No Food for Thought

Food is something you should provide to your brain long before coming to this blog. You will find no food recipes here, only raw, serious, non-fake news for mature minds.

Filelight and drive space usage analyzers for Microsoft Windows

admin Thursday March 10, 2022

One of Microsoft Windows's weaknesses has always been drive space usage analysis tools. My reference on that front is KDE, which often comes with an appropriate tool. In the old days, KDirStat, and more recently, a Dolphin plugin.

But on Windows, I always resorted to WinDirStat, which - unsurprisingly - is based on KDE's KDirStat. Last week, when I went to download again WinDirStat, for my new business PC, it felt a bit strange to download a package which is almost 15 years old. So I checked if I was missing some fresher fork of WinDirStat.

Doing so, I was pleased to discover that the newer KDE utility, Filelight, was available for Windows. So I considered installing its latest version, which is from 2021, rather than 2007.

I found that Filelight from Windows is obtained from the Microsoft Store, which offers Filelight 20.12.2. I was about to download it when I realized the package was... 299 MB!! A supposedly "light" utility which helps clearing space takes 299 MB?!!?

I hope it's just poor packaging, but in light of the current status, I decided to stick with the good old WinDirStat, which - despite weighing less than 1 MB - still works just as well on Windows 10.
Thank you, WinDirStat

Sergey Naryshkin, relativity and the teachings of conflict

admin Monday March 7, 2022

Russian Foreign Intelligence Service director Sergey Naryshkin would, at first look, seem like an evil fraud. And yet, right before Russia launched its full-scale invasion of Ukraine, Naryshkin dared, in a way, to disagree with his orders, despite the huge pressure. Another proof that evilness—just like everything—is relative; all humans - no matter their camp, their ideology and past - have some rationality and honor. Dissent, too, is most relative. Naryshkin, and many more of yesterday's villains, could quickly become tomorrow's heroes.

Whether we want it or not, conflict is a formidable source of change. War can bring destruction, but it can also teach us a lot about our weaknesses. Vladimir Putin will have choices to make after his invasion: slow down his already dangerous brain drain, or turn into an extreme dictator, keep preventing any media against him, and get rid of those who did not fully support him.

Democracy also has an occasion to learn from this conflict. We can learn that Russians are evil. Or, we can realize how dangerous autocracy is, how disunited we are despite the "United Nations" and how dangerous our disagreements have become. And we can realize how relative and surmountable our differences are, and finally make a real effort to actually unite. As Kyiv's mayor came to realize when his city was besieged:

Unity is key

Here's hoping the democratic world can use this as a learning opportunity, before autocracy unites us all in mediocrity and oppression.

Patently sad hurdles for interoperability progress

admin Wednesday March 2, 2022

2022-11-19 Update: It appears this won't cause a real problem.

It has already been more than 2 years since No Food for Thought rejoiced about the arrival of JPEG XL. Needless to say, the last 2 years were quite disappointing.

And unfortunately, it turns out our legal systems may keep photographic standards from catching up with this "new" century for even more years. Now, if only I could patent "software patent deliverance", perhaps we would manage to bring patent grants close enough to a halt for software to evolve!

Technological evolution, a promise of unsurpassed repression?

admin Friday February 25, 2022

If the 20th century was generally favorable to democracy, many see the 21st century as a different storyThis article from The Atlantic now requires subscription.. And many populations agree.

For sure, autocrats still face difficulties. At times, integrity may prevail, as their victims may have more ways to access quality information and more tools to organize dissent.

Unfortunately, autocrats also have much more information, more repressive tools, and ever-evolving ways to spread propaganda and misinformation. As autocracies fuelled by nationalism and xenophobia prosper, their collaboration and opportunities to share population control techniques and technologies reach new highs.

IEEE recently explored how artificial intelligence could go wrong. Personally, my immediate concern is rather how technological evolution in general favors autocracy:

In the past, the ability of autocrats to repress their populations relied upon a large group of soldiers, some of whom may side with society and carry out a coup d’etat. AI could reduce these kinds of constraints.

Technology, whether it is "artificial" or not, largely helps detecting and quashing dissent. Modern technology allows combining ultra-powerful and highly automated arsenals with sophisticated surveillance, which could make dissent a souvenir from the past. And recent times have demonstrated it can help exploiting flaws in competing regimes to destabilize them.
Is there a name for the fear that technology will favor autocracy?

