geek.
138 stories
·
4 followers

10/12/18 PHD comic: 'Glib'

1 Comment and 4 Shares
Piled Higher & Deeper by Jorge Cham
www.phdcomics.com
Click on the title below to read the comic
title: "Glib" - originally published 10/12/2018

For the latest news in PHD Comics, CLICK HERE!

Read the whole story
nikolap
59 days ago
reply
Zagreb, Croatia
Share this story
Delete
1 public comment
jlvanderzwan
60 days ago
reply
Sometimes I want to blame it all on Mitch McConnel, or Roger Ailes (see below), but then I remember that the Great Man theory is pretty strongly disputed these days.

https://www.rollingstone.com/politics/politics-news/how-roger-ailes-built-the-fox-news-fear-factory-244652/

Orthodoxxed!

1 Comment

Even where they exist as departments, fields like gender studies are less institutionalized, more poorly-resourced, and more disadvantaged in hiring, promotion, and funding compared to mainline counterparts like psychology—doubly disadvantaged in the case of even newer fields like fat studies, also targeted in the hoax. They also tend to employ more women, people of color, and LGBTQ people, whose individual marginalization is compounded by the structure of academic institutions. The low impact factor of most of the journals that published the hoaxers’ papers testifies not just to the barrel-scraping to which they were reduced when more prestigious journals rejected them, but also to the struggle their fields face in the broader academic community. This is to be lamented, not celebrated, for these fields do in fact produce valuable and effective scholarship.
Read the whole story
nikolap
69 days ago
reply
"As historians and philosophers of science have long recognized, claims that good science is apolitical are routinely deployed in the service of very political ends."
Zagreb, Croatia
Share this story
Delete

Actually, DMARC works fine with mailing lists

1 Share

There’s a common belief online that DMARC, an anti-phishing technology, prevents the proper operation of electronic mailing lists. To get around the perceived problem, many articles advise reconfiguring listserv software in ways that break the norms of SMTP.

However there is a configuration that allows mailing lists to work perfectly and still be able to relay messages in the presence of DMARC. Before describing it, let’s get some terminology straight.

Terminology and Basics

RFC5321.MailFrom
(A.k.a. return-path.) A record in an SMTP message’s “envelope,” saying whom to contact in the event of delivery failure. Emails can travel in multiple hops, being relayed from server to server, before reaching their destination. During transit, the RFC5321.MailFrom header contains an email address for the server that sent the message along the current hop.
RFC5322.From
A header inside the message itself, hopefully preserved across hops. This is the “From” field that email clients display, and it is supposed to be the email address of the person responsible for the email.
Sender
A less commonly known email header which indicates an intermediary who writes or sends a message on behalf of someone else. RFC 5322 gives the example of a secretary (Sender) who writes and sends a message on behalf of the boss (From).
SPF
Sender Policy Framework. A TXT DNS record which publishes the addresses of mail servers who are allowed to send or relay messages for a (sub)domain. Receiving mail servers can inspect RFC5321.MailFrom and bounce the message if it doesn’t match the servers listed in the SPF record.
DKIM
DomainKeys Identified Mail. DKIM are TXT DNS records which each contain a public key that is permitted to cryptographically sign the body, and a list of which email headers should be covered in the signature. Sending servers must know the private key in order to sign outgoing mail, and receiving mail servers can check the email against the public key to make sure it passes. This ensures that only authorized servers can originate mail for a domain, and also that relay servers cannot modify the message.
DMARC
Domain-based Message Authentication, Reporting and Conformance. A TXT DNS record which publishes a domain’s policy for how receiving mail servers should act on SPF or DKIM failure. Actions include ignoring the problem, sending the message to the spam folder, or outright bouncing the message. The DMARC record contains some other settings such as an email address for mail servers to report any non-conforming mail they receive.
Mailing list
A relay mail server which hosts a special address called a reflector. The mailing list relays any message sent to its reflector to the addresses of list subscribers. Mailing lists are used for group discussions, including collaborative software development.

