A ssh_config trick to rewrite hosts

I have a pretty long and articulated ssh config. It reflects the plethora of hosts I want to have access to, and the fact that I do not want to use the same identity (i.e. the same cryptographic key) for all of them.

This leads to have a lot of Host blocks with wildcard matches with either a HostName or an appropriate entry in /etc/hosts.

Lately, I wanted to add a new way to authenticate, using an ssh key backed by the TPM on my laptop. I use gpg-agent as an ssh-agent but in this case I wanted to use another ssh agent, specific for TPM-backed ssh keys. I wanted to avoid duplicating all the bunches of blocks I had, and so I came up with the following stanza that does the trick of rewriting any host that matches a certain pattern (*.tpm), removing the suffix

Host *.tpm
    ControlPath ~/.ssh/sessions/%r@%h:%p
    ControlPersist 600
    ControlMaster auto
    IdentityAgent /run/user/1000/ssh-tpm-agent.sock
    IdentityFile ~/.ssh/keys/id_ecdsa_tpm.pub
    ProxyCommand nc -F $(echo %h|sed s/\.tpm$//) %p
    ProxyUseFdpass yes

Let us unpack it.

The stanza is applied for any host that ends with .tpm, (i.e. ssh -p 1234 me@myhost.example.com.tpm). The first three lines persist the connection to the host as a socket (in the previous example, ~/.ssh/sessions/me@myhost.example.com.tpm:1234) and keep it alive for 600 seconds. The fourth and fifth line instruct ssh to use the ssh-tpm-agent and a specific key stored in the tpm to authenticate to these hosts. The last two lines do the rewrite trick: ProxyCommand tells ssh to delegate the setup of the tcp connection using netcat and here the host to connect to is rewritten with sed, removing the suffix. The -F switch instructs netcat to return the connection as a file descriptor to ssh and exit (saving the system a not needed process) and ssh is instructed to accept and use that file descriptor with the last line.

Not simple, but working.

Work time should not be slavery

I just read this article. It exudes a heavy Teutonic attitude to life in that it assumes that all the time dedicated to work is meant to be directed by the employer’s will, or rigidly adhere to production-aimed customs.

An excerpt from it reads:

“Wait a minute! Should I sacrifice one hour of my precious spare time for learning things that I need for work? No way!!!”

You don’t have to (because you need that time for writing blog posts, coding and to prepare conference talks!)! It’s not “free time” aka time where I can do what I want (for parents: care and play with the children 😉 ). It’s the time between working hours, free time and sleeping time. Let’s call it “duty time” (isn’t there a better term for that?). Duty time is the time that we have to spent for going to work, purchase food, cook dinner, going to sleep and so on – all activities we have to do besides your primary work.

The trick is to refine some of the duty time to learning time!

Let me clear the ground regarding my position about this: fuck it!

I am grateful to work in a field that I manage to like, but I cannot help but recognize that work time, thanks to its nature of necessity, is very much a burden. I would find a thousand different ways to better spend that time, for me and the world. Nevertheless, I have to recognize that I lack that freedom.

What I can do instead is make use of that time in the most fruitful way, without necessarily damaging the interests of my employer: I do learn during the work time. And I do this without the slightest sense of guilt, because this time spent learning will most probably also benefit my (current or future) employer. So, be it.

And, let us be frank, there is no way to be 100% dedicated to work during the average work day: focus is a harsh mistress. What I do when I am not in the right mood to produce, is to try and absorb something from the grand vastness of the Internet. Sure, sometimes it is a waste of time, but most other times is well worth the diversion.

Introducing: Conductor, a small library to coordinate work in a program

TL;DR: conductor is a new library I have been working on recently, check it out.

Why

I am planning to fully rework papero. In particular, the daemon that handles the synchronization of the local folders with the remote IMAP server. The use case that I care most should allow for a single daemon to handle multiple accounts at once, and to have maybe coordinated tasks lightly coupled. Currently, the whole thing uses a Elm-like architecture. It is working, but I don’t like it. Also, it limits the execution loop to run through one account at a time. I imagined then a system where a single goroutine receives commands, and dispatches them to the pool of workers that are in charge of the real work. The idea pushed me naturally towards the ergonomics of Context, where a for ... select loop is used to handle non-blocking interrupts.

Show it

The README is pretty verbose, and I encourage you to take a look. I also tried to be thorough in documenting it and provide some (hopefully useful) example.

Copy-pasting from the README

tagged := Tagged[string]()

// we listen on many different possible tags

for {
	select {
	case cmd := <-WithTag[string](tagged, "tag1").Cmd():
		// React to a command in the "tag1" branch
	case cmd := <-WithTag[string](tagged, "tag2").Cmd():
		// React to a command in the "tag2" branch
	case <-tagged.Done():
		// As for the Simple, also the Tagged is a Context
	}
}


// We may selectively send a command, again using the Send function

Send[string](tagged, "tag1")("doitnow")

// We may also send a broadcast command

Send[string](tagged)("allhands")

So what?

