sarahjamielewis

sarahjamielewis, 12 days ago to random

After writing this note on Recall (https://mastodon.social/@sarahjamielewis/112482021770758791) a few weeks back, I've received many messages under the assumption that I don't understand how DRM / OS interaction works.

As if the integration of a broken, backwards technology into the core of our computing systems happened by accident.

"No, you see the OS doesn't get to see those bits of the screen, so it totally makes sense why the system scraps your financial documents and passwords but not netflix" - utterly unhinged worldview

sarahjamielewis, 10 months ago to random

Experience has shown me that there is no real way to combat "not even wrong" claims about privacy and security in the secure communications space.

Demonstrating critical issues results in hostility and a quick patch that does nothing to fix the underlying systemic issue (at best).

Yes I find myself growing tired of holding my tongue while these apps are promoted or, somewhat more dispiriting, held up as models of good privacy engineering.

Caveat Emptor?

sarahjamielewis, 9 months ago to random

Starting to mentally bucket the Rust ecosystem in the same place I bucket the Python ecosystem i.e. "I'll only use it if I have no other practical option, isolated from as much as possible".

Trying to work out if this is just the end of a long-honeymoon, or if things have actually gotten that much worse.

sarahjamielewis, 11 months ago to random

The thing about "privacy-preserving" telemetry is that it is orthogonal to the actual ethical issue at the heart of telemetry discussions - informed consent.

Anonymization processes might aid you informing people that the risks (to them) of such collection are minimal compared to the benefits (to them) of such telemetry. But either way, to be ethical, you still have to make that argument without coercion or trickery.

sarahjamielewis, 11 months ago to random

Ok..before I set off down a dangerous road...

Does anyone know of a way to omit .comment sections during linking?

Most compilers have a mechanism to omit them during compilation, but I have some artifacts that need to be linked in which contain a .comment section that I neither need nor want.

Note: I know how I could strip the section from the artifact, but I wish to know if I can get the linker to just omit them...

sarahjamielewis, 7 months ago to random

The only person who can "protect encryption" is you.

No government, nor regulatory body, nor judiciary is going to demand that you have easy access to mathematical constructs.

They may even force some entities to only provided weak approximations.

But the math exists regardless.

At some point, at some time, the fight against encryption becomes a fight against speech, and knowledge, itself.

And like those fundamental rights, the only way to protect them, is to exercise them, continuously.

sarahjamielewis, 7 months ago to random

Today, finally, all those media articles about me being a "Canadian" researcher are finally correct! 🇨🇦

sarahjamielewis, 1 month ago to random

A topic I would love to read a deep analysis on is how certain actions e.g. blocking, moderation/filtering, "self-deleting" messages etc. transform from passive server-side actions to client active actions in decentralized systems and if/how that breaks down against existing ingrained metaphors and expectations.

sarahjamielewis, 5 months ago to random

There was a time in the early 2000s when Firefox triggered a browser renascence and there was a lot of excitement about what a "browser" could be...feeds, blogging integration, collective tagging, open comments....

The original spirit that the web should be as writable as it was readable, extended to shareable.

And in some way, shaped by economics and technology, we got an approximation of that vision..shrinkwraped and sanitized.

sarahjamielewis, 5 months ago to random

My "Year of Focus" is coming to close. Overall I am very happy with how this year went.

My intent was to drill down on the projects that mattered most, and give them my attention.

And to that end I:

• shipped Cwtch stable (which is a small way of summing up months of features, testing, and documentation)
• founded Blodeuwedd Labs (security consulting) and already had the opportunity to work on some amazing projects there.
• finally became a Canadian citizen

Among many other small victories.

sarahjamielewis, 9 months ago to random

8 months into my time tracking experiment this year. Some additional observations:

1. My intuition of how much time I'm spending on each project lines up pretty well with the data.

2. My ability to work on something for long stretches is completely uncorrelated with the actual work. Context switches have outsized impact.

3. Feeling much better about the mapping of engaged work time to wall-clock work time.

4. Finding the second-derivative (change in offset-from-ideal) more helpful as metric.

sarahjamielewis, 19 days ago to random

The more I think about search engines and compiling and weighting corpora, the more inclined I am to implement hard signal-filters i.e. assume all documents are spam to start with and only accept a document into the corpus if it can be shown to be unspam-like.

sarahjamielewis, 1 year ago to random

Kinda sad that the only software that still compiles without issue if I leave it alone for more than 6 months is the stuff written in C a decade+ ago.

sarahjamielewis, 7 months ago to random

I can only back this up with vibes and anecdotes at the moment, but getting a sense that much of the discussion and info sharing that used to happen in public/semi-public spaces a few years ago has now shifted almost entirely to private channels.

The types of stories I used to read news articles about only a few years ago, I now only really hear about through the grapevine.

sarahjamielewis, 9 months ago to random

Integrated some fancy local llm magic into my custom IDE project and now I can request arbitrary code reviews.

Sometimes the reviews are not great, but they also don't tend to be terribly off base (and occasionally point towards an actual issue).

And this is without many of the techniques to squeeze even greater performance / context awareness (I am really interested in playing around with some ast-aware / grammar-driven sampling)

sarahjamielewis, 10 months ago to random

There is an 11 gigabyte blob of data on my computer that when prompted with certain tasks will complain about violating intellectual property unless I change the prompt to specify that it has a personality at which point it will happily comply.

sarahjamielewis, 13 days ago to random

For all the discussion of "prompt engineering" and "finetuning", I think the most interesting biasing structure for modern AI that has flown somewhat under the mainstream discussion is the ability to directly constrain the output space through e.g. grammars for llms and control nets for image generation.

It's weird to see people deploy the raw output of large scale generative statistical models when there are pretty powerful tools just sitting there that allow more finegrained application.

sarahjamielewis, 7 months ago to random

Feels like every single time I read about the EU it's about a proposed legislation that will end all security on the internet, and it's somehow always a different piece of legislation each time.

At some point, you have to stop caring about individual laws and articles, and focus on the system that seems determined to deprive you of fundamental rights and freedoms.

sarahjamielewis, 1 month ago to random

For a while now I've been thinking about where microblogging/blogging fits in my life.

After various experiments over the years, I settled on going back to writing my website in a text editor, without regard for consistency or categories.

But inspired by @molly0xfff Activity feed, I spent this evening implementing one for my own personal site: https://sarahjamielewis.com/feed.html

A place for me to microblog, collect thoughts, post links, document updates, new papers etc. all in one place.

sarahjamielewis, 22 days ago to random

While understanding that not everyone has the kind of freedom that permits control over the systems they use...if you do have such freedom I encourage you to take advantage of it.

The most powerful thing about free and open source software is the ability to take it apart, understand how a piece of it works, and adapt it for your own purposes.

Don't like how something works? Rip it out. Share the modified version with the world.

Your systems don't need to be subject to the whims of others.

sarahjamielewis, 21 days ago to random

After not finding the graph software I really wanted I decided to take the jump and start writing my own.

Pretty happy with this initial mvp, can load graphs from a directory made up of linked md files, add new nodes, move them around, and add new edges.

Decided to get what I really wanted would mean writing the UI stack from scratch, so most of my initial effort has gone into getting some basic widgets together.

Next step is to get a feel for how I want to specify edge types, and editing.

A video of the graph editing/maintenance software. Initially 2 nodes are visible, connected by a single edge. Using a form at the bottom of the app, 2 new nodes are added. The gif then proceeds to demonstrate moving these nodes around, and creating new edges between the nodes.