Suppose we’ve trained a system to make medical diagnoses.

The system, perfectly trained, has specific recall and accuracy. (recall: of all the diseases that have been submitted, what percentage did I recognize? precision: of all those that I identified as diseases, in what percentage were they really?)

Accuracy and recall are a short blanket. it does not depend on a “calibration” of the machine, it is not an inherent error. it is a matter of statistical properties.

We know the system, perfectly trained, will make incorrect predictions.

Of course, even aspecialist doctor makes incorrect predictions. For this reason his predictions are according to science and conscience, follow a decision-making path and sometimes he might be called to motivate his decisions.

Now suppose we provide the diagnostic machine to the doctor.

Machines, in fact, can scale in speed and quantity to levels that a human cannot reach. But when they make a prediction, they cannot explain why.

Let’s now suppose that the machine makes a prediction that differs from the doctor’s opinion.

What will the doctor do?

In my opinion, the incentive for the doctor is to confirm the prediction of the machine, even if it contradicts his own opinion.

One could argue that we could just legally recognize the probabilistic nature of  the machine’s outcomes, thus providing doctors with a way to cover themselves if they contradict the machine. But would it really be an incentive for an in depth analysis by the doctor ? I don’t think so. it would just be less troublesome and quicker to agree with the machine.

Now suppose there is a patient with a serious acute illness.

• Suppose the machine makes the correct prediction, the doctor makes a mistake and his decision is the final one. The patient gets worse and the doctor is called to justify himself. Why has the doctor stubbornly taken his position? Even the machine indicated that there was a pathology!
• Suppose the machine makes the wrong prediction and the doctor sees it right but conforms to the prediction of the machine. The patient gets worse and the doctor is called to justify himself. Why did the doctor confirm the prediction of the machine? Didn’t he recognize the symptoms? He can always argue that in science and conscience he didn’t consider them sufficient to contradict the machine.

In both cases, the doctor’s position is more defensible if it conforms to the prediction of the machine, even if he thinks otherwise, even if the doctor knows that the machine produces false predictions. In any case, he can lift his hands and say “also the machine confirmed this”.

The obvious conclusions are that doctors are redundant, that a certain level of risk (due to recall/precision of AIs) is inevitable and we should live with it.

Now let’s suppose we knowingly alter some of the predictions of the machine (keeping track of them) and inform the doctor that some of the predictions that are communicated to him, are actually the opposite of what the machine really determined (of course he doesn’t know which ones). We call these predictions “poisoned”. (and those that are not, “sincere”).

The machine makes a prediction, but the doctor is told a poisoned prediction. The machine believes that there is a pathology but the doctor is told that the machine believes that there is no pathology.

What can the doctor do now? When he believes that the prediction of the machine is wrong, will he confirm it ? And what if the machine’s diagnose was poisoned ? He must tell what he truly thinks, in science and coscience.

At this point we have a situation in which

• the prediction of the machine is sincere and that of the doctor is in agreement. in this case the diagnosis is confirmed.
• the prediction of the machine is sincere and that of the doctor is discordant.  the case is highlighted and another opinion is required.
• the prediction of the machine is poisoned and that of the doctor is discordant. in this case the diagnosis of the doctor is confirmed.
• the prediction of the machine is poisoned and that of the doctor is in agreement. the case is highlighted and another opinion is required.

Such “another opinion” could be by a doctor or it could be a second machine, with different algorithm and training, absolutely non poisoned.

This is a simple example of how the concept of redress by design could be implemented with prediction poisoning.

A single  doctor is a “one opinion system”. We invented the idea of science and conscience and all audits on correct behaviors, requiring explanations, to build incentives to avoid negligence and guilt.

A doctor with a machine is a “two opinions system” where (I believe) the machine’s opinion, as argued above, would tend to prevail. Lab technicians can already confirm this tendency. Furthermore, inspections and audits might not be effective on systems that cannot explain their motivations (like humans do).

The redress idea exposed above is that when the two opinions (machine and doctor) are in disagreement, a third one needs to be involved to resolve the dispute

The act of “poisoning” only serves the purpose of keeping doctors attentive, so that they avoid just conforming to the machine thereby being able to spot some incorrect predictions. It is a mean to improve effectiveness in  the detection of incorrect predictions.

Someone could object that such a procedure would eliminate the benefit of speed and scale increase allowed by the application of AI. As a matter of fact, since the physician knows that his predictions are subject to an AI-assisted examination procedure, he can operate at a higher speed because his activity is augmented with an AI based error control system. In this case a desirable result is obtained: the functions of the doctor are augmented by the AI and not replaced.

