> Our survey measured it on a scale of how much people agreed with sentences including “Following coronavirus prevention guidelines means you have backed down” and “Continuous coronavirus coverage in the media is a sign we are losing.” Our interpretation is that people who responded positively to these statements would feel they “win” by endorsing misinformation – doing so can show “the enemy” that it will not gain any ground over people’s views.
The actual study is paywalled and not present on Sci-Hub, but I wonder what were all the questions, whether they tried it the other way around (with true claims, perhaps on some other topic), how different the answers were with those. I would guess it is implied, to support such an interpretation, but it is not stated explicitly, and from what is written, it sounds like people who believed in conspiracy theories (or were otherwise skeptical of mainstream views) were in fact unhappy to go along with prevention measures and annoyed by the mainstream coverage, which is not surprising at all.
Languages with dependent types (Agda, Idris, Coq, Lean) seem even closer to the description, with a user supplying proofs of properties. For instance, as in idris2-algebra [1]. One can similarly define isomorphisms, or other kinds of morphisms, by listing their properties, and requiring proofs to construct.
Thanks. Maybe I should have stressed this more, but what I had in mind was a more mainstream language suitable for everyday programming too. All the languages mentioned in this thread are great but they are not getting any more popular and you would not use them to build, say, a game or a linear algebra library, right?
Well, at least Idris aimed to become practical, and there is the CompCert compiler in Coq (called Rocq now, actually), demonstrating viability of large verified projects. Besides, one does not have to verify everything in those, and could program more or less as in Haskell (which may also seem impractical, but it is used for all sorts of things, and is my primary language these days, for both work and hobby). I think the primary issues with those have to do with their unpopularity, and particularly lack of libraries. Though C libraries are usually just an FFI call away, so even such smaller languages are not that painful if you try to simply get things done in those.
I recall there being at least SDL2 bindings for Idris (not to mention those for Haskell, which also has game libraries), and some linear algebra libraries in those languages (complete with verification), but probably not particularly extensive.
They are not the most practical choice if you do not need verification, but if you would like to use languages like that, they are available and usable, but with additional effort/drawbacks. I wish they were more mature and had a better infrastructure, too, but that would take people pushing them to that point.
> but what would be the benefit of having more pages fail to render?
I think those benefits are quite similar to having more programs failing to run (due to static and strong typing, other static analysis, and/or elimination of undefined behavior, for instance), or more data failing to be read (due to integrity checks and simply strict parsing): as a user, you get documents closer to valid ones (at least in the rough format), if anything at all, and additionally that discourages developers from shipping a mess. Then parsers (not just those in viewers, but anything that does processing) have a better chance to read and interpret those documents consistently, so even more things work predictably.
Sure, authoring tools should help authors avoid mistakes and produce valid content. But the browser is a tool for the consumer of content, and there is no benefit for the user if it fails to to render some existing pages.
It is like Windows jumping through hoops to support backwards compatibility even with buggy software. The interest of the customer is that the software runs.
> there is no benefit for the user if it fails to to render some existing pages
What if the browser renders it incorrectly? If a corrupt tag combination leads to browser X parsing "<script>" as inline text but browser Y parsing it as a script tag, that could lead to serious security issues!
Blindly guessing at the original author's intent whenever you encounter buggy content is a recipe for disaster. Sometimes it is to the user's benefit to just refuse to render it.
if developer accidentally left opening comment at the start of the html.
Rhetorical question: Should the browser display page even if it is commented out?
There is some bar for what is expected to work.
If all browsers would consistently error out on unclosed tags, then it would definitely force developers to close tags, it would force it become common knowledge, second nature.
HTML5 was the answer for the consistency part: where before browsers did different things to recover from "invalid" HTML, HTML5 standardizes it because it doesn't care about valid/invalid as much, it just describes behavior anyways.
It is too annoying to carefully scroll to the small ranges at which texts are visible, with a custom horizontal scroll, to fish out small bits of text, which do not even seem to be written well. And that is after enabling JS, without which it is broken, yet not obviously (not much more than with JS). Websites about design and typography tend to be broken and illegible, but this one seems to stand out even among those.
But as with quite a few of other such websites, disabling CSS actually renders it easily legible and navigable, even without JS.
Good for Germany and the EU, but how (or why) is the rule of law supposed to make it a taboo? Is it thrown in just to sound nicer, or did they skip a few steps in the reasoning?
I heard "rule of law" being used to justify roughly the opposite (Russian laws, including mass surveillance and censorship), and neither that was clear; apparently it worked simply as an universal justification.
