The Varieties of Intimate Relationship

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Diagram dividing varieties of intimiate relationships into monogamy, polyamory, celebacy, and a few things in-between.

A slightly tongue-in-cheek (see the “serial monogamy” chain and some of the subtitles!) but moderately-complete diagram of popular varieties of relationship structure. Obviously there’s gaps – relationships are as diverse as their participants – and lots of room for refinement, but the joy of an infographic is making visible the breadth of a field, not in providing encyclopaedic comprehension of that field. I especially like the attention to detail in “connecting” often-related concepts.

Basilisk collection

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Basilisk collection

The basilisk collection (also known as the basilisk file or basilisk.txt) is a collection of over 125 million partial hash inversions of the SHA-256 cryptographic hash function. Assuming state-of-the art methods were used to compute the inversions, the entries in the collection collectively represent a proof-of-work far exceeding the computational capacity of the human race.[1][2] The collection was released in parts through BitTorrent beginning in June 2018, although it was not widely reported or discussed until early 2019.[3] On August 4th, 2019 the complete collection of 125,552,089 known hash inversions was compiled and published by CryTor, the cybersecurity lab of the University of Toronto.[4]

The existence of the basilisk collection has had wide reaching consequences in the field of cryptography, and has been blamed for catalyzing the January 2019 Bitcoin crash.[2][5][6]

Electronic Frontier Foundation cryptographer Brian Landlaw has said that “whoever made the basilisk is 30 years ahead of the NSA, and the NSA are 30 years ahead of us, so who is there left to trust?”[35]

This is fucking amazing, on a par with e.g. First on the Moon.

Presented in the style of an alternate-reality Wikipedia article, this piece of what the author calls “unfiction” describes the narratively believable-but-spooky (if theoretically unlikely from a technical standpoint) 2018 disclosure of evidence for a new presumed mathematical weakness in the SHA-2 hash function set. (And if that doesn’t sound like a good premise for a story to you, I don’t know what’s wrong with you! 😂)

Cryptographic weaknesses that make feasible attacks on hashing algorithms are a demonstrably real thing. But even with the benefit of the known vulnerabilities in SHA-2 (meet-in-the-middle attacks that involve up-to-halving the search space by solving from “both ends”, plus deterministic weaknesses that make it easier to find two inputs that produce the same hash so long as you choose the inputs carefully) the “article” correctly states that to produce a long list of hash inversions of the kinds described, that follow a predictable sequence, might be expected to require more computer processing power than humans have ever applied to any problem, ever.

As a piece of alternate history science fiction, this piece not only provides a technically-accurate explanation of its premises… it also does a good job of speculating what the impact on the world would have been of such an event. But my single favourite part of the piece is that it includes what superficially look like genuine examples of what a hypothetical basilisk.txt would contain. To do this, the author wrote a brute force hash finder and ran it for over a year. That’s some serious dedication. For those that were fooled by this seemingly-convincing evidence of the realism of the piece, here’s the actual results of the hash alongside the claimed ones (let this be a reminder to you that it’s not sufficient to skim-read your hash comparisons, people!):

basilisk:0000000000:ds26ovbJzDwkVWia1tINLJZ2WXEHBvItMZRxHmYhlQd0spuvPXb6cYFJorDKkqlA

claimed: 00000000000161b9f84a187cc21b1752bf678bdd4d643c17b3b786684d8e9f17
 actual: 0000000000000000000000161b9f84a187cc21b172bf68b3cb3b78684d8e9f17

basilisk:0000000001:dMHUhnoEkmLv8TSE1lnJ7nVIYM8FLYBRtzTiJCM8ziijpTj95MPptu6psZZyLBVA

claimed: 0000000000000000000000cee5fe5df2d3034fff435bb40e8651a18d69e81460
 actual: 0000000000cee5fe5df2d3034fff435bb4232f21c2efce0e8651a18d69e81460

basilisk:0000000002:aSCZwTSmH9ZtqB5gQ27mcGuKIXrghtYIoMp6aKCLvxhlf1FC5D1sZSi2SjwU9EqK