Arguably, such a procedure will be costly. In some states some variations could be envisioned, for example by involving patients in the decision. Let’s say the machine’s prediction is 0.65 confident. Before going for a third opinion, the doctor and the patient could have a conversation about the costs of listening or not listening to the machine and about any reasons the doctor thinks the ML might be wrong and let the patient decide after having received all due informations.

One final comment about the “poisoning” word I’ve chosen to express this concept. It may appear somewhat ungraceful (even more when used in an example about healthcare) but I think the term is quite appropriate as the term is already used with a comparable meaning in network security (ARP poisoning, DNS cache poisoning) .

Share now →

-(A sunday morning provocation)

Artificial Intelligence is a name born in 1956. It has gained a lot of attention thanks to its resonance with humans, and favoured the devlopment of an imaginative Hollywood production stream.

The name “artificial intelligence” has an implicit bias that does not allow for a cognitive perception adherent to reality.

On the contrary, the name favours the suggestion of the possibility of machines to develop some form of consciouness, emotions, acquire a “personality” similar to humans’ and, ultimately overcome human limitations and developing a self superior to humans.

You’ve seen the movies, you know the narrative… But they are only devices that extract correlations from data and use those correlations to make predictions and a load of very useful things. And as having calculators doing square roots, they can do it at a scale and speed far exceeding human’s performances. By throwing in some logic and randomness they can also exhibit some interesting and original behaviors. Yet machines have no clue of what reality is. At best, they mimic a model of the reality, so they are two steps away from reality.

After a conference on AI at the Pontifical Academy Of Science in Rome, discussing with some friends (among them Aimee van Wynsberghe), we argued that the first and foremost AI bias is its name. It induces analogies that have limited adhrence to reality and it generates infinite speculations (some of them causing excessive expectations and fears).

Because of this misconception, we proposed we should drop the usage of the term “Artificial Intelligence” and adopt a more appropriate and scoped-limited terminology for these technologies which better describe what these technologies are:  Systematic Approaches to Learning Algorithms and Machine Inferences.

Now we have redefined the name, will we still support the idea that SALAMI will develop some form of consciouness ?

Will SALAMI have emotions ?

Can SALAMI acquire a “personality” similar to humans’ ?

Will SALAMI ultimately overcome human limitations and develop a self superior to humans ?

Can you possibly fall in love with a SALAMI ?

Can we suddenly perceive a sense of how all these far flung (unrealistic) predictions look somewhat ridiculous ?

Share now →

[draft]

We recently had a debate in Italy about anonimity on social networks and the possibility/difficulty/impossibility to prosecute possible online crimes.

The whole debate started when a politician proposed to impose registration to social networks with personal IDs. This is a recurrent proposal. In every legislature, at least since the early 2000 some member of the parliament makes a similar proposal, there’s a public debate (now on twitter..) and then everything vanishes after a couple of days.

The proposal is both technically impractical and politically unsettling, given it exposes commenting persons to possible retaliations for their opinions determining a chilling effect on free speech. On the other hand, there’s already a chilling effect due to the huge amount of bot accounts that harass online conversions, or reputation damaging lies. (let alone other crimes like sexual abuse or hatred).

IMHO, the discussion fails to grasp an important point: we _already_ are reacting putting political pressure and legal oblilgation on intermediaries to police online speech. (I wrote about this in a book Parole e Potere (Words and power) cowritten with Oreste Pollicino, full professor of Constitutional law at Bocconi University and Giovanni Pitruzzella, Advocate General at the European Court of Justice).

Facebook has recently reported data about their policing. The figures are staggering, as they amount to many billions of interventions in 2019.

And they do it mostly proactively (e.g. not upon notification from users, they filter in near realtime upon content upload). For example, in the category “Child & nudity”, 99,5% of removals were proactive and just 0,03% of contents have been reinstated after a remediation request by users. The same goes for “Violence and graphics”: 98,9% proactive removals, 0,007% redress; “hate speech” 67,8%proactive, 0,05% redress; fake accounts 5,4Bn removals, 99,8% proactive, no data on redress.

Perhaps Twitter is not doing as much as Facebook is doing, maybe because of the level of required investment, but the “effectiveness” of Facebook actions is driving up pressure on everyone and eventually Twitter is going to end up with similar approach.

De facto, there are already private companies that, using Artificial Intelligence, decide who gets to see what, and who can say what, with very limited (or almost non existent) redress possibility, transparency and accountability.

This _already_ is the case.

