This week's dispatches from the Ministry of Intrigue

Refreshments and Revolutionaries

                May 3, 2024

            This week's dispatches from the Ministry of Intrigue

            Hello, faithful reader.

            We published the following fresh dispatches this week:
Weeknotes for 2024-05-02
May 3, 2024, 11:49 a.m.
This week has been active on the blog, as I’ve been trying to include more links I find there, as opposed to simply sharing them on Mastodon. I’ve also had a hectic week at work, so I’m ending the week quite wiped.¹
This week:
Released version of 0.3.0 of django-markov, which adds the ability to add to an existing corpus without regenerating the Markov chain.
Released version 0.5.0/0.5.1 of django-quotes, which incorporates the changes from django-markov to get some performance gains when adding new quotes to an existing model.
Upgraded our daughter’s 3/4 size violin to a full size, and converted our rental to a purchase. She’s growing so fast!
For Explorers Wanted:
Updated the backend service for the quote bot in our EW Discord to the above releases.
Released episode 227, Refreshments and Revolutionaries.
The crew hits up a food cart with rare cuisine and Ezri meets with revolutionaries in the tunnels.
Watch on YouTube: Refreshments and Revolutionaries (Episode 227 Teaser)
Experienced some blissful joy by having finished the edit for this week’s episode six days early.
Started planning out our recording schedule for summer so that we can maintain a backlog of episodes for editing. We keep veering dangerously close to requiring a change in our release schedule in order to keep up. The two easiest solutions would be to keep the recording schedule the same but release episodes biweekly for a time, or to take a hiatus to build up a backlog. I am loath to do either, and so our focus for the moment is scheduling more make-up recordings.
Read Piranesi by Susanna Clarke, which I found lovely and sad in the best way.
Started watching Dead Boy Detectives on Netflix. I’m about three episodes in, and while I’m enjoying it, I can’t yet decide if it’s actually good.² I’m also unsure how the producers are going to reconcile it with season two of Sandman when it releases the Season of Mists arc, which is where the eponymous detectives have their origin in the comics.
Admired the blooms of our trees alongside honoring the never-ending sneezes of allergy season.
Our dogwood tree
Our redbud tree
Our cherry tree
And that’s it for this week!
This isn’t an encouraging state to be in, as I leave again for the Netherlands this Saturday, and I’m already dreading the jet lag induced sleep deprivation. 
I felt similarly about season two of Good Omens, which I’m happy I watched, but doubt I would revisit. Hopefully, that won’t be the case with this one. 

Quote: The Internet we live in vs. Visions for a better web
May 2, 2024, 12:39 p.m.
A twofer for you on the modern web.
The first paints a grim picture of what the Internet has become.¹
You want to watch the trailer for an upcoming movie on YouTube but you first have to sit through an ad. Then you sit through a preview for the trailer itself. Then you watch the trailer, which is literally another ad. When it ends, it cues up a new trailer, with a new ad at the start of it.
The first page of Google results are links to pages that have scraped other pages for information from other pages that have been scraped for information. All the sources seem to link back to one another. There is no origin. The photos on the page look weird. The hands are disfigured. There is no image credit.
Your coworker sends you a PowerPoint pack to support a presentation you are giving to the executive committee, but you can’t make heads or tails of it. You call them over Zoom and they tell you they used ChatGPT to write it. You point out that it is near-unreadable, and they ask what specifically is wrong with it. You mention that, for starters, there are too many words on each slide. They tell you they’ll take care of it. They send you a new pack within the hour saying they asked ChatGPT to remove 30% of the text. It makes even less sense. You tell them you’ll just rewrite it yourself.
— Gregory Bennett, Heat Death of the Internet
Then follow that up with this lovely and optimistic manifesto on how we can make a better web.
If we wanted, each of us could escape those walls and set up our own spaces within the limitless, fertile soil beyond. Some of us might opt to leave those walls permanently, while others might choose to split our time between our beautiful, messy, free world outside to maintain smaller, meticulously-groomed simulacrums within the enclosures that hint — without angering our landlords — at the creations beyond. We can periodically smuggle seeds and plant cuttings beyond the walls, ensuring that if the proprietors decide to evict us, our gardens will live on.
We can develop protocols — more resilient versions of those early footpaths — that inherently resist the tollbooths and border crossing gates established by the businesses with the walls. We can even develop our own community gardens with spaces for tenants that have their own models of governance far beyond the single benevolent platform dictatorship model — that inevitably grows less benevolent as money changes hands.
While some of the early gardens that we reminisce about didn’t survive the shade of the large platforms or the dwindling flow of visitors that were rerouted within those walls, new gardens can be cultivated to their specifications. People can experiment with combining the things they loved about the old gardens with the tools and models of the ones that have grown since then, or return to the spirit of experimentation and try new things altogether. They can draw on the population explosion within the digital expanse to bring in new people with new ideas and new energy to revitalize what once was, and make it better than before.
— Molly White, We can have a different web
Both of those pieces are outstanding, and I hope you read them both in their entirety.
No one likes to hear an “I told you so”, but I’d be remiss not to point out that as the “walled gardens” began their rise, many of us did warn the world that this was going to happen, including little old me. 

