No Food for Thought

The height of the COVID-19 pandemic was an interesting social experiment, for a middle-aged adult like myself who has never lived through a major war. Watching even high quality mass media like CBC's televised news made me realize what propaganda really means. In times of crisis, with extreme polarization and a sense of "war against the virus", the same journalists which usually provide quite critical information, perhaps by fear of being labelled as anti-war, reached the point of providing exaggerated news which could almost be qualified as misinformation.

The pandemic and sanitary measures themselves caused important mental distress and increased misinformation. But could the excesses of mass media not have had a toll on their own? This evening's Tout le monde en parle featured an interesting interview with David Morin and Marie-Ève Carignan which answered that question. Propaganda from mass media pushed away many, which ended up into the arms of conspiracism. Repairing the damage will be a long and painful process.

Most importantly, as co-author David Morin mentions in the same interview, we are already forecasting major crises (some have already started). If even state media doesn't get enough resources, independence and nuance to remain reliable in times of even moderate crises, the future of information—and the societies who now depend on it—will be bleak.

A couple decades ago, free software was the target of much FUD, notably regarding its security. But free software evangelists could easily reply to Microsoft and other vendors that Mozilla's browser had much less flaws than Internet Explorer.

In fact, the reality was that many more flaws were being discovered in MSIE than in Firefox. Mostly because people had much less interest in finding flaws in Firefox than in MSIE. Firefox's rise would prove in just a few years that Mozilla was far from immune to security flaws.

The continued flood of free software has meant free software vulnerabilities now have an impact similar to those in proprietary software. Catastrophic flaws from the last decade in OpenSSL and Log4j have started to show some of the FUD was quite accurate.

KNP has been decrying software mediocrity for years, but things don't change overnight. I was involved in projects for which quality, including security, is - at best - an afterthought. Even (internally) known security flaws can remain for years, while fresh ones are being added.

There are lots of free software components which vary a lot in quality and in so many aspects, but most have something in common: either their quality is mediocre, or they don't exist. And while many users may be willing to put up with mediocre quality in many ways, organizations may have difficulty ignoring bad security track records.

Research suggesting some 40% of professionals have already scaled back their use of OSS may be worrying, but the timing matters, and the importance of that decline was not measured.
Better late than never. It's still time to react, and OpenSSF's promises are good reason for hope, but many open source projects need to perform a fundamental reprioritization.

When you hear about Ukraine's invasion, you can't help but wonder why some Russian soldiers won't quit and denounce. Pavel Filatyev may be the first one to quit completely, and have the courage and fortune to denounce successfully. And by doing so, he helps understand why so few will manage to do the same.

Pavel Filatyev had the fortune to get sick during the invasion and to be evacuated. He then managed to contact dissident organizations for help fleeing, and only succeeded to reach France after going through Tunisia. Western countries demonize suicide, but everything is relative. Filatyev's account makes me admire those of his comrades who—perhaps unable to leave the battleground—had the courage to shoot themselves instead.

Man can choose to become a monster, and Man can be raised as a monster. But even those made into monsters can turn into heroes. For following that path, Pavel Filatyev is my Hero of the month.

Filatyev's life may not resist the long-reaching arms of Russia's powerful secret services. But the reconciliation facilitated by his memoir Zov, and the inspiration of his bravery will always remain.

There are several ways to commute. By foot, by subway, by car, by bicycle, by bus, or by a mix of these. By tramway or boat, by skateboard, by motorcycle or scooter too.

As a resident of Quebec City who usually commutes by bicycle, I am often qualified as courageous for sticking to bicycle even in our cold and icy winters. And I got to admit that in a sense, winter cycling here does unfortunately require important determination.

Commuting by bicycle during winter used to be rare here back when I started, 20 years ago. Still, I don't feel so original if I compare myself with Brent Hobbs. Swimming wouldn't accelerate my current commute, but even if it did, I highly doubt I would be courageous enough for that.

Congratulations M. Hobbs!

Je n'ai pas de problème à ce que certains fassent rouler SETI@home sur leur PC. Ni à ce que certains plus tournés vers eux-mêmes utilisent toute l'électricité qu'ils veulent pour chercher des pièces de crhypeto. Tant qu'ils la paient. Chacun a droit à ses illusions, et on sait bien qu'on apprend beaucoup mieux en faisant des erreurs.

Le problème devient réel quand des gens qu'on présumerait informés comme des banquiers choisissent d'investir dans le secteur crhypeto. Là, les illusions commencent à se transmettre à l'économie réelle. Et quand une institution publique investit des millions de dollars dans le secteur, ça devient sérieux. On me force à sacrifier mon capital.

Malheureusement, le Québec a nettement atteint ce stade. La Caisse de dépôt et placement du Québec annonçait en août des pertes d'environ 200 M CAD, suite à la faillite de Celsius Network. Eh oui, la CDPQ a directement placé des millions de dollars dans une société basée sur la crhypeto.

Si la nouvelle peut être difficile à digérer, la réaction du président Charles Emond semble rassurante :

À première vue, on reconnaît l'erreur et on s'assure d'éviter de la répéter. Mais les choses se gâtent par la suite :

M. Emond, on n'arrive jamais trop tôt dans une pyramide de Ponzi. On y arrive, tout simplement. Y « arriver tard », c'est encore pire que d'y entrer tôt.
On essaie même de jouer aux sauveurs :

À la lumière de ces commentaires, on peut réellement douter de la CDPQ. Est-ce du simple orgueil? A-t-on apprit de notre erreur? Quelles autres sommes la CDPQ a-t-elle déjà englouties en crhypeto? À quel coût viendra le réveil?

