As if the integration of a broken, backwards technology into the core of our computing systems happened by accident.
"No, you see the OS doesn't get to see those bits of the screen, so it totally makes sense why the system scraps your financial documents and passwords but not netflix" - utterly unhinged worldview
The boundaries could have been cut dozens of different ways, but they are where they are because of the compromises built into our systems.
And every paper cut compromise has led us to a place where modern Windows prevents you from taking a screenshot of Mickey Mouse while it happily subverts every other kind of process and workflow isolation.
At the end of the day, I'm the kind of person that compiles (and occasionally writes) my own kernels - this affects me to the extent that people and organizations I engage with use these awful machines - and I expect they will in droves.
I've long given up on the idea that any systems besides my own can be trusted to keep secrets - but I will keep trying to both build better ones, and encourage others to do the same.
The thing about chat control / upload filters / client side scanning, whatever it's being called now; They are responses to an old generation of technology - one of an internet governed by centralized corporations.
Anonymous, peer to peer, file sharing exists. No centralized place to subvert - except the software running locally. Imperfect now, but intrinsically extant.
What proponents of these laws really want is to roll back the clock; something that is, fundamentally, not possible.
@sarahjamielewis Nazis are unserious people doing very serious things: they can and will outlaw basic human activities in order to exert violent nonsensical control over everyone else. It's exhausting but they need constant opposition. Even Holocaust victims talked about how ridiculous Nazis were -- Nazi itself is a shortening of "Nationalsozialistische" that happens to be a colloquial and derogatory word referring to an awkward, backward, and clumsy peasant. They were mocked from the start.
For all the discussion of "prompt engineering" and "finetuning", I think the most interesting biasing structure for modern AI that has flown somewhat under the mainstream discussion is the ability to directly constrain the output space through e.g. grammars for llms and control nets for image generation.
It's weird to see people deploy the raw output of large scale generative statistical models when there are pretty powerful tools just sitting there that allow more finegrained application.
It's frustrating the see 99.9% of the AI discussion being driven by chat interfaces and third party APIs.
That is really not where these tools are most interesting/useful - you really want them in tight, local, feedback loops, different aspects broken out into discrete workflows, constrained output spaces, and with the interface driven and mediated by the application at hand.
And I don't think it does any side any favours to fixate so strongly on the magic textfield that hallucinates wildly.
New Paper: On the application of Bloom Filter Hierarchies representing
Sub-word Token Bigram Occurrence to Probabilistic Full Text Search
This is a note regarding a prototype I've been working on for a few months in the domain of Decentralized Search (and Indexing)
It covers a data structure with interesting properties that I've been playing with, and documents some experiments regarding naive full text search performance.
The more I think about search engines and compiling and weighting corpora, the more inclined I am to implement hard signal-filters i.e. assume all documents are spam to start with and only accept a document into the corpus if it can be shown to be unspam-like.
The concept of a spam filter is one from a more innocent age where even if spam was a majority of documents, it could still be identified and dropped.
I'm not sure it's possible to really identify spam anymore. Even previously well-trusted news publishers are playing games with thinly veiled advertorials / scientific journals are full of generative spam etc.
"Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."
The computer, however, will stop you from recording DRM'd content.
Find it fascinating that when faced with drawing safety and security boundaries, the primary beneficiary is not the owner of the device, or the person using it, but random corporations who control the intellectual property rights.
I find it equally fascinating that in order to get anywhere near an integrated computing experience in 2024 we apparently need constant recording and transformer models.
No structured file systems, no permission models, no shared stores, no capabilities - just firehose the display output and hope for the best.
@sarahjamielewis it's infuriating to me that every operating system is full of APIs for rendering text to the screen, only for us to take pictures of that text and scrape it back out with OCR.
After not finding the graph software I really wanted I decided to take the jump and start writing my own.
Pretty happy with this initial mvp, can load graphs from a directory made up of linked md files, add new nodes, move them around, and add new edges.
Decided to get what I really wanted would mean writing the UI stack from scratch, so most of my initial effort has gone into getting some basic widgets together.
Next step is to get a feel for how I want to specify edge types, and editing.
While understanding that not everyone has the kind of freedom that permits control over the systems they use...if you do have such freedom I encourage you to take advantage of it.
The most powerful thing about free and open source software is the ability to take it apart, understand how a piece of it works, and adapt it for your own purposes.
Don't like how something works? Rip it out. Share the modified version with the world.
Your systems don't need to be subject to the whims of others.
I am a terrible person to ask about getting into linux or what distros are the easiest to use - I don't think I've properly used a Windows for nearly a decade.
I compile my own kernels - sometimes for fun; my window manager has custom key bindings; I'm spending my Friday evening implementing better line drawing algorithms for a custom UI framework I'm writing for some project.
But if you do make the jump, and stumble upon a gnarly scenario and have questions - I'm happy to try and answer them.
Getting to the root of it, I think the thing I miss the most about the old internet was the unstated assumption that the people on the other end of the wire were...people who shared similar interests and just wanted to connect.
I think of all the friends I made, the experiences I had that branched from IRC channels / forums / and even twitter in the later days.
Now the main question I find myself asking of anything that comes across my screen is "what is this trying to sell me?"
I explicitly want a tool to help me visually modify nodes and edges in a reasonably sized graph.
The modification bit is really key, as it the ability to maintain multiple distinct edges between two nodes.
I want to steer way from diagramming tools because in my experience they don't scale. And I'm not really interested in visualization tools as I already have a workflow for that.
Lately I've been engaging in low-frequency, in-depth, long form email exchanges with a few people regarding our shared research interests.
Most of these happened organically, but I've got so much joy and utility out of them that I would like to extend an invitation to anyone who would like the same:
If we share research topics (privacy/security/decentralization/search/e-voting etc.) and you would like to send/receive long detailed emails about problems/ideas on your mind then please reach out.
Specifically: "The server is “untrusted” in the sense [it] learn[s] nothing about users & messages besides what is inherently observable from its pattern of requests, and it should not have access to sensitive metadata, or sender or receiver information"
Seems like a very weak definition of "untrusted", especially when two comparison techniques explicitly attempt to restrict knowledge derived from access patterns.
@sarahjamielewis Thanks for your comments, this is exactly the kind of feedback we’re hoping for with this post.
The language of "untrusted" is perhaps clumsy- we’re trying to describe a server that could potentially be deployed in a cloud environment, but it’s true it’s still privileged compared to a given internet user. And the attack scenario you raise is valid: obfuscating access patterns and detecting active attacks and dishonest servers are open problems.
@sarahjamielewis As far as we know, PIR and OMR don’t address our use-case (eg, whether the OMR detector can identify returning users based on their detection key), but we’re open to feedback.
Mind if we open a GitHub ticket summarizing these concerns, particularly the server attack scenarios, and if so would you like to be attributed? Also, if you’re open to being in touch, we’d be glad to do so on any platform you prefer.