The usual definition is that there are written laws that apply to everyone equally, as opposed to a rule by decree and some kind of tyranny, and the laws do not change too often, are not made for particular occasions (so they do not turn into decrees effectively). So I'd think "suspicionless" -- that is, universal -- sounds closer to it, rather than selective/arbitrary surveillance on a suspicion. Unless such suspicion is at least decided by a court, without rubber-stamping.
> Good for Germany and the EU, but how (or why) is the rule of law supposed to make it a taboo? Is it thrown in just to sound nicer, or did they skip a few steps in the reasoning?
Don't thank Germany too early. The only reason they changed their tune is because a massive number of people reached out to the government representatives in the last few days/weeks.
Without that, it would have gone through.
Case and point, you can look at the timeline of each country's position on https://fightchatcontrol.eu and you will see that Germany went from opposing to undecided to opposing again.
This is the sad state of affairs today. Privacy and rule of law have nothing to do with it.
I personally reached out to many German MEPs and the only ones who bothered to respond and were against CC were from the AFD. Make of that what you will.
> Don't thank Germany too early. The only reason they changed their tune is because a massive number of people reached out to the government representatives in the last few days/weeks.
This kind of mass surveillance is already illegal in Germany, and had Germany voted yes, it would have meant that politicians act against the law, which would be the opposite of the rule of law.
I don't think out constitution is fit to protect against much. It doesn't against home searches for example. Don't call a public official a dick.
For surveillance there just has to be the most benign reason to do it anyway as well.
It is not a strong constitution like the US has and the last decade proved that point. Also the frequency with legislative proposals contradicting the constitution, it doesn't seem to be respected much.
The rule of law establishes, first of all, that the Law does not distinguish any kind of person from another. This is why in order to have a true Rule of Law, the three powers (Legislative, Executive, and Judiciary) must be truly separated.
Decrees are exactly one way to subvert it: the executive acts as the legislative.
Also, in tyrannies (vid. Venezuela, Iran, etc.), the Judiciary is a slave to the executive.
The rule of law states, first of all, that people in Government are subject to the same laws as any other citizen.
It is obviously an unreachable optimum (like true "democracy" is), but that is the basic principle. Not that "Laws" govern the place.
Chat Control (and see especially the Danish Minister who said "common citizens should not expect to be able to use cryptography" or words to that effect) is suspicious under the rule of law because it differentiates ipso iure between "ordinary citizens" and "the executive".
Edit: whether you agree with him or not, reading "The road to serfdom" should enlighten you a lot about this topic.
What is "nope" about? I understand "people in Government are subject to the same laws as any other citizen" to mean the same as "written laws that apply to everyone equally". The sort of thing Aristotle and Locke advocated for.
As for the separation of powers, it is a related concept, but still a distinct one; not sure if bringing it up helps here.
Added "The Road to Serfdom" into my book queue, thanks for the suggestion.
> Such laws cannot be enforced. Enforcement can only be arbitrary.
I am against criminalizing cryptography and largely agree about it being infeasible given the extent of proliferation and ease of replicating it/am playing devil's advocate:
Laws banning math related to manufacturing nuclear weapons can and has been enforced. It's important to take legal threats like ChatControl seriously and not just dismiss it as absurd/unenforceable overreach, even if that's likely true.
Banning math in relation to nuclear weapons was typically very specific and most often involved hardware export controls.
The key note with what the previous poster said was 'arbitrary', meaning the laws will end up a nonsensical mess because the maths have huge amount of industrial, commercial, and personal uses and suddenly one range of use is banned leads to situation where law enforcement tends to go after particular groups for who they are, not what they've done.
Tech companies can certainly be forced to build surveillance into their chat applications and operating systems. This doesn't have to be about backdooring crypto.
> Enforcement can only be arbitrary.
Sure, but it would be forced upon the vast majority of the population. Tech-savvy people will find ways to circumvent it, so will criminals, but that doesn't make mass surveillance of all others any less scary.
I also think the public generally doesn't understand much of cryptography. It's thought of as some sort of dark art. And to be reliant on computers. But some dice and basic arithmetic will suffice -- though you still shouldn't roll your own crypto system.
While I did lose access to a hosted email and other services, and only permanently lost access to a free domain name so far, also was close to losing access to regular paid domains on multiple occasions (once because of the used registrar, twice because of the place I live in and international politics, being disconnected from payment systems, though with registrars also contributing a little).
