personal/nunosempere.com
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: save changes

Browse Source
This commit is contained in:
Nuno Sempere 2022-07-06 17:07:18 +00:00
parent c355992872
commit 345a241721
15 changed files with 777 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

285
.secret/how-to.md
View File

@ -1,27 +1,59 @@
# How to create an autarchic website: the easy way
# How to create an autarchic website
> Where to host the blog: Our Recommendation: Use Substack or try out a hosted Ghost website—its a Goldilocks solution of easy-to-use but highly customizable. Ghost makes for a great portfolio site, blog, and newsletter service.
[Effective Ideas: Where to host the blog](https://effectiveideas.org/how-to-start-a-blog/#pt3)
Fuck that. Vat do I vant, and in vat order? Uncensorability, ability to ramp up degrees of privacy and paranoia, control over ze whole stack, and finally, ze modern comforts. Vith that in mind, I present: Doctor Nefarious' guide to uncensorability.
No. Vat do I vant, and in vat order? Uncensorability, ability to ramp up degrees of privacy and paranoia, control over ze whole stack, and finally, ze modern comforts. Vith that in mind, I present my guide to uncensorability.
What is this meant for? Some recent examples:
- [Youtube-dl being banned by Github](https://www.eff.org/deeplinks/2020/11/github-reinstates-youtube-dl-after-riaas-abuse-dmca)
- The Canadian government [fucking around with Canadian truckers' freedom of speech](https://twitter.com/punk6529/status/1494444624630403083)
- The Canadian government [grossly overreached against Canadian truckers' freedom of speech](https://twitter.com/punk6529/status/1494444624630403083).
- [Youtube-dl was banned by Github](https://www.eff.org/deeplinks/2020/11/github-reinstates-youtube-dl-after-riaas-abuse-dmca).
- [EFF Sues Proctorio on Behalf of Student It Falsely Accused of Copyright Infringement to Get Critical Tweets Taken Down](https://www.eff.org/press/releases/eff-sues-proctorio-behalf-student-it-falsely-accused-copyright-infringement-get).
## Get you a password manager for great security
## Index
1. Preliminiaries
- Introduction (^)
- Get a password manager
- Get an email
2. Get a server
- Register a domain
- Get a server
- Point your domain to your server
3. Set up a simple server
- Create and set up users
- Install nginx
- Get nginx working with a simple website
- Install TLS certificates
4. Into the rabbit hole
- Install plan9port
- Install werc
- Configure werc
- Install discount markdown
- Configure nginx to work with werc
- Install fcgi
## 1. Preliminaries
### Get you a password manager for great security
For this, I recommend [pass](https://www.passwordstore.org/) (see also the [archlinux wiki](https://wiki.archlinux.org/title/Pass)). Simple, secure.
## Get an email
[Protonmail](https://protonmail.com/) is fine.
To generate a password independent from pass:
```
function newpassword(){
characters="\!#\$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_\`abcdefghijklmnopqrstuvwxyz{|}~"
characters="\!#\$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_\abcdefghijklmnopqrstuvwxyz{|}~"
# ^ excludes `
length=25
read -r -n $length new_password < <(LC_ALL=C tr -dc "$characters" < /dev/urandom)
echo $new_password
@ -31,9 +63,17 @@ pass insert -m autarchy/protonmail ## Then save both the email address and the p
## You can then recall your password with pass show autarchy/protonmail
```
Mad Eye Moody recommends: Don't give Protonmail a backup email. But make sure to make backups of your passwords. You can access Protonmail over [Tor](https://torproject.org/) [here](https://mail.protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion). For previous steps, you can register an [XMPP identity](https://www.shad0w.io/). Better yet, do your own research on which services are the most secure.
Personally, I've found it useful to wrap `pass insert -m` into an extension for pass (pass [append]()). I also found it useful to have a utility for [searching passwords](). And, as always, [backup](https://github.com/8go/pass-backup) stuff.
## Register a domain
### Get an email
[Protonmail](https://protonmail.com/) is fine.
Mad Eye Moody recommends: Don't give Protonmail a backup email. Instead, make sure to make backups of your passwords. You can access Protonmail over [Tor](https://torproject.org/) [here](https://mail.protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion). For added paranoia, you can register an [XMPP identity](https://www.shad0w.io/) instead of an email address. Also, do your own research on which service providers are the most secure.
## 2. Get a server
### Register a domain
For zis, ve will use, of course, [njal.la](https://njal.la/). The're the non-evil twin brother of [Epik domains](https://www.epik.com/). From their [FAQ](https://njal.la/faq/):
@ -43,25 +83,22 @@ For zis, ve will use, of course, [njal.la](https://njal.la/). The're the non-evi
> We accept payments via Bitcoin, Litecoin, Monero, ZCash, DASH, Bitcoin Cash, Ethereum and Paypal.
They also have [a blog](https://njal.la/blog/) vere they record takedown requests:
![](https://njal.la/static/downloads/2019njetski/3.jpg)
All in all, zis is ze good shit.
They also have [a blog](https://njal.la/blog/) vere they record takedown requests. All in all, zis is ze good stuff.
For this, you will need to setup an account on njal.la, using the email you previously created
```
newpassword
pass insert -m autarchy/njalla-account ## save both password and user
## You can later recall this with pass show autarchy/njalla
## You can later recall this with pass show autarchy/njalla,
## or with pass reveal njalla if you installed that extension
```
Mad Eye Moody recommends: Use tornado cash (https://tornado.cash/) to anonymize your transaction history before paying njalla. Check which top-level domain names are more uncensorable (https://www.eff.org/files/2017/08/02/domain_registry_whitepaper.pdf). Ultimately, if we wanted further anonymity and uncensorability, we would [set up an onion service](https://community.torproject.org/onion-services/setup/).
Mad Eye Moody recommends: Use [tornado cash](https://tornado.cash/) to anonymize your transaction history before paying njalla. Check which top-level domain names are [more uncensorable](https://www.eff.org/files/2017/08/02/domain_registry_whitepaper.pdf) (from casual reading, I would go with .br, .cr , .is, .org, .ru, of which njalla supports only .org and .ru). If if we wanted further anonymity and uncensorability, [set up an onion service](https://community.torproject.org/onion-services/setup/).
## Step 2: Get a server
### Get a server
Previously, I have been using an Ubuntu server on [Digital Ocean](digitalocean.com), which offers servers from $5/month ($6/month including backups). But I have grown to dislike my system having 1GB worth of stuff that I don't understand. I also dislike wrangling with systemd services.
Previously, I had been using an Ubuntu server on [Digital Ocean](digitalocean.com), which offers servers from $5/month ($6/month including backups). But I have grown to dislike my system having 1GB worth of stuff that I don't understand. I also dislike wrangling with systemd services.
So I thought it would be fun to try Alpine Linux on [Njal.la's own servers](https://njal.la/servers/add/). This costs $15/month instead.
@ -69,11 +106,16 @@ When buying a server from Njalla, we need to name it. And we will name it [`rami
[^1]: Why Ramiel? Because Uriel is dead
### Point from your domain to your server.
Add a DNS record pointing from your domain to your server. In particular, you want an A record. Note that it might take a while for it to propagate, so at this point, you can either:
- Wait for ~24 until your server and domain name are connected
- Set up your users and a minimal nginx installation. This requires some additional fiddling, and I will not document it here.
## Step 3: Set up the server
Our setup will looks as follows:
![](https://i.imgur.com/69cnAw2.png)
### Set up a new user
We can connect to our server with
@ -89,13 +131,9 @@ apk add sudo
apk add git
```
Create a new user with root permissions
Strictly speaking you could do everything as root, but this feels dirty. Instead, we will create two new users, one root user for admin tasks, called `ramiel`, and one user for normal operation of web assets, named `www`. The below process probably contains some bugs, which stackoverflow or the alpine and arch linux wikis should solve.
### Add a new user with root permissions
Strictly speaking you could do everything as root, but this feels dirty. Instead, we will create two new users, one root user for admin tasks, called `ramiel`, and one user for normal operation of web assets, named `www`. The below process probably contains some bugs, which stackoverflow or the alpine/arch linux wiki should solve.
#### Create new user:
To create a new root user:
```
adduser ramiel
@ -105,24 +143,18 @@ mkdir -p /home/ramiel
mkdir /home/ramiel/.ssh
```
#### Give it wide permissions and add it to the sudoers group
Then, add `permit persist :wheel` to `/etc/doas.d/doas.conf`
Add `permit persist :wheel` to `/etc/doas.d/doas.conf`
Then use [visudo](https://unix.stackexchange.com/questions/27594/why-do-we-need-to-use-visudo-instead-of-directly-modifying-the-sudoers-file) to add `ramiel ALL=(ALL) ALL` to `/etc/sudoers`.
Then use `visudo` to edit `/etc/sudoers`, and add
```
ramiel ALL=(ALL) ALL
```
### Allow us to log in with ssh
Lastly, allow yourself to log into the server as this new user using ssh.
```
cp /root/.ssh/authorized_keys /home/ramiel/.ssh/authorized_keys
chown ramiel /home/ramiel/.ssh/authorized_keys
```
In `/etc/ssh/sshd_config`, change:
Then, in `/etc/ssh/sshd_config`, change:
```
PasswordAuthentication no
@ -143,23 +175,27 @@ service sshd restart
exit
```
Connect with our new user
And connect with your new user
```
ssh ramiel@your_ip
```
