Nanashi

Cal­ibra­tion Test with database of 150,000+ questions

A pair of free in­for­ma­tion se­cu­rity tools I wrote

• Nanashi 26 May 2015 20:26 UTC

  15 points

  in reply to: Nanashi’s comment on: Ra­tion­al­ity is about pat­tern recog­ni­tion, not reasoning

  Per our email exchange, here is the condensed version that uses only your original writing:

  “Our brains’ pattern recognition capabilities are far stronger than our ability to reason explicitly. Most people can recognize cats across contexts with little mental exertion. By way of contrast, explicitly constructing a formal algorithm that can consistently cats across contexts requires great scientific ability and cognitive exertion.

  Very high level epistemic rationality is about retraining one’s brain to be able to see patterns in the evidence in the same way that we can see patterns when we observe the world with our eyes. Reasoning plays a role, but a relatively small one. Sufficiently high quality mathematicians don’t make their discoveries through reasoning. The mathematical proof is the very last step: you do it to check that your eyes weren’t deceiving you, but you know ahead of time that it’s your eyes probably weren’t deceiving you.

  I have a lot of evidence that this way of thinking is how the most effective people think about the world. I would like to share what I learned. I think that what I’ve learned is something that lots of people are capable of learning, and that learning it would greatly improve people’s effectiveness. But communicating the information is very difficult.

  It took me 10,000+ hours to learn how to “see” patterns in evidence in the way that I can now. Right now, I don’t know how to communicate how to do it succinctly. In order to succeed, I need collaborators who are open to spend a lot of time thinking carefully about the material, to get to the point of being able to teach others. I’d welcome any suggestions for how to find collaborators.”

  Notes:

  • I removed all the quotations. Although I’m guessing they were probably key to your own understanding of the issue, I don’t think they are an efficient way to improve other people’s understanding.

  • Much of the post was dedicated (unnecessarily) to why your viewpoint is right rather than just stating your viewpoint. People who agree with you don’t need to be convinced. People who disagree with you aren’t going to be swayed by your arguments.

  • I removed a few paragraphs that repeated themselves.

  What links here?

  • Ra­tion­al­ity is about pat­tern recog­ni­tion, not reasoning by JonahS (26 May 2015 19:23 UTC; 45 points)

• Nanashi 12 Apr 2015 16:49 UTC

  15 points

  on: A pair of free in­for­ma­tion se­cu­rity tools I wrote

  Incidentally I also use Decoy as one method of PGP public key verification. The “decoy” picture is a screenshot of my public key. The photo hidden behind the decoy is a picture of me, holding up my drivers license and an index card with my username. The picture itself should prove sufficient in 99% of cases but in extreme circumstances I can give out the passcode which provides an additional two layers of verification (the validity of the password itself, and the photographic identity verification)

  Of course that could still be spoofed if someone managed to replace all instances of my verification image, and then made a fake drivers license with my name on it and took a picture of that. But if that ever did happen I actually have a final layer of protection which I won’t tell anyone about until I can figure out a way to re-tell it without rendering it worthless.

The most im­por­tant meta-skill

Some sec­ondary statis­tics from the re­sults of LW Survey

Salary charts & Pro­jec­tion tool

• Nanashi 12 Apr 2015 21:01 UTC

  11 points

  in reply to: ChristianKl’s comment on: A pair of free in­for­ma­tion se­cu­rity tools I wrote

  Yeah… Ummmm..… There’s a lot wrong with this.

  1. If I had malicious intent, it would not matter if my site were SSL or not.

  2. If my site were compromised somehow, it would not matter if my site were SSL or not.

  3. Everything about the script happens client-side.

  4. The code is written in Javascript, thus you can verify #3 by simply looking at the source code.

  5. If you’re not a programmer and don’t understand the source code and are still suspicious, you can copy the source code to a local file, and run it on a computer that’s sandboxed from the rest of the Internet.

  Don’t get me wrong. I appreciate the need for constant vigilance, but this type of knee-jerk reaction is what prevents the wider scale adoption of good crypto practices.

  Edit- for posterity’s sake: I accidentally down voted your post when I meant to upvote it. I wasn’t just being snide when I said “I appreciate the need for constant vigilance”, and it definitely resulted in a good discussion. I updated my vote.

Self-ver­ifi­ca­tion

• Nanashi 26 May 2015 20:50 UTC

  9 points

  in reply to: Nanashi’s comment on: Ra­tion­al­ity is about pat­tern recog­ni­tion, not reasoning

  Here is the even-further edited version, condensed to 150 words.

  I have a lot of evidence that the most effective people in the world have a very specific way of thinking. They use their brain’s pattern-matching abilities to process the world, rather than using explicit reasoning.

  Our brain can pattern match much more efficiently than it can reason. Most people can recognize a cat very easily. But creating an algorithm to recognize cats is far more difficult. And breakthroughs of any kind are very rarely made via explicit reasoning, but rather through a complex and rapid-fire combination of ideas.

