Schrödinger's Cloud
Raining on your parade
Microsoft’s recent Exchange Server vulnerability makes SolarWinds look small by comparison. The kitchen-sink email/calendar/task server gets unthinkingly plunked into every organization on the planet of a certain size, barring somebody’s conviction to do something saner. I saw a remark the other day on the order of “if you got hit with this, that is your signal that you shouldn’t run on-premises infrastructure”, which I suppose is proximately right, but not an especially nuanced take. And then there was that cloud surveillance camera company Verkada that recently got owned by hacktivists, and it turns out even their interns had full access to all the customer camera feeds. (Oh, and doing facial recognition despite insisting they weren’t.) In the bonus round, an OVH cloud hosting data centre in Paris burned to the ground, and Substack took a decisive step toward milkshake duck territory.
What’s the lesson here? I’m gonna say something like, you may not be able to trust yourself, but you can’t trust The Cloud™ either.
Products like Exchange that you run on your own hardware are basically managed services that you manage. With a product that sprawling you’ll never be able to take an inventory of how big its attack surface is. You’re actually better off paying somebody else to keep on top of it. Cloud providers are generally better resourced and incentivized to make their offerings safer—until they aren’t.
This brings me to Verkada, which is remarkable (in that we will be seeing more of this kind of thing) because it was (putatively) hacked by activists endeavouring to expose a breach of trust on the part of their customers. What these vendors do with their customers’ data (to say nothing of non-paying users who often have little choice but to deal with these entities for one reason or another) will always be a question mark, and we should always assume the worst unless we have reasonable assurances (and remedies!) otherwise.
More subtle is Substack itself, who has begun doling out fat stacks of cash to a curated list of authors, who happen to intersect with the more edgelord-y subset of the punditocracy. Some people have responded by promptly vacating, and that costs you something to do. I don’t have much to say at this time about the content of this debate, or my own plans to respond, except to note that I don’t have a heck of a lot invested in this platform, and that is by design.
I’m not a luddite or a digital solipsist, my question is more like what would it cost you if this vendor failed you? whether they simply fail to protect you, or outright betray you? What does it cost you to get out of the relationship when your interests, uh, diverge? Or, for the really important stuff, what does it cost to do it yourself?
Another question is something like, what is the absolute minimum footprint of knowledge that you absolutely need to know in order to competently evaluate products and services in the twenty-first century? Because this stuff isn’t going anywhere.
“It’s Toasted”
Recent events that reminded me of other recent and not-so-recent events:
That AI oil painting style transfer thing that keeps (again? another? still?) making everybody white
That story about mechanical turks being coerced into making biased classifications on training sets or lose their turk jobs
NFT hype and concomitant blowback
Jaron Lanier many years ago—probably circa You Are Not a Gadget—made a remark about how the people with the biggest computers are going to have the most power, and at the time I thought: why does it matter? Outside of cracking encryption—which isn’t going to budge until well into the quantum era—or scientific/engineering (read: oil/mining) applications, there’s really only so much out there to compute. I mean, obviously you need servers for running services, but we used to pride ourselves on how many users we could support on how little hardware. EC2 was a relatively new thing at the time, and there were a number of conspicuous on-demand applications for it, like 3D rendering, simulations, and video encoding. Nevertheless I would still describe this as “the ordinary amount of computing”. Then two things rose to prominence that blew this baseline away:
Machine learning,
Cryptocurrency.
In other words, the people with the big computers found something to compute. Besides selling their surplus to others at a considerable markup, of course.
I’ve been thinking about this state of affairs in juxtaposition to the Semantic Web, which you can actually get pretty far with on hardware you might find in the garbage. GPT-3, by contrast, cost something like 4.6 million dollars to train. And that doesn’t even count whatever it costs to get the data✱ to train the model with.
✱ GPT-3 itself was trained using the Common Crawl corpus, so OpenAI wouldn’t have had to pay for it. Those millions are just to crunch the model. But other models, say over at Facebook, may very well be training on data that is basically priceless.
In a way this situation reminds me of the story of how Duke (as in University) licensed the first cigarette-rolling machine (from an inventor named Bonsack), which increased production by two orders of magnitude. That is, cigarette marketing got so aggressive because 130 years ago the machines were so efficient, they initially made way more cigarettes than could be sold before they went stale. Hype a technology that requires more compute than one ever needs at once for the ordinary amount of computing, including yourself. Get everybody else sharecropping to subsidize your hardware (plus stupendous profits), and maintain your techno-political supremacy.
Consider an artist who regularly spends hundreds of dollars on AWS to train GAN models, and that’s when his own insanely expensive hardware isn’t up to the task.
The philosophical underpinning of artificial intelligence lies in the concept of the social role of the computer in society: What are they for? Are they a tool, or are they a slave? The distinction lies in who is responsible for a disfavourable outcome: slaves can be blamed and punished, even if it only amounts to catharsis on the part of the one doing the punishing; if you screw up using a tool, you have nobody to blame but yourself.
Statistical methods of computing certainly feel like an agent, are regularly deployed in (often female-presenting) agent-like entities, and sanitize the master-servant relationship by making the latter into a machine—no humans were harmed, et cetera. And, by their statistical nature, they sometimes get things comically, tragically, or spectacularly wrong. They do two things: they stand in as scapegoats—when the real culprit is the puppetmaster—and they mask real harms to real people. In that way, artificial intelligence, as deployed, is a form of attention arbitrage. The example above is particularly notable because real people are being coerced, at least within the context, into producing garbage inputs to feed a system that will undoubtedly turn them into garbage outcomes for whoever is on the receiving end.