Autocracy expands thanks to many factors:

  • Disregard for integrity and how citizens (from their country or others) fare, propaganda and cult of personality
  • Efficient enforcement
  • Uniformization and unity
  • A greater compatibility with historical beliefs

For its part, democracy currently struggles due to several factors:

  1. Hyper-individualism, sacralization of property, liberty, equality and cultural differences, and hyper-fragmentation
  2. Huge barriers preventing citizens from exerting their theoretical power, cynicism and polarization
  3. Substance abuse and other addictions (computers / video games, overconsumption)
  4. State-granted collective bargaining monopolies
  5. Hyper-complex legal systems, normalization of disregard for rules and poor prevention of external negativities
  6. Separation of powers, the "principle of checks and balances" and a general tendency towards "consensus" governance

Whether or not autocracy better exploits evolution than democracy, and whether or not that fear is named, we do not have to accept that situation. While we cannot do much about the first list, we have control over much of the latter. Many self-proclaimed democracies, such as Canada, the United Kingdom and other Commonwealth countries, still contribute to the cult of personality, proudly keeping their autocratic past alive.

A naturally fragile crown
A naturally fragile crown

Technological advances have allowed democracies to make great progress. And recent advances allow us to make huge leaps forward. Our slow pace is not the result of having reached the objective, but rather a sign democracies are resting on their laurels.

But what does it mean to rest on our laurels? The first meaning is to get tired/lazy. But there is a much more dangerous sense; it may be that we have also associated our current state with the reasons why we took the lead, and chosen to remain in that state, as if it was a ultimate goal. In fact, the United Kingdom's direction is worst than resting on its laurels - it might be an attempt to go back to where it was when it won the most races, as if that was still a valid winning formula.

Unfortunately, the clock is ticking, and playtime is over. If democracies want to keep impressing autocracies and to stay their envy, they need to get serious and do a real self-examination, distinguishing their true advantages from their less desirable properties which are merely obsolete ways, or even historical accidents.

Let's not give up on centuries of fighting. There is no need for everyone to get a gun and enroll. Our first defence should be to strengthen our democracies. The weapon democracies need the most is greater performance. Even superior economies, environments, education, health, and everything else. We can replace many guns by educating ourselves, reforming governance, building new tools, or just keeping ourselves healthy. Proper decision-making alone would represent a weapon of mass destruction against autocracy.

The path to good governance is a long road. If we have enough will to keep innovating, we can still keep our lead, one step at a time, until we hear a distant competition peacefully concede. Current dangers, however worrying, may just be the challenge we need to stand up again and refresh our laurels.

2023 Update: Russia has since pushed its information control even further, notably by blocking numerous more VPNs.

Unprotocolary protocolist

admin Tuesday January 4, 2022

As a progressive and free (not to say atypical) spirit, I am nonconformist. I have always had difficulty with Protocol.
But as a computer scientist, as a champion of open standards and interoperability and as a world citizen, I love protocols. From HTTP to Kyoto's, protocols are at the center of sustainable software and sustainable development. Uncapitalized protocols are clearly capital.

So, as a green Quebecer, although I was still a baby when it was adopted, I can't refrain from feeling a little pride about the Montreal Protocol. It is remarkable that the world managed to set its course towards recovery without even fully realizing how catastrophic the situation would have become.

Hopefully, that realization and satisfaction will provide enough will to comply with the recent and future protocols or other mechanisms needed to mitigate the climate crisis (without taking the ozone's recovery as granted, in particular since some chickens may have been counted before they hatched).

Happy 20th anniversary, €? Oh, and mea culpa

admin Sunday January 2, 2022

2022 marks the twentieth anniversary of the Euro becoming tangible. 20 years ago, we could have hoped a lot from that experiment. Greater European unity, more countries adopting the Euro, and perhaps even an enlargement of the Union.

While a few small countries did adopt the Euro during that time, the United Kingdom did not. Instead, it recently left the Union. Those who were hoping for an unprecedented simplification in the global economy may be disappointed.

Rather than that, the currency landscape has arguably gotten even more complex, with the appearance of "cryptocurrency". Or rather - since that wasn't enough - of tens of "cryptocurrencies". Which brings me to the apologies.

In the second half of 2018, I publically declared, on this very blog, that Peak Crhypeto was over. For once, I allowed myself a bit of optimism. The world had come to its senses before losing any contact with reality.

Although statistics are highly vulnerable to manipulation, I was visibly mistaken (crhypeto trading was already full of washing in 2018).
How could I get things that wrong?

Obviously, the pandemic. With travel bans and inventory shortages, individual savings skyrocketed, boosting the stock market to unprecedented levels. With increased prices for all investment assets, investors looked elsewhere, to all investment opportunities, either real or imaginary. Crhypeto's value reached new highs.

Second, so-called stablecoins. By bridging crhypetocurrencies with actual currencies, "stablecoins" created truly valuable cryptocurrencies.

But that's only a small part of the explanation. The other impact of the pandemic was to disrupt everything. It disrupted offices, causing remote work to explode. It disrupted IT teams and law enforcement, as well as politics, causing a rise of rogue states and criminality. The damages caused by ransomware attacks reached incredible levels.

