321 stories
·
1 follower

Challenge Coins

1 Share

Imagine you are a king of old, afraid of being assassinated. Your king’s guard tells you that they’ve got you covered, but too many kings have been killed in your area over the last century for you to feel that safe. How can you learn of your actual vulnerability, and of how to cut it?

Yes, you might make prediction markets on if you will be killed, and make such markets conditional on various policy changes, to find out which policies cut your chance of being killed. But in this post I want to explore a different solution.

I suggest that you auction off challenge coins at some set rate, say one a month. Such coins can be resold privately to others, so that you don’t know who holds them. Each coin gives the holder the right to try a mock assassination. If a coin holder can get within X meters of you, with a clear sight of a vulnerable part of you, then they need only raise their coin into the air and shout “Challenge Coin”, and they will be given N gold coins in exchange for that challenge coin, and then set free. And if they are caught where they should not be then they can pay the challenge coin to instead be released from whatever would be the usual punishment for that intrusion. If others can find the challenge coin, such as on their person, this trade can be required.

Now for a few subtleties. Your usual staff and people you would ordinarily meet are not eligible to redeem challenge coins. Perhaps you’d also want to limit coin redeemers to people who’d be able to kill someone; perhaps if requested they must kill a cute animal with their bare hands. If a successful challenger can explain well enough how they managed to evade your defenses, then they might get 2N gold coins or more. Coin redeemers may be suspected of being tied to a real assassin, and so they must agree to opening themselves to being investigated in extra depth, and if still deemed suspicious enough they might be banned from ever using a challenge coin again. But they still get their gold coins this time. Some who issue challenge coins might try to hide transmitters in them, but holders could just wrap coins in aluminum foil and dip them in plastic to limit odor emissions. I estimate that challenge coins are legal, and not prohibited by asset or gambling regulations.

This same approach could be used by the TSA to show everyone how hard it is to slip unapproved items past TSA security. Just reveal your coin and your unapproved item right after you exit TSA security. You could also use this approach to convince an audience that your accounting books are clean; anyone with a coin can point to any particular item in your books, and demand an independent investigation of that item, paid for at the coin-issuer’s expense. If the item is found to not be as it should, the coin holder gets the announced prize; otherwise they just lose their coin.

In general, issuing challenge coins is a way to show an audience what rate of detection success (or security failure) results from what level of financial incentives. (The audience will need to see data on the rates of coin sales and successful vs. unsuccessful redemptions.) We presume that the larger the payoff to a successful challenge, the higher the fraction of coins that successfully result in a detection (or security failure).

Read the whole story
PhaChayFy
13 days ago
reply
Australia
Share this story
Delete

rosalarian: shiralipkin: thelilithnoir: startrektrashface: schumie: keeveet-talks: obstinatecond...

1 Comment and 3 Shares

rosalarian:

shiralipkin:

thelilithnoir:

startrektrashface:

schumie:

keeveet-talks:

obstinatecondolement:

I wonder when exactly it was that Star Trek stopped being perceived as light, fluffy, not-really-legitimate sci fi that ~housewives~ liked and started being seen as serious nerd business that girls had to keep their gross cooties off. 

Also when did the Beatles start to be remembered as rock legends rather than a silly boy band teenaged girls liked?

When men decided they liked them.

this is seriously exactly how it happened. Women were actually the first rock and roll ‘critics’ because they would write in to women’s papers and magazines to share and discuss what their kids were listening to when men still thought it was trashy teeny bopper music. once it became a lucrative, mainstream genre men shoved women out of the space. Men also tend to be gatekeepers once they move into formerly female spaces - early trek fandom was incredibly open and inclusive; women would set up fan get togethers in their own houses to discuss the show or invite the actors to visit before conventions became a thing, and then were huge in organizing the first conventions - but now the stereotype of a trekkie is a nerdy white dude who scoffs derisively at casual fans and newbies with his encyclopedic and pedantic knowledge of trek

I propose we call this “mentrification”

YES

MENTRIFICATION that’s genius

Read the whole story
PhaChayFy
17 days ago
reply
Australia
Share this story
Delete
1 public comment
sirshannon
21 days ago
reply
MENTRIFICATION!

