I believe I grew up in a cult myself, and one of the things I've concluded from that experience, and from leaving it, is that everywhere is a cult. Humans have a tendency towards cult-ish life, and if the cult is big enough we just refer to it as "society". People were as afraid (more or less) to leave the cult I was at, as people are around me now when they consider doing anything that is out of the norm.
By no mean am I trying to hint towards some conspiracy, or to say that all cults are equally bad (or good); Just to say that sometimes the word cult simply means "a less popular way of life than the one most people around me live by".
A "cult" is a rather specific kind of organization. The typical hallmarks are non-mainstream spiritual beliefs, highly controlling and exploitative leadership, and rules against interacting with outsiders. Non-conformity generally results in outsized (sometimes violent) punishment and shame.
Under this definition, for example, Catholic nuns are decidedly not a cult. They know what they are in for when the join, and may leave the convent any time they wish. Most Amish communities are _probably_ not cults. I am undecided about Mormons but leaning towards maybe.
I don't know what kind of cult you grew up in (and you have my empathy if it was painful) but "society" by definition cannot be a cult.
I think the “[non]mainstream” just changes the word, not the concept. A cult is an organised power-based religion with few members, an organised religion is often cult with many members. Aside from scale, age, and a few superficial differences, I don't see much distinction between, for example, Catholicism and Scientology. Spiritual beliefs don't even have to come into it: some political or sociological movements and even national governments have tended towards a cultish form.
> Under this definition, for example, Catholic nuns are decidedly not a cult.
That might not be the case for all convents, and there are subsets of the church where the local community develops in a controlling manner that could be considered cult-like. Within any large organisation (and the Catholic Church can be thought of as a huge organisation) subsets can end up being cult-ish even if other parts, or the whole, do not.
>Under this program, Scientology operatives committed infiltration, wiretapping, and theft of documents in government offices, most notably those of the U.S. Internal Revenue Service.
>Operation Freakout, also known as Operation PC Freakout, was a Church of Scientology covert plan intended to have the U.S. author and journalist Paulette Cooper imprisoned or committed to a psychiatric hospital.
> If someone leave Scientology, they're shunned by the rest of their friends and family who are still in Scientology. Not the same for Catholocism.
Not officially across the whole church, at least not these days, but it certainly happens in some small subsets of the Catholic community and has happened in larger subsets in the not-to-distant past. Any large enough religion tends to develop localised sub-cults.
Stepping away from the Catholics and considering other Christian groups, it definitely happens in small-town America. While there is often some extra factor (daring to be different in some other way), there isn't always, and when there is the extra factor is usually framed as being against the religion or its deit{y|ies}. Sometimes the extra factor itself results in ostracisation from the local church community, so people end up in the same position through a different ordering of the same steps and/or different levels of voluntaryness.
i think you just reaffirmed the parent's point. if a cult can only be "non-mainstream", i think you are just saying cults become societies once they're large/successful enough. i see plenty of examples of your other indicators in mainstream society.
Then you are only hearing whatever you want to hear, because I am not saying anything even remotely like that.
You may believe that society is broken in whatever way you chose but saying, "society is bad, and cults are bad, therefore society is a cult" is utterly broken logic.
My understanding is that the definition of cult requires a common object of devotion. What's that object of devotion for "society"? it's too large and diverse of a group to categorize it as such IMHO. I agree however that sometimes people will categorize anything strongly deviating from the norm as cult-ish.
While I cannot judge them outright, their article "Cyborgs Need a Trustworthy Religion" can appear cultist as they try to intertwine technology and religion.
I feel that spirituality does not concern itself with the material world making it immune to societal progress. Whereas organized religion becomes mired by societal progress as it's trapped in its own zeitgeist. I believe that trying to tie the two together is a misguided attempt at creating something when there is nothing that needs to be created.
Their video has a cultish vibe. Not necessarily of the dangerous variety, but there seemed to be a lot of shared jargon and groupthink under the umbrella of "freeing your mind."