## Install nginx
### Install nginx
Here we make our first—of many—compromises with the suckless philosophy. Unlike simpler web servers, nginx is not suckless. However, I do have a job, and I'm choosing nginx because it has good integration with certbot, the certificates bot from the Electronic Freedom Foundation.
Here we make our first—of many—compromises with the [suckless](https://suckless.org/) philosophy. Unlike simpler web servers, nginx—pronounced "engine x"—is not suckless. However, I do have a job, and I'm choosing nginx because it is well documented, widely used, and has good integration with certbot, the certificates bot from the Electronic Freedom Foundation which allows me to have https (also perhaps not suckless).
To install nginx, follow instructions from [here](https://wiki.alpinelinux.org/wiki/Nginx). In this case, I chose to create a folder in the `/home/www` directory, rather than directly in `/www`. This is probably some residual scaredness from when I didn't want to play around too much with directories outside the home directory.
To install nginx, follow instructions from [here](https://wiki.alpinelinux.org/wiki/Nginx). Digital Ocean has a few good tutorials on how to get nginx up and running, e.g., [How To Install Nginx on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04). Steps are very similar on Alpine. Though Alpine doesn't have the `ufw` firewall, the package manager is called `apk`, not `apt`, and so on.
In this case, I chose to create a folder in the `/home/www` directory, rather than directly in `/www`. This is probably some residual scaredness from when I didn't want to play around too much with directories outside the home directory.
In any case, the commands I used to set up nginx were:
```
apk update
apk add nginx
adduser -D -g 'www' www
chown -R www:www /var/lib/nginx
chown -R www:www /var/lib/nginx ## This is important!!
mkdir /home/www
chown -R www:www /home/www
```
@ -168,6 +204,70 @@ We also want nginx to boot up at startup
```
rc-update add nginx default
rc-service nginx status
```
At this point, we can get a minimal website working. Create an `index.html` file somewhere, and use a nginx setup such as [this](https://github.com/NunoSempere/werc-1.5.0-tweaks/blob/master/etc/contrib/nginx/sites-available/nunosempere.com-simple) to check everything is working out ok. This is an important step, because it lets you check your work so far.
After some debugging, you should have a very simple yet fairly hard to censor website. Congratulations!
### Set up TLS
At this point, one might as well add TLS working, by following instructions such as those in [How To Secure Nginx with Let's Encrypt on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04).
Before you install SSL, you will need a DNS record, and in particular, an A record, pointing from your domain to your server. It might take a while for the DNS record to be updated; around 24 to 48 hours.
The commands for installing certificates are pretty trivial:
```
apk add --update python3 py3-pip
apk add certbot
pip install certbot-nginx
rc-service nginx stop
sudo certbot --nginx -d your-site.org
```
## 4. Into the rabbit hole
Our setup will looks as follows:
![](https://i.imgur.com/69cnAw2.png)
And the steps we will use to get this working are:
- Install plan9port
- Install werc
- Configure werc
- Install discount markdown
- Configure nginx to work with werc
- Install fcgi
Why am I using werc in Alpine linux rather than, I don't know, [Pelican](https://blog.getpelican.com/) on Debian, or [Jekyll](https://jekyllrb.com/) on Github Pages or [Gatsby](https://www.gatsbyjs.com/) on netlify? Because I am a sadomasochist, that's why. Proba
### Install plan9port
Plan9port is werc's key dependency. I might be able to get werc working with musl. But I can't be arsed. Instead, I am installing plan9port side by side with musl.
To install plan9port, add the following line:
```
https://dl-cdn.alpinelinux.org/alpine/v3.15/community/
```
to the `/etc/apk/repositories` file, to get access to community packages.
Then install plan9port
```
apk install plan9port
## https://pkgs.alpinelinux.org/package/v3.15/community/x86_64/plan9port
```
By default, plan9port gets installed to `/usr/lib/plan9/bin`. But we want the `rc` shell to be easily available:
```
cp /usr/lib/plan9/bin/rc /bin/rc
```
## Install werc
@ -196,7 +296,7 @@ git remote add
It's good discipline to keep track of changes which are more or less atomic. This facilitates you remembering what changes you've done, and allows you to contribute back.
Alternatively, pull in my tweaks:
Alternatively, pull in _my own personal tweaks_:
```
git init
@ -205,41 +305,16 @@ git remote add tweaks https://github.com/NunoSempere/werc-1.5.0-tweaks.git
git pull tweaks master
```
These tweaks are a bit opinionated (e.g., they assume that you will set-up https). But they also make daily work more pleasant. Proceed at your own caution.
These tweaks are a bit opinionated (e.g., they assume that you have set-up https). But they also make daily work more pleasant. Proceed at your own caution.
Mad Eye Moody recommends: Go through the [commit history](https://github.com/NunoSempere/werc-1.5.0-tweaks/commits/master) and pick and choose instead.
### Install plan9port
I might be able to get werc working with musl. But I can't be arsed. Instead, I am installing plan9port side by side.
Add the following line:
```
https://dl-cdn.alpinelinux.org/alpine/v3.15/community/
```
to the `/etc/apk/repositories` file, to get access to community packages.
Then install plan9port
```
apk install plan9port
## https://pkgs.alpinelinux.org/package/v3.15/community/x86_64/plan9port
```
By default, plan9port gets installed to `/usr/lib/plan9/bin`. But we want `rc` to be easily available:
```
cp /usr/lib/plan9/bin/rc /bin/rc
```
### Configure werc
There are several important configurations:
- Point to your plan9 binaries
- Whether to have a blog or not
- Decide whether to have a blog or not
- Whether to use http or https
- Whether to use [discount markdown](https://www.pell.portland.or.us/~orc/Code/discount/) or not, in which case you will have to install it
@ -253,44 +328,23 @@ vim initrc.local
## plan9port=/usr/lib/plan9
```
To enable blog functionality, follow instructions [here](https://werc.cat-v.org/apps/blagh/)
To use https instead of http, grep for http and change it all to https. Find the necessary files using `grep http -R bin/`, or have a look at [this git commit](https://github.com/NunoSempere/werc-1.5.0-tweaks/commit/18893f3192721144e82497dce751864faa4437e4)
Personally, I'm a fan of discount markdown, because it has a few more features than the default awk markdown parser. To install discount markdown, run
```
apk install discount
```
And then have a look at [this commit](https://github.com/NunoSempere/werc-1.5.0-tweaks/commit/f492aa962b4c0627dd013f074c0d01000f6e70fe) for the necessary changes.
## Configure nginx to work with werc
[Here](https://github.com/NunoSempere/werc-1.5.0-tweaks/tree/master/etc/contrib/nginx) is an example working configuration, i.e., the contents of my `/etc/nginx`
Configuring nginx to work with werc is the tricky part. Luckily, [here](https://github.com/NunoSempere/werc-1.5.0-tweaks/tree/master/etc/contrib/nginx) is an example working configuration, i.e., the contents of my `/etc/nginx`. Best of luck!
Here, I would recommend:
1. Get nginx up and running with a simple website using somethng like [this](https://github.com/NunoSempere/werc-1.5.0-tweaks/blob/master/etc/contrib/nginx/sites-available/nunosempere.com-simple)
2. Set it up to use werc with fastcgi
3. Add a DNS record pointing from your domain to your server
4. Add SSL/TSL certificates using certbot
5. Switch werc to https
Digital Ocean has a few good tutorials on how to get nginx up and running:
- [How To Install Nginx on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04)
- [How To Secure Nginx with Let's Encrypt on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04)
Steps are very similar on Alpine. Though, e.g., Alpine doesn't have the `ufw` firewall, and so on.
Before you install SSL, you will need a DNS record, and in particular, an A record, pointing from your domain to your server. It might take a while for the DNS record to be updated; around 24 to 48 hours.
The commands for installing certificates are pretty trivial:
```
apk add --update python3 py3-pip
apk add certbot
pip install certbot-nginx
rc-service nginx stop
sudo certbot --nginx -d your-site.org
```
```
sudo apk add spawn-fcgi
sudo apk add fcgiwrap
```
### Installing fcgi
One of the key pieces to connect nginx and werc is [fcgi](https://wikiless.org/wiki/FastCGI?lang=en) (fast common gateway interface). It can be installed with
```
sudo apk add spawn-fcgi
@ -331,7 +385,7 @@ case $1 in
esac
```
into `spawn-fcgi2`, and then:
into a new file, `spawn-fcgi2`, and then:
```
mv spawn-fcgi2 /etc/init.d/spawn-fcgi2
@ -340,6 +394,17 @@ sudo chmod 755 spawn-fcgi2
sudo rc-update add spawn-fcgi2
```
## Install discount markdown
Installing fcgi, copying [my configuration](https://github.com/NunoSempere/werc-1.5.0-tweaks/tree/master/etc/contrib/nginx) and making the relevant changes probably still requires some tweaking and debugging. For instance, it's necessary that the nginx folder is owned by the `www` user. If someone wants to document this better, I welcome improvements.
## Debug problems
## Backups
Backups, and then backups for the backups. For this, I would recommend some combination of:
- [tarsnap](https://www.tarsnap.com/)
- an online git service, like GitHub, GitLab or Codeberg
- a local git repository in a different machine
- [ipfs](https://ipfs.io/)
## Conclusion
We have seen how to create a website which is decently anonymous and hard to attack. This isn't secure enough to support a drug empire (unless?), but it should be secure enough to post slightly edgy content online. We did this the hard way in order to not rely on services like WordPress or Netlify, which would probably buckle under external pressure.