Saturday Morning Breakfast Cereal - Shock

5 Shares


Click here to go see the bonus panel!

Hovertext:
Of course, now we can do it wirelessly, from space.


Today's News:
Read the whole story
PhaChayFy
29 days ago
reply
Australia
Share this story
Delete

Amy Hoy's How To Master New Skills

1 Share

I'm mostly interested in instrumental rationality, and I think Amy's essays are ridiculously practical and well-written and not-scary and rational in their approach. I'm hoping this is of help to some people here, it reminds me of the instrumental rationality sequences I was referred to the last time I asked for links and pointers.



Discuss
Read the whole story
PhaChayFy
59 days ago
reply
Australia
Share this story
Delete

Voting Software

16 Comments and 48 Shares
There are lots of very smart people doing fascinating work on cryptographic voting protocols. We should be funding and encouraging them, and doing all our elections with paper ballots until everyone currently working in that field has retired.
Read the whole story
popular
69 days ago
reply
PhaChayFy
69 days ago
reply
Australia
Share this story
Delete
14 public comments
siskamartin
51 days ago
reply
uff
caffeinatedhominid
65 days ago
reply
Yep.
tante
68 days ago
reply
xkcd on voting software is spot-on
Oldenburg/Germany
wmorrell
69 days ago
reply
Hazmat suit, too. Just to be safe.
rjstegbauer
70 days ago
reply
Amen!! Paper... paper... paper. It's simple. It's trivial to recount. Everyone already knows how to use it. It's cheap. It's verifiable. Just... use... paper.
ianso
70 days ago
reply
Yes!
Brussels
ChrisDL
70 days ago
reply
accurate.
New York
reconbot
70 days ago
reply
Legitimately share this comic with anyone who represents you in government.
New York City
cheerfulscreech
71 days ago
reply
Truth.
jth
71 days ago
reply
XKCD Nails Secure Electronic Voting.
Saint Paul, MN, USA
skorgu
71 days ago
reply
100% accurate.
jsled
71 days ago
reply
endorsed; co-signed; it. me. &c.

(alt text: «There are lots of very smart people doing fascinating work on cryptographic voting protocols. We should be funding and encouraging them, and doing all our elections with paper ballots until everyone currently working in that field has retired.»)
South Burlington, Vermont
alt_text_bot
71 days ago
reply
There are lots of very smart people doing fascinating work on cryptographic voting protocols. We should be funding and encouraging them, and doing all our elections with paper ballots until everyone currently working in that field has retired.
alt_text_at_your_service
71 days ago
reply
There are lots of very smart people doing fascinating work on cryptographic voting protocols. We should be funding and encouraging them, and doing all our elections with paper ballots until everyone currently working in that field has retired.
srsly
71 days ago
Seconding this policy ^^

ReportingObserver: know your code health

1 Share

ReportingObserver: know your code health

TL;DR

There's a new observer in town! ReportingObserver is a new API that lets you know when your site uses a deprecated API or runs into a browser intervention:

const observer = new ReportingObserver((reports, observer) => {
  for (const report of reports) {
    console.log(report.type, report.url, report.body);
  }
}, {buffered: true});

observer.observe();

The callback can be used to send reports to a backend or analytics provider for further analysis.

Why is that useful? Until now, deprecation and intervention warnings were only available in the DevTools as console messages. Interventions in particular are only triggered by various real-world constraints like device and network conditions. Thus, you may never even see these messages when developing/testing a site locally. ReportingObserver provides the solution to this problem. When users experience potential issues in the wild, we can be notified about them.

ReportingObserver has only shipped in Chrome 69. It is being considered by other browsers.

Introduction

A while back, I wrote a blog post ("Observing your web app") because I found it fascinating how many APIs there are for monitoring the "stuff" that happens in a web app. For example, there are APIs that can observe information about the DOM: ResizeObserver, IntersectionObserver, MutationObserver. There are APIs for capturing performance measurements: PerformanceObserver. Other APIs like window.onerror and window.onunhandledrejection even let us know when something goes wrong.