I played several violent video games during my childhood and early adulthood, and wasted several more person-weeks playing them. Despite playing America's Army, I was never recruited by any army, and besides sometimes wishing violent tyrans would taste their own medicine, I do not consider myself particularly violent.

If violent video games were a costly distraction for me, it seems they may have been a very different kind of distraction at a political level. For an even longer time, and at a much higher cost: human lives, as politicians blame games instead of focusing on efficient ways to reduce gun violence.

Thankfully, it seems that ignoring NRA-funded groups, this side of the distraction may be coming to an end.

Some may track their limit manually, but after a while, this usually gets quite complicated. Thankfully, WOWA's page on the topic helps in 2 ways. It first provides a calculator, which will unfortunately be inconvenient for many. But as the page then explains, you can also get (somewhat) that information directly from the CRA!

That is, of course, if you've already used the CRA's My Account... or if you're willing to go through an Insane (and half-broken) process involving some 15 minutes of wondering how a national G7 government can make such a simple thing so complicated, in 2022. I for one have been lucky enough to survive the resulting head-banging and get access to the precious amount.

I suppose simplifying a complicated complication will always be somewhat complicated.

Update: Once you receive - of course by paper mail - you CRA security code, you can go back to the website. Once you will manage to remember how you connected, and once that authentification method starts to work again, you will be able to enter your security code. But not before entering again all of the same strange information CRA asked you hoping to authenticate you before you signed up. For the last time, hopefully... until your security code's expiry, not even 1½ year after you signed up!

8 years ago, Heartbleed was estimated to have cost at least 500 million USD. Since then, many more vulnerabilities were granted infamous names, including a few whose damages are estimated at the same magnitude. And yet, despite everything which was written about EU-FOSSA and the Core Infrastructure "Initiative", only roughly 10 million € were spent on all these projects.

For some time, hope in OpenSSF has started appearing, thanks to its approach and reasonable orientations. When Log4Shell erupted, OpenSSF's future was quite questionable. But this year, while some big challenges remain, it is acquiring an unprecedented credibility, with involvement from the White House, and a plan whose ambition would have been unthinkable prior to Heartbleed.

The main question now is whether it can find enough funding for these ambitions. Tens of millions of USDs would have been miraculous before the advent of crhypetocurrencies, but we remain far from the short-term target.

148 M USD may be little in comparison to the costs of the ongoing software chaos, yet the tragedy of the commons will most likely prevent even reaching that, once again. Unless - perhaps - the EU and the USA can join and demonstrate what collaboration can make possible?

2024-04-02 Update

How far have we come to that, almost 2 years later? OpenSSF's website doesn't even prominently list its contributors. Wikipedia's article only mentions the initial 30M $ in pledges. OpenSSF's 2023 annual report merely mentions that Alpha-Omega was "awarded over $4.9M in grants toward securing open source in 2023".

As OpenSSF's efforts remain mostly a plan, reality has started hitting, with professionals scaling back on FLOSS.

I grew up strongly rooted in the economy. My father was a merchant, I worked in his store, and I knew his employees earned 6 CAD per hour. For me, this minimum wage was generous.
A few years later, I got a first job. Thanks to some good fortune, I always found my wages generous, and even more when I started working in IT.

It turns out my story may not be the norm. A recent survey confirms an old phenomenon: highly distorted economical expectations by some of the people which we could think of as most educated, i.e. students of colleges in the USA. Even students in psychology − yes, psychology − overestimate their starting salary by more than 100%!

I find the amplitude of this distortion puzzling, and am curious about its causes. Is this a case of exceptionalism? Would students better estimate the starting salary of their peers? Is the USA's private education system to blame for this perception? Or are we encouraging education so much that we overvalue it?
Hopefully, research on this can help mitigating student debt.

If you think you have answers, thanks for commenting.

Le monde évolue. Enfin... certes, il change, mais depuis quelques temps, on se demande si c'est pour le mieux. Déjà, la crise environnementale a débuté il y a bien des décennies. Depuis quelques années, c'est la démocratie elle-même qui est menacée. Et ne parlons même pas de la pandémie...

Tout cela est-il une simple crise? Une crise dont on pourra apprendre pour en sortir renforcés? Ou sera-t-il trop difficile de se relever?

Si nul ne le sait, admettons que notre confiance est au plus bas. Selon le baromètre de confiance Edelman, en ce moment, nous nous fions beaucoup plus aux compagnies qu'au gouvernement et aux médias (page 5). En plus, la fracture s'agrandit entre la population favorisée et les moins informés (p. 16). Peut-être le plus inquiétant : la confiance est plus basse dans les États démocratiques que dans les autocraties (p. 21), et le premier monde a beaucoup moins confiance en l'avenir que les second et tiers mondes (page 22).

Ironiquement, Edelman étant une société privée, je ne me fie pas aveuglément à ces résultats. Mais même s'ils étaient inexacts, l'ampleur du phénomène reste inquiétante. D'un autre côté, l'optimisme n'est pas interdit. Une baisse de la confiance en l'avenir pourrait être considérée comme un indicateur rassurant d'une prise de conscience. Les pays développés se rendent peut-être enfin compte que nous sommes en crise. Et peut-être cette réalisation nous permettra-t-elle de réagir, et d'ainsi éviter que cette crise ne se transforme en pic démocratique... voir en pic civilisationnel. Encore faut-il éviter une réaction pressée.

Méfions-nous de nos manières actuelles, et optons pour une remise en question posée... mais ne perdons pas confiance en notre capacité d'évoluer en une humanité consciente, unie et prête à se réguler elle-même, avant que la nature n'ait à faire tout le travail. Il est encore temps de faire de cette situation un simple creux, que nos descendants regarderont comme une phase de l'histoire à laquelle nous aurons su réagir brillamment. Tous ensemble, relevons ce test de volonté.