I will use it in my projects and hope to have a good time with it. If you would like to give it a shot, please do and feel free to report back any strangeness or inconvenience at:

blallo -|AT|- autistici.org

The lone hacker

Disclaimer

While the premise of this post might seem a bit cringe, in that is fundamentally a missed conversation with someone I have no way to talk to (and I don’t picture myself as some sort of stan of him), I think it is a good starting point for a broader reflection on some of the themes I care most.


On Signal, leftist service providers and the relation between individual and society

I am deeply fascinated by the figure of Moxie Marlinspike. He is a world renowned cryptographer, the creator of SSLstrip, and the creator and maintainer of Signal, both the apps and the backend services.

While he gained attention and respect in the crypto((as in cryptography, not cryptocurrency…)) community for the former (and for the technical novelties introduced with the latter), he is mainly known to the wider audience because of the credibility gained during the years of operation of Signal: a service designed and operated –for free– to protect as much as possible its users from mass surveillance.

He is also a fierce critic of the idea of decentralization((He motivates his position in this talk, and reiterates it in this blog post))((https://en.wikipedia.org/wiki/Decentralization – This is quite certainly not the case with today’s internet, as the majority of us participate in a rather asymmetrical way to the extent of the net.)). This is somehow remarkable because of the environment from which he comes from, where decentralization is often held as a value and a milestone in the path to the emancipation of the people through means of technology((I am being ironic…)).

So, why am I talking about him? It’s because I often agree with his analyses, I feel like we share some common ground on many political beliefs, but then I crumble to the ground with many of the choices I see him doing through means of his Signal project.

The Leftist anarchist squatter

I always first picture him as a comrade –as I am–, a leftist anarchist who is fighting for a better world for himself and everyone. Also, he manifested positions that resonate with me many times((https://moxie.org/2013/01/07/career-advice.html))((https://moxie.org/stories/together-two/))((https://moxie.org/stories/promise-defeat/)), and I assume is inspired by a honest pursuit of emancipation of the people from the oppression of capitalism. For example he asks himself((https://moxie.org/stories/together-one/)):

This cycle seems to be a common thread for those of us who aren’t interested in living life for money, property, or prestige. But if we realize that happiness must be an active experience, what good is dedicating ourselves to transformation if it means falling victim to the banality of routine which we so despise in the capitalist abstraction of every day life?

and also((again https://moxie.org/stories/promise-defeat/))

But in a way I was prepared for it. Just like with the task of destroying capitalism, there were dizzying odds against me that I couldn’t ignore.

In his many recounts of previous lives, he often narrates of his experiences living in squats or communal housing projects. He alludes to the world collective and as he has been part of some((https://moxie.org/stories/pink-stool/))((https://moxie.org/stories/together-two/)):

I’d been living in a 8-bedroom, three story, Pittsburgh PA collective house.

Eventually he also decided that he’d take me all the way to San Francisco, so we talked for hours on the road and he’d ask me great questions like “Wait, now what’s a ‘collective’?”

So, all the elements here point me to deduce that he is one of us, him I could easily mistake for one of the many people I encountered at a meeting in a squat, hazy with weed smoke and full of rage against the way the world revolves. Sure, one of the most adventurous, but still one I could discuss with frankly of my perspectives, not speaking in half voice of how I despise the world I am somehow contributing to.

But something in his character, at least the character that transpires from what is publicly known, is odd.

The CEO

Although playing the role of a misfit in his posts, the public record of his works shows a different pattern: he has been a greatly successful professional. Assuming the Career section on his Wikipedia page is correct, he has been a software engineer, he has been a very successful security researcher and also head of cybersecurity at Twitter. He also founded and led companies instrumental to the success of Signal as a widely adopted service.

He apparently thrived in the venture capital world, interacting with many of the elites in the big tech. His declared objective was to spread the use of his new secure instant messaging protocol (the signal protocol), but I still can’t understand how he could have been comfortable in cooperating with something I see as one of the instrument of capitalism in oppressing us.

What is even more strange is the language he uses while talking of Signal. He uses a jargon that is indistinguishable from that of those very same companies.


I want to point out at this point that I am not judging him, nor I condemn his actions. I may easily imagine him doing all this in the spirit of sacrificing to reach a better outcome for the majority of us. The political opportunity of these choices is what I will comment later on in this text.


The duck test

If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.

I see the above adage as a summary of the reductionist approach: a layman’s version of the Occam’s razor. While I do embrace it fully when trying to analyze the physical world, I have to admit it could miss the point when used to test the nature of human and social interactions.

