This reminds me of an interesting security incident that occurred on the undergrad.math.uwaterloo.ca unix cluster while I was an undergrad, circa 1996.
When I'd started, the cluster had three SunOS servers, named cayley, descartes, and napier; undergrad math students had their home directory allocated on a local disk on one of these three machines, which each cross-mounted the others' via NFS. At this time, however, the Math Faculty Computing Facility had just received a fancy new dedicated NFS file server from (IIRC) NetApp, and all our home directories had been moved there instead, presumably freeing up desperately-needed CPU cycles on the three compute servers so we could run the Modula-3 and μC++ compilers.
One evening I was in one of the XTerm labs in the Math and Computer centre working on a CS assignment (the only alternative being to do from my dorm room via 2400 buad dialup). As was tradition, I had left the assignment until the night before it was due to start work on. Indeed, it seems that we all must have, because after getting part way through I needed to access some input data files that were shared from the home directory of the course account—something like ~csXYZ/assignments/N/input—only to find I could not read them.
These files were of course owned by the csXYZ course account and should have been either world-readable or readable by the corresponding csXYZ group to which all students registered that term belonged. Unfortunately something had gone wrong, and although the files were rw-r-----, they belonged to the wrong group, so that I and the other students in the class were not able to access them.
It now being after 6pm there was no hope of tracking down one of the course professors or the tutor to rectify this before morning (and it's quite likley the assignment submission deadline was 9am).
Fortunately, I was a naive and ignorant undergrad student, and not knowing what should and should not have been possible I began to think about how I might obtain access to the needed files.
I knew about suid and sgid binaries, and knew that on these modern SunOS 4 machines you could also have suid and sgid script, so I created a script to cat the needed files, then changed its group to match that to which the files belonged, then tried to chmod g+s the script—but of course this (correctly) failed with a message informing that I could not make my file sgid if I didn't belong to the group in question. I then took a different tack: I chgrped the script back to a gropu I did belong to, ran chmod g+s, then chgrped the script back to the group that owned the files I wanted to read.
I now know that this should have resulted in the script losing its setgid bit, but at the time I was unaware of the expected behaviour—and it seemed that the computer was as ignorant as I was because it duly changed the group as requested without resetting the setgid bit, and I was able to run the script, obtain the files I needed, and finish the assignment.
I then headed over to the CS Club office to discuss what had happened, because I was somewhat surprised this had worked and I wanted to understand why, and I knew that despite the lateness of the hour the office would certainly be open and very likely contain someone more expert than I who would be able to explain.
The office was indeed open but no explanation was forthcoming; instead, I was admonished not to discuss this security hole with anyone until I had reported it, in person, to the system administrators.
Thus it was that bright and early the next morning I found myself in Bill Ince's office with a printout of the terminal history containing a demonstration of the exploit in hand. I informed him I had a security issue to report, and handed him the printout.
He scanned the paper for a moment or two, and then replied simply "ahh, you found it".
It seems I was not the first to report the issue, and he explained that it was due to a bug in the new NetApp file server. He then turned monitor of the terminal on his desk around to show me a long list of filenames scrolling by, and (in hindsight rather unwisely) informed me that it was displaying a list of files that were vulnerable to being WRITTEN to due to the same hole.
He duly swore me to secrecy until the issue could be resolved by NetApp (which it was a few days later), thanked me, and sent me on my way.
Seems interesting but for some reason on Chrome on my iPhone 13 mini the page is too big for the screen: I have to pinch zoom out to see the X that dismisses the instructions, and can't scroll the about page.
Did you make some assumptions about the minimum window / screen size based on oversized modern smartphones, forgetting that lots of us still cling to more reasonably sized older devices?
Hm, yeah, tested it down to about 500 px width, and the low-resolution devices in Chromium but that was too optimistic then. The modals should of course be closeable, and both game boards simultaneously visible. Played around with the modals a bit, so maybe it works better now?
You know what else is infuriating? Pages that won't load (at all—just show a blank page, or in this case a too many redirects error—if you do not have cookies and local storage enabled.