In this specific case complaining about "politics" gets the sour by-taste of enabling (or at least not condoning) harrasment to the point of single folks taking their own lifes over it.
Why?! Even if you're not sure what to think about the queer movement; even if you have already made up your mind about the queer movement and oppose their ideas or some of them; I refuse to believe that any single person would not want to stop someone from bullying someone else into their own suicide!
hastily jotted rant for the folks who'd like to complain about "politics" from creeping into every discussion everywhere:
It's really sad to see so many folks disconnecting and immediately dismissing whole groups of other folks as soon as they start complaining about an issue they have because of "politics". :(
I get that you don't want to get involved in shit flinging shows and that its tedious to figure out who's in the right and who's in the wrong. Especially because there are never clear answers. If you feel like this and then proceed to complain about 'politics' creeping everywhere, please beware of this:
Pretending to be apolitical doesn't work most of the time, as politics is basically another word for "acting (or deliberately not-acting) in some kind of public sphere" which you all do, and when the "policitics" have arrived at
a topic, then they'll stay there at least in that specific case you are witnessing! You just are part of a hyperconnected and confusing world with a lot of conflict, wether you like it or not.
Pretending to be apolitical also serves the upholding of whatever status quo is currently in place because anything that has even a slight chance of changing anything is inherently a political topic.
Please don't turn your heads on "political" topics or, at least, don't complain about it in that way as it mostly enables unjust behaviour to continue. It doesn't even matter if it's the person who brought up the "political" stuff who is acting unjust or the folks they're complaining about). In both cases it's probably better to either avoid commenting at all or to convey your critical thoughts to that "political" conversation.
> I refuse to believe that any single person would not want to stop someone from bullying someone else into their own suicide!
There are plenty of people who do want the freedom to say exactly what they choose, including a lengthy period of directed harassment, and shrug their shoulders if someone commits suicide over it. There's not much that can be done other than ban them from civilized spaces.
"Bullying" is a judgement. Intrinsic to the word is a judgement that what is being done is bad, and the person doing it would not describe it that way.
And by that I don't mean that it's not bad to bully people (it's rather tautological), I mean that talk of bullying often begs the question, and is intentionally done in order to elide past the actual events that occurred. Lèse majesté laws against talking about the King, elected officials, or even cops or bureaucrats now get justified as anti-bullying.
I missed any rant about politics in the blog however. But this thread has a smell of "my politics aren't political because they are true, and your politics are political because they are lies."
What the referer-replacement page was talking is Kiwi Farms, which is doing the kind of stuff that even the US First Amendment's very expansive protections fails to protect. (The criminal liability here is "intentional inflection of emotional distress", although note that most lawsuits that allege that are groundless lawsuits that largely fail to make it pass the motion to dismiss for failure to state a claim stage as "they made me feel bad" isn't sufficient to allege an IIED).
I mean this is correct. Bullies, or at least the adult ones, don’t call what they do bullying (except the absolute geniuses that think “actually bullying has a social corrective behavior, I’m just helping actually”).
We’re all just busting each other’s balls, right? Look at George, he’s laughing! He’s totally in on the joke and not at all just showing submissive deference in order to not lose face.
To me, you have to distinguish between harassment directed at a person, and on the other hand discussion about a person.
It is not possible to use hacker news to send messages to someones email. It is not even possible to send a dm to another hacker news user. You could potentially imagine hacker news being used to organize harassment of someone, but I have never seen either accusations or evidence of such a thing.
So then we have established, that since harassment directed at them is impossible, the issue they have is that people on hacker news write bad things about them.
Next, those things seem to often be flagged or downvoted, reducing exposure. But that is apparently not enough, because they can be found on google. So here we arrive at the core issue. There is content on Google about this person, that they would rather not be on Google. This is the complaint. So this person is basically saying that if there is unfavorable coverage of them findable on google, that is harassment, and it needs to go. If it isn't purged it's bullying that could lead to suicide.
This is a very ambitious "landgrab" if you will, and it starts to seriously infringe on other peoples rights.