claimed: 000000000000000000000012aabd8d935757db173d5b3e7ae0f25ea4eb775402
 actual: 000000000012aabd8d935757db173d5b3ec6d38330926f7ae0f25ea4eb775402

basilisk:0000000003:oeocInD9uFwIO2x5u9myS4MKQbFW8Vl1IyqmUXHV3jVen6XCoVtuMbuB1bSDyOvE

claimed: 000000000000000000000039d50bb560770d051a3f5a2fe340c99f81e18129d1
 actual: 000000000039d50bb560770d051a3f5a2ffa2281ac3287e340c99f81e18129d1

basilisk:0000000004:m0EyKprlUmDaW9xvPgYMz2pziEUJEzuy6vsSTlMZO7lVVOYlJgJTcEvh5QVJUVnh

claimed: 00000000000000000000002ca8fc4b6396dd5b5bcf5fa80ea49967da55a8668b
 actual: 00000000002ca8fc4b6396dd5b5bcf5fa82a867d17ebc40ea49967da55a8668b

Anyway: the whole thing is amazing and you should go read it.

Review for ProtonMail Encryption Status by Morgan Larosa

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

⭐⭐⭐⭐⭐
Does what it says on the tin! Short and sweet codebase that’s easy enough to verify personally, and doesn’t ask for any crazy permissions.

I probably needn’t care about this validation: when I wrote a Thunderbird plugin to enhance integration with ProtonMail, I wrote it principally for myself: scratching my own itch. It was nice to see that (at time of writing) a few hundred other people have made use of the extension too, but it wasn’t essential. I’d be maintaining it regardless because I use it every day.

But it still warmed my heart to see a five-star review come in alongside a clearly-expressed justification.

Coca-Cola company trials first paper bottle

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

image captionThis image from Coca-Cola's filling line gives a clear view of the plastic cap still in use

Coca-Cola is to test a paper bottle as part of a longer-term bid to eliminate plastic from its packaging entirely.

The prototype is made by a Danish company from an extra-strong paper shell that still contains a thin plastic liner.

But the goal is to create a 100% recyclable, plastic-free bottle capable of preventing gas escaping from carbonated drinks.

The barrier must also ensure no fibres flake off into the liquid.

If only somebody could invent a bottle suitable for containing Coca-Cola but 100% recyclable, plastic-free, and food safe.

Oh wait… for the vast majority of its history, all Coca-Cola bottles have met this description! The original Coke bottles, back in 1899, were made of glass with a metal top. Glass is infinitely-recyclable (it’s also suitable for pressure-washing and reusing, saving even more energy, as those who receive doorstep milk deliveries already know) and we already have a recycling infrastructure for it in place. Even where new glass needs to be made from scratch, its raw ingredient is silica, one of the most abundant natural resources on the planet!

Bottle caps can be made of steel or aluminium and can be made in screw-off varieties in case you don’t have a bottle opener handy. Both steel and aluminium are highly-recyclable, and again with infrastructure already widespread. Many modern “metal” caps contain a plastic liner to ensure a good airtight fit (especially if it’s a screw cap, which are otherwise less-tight), but there are environmentally-friendly alternatives: bioplastics or cork, for example.

The worst things about glass are its fragility – which is a small price to pay – and its weight (making distribution more expensive and potentially more-polluting). But that latter can easily be overcome by distributing bottling: a network of bottling plants around the country (each bottling a variety of products, and probably locally-connected to reclamation and recycling schemes) would allow fluids to be transported in bulk – potentially even in concentrate form, further improving transport efficiency… and that’s if it isn’t just more ecologically-sound to produce Coke more-locally rather than transporting it over vast distances: it’s not like the recipe is particularly complicated.

In short: this is the stupidest environmental initiative I’ve seen yet this year.

Octave Compass

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Octave Compass showing the scale and chords of D Major

This is cool. Twist the outside dial to transpose the tonal centre of your key. Twist the inner dial to shift the mode of the scale. Turn on- or off- individual tones to shift into more-exotic modes. Use triangles to illustrate the triads of your major, minor, and sustained chords, or add the sixth or seventh with the help of a trapezoid.