Agh, sorry about this! I'm one of the people building leaflet.pub, which this blog is running on. Just pushed a fix for this (ironically on nextjs/vercel). The redirect loop is to handle sharing auth between our "main" domain, and people's various custom subdomains. Auth, via the ATProtocol, is used for things like subscribing and commenting!
Well, their "About" page explains that it's a journal "dedicated to two big ideas…: equality under the law and global federalism." But more relevantly, also that they publish "short stories and memoirs, because stories — shared at the fire pit of hunting camps and at feasts on Thanksgiving Day or Eid al-Fitr — are also essential to who we are."
As with any kind of literary fiction, what moral (if any) you take from this story is largely up to you.
Not to disparage Stijn's efforts, but he's about a quarter century late to the AR ad-blocking game: when Steve Mann came give a talk at the University of Waterloo whilst I was an undergrad there (circa 1997–2000), one of the applications of his wearable computer that he demonstrated was the ability to recognise and block ads on posters and billboards.
Of course at the time the computing power needed just to do the image tracking was far in excess of what could be carried on his person, so it involved a (possibly pre-WiFi) radio link to a lab network of graphics workstations, and as far as I know the software wasn't doing any kind of AI ad identification, but only matching pre-tagged ad images (or maybe just tracking the physical locations of the user vs the known location of the ads, via GPS + INS + video tracking).
It was nevertheless an exceedingly impressive demo that it has taken quite some time to make a significant improvement on.
I read your comment as praise for Stijn for having made a somewhat practical and working prototype for a concept that could only be demoed in the most resource intensive and clunkiest ways 25 years ago.
Steve Mann's demo was I'm sure impressive, still the idea in itself is absolutely trivial (looking for ways to hide ads started the very day ads were born) and it all comes down to the execution.
"What type of irresponsible uses do you see for this technology, professor?"
"Uh, I think, like, advertising. Like that, that type of thing. One of the things that I'm trying to do is, is design filters to filter out advertising, so that when you're walking around, you could filter out real world spam. You know, already we have spam in the real world such as billboards, and things like that. So, what I envision is that the mediated reality could be used to filter out the spam."
He was my prof in undergrad. He was pretty much half insane; sometimes he would stop talking mid sentence and just stare at the class for a bit. He would do this even on days where he wasn’t wearing the glasses. Such a strange course. Did learn some cool things though.
> One of the things that I'm trying to do is, is design filters to filter out advertising, so that when you're walking around, you could filter out real world spam.
Instead, I totally expect Meta and the Quest X to not block ads, but replace any IRL ads with targeted ads. You will not be able to turn this off. Instead, they could Black Mirror it and highlight each ad found and force you to stare at it for at least 5 seconds so the impression will count. If you don't, it'll just blank out everything else except the ad.
Whenever the tell-all memoir of the next Meta AR ad executive comes out in a few years, I hope they credit your comment for giving them the inspiration of how to implement the Torment Nexus
[Ed.⁰ This is a colloquialism¹; 1 Samuel 13:14,Acts 13:22:
Colloquialisms were the original shibboleths, tbh, but no sexism or other -*isms intended or defended by the aforementioned, admittedly sexist, canonical quotation]
What's the incentive to keep using the headset in your dystopia? if Meta sold the product you're describing, why would anyone buy it? Are you imagining a world with government mandated AR goggles? Why wouldn't I just take them off?
I am obviously not the target audience for this, because it seems to be the opposite of what I want: I'd much rather just have a text-only homepage than anything with thumbnails.
I'd really love an iOS app for Reddit that made the site look more like this one (or like the old `.compact` version did).
Technology (e.g. highly addictive short-form video apps) seems like a likely explanation; fear of fentanyl is less plausible (it would not deter drinking or vaping). Surely the biggest factor, however, is just the interruption of social contagion?
I strongly suspect that physically separating highschool students from their older peers for a couple of years meant that most of the older kids who were in to drugs etc. graduated and were not around to introduce their younger peers to these vices.
It's the flip side of the phenomenon whereby many university societies shut down and either never reopened after the pandemic or struggled to get going again (examples I know about including swing dance clubs and solar car racing teams), because the only students with enough experience to teach their younger peers had by then all graduated.
