=========================
 Kropotkin, Hobbes, XMPP
=========================

Kropotkin
=========

Planned to read some of the Kropotkin's works for a while, finally
reached his "Государство и его роль в истории" ("The State: Its
Historic Role"). A nice reading, where he praises the renaissance of
the 12th century, similarly to how Lenin praised the Paris Commune, as
an inspiration and an example. Reminiscent of both Lenin and Tolstoy,
though with certain differences.

Lenin went ahead to do some of the things attributed by Kropotkin to
tsars and suchlike, using the guise of "protecting the poor from the
rich", and the rest of the 20th century provided a good example
supporting Kropotkin's thesis about the futility of using a government
for good, but it is far from a proper study, since it is unknown how
it would have turned out if something closer to his views was
attempted.

Still unsure about anarchist views on defense: examples of free cities
only mention unions with others, and hiring of a military leader
temporarily. Then there were communist proposals for the Red Army, for
arming people and avoiding a police or a standing army, but that was
quickly replaced with a restored hierarchy and old officers, as well
as police, but with added mass conscription, violent suppression of
opposition, terror and repressions, often by VChK/OGPU/NKVD/KGB/FSB: a
worse organization than the ones they initially planned to
eliminate. Almost like the whole history of the USSR reflected in a
few years and a single area.


Hobbes
======

Slowly reading Hobbes's "Leviathan"; previously started and have not
finished it, but started anew this time, and will try to
finish. Interesting bits spotted so far:

- Speaks of subjectivity of good and evil, well before Nietzsche. Then
  about passions, with power being among them, and others working as
  means to attain it, with power being the primary motivation, also
  similarly to Nietzsche.

- Tries to systematize things like feelings and sciences, similarly to
  Plato and Aristotle, as well as to define many terms. Which looks
  like a good exercise, even if the definitions can be arguable, and
  not as precise as mathematical ones, while they are given in order
  to reason similarly to mathematical logic, precisely. Although
  perhaps it is a good enough and a reasonably practical approach.

- The reasoning seems to contradict the religious praise at times,
  which reminded me of Soviet literature attempting to bypass
  censorship by sprinkling such praise (but for the party, socialism,
  the USSR) around, to compensate for the contents contradicting
  it. Actually here is yet another connection to Nietzsche.


XMPP and the local mess
=======================

A local court ruling "fined" the XMPP Standards Foundation for
incompliance with a new local law intended to either ban or take over
information distribution systems. The XSF is not such a system, not
even formally here, but this is how the local laws and courts work
now. Websites of some FLOSS messaging software implementing open
standards are blocked already: those include conversations.im,
xabber.com, ngircd.barton.de, briarproject.org. As are some public
mail servers. And openstreetmap.org, along with everything else behind
Cloudflare.

I considered setting backup private XMPP and TURN servers, ways to
reduce single points of failure without introducing too many new
components, and preferably reducing the cost (e.g., considered using a
cheap VPS to get an external IP address, instead of paying a
residential ISP more for a static IP address alone). Also considered
using mobile Internet in some cases, due to wired ISPs' plans being
more expensive if you do not use much traffic. But the mobile Internet
shutdowns increased in frequency, and if the government will begin
blocking XMPP and Jingle based on DPI, such backup setups will be
useless. Which is actually something of a relief, since now I find it
less useful to worry about that added setup. Some people used to joke
about embracing degradation as the way to live here, while others
practiced it, and now it is increasingly encouraged, in various forms.

I do not make general life plans, economic planning horizon was
shortened due to the government activity, so now it is left to plan
for fixing of things as they break; yet even that is complicated by
unreliability of everything around. Probably I should not be surprised
if "the XMPP movement" will be declared an extremist organization, and
then I could be prosecuted as a participant; this is one more path
towards imprisonment.