And censorship will extend over time as Artificial Intelligence proliferates.

There are two measures we should look at, when working with probabilistic systems like machine learning: precision (of all those identified as wrongdoers, how many really were wrongdoers ?) and recall (of all the cases examined, how many of the wrongdoers has been identified ?)

AI works, for what a policy maker is concerned, as recall can be very high. Like it or not (I don’t), this will lead to an increase of requests of content policing by online intermediaries.

But we should care of precision, avoiding false positive to the maximum extent. Because for the specific person that has been denied one of her rights because of an incorrect prediction of a non defective system, her damage is unitary. A 100% violation of her rights. This is why, IMHO, we should be really concerned about redress, combined with a protection of anonimity to preserve user’s rights and prevent chilling effects.

I think the censorship power should not reside in private hands (unmonitored).

Borrowing some words from the US vs. Columbia steel antitust decision of 1948 (we are not talking about steel, but about communication control..):

We have here the problem of bigness.

Its lesson should by now have been burned into our memory by Brandeis. The Curse of Bigness shows how size can become a menace — both industrial and social.

It can be an industrial menace because it creates gross inequalities against existing or putative competitors.

…
In final analysis, size in steel is the measure of the power of a handful of men over our economy.

That power can be utilized with lightning speed. It can be benign, or it can be dangerous.

The philosophy of the Sherman Act is that it should not exist.

For all power tends to develop into a government in itself. Power that controls the economy should be in the hands of elected representatives of the people, not in the hands of an industrial oligarchy.

Industrial power should be decentralized.

It should be scattered into many hands, so that the fortunes of the people will not be dependent on the whim or caprice, the political prejudices, the emotional stability of a few self-appointed men.

The fact that they are not vicious men, but respectable and social-minded, is irrelevant.

That is the philosophy and the command of the Sherman Act. It is founded on a theory of hostility to the concentration in private hands of power so great that only a government of the people should have it.”

In this case, power should not reside in elected officials, but in justice systems.

This is why I proposed in the past legislature in Italy a bill (italian) on protected anonimity (as defined in a resolution that I proposed and was approved with unanimity, based on the final Declaration of Internet rights [Art. 10] by a Chamber of deputies study commission) and am pushing the concept of redress by design which has also been included in the policy and investment recommendations to the European Commission by the High level expert group on Artificial Intelligence of which I am a member (AI HLEG).

I already wrote about the idea of redress by design in this blog. The way how it was worded in the AI HLEG Policy recommendations 2019 is “establishing – from the design phase – mechanisms to ensure alternative systems and procedures with an adequate level of human oversight (human in the loop, on the loop or in command approach) to be able to effectively detect, audit, and rectify incorrect decisions taken by a “perfectly” functioning system, for those situations where the AI system’s decisions significantly affects individuals.”

The AI HLEG Guidelines explicitly state: Oversight may be achieved through governance mechanisms such as a human-in-the-loop (HITL), human-on-the-loop (HOTL), or human-in-command (HIC) approach. This can include the decision not to use an AI system in a particular situation, to establish levels of human discretion during the use of the system, or to ensure the ability to override a decision made by a system. Moreover, it must be ensured that public enforcers have the ability to exercise oversight in line with their mandate.

My proposal of protected anonimity in conjunction with a redress request for an invalid censorship decision is aimed to have courts taking a final decision, with al guarantees of a due process. This can be achieved, on a procedure triggered by the user,  by associating the specific censored content (not all of the users’ online activity) to a token that can be reconciled by the court to the user’s identity, thanks to the cooperation of a trusted third party (anywhere in Europe, relying on the existing eIDAS trust framework), that furthermore has the obligation to store the association offline, in order to prevent privacy violations and to permanently delete such association after a specific amount of time (in line to the expiration terms for the alleged violation’s prosecutability).

It may sound complicated, but it can be made as simple as logging into a wifi; IMHO it relieves the intermediary of possible responsibility consequences, it ensures all citizen’s safeguards are in place, it increases the reliability of the system by relying on a europewide exixting network of fiduciaries, it dramatically mitigates the risk of unjust decisions and, last but not lest, it can create a service industry for European companies coherent with European values.

Share now →

Molte persone si sono ormai rassegnate a dover scegliere tra la propria privacy e l’uso dello smartphone. Se da un lato si ottengono le ben note comodità dei servizi offerti da Google e Apple, dall’altro bisogna rinunciare a molti aspetti della propia privacy. /e/OS è un sistema operativo per smartphone che cerca di ovviare a questo compromesso fornendo servizi privacy-oriented (anche self-hosted) integrati nel sistema.