While earlier methods such as PGP have existed to unmask mail forgery, DMARC has become the popular choice and is honored today on all major mail servers. However people whose domains employ DMARC are unable to send messages through traditionally-configured mailing lists. During DMARC adoption on major domains such as gmail and yahoo, mailing lists started having widespread problems.

Some people called DMARC a broken standard. They failed to implement elegant adjustments to mailing list behavior, and used hacky workarounds to fix the problem instead.

Let’s examine how a message passes or fails DMARC, and then learn how to fix lists. A message passes if either SPF or DKIM passes, and only fails if both SPF and DKIM fail. This way SPF-only and DKIM-only messages can pass DMARC, but messages without either SPF/DKIM will always fail.

Secondly, the message must pass “DMARC alignment.” Alignment means two different things:

  1. For SPF, it means that RFC5321.MailFrom == RFC5322.From
  2. For DKIM, it means that the message has one valid DKIM signature with “d=RFC5322.From”.
(Visualization of DMARC alignment from a Dmarcian article):
illustration of dmarc alignment

Fixing list behavior

If DKIM is not used

A mailing list is going to have a hard time relaying messages for any domain that uses DMARC and SPF but not DKIM. Consider this message:

Return-Path: <bounce@dmarcdomain.com>
From: "Sally Sender" <sender@dmarcdomain.com>
To: "Fun List" <fun@mailinglist.org>
Subject: Hi

Hi everyone

This would ordinarily be a proper reflection to a subscriber:

Return-Path: <fun-bounce@mailinglist.org>
From: "Sally Sender" <sender@dmarcdomain.com>
Sender: "Fun List" <fun@mailinglist.org>
To: "Roger Reader" <reader@destination.com>
Subject: Hi

Hi everyone

However destination.com will reject this message if mailinglist.org is not in the SPF record for dmarcdomain.com. Furthermore a good SPF record is not enough, since the Return-Path and From are out of alignment (they specify different domains).

Dealing with this situation is what causes the hacky workarounds. Lists have to use techniques like From-munging or MIME message wrapping to get the mail through.

Here is what From-munging looks like:

Return-Path: <fun-bounce@mailinglist.org>
From: "Sally Sender via Fun List" <fun@mailinglist.org>
Reply-To: "Sally Sender" <sender@demarcdomain.com>
To: "Roger Reader" <reader@destination.com>
Subject: Hi

Hi everyone

The recipient would only have to check DMARC for mailinglist.org which would pass. However this is a poor use of email, since it’s misrepresenting who originated the message. Also email clients often have a degraded interface with respect to the Reply-To header. It’s usually not visible in the message list, not used for sorting, and not added to the address book.

If DKIM is used

If the sending domain uses DKIM, it avoids the need for From-munging or other hacks. It works under the condition that the list does not modify the message.

Consider the properly reflected message again:

Return-Path: <fun-bounce@mailinglist.org>
From: "Sally Sender" <sender@dmarcdomain.com>
Sender: "Fun List" <fun@mailinglist.org>
To: "Roger Reader" <reader@destination.com>
Subject: Hi

Hi everyone

SPF will fail, as we saw earlier, so DMARC will try a DKIM check. The From, Subject and body were not modified so they will be properly signed. DKIM checks alignment between RFC5322.From and the signature’s domain, which will also match. DKIM passes, and message gets delivered.

Should be perfect, right? Well it could be, except lists traditionally add extra information in the subject and body of relayed messages, and the modified fields don’t pass a DKIM check. Messages from traditional mailing lists typically look more like this:

Return-Path: <fun-bounce@mailinglist.org>
From: "Sally Sender" <sender@dmarcdomain.com>
Sender: "Fun List" <fun@mailinglist.org>
To: "Roger Reader" <reader@destination.com>
Subject: [fun] Hi

Hi everyone

--
You are subscribed to the fun list, to unsubscribe
visit https://mailinglist.org/unsub/123

The subject line tag is typically used to sort the messages into a separate mailbox following user-defined rules in the email client. The unsubscribe link in the body is a convenience (and avoids government fines from violating the CAN-SPAM act.)

