to The Session.
Oh, and on that page where users can update their password, the
autocomplete attribute is your friend again:
<input type="password" autocomplete="new-password">
If you want them to enter their current password first, use this:
<input type="password" autocomplete="current-password">
All of the things I’ve mentioned—the
autocomplete attribute, origin-bound one-time codes in text messages, and a well-known URL for changing passwords—have good browser support. But even if they were only supported in one browser, they’d still be worth adding. These additions do absolutely no harm to browsers that don’t yet support them. That’s progressive enhancement.