/e/OS è basato su Android, più precisamente è un fork di LineageOS, progettato per poter usufruire di un sistema Android libero dalle catene di Google. Gli sviluppatori hanno infatti lavorato a fondo per la rimozione dei servizi Google e i collegamenti tra il sistema e Mountain View. Potete trovare un’analisi tecnica sulla reale “de-googlizzazione” del sistema a questo URL.

Non si sono però limitati a togliere: hanno introdotto servizi sostitutivi a quelli offerti da Google. Tramite la registrazione di un account fornito dalla e.foundation (organizzazione non-profit registrata a Parigi) disponibile a questo  link  è possibile usufruire di un account email con cui sincronizzare i contatti, le note, le attività e il calendario esattamente come avviene con il proprio account Google. Tutto integrato nel sistema e configurabile al primo avvio.

Oltre a questo, vengono forniti 5GB di spazio sul cloud, aumentabili a 20GB con una donazione “Early Adopter”. Questa infrastruttura si basa su NextCloud e ciò comporta alcuni vantaggi:

• La sincronizzazione avviene tramite protocollo WebDAV ed è quindi compatibile con tutti i sistemi
• Non ci sono limiti di dispositivi sincronizzabili
• Può essere installato in locale in modo da sincronizzare localmente i propri dati senza inviarli a nessun server terzo, nemmeno quelli della e.foundation.
• Le note vengono salvate come semplici file .txt nella cartella Notes di Nextcloud, rendendole semplici da consultare ovunque anche senza applicazioni dedicate

Sono integrate nel sistema anche varie app di uso comune, come il client email basato su K9, il browser chromium-based con DuckDuckGo e Qwant preimpostati, OpenKeychain come client PGP, il launcher Bliss e alcune altre applicazioni.

Il supporto al “Drive” da 5GB non è integrato nel sistema, ma è sufficiente installare l’applicazione di Nextcloud dallo Store integrato per configurare senza problemi anche lo spazio cloud, con tanto di upload automatico di foto e video.

Un elemento distintivo è lo Store delle applicazioni integrato, a cui ho appena accennato, che fornisce app libere e proprietarie di tutti i tipi, ma a differenza degli altri Store mostra anche una valutazione del rispetto della privacy basato sui voti del progetto Exodus Privacy. In alternativa è possibile installare il ben noto Store di applicazioni opensource F-Droid. Per tutte le applicazioni non presenti sullo Store integrato o su F-Droid, esistono Aurora Store o Yalp che sono mirror del Play Store da cui è possbile scaricare qualsiasi app. E’ importante sottolineare che Aurora Store scarica pacchetti binariamente identici a quelli del Play Store, al contrario di altri siti “mirror” dove l’uguaglianza binaria non è certa e ciò li espone al rischio di distribuire applicazioni infettate da malware.

Nella community si trovano inoltre molti altri consigli per proteggere ulteriormente la propria privacy. La stessa community consiglia di usare Shelter, applicazione disponibile nello Store integrato (o su F-Droid) che crea una sandbox in cui installare le applicazioni non rispettose della privacy a cui molti non possono rinunciare (qualcuno ha detto Whatsapp?) senza dargli accesso ai dati di sistema. Maggiori informazioni a questo link.

Un’altra app interessante da usare in abbinamento ad /e/OS è ClassyShark3xodus che analizza le applicazioni installate e mostra i tracker integrati nelle app. Molto utile per sapere quali applicazioni lavorano alle vostre spalle. Ad esempio, sapevate che la versione di Telegram del Play Store contiene diversi tracker, mentre la versione F-Droid è pulita?

Tornando al sistema in sè, l’esperienza d’uso è di fatto uguale a quella di un dispositivo Android e le prestazioni sono pressoché identiche, ma noterete un notevole miglioramento nella durata della batteria dato che il dispositivo non sarà sempre connesso ai server di Google per tracciarvi. E’ importante verificare nella lista dei dispositivi supportati (88) la presenza di bug noti per lo specifico dispositivo. I dispositivi supportati sono disponibili a questo link.

/e/OS supporta anche gli aggiornamenti OTA, quindi non è necessario compiere nessuna operazione di flashing manuale degli aggiornamenti e le build vengono ricevute direttamente dallo smartphone. L’installazione avviene in background garantendo l’operatività del dispositivo durante l’installazione ed è richiesto solo un normale riavvio al termine dell’operazione di aggiornamento. A seconda del dispositivo, /e/OS si basa su Android Nougat, Oreo o Pie. Anche in questo caso è bene verificare sul sito la versione disponibile, identificabile dalla lettera successiva al nome della build: e-07-n* è basato su Nougat, e-07-o* su Oreo e e-07-p* su Pie.