I am part of some tech collectives and I see that all of us have to accept some degree of compromise with the world we criticize. Often –and this is also my case– we live off the salary of these same tech companies we have issues with. In many cases, we cannot easily escape market mechanisms, also if we fiercely criticize them. The rules of the game are not up to us to decide, we can yell and cry but, at some point, we have to decide how to play by them.

The confusion here may arise from the fact that Moxie at some point choose((or he did not, and found himself in this situation, nevertheless.)) to conflate his public action with his work. This has often the potential to generate friction with those who observe or rely on your work. In many cases to avoid friction one tries to lower their public profile, in order not to attract to many lightnings.

But there is some use in the duck test also with the sweet and sour human hussle: at some point we have to make choices and answer for them to the people around us.

The broader picture

I am convinced that an individual is not capable of altering the course of history. That is, one can be instrumental in a process that is much bigger, and foster change in a direction that is already determined by the historical forces. With this I do not mean that there is no free will, just that one may not be held responsible for a big change, for good or bad.

So, Moxie is not the responsible for the way the means of communication are changing now. He is merely instrumental –as I am in my small area of action– to a process that is the consequence of the new technical possibilities we have now and an old desire of being in touch with the people around us((and the social and political conditions in the world we live in.)).

These changes are radical and imply((I do not mean a causal relation here, rather a deep correlation.)):

  1. the possession of a smartphone
  2. the switch from an asynchronous form of communication (the email) to a synchronous one (the instant messaging) as primary medium
  3. to delegate heavily our means of communication to a relatively small number of entities

These seems like trivial facts where I live, and are such natural at this time that is difficult for me to remember how different it was to communicate just 15 years ago. But all these facts bear unavoidable consequences.

Having (and being expected to) a smartphone with oneself all the time in all the places is a liability, not just for the conspirator who is hiding from the state, but also for the ordinary person that has less means to escape the rule of law in case of need.

The use of mainly synchronous communication services is taking a toll on our ability to observe the world, as we are more and more drawn to the realm of the vertical-aspect-ratio-window-on-the-web.

The last point is the one I see as more problematic in the long term. Surely the email stack (the protocols, the softwares and the sociology) are problematic, and have had (and still will have) tons of issues, but it is still feasible for a small group of people to host a mailserver and interact with the rest of the world. In contrast, what I saw in many collectives and in the broader activists’ communities is a switch towards a limited set of communication providers((I name it here. For the email: google (gmail) and protonmail. For the instant messaging: whatsapp (and facebook at large), telegram (this increasingly predominant), signal. For the videochats: zoom, google (chat).)). While this might just be faced as the spirit of the time (the post has always been a single entity, why should I worry now for a few to handle my communications), I see it as a dangerous path.
Sure, Signal and the zealous evangelism of E2EE((end to end encryption: the possibility for two parties to communicate in a way that the service provider is not capable of eavesdrop.)) aim at stopping the global and indiscriminate surveillance, and has been pretty successful until now. This is due of course to the political cost of requiring to break E2EE for everyone, but the case has been made in many commonwealth countries and in the US and EU to require some sort of backdoor((https://www.nytimes.com/2019/11/19/technology/end-to-end-encryption.html))((https://www.rollingstone.com/culture/culture-news/revealed-uk-government-publicity-blitz-to-undermine-privacy-encryption-1285453/))((https://techcrunch.com/2016/08/24/encryption-under-fire-in-europe-as-france-and-germany-call-for-decrypt-law/)).

I do not see this as an easy struggle. Even more, I do not know if this is the struggle that is worth fighting now. This leads me to the next question.

Where is the value?

I wonder what is in the head (and in the heart) of Moxie, when he thinks of the people he developed Signal for. Reading his posts, I figured in my mind a sketch of the people and the contexts he frequented. I know US culture indirectly, so I do not pretend to really understand it. But I guess that one of the core values he looks for is that of community of peers, and I picture his actions as a way to give tools and offer protection to those communities he inhabited (and the many he only heard of).
In this picture I have of his thought, I feel that a very important aspect is emancipating those communities from the oppression of the state. Such oppression manifests in many ways, primarily through police direct intervention, then on the broader stage of mass surveillance.

I guess that here arises one of the main disconnect between us. I live in a place where the state is surely more intrusive, and yet less scary than the one I picture from his words and what I read every day. Sure, I do not want to have problems with the police and I see the state as functional to the workings of capitalism, but I don’t see (at least not anymore) the destruction of the state as a final goal in the path to emancipation. It is an obstacle, clearly, but it’s not the main enemy. The main enemy to me is embodied by the real power relationships between who has to work to live, and who profits from that work. The path towards the subversion of this system lies in empowering as much as possible the people around me, and removing power from those who retain it.
Oftentimes, this means that I have to renounce to power myself, and I am sure that Moxie is all too aware of these dynamics, that often arise in the collectives he frequented.
This also means that, sometimes, my authority is diminished, my capacity of taking free choices is reduced by virtue of this sharing power with those around me.

