I don’t have much to say for this post. But 2020 was a hell year for most of us, and despite the hope that is now present thanks to various developments I doubt anything is going to improve substantially for at least a few months. So I just wanted to say to anyone paying attention, we’ve survived 2020, we can get through the first few months of 2021, and lets all hope the light we can now see is the end of the tunnel, and not an oncoming train.
Some time ago I wrote a blog post asking the question “Who are you really?” It didn’t come to any real conclusion, it only expressed the fact that it was a topic I had been thinking about. I didn’t immediately stop thinking about it, but it drifted out of the forefront of my thoughts to the point that I still haven’t really got a good conclusion. But I have been reminded of the topic recently by an article on LWN about issues Debian is facing with key signing. Now the issues that Debian is facing very much reflect the issues I had that led to my previous blog post. How do you trust an identity? What value does that identity hold in itself, and what value can you ascribe to associated details.
So, I’ve been thinking about the nature of “truth” recently, and that led to me thinking about the scientific method, and how it enables to learn more about what the truth is. And that got me thinking about what science is in a more general sense. This led me to the conclusion that for most people modern science has more in common with religion than the scientific method. Now I’m aware that some would argue the scientific method means that science isn’t a religion, but actually that just makes it a bad religion. Now science as a religion isn’t an original idea, but I’m going to go through my thinking on this anyway.
Recently I’ve been thinking about identity and what that actually means, and more importantly what I feel it should mean. Everything that deals with the identity of people appears to default to the assumption that we all have one, single, canonical, identity, that all things we use to identify ourselves should be slaved too. In fiction we know someone is suspicious, a spy, or criminal, when they have multiple passports. In IT we base trust on this who of the identity that issues instructions is linked too. When talking to people online we tell each other not to trust them unless we also know them in the real world, and can be sure that they are that person.
My blog is powered by Roller, a java based blog platform, and it works reasonably well for me. However I want to move my blog to be hosted off my home connection, which rather means paying for hosting that can run a Java app, and if I wish to use to use multiple servers for redundancy, I will have to set up replication of the database somehow. These are complications I do not need, and add to the maintenance overhead of my blog somewhat. So what do I need?
I have always been sceptical of the new generic top level domains, I saw them as ICANN shamelessly cashing in on something it had the power to control. Because of this I have until now avoided them. However my current domain name is quite long, and I have for a long time wanted something shorter, but the good ones that may be applicable to me have all been taken.
But the time has come to admit that the new generic top level domains are here to stay, so I have swallowed my pride, and found that most of the good names are gone already anyway. But one was available that was suitable, so I have registered stewart.zone. I'm going to use it to set up a website that isn't hosted on my home connection. For this I'm going to use the hosted virtual servers I already have for my mail servers, but that is going to need me to set up a backup process for them, as they will no longer just be mail servers, so rather than trust my ability to reconfigure a new server from scratch I'm going to trust in my ability to back up the configurations in a sensible way, and save myself the trouble of having to manually rebuild their configurations if they go wrong.
Also this will give me an opportunity to build a website that isn't quite so ugly, and also isn't lumbered with some of the "features" of my current site that I haven't had the heart to do away with, but are a bit rubbish. Once this is done successfully I'll look at migrating my current site over to the new hosts, and the new design, and then I won't need to open up firewall rules on my router any more.
So in a previous blog post I set up postfix and dovecot by sort of following an online guide. Well the author of that guide has updated it for debian stretch. This doesn't help me much, as I already built my mail servers on debian stretch by adapting his previous guide. But some of the changes do interest me. I have been meaning to set up DKIM and DMARC, and the new guide includes instructions on doing so. The new guide also includes instructions for setting up clamav, which wouldn't hurt. However the instructions for clamav depend on using a new anti-spam tool, and I am actually getting on with spamassassin, on top of this the new anti-spam tool is not in the debian default repositories, which puts me off somewhat. They do provide an APT repository for stretch though which eases this concern a little. The new tool also supports some features I may be interested in, including greylisting shared across hosts by using redis (a piece of software I may be a little familiar with) a possibility that intrigues me. I am going to read this new guide, and decide if there is anything I wish to take from it, if so I shall almost certainly write a new blog post on the matter, if not I probably won't.
So a couple of weeks ago I read this article and wanted to comment on it, but was taken ill preventing me commenting at that time. Since then I have had plenty of time to think, and the subject of that article has been on my mind more than I expected it to be. The post I was going to make at the time was how I felt it was the wrong solution to the problem it purports to solve, but upon reflection I have come to the conclusion that it is worse than that, it is not only the wrong solution, but it is also a demonstration of everything wrong with the IT industry today.
So lets start off by saying I am a white, heterosexual, middle class, male. I have seen lots of comments on the internet about Social Justice Warriors (SJWs for short), and I gather that, based upon what I have seen, I should be worried for my very existence, as these SJWs are apparently out to rid the world of my kind, that is to say white middle class cis gendered (yes I know that "cis gendered" is a label for non trans gendered people, and some see it as an insult, but I am what I am, and I have no better label to use) heterosexual able bodied men. But I have very few examples I can point to of any of these SJWs that really concern me, or indeed that I disagree with in any significant way.
Before we go any further I should probably explain what triggered this particular rant. Recently a person at Google has been sacked for breach of Google's internal policies, a situation that has come to light because the breach was an article they authored about how diversity polices may be harmful, and then circulated within Google, and which promptly leaked. Now I have seen a version of this article, and I shall discuss my thoughts on it later, but what worries me now is the "debate" about the actions taken by Google, and I have already seen some very negative comments. There appear to be two basic sides to this debate, those who say the article was damaging, and wrong, and so Google did the right thing, and those that say Google has damaged itself by shutting down dissenting internal opinions (something the article points out is a risk of Google's current internal culture) and has also trampled this person's free speech rights. My concern is that these are the voices that are going to be screaming about SJWs in the not to distant future. So I thought I'd have a rant about the stupidity of this position from the viewpoint of a SJWs typical "victim".
I knew I relied heavily on the access that I get by carrying around a smart phone, I read my emails, send and receive text messages, look things up on the internet, etc. It is a very useful tool, but I didn't realise how much of an impact it has on my life until it died. So I immediately ordered a replacement, but that took two whole days to arrive. The fix for my old phone was outside my ability level, and I couldn't find anyone who could fix it in a hurry, so I elected to spend two days without it, or any other phone. And it has been two of the least stressful days I have had in a very long time. Disconnected from the world, I didn't need to worry about things I could do nothing about, or keep abreast of the latest goings on on twitter. I almost regret getting a new phone, the old one is off for repair, and will be back in two to four weeks. I can hardly imagine spending that much time without a smartphone. Before the old one broke it was because I thought I would become overly stressed, and fail to cope, but having spent two days with only having the internet when tethered to a desk I can't imagine how relaxed I may get without a smartphone. Maybe in future I shall turn the phone off for periods of time. Maybe too much connectivity is a bad thing?