345
.secret/how-to.old.md Normal file
View File

@ -0,0 +1,345 @@
# How to create an autarchic website: the easy way
> Where to host the blog: Our Recommendation: Use Substack or try out a hosted Ghost website—its a Goldilocks solution of easy-to-use but highly customizable. Ghost makes for a great portfolio site, blog, and newsletter service.
[Effective Ideas: Where to host the blog](https://effectiveideas.org/how-to-start-a-blog/#pt3)
Fuck that. Vat do I vant, and in vat order? Uncensorability, ability to ramp up degrees of privacy and paranoia, control over ze whole stack, and finally, ze modern comforts. Vith that in mind, I present: Doctor Nefarious' guide to uncensorability.
What is this meant for? Some recent examples:
- [Youtube-dl being banned by Github](https://www.eff.org/deeplinks/2020/11/github-reinstates-youtube-dl-after-riaas-abuse-dmca)
- The Canadian government [fucking around with Canadian truckers' freedom of speech](https://twitter.com/punk6529/status/1494444624630403083)
## Get you a password manager for great security
For this, I recommend [pass](https://www.passwordstore.org/) (see also the [archlinux wiki](https://wiki.archlinux.org/title/Pass)). Simple, secure.
## Get an email
[Protonmail](https://protonmail.com/) is fine.
```
function newpassword(){
characters="\!#\$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_\`abcdefghijklmnopqrstuvwxyz{|}~"
length=25
read -r -n $length new_password < <(LC_ALL=C tr -dc "$characters" < /dev/urandom)
echo $new_password
} ## Taken from pass generate. Maybe save this in your .bashrc
newpassword
pass insert -m autarchy/protonmail ## Then save both the email address and the password.
## You can then recall your password with pass show autarchy/protonmail
```
Mad Eye Moody recommends: Don't give Protonmail a backup email. But make sure to make backups of your passwords. You can access Protonmail over [Tor](https://torproject.org/) [here](https://mail.protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion). For previous steps, you can register an [XMPP identity](https://www.shad0w.io/). Better yet, do your own research on which services are the most secure.
## Register a domain
For zis, ve will use, of course, [njal.la](https://njal.la/). The're the non-evil twin brother of [Epik domains](https://www.epik.com/). From their [FAQ](https://njal.la/faq/):
> We're a team of committed internet activists and we're also involved in other privacy projects such as the IPredator VPN service. Some of us have also been involved in projects like The Pirate Bay and Piratbyrån to mention a few things.
> We support signing up for our service using email or XMPP (and yes, we use OTR). For email we also support PGP so all of our outgoing email will be signed and encrypted.
> We accept payments via Bitcoin, Litecoin, Monero, ZCash, DASH, Bitcoin Cash, Ethereum and Paypal.
They also have [a blog](https://njal.la/blog/) vere they record takedown requests:
![](https://njal.la/static/downloads/2019njetski/3.jpg)
All in all, zis is ze good shit.
For this, you will need to setup an account on njal.la, using the email you previously created
```
newpassword
pass insert -m autarchy/njalla-account ## save both password and user
## You can later recall this with pass show autarchy/njalla
```
Mad Eye Moody recommends: Use tornado cash (https://tornado.cash/) to anonymize your transaction history before paying njalla. Check which top-level domain names are more uncensorable (https://www.eff.org/files/2017/08/02/domain_registry_whitepaper.pdf). Ultimately, if we wanted further anonymity and uncensorability, we would [set up an onion service](https://community.torproject.org/onion-services/setup/).
## Step 2: Get a server
Previously, I have been using an Ubuntu server on [Digital Ocean](digitalocean.com), which offers servers from $5/month ($6/month including backups). But I have grown to dislike my system having 1GB worth of stuff that I don't understand. I also dislike wrangling with systemd services.
So I thought it would be fun to try Alpine Linux on [Njal.la's own servers](https://njal.la/servers/add/). This costs $15/month instead.
When buying a server from Njalla, we need to name it. And we will name it [`ramiel`](https://en.wikipedia.org/wiki/Ramiel) [^1]. We will also need to generate an ssh key to connect to it. The command to do this is `ssh-keygen -t ed25519`. After paying for our server, we'll want to set up payment to autorenew.
[^1]: Why Ramiel? Because Uriel is dead
## Step 3: Set up the server
Our setup will looks as follows:
![](https://i.imgur.com/69cnAw2.png)
We can connect to our server with
```
ssh root@your_ip
```
Then add some essential tooling:
```
apk add vim
apk add sudo
apk add git
```
Create a new user with root permissions
### Add a new user with root permissions
Strictly speaking you could do everything as root, but this feels dirty. Instead, we will create two new users, one root user for admin tasks, called `ramiel`, and one user for normal operation of web assets, named `www`. The below process probably contains some bugs, which stackoverflow or the alpine/arch linux wiki should solve.
#### Create new user:
```
adduser ramiel
apk add doas
adduser ramiel wheel
mkdir -p /home/ramiel
mkdir /home/ramiel/.ssh
```
#### Give it wide permissions and add it to the sudoers group
Add `permit persist :wheel` to `/etc/doas.d/doas.conf`
Then use `visudo` to edit `/etc/sudoers`, and add
```
ramiel ALL=(ALL) ALL
```
### Allow us to log in with ssh
```
cp /root/.ssh/authorized_keys /home/ramiel/.ssh/authorized_keys
chown ramiel /home/ramiel/.ssh/authorized_keys
```
In `/etc/ssh/sshd_config`, change:
```
PasswordAuthentication no
PermitRootLogin prohibit-password
```
to:
```
PasswordAuthentication no
PermitRootLogin yes
```
Then restart the ssh service
```
service sshd restart
exit
```
Connect with our new user
```
ssh ramiel@your_ip
```