But I am not writing this to apologize for failing to predict the pandemic and the breadth of scammer imagination. I am apologizing for missing a phenomenon which was already visible in 2018. In 2018, I thought greater fool theory was the only explanation for crhypeto's value, since these "currencies" didn't store value. I knew criminals used crhypeto. What I didn't realize is that money laundering has been solving the one essential property crhypeto lacked to become an actual currency: storing value. With billions of USDs at play, laundering gives crhypetocurrencies huge value.

Crhypeto is basically Switzerland. But it's even better than. Crhypeto is Switzerland-on-demand: a way to create a credible tax haven, without any territory nor any cost. The recipe couldn't be simpler. Basically:

  1. Create a new currency. No need to coin, just coin it with a credible, apparently legitimate name.
  2. Create a website that justifies why Dogecoin is unlike all the others.
  3. Try asking your fellow crooks to trade some Dogecoin with their variant so it looks a little better.
  4. Attack organizations and demand a ransom paid in Dogecoin.
  5. Sell some Dogecoin to your victims, in exchange for real currency.
  6. In case you failed the last steps, offer Dogecoin at a discounted price to foolish investors.

...and if you're more technological than charismatic, you can avoid the first 3 steps and do without any marketing by hijacking another Dogecoin instead.

Do the black market and "stablecoins" alone justify a valuation of trillions of USDs? Unlikely, but what matters is that money laundering and stablecoins give crhypeto some actual value, which somewhat stabilizes its market value and brings the much-needed bridge with the real economy, attracting non-foolish investors. And that important value fuels fools. The increasing number of participants in turn brings greater credibility to the concept. So both sides build upon each other: dreamers enjoy the criminal side's laundering capacity, while criminals profit from the credibility brought by fools and backed crhypeto, multiplying the hype. The system is complete.

Peak Crhypeto may only come at Peak Ransomware, or even Peak Crime. I can only hope that time will come soon.

The approach I used to advocate towards crhypeto was laissez-faire. At some point, the bubble would burst, providing a learning opportunity to all those involved.

I assume most of the market value of unbacked crhypetocurrencies still comes from hype, so I still think valuing economic education should be our first protection. But in light of these evolving dynamics, the proper response needs to be reevaluated. Each unbacked crhypetocurrency should probably be treated like a country which facilitates money laundering.

Wishing the next decades will see more Euro and less crhypeto,
Mea culpa, and happy 2022

Free Speech, Freedom to Exploit the Poor

admin Friday December 31, 2021

Democratic societies value free speech. But how much free speech is valued varies in each society.

The USA is probably the greatest champion of free speech, to the point where it no longer has a value, but rather a holy status, which may only envy the right to self-defence. It may then not be a great surprise to notice that the public in the USA has become so misinformed. The right to speak freely cannot come without the condemnation to be misinformed by unimputable actors.

One famous source of profitable misinformation is advertisement. But advertisement promoting the health benefits of cocaine drinks and - cough - cigarettes - cough - is long gone, so can the advertisement industry remain such a problem today?

The poorest half of the world's population may only possess 2% of global wealth, but it still earns more than 8% of income. That may not be much, but the advertisement industry cannot neglect that revenue source... in particular when its low education is taken into account. If the public is easy to disinform in the USA, imagine the situation in the Third World. With a much higher informational vulnerability, the Third World can offer a more interesting benefit-to-cost ratio for disinformation than the First World, in particular if these countries struggle to control misinformation.

Flagship corporations of the First World like Facebook and Alphabet could not be blind to such opportunities, and have been exploiting these flaws for years. Oh, not directly. The burden of creating (or even just plagiarizing) disinformation is left to clickbait operators and other disposable publishers. Tech giants do nothing more than funding them and pretending ignorance. Until sometimes opening an eye when the resulting chaos threatens their own country and shareholders.

The first defence again disinformation should be to create and promote quality information. But given that nuance and complexity will never be as inflammatory and evocative as disinformation can be, regulation of the information market is also necessary at some point. When an entity uses a business model allowing it to profit from disinformation, the state must ensure that minors are protected. And unless that's enough, adult victims - just like cigarette smokers - need to be warned about the threat disinformation consumption poses to their health. Properly disincentivizing disinformation won't be easy, but there's no way around such a market failure.


admin Wednesday December 29, 2021

Découverte est depuis déjà quelques décennies une de mes émissions préférées. Mais côté divertissement pur, les œuvres qui m'ont le plus fasciné et marqué sont probablement la série de jeux Civilization et la série télévisée Les Mystérieuses Cités d’or. Peut-être est-ce que parce que j'ai toujours eu un esprit découvreur.