I like this thought process your brought up here! I hadn't put much time into thinking about the physical separation of generations in organizations like schools. A certain absence of physical heritage if you will... A mini extinction event
Makes you think of other, perhaps smaller, things that may have gotten a gap in physical hand offs. Perhaps I'm generalizing too strongly here, but certainly someone that was a middle school teacher or something before and after covid might have some observations on little oddities that may have escaped the public eye.
The obvious reason for me is simply that everyone is much more health conscious now. That also plays much more of a role in social status than it did before. That also extends to showing off your healthy lifestyle on social media.
Well, given that it's in _The Guardian_, there's a pretty good chance that she is indeed now aware of it.
Minor quibble: the current Magic Circle is not "different from the last one" because it is the same organisation—though it has obviously had a significant change of policy and a considerable turnover of membership in the three and a half decades since Sophie Lloyd was accepted as a member.
When I'd started, the cluster had three SunOS servers, named cayley, descartes, and napier; undergrad math students had their home directory allocated on a local disk on one of these three machines, which each cross-mounted the others' via NFS. At this time, however, the Math Faculty Computing Facility had just received a fancy new dedicated NFS file server from (IIRC) NetApp, and all our home directories had been moved there instead, presumably freeing up desperately-needed CPU cycles on the three compute servers so we could run the Modula-3 and μC++ compilers.
One evening I was in one of the XTerm labs in the Math and Computer centre working on a CS assignment (the only alternative being to do from my dorm room via 2400 buad dialup). As was tradition, I had left the assignment until the night before it was due to start work on. Indeed, it seems that we all must have, because after getting part way through I needed to access some input data files that were shared from the home directory of the course account—something like ~csXYZ/assignments/N/input—only to find I could not read them.
These files were of course owned by the csXYZ course account and should have been either world-readable or readable by the corresponding csXYZ group to which all students registered that term belonged. Unfortunately something had gone wrong, and although the files were rw-r-----, they belonged to the wrong group, so that I and the other students in the class were not able to access them.
It now being after 6pm there was no hope of tracking down one of the course professors or the tutor to rectify this before morning (and it's quite likley the assignment submission deadline was 9am).
Fortunately, I was a naive and ignorant undergrad student, and not knowing what should and should not have been possible I began to think about how I might obtain access to the needed files.
I knew about suid and sgid binaries, and knew that on these modern SunOS 4 machines you could also have suid and sgid script, so I created a script to cat the needed files, then changed its group to match that to which the files belonged, then tried to chmod g+s the script—but of course this (correctly) failed with a message informing that I could not make my file sgid if I didn't belong to the group in question. I then took a different tack: I chgrped the script back to a gropu I did belong to, ran chmod g+s, then chgrped the script back to the group that owned the files I wanted to read.
I now know that this should have resulted in the script losing its setgid bit, but at the time I was unaware of the expected behaviour—and it seemed that the computer was as ignorant as I was because it duly changed the group as requested without resetting the setgid bit, and I was able to run the script, obtain the files I needed, and finish the assignment.
I then headed over to the CS Club office to discuss what had happened, because I was somewhat surprised this had worked and I wanted to understand why, and I knew that despite the lateness of the hour the office would certainly be open and very likely contain someone more expert than I who would be able to explain.
The office was indeed open but no explanation was forthcoming; instead, I was admonished not to discuss this security hole with anyone until I had reported it, in person, to the system administrators.
Thus it was that bright and early the next morning I found myself in Bill Ince's office with a printout of the terminal history containing a demonstration of the exploit in hand. I informed him I had a security issue to report, and handed him the printout.
He scanned the paper for a moment or two, and then replied simply "ahh, you found it".
It seems I was not the first to report the issue, and he explained that it was due to a bug in the new NetApp file server. He then turned monitor of the terminal on his desk around to show me a long list of filenames scrolling by, and (in hindsight rather unwisely) informed me that it was displaying a list of files that were vulnerable to being WRITTEN to due to the same hole.
He duly swore me to secrecy until the issue could be resolved by NetApp (which it was a few days later), thanked me, and sent me on my way.