The project does not accept bug bounty submissions without BBBS attestation. To get it, you must first submit your report to the BBBS for review.
Now, if this is your first submission (you are unknown to the BBBS), you must submit $50 to the BBBS along with the bug report, to pay a human to spend an hour looking at your work to verify it is written in good faith. This is not a review of whether the bug is real or valuable, just a readover to verify the report is coherent and plausible. If you have done this before, you can get a free attestation based on being a member in good standing, but submitting slop (per the judgement of the BBBS reviewer or the project receiving the report) is an account ban.
The BBBS couldn't steal your work and submit it themselves if they gave you some sort of signed hash as a receipt, which as a side effect would also be a deterrant against bounty programs stealing your work.
Submissions would only be expensive per submission for an anonymous user, enabling the low friction high trust communication under which collaboration works best when reputation has been established.
The BBBS itself won't be overrun by slop since the price of establishing an account far exceeds what a bot might expect to make with a single malicious submission. Nor can legitimate established accounts be sold since the cost of creating them exceeds the value to be expected from abusing them. Moreover, the cost to establish a reputation as a bug bounty hunter is small in dollars compared to the cost in time and expertise that a legitimate hunter would be expected to expend in the course of their work.
The vast majority of slop would go away as the cost of a first submission is much too high. The cost to the project is close to nothing - integrating with the BBBS attestation API. The cost to a legitimate bug bounty hunter is low - some human review while establishing a reputation, which could even be made useful if it came in the form of feedback. All review is paid for by the submitter, so no one is trying to counter infinite slop with volunteer hours.
Moreover, the BBBS can serve as a mediator of trust, not only against AI, but as a place to receive reputational merit for high value work and trustworthy bug bounty programs.
I realize I am describing a lightweight guild, which is subject to well known political failure modes (the most significant of which is exploiting newcomers), but the concept has the advantage that guilds have functioned as successful slop gatekeepers in society for a very long time and a lot is known about how to make them work.
This is tyranny: making people powerless, afraid of each other, and submissive, per Aristotle's understanding.[1] The technological means are new, to be sure, but the social strategy is as old as civilization.
Mark my words. General purpose computing and private, direct communication are things too powerful for a tyrant to permit the people to have. The freedom we've enjoyed for the last several decades, to build what we want, to run what we want, to network with who we want, is not the default and will always be under attack. We had it for a little while by the generosity of the previous generation. It was not then, and is not now, and never will be free.
We are a generation of tyrants, each oppressing the others in his own little domain. Gone is the dream of making a modest living while enriching humanity with offerings of technology. Whatever is invented now is gated, rented, and exploited for power, in the shadows and in the open, and what technological power had been granted to the people is whittled away year by year, immense riches destroyed so someone in particular can extract something from a replacement.
There is no Caesar to assassinate because it is everyone, or near enough. It is the idea that this is how you do things. Tyranny is in the air and in the water, that exploitation of power for more power by means of misery, old as mankind.
In such a world, removing one tyrant only gets you ruled by his rival, who is often worse. The historical recipe for freedom and abundance is a people who, as a whole people, are generous with power and expect it of each other at every level, and are viciously intolerant of its abuse. Such was the world of technology for about five decades in the last century, but it hasn't been so for the last two or three. I think it doesn't take much for a few awful people to eat up any abundance, if they are allowed to, and that war is written across the history of computing from its very beginning. But these days, it is not a healthy society defending itself from would-be conquerers, but a world of feuding warlords anxious to eat up any excess anywhere, not only for profit but because thriving and independent people are inherently a threat. With few exceptions, and it seems like fewer every year, any kingdom now which consists of a group of people and some code, be it a software service, a phone, a game, a car, or a dang toaster oven, looks like a despot extracting taxes from his peasants, not a king sheparding his people. Certainly the big ones are that way, and the legacy of the last generation continues to be eroded.
Whatever the means, that tangle of the legal and economic and social and educational and technological and cultural, and I do not pretend it is anything but a thorny and incomprehensible thicket, Aristotle's identification of the broad themes remains relevant. Divided, humiliated, disempowered - whatever the pretext, the encroachment of dark forces is unmistakable. The only defense is (and ever was) those who see their work as in some sense sacred and power as conveying a duty to serve. The generation for whom Superman is a central myth builds one way; the generation for whom it is Game of Thrones builds very differently. Not that these stories are necessarily causes, but their resonance is a reflection of how two very different groups of people think about power.
By the way, this paints a very dark picture. I keenly mourn the world I feel slipping away, but there are bright spots and people who fight the good fight, and the occasional blessed and beautiful creation and the odd victory. I don't mean to imply these things are pointless or hopeless - on the contrary. People who do that are the reason we have any good things at all. Thank you.
It is not an us vs. them sort of thing. Don't get me wrong, there are wicked people doing awful things, but I breathe the same air everyone else does. I remember building things 20 years ago with breathless excitement about how it might make the world a better place, and these days I am much quicker to think about how to monetize. Asking a fair price for something isn't evil, but none of us is an island and I don't like how my dreams have changed. I write these things in part to teach myself.
