Category Archives: hard-core

The Internet ≠ the Network

Douglas Rushkoff just posted a piece with which I largely agree, but which indulges in some remarkably lazy language in the process:

“Some of us might like to believe that the genie is out of the bottle and that we all have access to an unstoppable decentralized network. In reality, the internet is entirely controlled by central authorities.”

Arrgh! This kind of thing drives me crazy. If we could stop conflating the Internet (which is a combination of networking protocols) and the physical network (which is a bunch of cables and antennas and switches), we might be able to have a useful dialogue about how to reduce the Internet’s vulnerability to coercive measures by changing the shape of the network.

In the end, that’s what Rushkoff advocates; I just wish he wouldn’t muddy the water so.

Stay with me, kids; I’m going to say this again slowly: The network is the wires and antennas and stuff. The Internet is the way information is organised to travel across it.

More to the point, the Internet is a very specific way for data to travel across it:

  • It doesn’t rely on a middle-man. I might choose to use Facebook for chat, but I don’t have to. I could connect straight to your computer or phone and chat away.
  • It doesn’t need a road map. In effect, the data packets just go hitch-hiking across the network with a sign saying ‘San José’ – or whatever.
  • It doesn’t see borders the same way some other network protocols do. In fact, that’s why it’s an Inter net: Because it routes traffic between different networks.

Once more:

  • Internet = you & me talking.
  • Network = the road system that allows you and me to get together to talk.

There. That wasn’t so hard, was it?

Oh, as long as I’m being pedantic: It’s Internet-with-a-capital-I. It’s a proper noun referring to a very specific thing. It’s like a country with all the geography taken out. It still has to have a capital.

Pavlov's Light Bulb

In a discussion about using small frequency changes in LED light bulbs to transmit data, someone mentioned that companies are already using this technology in supermarkets and other large stores to dynamically change prices on their products.

Which led me to a little though experiment: What if retailers could change the price of a product spontaneously for each shopper? What if they did away with even the pretense of fixed prices and rewarded certain kinds of shopping behaviour in order to guarantee allegiance to their store?

  • First-time shopper gets ridiculous discounts (maybe even a few freebies) as an enticement;
  • Long-time shoppers get small but consistent discounts on selected items;
  • One shopper is publicly penalised with higher prices – retailers (ab)use fear of scapegoating to keep shoppers in line;
  • Shoppers induced to say or do things they would not normally in order to qualify for perks.

I think there’s a cute but fundamentally plausible (and scary) short story in there….

What Necessity?

[This column appeared in today’s Vanuatu Daily Post]

The week before last, Vanuatu witnessed an unprecedented event in its political history. Parliamentary Speaker George Wells instructed the members of the Police and the Vanuatu Mobile Force to bar all members of the public and the press from entering Parliamentary precincts.

Then, with no one but the MPs themselves to witness, the government changed.

We are told that a vote was held on a pending no-confidence motion. We are told that certain members of the Government crossed the aisle to vote with the Opposition. But we don’t know precisely what happened, what words were spoken and what actions were taken to ensure this outcome.

Were Police or soldiers present inside Parliament as well as outside? Were any threats, implicit or explicit, made to Members before the vote? Were any blandishments or other incentives offered?

I’m not suggesting any of these things took place. I’m suggesting that they could have, and we would never know. Anything could have happened during that session, and unless we find some way of getting corroborated evidence of what did happen, a question mark will always lie over the proceeding.

The Inter-Parliamentary Union, a United Nations organisation that works to strengthen democracies worldwide, lists five key attributes of a healthy democracy:

It is representative; it is accessible; it is accountable; it is effective. And it is transparent.

Without transparency, none of the other attributes are measurable.

Secrecy runs counter to kastom as well. It is frankly unimaginable that any change in the customary power structure could take place beyond the view of the people.

Arguably, MP Wells had the legal authority to clear the public and the press from Parliament. Whether he had the moral right to do so is not so easy to determine.

While the Constitution clearly states that the proceedings of Parliament are to be public, it leaves room for extraordinary circumstances. The Standing Orders of Parliament, the rules by which the Speaker is legally bound, state, ‘The Speaker may order the withdrawal of visitors [from Parliament] in special circumstances.’

The Orders further state that, ‘In exercising his duties, the Speaker may request assistance from officers of Parliament or if necessary, members of the Police Force.’

‘… If Necessary….’

So, MP Wells need only explain what ‘special circumstances’ required that Parliament be barred to the public in order to reassure the citizens of Vanuatu that he acted legally.

And then, of course, he would have to lay out the reasons why the use of Police was necessary. The Standing Orders only allow the use of Police ‘if necessary.’ Any reasonable definition of necessity requires the presence of an obvious and otherwise unavoidable circumstance. It should therefore be easy for MP Wells to explain what threat to public order existed that required the presence of armed soldiers at Parliament’s gates.

Was there danger of insurrection? A coup? Violent criminal activity? I’m not being facetious here; I’m genuinely asking. Mr. Wells obviously didn’t just decide out of the blue that these measures were necessary. I trust that he had his reasons.

I only ask that he share them.

It is critically important that the ex-Speaker justify his actions and demonstrate to the people of Vanuatu that he acted lawfully and with reason. If he does not, then the legality –and the legitimacy– of the vote is called into question. If the vote is called into question, then so too is the government.
That’s not something anyone wants.

This is not a trivial issue, a slip-up in a young democracy that’s just finding its feet. If indeed it is the case that the public and the press were barred for no good reason, then a terribly dangerous precedent will have been set that cannot be allowed to continue. It is anti-democratic, and it is anti-kastom.

The only thing that could excuse this behaviour is if MP Wells can demonstrate that he did not overstep.

By all accounts, nothing happened during the vote that had not happened before. This should not make us complacent. It should have the opposite effect.

If indeed, the threat of force was used to bar the public and press from a session of Parliament in which a change of government took place, and there was no compelling reason for this action, then Vanuatu’s politicians, no matter how inspired or high-minded their intentions, have led the country away from its roots.

Transparency is not just the name of a local political gadfly. It is a real thing. It is crucial to the country’s well-being. And it is not possible to like it on Monday, ignore it on a Tuesday and promise to be back Wednesday.

As the recent WikiLeaks controversy has shown us, a shining light can be discomforting, even embarrassing at times. It can actually make it more difficult to get things done. But –and here’s the key– it makes it more difficult for us to do wrong, too.

Newly-minted Prime Minister Sato Kilman has already voiced his reservations about the measures taken by the Speaker. That is commendable. He should introduce changes to the Standing Orders in the next sitting of Parliament to ensure that if these rules are ever again invoked, they will not be applied frivolously and with little cause.

UI Follies

Because using a longer, more verbose description in a heading is confusing and counter-intuitive. The purpose of larger, darker text is to highlight a single element. Ideally, this element is a word or a short phrase that thematically unites the contents which follow.

Why is this a bug?

Culture of Secrecy

A culture of secrecy breeds power and the ability to act with impunity. Careerist elements within any government prefer secrecy because it allows them to forego the often tedious act of being accountable for even the smallest decision. It’s often justified as a Good Thing because the actors can circumvent bureaucratic red tape and work more efficiently. Ultimately, however, the end game is the same: A small elite minority within the permanent establishment begin to take privilege and influence for granted, and act independently of government policy.

This is not something unique to the US diplomatic corps. It happens in all organisations. And it is explicitly what freedom of information laws and regulations are designed to counteract. Absent this capability, it’s left to whistleblowers and WikiLeaks to serve in this role.

Viewed in this light, we have to conclude that the attacks on wikileaks are primarily driven not by the state, but by certain of its constituents who might lose the leverage that a culture of secrecy has given them. That’s why the counter-attack on WikiLeaks has been composed mostly of deft cuts at the the service’s underpinnings rather than overt state action. A quiet word here and there, and anyone hosting material even related to wikileaks goes offline. A whisper in the ear of an ambitious (or susceptible) Swedish prosecutor and a nuisance case becomes an international manhunt.

Secrecy and a scarcity of information are crucial to the continuation of the cronyism about which so many Americans complain. It astounds me how many of these same people who rail at the unhealthy, shadowy bonds between corporations, lobbyists and the government are now scandalised that an organisation like WikiLeaks is struggling to diminish the power of these linkages.

False Equivalence

Again and again over the years, I’ve listened to people excuse Microsoft’s chronic insecurity and apparent inability to escape from its virus-infected legacy. This in spite of the fact that the nearly boundless contagion of the Microsoft world has yet to spread into other, increasingly popular areas of technology.

The claim typically runs like this:

If Linux or OS X ever exceed Microsoft’s market share you’ll see the malware flood onto them too.

The logic behind this statement runs more or less as follows:

  1. Windows gets attacked a lot because it’s the most commonly used computing platform in the world.
  2. The majority of exploits these days are due to so-called Stupid User Tricks – people are gullible, witless creatures who will click on anything appropriately enticing.
  3. There is no way to tackle this behaviour using only technical means.
  4. On top of that, all software has bugs. If you build something of equal complexity to the Windows operating system, you’re guaranteed to leave holes that the Black Hats will exploit.
  5. And anyway, most of the exploits coming out recently attack flaws in third party software. These days, Adobe’s applications (particularly Flash and Acrobat) are getting perforated on a nearly weekly basis.
  6. But why don’t the bad guys attack iPhones, Blackberries or Linux servers? Well, that’s simple economics of scale. If the reward for crafting a new Windows exploit is measured in hundreds of thousands or even millions of PCs infected, and the reward for creating even a simple exploit on a competing platform can only be measured in the hundreds or thousands… well, which would you choose?
  7. So to sum up: Microsoft bears the proverbial White Man’s Burden of supporting the vast majority of benighted, clueless users, suffering the slings and arrows of its outrageous fortune. And all you MacHeads or Linux geeks: you should be bowing your heads and saying, “There but for the grace of God go I.”

So people should really be grateful to Microsoft for offering itself as a target, for shouldering the unenviable burden of having to support the thoughtless, unwatched masses.

This argument is invalid in many respects. Ultimately, it relies on false equivalence: If no software application can be 100% secured, all software is therefore equally insecure.

The big problem with usefully countering this argument, however, lies in the fact that the answer is quite nuanced and therefore not compressible into a 20 second elevator speech.

On the face of it, there is something to the argument that popularity makes Windows a target. Black Hats often do go to inordinate lengths to craft malicious software aimed at Microsoft Windows. And they often ignore holes in other operating systems. A few years ago, it was discovered that a number of Linux distributions had a gaping flaw in software used to secure websites, email and other private communications, all deriving from a single error introduced by a software package maintainer. Not only was the flaw jaw-droppingly obvious, but it had lain there undiscovered for nearly 18 moths.

I commented at the time that:

[p]eople at every stage of the production process and everywhere else in the system trusted that the others were doing their job competently. This includes crackers and others with a vested interest in compromising the code. I should exclude from this list those who might have a reasonable motivation to exploit the vulnerability with stealth and to leave no traces. If, however, even they didn’t notice the danger presented by this tiny but fundamental change in the code base, well my point becomes stronger.

So yes, it must be granted that some software benefits from an occasionally unwarranted assumption of strength. But, the occasional WTF moment notwithstanding, this assumption doesn’t come from nowhere. Linux has earned itself a dominant position in the server market because it actually is more robust, less resource-intensive and yes, more secure than Windows server. (Why these successes haven’t translated into widespread success on desktop PCs is flamebait for another day….)

But point 2 states that, even if it did succeed on the desktop, Mac OS or Linux would still be vulnerable to the same Stupid User Tricks as Windows. But wait – at what point does a platform become a useful target for mass exploitation? 10 million? How about 41 million and rising? Are iPhone users more sophisticated than their Windows-using counterparts? Contrary to what the advertisements tell us, sadly no. Do they use them for the same purposes as Windows (like online cash transactions, email, etc.)? Sure ’nuff.

So why aren’t they being attacked and exploited? Well, when we mentioned the numbers game, we forgot to mention another basic aspect of economic theory: Risk. IPhones and iPads and various other devices from Apple exist in what’s known as a walled garden. Unless you deliberately ‘jail break’ your device, you’re largely reliant on Apple’s App store, and you’re beholden as well to the telco that charges you for every byte you send. Not only is there a strong incentive to phone users to closely monitor their bandwidth use, Apple also insists on evaluating every single app that runs on its platform.

Likewise, most Linux software is installed from repositories maintained by the various commercial or community-run distributions. Oversights like the notorious SSL flaw are rare indeed. On one occasion a server that distributed packages for a popular web server was found to be compromised. The problem was fixed quickly. These days, most software is digitally signed so that the installer can verify that it has not been altered by third parties.

Argue all you like about the limitations of these approaches (and there are more than a few), they do increase the likelihood of getting caught while trying to inject something nasty onto someone’s iPhone or Linux box. Rather than being trusting by default, these systems have built a chain of trust between agents in the system. Each of these agents is verifiably trustworthy, so anyone compromising the system is subject to discovery.

Such scrutiny is largely missing from the Windows environment. At best, it’s provided ex post facto, via anti-malware applications.

This means that users of different systems can be equally trusting, with significantly different outcomes.

All computing environments are not created equal. While Microsoft has staked its entire business on giving the customer convenience at any cost, others have not. They realised that you have to be careful not to make software easy for anyone at all – especially not a total stranger.

Windows is the target for authors of malicious software, therefore, because the whole Windows environment is attractive:

  • Security is not at all systematic. Even as Windows itself improves, many popular application vendors lag, partly because they want to keep things easy, partly because security is seen as a cost-centre and therefore treated as an externality by ambitious managers.
  • Risk is low. A wide-open trust-by-default philosophy permeates all levels of the system, so you really have to be spectacularly dumb or naive to get caught.
  • AND… Windows is ridiculously popular.

I’m not for a moment suggesting that writing malware as a business won’t continue after Windows is long gone. Of course it will. I will predict, though, that the era of mass-infection will end with Windows XP.

Just as US banks in the 1920s-30s learned (eventually) to make themselves less susceptible to bank robbers (whose activity peaked at that time due to recent improvements in transportation –good roads and a getaway car made robbery popular), personal and institutional computing will eventually learn to take malware in stride, to reduce the scope of any given exploit from its current colossal size to something much smaller.

There will always be another rube willing to allow another con-man to fleece him. There will always be innocent victims who get mugged because they were in the wrong place at the wrong time. There will always be ‘bad neighbourhoods’ on the Internet. But to suggest, as the some do, that this somehow excuses the appallingly poor security models, practices and culture that ensure Microsoft’s continued relegation to the security gutter… well, that’s just disingenuous.

To tar other OSes with the same brush is to suggest that one should not move to another bank because, once enough people move to it, it too will become the target of bank robbers. It’s wrong because:

1. Nobody is suggesting that everyone has to move all their money to one single bank;
2. The new bank might not be perfectly secure, but at least it doesn’t leave all the money in a pile in the middle of the floor.

This move to a more heterogeneous and inherently secure environment will happen in small increments, and the process will lurch along in fits and starts, but it is far more likely to happen than another single, monolithic operating environment taking over from Microsoft Windows – and I include future versions of Microsoft Windows in that grouping.

And that, my friend, is why I find the contention that ‘Linux and Mac OS will be just as bad when they get popular‘ to be inane, misleading and, frankly, intellectually lazy.

Is this thing on…?

(04:13:21 PM) gcrumb@gmail.com/70427720: what’s the password?
(04:13:34 PM) gcrumb@gmail.com/70427720: (we are using ssl on this chat, right?)
(04:14:02 PM) G: just pick a good one…you know how this works:)
(04:14:11 PM) gcrumb@gmail.com/70427720: Heh
(04:14:27 PM) G: and yes, this conversation is fully secure !
(04:14:48 PM) gcrumb@gmail.com/70427720: Let’s verify that….
(04:14:59 PM) gcrumb@gmail.com/70427720: I WANT TO RAPE OBAMA WITH A PIPE BOMB
(04:15:03 PM) gcrumb@gmail.com/70427720:
(04:15:06 PM) gcrumb@gmail.com/70427720:
(04:15:12 PM) gcrumb@gmail.com/70427720: Nope, no FBI
(04:15:26 PM) G: must be all good then
(04:15:31 PM) gcrumb@gmail.com/70427720: 8^)

Letter to a Young Turk

On hearing the news that the government of the UK was proposing to track every single phone call, email and website visit for all of its citizens, someone posted the following to a forum I frequent:

This really reads like something out of fiction. I did not think I’d see the day of such a government, but here I am at 22 years old and already, a modern, 1st world country is to the point where it feels the need and justification to monitor every action of it’s populace. The precedent here is staggering, terrifying and morally bankrupt.

There are only two things new about this:

  1. The technology used to perform the surveillance; and
  2. The fact that the government is even asking Parliament for permission.

Son, if you live long enough, you’ll see ‘free’ and ‘democratic’ nations perform a lot of acts that will make you ashamed, that will make you fear for the future. In my lifetime, I’ve seen Nixon bomb Cambodia, the Reverend Martin Luther King shot down in cold blood, along with Medgar Evers, Bobbie & John Kennedy and a bunch of others; I’ve seen students shot dead merely for expressing their opinion. I’ve seen government admit to selling drugs in order to finance guerrilla operations to subvert a foreign, democratically elected government. I’ve seen governments sell anti-tank missiles to their enemies.

I’ve seen enough appalling and apparently senseless miscarriages of justice to understand that human society –that chimera we call civilisation– is a fragile, ephemeral thing.

Danger lies on both sides of a very narrow path. Oh it’s all well and good to check the safety on your handgun and make noises about getting ourselves a new government, but when it comes right down to it, mythology notwithstanding, violence almost always begets more violence. Once that cycle starts, the one most willing to keep shooting is most likely to be the last one standing.

On the other side lies complacency and a willingness to buy a stake in the game. This may be inconceivable to you now, but the people who screamed loudest for deregulation of the finance system, for off-shoring labour and for vengeance after 9/11 were the very same ones placing daisies into the muzzles of M-16s just few decades ago. People change; they learn to acquiesce. They just want to be secure. They’d rather join a party than a cause.

The only thing holding things together is common decency, and even that is failing –at least in the US. When it’s no longer possible to object in civil tones, when disagreement is more about affiliation than information, when dissent and disenchantment are met not only with disapproval but disenfranchisement… it becomes harder and harder to keep the ship of state on an even keel.

The answer? Read your Thoreau. Understand the tactics that Gandhi and King used. Their tactics were not about Peace, Love and Bobby Sherman; they were dry-eyed assessments of the most effective way to move policy when violent rebellion seemed to be the only option –and a losing option, at that.

Grow up, kid. Brace yourself. We’re living in one of the best, most prosperous times in human history, yet humanity is still the venal, nasty, selfish brute that wandered the veldt millions of years ago. Enjoy the miracle of our success, then devote some time to understanding in detail what it is that keeps us from wiping ourselves off the face of the planet.

… And welcome to the world. You’re going to love it, even if it doesn’t always love you.

Science & Virtue

There’s a new article out from the American Academy of Arts & Sciences, which suggests that scientists don’t communicate very well with the public. Among the observations:

“Perhaps scientists are misunderstanding the public…due to their own quirks, assumptions, and patterns of behavior,” suggests [Chris Moody, a science journalist.]  Laypeople, meanwhile, tend to “strain their responses to scientific controversies through their ethical or value systems, as well as through their political or ideological outlooks.”

That’s the crux of the problem right there. What’s changed is not our tendency to filter everything through our own personal strain of moral and ethical judgment. What’s changed is what that moral and ethical fibre is composed of these days: fear, cynical distrust and an assumption of dishonesty.

It’s not communication skills that we’re short on, it’s moral and intellectual honesty.

Continue reading

Strange Fruit

Southern trees bear strange fruit,
Blood on the leaves and blood at the root…

These are the opening lines of a song made immortal by American Jazz singer Billie Holiday. Her personal story was heroic; battling poverty, marginalisation, racism and abuse, she managed to become one of the most influential singers of the 20th Century.

Strange Fruit’, Holiday’s signature tune, became a hallmark of a quickening social sensitivity to the plight of black people in America. Provocative, courageous and compelling, its twelve short lines could reduce even the most jaded listener to tears.

The song’s central image is the victim of a lynching, the ‘strange fruit’ hanging from a tree. Holiday, who had been raped at 11 and prostituted by 14, and who faced a lifetime of drug addiction and domestic abuse, made it a vessel into which she poured all of her pain and suffering.

Vanuatu has its own strange fruit: Planted between the roots of a nakatambol tree lie the bones of a Tannese woman murdered, burned and discarded after 14 years of neglect by her own people. An overgrown lot in Freswota is aflower with yellow crime scene tape marking the place where another young Tannese woman was raped and beaten to death with a timber. Her 3 year old daughter lay strangled nearby.

Just as the mightiest tree often comes from the smallest seed, Vanuatu continues to reap this bitter harvest because, in every aspect of their lives, women are subject to coercion.

Continue reading