The amateur music theorist in me continually struggles to visualise what and why a key is what it is. This kind of thing helps. Plus, what a cool software toy!

Loremen Podcast Simulator

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

This folktale comes from The Big Book of Myths of Shropshire by Sir Colin Ogden. In 1701, a big cat died of “collick”, contracted from a dead fish.

This folktale is spoken of in North Yorkshire. In 1520, a witch named Nana Clayton received a bejewelled stool, said to have the power to see right from wrong, from a virgin in the inn, The Five Horses.

I might start using this widget to generate random background detail for fantasy roleplaying games.

Michael’s other experiments are pretty fun, too.

Stumbling

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

I’ve been changing my relationship to being online.

Some of it is keeping in touch with friends who are fascinated by the same sorts of hybrid creations I am. Friends who build things. Friends in different professional communities. Paying attention when they mention some new discovery or avenue of interest.

Some of it is using an RSS reader to change the cadence and depth of my consumption—pulling away from the quick-hit likes of social media in favor of a space where I can run my thoughts to their logical conclusion (and then sit on them long enough to consider whether or not they’re true).

I wish I could get more people to see the value in the “slow Web”. The participatory Web. The creative Web. The personalised Web.

When you use an app to browse a “stream” in most social media, you’re seeing a list of posts curated to keep you watching, keep you seeing adverts, keep you on the app so that as much personal data as possible can be leeched from your behaviour. If it feels satisfying and especially if it feels addictive, the social network has done its job, but don’t be fooled: its job is not to improve social connections – it’s job is to keep you from doing anything else.

You don’t have to use the Web this way. You can subscribe to the content creators and topics that actually interest you. You can get that content on basically any device or medium you like, or across a mixture: want notifications by email? Slack? IRC? Discord? In a browser? In an app? As-it-happens or digests? You can filter for what interests you most at any given moment, save content for later, and resharing is supported thanks  to an old-school invention called a “URL“. And you’ll see fewer ads and experience less misuse of your behavioural data.

Sure, there’s a learning curve. But it’s worth it. I wish I could get more people to see that.

I’m happy to see that Lucy Belwood does.

Story Time

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

First frame of "Story Time" comic from Channelate. An old man sits in an armchair and talks to two small children sitting on the floor in front of him. The old man says "I ever tel you squirts about the year 2020?"

When this comic (go read the full thing) came out at the tail end of last year, I thought to myself: yeah, that’s about right. I’m resharing that on my birthday in a week or so.

‘Cos I’m forty today, and I sort of had a half-baked dream that I’d throw some kind of big party and get people together. My surprise party for my thirtieth birthday party was an excellent (and much-needed) bash, and I guess I’d thought I’d try to replicate the feel of that, but a decade on (and not a surprise party… although in the end the last one wasn’t either).

But 2020’s the year that keeps on giving, so I’m postponing my party plans to… “some other time”. And so this comic really spoke to me.

Having Kids In Our Poly Triad by Sara Valta

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Having Kids In Our Poly Triad by Sara Valta title showing picture of two men and a woman hugging the outline of a baby

Sara’s back! You might remember a couple of years ago she’d shared with us a comic on her first year in a polyamory! We’re happy to have her back with a slice of life and a frank n’ real conversation about having kids in her Poly Triad relationship.

This sort of wholesome loving chat is just the thing we need for the start of 2021.

Start your year with a delightful comic about the author negotiating possible future children in a queer polyamorous triad, published via Oh Joy Sex Toy. Sara previously published a great polyamory-themed comic via OJST too, which is also worth a look.

Banners Begone!

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

It’s a clicker quest of purging banners from your homepage!

Push through dozens of banners and upgrade various web-tools to grow your ad-blocking power.
Hone your clicking skills – matters are in your own fingers hands!

There’s no time for idling, show these ads their place!

I quite enjoyed this progressive game: it’s a little bit different than most, the theming is fun, it lends itself to multiple strategies, and it’s not geared towards making you wait for longer and longer intervals (as is common in this genre): there’s always something you can be doing to get closer to your goal.

You’ll need a mouse with left and right buttons.