So centralizing is for sure faster and more effective in delivering a safe and modern service to the user base of Signal, but at the same time is a liability.

AS always, money

Another issue lies in the choice of deploying a way of exchanging money using Signal((https://signal.org/blog/help-us-test-payments-in-signal/))((https://signal.org/blog/update-on-beta-testing-payments/))((This has recently been a very contentious issue. As the public debate on cryptocurrencies rages, I will abstain on any analysis on these aspects.)). It doesn’t really matter that this is implemented through a blockchain, nor all the technical bits. Moreover, Moxie did not seem a fan of cryptocurrencies per se((https://twitter.com/moxie/status/1479482813237764097))

Payments in Signal do not use PoW; it is no more computationally intensive than sending a message. I personally have no interest in cryptocurrency in the abstract, would happily implement payments via Stripe if it were private.

He seem more interested in offering a private payments system((I guess, a service with which to exchange money in a way that is not traceable.))

Every major messenger has support for payments; we want to provide the same. The future of payments right now is extremely bleak, and without an alternative will be either FB gets all data or CC cos through their L2/L3 push.

The issue here is that the service embraces the logic of value exchange not mediated by mutual trust relationships, but by a service.
Don’t mistake me for some sort of primitivist((although, I have to admit, it is a common attitude among the people I hang out with to despise money, or at the very least be very much cautious when it is involved in some relationship of sort.)), I am not proposing to renounce straight away to money. What I say is that this seems a very bitter pill to swallow. He seems to justify this as a matter of competition with other instant messaging providers. Many pointed out that this is something very off course for Signal, but all this seems not bound anymore to the concept of instant messaging. As he said, the ecosystem is moving.

Oddly enough, I have a story to tell that is related to (crypto)currencies and squats. Some time ago, in a squat I used to frequent, a pair of guys stopped by and begun to interact with the collective and the people of the squat about a cryptocurrency project they had assembled. They were proposing some sort of federated coin to be used inside the squat to compensate work (like the common chores or the shift at the bar service) and buy services (like a beer), and were touring Europe to promote it. Such coin then, upon approval of the local collective, could also be exchanged in other squats (just in a federated manner).
At first we took the idea seriously, but then let it down as we foresaw in it the same exploitation mechanism that we already lived in our lives.

Conclusions

I am still fascinated by Moxie. I find him even more fascinating because of all the contradictions he seems to embrace, and yet overcome in his unperturbed course of action.
What I choose to do with my time is quite different, but I still feel a sense of respect for him as a human who –I guess– cares for the people around him.

Meanwhile, the world around us is changing evermore abruptly and I hope to be able to keep the pace.

I don’t think that emails will go away very soon, and that we can rely on them once again. I also think that being able to change fast is not an absolute value, and that sometimes renouncing to some feature, is a quality of a software/service.

Successfully unfucking a fucked partition set in an A/B android device

I own a very nice piece of plastic and chips since the end of 2018. My previous smartphone was a shiny almost-everlasting Nexus 5, that unfortunately fall out of the grace of its creators (google + LG stopped to provide updates a long time ago, but the community of OSS tinkerers maintained an updated version of LineageOS for a while). I bought a OnePlus 6 to replace it, hoping to find a very similar experience: full of support from the LineageOS community and easily rootable.

Turned out I was quite wrong, but the OSS community is not to blame. The main source of pain has come from the new A/B layout of the partitions in android.

TL;DR

Having care of replacing the value for healthy_part with the correct one for your case, use this script from recovery, entering via adb shell

healthy_part="a"
if [[ "$healthy_part" == "a" ]]; then
  broken_part="b";
else
  broken_part="a"
fi
for part in /dev/block/by-name/*_$healthy_part; do
  source=$(readlink -fn $part)
  dest=$(readlink -fn ${part%%_$healthy_part}_$broken_part
  if ! [[ "$dest" == *"/data"* ]]; then
    dd if=$source of=$dest
    echo "done: $source -> $dest"
  fi
done

The long version

Since the beginning, I bought this smartphone with the idea of using it with LineageOS, hoping to easily add a su binary as an easy add-on. This is not the case, if one wants to have a usable phone with banking and identity-sensitive apps. The modern© way to do it is using Magisk. I was also bound to install the google apps (universally called Gapps), because many apps do expect to find such services on the phone and the lovely homebrewed microG project is quite dead.