## Install nginx
Here we make our first—of many—compromises with the suckless philosophy. Unlike simpler web servers, nginx is not suckless. However, I do have a job, and I'm choosing nginx because it has good integration with certbot, the certificates bot from the Electronic Freedom Foundation.
To install nginx, follow instructions from [here](https://wiki.alpinelinux.org/wiki/Nginx). In this case, I chose to create a folder in the `/home/www` directory, rather than directly in `/www`. This is probably some residual scaredness from when I didn't want to play around too much with directories outside the home directory.
```
apk update
apk add nginx
adduser -D -g 'www' www
chown -R www:www /var/lib/nginx
mkdir /home/www
chown -R www:www /home/www
```
We also want nginx to boot up at startup
```
rc-update add nginx default
```
## Install werc
[Werc](https://werc.cat-v.org/) is a work of genius by the mad architect Uriel. It describes itself as a "a minimalist web anti-framework built following the Unix and Plan 9 tool philosophy of software design". It is a more hardcore version of Jekyll, Pelican, Blogger, or Wordpress.
```
cd /home/www
mkdir werc
cd werc
wget --no-check-certificate https://werc.cat-v.org/download/werc-1.5.0.tar.gz
sha512sum werc-1.5.0.tar.gz
## 06695bf0798d28821500d84339f873a712ceb53cec6dc5bc641a47945a811515657e749c1d8c6cfeba42432ec8557397db9231ff4b5d2eec581a5ff063ab6648 werc-1.5.0.tar.gz
tar x -f werc-1.5.0.tar.gz
cd werc-1.5.0
```
Initialize a git repository
```
git init
git add .
git commit -m "feat: start keeping track of atomic changes on top of werc-1.5.0"
git remote add
```
It's good discipline to keep track of changes which are more or less atomic. This facilitates you remembering what changes you've done, and allows you to contribute back.
Alternatively, pull in my tweaks:
```
git init
git add .
git remote add tweaks https://github.com/NunoSempere/werc-1.5.0-tweaks.git
git pull tweaks master
```
These tweaks are a bit opinionated (e.g., they assume that you will set-up https). But they also make daily work more pleasant. Proceed at your own caution.
Mad Eye Moody recommends: Go through the [commit history](https://github.com/NunoSempere/werc-1.5.0-tweaks/commits/master) and pick and choose instead.
### Install plan9port
I might be able to get werc working with musl. But I can't be arsed. Instead, I am installing plan9port side by side.
Add the following line:
```
https://dl-cdn.alpinelinux.org/alpine/v3.15/community/
```
to the `/etc/apk/repositories` file, to get access to community packages.
Then install plan9port
```
apk install plan9port
## https://pkgs.alpinelinux.org/package/v3.15/community/x86_64/plan9port
```
By default, plan9port gets installed to `/usr/lib/plan9/bin`. But we want `rc` to be easily available:
```
cp /usr/lib/plan9/bin/rc /bin/rc
```
### Configure werc
There are several important configurations:
- Point to your plan9 binaries
- Whether to have a blog or not
- Whether to use http or https
- Whether to use [discount markdown](https://www.pell.portland.or.us/~orc/Code/discount/) or not, in which case you will have to install it
Of these, the more important is the first one. To let werc know where your plan9 binaries are installed
```
cd /home/www/werc/werc-1.5.0/etc/
cp initrc initrc.local
vim initrc.local
## Change one of the first lines to:
## plan9port=/usr/lib/plan9
```
## Configure nginx to work with werc
[Here](https://github.com/NunoSempere/werc-1.5.0-tweaks/tree/master/etc/contrib/nginx) is an example working configuration, i.e., the contents of my `/etc/nginx`
Here, I would recommend:
1. Get nginx up and running with a simple website using somethng like [this](https://github.com/NunoSempere/werc-1.5.0-tweaks/blob/master/etc/contrib/nginx/sites-available/nunosempere.com-simple)
2. Set it up to use werc with fastcgi
3. Add a DNS record pointing from your domain to your server
4. Add SSL/TSL certificates using certbot
5. Switch werc to https
Digital Ocean has a few good tutorials on how to get nginx up and running:
- [How To Install Nginx on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04)
- [How To Secure Nginx with Let's Encrypt on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04)
Steps are very similar on Alpine. Though, e.g., Alpine doesn't have the `ufw` firewall, and so on.
Before you install SSL, you will need a DNS record, and in particular, an A record, pointing from your domain to your server. It might take a while for the DNS record to be updated; around 24 to 48 hours.
The commands for installing certificates are pretty trivial:
```
apk add --update python3 py3-pip
apk add certbot
pip install certbot-nginx
rc-service nginx stop
sudo certbot --nginx -d your-site.org
```
```
sudo apk add spawn-fcgi
sudo apk add fcgiwrap
```
### Installing fcgi
```
sudo apk add spawn-fcgi
sudo apk add fcgiwrap
```
You can then spawn this with
```
/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -f /usr/bin/fcgiwrap
```
Alternatively, and more conveniently, you can set this up so that fcgi is spawned when the system starts. To do so, copy the following:
```
#!/sbin/openrc-run
## move to /etc/init.d/spawn-fcgi2
## Then sudo rc-update add spawn-fcgi2
## test with sudo rc-service spawn-fcgi2 start
## and sudo rc-service spawn-fcgi2 stop
PID_file="/var/tmp/spawn"
depend() {
need net
}
start() {
/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -f /usr/bin/fcgiwrap -P "$PID_file"
}
stop() {
kill -15 "$(cat "$PID_file")"
rm "$PID_file"
}
case $1 in
start|stop) "$1" ;;
esac
```
into `spawn-fcgi2`, and then:
```
mv spawn-fcgi2 /etc/init.d/spawn-fcgi2
cd /etc/init.d
sudo chmod 755 spawn-fcgi2
sudo rc-update add spawn-fcgi2
```
## Install discount markdown
## Debug problems

4
_werc/config
View File

@ -1,3 +1,3 @@
masterSite=nunosempere.com
siteTitle='Measure'
siteSubTitle='is unceasing'
siteTitle='Measure is unceasing'
siteSubTitle=''