Why children stay silent following sexual violence

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

I’ve been thinking a lot lately about the messages we send to our children about their role, and ours as adults, in keeping them safe from people who might victimise them. As a society, our message has changed over the decades: others of my culture and generation will, like me, have seen the gradual evolution from “stranger danger” to “my body, my choice”. And it’s still evolving.

But as Kristin eloquently (and emotionally: I cried my eyes out!) explains, messages like these can subconsciously teach children that they alone are responsible for keeping themselves from harm. And so when some of them inevitably fail, the shame of their victimisation – often already taboo – can be magnified by the guilt of their inability to prevent it. And as anybody who’s been a parent or, indeed, a child knows that children aren’t inclined to talk about the things they feel guilty about.

And in the arms race of child exploitation, abusers will take advantage of that.

What I was hoping was to have a nice, concrete answer – or at least an opinion – to the question: how should we talk to children about their safety in a way that both tries to keep them safe but ensures that they understand that they’re not to blame if they are victimised? This video doesn’t provide anything like that. Possibly there aren’t easy answers. As humans, as parents, and as a society, we’re still learning.

Further watching, if you’ve the stomach for it: this Sexplanations episode with Dr. Lindsey Doe and Detective Katie Petersen.

The Longest Limebike ride in history

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Having Boris-biked from Brixton to Brighton, it seemed only right to give Limebikes the same treatment. I started looking for places with Lime in the name and quickly found a route from Dorset to Edinburgh, which would run from Lyme Regis to Limekilns by Limebike.

The catch was that it was 550 miles, it would take (at best) 6 days to get there and back, and Limebikes were charged at 15p per minute. A quick bit of maths showed that this would likely cost £1296 – EACH -so it was crucial to get the company on board.

It’s also worth mentioning again that they are E-bikes, designed to give you a boost when pedalling away from traffic lights and, in the words of the companies CEO, ‘Be difficult to throw up a tree’.

This meant two things:

  1. There is a battery with a range of about 40 miles and that battery would definitely run out long before we reached Scotland.
  2. The bikes are HEAVY, 35kg to be precise.

So it might seem easy to ride a power assisted bike the length of the country, but it was sounding harder by the minute.

I’ve been helping Ruth‘s brother Robin (of Challenge Robin 1 & 2 and Thames Path walk fame, among many, many, many, other things) to launch himself a new blog, expanding on the ideas of 52 Reflect (his previous site, most-recently mentioned when I joined him in a midwinter mountaineering expedition the winter before last) to create a site all about his many varied and amazing adventures. If you like to see one man do bloody stupid things in an effort to push himself to his physical limits, explore the world, and see amazing places… go take a sneak peek at his new, under construction and changing every day, site: The Improbable Blog.

Oh, and there’s gonna be a podcast too, for those of you into such things.

Standing up for developers: youtube-dl is back

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Today we reinstated youtube-dl, a popular project on GitHub, after we received additional information about the project that enabled us to reverse a Digital Millennium Copyright Act (DMCA) takedown.

This is a Big Deal. For two reasons:

Firstly, youtube-dl is a spectacularly useful project. I’ve used it for many years to help me archive my own content, to improve my access to content that’s freely available on the platform, and to help centralise (freely available) metadata to keep my subscriptions on video-sharing sites. Others have even more-important uses for the tool. I love youtube-dl, and I’d never considered the possibility that it could be used to circumvent digital restrictions (apparently it’s got some kind of geofence-evading features you can optionally enable, for people who don’t have a multi-endpoint VPN I guess?… I note that it definitely doesn’t break DRM…) until its GitHub repo got taken down the other week.

Which was a bleeding stupid thing to use a DMCA request on, because, y’know: Barbara Streisand Effect. Lampshading that a free, open-source tool could be used for people’s convenience is likely to increase awareness and adoption, not decrease it! Huge thanks to the EFF for stepping up and telling GitHub that they’d got it wrong (this letter is great reading, by the way).

But secondly, GitHub’s response is admirable and – assuming their honour their new stance – effective. They acknowledge their mistake, then go on to set out a new process by which they’ll review takedown requests. That new process includes technical and legal review, erring on the side of the developer rather than the claimant (i.e. “innocent until proven guilty”), multiparty negotiation, and limiting the scope of takedowns by allowing violators to export their non-infringing content after the fact.