All this comes to a cost. The process I was supposed to follow is the following:

      1. Unlock the bootloader
      2. Restart into the bootloader (turn off the phone and then start long pressing the power button + volume up button)
      3. Start the phone using a custom recovery (I used TWRP, with<sudo fastboot boot path_to_twrp.img)
      4. Install LineageOS (either sideloading it or pushing it with adb push lineageos.img /sdcard and then using the install menu)
      5. (HERE IS THE IMPORTANT BIT) Reboot to recovery AND install first the Gapps and then Magisk, either by sideload or pushing the zips as the previous point

Why the last step is so important? Because of this A/B layout. The thing is that, when installing the update for the OS (in this case, the lastest LineageOS that replaces OxygenOS), the installer is performed on the inactive partition. Which partition it is, depends on the currently active one. If you are, let’s say, on the A partition when rebooting to bootloader, such is the active partition. In this case, the update will be flashed on the B partition. But we want to install the Gapps and the Magisk magic before the first boot into the new, updated, system. This because both these applications do have some sort of high privilege and make changes to the system partition and, as such, are needed before the first boot of the new OS. But both the Gapps and Magisk installer act on the currently active partition. If we’d install them right after installing the update, we’d be installing them to the A partition, the one that has not been touched by the update!

Flow to upgrade to LineageOS with Gapps and Magisk
Flow to upgrade to LineageOS with Gapps and Magisk

At the end of this process, after the first successful reboot into partition B, the OS updates itself onto A. What bothers me is that I am not aware if this is the case also with the Gapps and Magisk.

Missing flow for Gapps and Magisk
Missing flow for Gapps and Magisk

Useless to say, this is not what I did and I have evidently fucked up at some point in time. After many failed upgrade attempts, with an apparently random failure rate, I got all that I wrote above, and realized that only the A partition set was healthy (because it was the only I was able to upgrade) and that the B was somehow fucked up.

The fix

I remembered that the nice LineageOS people gave the people the possibility to copy all the set of A partitions to the B set. This because, sometimes, the OEM (the phone manufacturer) shipped the handset with only one set of partitions, the A one, clean and working, and to be sure to reach a working state after upgrading to LineageOS, they devised that the right thing was to pour in all the A partitions content into the B ones. I looked into the script and extracted the only part I needed, taking care of avoiding any partition that was not directly mapped to a block device (therefore filtering out the partitions linked to an .img file on the data partition).

I hope you won’t never need it. Nevertheless, if you got here, you’re welcome.

Why so much ado with crates.io?

Disclaimer

If you stumbled upon this post, coming from crates.io, I am sorry. This is just a little sleight of hand to raise the issue on the (absence of) policy choices in crates.io.

I am aware of this part of the Policies:

Using an automated tool to claim ownership of a large number of package names is not permitted. We reserve the right to block traffic or revoke ownership of any package we determine to have been claimed by an automated tool.

I am fine if any of the crates created with the small tool I’ve assembled, and spammed through this github user, are removed altogether.

What did you do?

I created a small cli utility that leverages the cargo crates and spams crates.io with almost-empty crates, varying only the name. The names may be generated at random, or read from a file (and in this case, may be mangled, as to find unused crate names to be used in typosquatting attacks).

I then used this tool to publish some crates. The first ones were tests of the tool, using the random source, then I proceeded using the mangling feature on the most popular crates.

Why did you do that?

I recently discovered a crates.io user that registered some 3 years ago some crate with names that are common English words. This is not the only squatter around the registry, but the description of each registered crate sounds quite offensive to me

WIP. Contact me if you want to use this name!

I promptly engaged with the crates.io team, but I was bounced to this closed issue about this very same user, which then referenced to this stale eRFC from 2018, where an experimental moderator team for crates.io is proposed (at the time of writing, the issue is open but the last comment is from Jun 11, 2020).

I understand that rust, and then the crates.io repository, was born inside Mozilla with limited resources. I also understand that moderating and policing is a very time-consuming and potentially frustrating activity (I myself wouldn’t feel comfortable in doing it). Nevertheless, rust is not anymore a Mozilla-only backed project, and indeed it has been embraced by a number of big corps around the world (and many laid down by Mozilla have been hired by some of those very same big corps, but I digress).

To add more on this: this issue seems a dejavu from a previous incident I did know nothing about.

What then?

I understand this is a delicate matter to face, and I don’t feel qualified to point to any specific solution. This seems to me the result of a questionable design choice, namely the absence of namespacing. This is still an open issue and there is no consensus on how to proceed (see here and here and here).

As I said above, my aim is to raise this issue. I am comfortable with all the packages I generated with the tool I wrote being removed from the registry by the crates.io team. I also want to point out that all the crates I registered that are dangerously similar to other very popular crates have a benign purpose (and I feel more easy about them being under my control than some other malicious actor).