Mandatory reliance of services on other services (whether it is email, phone, or a more explicit identity provider) is generally unfortunate. I think it is best to not look for a perfectly reliable setup, as it is unachievable, but to keep in mind that they are not reliable, to have recovery plans and fallback options if possible, reduce dependence on online services, especially those depending on others. Though a personal domain name still seems more reliable to me than that of an email provider.
I have gradually reduced CSS to zero myself, since pretty much every tweak seems to mess up accessibility more than improve things, and generally it is the client that should control the style, and the user who should configure it for themselves, knowing their own requirements better. As for suggestions from the article:
> Granted, if you have images they can cause some overflow issues.
The "fix" breaks zooming in.
> In general, the font-size is a little small as well
It is quite annoying when websites mess with your preferred font, its size, style, and so on, often turning texts illegible. In this case it is made awkwardly large, but often it is made illegibly small, apparently also with the intention to fix the defaults.
> Many people love dark mode, so let’s enable it based on a user’s system preferences.
"color-scheme" is like "viewport": an invocation to tell the browser that the website is not too broken, and the web browser should act more sensibly. Those are practical, but still awkward, not quite how things should be: I wish web browsers defaulted to sensible behaviors. So I rather view it as a choice between adapting to how things are and pushing for how they should be.
> We generally want to try and fall somewhere in the 45-90 characters per line range (for body text, not headlines).
I used to set max-width in ch before removing CSS completely as well, but usually desktop web browser windows are resizable, with the space being there to be used, not to fill with background color. I see it in epub files sometimes as well: huge margins are enforced, being rather annoying when you do not want those, while if you do, you can simply adjust the window size (or set such default styles, as another option).
> I assume the server is going to be run under xmpp.example.com and you all the following domains have been set up.
> [multiple A records]
"A" DNS records may be used for a fallback, but SRV records are the primary way to configure those [1, 2]. Also some of those can reuse an existing domain name, and some may not have any DNS RRs, but only be used as an internal JID.
> ejabberd is a robust server software, that is included in most Linux distributions.
Prosody [3] is another nice and popular option.
> Install from Process One repository
> Install from Github
Both ejabberd and Prosody are available from regular Debian repositories as well.
> Make sure the fowolling ports are opened in your firewall, taken from ejabberd firewall settings.
A port range is also needed for TURN, to use for relaying. And there is a typo.
> Clients I can recommend are Profanity, an easy to use command-line client, and Monal for MacOS and iOS.
Among relatively feature-rich and user-friendly ones (quite polished, supporting more recent standards, including voice calls with DTLS-SRTP, OMEMO), there are also Conversations for Android, Dino for Lignux (GUI), poezio for TUI (though that one has no voice calls). Setting converse.js (a Web client) may also be convenient (and done rather easily, at least with Prosody).
Given that we tend to pretend that our computers are Turing machines with infinite memory, while in fact they are finite-state ones, corresponding to regular expressions, and the "proper" parsers are parts of those, I am now curious whether there are projects compiling those parsers to huge regexps, in the format compatible with common regexp engines. Though perhaps there is no reason to limit such compilation to parsers.
- More of anti-UCE, with postscreen (greylisting, DNSBL and DNSWL checks), policyd-spf, body_checks, check_sender_access, check_client_access, postscreen_access_list.
- Setting "home_mailbox = Maildir/", to keep mail in user directories and in the Maildir format (which seems to be less prone to corruption than mbox is, and well-supported by MUAs).
- Leaving TLS defaults, except for the paths. I used to set mandatory TLS, but then ran into some servers not using it, and figured that I do not trust the involved servers more than channels between them anyway (especially the servers that do not support TLS). Being overly strict with allowed protocol versions (or even ciphers) also reduces compatibility, while for encryption it is better to rely on OpenPGP.
- I do set Dovecot (for both IMAP and SMTP submission); the recent configuration change did not seem like a big deal to me, and it was documented, so I found it easy to update. It is nice to be able to use email from a server (and that ability does not go away with Dovecot), but a local MUA also has its advantages.
- Registered at dnswl.org, to improve deliverability in some cases.
The actual study is paywalled and not present on Sci-Hub, but I wonder what were all the questions, whether they tried it the other way around (with true claims, perhaps on some other topic), how different the answers were with those. I would guess it is implied, to support such an interpretation, but it is not stated explicitly, and from what is written, it sounds like people who believed in conspiracy theories (or were otherwise skeptical of mainstream views) were in fact unhappy to go along with prevention measures and annoyed by the mainstream coverage, which is not surprising at all.