Meantime, there is no shortage of the usual mass surveillance and
censorship developments unrelated to XMPP, which include requirements
for foreign citizens to either provide their biometrics or be
disconnected from mobile network services, and for mandatory
surveillance software on their smartphones. Reliance on (smart)phones
is increasingly hard to avoid, even without oppressive
laws. Additionally, there is a proposal to block phone calls from
foreign numbers by default, and another one to reintroduce actual
explicit and official censorship before publication, replacing
prosecution after a publication, so that authoring larger creative
works would be less dangerous. Plenty of news like those all the time
though.

While writing this, I peeked into the news, and found a bill to fine
citizens for searching for "extremist" materials (with "extremist"
potentially including all sorts of topics and organizations, companies
like Meta being declared extremist) and accessing them (with or
without blocking circumvention). Previously only sharing of
information was punishable (including that on VPNs or proxying
technologies, topics like LGBT, voluntary childlessness, suicide,
restricted drugs, not to mention politics and religions). Hosting of
censorship circumvention services is about to be made punishable,
too. The bill itself (755710-8) was about transportation originally,
but adding unrelated adjustments into old bills is how the local
parliament does it.

Some of the everyday life events are about as bleak. I had to make a
payment via the largest (and majority state-owned) local bank's
payment processor, which did not work (I observed a HTTP 404 error,
tried different devices and cards), so I paid in cash. But tried to
report the issue in writing, found no email address, failed to access
their chat (which suggests to install an untrusted X.509 root
certificate), then tried to report it over a phone call, made it past
an annoying bot, but the human did not recognize it as one of the
bank's services, so it will probably stay broken.

On the bright side, even away from the computer and the Internet I
notice unexpected bits of sanity and global connectivity around. Among
radio stations with propaganda or awful music, there are still decent
ones, with the playlist similar to that of radio stations elsewhere;
there are anti-war graffiti on walls; capybara toys in stores (rather
than anything militaristic), people listening (or watching) Schulmann
and Katz talks, youths wearing t-shirts I would expect to not be
favored by the government, people expressing disapproval of the
current policies, even non-tech-savvy people discussing ways to
circumvent censorship.

Occasionally I think of supporting or joining the Yabloko party
(describes itself as the only democratic party here, though has no
parliament seats), as a way to do at least something about all this,
but then it does not look like that would achieve anything beyond
possibly being prosecuted for that, if (or when) the party will be
declared "extremist" or "undesirable". Apparently their activity
consists mostly of hosting lectures and writing articles, sometimes
trying to get permissions for series of single-person protests, which
are refused with a reference to COVID restrictions, collecting
signatures for ignored petitions, and documenting repressions of party
members. But at least it is a local organization with legal activity
and commendable goals.

I think it is a common advice, and seems rather important, to not get
depressed while observing or experiencing all this, and to keep going
with your usual activities, as much as possible. Escaping it is
another strategy.


Work
====

After the odd security controls list, I have been asked to comment on
an even stranger FSTEC's list of "security threats", which looks like
a bizarre CWE database. There is no hierarchy or links to related
databases (like CAPEC), weaknesses (or threats) related to UEFI are
mixed with those related to supercomputers or grid systems, and with
those targeting office networks and workstations, with some aiming
regular servers among them. New terms are invented, old ones are
abused: "authentication" and "authorization" are mixed up,
"destructive" is used to mean "malicious", "discredit" is used instead
of both "attack" and "compromise", while "discredited" is used in
place of "vulnerable" (I wonder whether it is somehow related to
another unconventional understanding of that word, in the application
of the criminal code's article on discrediting of the army
usage). "Intermediate power states" in place of "power saving modes",
"violation of usage rules" in place of "vulnerability exploitation",
"transparent proxy server" in place of "regular proxy client". Yet it
resembles actual CWEs, not written by a clueless person from
scratch. Possibly a bad translation of existing CWEs picked at random,
like some of the local standards, or a product of editing, hurry, and
an awkward process.