We need to give the client a way to sort mail, unsubscribe, etc without modifying the parts of the message signed by DKIM. Fortunately, there are RFCs for this. RFC2369 from 1998 and RFC2919 from 2001 both predate the DMARC machinery. The first introduces header fields for list information and control.

For our example RFC2369 allows us to add List-Unsubscribe: <https://mailinglist.org/unsub/123>. It also introduces headers like List-Help, List-Subscribe, List-Post, List-Owner, and List-Archive. What’s more, many mail clients understand these headers. Gmail adds an unsubscribe button to the web interface when it detects List-Unsubscribe.

The second RFC offers a way to identify a list with another header, like List-Id: The Fun List <fun.mailinglist.org>. Mail client rules can query this header rather than checking whether the subject field contains [fun].

Recommendation

It is reasonable nowadays to require that mailing list users whose domains use DMARC also enable DKIM. In fact the list software could check the sender’s domain at subscription time and raise an error if their domain uses DMARC but not DKIM.

Lists should keep the From address, the Subject, and the Message totally unchanged. They should add a Sender header to indicate their relay role, and set at least the List-Id and List-Unsubscribe headers for mailbox rules and subscription management.

This configuration will allow mailing lists to function as proper SMTP citizens in the age of DMARC.

Read the whole story
nikolap
87 days ago
reply
Zagreb, Croatia
Share this story
Delete

Puzzles about College

1 Share

Universities ostensibly aim to promote learning and critical thinking. This is one reason I wanted to become a professor—I share that aim. And this seems to be what most college professors believe too. It’s easy to be cynical. But, in my experience, most professors really do conceive of themselves this way: as purveyors of knowledge and learning.

But, if that’s truly a major aim of universities, then many things about the academy don’t make any sense. I’ve been living in the Ivory Tower for about 20 years now. I’ve seen many different universities over that time. Here are some of the puzzles that I’ve observed:

No background in the learning sciences. There’s a vast literature in educational and cognitive psychology on how we learn and how to effectively teach. While some of this is dreck, certain techniques are well-replicated and highly effective. But, as far as I can tell, most professors know little about this literature. Universities certainly don’t require that professors know anything about empirically-grounded techniques for teaching. It’s hard to make sense of this if a goal of universities is to promote learning. To take an analogy, it would be pretty strange if psychologists knew little about the evidence on how to effectively treat patients—or were never required to learn even a little bit about this.

Assessment of teaching. This knowledge deficit might not be a problem if you could learn effective teaching on the job. Maybe professors don’t need to know about the learning sciences if they could pick up the basics through trial and error. And I think you can—if your feedback mechanism is reliable. But, in my experience, the main mechanism of evaluation and feedback is student evaluations. There’s now excellent evidence that student evaluations have at best a weak relationship with effective teaching. In fact, some studies find that student ratings are negatively associated with learning. So, if that’s your main feedback mechanism, more experience won’t necessarily make you a better teacher.

And most universities seem pretty uninterested in more rigorous ways of evaluating student learning. A personal example: in all my time teaching, no one has ever suggested to me that I try to measure student learning with an externally validated pre-test/post-test. I never even heard of this until I started reading educational research.

Teaching skills. Here’s a piece of educational commonsense: if you want students to learn X, you should teach X, not Y. Take writing, critical thinking, or oral communication. Colleges say that they teach these skills. But, if you want to teach these skills, then you should teach these skills. It’s pretty strange to teach something that’s unrelated, like English literature or political philosophy, in the hopes that students will pick up these skills indirectly. But, as far as I can tell, most classes don’t actually teach skills directly. They instead teach fairly narrow content that most students rapidly forget (or never learn!).

Research. At most top universities and even liberal arts colleges, research is king. To get promoted, you can be a so-so teacher but you must be an excellent researcher. Quick question: why? I have some pretty good hypotheses about what explains most of the above, but this one kind of stumps me. It would be one thing if most research was socially valuable. But, try as I might, that’s hard for me to believe. Let me pick on my own field: political philosophy. Here’s an uncomfortable question: if the volume of academic research in political philosophy were cut in half tomorrow, would anyone notice? Sadly, I can see a good case for the answer that, apart from a couple of academics, relatively few people would notice.

