this is why we can’t have nice things

As you may know, I am involved in https://darcy.is, an attempt to build a better social network atop of Solid. The developers are chugging along at a slow but steady pace, expect a new version to come out soon.

Solid itself is a really intriguing and awesome idea: Everything you want to share or publish, regardless of public or for a limited audience gets stored on your Solid Pod, completely uncoupling data from application and publisher.

So your theoretical Facebook posts and likes and comments would not be stored and owned by Facebook. They would just handle the presentation and feed and recommendations and so on. And if you want to change the network, you get to keep all your content and contacts.

Now, the way Solid is designed has one big constraint: You cannot change the URL that points at your pod, ever. If you do, all the links between your content and that of others would get lost otherwise. So, if a pod provider would got belly up, that would be a bad thing.

One of the earliest pod providers is solid​.community. Or rather. Was. The service is shut down. Which is fine, it was advertised as experimental anyway, it was free and purposely only had a very small storage space. It was meant for those earliest of adopters and for developers to see how all this works.

Alas, someone thought it would be helpful to keep it alive and managed to migrate everything to solidcommunity​.net.

Which is also fine and helpful, except two things:

  1. I, as a user on solid​.community learned about this whole thing from someone completely uninvolved in this process, basically by accident. The move included my login data, whatever private data I may or may not have stored on that Pod, everything. I have never agreed to this, nor do I have any idea who the new person is. That is a major GDPR violation, and erodes a LOT of trust.
  2. The move is useless. As I pointed out above, now that the URL is changed, none of the linked data is properly linked anymore. It completely broke everything. And considering the amount of data (I think there was 2 MB of available space), it is not even a thing of „hey, people probably want to keep this!“.
useless people links on my Solid Pod

Seriously, my Fellow Nerds, especially if you work on something that promises privacy: These things matter! No one will adopt your project, if you fuck this up, and here, you fucked up quite a bit.

Before you rant at me: Yes, I am quite aware that what I was using was basically a test system. And I bet that 99,9% of all other users of that system knew this too and acted accordingly. I highly doubt that any actual private data was compromised. And I don’t think there is any foul play involved. People did what they thought would be best. But, well, guess what: They thought wrong!

Data is radioactive money?

This morning, I had a conversation with Karl H. Richter about data. He argues that data is money — and I mostly agree with him:

Sometimes we may want the tech companies to be trustworthy custodians, holding our data safely without being stolen or used without our consent – or we may want them to actively invest some of our data on our behalf, to work productively in the economy in exchange for a risk-adjusted return.

Karl on expectations with regard to handling data

I quite like this change of perspective. But I think there is something missing here — what happens if these custodian or „investment managers“ fail to keep our data safe? If we stick to the „money“ analogy, that would mean that the data is simply gone.

And yes, occasionally, this actually happens; just ask MySpace. Most of the time, though, data doesn’t get lost, but instead gets copied. It is a pet peeve of mine when these get labeled as "data loss" or "data theft" by those who report on it. Often this gets confounded by saying that the company who was the custodian of that data would be the victim here.

Please, nothing could be further from the truth, let me explain why and how:

  1. The data is usually still there. The company whose database was breached still has all their data. They can continue their normal operations, deliver goods and services, write bills, everything.
  2. The incident involved the companies servers, but they are not the true victim in these cases — it’s the users whose data became compromised! I would rather say, that the companies in question were more of an accomplice in this, by being (often willfully) negligent about their security practices.

The more fitting analogy for most data breaches is an environmental disaster. Think of it as a containment breech in a nuclear reactor. The reactor still produces energy, but the environment around it is damaged in ways we cannot entirely foresee. The long term effects are rather unknown and vague, depending on lots of external factors no one can fully control.

Worse: As with environmental disasters usually hit hardest on the most vulnerable or marginalized people, so do do breaches. And as with environmental damage, they are cumulative: Once the data is out there, it usually never goes away. And the more small pieces of my private data are known, the more they can be combined into something more dangerous. 

For the privileged, it is easier to cope with data breaches. If I’m a millionaire, I can simply move when my home address gets compromised. Sure, it’s a nuisance, but it is completely doable. If I am living on minimum wage in an area that is under gentrification pressure, I won’t be able to afford a move.

If my sexual orientation, religion or race gets published (I’m a white, cisgender heterosexual atheist), I’ll have exactly nothing to fear. If I were gay and lived in Saudi Arabia, the same data piece suddenly becomes life-threatening.

So, we should think about data as if it were radioactive money. Whoever controls it can use it to generate wealth with it, but if it spills, there will be long lasting unfathomable damage.

We need to hold the custodians of our data accountable to the highest standards. And if they fail at their jobs, we shouldn’t let them get away with it as easily as we do today.

Why I don’t identify as sysadmin anymore

I used to be a sysadmin. And I like to think that I was pretty good at my job. These days, my work is much more managerial with a strong emphasis on communication. The command line and I only meet occasionally, and I have to get help whenever I do something more complicated with regular expressions. Still, I apparently have retained enough skills that the Head of Cloud Operations at my current workplace occasionally says things like „oh, you can do that?“ in a positively surprised tone. But I usually do know my limits and what not to touch.

This is the story of when I failed to recognize my limits.

Knowing that I’m not an admin, this webpage resides on a server that is run by a webhosting company. They worry over security patches, uptime, sensible database configuration and so on, because I know that I’ll probably screw this up. I am allowing myself to change database tables, tinker with some of the htaccess settings and… DNS. That is one of those things that I don’t touch a lot, as there is no need for this on a daily basis.

And thus, I completely forgot about the SPF record when changing the MX entries to support my G Suite setup when I switched hosting last year. As a quick recap, let me quote Google what it’s about:

The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain. Recipients can refer to the SPF record to determine whether a message purporting to be from your domain comes from an authorized mail server.

Quite the important and nifty functionality. I actually knew of it already, but didn’t realize that the new webhoster had this implemented as a standard. So while I successfully switched all the MX entries, I overlooked the SPF setting.

Alas, there are a lot of email servers that happily ignore a faulty SPF setting, even Google kept receiving emails despite the wrong setting. And you don’t really get an error message on the senders part, because no one talks back to (even only suspected) spammers. So nearly everything seemed fine: I was sending and receiving mails on a daily basis and this configuration error wasn’t discovered for nearly half a year. Only when I started to worry that one email recipient didn’t answer at all and a friend who actually is an admin looked into the matter for me.

So, the lesson here is: The Dunning Kruger effect is sometimes closer to home than you think. Whenever you do something only occasionally, maybe talk to someone who does it regularly, to make sure that technology hasn’t advanced past your own experience in the meantime. And if you use G Suite, here's how to set the SPF correctly.

How I imprinted on (not only computer) RPGs

Back when I was a kid (well, teenager), I had an Atari 800XL and played a great many list of games on it. The one that hooked me most though is a rather obscure one: Alternate Reality (The City) and it’s sequel Alternate Reality (The Dungeon).

For me, that game was eye-opening. The game world felt really alive in a lot of tiny ways, and was in many more way ahead than other games. It used a raycasting engine, on 8‑Bit home computers nonetheless. It was basically an open-world game, where you didn’t wander through a set plot, but had to connect the dots yourself, and figure out who wanted what. That meant that you could suddenly die, because you wandered in the wrong part of the map, or that people you never met knew of you.

This thoroughly spoiled me for most of what followed. I couldn’t fathom why things had to be so static, why I couldn’t just rob this bank or plead with this monster. And the places made sense, even if they were labyrinthine. Also, with monsters like the „Clothes Horse“, it forged my sense of what is appropriate in a game and what isn’t.

Gosh, I miss that game :)