9
_werc/lib/top_bar.inc → _werc/lib/top_bar_old.inc
View File

@ -1,15 +1,10 @@
<div class="hidden-mobile">
<div>
<a href="https://forum.effectivealtruism.org/users/nunosempere">ea forum</a> |
<a href="https://forum.effectivealtruism.org/users/nunosempere">EA forum</a> |
<a href="https://forecasting.substack.com/">forecasting newsletter</a> |
<a href="https://github.com/">github</a> |
<a href="https://github.com/NunoSempere">github</a> |
<a href="https://metaforecast.org/">metaforecast</a> |
<a href="https://quantifieduncertainty.org/">quantified uncertainty</a> |
<a href="https://twitter.com/NunoSempere">twitter</a>
</div>
<div>
<a href="/about">about</a> |
<a href="/sitemap">site map</a>
</div>
</div>

BIN
blog/2022/05/20/infinite-ethics-101/.images/infinite-ethics.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 216 KiB

69
blog/2022/05/20/infinite-ethics-101/index.md Normal file
View File

@ -0,0 +1,69 @@
Infinite Ethics 101: Stochastic and Statewise Dominance as a Backup Decision Theory when Expected Values Fail
====
In [Exceeding expectations: stochastic dominance as a general decision theory](https://globalprioritiesinstitute.org/wp-content/uploads/Christian-Tarsney_Exceeding-expectations-stochastic-dominance-as-a-general-decision-theory.pdf), Christian Tarsney presents stochastic dominance (to be defined) as a total replacement for expected value as a decision theory. He wants to argue that one decision is only rationally better as another one when it is stochastically dominant. For this, he needs to say that the choiceworthiness of a decision (how rational it is) is undefined in the case where one decision doesn't stochastically dominate another one.
I think this is absurd, and perhaps determined by academic incentives to produce more eye-popping claims rather than more restricted incremental improvements. Still, I thought that the paper made some good points about us still being able to make decisions even when expected values stop being informative. It was also my introduction to extending rational decision-making to infinite cases, and a great introduction at that. Below, I outline my rudimentary understanding of these topics.
![](https://i.imgur.com/9Uc0znM.png)
## Where expected values fail.
Consider a choice between:
- A: 1 utilon with probability 1/2, 2 utilons with probability 1/4th, 4 utilons with probability 1/8th, etc. The expected value of this choice is 1 × 1/2 + 2 × 1/4 + 4 × 1/8 + ... = 1/2 + 1/2 + 1/2 + ... = ∞
- B: 2 utilons with probability 1/2, 4 utilons with probability 1/4th, 8 utilons with probability 1/8th, etc. The expected value of this choice is 2 × 1/2 + 2 × 1/4 + 4 × 1/8 + ... = 1 + 1 + 1 + ... = ∞
So the expected value of choice A is ∞, as is the expected value of choice B. And yet, B is clearly preferable to A. What gives?
## Statewise dominance
Suppose that in the above case, there were different possible states, as if the payoffs for A and B were determined by the same coin throws:
- State i: A gets 1, B gets 2
- State ii: A gets 2, B gets 4
- State iii: A gets 4, B gets 8,
- State i^n: A gets 2^n, B gets 2 × 2^n.
Then in this case, B dominates A in every possible state. This is a reasonable decision principle that we can reach to ground our decision to choose B over A.
## Stochastic dominance
O stochastically dominates P if:
1. For any payoff x, the probability that O yields a payoff at least as good as x is equal
to or greater than the probability that P yields a payoff at least as good as x, and
2. For some payoff x, the probability that O yields a payoff at least as good as x is
strictly greater than the probability that P yields a payoff at least as good as x.
or, in math notation:
1. ∀x, Probability(Payoff(O) ≥ x) ≥ Probability(Payoff(P) ≥ x))
2. ∃x such that Probability(Payoff(O) ≥ x) > Probability(Payoff(P) ≥ x))
This captures a notion that O is, in a sense, strictly better than P, probabilistically.
In the case of A and B above, if their payoffs were determined by throwing independent coins:
- There is a 100% chance that B yields a payoff ≥ 1, and 100% that A yields a payoff ≥ 1
- There is a 50% chance that B yields a payoff ≥ 2, but only a 25% chance that A yields a payoff ≥ 2
- There is a 25% chance that B yields a payoff ≥ 4, but only a 12.5% chance that A yields a payoff ≥ 4
- There is a 12.5% chance that B yields a payoff ≥ 8, but only a 6.26% chance that A does so.
- There is a 1/2^n chance that B yields a payoff ≥ 2^n, but only a 1/2^(n+1) chance that A does so.
So the probability that B gets increasingly better outcomes is higher than the probability that A will do so. So in this case, B stochastically dominates A. Stochastic dominance is thus another decision principle that we could reach to compare choices with infinite expected values.
## Gaps left
The above notions of stochastic and statewise dominance could be expanded and improved. For instance, we could ignore a finite number of comparisons going the other way if the expected value of those options was finite but the expected value of the whole thing was infinite. For instance, in the following comparison:
- A: 100 utilons with probability 1/2, 2 utilons with probability 1/4th, 4 utilons with probability 1/8th, etc. The expected value of this choice is 1 × 1/2 + 2 × 1/4 + 4 × 1/8 + ... = 1/2 + 1/2 + 1/2 + ... = ∞
- B: 2 utilons with probability 1/2, 4 utilons with probability 1/4th, 8 utilons with probability 1/8th, etc. The expected value of this choice is 2 × 1/2 + 2 × 1/4 + 4 × 1/8 + ... = 1 + 1 + 1 + ... = ∞
I would still say that B is preferable to A in that case. And my impression is that there are many similar principles one could reach to, in order to resolve many but not all comparisons between infinite sequences.
---
Exercise for the reader: Come up with two infinite sequences which cannot be compared using statewise or stochastic dominance, or similar principles.
You can comment on this post in the [EA Forum](https://forum.effectivealtruism.org/posts/GseREh8MEEuLCZayf/nunosempere-s-shortform?commentId=BMEaMkB8Fdrz7oanw).

BIN
blog/2022/06/03/forecasting-newsletter-may-2022/images/a021b9280ea6e599748f6145cf2f47a435012268.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

BIN
blog/2022/06/03/forecasting-newsletter-may-2022/images/d0fb1dc864cc1a90611d8673f1402c76f12d3958.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 103 KiB

BIN
blog/2022/06/03/forecasting-newsletter-may-2022/images/d4bfc0829791b7017bd2a8c5074a81818ee63e06.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

120
blog/2022/06/03/forecasting-newsletter-may-2022/index.md Normal file
View File