The obvious thing to me is to ask the AI to notice obviously offensive submissions and transform them along absurdist lines, such that "I-hate-girls" becomes the familiar Wikipedia redirection page saying something like "Archaic expression. See: Eight Grills". Store the redirect, but only index the sanitized page.
"Every time I sat down to play [the game] it was like walking into a dark shed full of rakes, treading on one, and getting blatted in the face... and then I'd go back into the shed, thinking maybe it was just the one rake, when blat in the face again. So I thought, I'll just keep tanking the rakes and maybe I'll become psychotically in love with being rake-faced. And that's kind of what happened."
> make unique swallowing monsters (Juiblex) resist magical digging from inside
Oh noooooooooo... yeah that's fair.
Lots of overdue gameplay changes here, really. I was something of an expert player 20 years ago, my best ascenscion being Atheist/Genoless/Wishless with no pet to boot. It seems a lot has changed. I see fixes on this list for things that bothered me then. :)
Every few years, I think Yahoo's old attempt to have real people build a phone directory of the web wasn't such a bad idea. And I occasionally wish Google still worked by seeing what other people thought was a worthy web page on a topic. My algorithm for finding worthwhile content is similar: I try to visit the community of interest and see what they like. There is no substitute for the human element in evaluating quality.
Interestingly, tragically, YouTube seems to have gotten the message that I like long form informational videos, and serves me ones with intriguing titles that are clearly written, illustrated, and read by AI. I seem to be training it to deceive me, which is not a good thing. In fact, I had trained it so well to push my psychological buttons that I recently had to leave entirely, which is surely not what anyone wants.
A side effect of Reddit/Twitter/etc having captured most of the population/eternal September might be that a
web directory has become feasible again. Ignore social media, ignore AI, ignore paywalled sites. What's left and high enough quality might be manageable to maintain a directory for.
Easier said than done, obviously, but the point is that the worthwhile web isn't so big anymore.
Every now and then someone shares a small web link here (Kagi is one aggregator). It’s like survivors picking up the shards of civilization after the apocalypse. Of course such a project can remain viable and useful as long as it remains niche, which is virtually guaranteed as long as there’s no money in it.
It’s incredible how too much money corrupts everything it touches.
Some of my best work has been done as a labor of love. I do have the vague impression that we as a society have taken a wrong turn in selling the sacred. I am not in favor of collapsing society down to hippie communes or anything, but it does seem to me that we told better stories back when stories were freer.
I sometimes imagine gathering up some number of like-minded electrical and software engineers, and founding some sort of monastary in which everyone was fed and taken care of and built the best technology they could, as a gift to humanity. I do wonder if the day's robber barons would find a way to shut us down, of course, but I still remember a bright and optimistic time when technology was made to serve people, not to oppress them, and it seems to me like a bright expression of human spirit that oughtn't to have been sold.
Some critical differences between the situations that come to mind:
- The problem of counterfeit currency is well acknowledged and has roots in antiquity. Reasonable people agree that currency genuinely cannot do its only job if counterfeiting is possible, and have had that agreement for thousands of years. In addition, the sole right to print currency is given to the US government in its constitution (almost certainly for this reason). These two things grant government control over printing currency both a moral and a legal legitimacy that government control over printing gun parts doesn't have.
- Because the government has control over the design of legitimate currency, it is actually practical to prevent software from reproducing it. See: https://en.wikipedia.org/wiki/EURion_constellation . Gun parts have no such distinguishing characteristic, and cannot be made to have one, since there is no authoritative body responsible for all of them. Having such a marking could be made legally mandatory, but it is not actually required for the function of the part, whereas currency needs to match the authentic design in order to be useful. It is therefore much less practical and effective to mark gun parts to prevent replication than it is to similarly mark currency.
- Creating your own guns specifically (and weapons, generally) is widely seen as a natural or God-given right. I would go so far as to say that it is intrinsically human, and that losing access to it would be as painful to some as losing access to rock 'n roll. I would say that due to this pain, losing that right is one of the chief signs of an enslaved people. While not everyone would agree with me, many would, which gives the issue a divisive moral edge. By contrast, creating your own currency might be seen as some sort of natural right by some people, but creating your own US Dollars certainly is not seen that way by anybody. Well, I'm sure you could find someone, but you know what I mean.
- As far as I know, there is no law compelling printer/photocopier manufacturers to use anti-counterfeiting software, and compliance is voluntary (but apparently pretty widespread -- though I doubt it's universal). A similar voluntary setup with 3D printer manufacturers would be less objectionable (though also much less likely to succeed). Introducing any sort of mandatory compliance regime introduces friction, slows innovation, and invites corruption.