Ou peut-être est-ce juste que la recette pour réaliser une séquence titre qui m'impressionne était simple!
Introduction des Mystérieuses Cités d'or
Introduction de Civilization II

Log4Shell and OpenSSF

admin Monday December 27, 2021

Heartbleed was more than 7 years ago. This year, the new Heartbleed is Log4Shell, which is in no way less severe than Heartbleed. I lost several hours of work due to Log4Shell, and it cost way more for many of my colleagues. Will such ridiculous flaws keep being revealed ad vitam æternam?

Following Heartbleed, myself and others started a reflection which would result in the CII, which is being replaced by the OpenSSF. Last time I blogged about OpenSSF, it wasn't even one year old, and was still incubating. After a year and a half, how close was OpenSSF to avoiding Log4Shell?

The short answer is far. The practical part of OpenSSF, Project Alpha-Omega, has secured 5M USD which can partially be invested in identifying vulnerabilities. While this amount is significant, it is obviously far from being enough to secure even the critical open source components in a reactionary mode. The project's current scope is to get involved in the approximately 100 most critical open source components. Is Log4j part of these?

With the high number of components, that's a hard question to answer. And the OpenSSF's answer to these questions are based on the Open Source Project Criticality Score, which estimates Log4j as the 2543th most critical open source project, with a criticality score of 0.6231. Are there really 2542 projects more critical than Log4j? That might still not be a trivial question, but what is clear is that OpenSSF's ordering makes no sense. According to the list, the 355th most important is Zcash. If you don't know Zcash, you're excused; it is ‘an implementation of the "Zerocash" protocol’. An exception? Way above that, we find at #43 the Bitcoin Core project, which is dedicated to an alternative "currency". Zcash and Bitcoin Core respectively have a criticality score of 0.75 and 0.87.
2024 Update: I removed the link to the list, since it is a moving target and now points to a whopping 100 MB file. The scores have changed widely since this was posted, but remain unusably unreliable.

In short, OpenSSF is mostly at the same point as it was last year: incubating. There are positive aspects:

  • OpenSSF recognizes its scoring is immature (it's qualified as beta)
  • the Foundation has managed to raise significant funding.

But turning that funding and further resources into results will take a long time. OpenSSF's reaction to Log4Shell is interesting, but when we're still at an early stage of prioritization, we should refrain from wearing rose-colored glasses and acknowledge it will take more years to see real results.

So, here's hoping for a 2025 and beyond with fewer fires


Brian Behlendorf's article has sparked controversy. I agree with Behlendorf in the sense that increasing the general funding of an open source project would be far from an efficient way to specifically help secure it. But the controversy is understandable in the sense that the way Behlendorf describes his stance is exaggerated:

Brian Behlendorf wrote:
None of the above practices is about paying developers more, or channeling funds directly from users of software to developers. Don’t get me wrong, open source developers and the people who support them should be paid more and appreciated more in general. However, it would be an insult to most maintainers to suggest that if you’d just slipped more money into their pockets they would have written more secure code.

Any senior programmer knows that the only perfect code is the one which doesn't exist. No program can be perfectly functional, performant and secure. Security is one quality, and as for any quality, aiming for (guaranteed) perfection would require infinite resources. All professional senior programmers have at some point been under pressure to deliver, which causes us at times to ship without being entirely convinced by quality, and we know very well that security is one of the first aspects many neglect under too much pressure.

More money/resources definitely helps with all qualities, including security.

Alcohol's long-lasting effects, beyond Asians

admin Saturday December 18, 2021
Technically, the first eletrical computer I owned was a Nintendo Entertainment System (NES)... quite a few years ago, while I was still in elementary school. Correspondingly, it might be fitting that the history of the Famicom/NES is not completely serious.
Masayuki Uemura wrote:
It started with a phone call in 1981. President Yamauchi told me to make a video game system, one that could play games on cartridges. He always liked to call me after he’d had a few drinks, so I didn’t think much of it. I just said, “Sure thing, boss,” and hung up. It wasn’t until the next morning when he came up to me, sober, and said, “That thing we talked about—you’re on it?” that it hit me: He was serious.

Fully Free

Kune ni povos is seriously freethough not completely humor-free:

  • Free to read,
  • free to copy,
  • free to republish;
  • freely licensed.
  • Free from influenceOriginal content on Kune ni povos is created independently. KNP is entirely funded by its freethinker-in-chief and author, and does not receive any more funding from any corporation, government or think tank, or any other entity, whether private or public., advertisement-free
  • Calorie-free*But also recipe-free
  • Disinformation-free, stupidity-free
  • Bias-free, opinion-free*OK, feel free to disagree on the latter.
  • Powered by a free CMS...
  • ...running on a free OS...
  • ...hosted on a server sharedby a great friend for free