@ -0,0 +1,120 @@
Forecasting Newsletter: May 2022
==============
## Highlights
* Metaculus forecaster warns about [boasting about non-existent forecasting track records](https://www.lesswrong.com/posts/ZEgQGAjQm5rTAnGuM/beware-boasting-about-non-existent-forecasting-track-records)
* Nick Bosse and others release a [comprehensive R package for scoring forecasts](https://github.com/epiforecasts/scoringutils)
* Open Philanthropy is requesting [proposals for quantifying biological risks](https://forum.effectivealtruism.org/posts/xFsmibHafAu8APgiS/request-for-proposals-help-open-philanthropy-quantify) (deadline 5th of June)
* The Survival and Flourishing Fund gave [a bit over $1M](https://survivalandflourishing.fund/sff-2022-h1-recommendations) to forecasting projects
* Kalshi was profiled by [Bloomberg](https://www.bloomberg.com/news/features/2022-05-26/kalshi-s-stock-market-of-the-world-let-s-you-bet-on-anything)
## Index
* The state of forecasting
* Platform by platform updates
* Ephemeral content
* Long content
You can sign up for this newsletter on [substack](https://forecasting.substack.com), or browse past newsletters [here](https://forum.effectivealtruism.org/s/HXtZvHqsKwtAYP6Y7). If you have a content suggestion or want to reach out, you can leave a comment or find me on [Twitter](https://twitter.com/NunoSempere).
## The state of forecasting
Applying to the [FTX Future Fund](https://ftxfuturefund.org/) ([a](http://web.archive.org/web/20220411191549/https://ftxfuturefund.org/)) with forecasting projects is still a good idea.
The Survival and Flourishing Fund donated [a bit over $1M to forecasting projects](https://survivalandflourishing.fund/sff-2022-h1-recommendations) ([a](https://archive.is/KEV3I)): $461k to the [Quantified Uncertainty Research Insitute](https://quantifieduncertainty.org/) (my org), $346k to the [Social Science Prediction Platform](https://socialscienceprediction.org/), and $343k towards [Manifold Markets](https://manifold.markets/). From what I can tell, the funding generally came much later than expected, and thus was less useful. For instance, Manifold Markets has already carried out a [funding round](https://news.manifold.markets/p/above-the-fold-seeded?s=r).
Blockchain-based prediction markets continue popping up. Some never leave the beta phase. For example, this month I stumbled upon [Oracula](https://beta.oracula.io/) ([a](http://web.archive.org/web/20220507150908/https://beta.oracula.io/)) and [Presaga](https://www.presaga.app/) ([a](http://web.archive.org/web/20220215130205/https://www.presaga.app/)). On the one hand, having many fragmented real-money prediction markets seems good for the traders who are skilled at arbitrage. But on the other hand, it seems likely that prediction markets might have some features of a winner-take-all dynamics: bettors will want to bet where other people are betting.
Amongst friends and colleagues working in the forecasting space, I am also noticing that there is an incentive towards creating new organizations, rather than taking part in organizations that already exist. I think this might be because it sounds more prestigious to lead one's own small organization and because one can otherwise capture a larger share of the value that one creates. But I think that creating many micro-organizations creates less value overall because the operations burden is greater. [Here](https://www.facebook.com/ozzie.gooen/posts/pfbid02rDvhYZekLU4SKYYMgouY7gndxkqxJsumqGdRf4A8GLRHTUMfxBQDa9UKVwy8YBdNl) is a post by my boss on a similar topic.
## Platform by platform updates
Metaculus rapidly created forecasts about the [new monkeypox outbreak](https://www.metaculus.com/questions/?search=cat:bio--infectious-disease--monkeypox). Besides this, Metaculus updated its [social media previews](https://twitter.com/TetraspaceWest/status/1523115069252734977) ([a](http://web.archive.org/web/20220508013912/https://twitter.com/TetraspaceWest/status/1523115069252734977)), its journal spawned a [podcast](https://podcasts.apple.com/us/podcast/the-metaculus-journal/id1620850917) ([a](http://web.archive.org/web/20220603013516/https://podcasts.apple.com/us/podcast/the-metaculus-journal/id1620850917)), and its CEO wrote an essay on [Forecasting, Science, and Epistemology](https://metaculus.medium.com/forecasting-science-and-epistemology-d962de541a1f) ([a](http://web.archive.org/web/20220603013055/https://metaculus.medium.com/forecasting-science-and-epistemology-d962de541a1f)).
Manifold added some categories to organize their markets, added the possibility of replying to comments, moved to Algolia for market search, added one-click betting, added a numeric (rather than pointwise) market type, and added embedded markets in the EA forum. A hat-tip to David, who maintains a nice to read [newsletter](https://news.manifold.markets/) ([a](http://web.archive.org/web/20220603013524/https://news.manifold.markets/)) on Manifold's progress. Honestly, I'm not sure I even should be covering Manifold's individual platform improvements rather than remarking that their development speed seems to still be much faster than that of other platforms. Manifold's team also [visited the Bahamas](https://news.manifold.markets/p/above-the-fold-bahamas-edition?s=r) ([a](http://web.archive.org/web/20220603013548/https://news.manifold.markets/p/above-the-fold-bahamas-edition?s=r)).
INFER hosted a discussion on [Reasserting U.S. Leadership in Microelectronics](https://www.youtube.com/watch?v=5QKFFWISwhc) ([a](http://web.archive.org/web/20220603013307/https://www.youtube.com/watch?v=5QKFFWISwhc)). It also talks about the [race for AI dominance](https://mailchi.mp/cultivatelabs/2ejh0318wr-8876713?e=6a740e6197) ([a](http://web.archive.org/web/20220603013104/https://mailchi.mp/cultivatelabs/2ejh0318wr-8876713?e=6a740e6197)) in its newsletter. Conditional on a US/China AI race occurring, I would want the US to win it. But I would rather prefer there to not be such a race. So I'm not sure how to feel about various organizations around the EA (Effective Altruism) sphere, such as INFER, CSET or the Institute for Progress using bellicose and adversarial language and strategies. For instance, one can frame one's positions and justify ones usefulness with reference to what the US needs to do in order to maintain its superiority over China. This might appeal to Republicans worried about national security, but also make non-adversarial framings more difficult to see.
Good Judgment Open has some analysis of whether Putin will cease to be president of the Russian Federation before 2023. See [here](https://www.gjopen.com/comments/1447459) ([a](http://web.archive.org/web/20220603013854/https://www.gjopen.com/comments/1447459)) for a comment arguing that this is ~5% unlikely and [here](https://www.gjopen.com/comments/1449378) ([a](http://web.archive.org/web/20220603013947/https://www.gjopen.com/comments/1449378)) for a comment that this is ~70% likely.
Kalshi was profiled by [Bloomberg](https://www.bloomberg.com/news/features/2022-05-26/kalshi-s-stock-market-of-the-world-let-s-you-bet-on-anything) ([a](http://web.archive.org/web/20220527013329/https://www.bloomberg.com/news/features/2022-05-26/kalshi-s-stock-market-of-the-world-let-s-you-bet-on-anything)). The article is very much worth reading: it gives a nice view of Kalshi's journey, and reveals some interesting details about the regulatory morass that Kalshi had to deal with.
The Bloomberg article also references a frankly embarrassing [2012 CFTC order](https://www.cftc.gov/sites/default/files/stellent/groups/public/@rulesandproducts/documents/ifdocs/nadexorder040212.pdf) ([a](http://web.archive.org/web/20220120141804/https://www.cftc.gov/sites/default/files/stellent/groups/public/@rulesandproducts/documents/ifdocs/nadexorder040212.pdf)) prohibiting [Nadex](https://wikipedia.org/wiki/Nadex) from offering contracts on binary outcomes, because they deemed it to be "against the public interest". The order stated:
> "there is no situation in which the Political Event Contracts' prices could form the basis for the pricing of a commercial transaction involving a physical commodity, financial asset or service, which demonstrates that the Political Event Contracts have no price basing utility".
Kalshi also made an [Arbitrage calculator](https://docs.google.com/spreadsheets/d/12dgV-9aeP5GkqmahK7M77_u2rwuBkoycwQEr56hJamo/edit#gid=0) between markets that were on PredictIt and now are also on Kalshi.
## Ephemeral content
Open Philanthropy is requesting [proposals for quantifying biological risks](https://forum.effectivealtruism.org/posts/xFsmibHafAu8APgiS/request-for-proposals-help-open-philanthropy-quantify) ([a](http://web.archive.org/web/20220603012244/https://forum.effectivealtruism.org/posts/xFsmibHafAu8APgiS/request-for-proposals-help-open-philanthropy-quantify)). The deadline to apply is June 5th. I think it wouldn't be that hard to assemble a good team to do this, If you are interested, leave a comment or send me an email at forecasting.newsletter@protonmail.com.
[Strippers explain how strip clubs can be a 'leading indicator' in forecasting a recession](https://www.newshub.co.nz/home/lifestyle/2022/05/strippers-explain-how-strip-clubs-can-be-a-leading-indicator-in-forecasting-a-recession.html) ([a](http://web.archive.org/web/20220603012317/https://www.newshub.co.nz/home/lifestyle/2022/05/strippers-explain-how-strip-clubs-can-be-a-leading-indicator-in-forecasting-a-recession.html)):
> Some strippers believe a recession is guaranteed because strip clubs are emptying—a "leading indicator" there is an economic downturn.