It's similar in that manner to other things like "stop terrorism" or "think of the children". Yes clearly harassment is bad, and terrorism is bad, and pedophiles are no good. But we can't completely give up on our freedoms because of that.
Jessica Benjamin and her book "The Bonds of Love" really struck a chord with me. I believe that her concept "gender polarity" fundamentally underlies old and modern "gender wars".
Other books and authors I found really interesting:
- Estela Welldon and her Book "Mother, Madonna, Whore"
- Sándor Ferenczi, who was a close associate of Freud and pioneered the concept of "Identification with the Aggressor", which seems to be the driving force behind what we call "transgenerational inheritance" of trauma. His concept of the "confusion of tongues" between child and pathological adult is also very interesting!
- Mathias Hirsch, a german psychoanalyst who wrote a lot about trauma, love, sexual abuse and was not afraid to explore stigmatized topics. For example:
- the effects of sexual relations between analysts and their patients (he saw parallels to incestous abuse in a parent-child relationship)
- sexually abusive mothers and the idealization of motherhood
- the fact that his pyschoanalyst Günther Ammon, who later became his boss at the Deutsche Akademie für Psychoanalyse, controlled the academy in a cult-like fashion
What GP describes would be stronger than AdNauseum. Instead of sending clicks indiscriminately for every ad, you would send clicks for high quality content.
The idea is not so much of clicking on high quality content ads, but sending visits to high quality content pages and click on the ads of those pages, to get them more money. Would obviously stop working if the sales after the ad click are not made.
But, hey this isn't a gameplan, this was just a "what if" :D
Cannot agree more. Since the the advertisers have that much to spend, let's make them to spend more for nothing. Also by doing so, it will literally put enough noise into the data those trackers collect and renders the user profiling useless and effectively protecting us from being tracked.
If we only click ads on high quality contents, those content owner might benefit from it in short term but in long run it most likely going to back fire and make them penalized as for sure there is going to be counter measures. If we simply click every ad indiscriminately, there is no way to tell or they have to penalize everyone which almost equals to do nothing.
I think it wouldn't be about the ads, but the visit tracking. Like, block GA from seeing your visits on trash sites, but allow when it's a high quality post/content/source, so we skew the numbers for high quality content
One thing to keep in mind is that the low level building blocks of crypto algorithms can be relatively easy to test, compared to higher level protocol and application code. For example, a block cipher takes simple inputs, usually a couple of fixed-length arrays and maybe some integer flags. There might be a ton of assembly under the covers, but that assembly isn't responsible for reasoning about pointer lifetimes or parsing data formats or any of the usual things that tend to trip up unsafe code. (Like a TLS implementation!) Instead, the block cipher is a pure mathematical function of those inputs, and that makes it relatively easy to come up with a set of test vectors that cover the function. This also means that the C code and Rust code for the same block cipher tend to look very similar.
Now there definitely are some tricky requirements in crypto code that application code doesn't need to deal with, like constant-time requirements. But auditing for those isn't really any harder in assembly or C than it is in Rust. In the end, porting these sorts of core crypto algorithms from C to Rust tends to be more interesting from a build systems and tooling perspective than from a correctness perspective.
The goal of the ring project is to be much safer than OpenSSL without any notable decrease in performance. That is, my goal is to give you memory safety "for free" if you switch from OpenSSL/BoringSSL to ring. In some cases it is better than free because we end up being faster.
The assembly code in ring is some of the most heavily-tested code in the world. It's fuzzed pretty much continuously in various projects that use it, and a bunch of testing has been done on it. It is from BoringSSL, and much of it is shared with OpenSSL and/or Linux kernel. As we are able to replace the assembly code with safer code, we'll continue to do so, just like we've replaced most of the C code with which we started.
It uses ring for cryptographic operations, yes. However, note that all the ASM in ring is meticulously kept up to date with BoringSSL upstream, which ring was derived from. Plus, there was pretty successful third-party security audit last year.