  Doing this is something that many people are capable of learning. But, it took me 10,000+ hours to learn how to “see” the world way that I can now, and I do not know how to communicate this process succinctly. In order to help people, I need collaborators who are willing to help clarify my thoughts. I’d welcome any suggestions.

  You’ll note it very quickly gets to the three main points:

  • What are you talking about?

  • Why should we listen to you?

  • What do you want?

  Let me know if I summarized any part of your thoughts incorrectly.

• Nanashi 26 May 2015 20:07 UTC

  9 points

  on: Ra­tion­al­ity is about pat­tern recog­ni­tion, not reasoning

  I’d be glad to offer what help I can. Based on other posts of yours, I would definitely practice brevity. This post is over 1000 words long and easily could be condensed to 250 or less.

• Nanashi 10 Feb 2015 15:19 UTC

  9 points

  on: Wel­come to Less Wrong! (7th thread, De­cem­ber 2014)

  Hi all,

  I’ve been following EY and LW for about four years now. I’m fairly new to posting though. I started out as a “republican” in elementary school, then turned into a “libertarian” in high school because I didn’t care for many conservative positions. Then an “objectivist” in college, because I didn’t care for the fact that libertarianism only extended to politics and not ethics. Then I became frustrated with the Objectivist community and their inability to adapt to the real world so I became a “all the people I’ve met who self-identify as one of these labels has turned out to be really obnoxious so I really don’t want to convolute discussions by using a label”-ist. It wasn’t until recently that I discovered Rationalism and so far it has been the most accurate label and also the most complete system so far.

  My end-game is to end death (and if entropically possible, reverse it). Which is a pretty big practical problem. As such, I don’t have a ton of interest in many of the ethical questions because more often than not, my answer is: “If we can end or reverse death, it doesn’t matter.” .Short-term, my goal is to become rich enough to retire fairly early and have a significant amount of money that can be used to fund various worthy causes and allow me to continue this path full-time. I’m probably 75% of the way there. When I’m not trying to build wealth, most of my free time is spent tinkering with various AI algorithms, exploring number theory, or building prototypes of various gadgets (my latest one is a hard drive that stores data using energy rather than matter. Nevermind the fact that it can only store about 16 bytes.).

• Nanashi 31 May 2015 10:00 UTC

  8 points

  in reply to: [deleted]’s comment on: Learn­ing takes a long time

  I think that’s because, when looking at the aggregate of society, it’s more efficient to bring people up to the level of semi-proficiency than it is to bring them to the level of expertise. If you have 100,000 hours of training to allocate, you get more bang for your buck to train 50 people to 80% proficiency than it is to train 10 people to the level of an expert.

  The flaw, of course, is that “training hours” isn’t a finite, discrete resource. Any individual can opt to spend additional time of their own accord if they are truly passionate. The problem is, at the points in our lives when we have the most free time to spend improving ourselves (read: high school), we also have the least idea of what the hell we want to do with it.

• Nanashi 22 May 2015 21:54 UTC

  8 points

  0

  on: How my so­cial skills went from hor­rible to mediocre

  Some quick background: a friend and I run the sales department of a multi-million dollar company. We built that company from the ground up from about 15 clients to 5,000 and counting, and now manage 20+ sales reps.

  Contrary to popular opinion, social interaction is really fucking easy. There’s one common trait among likable people, (and I don’t mean likable in the shitty, salesy sort of way where a person is so outgoing you feel obligated to say you like them, when in fact you think they’re a giant turd)). That trait can be easily explained: you truly, genuinely care about other people’s success more than yourself.

  If you’re a parent, it’s a lot easier to internalize this attitude. When you have a little kid running around your house, you understand pretty intuitively how you can love something that, for the most part, does nothing but eats, shits, makes messes, and generally disobeys you. You see the potential in that little person. You see the commonalities. You realize that little gremlin is like you in so, so many ways. Eventually it will grow up and become a real person, and that is exciting.

  I think you aren’t alone: MOST LWers (myself included) probably view themselves as one level higher than a “baseline person”. The problem that I’ve seen is, most smart people tend to react to “baselines” with a mixture of indifference, condescension and outright disdain. It’s hard to tell what is worse. But baseline people aren’t fundamentally lacking. They just haven’t grown up yet. If you look hard enough, you’ll realize the commonalities. You’ll realize the potential. You’ll realize that eventually, this baseline person you’re talking to is going to grow up and become a full-on person.

  Most people who are good with kids have a knack for talking to kids on the kids’ level. The phonies are the ones who talk to kids like they are these subhuman creatures that can’t comprehend anything more complex than Go Fish. The assholes are the ones who can’t even be bothered to condescend themselves to talk to an 8-year-old. After all, what could an 8-year-old possibly say that’s even remotely interesting?

  Ultimately that’s the key: realizing that, even an 8-year-old has the potential to bring something to the table eventually. Einstein, Feynman, Hofstadter, heck, even Yudkowsky, were all 8 years old at some point. But you can’t force one of those into existence.

