Category: Daily Events

This just in: You create your own reality!

When proponents of pseudoscience talk amongst each other, any doubts about the validity of their claims hardly ever arise. When two pseudoscientists have roughly the same beliefs, they will never question one another, and no attempt to verify their claims will be made. It’s assumed, as a given, that what they believe is real and true.

It’s only when pseudoscientists are confronted by skeptics that they try to cobble together actual pet theories of how their claims can be justified. These theories are usually ad hoc (as in, invented right on the spot), just to get the skeptic off the pseudoscientist’s back. There are, however, certain theories that seem to permeate the pseudoscientific community, and are used universally for all brands of quackery.

One of my favorites is the argument that each of us “creates our own reality.” And that’s not in the weak sense of “our life is what we make of it,” with which I completely agree. It’s in the strong sense that physical reality actually bends to our will in real time! This is reminiscent of the philosophy of solipsism, where all of reality is in the mind of the observer. The pseudoscientists, however, dress up the argument in the usual array of loosely-knit scientific terms hijacked from quantum mechanics, such as taking the idea of quantum entanglement to mean that “everything is connected,” among other nonsense.

To the untrained skeptic, this might seem like a powerful argument. And it is, in most cases, a debate-stopper. I mean, if we all create our own reality, then surely we can create whatever physical laws we like! Skeptics create realities of strict, unchanging physics and lead boring and unfulfilled lives, while pseudoscientists create realities where “anything is possible.” Or so the argument goes. This argument, however, is a debate-stopper for the wrong reason: not because it’s so airtight that it checkmates the skeptical opponent, but because it’s so devoid of meaning that no further discussion can logically continue.

Because of this, the “argument” serves as the foundation for the most weasely excuses for why a quack treatment won’t work on skeptics:

  • My treatment won’t work on you because you created a reality that stops it from working!
  • You have to want the treatment to work. You must open your mind to it.
  • Your skeptical presence in the room will stop the treatment from working.
  • The outcome of the test will be whatever you believe it should be. Your presence will skew the results in your favor.

Poverty of the argument

My contention is that the idea that “we create our own reality” is an empty philosophy, a cowardly withdrawal from reason. It’s intellectually lazy, and ultimately useless as a means of understanding our existence. Allow me to illustrate how I arrived at this with a series of observations and rhetorical questions.

  • If we create our own reality, then why don’t we have intimate knowledge of its innermost workings? For instance, why isn’t everyone endowed with instinctual knowledge of physics? And I don’t mean Newtonian physics, or even quantum physics, but the “true” physics that governs all the fundamental forces and encompasses what quantum mechanics and general relativity only approximate? If we are the architects of our world, surely we should know how it works!
  • On a related note, how is it possible that so many discoveries about our world have been totally counterintuitive, like the roundness of the Earth, heliocentricity, or the curvature of spacetime? If we are the ones who create our world, it would stand to reason that our intuition should naturally guide us towards understanding its nature. And yet, from the most profound breakthroughs in our history, we’ve observed the exact opposite.
  • Taking the above points a bit further, how can there be anything in the world that is “unknown” to me? That is, why am I not omniscient with respect to my reality, since it’s all my creation? For example, how can I be surprised when I taste a certain food for the first time? Why am I awed when I walk into a cathedral I’ve never visited before?
  • If I create my own reality, why are there people in the world who are better than me at various activities? For example, if I pick up and start reading Andrew Wiles’s proof of Fermat’s Last Theorem, there’s a good chance that I won’t understand a word of it. But why is that? If Andrew Wiles and his proof are products of my imagination, then why can’t I understand the proof that my imagination created?

    Because you wanted to create a proof that you couldn’t understand.

    No, I didn’t! Being a world-renowned mathematician was one of my earliest dreams. So why hasn’t that reality been realized?

    Because you created a reality wherein you have to learn and grow in order to understand it.

    If this is the case, then the whole argument becomes an easy candidate for Occam’s Razor. Why would I voluntarily limit my understanding of reality, and then spend my life attempting to rediscover this understanding, while never quite approaching the level of understanding I must have had in order to create reality in the first place?

  • If our understanding of reality is deliberately limited, then attempting to expand our understanding of it would ultimately require cautious use of the scientific method, which is precisely what we do in understanding the real world! It should be apparent that this argument eventually achieves a one-to-one correspondence with plain old realism, albeit in a roundabout way that has emotional appeal for those unwilling to face realism head on.
  • Why is the reality we create imperfect? This boils down to the Problem of Evil, which is ever so inconvenient for believers in omnipotent, benevolent gods. When someone uses the argument that “you create your own reality”, they’re essentially transferring the burden of the problem from God to “you,” since you now become the god of your reality.

    So then why do I, as a god, create a reality that is not perfect? At what point did I decide to create a reality where I’m a common citizen who has to work for a living and deal with the everyday problems of middle-class life? When did I decide to give HIV to a quarter of the population in Africa? And when did I decide to create a vast number of people who delude themselves with imaginary realities and magical thinking, and kill each other over whose beliefs are holier? None of the above creations are things that I ever wanted. And yet they exist.

  • If we create our own reality, then why is reality so difficult to alter? Specifically, why doesn’t reality automatically bend to our will, like the pseudoscientists say it should? If the state of reality is guided by our deepest desires, why doesn’t reality rebuild itself according to what we want at any given time? It seems like the only way to make actual changes to our reality is by doing physical work, or paying someone to do it for us. It almost seems like we have no cognitive control over external elements in our reality!

    • I could go on, but the conclusion will remain the same. No matter how we approach this argument, like any other pseudoscience, it will eventually reduce to absurdity. So, please, next time you hear this nugget of pseudo-reasoning, recognize it for the intellectual poverty it represents, and challenge the speaker with a much-needed dose of skepticism.

Reviving the Veo Observer

Recently I came across an old Veo Observer camera. I remember the Veo cameras as being refreshingly easy to use, and quite inexpensive for all the functionality you get.

This camera seemed to power up normally, and acquired an IP address as expected. However, when I logged on to the camera with a web browser, all it gave was a “404 Not Found” error. Also, when I tried to use the Veo Observer Studio software from the CD that supposedly came with the camera, the software said that there was a “Protocol Version Error.”

This led me to believe that someone may have tried to upgrade the firmware in the camera, and either disconnected before completing the upgrade, or loaded the wrong firmware. So all I had to do was find the correct firmware, as well as the correct utility for loading it onto the camera. This turned out to be a lot more difficult than I thought. The manufacturer (Veo) no longer exists, and all I could find on the Web were complaints from users who are just as SOL as I was. Fortunately, I stumbled on an obscure website that turned out to contain a repository of old device drivers, one of which happened to be the Veo Setup Utility and the Veo firmware. I was then able to load the firmware successfully, and then log on to the camera and see the video stream from it. I’ve decided to host the Veo Setup Utility and the latest firmware here on my website, in case someone else comes across the same problems.

During my search for Veo software, I also found that someone has written a clever Perl module for communicating with the camera (making it usable from virtually any OS), and another person has written Java code for it, too. This inspired me to make a quick-and-dirty C++ application based on the Perl code. My little program controls pretty much all the features of the Veo observer, and displays the image stream from the camera.

Download the program here.

The Growing Importance of Strong Passwords

I received a call today from the Fraud Prevention service of my credit card company, saying that “someone” called in to Customer Service, posing as me, and attempted to gather information about my account. This person had my credit card number, but failed to get past the additional security questions asked by the support staff. The support staff then promptly called me, and asked if it was I who tried to call in to Customer Service. The moment I said “no,” the operator told me that my account will be immediately deactivated to prevent any fraudulent charges, and that a new credit card would be mailed to me within 5 business days.

Despite the inconvenience of having my credit card account shut down, and being issued a new card, I applaud the support staff for taking their users’ security so seriously. But this incident also got me thinking about the current level of security used by online retailers, as well as online banking and credit card websites. After all, how exactly did a would-be identity thief get a hold of my credit card number? All of my online purchases are through very reputable stores like Amazon and Newegg. All the items I purchase are completely legal — i.e. no kinky horse-on-girl porn from shady Russian websites. All of my transactions are over SSL, and I’m quite sure that I don’t have a keylogger installed on my system.

This leads to one of the following conclusions, arranged from least to most likely:

  • Someone cracked my SSL session with an online retailer. This is astronomically unlikely, but still possible.
  • Someone hacked one of the online retailer’s servers, and retrieved the raw database of credit card numbers for thousands of customers.
  • Someone hacked one of the company’s servers, and retrieved password hashes for thousands of users, and decoded the passwords at his/her own leisure. If the hacker is an employee of the company, no hacking would even be necessary. The database would be readily available for copying and selling to the black market.

As the incredibly eye-opening Ophcrack project has shown, old-style passwords are no longer safe (i.e. passwords shorter than 15 characters, consisting only of letters and numbers). Any Windows system administrator who hasn’t disabled LM Hashes has been living in a cave, and any Linux administrator who isn’t using shadow passwords is almost equally neglectful. And of course, any administrator or developer who stores users’ passwords in plain-text format should be fired on the spot, and have the infraction recorded as a felony in his criminal record.

The point is, many forms of identity theft can be prevented by using strong passwords — that is, passwords that are generously long (15 or more characters), that contain uppercase and lowercase letters, numbers, and special characters like $, %, &, space, and maybe even exténdeð­ characters, or even Unicode!

The question is, are online retailers and banking websites “ready” for strong passwords?

No!

At least that’s the short answer. As an example, let’s take a look at what happened when I tried to change my password on my banking website, which happens to be Huntington. I typed in a strong password with letters, numbers, and special characters, and this is what I got:
I beg your pardon?! Of all the websites in the world, banking sites should be the most secure by definition. And yet, here we are with Huntington’s website telling us to limit our password to 16 characters, and not use any special characters!

In Huntington’s defense, they do provide an additional level of security by asking a secret question (in addition to the password), if a user logs in from a different IP.

I can understand enforcing minimum requirements for password strength, which Huntington does, but setting limitations on password strength? What gives?

Let’s move on to my credit card website, which is Chase. Attempting to change my password there, I get the following:
Again, they tell us not to use special characters, and to limit the length of our password. Even though the length limitation here is 32 characters, my question is why is there a length limitation? And why can’t special characters be used?

If the excuse is that the underlying software that runs the website doesn’t support passwords with special characters, then the software is in serious need of revision. The password hashing algorithm should not care about what characters are passed into it.

I’m a big fan of passphrases, too — that is, passwords like “How many licks does it take?” or “Density = Mass/Volume” or “E = m*c^2”, all of which are much stronger than passwords of equal length with just letters and numbers. But, since these websites don’t allow passphrases, I’m forced to come up with a weaker password that fits all their guidelines and restrictions. Even worse, since each website may have slightly different restrictions on passwords, I’m forced to come up with a least-common-denominator password if I want to use one password for multiple sites.

With this kind of “password mess” on the most secure internet websites, it’s no wonder ordinary users become confused about what kind of passwords they are and aren’t allowed to use, and default to using common, easy-to-remember passwords that are just waiting to be cracked by malicious individuals.

The philanthropist

Just received this e-mail:

I wish to notify you that your name appeared in the codicil and last statement of your deceased relation, and you entitled to his fund of US$19,900,000.00 deposited with a bank here in Nigeria. I will advise you about the steps on how to redeem the inheritance funds from the bank.
Reply to me on time because the bank is waiting for you to show up and claim the funds.

Regards,
Barrister David Mark.
Legal Head, Wester and Co. Chambers.
14 board way Victoria Island, Lagos.

And my response:

Dear Barrister Mark,

Thank you for notifying me of the funds bestowed unto me by my late “relation.” As you know, my Nigerian heritage is very important to me, and I am pleased that my relation chose you to handle his will.

Fortunately I have a very simple resolution for this situation:
I hereby authorize you to donate the entire sum of my inheritance to a charity that helps fight the AIDS epidemic in your country of Nigeria and its neighbors. I will leave the choice of charity up to you — we’re all in this together. Naturally, you may withdraw any amount you see fit from this fund to pay for your legal fees. I have the utmost confidence that you will be fair and just in handling this money.

Once again, sir, I am in great debt to you for bringing this to my attention.
Best regards,

Dmitry Brant

More Modding of the RAZR V3xx

The quick-start guide that I gave two days ago is hereby out of date!

On another Motorola hacking website, modmymoto.com, I found a vastly superior program called P2KTools. This utility allows you to access absolutely everything the phone can possibly support. It even lets you switch communications between P2K, AT, and Flash mode.

Best of all, P2KTools doesn’t require PST Phone Programmer to operate. Apparently, PST is a proprietary Motorola application, and is illegal for distribution to the public. The good folks at hacktherazr.com fail to mention this clearly (naughty!).

When downloading P2KTools from modmymoto.com, make sure you get the latest version, which is 3.0.8 at this time. For some reason they have multiple earlier versions also available in their Downloads section. Are they trying to confuse people?

Once again, to communicate properly with the RAZR V3xx, go into the program’s Settings, and check the “P2K05” check box under “P2K Settings.” As we learned earlier, the V3xx only supports the newer P2K05 command set, and will not work with the regular P2K commands.