There’s more, but I’ll stop there. What explains these puzzles? Well, the signaling model of education does pretty well. If colleges are just a signaling device/holding pen for talented youths, then much of this makes sense. Our job is to slap a “good worker” signal on students’ foreheads and collect some socially harmful rents while we’re at it. But I’m still having trouble explaining certain puzzles, like the emphasis on research. And, even if the signaling model is broadly correct, there’s still some role for human capital. How to explain the above puzzles if universities are even weakly motivated to actually promote learning?

The post Puzzles about College appeared first on Bleeding Heart Libertarians.

Read the whole story
nikolap
91 days ago
reply
Zagreb, Croatia
Share this story
Delete

Photo

1 Share


Read the whole story
nikolap
107 days ago
reply
Zagreb, Croatia
Share this story
Delete

A Brief Summary of the Social Media Reform Movement

1 Share

A Lonely Voice Finds Company

I’ve been publicly criticizing social media since at least 2010. For most of this period, most of the people I encountered were either puzzled or annoyed by my stance on these services.

When the event organizers first posted the video of my anti-social media TEDx talk, for example, they changed my suggested title, “Quit Social Media,” to something blander, along the lines of “Why deep work is important in the new economy.” I think this was a good-intentioned effort to make me seem less eccentric. I had to ask them to change it back.

When I subsequently wrote an op-ed for the New York Times arguing that social media’s role in career advancement was overhyped, I created such an uproar that the paper took the rare step of commissioning a response op-ed the next week with the sole purpose of refuting my dangerous ideas.

But then things began to change.

At some point in early 2017, as the various shockwaves emanating from the Trump election victory began to align and amplify, sentiment toward these services started shifting in ways I hadn’t noticed before.

I began, for example, to receive more notes of support and less confused looks when I told people I’ve never had a social media account.

Prominent figures suddenly announced they were leaving these services.

Last weekend, at the Kent Presents ideas conference, I sat on a panel called “The Social Media Crisis.” The crowd attending was so large they had to setup chairs in the hallway outside the auditorium doors.

The cultural conversation surrounding social media, in other words, is undergoing a rapid and surprisingly complicated evolution.

With this in mind, I thought it would be a useful exercise for both my readers and myself to do my best here to briefly summarize my understanding of the current state of this burgeoning social media reform movement…

 The Main Anti-Social Media Arguments

There seems to be at least three main arguments against social media at the moment. These concerns overlap in interesting ways, but also maintain distinct characteristics, and are advanced by their own vocal constituencies.

Argument #1: Social Media is Harmful to Individuals.

This argument focuses on the ways that heavy social media use can make users less happy, less healthy, and/or less successful. Most of my writing and speaking on this topic falls into this category. (My main point is that the benefits of these services are exaggerated, while we tend to underestimate their damage to our ability to do valuable things with our brains.)

In recent years, this argument has been bolstered by important whistleblowers and flashy media attention; c.f., the Atlantic’s cover stories on Tristan Harris, a former Google executive who sounded the alarm on how social media companies engineer their products to be addictive, and Jean Twenge, a demographic researcher concerned that smartphones might have sparked a youth mental health crisis.

A growing scientific literature, featuring top researchers, is also starting to quantify this harm with a precision that’s hard to ignore.

Argument #2: Social Media is Bad for our Democracy.

This argument was instigated, in large part, by revelations surrounding Russian election meddling, and, more generally, the relatively unsupervised role of social media in the otherwise heavily regulated election process.

Conservative commentators have also become increasingly vocal with their concerns about the unchecked ability of these services to censor ideas they don’t like, and users from all points on the political spectrum are experiencing fatigue from the constant drip of outrage and division these services seem to instill into their daily experience.

Argument #3: Social Media is Bad for Privacy.