  If you look at every person you interact with and say, “This could be the next Richard Feynman”, regardless of whether it takes 10 years, 20 years, 100 years, or 1,000 years, it suddenly becomes a lot easier to be invested in their success and their development as a person.

• Nanashi 13 Apr 2015 21:42 UTC

  8 points

  in reply to: ChristianKl’s comment on: A pair of free in­for­ma­tion se­cu­rity tools I wrote

  Sorry Christian but I am going to stop replying after this one. I’m not trying to be a dick, it’s just that at this point I think continuing our conversation is going to confuse readers more than it will help them. The concepts you are referring to and sources you are citing are only tangentially applicable to the conversation at hand.

  1. The fact that it is possible to collide hashes, signatures, etc. is well known and obvious. The reason it is not a concern is the extreme difficulty in producing a collision. As indicated above, you would have to brute force your way through 10^77 different combinations to guarantee a successful collision.

  2. The section you cited describes PGP encryption, not signatures. They are two entirely different things. PGP signatures do not involve session keys.

  3. You can manipulate the output of (or “add specific entropy to”) any hash function. It is, however, absurdly difficult to convey meaningful information in the output of a hash function. See above regarding the amount of work required. Furthermore, because a private key is longer than a PGP signature, it is literally impossible to encode the key in the signature.

  4. The code uses a library, which means it supports multiple functions. The vast majority of which are not used by the script.

  You are referring to several traits which are common to almost all cryptographic systems, yet you are implying these are traits unique to PGP. Furthermore, you are describing these traits with loaded language that paints them as weaknesses, when in fact, they are known, accounted-for limitations.

  Anyone familiar with cryptography will gain nothing from reading this exchange, and anyone unfamiliar with cryptography will likely be confused and mislead.

• Nanashi 13 Apr 2015 1:26 UTC

  8 points

  in reply to: g_pepper’s comment on: A pair of free in­for­ma­tion se­cu­rity tools I wrote

  I think what I could have been more clear about was the use case here: this tool in its current form is sort of “pre-Alpha”. Previously the script was just sitting locally on my computer and I thought it could be useful to others. If I ever try to deploy this on any sort of larger scale, absolutely it will be done on an SSL server. But for right now, it’s just being shared amongst a few friends and the LW community.

  If it turns out that people are using the tool frequently, I’ll probably go ahead and pay to upgrade my hosting plan to SSL. But for something that’s a free tool not meant for wide distribution, which takes about 7 seconds to right click and hit “Save As”, I just didn’t see it as necessary just yet.

• Nanashi 14 Apr 2015 11:15 UTC

  7 points

  in reply to: Pentashagon’s comment on: A pair of free in­for­ma­tion se­cu­rity tools I wrote

  Remember that I did not invent the PGP protocol. I wrote a tool that uses that protocol. So, I don’t know if what you are suggesting is possible or not. But I can make an educated guess.

  If what you are suggesting is possible, it would render the entire protocol (which has been around for something like 20 years) broken, invalid and insecure. It would undermine the integrity of vast untold quantities of data. Such a vulnerability would absolutely be newsworthy. And yet I’ve read no news about it. So of the possible explanations, what is most probable?

  1. Such an obvious and easy to exploit vulnerability has existed for 20ish years, undiscovered/​unexposed until one person on LW pointed it out?

  2. The proposed security flaw sounds like maybe it might work, but doesnt.

  I’d say #2 is more probable by several orders of magnitude

• Nanashi 13 Apr 2015 20:08 UTC

  7 points

  in reply to: ChristianKl’s comment on: A pair of free in­for­ma­tion se­cu­rity tools I wrote

  I’m downvoting this comment because it’s misleading.

  First of all, no one has ever found an SHA-2 hash collision yet. Second of all, the chances of two SHA-2 hashes colliding is about 1 in 1 quattuorvigintillion. It’s so big I had to look up what the number name was. It’s 1 with 77 zeroes after it. We’re talking universe-goes-into-heat-death-before-it-happens type odds. Only under the most absurd definition of “quite often” could anyone ever reasonably claim that a cryptographic hash function like SHA-2 “quite often” has collisions.

• Nanashi 13 Apr 2015 16:35 UTC

  7 points

  in reply to: ChristianKl’s comment on: A pair of free in­for­ma­tion se­cu­rity tools I wrote

  Now that I understand what you are asking, yes, it is all but impossible to hide a private PGP key in the PGP signature which would successfully verify.

  The “answer” described in that Stack Exchange post doesn’t work. If you attempted that, the signature would not verify.

• Nanashi 13 Apr 2015 15:23 UTC

  7 points

  in reply to: ChristianKl’s comment on: A pair of free in­for­ma­tion se­cu­rity tools I wrote

  It wouldn’t be every time you run the script; you would just need to vet it the first time. I expect that anyone using this for serious security purposes would just save the script locally. The point of this is that it’s browser-based, not cloud-based. Saving an HTML + Javascript file with a (admittedly rudimentary) GUI is infinitely easier than downloading a command-line based program.