Cryptocurrency is a little different: Bitcoin and many others are mined on single-purpose, application-specific ICs, so a lot of mining operations are going to be sketchy fire-code-ignoring popups that don’t do much else. But, I was thinking: how much of the total cost of a mining operation is actual silicon? There’s the building, power, network, storage array, HVAC, security, and such to also consider. When cryptocurrency mining finally becomes unprofitable, what would it take to retool the operation as an AI-training farm?
The other thing about cryptocurrency is that the nominal prerequisite for getting into it is some money, and a desire for more. Granted, just mining it is pretty much sewn up at this juncture, so you would also now need a modicum of technical—and marketing—cleverness to do something disruptive in the space. You know, something like NFTs (which admittedly had been incubating for a few years).
There is an argument floating around that cryptocurrency is a right-wing, techno-libertarian political influence project. There may indeed be right-wing proponents, but to squint at it, I don’t think it’s libertarian at all. At the outer scale, it’s manifestly authoritarian high-modernist system-building. If anything it’s more of an usurpation of power than a diffusion or democratization of it. Cryptocurrency looked favela chic for a hot minute, but both it and machine learning are unambiguously gothic high-tech.
The term authoritarian high modernist is from James C. Scott’s Seeing Like a State; gothic high-tech and favela chic are Sterlingisms.
So you have two phenomena, one top-down, and the other initially bottom-up until it caught the attention of the top and is now also top-down, that are defining the contours of the direction computing is headed (again). Two sinks for way more computing than “the ordinary amount of computing”. And it literally reduces to the scheming and/or caprice of rentier landlords, just like it always has.
I finally made a new homepage, because…
…I’m thinking of going in-house. The gist is, I have two major self-initiated projects on the go, one of which is not directly productizable (although it is service-izeable) and the other one is of such a nature that it will take years to realize. The kind of work I do has in-sane transaction costs attached to it—mainly denominated in hours—in the best of (non-pandemic) times, and I am hedging that it will be easier to sell my skills as an FTE. Those two projects can then plod along on evenings and weekends, ’cause they’re not going to go much faster than that anyway.
The two projects are, if you care:
A breadboard slash Swiss Army knife of sorts for processes and structures I would eventually like to see integrated into Web content management systems; notwithstanding that, tools I or potentially others could use in content strategy and information architecture gigs. I have been piecing this one together for years, and I do not have grand ambitions for turning into a mass-market product, but I do see maturing it from Swiss Army knife to surgeon’s scalpel.
Theory and methodology around problem-solving and resource management under uncertainty, culminating in, surprise, more tools. This has a bit more potential as a product, but I am currently going through an extremely tedious and unsexy phase of development (read: yak-shaving), where I wouldn’t have anything interesting to show anybody for a while, even if I was fully funded and working on it full-time.
For funsies I applied for a job
That was a bit of a trip. The company used Indeed to post the advertisement, and doesn’t disclose any direct contacts on their website. I do not love “to whom it may concern” overtures; indeed Indeed (ha) made it difficult to do much else. I also hope they conveyed my drop-dead gorgeous one-page, two-column PDF résumé✱ intact, because they helpfully mangled the everloving shit out of it on the back end. Hey yo Indeed, if that is indeed your real name, I could write you a better résumé parser, because that is legit something I know how to do.
✱ I replicated the sexy-ass résumé I did in InDesign like 13 years ago down to the millimetre using LaTeX, a fact I am actually rather proud of.
So, Indeed actually makes it relatively easy to apply for a job without forcing you through any annoying onboarding bullshit first—copious confirmation emails notwithstanding—but once you’ve done that dumps you straight into a “wizard” to edit your résumé, which it has unceremoniously bucked up into indiscriminate sections like a Peking duck. There, you only have the option of accepting the contents and going “next”, or cancelling, or setting aside your next hour to clean up the mess. It’s not clear if that is what got sent to your prospective employer, what happens if you quit at this juncture, and it’s also kinda on the DL that once accepted, your résumé is public for all to see. Oh, and just before you complete the application you’re hit with a few one-more-thing questions from the prospect:
All in all, it wasn’t a terrifically dignified experience. Moreover, I’m not especially a fan of the “Alice forces Bob to enter into a relationship with Charlie before she will deal” scenario. But seriously, Indeed, you’ve got my number, HMU if you want help sorting out that UX flow.
Or, alternatively, YOU can hire me
Look, there are basically two very closely-related things I know how to do, if you don’t count cracking wise on the internet. They echo those two projects I talked about up-scroll:
Organizing and marshalling content,
Representing and communicating situations.
These two items end up entailing a whole bunch of other stuff in tech and design, and have dragged me through pretty much every aspect of this godforsaken industry over the last 22 or so years. Lots of scraping, sanitizing, filtering, pipelining, access-controlling, encrypting, internationalizing, templating, labeling, structuring, arranging, process-modeling, data-visualizing. Oh, also pretty much all this stuff I rant about tends to be stuff I know how to actually do something about.
I’m working on a sort of exhaustive meta-case-study which I’ll link to in a later missive, but for now perhaps visit my Internet Home Page, or reply to this newsletter. Send your pals if you think they’d be interested too.