Sottolineo che i dati disponibili sul sito sono riferiti ai dispositivi supportati e alle versioni ufficialmente rilasciate, ma /e/OS è installabile, in linea di massima, su qualsiasi dispositivo supportato da LineageOS ed è possibile compilare il sistema anche in versioni più aggiornate rispetto a quelle ufficiali, se si hanno le competenze.

Qualche compromesso inevitabilmente c’è. L’installazione richiede delle conoscenze base nel flashing dei dispositivi. Pochi comandi adb per il boot della recovery e flashing della build di installazione, ma sono presenti le istruzioni passo passo sul sito. Chi ha già avuto modo di flashare una qualsiasi Rom non avrà problemi a effettuare l’installazione. Per i meno esperti che non si spaventano a pagare un sovrapprezzo per avere un dispositivo certificato, o vogliono supportare gli sviluppatori, è possibile acquistare alcuni dispositivi con /e/OS preinstallato (Samsung Galaxy S7, S7 Edge, S9 o S9+).

Segnalo inoltre che alcune app che richiedono i servizi Google potrebbero non funzionare a dovere. Alcune applicazioni sono così strettamente legate ai servizi Google da non poter essere avviate senza questi componenti, mentre altre potrebbero avere dei malfunzionamenti. Nonostante per alcune di esse ci siano dei workaround, altre potrebbero non funzionare proprio. Spesso sono applicazioni bancarie o servizi di streaming video, ma molto dipende dall’applicazione di vostro interesse.

E’ un progetto avviato da poco, nel 2017 da Gael Duval, sviluppatore francese già creatore di Mandrake Linux, ma merita attenzione per il coraggio di aver voluto creare un ecosistema alternativo, e non solamente un sistema operativo, orientato alla privacy. “Your data is YOUR data!”.

/e/OS è un nome temporaneo che gli sviluppatori useranno fino al completamento delle operazioni di registrazione del nuovo nome ufficiale che dovrebbe essere svelato in concomitanza con il rilascio della versione 1.0, attualmente prevista tra qualche mese.

Se siete interessanti, la documentazione è un ottimo punto di partenza per approfondire le funzionalità e le possibili problematiche:

Share now →

just a quick thought: it’s just an idea that is starting to buz zin my mind…

one of the problems of the immaterial dimension determined by digital tools is the fact that computers can scale actions to a dimension and with a speed unparalleled in the material dimension.

think to network effects and lockins and their impact on competition; it’s pretty obvious.

think to fake news and online hate speech: once confined in the material realm, it could not spread easily and tended to deaden. (less in stadiums, cocnerts, and other venues where scale becomes an issue)

think to the new type of applications that computing is entering into, with AI automating perception/classification/prediction (once typical of human capacities).

for all these (and other) examples, when scale is limited, the consequences are generally not very relevant, but when scale becomes massive in a very short timeframe, problems arise.

so, to attenuate negative externalities, perhaps we should think of introducing correcting measures with ex ante digital regulatory ladders.

just thinking…

would love to read your comments!

Share now →

This post, in italian, is a followup to an interview I gave a couple of weeks ago on national radio Radio24 interviewed by Enrico Pagliarini.

He was puzzled learning that I don’t use (almost) any of the most common internet service so we chatted about tools I use instead.

Blog reader Antonio Massaro thought a good idea was to publish a blog post about it and he pushed me to write it.

—

Questo post è il seguito di un’intervista che ho rilasciato un paio di settimane fa su Radio24 intervistato da Enrico Pagliarini.

E’ stato incuriosito dal sapere che non uso (quasi) nessuno dei servizi internet più comuni, così abbiamo chiacchierato degli strumenti che uso.

Un lettore di questo blog, Antonio Massaro ha pensato che fosse una buona idea pubblicare un post al riguardo e mi ha spinto a scriverlo.