I closed the issue section on the code repository, but feel free to drop me an email (but please, don’t be rude).

Edit

The account I used is currently locked

Failed to log in: This account is indefinitely locked. Reason: Using a script (https://github.com/blallo/xkcd-386) to reserve crate names is against our policies.

Edit 2 (20211122)

Apparently, something is happening among the rust teams. I am not able to say how much this is related to the aforementioned issue.

The resignation letter from the rust moderation team
The resignation letter from the rust moderation team

Edit 3 (20220606)

I begun frequenting some of the places where the rust community hangs out. On reddit I received word that the above update is (as was pretty much expected) totally unrelated to my actions:

Comment on reddit from llogiq

Some time ago I also requested the crates.io team to reconsider the ban of my github account in order for me to publish a small rust library I had some fun writing. This also in consideration of the fact that this action here had no consequence in real life and no one reached out to me.
At the time of this update, I am waiting for the crates.io team to reach a decision.

Edit 4 (20220614)

The crates.io agreed to revoke the ban of my account. They did this after I made amends for my actions and have been very kind in doing so. I updated all the crates I reserved with the tool to mark explicitly that I am willing to cede the name, if someone is interested in it.

I think I will work on something in the future, if my personal life allows me to.

Edit 5 (20230309)

This is something not at all unexpected: someone uploaded real malware on some typosquatted crates.

Academia and capitalism

With this post I try to materialize some thoughts that have been in my head since I quit academia. The reason why I am doing it now, 6 years after I parted ways with professional research, comes from this twitter thread (from an account I have never heard of, but the content tickled me). While I sympathize with the author and deeply feel for his o her condition, my purpose is to show the underlying elitist assumptions and criticize some of its conclusions.

I report it here in full quote:

Academic Job Discourseᵀᴹ is back (it’s never gone).

Tl;dr: There are no jobs.

Headline: Commodification of academia has decoupled the value of research from the chance of employability.

Long read: Research and teaching simply cannot be conducted on business principles… 1/

…but since the marketization of the higher education sector, the output in academia *is* reviewed according to capitalist principles. In effect we are led to believe that people producing research output (primarily social capital: what allows the society to run) should be… 2/
…employed according to the principles of the market. This is insane. There is no „market saturation“ of palaeographers or biochemists. The number of people researching a particular topic or discipline cannot be dependent on the perceived market value of their output. 3/
But in effect researchers (whose output is not monetary capital) are forced to compete for the right to conduct their research as if it was. This causes a severe deficit of jobs and job market becomes job lottery. 4/
This has to be presented as a meritocratic competition because the system will only sustain itself if enough brilliant minds buy the lottery tickets (do PhDs, publish, teach and research in precarious posts). 5/
The technological progress in research is not a byproduct of the marketization. Accessibility of data changes nothing in the sheer knowledge and training needed to assess it in order to produce actual *research*. 6/
The progressive drive to monetize research output (sth that can be given a price, sure, but this price will always be *completely* arbitrary) causes basic research and teaching posts to first precarise and then disappear (no „market value“) 7/
This process only inflates the lottery model making brilliant researchers leave their fields not because they didn’t produce good work but because they didn’t have the resources to keep buying the lottery tickets (they couldn’t survive the precarity any longer) 8/
In completely marketized systems (UK for example) this leads to sharp decline in student numbers in those areas (students are forced to pay large sums of money and thus forced to treat the education system like the stock market) This allows to further limit the number of jobs. 9/
This system allows also monetary exploitation of researchers‘ output and skills through the academic publishing system. Articles become lottery tickets first, research capital second. 10/
A few points on this first:
  • I agree with the idea that it is wrong to try to give a monetary (or market) value to the scientific output of someone/some group
  • I lived on my body what here is called job lottery
  • While it is nonsensical to try to monetize abstract or highly theoretical research, there is basic research with a direct market value (I am thinking to biomedical research, but also to material science, for example)
  • The twitter lyric/canon is awful, especially to convey ideas and themes like this that would deserve some more room for reasoning

Caveat

I am not willing to uphold any capitalistic or econometric point of view here, for example that there is a meaningful way to attribute a value to anything. But. I see as necessary to face at least the matter of the cost related to research.

The argument runs on a slippery slope, so let me be clear: I don’t want to say that one must conform his or her aspirations to the expectations of society.

Last warnings:

  • here I often use science as a container term that should also be understood as culture and knowledge
  • the way I use the term society is very fuzzy, and I don’t mean to assume that we all agree on the fact that anyone of us is comfortable in being encased in a catch-all concept (I would not), but it is a handy way to indicate our collective mean action as species

The issue

There is a problem that is apparent: having a work in research is a privilege, given someone manages to enter such elusive realm, having overcome the issues clearly expressed in the thread. It is a privilege not only because, as noted, research jobs are scarce and accessing it is a lottery, but also because the possibilities one has to win the lottery are closely related to the class one belongs to. As paraphrased in the cited thread, the more lottery tickets you can buy, the more chances you have to win. This is closely related to, for example, how many years one can manage to survive with precarious jobs, often accepting to relocate in a different nation, maybe a different continent, every 2-3 years.

This is not entirely a matter of class, of course. Assuming academic evaluation to be fair with respect to someone’s class (spoiler: it is not), it is a very personal stance to accept a life like this.

Social expectations

But moving from the personal kind of issues, there are also social ones: a job in research is, usually, well paid. Research activity itself is costly, especially experimental research (because of, you know, experiments; they are usually costly). All of this is often financed with money from states’ budged (by state here I mean nation states). When it is not, it comes from private endeavor. Such funds are not for free, in the sense that the ones (both private and public) giving this money away seek something in return from the professional researcher. As noted in the thread, it’s quite nonsensical trying to quantify research, but this comes from the need to justify the amount of investment made in some specific research, by means of the aforementioned money.

So, what does the lenders (and society at large, we might say), do expect from a research professional?

  • Measurable output (publications, patents, conferences)
  • Teaching (i.e. the transmission of one’s specialized knowledge in the field of study)
  • (ever more frequently) Public outreach (in the form of social media active presence, public speaking as a recognized expert, popular books on the matter)

I may say nothing here is unreasonable: given that the possibility to earn a living with science is mainly a public (or private, for what matters) founded activity, one might very well cope with these obligations. The main problem here is that the amount of money society puts into science is limited and, to decide how to distribute it, a very nasty concept is used: value.

Value?

The way value is attributed to this research is, in my humble opinion, ludicrous, and I’ve seen quite a few times the young professional scientists season into either the research workforce manager or, even worse, some form of sales representative for his or her own research line. I don’t mean to judge anyone with this words. I am not in a different position now: having chosen to enter professional software industry does not shield me from the very same critiques. Nevertheless, the ideal conception I upheld once about the brave intellectual, working for the sake of human knowledge advancement, armed only with the clarity of pure reasoning and scientific honesty…has been notched a bit along the way.

Back to the value, is is often a matter of either: potential return of investment, mainly in research fields that may have practical industrial applications (material science, biomedical research, computer science to name a few); or brag (i.e. the possibility for the moneylender to boast the achievement as its own praiseworthy and wise choice) ((I am admittedly ignoring political motivations, for example when a research line is encouraged (read: financed) for some political aim, to lay ground for some claim shielded by some scientific research (as if this worlds have become the new way of saying that some endeavor is the will of God). I am assuming such motivations alone are enough to undermine the assumption of honesty any research needs to be defined scientific.)).

While these reason are laughable in light of pure scientific advancement, they determine, together with the underlying omnipresent drive for profit, the main research lines in every scientific field I know.

So what?

Where all these rumblings meet ends with the academic career stuff? The fact is that there is paucity of jobs in research is true. What upsets me is that it is often met with contempt the idea to seek a job outside research. Why should a brilliant mind™©® like those who roam the highness of reason descend into this purgatory of everyday people ((As it is noticeable from the last words, I might be a bit resentful with that world.))?

Being employed in research is a privilege, and should be understood as such. While I embrace fully the idea that society should invest more and more in research and education, this is not the current reality. And I would also love to see demands of wealth redistribution from that side, asking more funds to be taken from the wealthy (using wealth and not income as indicator).

So, to me is unacceptable the idea that one can safely live thinking that his or her position of privilege are just and deserved, just because one managed to sneak into the right place.

It also seems arrogant the very premise of the thread. Let me paraphrase in this way: because science is the truth and the highest human activity, it is of course reasonable that the best minds want to do science, so be scientist fed and be science nurtured ad libitum.

The assumption should be inverted: science is not a market because of the output it produces, but (mainly) because of the demand the community of scientists has to keep on existing. This generates competition for the (scarce) resources: money and jobs.

Should I suffer?

Let me finish, going back to the personal aspect of this quarrel.

This is obviously far fetched and does not apply in equal measure to anyone, but the issue here seems to be twofold:

  1. from one side a research professional, while in the game (i.e. while still holding a job in academia) may fairly fear that leaving academia and finding an employment outside of it automatically corresponds to a devaluation of his or her professional value, and that it will not be possible to fully take advantage of the knowledge acquired in any other job;
  2. even more, the fundamental question might be “why should I give up my privilege? why should I assume I have not earned it?”.

As for the first point, I might humbly point out that this is an issue shared by any elitist profession: the professional dancer or musician, artists in general suffer the very same dilemma.

I might also note that the very narrow sectors that attract interest from some industry have the opposite problem to paucity ((toc toc: AI and machine learning PhDs, I am thinking of you)), academia suffers such a heavy competition from the world of production that retaining people into academia is a problem ((because you know, academia pays well, but FAANG pays waaaaaaaaay better)).

Regarding the latter, I let the easy task of answering the question to the reader ((Before thinking I am a total douchebag, let be reminded that this is the pun used in most scientific books (mainly in mathematics or quantitative sciences) by the authors to encourage the readers reflecting autonomously into the matter under consideration)).

Note for all my friends still into research

I am sorry, this might have sounded rough and unfair, especially for the many that are keeping hard, working in research and living a tough life because they are doing what they love. These words are not aimed at hurting you. But I feel this is the best approximation I could paint of the current state of life in research. You are (as always) very welcome to send me your thought, also the harsh ones.

TIL: apcupsd wants no device

After some time, I found this very useful piece of information, on how to make function again apcupsd. The gotcha is this

you should change DEVICE /dev/ttys0 to DEVICE in /etc/apsupsd/apsupsd.conf with nothing after it, this way apcupsd search everywhere on the system to find the UPS and connect correctly

Thanks internet!

TIL: Dovecot stubbornness

Today I learned that restarting dovecot with the systemd unit provided by debian (on buster) is not enough to reload the configuration.

systemctl restart dovecot

I had to manually run

doveadm reload

Then I realized that this is integrated in the systemd unit, using reload instead of restart:

[Unit]
Description=Dovecot IMAP/POP3 email server
Documentation=man:dovecot(1)
Documentation=http://wiki2.dovecot.org/
After=local-fs.target network-online.target

[Service]
Type=simple
ExecStart=/usr/sbin/dovecot -F
PIDFile=/var/run/dovecot/master.pid
ExecReload=/usr/bin/doveadm reload
ExecStop=/usr/bin/doveadm stop
PrivateTmp=true
NonBlocking=yes
ProtectSystem=full
ProtectHome=no
PrivateDevices=true

# You can add environment variables with e.g.:
#Environment='CORE_OUTOFMEM=1'
# If you have trouble with `Too many open files', increase
LimitNOFILE=65535
# If you want to allow the Dovecot services to produce core dumps, use:
#LimitCORE=infinity

[Install]
WantedBy=multi-user.target

Starting the erlang observer from within a docker container

I am currently working with elixir. It is a neat language, with a lot of good tooling. It’s rooted in the erlang world. A very useful tool to have some overview on the internals of the BEAM is the erlang observer.

Nowadays, the common workflow relies on containers. It is a very common issue to try to start graphical applications from within a container. Let’s prepare a playground

FROM elixir:1.10.4

ARG uid=1000
ARG gid=1000

RUN groupadd -g ${gid} alchymist \
    && useradd -u ${uid} -g alchymist alchymist \
    && mkdir -p /test \
 && chown alchymist:alchymist /test

USER alchymist
WORKDIR /test

ENTRYPOINT ["iex"]
CMD []

We can build it with

docker build --build-arg=uid=$(id -u) --build-arg=gid=$(id -g) -t alchymist:0 .

Let’s start normally

docker run --rm -ti alchymist:0

Trying to start the observer, we get an error

Erlang/OTP 22 [erts-10.7.2.2] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] [hipe]

Interactive Elixir (1.10.4) - press Ctrl+C to exit (type h() ENTER for help)
iex(1)> :observer.start()
09:46:02: Error: Unable to initialize GTK+, is DISPLAY set properly?
                                                                    {:error,
 {{:einval, 'Could not initiate graphics'},
  [
    {:wxe_server, :start, 1, [file: 'wxe_server.erl', line: 65]},
    {:wx, :new, 1, [file: 'wx.erl', line: 115]},
    {:observer_wx, :init, 1, [file: 'observer_wx.erl', line: 107]},
    {:wx_object, :init_it, 6, [file: 'wx_object.erl', line: 372]},
    {:proc_lib, :init_p_do_apply, 3, [file: 'proc_lib.erl', line: 249]}
  ]}}
iex(2)>

The trick is to mount the needed files and pass the correct value for the environment variable DISPLAY.

docker run --rm \
    -v $HOME/.Xauthority:$HOME/.Xauthority:rw \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    -e DISPLAY=$DISPLAY \
    -ti alchymist:0

Starting the observer, we then succeed

Erlang/OTP 22 [erts-10.7.2.2] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] [hipe]

Interactive Elixir (1.10.4) - press Ctrl+C to exit (type h() ENTER for help)
iex(1)> :observer.start()
:ok
iex(2)>
the erlang observer started from a process inside a container
the erlang observer started from a process inside a container