A manager wants to check more boxes in the security controls list
(understandably, since we seem to be required to), which both helps to
promote actually useful measures, and leads to proposals for less
useful (and not quite applicable) ones. Annoyingly, the more important
and useful measures tend to be harder to implement: some require
downtime (which has to be planned beforehand), some require action
from others, who are busy with other tasks. Which makes sense, since
the easy ones were easy to implement even without this. But a pressure
to implement at least some of those measures, combined with resistance
to implement useful ones, may lead to working on the less useful ones,
and on general bookkeeping, taking the effort and time away from
pushing for (and working on) the more important ones, complicating
that even further.

I mostly advocate for database backups: I have set weekly full backups
and their copying to another server, which is better than nothing, but
a streaming replication would be better. Planned to set it a while
ago, was about to set back in 2023, but ran into a collation version
mismatch due to differing libc versions, on different Debian versions,
and difficulty of planning a system update to get matching versions
(since something may break during an update, and backups are not
valued sufficiently highly to justify it, until there is a need for
them, when it is too late to make them). Now noticed that PostgreSQL
17 has a built-in version of the C.UTF-8 locale: it is a generally
good locale with UTF-8 support, predictable and simple collation,
sensible formats; and it being built-in now helps to avoid the
aforementioned mismatches. Switched one smaller database cluster to
it, which is not used much, and tried WAL-based streaming replication
to a cluster on a different Debian version from it, which works
fine. Going to attempt doing that with the remaining clusters, if will
manage to get some downtime scheduled.


Other news
==========

- Noticed that Orgzly (an Android org-mode viewer and editor) supports
  synchronization over WebDAV, configured a WebDAV server with nginx
  (using its http_auth_basic, http_dav, http_dav_ext modules) for
  that. Then found Material Files in F-Droid repositories, a file
  manager with WebDAV (as well as FTP, SFTP, SMB) support, which also
  looks handy.

- Mostly ceased reading HN: in part because of the lack of time, in
  part because even the links and threads that do not look like they
  will be about LLMs, turn out to be about those, with the same
  chatter over and over again. I think it is even more annoying than
  the past hot topics such as Bitcoin, though the current ones tend to
  look more annoying, making them harder to compare.

- Briefly tried ikiwiki; it has surprisingly many optional
  dependencies (I thought it is supposed to be lightweight), while
  installing it with the --no-install-recommends APT option and a
  couple of modules required for basic functionality makes a wiki that
  seems too basic for most cases. I considered using it as a
  lightweight option for shared notes with casual computer and
  smartphone users, but perhaps will have to look for something
  else. Possibly Orgzly (and regular org-mode on my computer) will do.

- Sleep in the summer keeps being challenging, with all the varied
  noise sources at all times. One of those is new and fixable, but
  that adds to the list of chores.

- There is quite a heat wave here, with temperatures occasionally
  above 30 degrees Celsius and high humidity, making most activities
  less comfortable. I keep doing the daily cardio routines though, as
  well as other exercises. Sometimes slacking on some of the
  stretching routines, but also occasionally adding bench dips (with a
  bed instead of a bench). Considering getting a resistance band and
  trying out exercises with it: though generally avoiding equipment, a
  band might be an okay compromise, with it being fairly cheap and
  compact, yet apparently quite versatile.

- I have read a little about wood types recently. It is one of those
  topics that come up occasionally, especially when looking for
  furniture, but it is also easy to stay ignorant about. Though I
  forgot most of it already, but the key takeaways are to prefer
  hardwood for furniture, and perhaps to avoid wood veneer, preferring
  solid wood (since veneer comes with common issues of decorative
  elements: looking fake, even worse once it is worn out, and less
  suitable for repairs).

- I keep running into software projects aiming manual installation and
  updates. And they do not necessarily follow common standards and
  conventions. But it can be viewed as a reminder to be grateful to
  the many projects that do play reasonably nicely with the rest of
  the system, and to system maintainers who deal with this zoo,
  packaging many of those nicely, even when the upstream software
  itself does not help much.


----

:Date: 2025-07-16