However, there are other types of warnings which are not captured by these existing APIs. When your site uses a deprecated API or runs up against a browser intervention, DevTools is first to tell you about them:

DevTools console warnings for deprecations and interventions.
Browser-initiated warnings in the DevTools console.

One would naturally think window.onerror captures these warnings. It does not! That's because window.onerror does not fire for warnings generated directly by the user agent itself. It fires for runtime errors (JS exceptions and syntax errors) caused by executing your code.

ReportingObserver picks up the slack. It provides a programmatic way to be notified about browser-issued warnings such as deprecations and interventions. You can use it as a reporting tool and lose less sleep wondering if users are hitting unexpected issues on your live site.

ReportingObserver is part of a larger spec, the Reporting API, which provides a common way to send these different reports to a backend. The Reporting API is basically a generic framework to specify a set of server endpoints to report issues to.

The API

The API is not unlike the other "observer" APIs such as IntersectionObserver and ResizeObserver. You give it a callback; it gives you information. The information that the callback receives is a list of issues that the page caused:

const observer = new ReportingObserver((reports, observer) => {
  for (const report of reports) {
    // → report.id === 'XMLHttpRequestSynchronousInNonWorkerOutsideBeforeUnload'
    // → report.type === 'deprecation'
    // → report.url === 'https://reporting-observer-api-demo.glitch.me'
    // → report.body.message === 'Synchronous XMLHttpRequest is deprecated...'
    // → report.body.lineNumber === 11
    // → report.body.columnNumber === 22
    // → report.body.sourceFile === 'https://reporting-observer-api-demo.glitch.me'
    // → report.body.anticipatedRemoval === <JS_DATE_STR> or null
  }
}});

observer.observe();

Filtered reports

Reports can be pre-filter to only observe certain report types:

const observer = new ReportingObserver((reports, observer) => {
  ...
}, {types: ['deprecation']});

Right now, there are two report types: 'deprecation' and 'intervention'.

Buffered reports

The buffered: true option is really useful when you want to see the reports that were generated before the observer was created:

const observer = new ReportingObserver((reports, observer) => {
  ...
}, {types: ['intervention'], buffered: true});

It is great for situations like lazy-loading a library that uses a ReportingObserver. The observer gets added late but you don't miss out on anything that happened earlier in the page load.

Stop observing

Yep! It's got a disconnect method:

observer.disconnect(); // Stop the observer from collecting reports.

Examples

Example - report browser interventions to an analytics provider:

const observer = new ReportingObserver((reports, observer) => {
  for (const report of reports) {
    sendReportToAnalytics(JSON.stringify(report.body));
  }
}, {types: ['intervention'], buffered: true});

observer.observe();

Example - be notified when APIs are going to be removed:

const observer = new ReportingObserver((reports, observer) => {
  for (const report of reports) {
    if (report.type === 'deprecation') {
      sendToBackend(`Using a deprecated API in ${report.body.sourceFile} which will be
                     removed on ${report.body.anticipatedRemoval}. Info: ${report.body.message}`);
    }
  }
});

observer.observe();

Conclusion

ReportingObserver gives us an additional way for discovering and monitoring potential issues in your web app. It's even a useful tool for understanding the health of your code base (or lack thereof). Send reports to a backend, know about the real-world issues users are hitting on your site, update code, profit!

Future work

In the future, my hope is that ReportingObserver becomes the de-facto API for catching all types of issues in JS. Imagine one API to catch everything that goes wrong in your app:

I'm also excited about tools integrating ReportingObserver into their workflows. Lighthouse is an example of a tool that already flags browser deprecations when you run its "Avoids deprecated APIs" audit:

Lighthouse audit for using deprecated APIs.
The Lighthouse audit for using deprecated APIs could use ReportingObserver.

Lighthouse currently uses the DevTools protocol to scrape console messages and report these issues to developers. Instead, it might be interesting to switch to ReportingObserver for its well structured deprecation reports and additional metadata like anticipatedRemoval date.

Additional resources:

Read the whole story
PhaChayFy
79 days ago
reply
Australia
Share this story
Delete
Next Page of Stories