I was concerned that the youtube-dl takedown might create a FOSS “chilling effect” on GitHub. It still might: in the light of it, I for one have started backing up my repositories and those of projects I care about to an different Git server! But with this response, I’d still be confident hosting the main copy of an open-source project on GitHub, even if that project was one which was at risk of being mistaken for copyright violation.

Note that the original claim came not from Google/YouTube as you might have expected (if you’ve just tuned in) but from the RIAA, based on the fact that youtube-dl could be used to download copyrighted music videos for enjoyment offline. If you’re reminded of Sony v. Universal City Studios (1984) – the case behind the “Betamax standard” – you’re not alone.

Why using Google VPN is a terrible idea

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

VPNs have long been essential online tools that provide security, freedom, and most importantly, privacy. Each day, hundreds of millions of internet users connect to a VPN to prevent their online activities from being tracked and monitored so that they can privately access web resources. In other words, the very purpose of a VPN is to prevent the type of surveillance that Google engages in on a massive and unprecedented scale.

Google knows this, and in their whitepaper discussing VPN by Google One, Google acknowledges that VPN usage is becoming mainstream and that “up to 25% of all internet users accessed a VPN within the last month of 2019.” Increasing VPN usage unfortunately poses a significant problem for Google, by making it more difficult to track users across the internet, mine their data, and target them with advertisements. In short, VPNs undermine Google’s power.

So yeah, it turns out that Google are launching a VPN service. I just checked, and it’s not available to me anyway because it’s US-only (apparently nobody explained to Google the irony of having a VPN service that’s geofenced), but that’s pretty academic because I wasn’t going to touch it with a barge pole in the first place.

Google One VPN announcement, featuring the words "US Only"
Is it 1 April already, Google?

Google already collect data on your browsing habits if you use their products. And I’m not just talking about Chrome, which of course continues to track you using your Google Account even after you log out and clear your cookies, and Google’s ubiquitous Web tools, but also the tracking pixels hidden on every other website thanks to Google Analytics, AdWords, reCAPTCHA, Google Fonts, and the like. Sure, you can use e.g. uMatrix to stop all of these (although I’m in need of a replacement), but that’s not a solution for, y’know, normal people. Container tabs help and you should absolutely use them, but they don’t quite go far enough. It’s a challenge.

Switch to their VPN, though, and they’re suddenly able to track all of your browsing activity, in any browser on your device. And probably many of the desktop applications you run, too, as most of them “phone home” for updates or functionality. And because it’s a paid-for VPN service, this data can be instantly linked to your real-world identity. By a company that’s demonstrated its willingness to misuse that data for their own benefit (or for the benefit of overreaching law enforcement agencies). Yeah: no deal, Google.

Perhaps the only company I’d trust less to provide a VPN service would be Facebook, because you just know they’d be doing so exclusively to undermine individual privacy. Oh wait; that’s exactly what they did. Sigh.

Thames Path 2

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

On our first day‘s walking along the Thames Path, Robin and I had trouble finding any evidence of water for some time. On our second day, we did not have this problem.

After weeks of sustained rain, the fields we walked over as we left Cricklade behind were extremely soggy. On our way out of town we passed Cricklade Millennium Wood, I took a picture for the purpose of mocking it for being very small but later discovered it’s too small to appear on Google Maps and became oddly defensive of it – it’s trying, damn it, we should at least acknowledge its existence.

Ruth and her brother Robin (of Challenge Robin/Challenge Robin II fame on this blog, among many other crazy adventures) have taken it upon themselves to walk the entirety of the Thames Path from the source of the river (or rather, one of the many symbolic sources) to the sea, over the course of a series of separate one-day walks. I’ve mostly been acting as backup-driver so far, but I might join them for a leg or two later on.

In any case, Ruth’s used it as a welcome excuse to dust off her blog and write about the experience, and it’s fun and delightful and you should follow along and give her a digital cheer. The first part is here; the second part landed yesterday.