- Manufacturing gun parts is actually pretty easy, and could be accomplished via many methods accessible to hobbyists, ranging from whittling by hand to duct taping hardware together to lost wax casting to desktop CNC to a desktop injection molding setup to metalworking on a lathe in a garage machine shop. It is in no way limited to 3D printing, though that admittedly lowers the bar a bit. Learning to work on guns is not significantly harder than learning to work on cars, though perhaps fewer people know how to do it. Thus, a focus on 3D printing seems much more driven by sensationalism, paranoia, and ignorance of this fact than it is by practical assessment of the issue. By contrast, creating even minimally recognizable counterfeit currency without the assistance of a computer is practically impossible and certainly cost-prohibitive. In manufacturing gun parts, it is perfectly practical in some cases to do the equivalent of drawing a dollar bill with a crayon -- something much less successful in the counterfeiting world.
- Adding broad pattern-recognition controls to a 3d printer is a novel and difficult problem that will likely impact innocent people doing legal things. Preventing the printing of accurate-looking currency has a much more narrow impact, and is much more focused on people doing illegal-adjacent things.
Without meaning any malice toward your question, I mention that I write because you have stepped on one of my pet peeves: it seems to me that an inability to see the difference between things that are, in fact, different, is one of the major failure modes of modern society in general. We need an appreciation for texture and nuance if we are to navigate the world rightly.
I once became so famous that a community of several hundred people knew and recognized my name for a few years. At the time, it was very ego-flattering, and I was delighted to have done something that had such a big and positive impact. However, as an experience it really did not agree with me, and even this very minor level of fame has left me resolved to never, ever, ever become that famous again if I can help it.
I don't think I am unique in that. In fact, I perceive that it is very normal for public figures, not merely to fade from public attention, but to actively seek out seclusion.
While I'm not Satoshi, I would put the odds of someone in such a position of maintaining radio silence far from "zero chance". I would put it more around 70 or 80 percent. And at any rate, it is certainly what I would do.
I agree that there is a parallel between governments and corporations multiplying surveillance and preppers impractically multiplying gadgets. I perceive both to be responding to some sort of psychological issue relating to control or insecurity, not to be practically pursuing resilience.
A government with aggressive surveillance ambitions but a decaying police department and justice system looks to me very much like the guy with a mountain of guns and ammo but no parallel investment in something like battlefield medicine. Whatever you're telling yourself about the reason for what you're doing, it is manifestly not correct, at least going by other investments I would expect to see and find neglected.
That was my first thought, too. I and a couple of my kids have great affection for Minecraft. However, I don't think that affection really matches the absolute foaming-at-the-mouth excitement we felt for Descent.
I don't think it's that video games have gotten worse (though perhaps they have). I think it's more that it's impossible to recreate the way they impacted us back then. It wasn't just about the games, but also about the times. DOOM today is a fine game and even a classic, but back then it was the first time anyone had ever seen anything like it and we were inventing online play and fps tactics and amateur map design in real time. Descent had that same blockbuster feel, but that for me that feeling faded from new releases over the next few years. (Though I won't deny Minecraft caught something of that old bombshell energy.)
I suspect the way I feel about the video games I grew up with is a feeling my kids will never exactly have. Sure, they love their games, but the 90s were an incredible time for the art form. By analogy, I love the music I grew up with, but I don't feel about it the way my parents feel about the music from the 60's. Music is always special, but that was a particularly special time for music and if you weren't there, you weren't there. In time the absolute electricity of the British Invasion became "So what kind of music do you listen to?" So I think it will go with games.
The project does not accept bug bounty submissions without BBBS attestation. To get it, you must first submit your report to the BBBS for review.
Now, if this is your first submission (you are unknown to the BBBS), you must submit $50 to the BBBS along with the bug report, to pay a human to spend an hour looking at your work to verify it is written in good faith. This is not a review of whether the bug is real or valuable, just a readover to verify the report is coherent and plausible. If you have done this before, you can get a free attestation based on being a member in good standing, but submitting slop (per the judgement of the BBBS reviewer or the project receiving the report) is an account ban.
The BBBS couldn't steal your work and submit it themselves if they gave you some sort of signed hash as a receipt, which as a side effect would also be a deterrant against bounty programs stealing your work.
Submissions would only be expensive per submission for an anonymous user, enabling the low friction high trust communication under which collaboration works best when reputation has been established.
The BBBS itself won't be overrun by slop since the price of establishing an account far exceeds what a bot might expect to make with a single malicious submission. Nor can legitimate established accounts be sold since the cost of creating them exceeds the value to be expected from abusing them. Moreover, the cost to establish a reputation as a bug bounty hunter is small in dollars compared to the cost in time and expertise that a legitimate hunter would be expected to expend in the course of their work.
The vast majority of slop would go away as the cost of a first submission is much too high. The cost to the project is close to nothing - integrating with the BBBS attestation API. The cost to a legitimate bug bounty hunter is low - some human review while establishing a reputation, which could even be made useful if it came in the form of feedback. All review is paid for by the submitter, so no one is trying to counter infinite slop with volunteer hours.
Moreover, the BBBS can serve as a mediator of trust, not only against AI, but as a place to receive reputational merit for high value work and trustworthy bug bounty programs.
I realize I am describing a lightweight guild, which is subject to well known political failure modes (the most significant of which is exploiting newcomers), but the concept has the advantage that guilds have functioned as successful slop gatekeepers in society for a very long time and a lot is known about how to make them work.