The Cambridge Analytica scandal from earlier this year underscored the degree to which social media platforms harvest and exploit their users’ personal data. Facebook’s PR professionals did a good job at the time of casting Cambridge Analytica executives as Bond Villains, performing dastardly deeds. But what much of the media reports at the time missed is that there was actually very little illegal (beyond some potential issues with user agreements) or even all that unusual about Cambridge Analytica’s actions.

As several different social media researchers confirmed to me, what this firm was up to — using personality quizzes to gather information about users’ friend graphs — was basically standard fare in the growth industry of social media influence marketing. (Policy changes starting around 2014 have since impeded — though not stopped — some of these practices.)

The banality of Cambridge Analytica, of course, is what makes their case study even more scary from a privacy perspective.

The Main Proposed Reforms

The obvious follow up question is to ask what reforms might help solve the problems summarized above. Here are the main categories of proposed fixes that I’m hearing a lot about at the moment.

Reform #1: Cultural Changes.

Tristan Harris, Adam Alter, and former Facebook president Sean Parker, among many others, have been recently revealing ugly secrets about how major social media platforms engineer their products to be more addictive. Jaron Lanier has effectively portrayed these service as trying to manipulate your actions and emotions toward dark purposes.

These assaults from technology insiders are serving a similar purpose as the anti-tobacco Truth ad campaigns of my youth (which helped drop teen smoking rates from 23% to 6%) — they’re changing the narrative surrounding social media from one of cultural ubiquity and hipness, to something more exploitive, corporate, and icky.

This category largely captures my own modest efforts to help with this issue. My push to better protect your cognitive capabilities from relentless distraction, as well as my upcoming book on digital minimalism, are efforts to change the cultural conversation about these services.

Reform #2: Youth Protection.

The data on the negative impact of addictive smartphone use on teenage well-being is stark and alarming. Jean Twenge’s work on the mental health of iGen is an example of a strong early warning that there’s a serious problem lurking. I get the sense from others I know in this space that the scope of this issue is going to keep expanding until it becomes an unavoidable public health crisis.

My prediction (and I could be wrong here) is that we’re going to start to see more serious restrictions on young people’s access to this technology. France, for example, recently outlawed smartphones and tablets in their schools. Their education minister was clear about why: “our main role is to protect children and adolescents.” We’ll likely see similar moves in many American school districts.

I also think social media companies will be pushed to increase the minimum age for their users, and that the normative age at which kids receive their first smartphone will rise to something closer to 18.

Reform #3: Federal Regulation.

The E.U.’s response to social media’s excesses was to pass a sweeping new set of privacy measures known as the General Data Protection Regulation (GDPR). The GDPR is aimed, primarily, at giving users more control over the data online sites and services gather from them. Under these regulations, which provide users de facto ownership over their personal data, you can now demand to see what information a given service has collected on you, and the service must delete it all if you request. These requirements are enforced with strict fines.

US lawmakers are increasingly more willing to discuss thematically-similar regulation, though probably not fixes as sweeping as the GDPR. A paper recently leaked from Senator Mark Warner’s office, for example, proposed reforms built around increased transparency and more aggressive FTC audits of the major social media platforms. There are also rumblings about developing anti-trust cases against the biggest of these platforms.

On the other hand, the people I know who are up to speed on Capitol Hill machinations in this area keep emphasizing the massive amounts of money these tech giants are spending on lobbying efforts, and Congress, of course, is not exactly a shining paragon of efficient lawmaking at the moment, so there are serious impediments to this rising regulatory enthusiasm.

My Thoughts

My commentary on social media has traditionally deployed a narrow focus on the individual: this is how social media is harming you, and here is what you can do to avoid these harms.

I was caught off guard by how quickly the social media reform movement, once it finally lumbered to life in the past two years, blew past the individual to seek facets to these issues that demand systemic solutions.

What I’m trying to figure out at the moment is whether I was ignoring these broader responses because I don’t think they’ll be particularly productive, or if after spending so many years alone in the wilderness on this issue, I haven’t yet recalibrated to the full scope of what’s possible.

Either way, it’s an interesting time to be engaged with this issue…

Read the whole story
nikolap
107 days ago
reply
Zagreb, Croatia
Share this story
Delete
Next Page of Stories