Also, the goal is definitely to bring all of that code into Rust, unfortunately Rust lacked the features to do that safely (things like const generics).
Could I ask why const generics would be a blocker? I see how it would help facilitate more elegant APIs as well as better stack allocated structures. However is it not possible to live without this, possibly with a slightly more clumsy design?
>Plus, there was pretty successful third-party security audit last year.
The security audit referenced by the post suggests offering EverCrypt as an optional alternative to ring. Are you going to act on the audit's recommendation, or continue to only offer ring?
> Isn't rustls [1] also built on very unsafe groundwork?
Depending on what you mean by "groundwork" literally everything is. Hardware doesn't obey Rust's rules, and you need to interface with hardware to get input, and do output, so literally every program will have unsafe code at the base.
The key difference is that Rust gives you the tools to explicitly demarcate what is safe, and what is not, and build safe abstractions on top of (hopefully validated) unsafe foundations.
I think Rust will have more adoption and more libraries like Rustls will be developed. I also think that when this happens, also more exploits targeting Rust code will exist too. I guess the excuse (sorry for using this word) will be: "In fact, the Rust code is still safe. What happened is that a pointer returned by (or used in) an underlying C library got messed up with a very clever timing attack, and somehow the pointer emerged into Rust code... etc.".
Also, ring enforces everyone to use the latest version by pruning older versions from crates.io, which means your builds will fail every time they update.
Of course, if our claim is that we want to avoid security bugs, and we accept the principle that (without some more specific definition) all bugs are security bugs, then any time ring fixes a bug we want to avoid using the old version...
Now for all I know, ring has never fixed any bugs and it just loves adding new API features so that this pruning has no desirable security properties at all, but in principle I can see that this is the equivalent of the standard boilerplate Linux release text which tells you that you should update to the latest kernel because they fixed bugs.
If you have a complete threat model and if you are capable of the insight needed to examine all changes and determine how they impact that model, you could successfully choose whether to upgrade based on whether a new version fixes a bug you care about. But chances are you don't have such a model and even if you did you aren't capable of the inhuman levels of insight needed, even in a language like Rust (and forgetting that we're talking about this because large parts of ring aren't even in Rust).
crates.io and the Rust community adheres to semantic versioning.
If ring wants to notify me that I should update, they should send an email to a security mailing list, open a CVE, register the cve in any of the rust services to notify users with those dependencies (there are some, like crev), etc.
Pruning your releases from crates.io just means that I am going to be annoyed the first time it happens, will start looking for a solution the second time it happens, and it won't happen a third time (and it didn't). If you want to wake me up a Saturday at 4 am, the world better be on fire.
This is probably the only dependency I can remember as being... more than annoying, toxic. I still prevent any of my dependencies from ending up with ring as a dependency. If that shows up in our dependency tree, CI fails, and that change cannot be committed. Unfortunately, this pruning of old releases was only one of the issues with ring (there were others, like cross-compiling it wasn't easy, etc.). All in all it was a no brainer to drop it as a dependency.
I don't think I've ever met a rust dev with something nice to say about `ring`. In a meetup a couple of years ago another rustacean said: "`ring` is so secure that it protects you from using it in your projects". Sums it pretty well.
The library has couple of thousands of daily downloads so for the latest version, and like 25k daily downloads for other versions, so maybe things changed now.
When I merged security fixes from BoringSSL/OpenSSL, I yanked the old versions of ring that didn't have the security fixes. I thought that was a pretty reasonable policy, however people who like to comment in these forums disagreed very loudly, so I stopped doing that. Not sure that's better, but there's less complaining.
In general, my initial thinking was based too much on the assumption that people would help maintain the things that depend on ring to update them to the latest release. It turns out there's less cooperative maintenance like that than I expected.
I loved your policy and appreciated how principled it was. People here are too harsh and most of them don't write code in Rust where regular updates are much more the norm than other communities.
Sure, it's quite possible that not every single one ever is. One single version of one single library not being yanked doesn't mean that nobody ever does it.