>
> …
>
> "I had a friend who stopped stripping after the 2008 housing crash. She said it was not worth dealing with men. Prior to that she was making over $2k and up a night, she said went down to $300/night. She got out quick. Definitely a good indicator how the economy is doing,"
Chris Brunett, a conservative economics blogger with a penchant for sensationalism, writes about [Turning $1,000 to $10,000 on Insight Prediction](https://karlstack.substack.com/p/turning-1000-to-10000-on-insight) ([a](http://web.archive.org/web/20220521055606/https://karlstack.substack.com/p/turning-1000-to-10000-on-insight)). Note that he hasn't yet done 10x his initial pot, but rather is aiming to do so.
More interestingly, he is creating a [speculative financial instrument](https://karlstack.substack.com/p/karlstack-is-building-a-memecoin) ([a](http://web.archive.org/web/20220525161826/https://karlstack.substack.com/p/karlstack-is-building-a-memecoin)) through which he is allowing others to buy into his proto-hedge fund. To be clear, I emphatically do **not** recommend that people invest in this: Brunet's forecasting track record is a bit spotty, the smart contracts he uses allows him to create infinite money, and the legal status of the whole thing is dubious. That said, it is an interesting and innovative instrument, I'm intrigued about where it will go, and I dont expect Brunett to cheat investors.
Czech Priorities has an [update on their forecasting work](https://forum.effectivealtruism.org/posts/6meqpK339FnQpZ4kv/czech-forecasting-project-summary) ([a](http://web.archive.org/web/20220518092351/https://forum.effectivealtruism.org/posts/6meqpK339FnQpZ4kv/czech-forecasting-project-summary)) trying to influence the Czech government.
![](images/d4bfc0829791b7017bd2a8c5074a81818ee63e06.png)
Note that incidents are declassified 1025 years after they happen.
Peter Wildeford looks at the [chances of accidental nuclear war](https://forum.effectivealtruism.org/posts/woBYNgqjgvryF6aav/the-chance-of-accidental-nuclear-war-has-been-going-down) ([a](http://web.archive.org/web/20220602022519/https://forum.effectivealtruism.org/posts/woBYNgqjgvryF6aav/the-chance-of-accidental-nuclear-war-has-been-going-down)), by giving the chance of a nuclear incident based on the historical frequency of close calls using Laplace's law, and then another application of Laplaces law to the chance that a nuclear close call will escalate. Personally, Id be a bit higher than him because of [anthropic effects](https://forum.effectivealtruism.org/posts/woBYNgqjgvryF6aav/the-chance-of-accidental-nuclear-war-has-been-going-down?commentId=Lpuq8GfEjvZZMKwh2#comments).
[@botec\_horseman](https://twitter.com/botec_horseman) ([a](http://web.archive.org/web/20220603170528/https://twitter.com/botec_horseman)) is a new Twitter account dedicated to Back Of The Envelope (BOTEC) estimates. h/t Nathan Young.
[Is AI Progress Impossible To Predict?](https://www.lesswrong.com/posts/G993PFTwqqdQv4eTg/is-ai-progress-impossible-to-predict) ([a](http://web.archive.org/web/20220602171145/https://www.lesswrong.com/posts/G993PFTwqqdQv4eTg/is-ai-progress-impossible-to-predict)):
> Could we forecast AI progress ahead of time by seeing how each task gets better with model size, draw out the curve, and calculate which size model is needed to reach human performance?
>
> I tried this, and apparently the answer is no. In fact, whether AI has improved on a task recently gives us exactly zero predictive power for how much the next model will improve on the same task
[NOAA predicts above-normal 2022 Atlantic Hurricane Season](https://www.noaa.gov/news-release/noaa-predicts-above-normal-2022-atlantic-hurricane-season) ([a](http://web.archive.org/web/20220603132541/https://www.noaa.gov/news-release/noaa-predicts-above-normal-2022-atlantic-hurricane-season)). "Forecasters at NOAAs Climate Prediction Center, a division of the National Weather Service, are predicting above-average hurricane activity this year — **which would make it the seventh consecutive above-average hurricane season**" (emphasis mine).
## Long content
Jotto, an experienced Metaculus forecaster, cautions against [boasting about non-existent forecasting track records](https://www.lesswrong.com/posts/ZEgQGAjQm5rTAnGuM/beware-boasting-about-non-existent-forecasting-track-records) ([a](http://web.archive.org/web/20220602083227/https://www.lesswrong.com/posts/ZEgQGAjQm5rTAnGuM/beware-boasting-about-non-existent-forecasting-track-records)):
> If they want forecaster prestige, their forecasts must be:
>
> * Pre-registered,
> * So unambiguous that people actually agree whether the event "happened",
> * With probabilities and numbers so we can gauge calibration,
> * And include enough forecasts that it's not just a fluke or cherry-picking.
>
> When Eliezer Yudkowsky talks about forecasting AI, he has several times claimed implied he has a great forecasting track record. But a meaningful "forecasting track record" has well-known and very specific requirements, and Eliezer doesn't show these.
Nick Bosse and others release a [comprehensive R package for scoring forecasts](https://github.com/epiforecasts/scoringutils) ([a](http://web.archive.org/web/20220603012339/https://github.com/epiforecasts/scoringutils)) ([twitter](https://twitter.com/nikosbosse/status/1526511848144642051) ([a](http://web.archive.org/web/20220603012652/https://twitter.com/nikosbosse/status/1526511848144642051)), [CRAN](https://cran.r-project.org/web/packages/scoringutils/index.html) ([a](http://web.archive.org/web/20220603013058/https://cran.r-project.org/web/packages/scoringutils/index.html)), [accompanying arxiv paper](https://arxiv.org/abs/2205.07090) ([a](http://web.archive.org/web/20220603012725/https://arxiv.org/abs/2205.07090))). Per the [CRAN logs](https://cranlogs.r-pkg.org/downloads/total/2022-05-10:2025-01-02/scoringutils) ([a](http://web.archive.org/web/20220603012812/https://cranlogs.r-pkg.org/downloads/total/2022-05-10:2025-01-02/scoringutils)) so far it's seeing a smallish to medium number of downloads (791 so far, and 151 in the last week). But once a library is well-engineered, I think it will tend to last. And it makes developments in other languages easier.
![](images/a021b9280ea6e599748f6145cf2f47a435012268.png)
Bayesian method (in bright blue and in shaded confidence intervals) beats previous method (in black) at predicting Marathon records (in red).
Jaime Sevilla and Jonathan Lindbloom publish some research on [Bayesian models of records](https://www.authorea.com/users/429500/articles/535592-a-bayesian-model-of-records) ([a](http://web.archive.org/web/20220529222525/https://www.authorea.com/users/429500/articles/535592-a-bayesian-model-of-records)) ([twitter summary](https://twitter.com/Jsevillamol/status/1531038943940059136) ([a](http://web.archive.org/web/20220529222538/https://twitter.com/Jsevillamol/status/1531038943940059136))), that is, on the maximums and minimums that a time series will take. I was expecting the approach to be based on having a large database of past records to create a prior. Instead, the authors model records as attempts drawn from the same distribution, which they model as uncertainty over a flat prior over [Weibull distributions](https://en.wikipedia.org/wiki/Weibull_distribution).
This approach might work for some problems, like Olympic records. But it would do less well over other problems where assuming identically distributed draws would not be a good assumption. For instance, Moore's law—or technological progress more generally—doesn't lend itself well to being modelled using this approach, because new approaches tend to build on top of previous approaches. The authors are planning to address this in future work.
![](images/d0fb1dc864cc1a90611d8673f1402c76f12d3958.png)
My colleague Sam Nolan looks at [Quantifying Uncertainty in GiveWell's GiveDirectly Cost-Effectiveness Analysis](https://observablehq.com/@hazelfire/givewells-givedirectly-cost-effectiveness-analysis) ([a](http://web.archive.org/web/20220529032327/https://observablehq.com/@hazelfire/givewells-givedirectly-cost-effectiveness-analysis)). He takes point estimates of impact by GiveDirectly, and transforms them into estimates using distributions.
Niplav looks at [range and forecasting accuracy](https://forum.effectivealtruism.org/posts/nfEWwLH8qSqNATxmr/range-and-forecasting-accuracy) ([a](http://web.archive.org/web/20220603102420/https://forum.effectivealtruism.org/posts/nfEWwLH8qSqNATxmr/range-and-forecasting-accuracy)). I reviewed a version of this post in a [previous newsletter](https://forum.effectivealtruism.org/posts/8nNuRG26Te6k8xJhF/forecasting-newsletter-march-2021#Recent_Blog_Posts). The new version has analysis in Python as well as some further analysis. I would recommend reading the results section at the top.
---
Note to the future: All links are added automatically to the Internet Archive, using this [tool](https://github.com/NunoSempere/longNowForMd) ([a](http://web.archive.org/web/20220408093057/https://github.com/NunoSempere/longNowForMd)). "(a)" for archived links was inspired by [Milan Griffes](https://www.flightfromperfection.com/) ([a](http://web.archive.org/web/20220521191212/https://www.flightfromperfection.com/)), [Andrew Zuckerman](https://www.andzuck.com/) ([a](http://web.archive.org/web/20220316214638/https://www.andzuck.com/)), and [Alexey Guzey](https://guzey.com/) ([a](http://web.archive.org/web/20220515072125/https://guzey.com/)).
---
> There are no stupid questions, but there are a lot of inquisitive idiots
— Unattributed

