defining computers: September 2020

Misunderstanding Computers

Why do we insist on seeing the computer as a magic box for controlling other people?
人はどうしてコンピュータを、人を制する魔法の箱として考えたいのですか?
Why do we want so much to control others when we won't control ourselves?
どうしてそれほど、自分を制しないのに、人をコントロールしたいのですか？

Computer memory is just fancy paper, CPUs are just fancy pens with fancy erasers, and the network is just a fancy backyard fence.
コンピュータの記憶というものはただ改良した紙ですし、CPU 何て特長ある筆に特殊の消しゴムがついたものにすぎないし、ネットワークそのものは裏庭の塀が少し拡大されたものぐらいです。

(original post/元の投稿 -- defining computers site/コンピュータを定義しようのサイト)

Tuesday, September 22, 2020

Google Bias against Plain Speech?

Google has been telling me and others that my blogs that I haven't set to auto-redirect to HTTPS encryption are "Insecure!" and "Could be dangerous to access!".

WTFoolishness?

HTTPS has nothing to do with safe content. If you want to host a virus, hosting it over https doesn't block it or change the fact that it's a virus. If somebody gets your password or gets into your server and drops malware in your web pages for you, encrypting it won't change the fact that it's malware.

HTTPS can be used to help ensure identity, by making it harder to put a man-in-the-middle and send you, the reader, to http://defining-computers.blogsp0t.com instead of http://defining-computers.blogspot.com. (Did you see that was blogsp0t instead of blogspot?) I won't explain the weaknesses in HTTPS here, but I can tell you that even that is not all that strong.

And encrypting everything actually gives an attacker more surface area to attack the encryption.

HTTPS is a speed bump, or, at best, a low wall. That's the best it can give you.

Proper use of HTTPS encryption is to limit it to the pages where it is needed, and to identity tokens on otherwise unsecured ordinary information-type pages (like blogs).

I just posted a post in my political blog about the evils of mocking, but --

I use nothing but plain text and a few simple images on my blogs. Okay, on some of my blogs, I let Google put their advertisements up, since I can't afford to pay Google for the use.

Plain text, simple images, and Google's own ads.

No other content. If there's dangerous content, it would have to be Google's ads.

And I am letting Blogspot host the blogs -- again, because I can't afford to host them on my own server. If there's some problem with identity, it's not me handling my on-line identity, it's Blogspot/Google.

Okay, I guess that's why they want me to let them force my blogs to HTTPS. They think it makes things simpler for them.

Anyway, I am turning on automatic HTTPS redirect for all my blogs, not because it's a good idea, but because I don't have money or time to host my blogs myself, the right way. And I don't want Google warning innocent bystanders that I'm dangerous.

(Whether the ideas I expound on my blogs are dangerous or not is another problem.)