> In general, my initial thinking was based too much on the assumption that people would help maintain the things that depend on ring to update them to the latest release. It turns out there's less cooperative maintenance like that than I expected.
I think that's a reasonable assumption.
What isn't reasonable is to expect people to "upgrade right now". Not everybody lives in your time zone, so when you yank a dependency, you might be breaking a workflow in the other part of the world at 3 am, and if some webserver doesn't deploy or whatever, somebody will get a call.
I'm not suggesting this is an easy problem to solve, but there is a wide range of options before "never upgrading" and "force an upgrade right now". Some of these are supported by Cargo via Cargo.lock, etc. so the responsibility for how this is handled doesn't fall on one library or person.
Building a secure system is also not the exclusive responsibility of `ring`. If I'm building a secure system, I have to assume that `ring` will have a bug that's exploitable at some point, and that someone will use it in a zero-day, and my system needs to be secure even if that happens.
So "updating right now" doesn't buy me much. Its something that can wait until after a meeting, or after my vacation, or until monday. Its not a "the world is on fire" situation, even though it would still be pretty severe.
I'd still like to get "notified" ASAP and asynchronously somehow. While updating ring is low effort, the update still needs to "internal QA,..." etc. at companies, and that takes people's time that must be planned on.
In a properly-designed CI/CD system, a dependency getting yanked isn't an emergency unless you choose to treat it as such. In particular, if you don't want your build to fail because some dependency got yanked then you need to use a Cargo.lock, and you need to ensure that you're not overzealous in your use of cargo-deny and similar tools.
I'm not sure if you were affected by this, but Cargo introduced a (regression) bug a couple years ago that caused it to fail when a crate got yanked when it shouldn't have. This bug was eventually fixed, but lots of people blamed ring for this bug. If this Cargo bug hadn't been introduced then most people who were using Cargo correctly wouldn't have been negatively affected by ring's old policy.
With software which needs security considerations it's also common to want to test the vulnerable versions, write tests internally and verify the broken/fixed behaviour. Yanking old versions makes this annoying. (Yes you can rebuild from the repo tag, but that's annoying, especially in indirect dependencies)
> If you want to wake me up a Saturday at 4 am, the world better be on fire.
In a previous role I actually have had things set so that I might be woken at 4am on a Saturday, IIRC specifically under certain conditions it'd play "Straight out of Compton" at full volume on my Hi Fi to ensure my attention, which gave me about 10 seconds before it gets real loud.
I was leak hunting, specifically looking for a huge leak in a production system that we couldn't reproduce on smaller test systems - so I needed to wake up, attempt to diagnose the leak and then (regardless of whether successful or not) mitigate it (kill the bloated process, one transaction fails but everything else will auto-repair) and go back to bed.
But what I don't understand here is, why are you constantly rebuilding and alerting on failure? A CI flag can wait until Monday stand-up, are you auto-deploying any change of state even when there aren't any humans around to cause that? Why? That strikes me as up there with Apache's "But your Good OCSP response expires in 18 hours, so I stapled this newer Bad one instead" in terms of terrible mistakes.
If instead your new builds fail after pruning, the human who is causing a new build can decide what to do about that when it happens, no need for anybody to be woken at 4am.
I looks like we are talking about different things.
So you have a team (i suppose could be just 1) or teams across few time zones.
Each team should deploy in a way that they have people ready to fix thing if they go bad.
You can do that by having large enough team in similar timezomes (+/- 2-3 hr), or by paying extra for having people on standby at 1am.
My personal opinion is that having large enough team (again could just be 1 guy) in similar time zone is preferable.
Bottom line is, deploying new stuff is always risky. That's why people spend so much time trying to reduce this risk (various test, CI, staged rollout ...). And sometimes all of that still fails, and you need people to either rollback or fix it on the spot.
It also allows using CEL in ValidatingAdmissionPolicies: - https://kubernetes.io/docs/reference/access-authn-authz/vali...