31
blog/2022/06/14/the-tragedy-of-calisto-and-melibea/index.md Normal file
View File

@ -0,0 +1,31 @@
The Tragedy of Calisto and Melibea
===
Enter CALISTO, a young nobleman who, in the course of his adventures, finds MELIBEA, a young noblewoman, and is bewitched by her appearance.
CALISTO: Your presence, Melibea, exceeds my 99.9% percentile prediction.
MELIBEA: How so, Calisto?
CALISTO: In that the grace of your form, its presentation and concealment, its motions and ornamentation are to me so unforeseen that they make me doubt my eyes, my sanity, and my forecasting prowess. In that if beauty was an alchemical substance, you would have four parts of it for every one part that all the other dames in the realm together have.
MELIBEA: But do go on Calisto, that your flattery is not altogether unpleasant to my ears.
CALISTO: I must not, for I am in an URGENT MISSION on which the fate of the kingdom rests. And yet, even with my utilitarian inclinations, I would grant you ANY BOON IN MY POWER for A KISS, even if my delay would marginally increase the risk to the realm.
Calisto then climbs up to Melibea's balcon and GETS A KISS. When going down, he LOOKS BACK at Melibea, slips, BREAKS HIS NECK, and DIES.
The END.
---
### Commentary
What you just read is a MODERN ADAPTATION of [La Celestina](https://en.wikipedia.org/wiki/La_Celestina), a novel/play written in 1499. In the original story, Calisto is indeed bewitched by Melibea's appearance after first seeing her, and does offer very over the top flattery. Some stuff happens in between, after which Calisto does die after falling of a ladder while visiting Melibea, following which Melibea kills herself.
I've stolen a sentence from [Groon the Walker](https://www.goodreads.com/book/show/36676220-the-erogamer): "the grace of your body, its presentation and concealment, its motions and ornamentation".
For other microfiction, see:
- [Forecasting Newsletter: April 2222](https://forecasting.substack.com/p/forecasting-newsletter-april-2222?s=r)
- It was a sunny winter night, and the utilitarians had [gathered in their optimal lair](https://forum.effectivealtruism.org/posts/K4FjWv2cqsKYCS3cQ/the-value-of-small-donations-from-a-longtermist-perspective?commentId=aQunjwfbWB2wCdsqu)

22
blog/2022/07/04/cancellation-insurance/index.md Normal file
View File

@ -0,0 +1,22 @@
Cancellation insurance
======================
I am up for offering some amount of insurance for being [cancelled](https://en.wikipedia.org/wiki/Cancel_culture), i.e., losing one's job due as a result of inane culture war fights[^1]. I think that this could be in expectation a mutualy beneficial tradeoff in the case where my counterparty is very risk averse[^2], and so is happy to pay for a healthy risk premium.
![](https://i.imgur.com/NdgBpXl.jpg)
The main problem I see with this is that insurance creates an incentive to be more cancellation-seeking. I think this can be mitigated by reducing the payout amount such that getting cancelled is still pretty bad. I think that right now, I'm comfortable offering cancellation insurance to the tune of $10k *on a handshake basis*[^3] for a $100 annual payment implying a 1% probability or a ≤1% risk premium.
This means that I can as of now only offer a small number of such insurances—because I would like to be able to pay them all if all the clients are cancelled, as might happen, e.g., because of selection effects or flawed estimation on my part.
Such cancellation insurance would also require a tight definition of cancellation, or otherwise some trustworthy resolution mechanism. A majority vote of three persons mutually trusted would suffice on my part, but scaling would require other mechanisms, like, perhaps, [kleros](https://kleros.io/).
If you are interested in this, [reach out](https://twitter.com/NunoSempere) and share your social media profiles so that I can try to assess your risk.
See also: [Will I be cancelled before 2025](https://manifold.markets/Nu%C3%B1oSempere/will-i-be-cancelled-by-2025).
[^1]: Or other such definition.
[^2]: Or, from my perspective, irrational. The Venn diagram of people who are irrational enough to be very risk averse but rational enough to buy cancellation insurance is probably pretty narrow.
[^3]: Meaning that I am not willing to escrow this amount, because I think I could get much more than 1% on e.g., prediction markets.

BIN
blog/2022/07/04/cancellation-insurance/stalin-edited.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 282 KiB

BIN
sitemap.gz
View File

Binary file not shown.

11
sitemap.txt
View File

@ -213,6 +213,17 @@ https://nunosempere.com/blog/2022/05/01/ea-forum-lowdown-april-2022/images/
https://nunosempere.com/blog/2022/05/10/
https://nunosempere.com/blog/2022/05/10/forecasting-newsletter-april-2022/
https://nunosempere.com/blog/2022/05/10/forecasting-newsletter-april-2022/images/
https://nunosempere.com/blog/2022/05/20/
https://nunosempere.com/blog/2022/05/20/infinite-ethics-101/
https://nunosempere.com/blog/2022/06/
https://nunosempere.com/blog/2022/06/03/
https://nunosempere.com/blog/2022/06/03/forecasting-newsletter-may-2022/
https://nunosempere.com/blog/2022/06/03/forecasting-newsletter-may-2022/images/
https://nunosempere.com/blog/2022/06/14/
https://nunosempere.com/blog/2022/06/14/the-tragedy-of-calisto-and-melibea/
https://nunosempere.com/blog/2022/07/
https://nunosempere.com/blog/2022/07/04/
https://nunosempere.com/blog/2022/07/04/cancellation-insurance/
https://nunosempere.com/changelog/
https://nunosempere.com/forecasting/
https://nunosempere.com/gossip/