Maciej Pocwierz: Empty S3 bucket caused usage bill of over $1,300
May 1, 2024, 11:49 a.m.
A truly alarming tale where bad luck in choosing a bucket name resulted in a usage bill of over $1,300. All of it coming from unauthorized requests!
So, if I were to open my terminal now and type:
aws s3 cp ./file.txt s3://your-bucket-name/random_key
I would receive an AccessDenied error, but you would be the one to pay for that request. And I don’t even need an AWS account to do so.
Another question was bugging me: why was over half of my bill coming from the us-east-1 region? I didn’t have a single bucket there! The answer to that is that the S3 requests without a specified region default to us-east-1 and are redirected as needed. And the bucket’s owner pays extra for that redirected request.
— Maciej Pocwierz, How an empty S3 bucket can make your AWS bill explode
The cause turns out to be that the bucket name happened to overlap with an open source application’s default configuration. So every company or individual deploying that app without updating the settings would end up trying to send write updates to his bucket!
At that point, I had one more idea I wanted to explore. If all those misconfigured systems were attempting to back up their data into my S3 bucket, why not just let them do so? I opened my bucket for public writes and collected over 10GB of data within less than 30 seconds. Of course, I can’t disclose whose data it was. But it left me amazed at how an innocent configuration oversight could lead to a dangerous data leak!
Per Amazon’s Jeff Barr, AWS is working on a way to prevent these types of overages from unauthorized write requests:
Thank you to everyone who brought this article to our attention. We agree that customers should not have to pay for unauthorized requests that they did not initiate. We’ll have more to share on exactly how we’ll help prevent these charges shortly.
But in the meantime, anyone can DDoS your bill if they know the name of your S3 bucket!
Keep it secret. Keep it safe.

Misinformation as a symptom
April 30, 2024, 9 p.m.
Great piece from Manvir Singh in the New Yorker on how the causes and mechanics of misinformation are often misunderstood. In particular, it covers how the shared belief system that misinformation depends upon requires explicit participation by those that adopt it.
Findings like these require that we rethink what misinformation represents. As Dan Kahan, a legal scholar at Yale, notes, “Misinformation is not something that happens to the mass public but rather something that its members are complicit in producing.” That’s why thoughtful scholars—including the philosopher Daniel Williams and the experimental psychologist Sacha Altay—encourage us to see misinformation more as a symptom than as a disease. Unless we address issues of polarization and institutional trust, they say, we’ll make little headway against an endless supply of alluring fabrications.
From this perspective, railing against social media for manipulating our zombie minds is like cursing the wind for blowing down a house we’ve allowed to go to rack and ruin. It distracts us from our collective failures, from the conditions that degrade confidence and leave much of the citizenry feeling disempowered. By declaring that the problem consists of “irresponsible senders and gullible receivers,” in Thagard’s words, credulity theorists risk ignoring the social pathologies that cause people to become disenchanted and motivate them to rally around strange new creeds.
— Manvir Singh, Don’t Believe What They’re Telling You About Misinformation, The New Yorker
While Singh doesn’t mention it in the article, the piece reminded me most of Joseph Laycock’s Dangerous Games: What the Moral Panic over Role-Playing Games Says about Play, Religion, and Imagined Worlds. Laycock’s analysis of the moral panic and how shared realities are constructed in daily life, religion, role-playing games, and yes, even conspiracy theories, makes it an apt companion piece to this article.

Murky Consent: A legal framework for privacy
April 29, 2024, 12:40 p.m.
Daniel Solove has published a fascinating paper in the Boston University Law Review examining the current approaches in privacy laws in the U.S. and E.U. and makes a good case for the notion of “consent” being a key flaw in both frameworks. In particular, I appreciate his acknowledgement of how “express content” is often manipulated to create worse privacy protections than would otherwise exist, and the limitations of using contract law to solve for similar problems. The abstract is quoted below.
Consent plays a profound role in nearly all privacy laws. As Professor Heidi Hurd aptly said, consent works “moral magic”—it transforms things that would be illegal and immoral into lawful and legitimate activities. As to privacy, consent authorizes and legitimizes a wide range of data collection and processing.
There are generally two approaches to consent in privacy law. In the United States, the notice-and-choice approach predominates; organizations post a notice of their privacy practices and people are deemed to consent if they continue to do business with the organization or fail to opt out. In the European Union, the General Data Protection Regulation (GDPR) uses the express consent approach, where people must voluntarily and affirmatively consent.
Both approaches fail. The evidence of actual consent is non-existent under the notice-and-choice approach. Individuals are often pressured or manipulated, undermining the validity of their consent. The express consent approach also suffers from these problems people are ill-equipped to decide about their privacy, and even experts cannot fully understand what algorithms will do with personal data. Express consent also is highly impractical; it inundates individuals with consent requests from thousands of organizations. Express consent cannot scale.
In this Article, I contend that most of the time, privacy consent is fictitious. Privacy law should take a new approach to consent that I call “murky consent.” Traditionally, consent has been binary—an on/off switch—but murky consent exists in the shadowy middle ground between full consent and no consent. Murky consent embraces the fact that consent in privacy is largely a set of fictions and is at best highly dubious.
Because it conceptualizes consent as mostly fictional, murky consent recognizes its lack of legitimacy. To return to Hurd’s analogy, murky consent is consent without magic. Rather than provide extensive legitimacy and power, murky consent should authorize only a very restricted and weak license to use data. Murky consent should be subject to extensive regulatory oversight with an ever-present risk that it could be deemed invalid. Murky consent should rest on shaky ground. Because the law pretends people are consenting, the law’s goal should be to ensure that what people are consenting to is good. Doing so promotes the integrity of the fictions of consent. I propose four duties to achieve this end: (1) duty to obtain consent appropriately; (2) duty to avoid thwarting reasonable expectations; (3) duty of loyalty; and (4) duty to avoid unreasonable risk. The law can’t make the tale of privacy consent less fictional, but with these duties, the law can ensure the story ends well.
Now, as always, IANAL, but I believe the paper itself makes a compelling case, and I highly recommend you read the whole thing.
And that's it!

            Grave dust and falling leaves.

Don't miss what's next. Subscribe to Ministry of Intrigue: