No Food for Thought

Food is something you should provide to your brain long before coming to this blog. You will find no food recipes here, only raw, serious, non-fake news for mature minds.

New Nova Scotia Law Gives Hope North America Could Heal Itself

admin Wednesday January 20, 2021

5 years ago, I started a dangerous boycott of Quebec's organ donation system. Thankfully, I am still alive, and did not kill anyone yet.

And more importantly, the chances my death won't kill anyone else are increasing, now that a new tissue and organ donation law went into effect in a neighbour province. Since January 18th, donation has been opt-out in Nova Scotia.

Unfortunately, that news taught me that this is a first in North America. This world may have a deadly addiction to egoism, yet according to CBC, there is already talk about following Nova Scotia's lead in another province, no other than Alberta.

Here's hoping Quebec can stop deifying individualism just like it is doing with the SARS crisis and show it has enough hearth not to finish last in this marathon.

New Religion

admin Sunday January 3, 2021

Most religions appeared during history, but not recently. We do have accounts of how that happened, like the Bible, but it's not so clear who wrote what when, nor what exactly was written before time and translations altered the texts.

The birth of a third millennium religion constitutes a great opportunity to study how religions were designed and adopted. The Internet and all of today's technological means make its deities much clearer. Technology also gives many more high-quality records of how it spread. But analyzing these still requires skilled historians.

That's where Jesse Frederik, economics correspondent at De Correspondent, comes in. His mission?

Jesse Frederik wrote:
I want to show how seemingly minor policies have the biggest impacts, while examining overhyped narratives in politics and the news.

And delivering on this promise, Frederik offers Blockchain, the amazing solution for almost nothing. As I couldn't have written it better myself, I am happy to designate it as the third and final episode of No Food for Thought's crhypeto trilogy.

"Pilot Error"

admin Sunday December 20, 2020

The crash of Lion Air Flight 610 and the resulting 189 deaths raised quite a few questions. Understandably, a lot of suspicion went towards the plane's manufacturer. But Boeing had much luck in those circumstances; what better target for deflecting blame than dead pilots? And indeed, this crash was initially blamed on pilot error.

Unfortunately for Boeing, the flight had a few survivors: its flight recorders ("black boxes"). And with hundreds more equally flawed planes, 5 months later, when an equivalent failure caused a second "737 Max" crash, Boeing's cover-up blew up. In March 2019, an article by the New York Times already made the existence of MCAS (the Margins and Casualties Augmentation System?) public, and the technical causes of these catastrophes were already mostly known.

Ultimately, it's clear these catastrophes are attributable to governmental failure, after the FAA outsourced safety verifications... and not to independent parties, but to parties paid by manufacturers. Thankfully, Canada's government hasn't given up on all its responsibilities yet, as a remarkable The Fifth Estate episode shows. Congratulations to Terence McKenna and the CBC for managing to deliver such a remarkably both technical and emotional picture in just 24 minutes.

The episode from The Fifth Estate is a little too short to fully cover the technical issues, but I recommend others who are curious about these causes and who are passionate about software and security to read the IEEE Spectrum's How the Boeing 737 Max Disaster Looks to a Software Developer, a detailed explanation of the surreal design failures which culminated in these catastrophes. It would be sin not to thank Gregory Travis for writing an accessible explanation which is nevertheless comprehensive in all aspects—technical (mechanics, redundancy, autopilot, user interface and engineering), historical, social, economic or political. Even though The Fifth Estate's episode had brought me to tears, Travis's careful writing and - having seen quite a few times in my own experience the same patterns he describes - his description of the accumulation of mistakes managed to give me a good laugh.

No bugs, just no design

Despite what the Times article and others may suggest, there is no real "error" which contributed to these crashes. Clearly no pilot error. But also, no defective line of code, nor any kind of software bug. The software behaved as it was intended to behave. All there is are a couple predictable sensor failures, and more importantly, systemic negligence. The wrong engineers influenced by the wrong managers, blind to the few who did manage to foresee what would happen. The wrong people managing critical systems, all under the watch of clueless (or partial) supervisors.

To make a parallel with wheeled vehicles, the "737 Max" is a motor vehicle with a single brake. There is nothing broken in cars which have a single brake. In 1900, owning one would surely have been a great privilege. In 2016 though, there were few ambulances relying on a single brake. And if a hospital was forced to rely on one, you'd expect paramedics driving it to be warned and trained to use it as a last resort only.


As outrageous and irresponsible as all this may be, I am not an advocate of market intervention. Governments don't necessarily have to inspect and certify planes themselves. It is unavoidable for airlines to cause negative externalities at times. But if they do, those flying need to accept to internalize these risks. Airlines and governments should warn each passenger and crew member about the risk flying represents. And possibly prevent minors from flying on ridiculously unsafe planes.

Something needs to be done quickly to stop such patterns. Lives fly when you're crashBoeing.

2021-01 Update: Boeing Charged with 737 Max Fraud Conspiracy and Agrees to Pay over $2.5 Billion USD
2021-10 Update: Former Boeing 737 MAX Chief Technical Pilot Indicted for Fraud

Open Source Security Foundation

admin Sunday December 13, 2020

A couple of months ago, when writing about the end of EU-FOSSA 2, I criticized its reactionary nature. Just like I had done a few years ago about the Core Infrastructure "Initiative", EU-FOSSA's private counterpart.

That is why we can feel very grateful once again to the Linux Foundation's Jim Zemlin for setting up OpenSSF, replacing the CII this year. Not only does the Open Source Security Foundation lose the "initiative" in its name, but it really is a lot less reactionary, established as a permanent project:

OpenSSF FAQ wrote:
The CII was funded largely by grants, OpenSSF will be supported by Linux Foundation membership dues with targeted organization contributions to support initiatives. The CII’s ongoing work is being transitioned to the OpenSSF, and we expect that the CII will eventually be dissolved as the OpenSSF replaces it.

A lot has changed since Heartbleed. The next challenge would be to see security efforts more integrated into primary software projects, rather than in secondary projects, still somewhat reactionary afterthoughts.

Here's hoping for truly organic security (which doesn't prevent external security assessments)


Wanting to become more universal than the CII, OpenSSF is facing a serious challenge: prioritization. By trying to become neutral, it appears it's so far risking its auditing efforts to be irrelevant, with its current method computing Qt's criticality as way lower than... some Bitcoin software cry And beyond noting that the current metrics are broken, I don't see an easy fix without completely changing the approach.
Here's hoping common sense prevails

Preventing Corporate Success

admin Sunday December 6, 2020

Lack of supply is a problem Western states take very seriously. A lot more than the weight of excessive regulation.

So when a market is lacking suppliers and failing to satisfy consumer expectations, what are governments to do? Increasing supply would of course address the issue, but come with challenges and take time. The better (or at least much more popular) option is attacking existing suppliers. Obviously, doing so, the issue is worsened. But using anti-competition legislation, at least, the "solution" is simple, quick, and puts pressure on suppliers rather than on those who could help. It goes without saying, the best part is giving the impression that the government is doing something about the problem... and the ultimate bonus: stealing funds from the most successful suppliers and moving them to the state!

If you thought excessive regulation would at some point trigger a move towards balance, you must resist wishful thinking. In reality, excessive governmental regulation is causing businesses to create even more regulation in response.

Now let's be clear - it is obvious that Google expected the existence of “Five Rules of Thumb for Written Communications” to become public. But is that reason enough not to take the occasion to pause and reevaluate our direction?

Congratulations, Google, for this unsurpassed valuable move to not only alleviate the impact on you, but also try to kill dominant fallacies enhance the environment for the interest of all markets best

Artificial Intelligence's Next Achievement: Unlimited Trolling?

admin Friday November 6, 2020

Large-scale peer production projects rely much on contributions from potentially anonymous individuals. International volunteer projects, such as Wikimedia, are largely based on a general sense of trust and fail to verify identities of (apparent) contributors. While this already creates huge issues for Wikimedia and many more, ongoing developments in artificial intelligence could soon enable cheap attacks of such projects causing massively larger wastes of effort, threatening these projects' viability.

Now is the time for globally verifiable identities.

Leaving the PHP Framework Interoperability Group

admin Sunday October 4, 2020

Last December, I struggled with documentation tags while using Eclipse with a private PHP project. I eventually realized Eclipse wasn't necessarily the one to blame. The specification for PHPDoc's @param tag is found in PSR-19, a standard recommendation published by the PHP Framework Interoperability Group. According to that specification, many @param tags would be ambiguous, since the last 2 elements are optional. The tags with which Eclipse struggled were such ambiguous tags, but the real problem was the specification.

I was quite surprised to find such a serious issue, but went to check its status. I then had an even greater surprise: I could not find the issues reported in PSR-19. Or for that matter, any of the PHP Standard Recommendations.

At that point, I joined the php-fig group and - not knowing a proper way to do so - reported the meta-issue on that mailing list.

In the following months, I saw significant activity on the mailing list, from a significant number of contributors, but no answer to my question. Nor any reference to an ITS. In August, as the issue persisted, I simply "bumped" the thread (repeated my question).

Unfortunately, it has now been 9 months since my report, and the problem is still the same as far as I can see. I was going to add that I still don't know if my PSR-19 issue was reported, but in fact, I noticed while writing this post that Ben Mewburn reported the PSR-19 problem 2 months before I joined the group. Why was nothing done? Simply because... just like me, it seems he reported nowhere else than on the mailing list! eek

I love Javadoc, and PHPDoc is very important. Some PSR-s are very valuable, and I find it most unfortunate to give up on a major PHP institution, but as such an issue now has apparently persisted for over 4 years, and as there was no progress months after reports, I prefer not to remain associated with the FIG, and am hereby announcing I will no longer contribute to the PHP FIG - and therefore to PHP Standard Recommendations - unless required to.

As for the initial issue, I will live with it - but I'll recommend my customers/employers to avoid PHP frown
For instance, Javadoc's equivalent @param tag doesn't have that issue. For a very simple reason: it doesn't have to specify the type, which is already in the function definition - where it should be.

EU-FOSSA 2 ends

admin Saturday September 26, 2020

The European Union's second FOSSA project has ended with incredible results. EU-FOSSA undoubtedly made free software way more secure.

But does that mean free software is more secure now? Putting the initial excitement aside, we have to remember that EU-FOSSA is reactionary. It is a massive effort to deal with a huge problem. But EU-FOSSA is not a structured approach to the problem which can really help long-term. Moreover, with just Heartbleed's damage estimated over €500M, it is obvious that a few million euros cannot suffice to make most free software reasonably insecure. A real solution needs real will.

Thankfully, there are 2 efficient approaches for long-term solutions:

  • The bazaar management approach is to rate projects/products, so that users can make better security choices.
  • The cathedral approach is to get permanently involved in product development.

Of course, these approaches are not really exclusive. The EU could get involved in core software, while merely rating less important projects.

Until the EU or the world gets really serious about limiting vulnerabilities, it may be that the problem - unfortunately - keeps getting worst.

Fully Free

Kune ni povos is seriously freethough not completely humor-free:

  • Free to read,
  • free to copy,
  • free to republish;
  • freely licensed.
  • Free from influenceOriginal content on Kune ni povos is created independently. KNP is entirely funded by its freethinker-in-chief and author, and does not receive any more funding from any corporation, government or think tank, or any other entity, whether private or public., advertisement-free
  • Calorie-free*But also recipe-free
  • Disinformation-free, stupidity-free
  • Bias-free, opinion-free*OK, feel free to disagree on the latter.
  • Powered by a free CMS...
  • ...running on a free OS...
  • ...hosted on a server sharedby a great friend for free