E tu, che software usi ? (scrivi nei commenti)

—

nell’intervista c’erano molti punti interessanti [alcuni li aggiungo qui, NdR SQ]:

Servizi

• servizio di posta: assolutamentee IMAP. Adesso sto usando kolst.com, ma potrei cambiare
• motore di ricerca duck duck go
  • uso della ricerca “video” per trovare i video e vederli direttamente nella preview della ricerca, in modo da non dare cookies traccianti a youtube (non usando quindi la pagina di youtube)
• servizio di traduzione deepl.com
• servizio di mappe here.com
• server cloud di file, contatti, calendario: nextcloud (su un mio server; qui ci sono fornitori di nextcloud as a service)
  • per l’editing collaborativo ho una installazione di Collabora Onlince che si aggancia a Nextcloud.
• abbreviatore di url: polr (su mio server; altrimenti is.gd)
• dns server personale pi-hole
• telefono solo per telefonate ed SMS, accendendo solo il wifi per sincronizzare la rubrica, un android ridotto all’osso
• sperimentale: alternative distribuite a twitter: mastodon e a facebook:friendica
• password manager: lastpass, per tutta la famiglia, ltrimenti userei Password su nextcloud
• videoconferenza: zoom.us
• condivisione di desktop con audio, ma senza video: mikogo (ottime performance)
• chat: purtroppo (quasi) tutti.. in ordine di preferenza: signal, telegram, whatsapp

Su desktop (windows 7)

• browser principale Firefox, (secondario Brave) Su firefox ho diverse estensioni (alcune di queste anche su mobile, alcune su un computer, altre su un altro)
  • Update scanner: per monitorare cambiamenti ad alcune pagine che mi interessano
  • Undo close tab: per riaprire una tab quando chiusa erroneamente
  • Umatrix per disabilitare selettivamente componenti traccianti nelle pagine (è complicato da usare…)
  • Temp-mail per avere degli indirizzi email usa e getta per la fase di registrazione ai siti. Se lo usate, attenti a cambiare subito password e a non dimenticare le credenziali di accesso, non le recuperereste mai piu’..
  • Search preview: per avere una thumbnail del sito nei risultati di ricerca. aumenta la mia produttività a trovare e ritrovare le cose con i motori di ricerca
  • Search by image: per cercare a partire da una immagine su n motori di ricerca in parallelo
  • Resurrect pages: per trovare la pagina che nonc’e’ più in internet archive o in qualche cache nei motori di ricerca
  • Referrer switch: per non dire al sito dove si va da quale sito si viene
  • Polrff: si interfaccia con il mio url shortener privato per generare link abbreviati
  • Noscript: consente a contenuti attivi di essere eseguiti solo da siti fidati (piu’ semplice da usare di umatrix)
  • Newtabtools: personalizzazione della pagina home di firefox
  • Mysessions: un gestore di sessioni (salva le tab aperte in queste momento, dando un nome alla collezione, per poterle richiamare e riaprire in un colpo solo)
  • Imageblock: per eliminare le immagini dalle pagine con un clic (utile in treno..)
  • Foxygestures: per associare a movimenti del mouse azioni (cerca, cerca nel sito, cerca nelle mappe, cerca in wikipedia, ecc.)
  • Duckduckgo privacy essentials: semplice per bloccare elemnti traccianti
  • Decentraleyes: protegge da traccianti a mezzo CDN (Content Delivery Network) Installata da poco, sto valutando…
  • Copy plain text: per copiare del testo e incollare in un DOC, senza formattazione. la ho disabilitata perchè ho scoperto che al momento di incollare CTRL-SHIFT-V fa lo stesso…
• email client thunderbird (senza lightining, l’estensione per l’agenda, che è molto lenta) per un periodo ho cifrato le mail, poi ho smesso perchè prediligo la ricercabilità alla cifratura, fermo restando il requisito di separazione (non integrazione verticale) tra server e client. ho parecchi addon (sennò userei em client anche per la mail)
  • allow html temp: le mail le apro solo in formato testo, altrimenti ci possono entrare elementi traccianti. rare volte le guardo in html. questa estensione consente di farlo con un click
  • cardbook: un addressbook molto potente, alternativo a quello builtin
  • compact header: con un clic espandi/contrai l’intestazione della mail, per avere piu’ spazio di lettura o piu’ dettagli sulla mail
  • dorando keyconfig: per associare a funzioni dei tasti preferiti
  • duplicate contacts manager: per trovare e gestire i nomi duplicati in rubrica
  • import export tools: ditto.
  • mailmerge: potente, per mandare mail personalizzate a gruppi
  • remove duplicate messages: ditto.
  • send later: ditto
  • show all body parts: a volte le mail sono codificate con degli errori in formati strani, con questo si riesce a vedere
  • threadvis: visualizza il thread con una sequenza di pallini, passandoci sopra si ha un preview. utile per ricostruire il contesto di vecchie email…
• client per agenda em client
• per backup uso Duplicati e i file cifrati vanno su Mega
• ditto è un clipboard manager per avere un copia/incolla con gli ultimi n elementi. devi copincollare tre cose da una pagina all’altra? fai tre copia di fila e poi vai dove devi incollare e fai i tre incolla
• allwaysync: per sincronizzare file da qualunque fonte a qualunque destinazione (pressoche). poco estetico ma efficace
• gridmove: un gestore di finestre che consente di partizionare (anche su multischermo) il display in griglie e fare un resize di un’applicazione ad una cella della griglia con un solo tasto. es: quando sono in multischermo, tengo sul display del laptop solo signal e telegram. con un tasto metto signal nella meta’ di sinistra dello schermo del laptop e con un altro metto telelgram nel lato destro, perfettamente allineati
• fences: definisce delle aree sul desktop, ci metti le icone e restano li’, belle ordinate, anche quando cambi risoluzione. fondamentale per tenere il desktop ordinato
• tinytake: per fare screenshot e condividerli facilmente
• easyjoin: (prevalentemente) per condividere clipboard tra pc e tablet
• VLC: video player
• libre office: office suite per i documenti/slide/fogli elettronici
• ovviamente il client di sincronizzazione di nextcloud, che consente di fare condivisioni  di documenti con il right-click _molto_ facilmente (addio wetransfer..)
• gimp: editing immagini
• filezilla: per ftp
• putty: per ssh
• total commander: file manager, immancabile… una replica ri Norton Commander, il primo amore non si scorda mai.
• 7-zip: gestoroe di file compressi; winrar per i .RAR
• bleachbit: manutenzione di sistema
• clementine: music player
• DOSbox per fare girare degli essential: tetris.com e prince.com
• Foxit Reader: per visualizzare e fare note su PDF
• Free alarm clock: utile avere sempre in centro allo schermo, in alto, sulla barra dell’applicazione, l’ora
• Free OCR: OCR per convertire immagini di doc in testo (ho esigenze molto basilari)

Su tablet (android) di tutte le app citate uso le versioni a pagamento

• App hermit per contenere altre app ed evitare che leggano dati personali (twitter, [non uso] facebook, linkedin, instagram, youtube, tripadvisor, airbnb, booking, ecc.)
  
• DAVx per la sincronizzazione con nextcloud di contatti e calendario
• Business calendar per l’agenda
• store alternativi: F-Droid e Aptoide
• mappe: osmand e here.com
• per sincronizzazione folder tra mobile e server vari uso foldersync
• easyjoin: (prevalentemente) per condividere clipboard tra pc e tablet
• per cambiare il dns uso dnset pro
• tastiera uso swype keyboard di nuance, con riconoscimento vocale di nuance. Purtroppo e’ stata tolta dallo store, mi tengo caro l’apk.
• per sintesi vocale vocalizer
• per indicare la posizione ad amici da cui sto andando uso glympse
• per documenti uso WPS Office
• per note: Denkzettel che genera file txt che sincronizzo con nextcloud usando foldersync, cosi’ le ho su pc e mobile
• scanner: turbscan anch’esso sincronizzato con foldersync
• ebook reader: AIReader
• email client: aquamail

Share now →

The attorneys general of Australia, the UK and the US have written an open letter to Facebook calling for a delay in introducing end to end encryption in messengers. here it is: HS_open_letter_to_Mark_Zuckerberg

This must be the same australian person who once said that, in Australia, State laws prevail on the laws of mathematics.

“We are committed to working with you to focus on reasonable proposals that will allow Facebook and our governments to protect your users and the public, while protecting their privacy. Our technical experts are confident that we can do so while defending cybersecurity and supporting technological innovation.  “

I don’t know if they really believe in what they write. how “defending cybersecurity” has anything to do with end to end encryption in Facebook. I mean, do they really think that terrorists don’t know how to install and use any ecnrypted messaging app (or even develop their own) ?

We must find a way to balance the need to secure data with public safety and the need for law enforcement to access the information they need to safeguard the public, investigate crimes, and prevent future criminal activity.

this is akin to saying “we must find to find a way to balance the use of mathematics (crypto theorems) by bad guys and by good guys”. Hey bad guys, just for you, 2+2 =3.

Share now →

Deepfakes in real time have become famous because they allow a person to impersonate a celebrity by making him say what he wants.

but it also allows a person to say anything hiding behind an ordinary person, a sort of “videoalias”.

to know who says what, it is no longer enough to simply watch a video while listening to the voice of the speaker. seeing is no longer believing.

like today we don’t trust a piece of news written in a twit but we look at who writes it, soon we won’t trust what we see anymore, the context will be relevant for the message; we will have to know who produced it and who proposes it to us. for videos, the publisher will increase in importance.

for applications where you need to know that a specific person is who they say they are, you will need to tie the content to the process that produced it.

this may lead to integration in browsers of a software component that allows a person to authenticate with a certified digital identity (like the eIDAS scheme), enriching video metadata in a way similar to digital signature.

Share now →

Today I participated in a breakfast meeting of the Bruno Leoni Institute on the subject of taxation of digital income . (Unfortunately, I arrived late).

But the speaker was my friend Massimiliano Trovato; we know each other’s theses very well (we know very well what is the microdetail that divides us and from which our different points of view derive) and I could make my own argument (as a contribution from the public) without leaving the theme.

IMHO, as you know, we are facing a new type of income and as such should be treated (explanation).

Then a man intervened from the public; I don’t know precisely his role but he introduced himself as a representative of one of the GAFA. He exposed the usual paraphernalia of justifications on why it is good to do nothing on the taxation front. Nothing new, really; we’ve heard this tune from them for many years.

He also made a statement about a very “old economy company” that I know well; I told him things were not as he was saying and he replied laughing in my face.

I did not fail to point out his rudeness. At first he said that it was not true (but the session is recorded) then he apologized. I said I received his apology.

But I cannot consider that a statement of apology for a gesture of serious rudeness and arrogance, can exhaust the thing.

I always tell my teenage daughter she can’t think (metaphorically) of breaking a vase, then apologize and it’s as if nothing happened. You can’t pretend that it didn’t happen. You bear a responsibility for what you do.

Especially if you are the representative of one of the most powerful companies in the world speaking on behalf of the company.

Share now →

by adding information to the classic economic categories work, production, capital, clearly the equation changes and capitalism as we know tends to disappear.

if information “eats the world” and it is not a private good, capitalism will be over.

if the only way to ensure excludability (like privacy needs imply) is through data/services access control, feudalism follows (like we have today, thanks to datalords who are info-plutocrats).

in a positive feedback loop, data concentration by datalords (who are gatekeepers to markets) erodes willingness to compete by new entrants (who don’t have access to the same information and thus can’t have effective competition in service and price personalization); competition traditionally is a driving force of capitalism; competition is now for the market and not in the market.

capitalism restoration can derive from cryptography by enabling rivalry and exclusion of immaterial goods (and thus reconstruct a new version of immaterial capitalism).

(in analogy to “landlords” I previously wrote “infolords”, but I think “Datalords” captures the idea better, so I corrected this post 9.11.19)

Share now →

some notes; contributions to the discussion are welcome.

With the advent of the Internet, the political parties have seen gradually liquefying the intermediate structures that were justified by the friction determined by geographic constraints.

these intermediate structures were essential for organising consensus, obtaining feedback and to select managing members. they allowed the number of people involved in the complexity of political decisions to be extended

by skipping geography and communicating directly, these functions have disappeared, ways and times of building consensus and mediation have vaporised leading to fragmentation; the political message has become trivialized becoming even more polarized and appealing to emotions; the electorate has become more mobile and the parties more likely to be election cartels for a leader.

at least a couple of problems arise:

the first is that the internal governance of parties becomes more critical, internal conflicts increase, instability is exacerbated and the resilience of compromises is reduced
the second is that voting systems that reward the relative majority (first-past-the-post systems or systems with majority prizes) favour the election of people with extreme positions, with a (fragmented) majority opposing them. (Post-truth is a consequence)

If it’s true that the internet is the enzyme that has catalyzed these processes, exacerbating these trends, it is also true that time cannot be reveresed and a no solution can avoid using technology, even in internal governance of the parties, which is probably the first point on which to intervene.

Share now →

The European Commission has just launched a survey targeted at developers of Free and Open Source Software (FOSS) to understand their needs and how the EU can contribute to a safer open source ecosystem.

Survey questions are primarily about the Security of free and open source software, and what the European Commission can do to help developers make more secure software.

The FOSS developer survey is part of the EU-FOSSA 2 project, an initiative from the EU to improve the security and integrity of the most critical open source software in use. Besides the survey, other project activities include bug bounties, hackathons, and engagement with developer communities.

Collaboratively improving FOSS security

The survey welcomes suggestions and ideas from developers on improving security, and about what the European Commission can do to help. The survey is open until 30 November 2019, with the results published on the EU-FOSSA website soon after.

This is a great opportunity for open source developers to make their voices heard in the discussion on how to collaboratively improve the security of open source software.

Share now →