The End of the Internet Dream? Ever since Congress passed Al Gore's bill, around 1990, setting the Internet free to pervade the world and empower billions, repressive governments have complained, seeing their despotic methods undermined. And yes, democratic governments have often muttered: "Why'd we go and do that?" as their citizens became increasingly rambunctious, knowing and independent-minded!
As we'll see below, the ruling classes in undemocratic lands have been striving to adapt, and showing real signs of success. So frets Jennifer Granick who was keynote speaker at Black Hat 2015 – a hacker’s conference. “In 20 years, the Web might complete its shift from liberator to oppressor. It’s up to us to prevent that.”
As we'll see below, the ruling classes in undemocratic lands have been striving to adapt, and showing real signs of success. So frets Jennifer Granick who was keynote speaker at Black Hat 2015 – a hacker’s conference. “In 20 years, the Web might complete its shift from liberator to oppressor. It’s up to us to prevent that.”
Amen, as far as that goes. I am motivated by the same dream – a mostly-open world, in which most people know most of what’s going on, most of the time, so that light can serve as the great disinfectant of oppression and error. That is the core message of The Transparent Society.
We share the same fear, that elites of one kind or another – governmental, commercial, aristocratic, criminal, international or technological… even AI – might find ways to consolidate or monopolize light, and thus power, returning us to the pyramidal hierarchies that so utterly failed to deliver for our ancestors, providing pain and injustice, never prosperity or freedom or joy.
We share the same fear, that elites of one kind or another – governmental, commercial, aristocratic, criminal, international or technological… even AI – might find ways to consolidate or monopolize light, and thus power, returning us to the pyramidal hierarchies that so utterly failed to deliver for our ancestors, providing pain and injustice, never prosperity or freedom or joy.
Ms Granick focused her speech on legal matters in the West, especially the U.S., as was fitting and proper, given her background as an attorney in some of the most important online-rights cases of the last 20 years. Her speech is educational and I urge you to read it.
She is especially incisive about our need to let private parties explore and tinker with proprietary company software that comes in the products we all buy. How else are terrible errors to be discovered and corrections offered before inadvertent errors bring calamity? “Without the Freedom to Tinker, the right to reverse engineer these products, we will be living in a world of opaque black boxes. We don’t know what they do, and you’ll be punished for peeking inside.”
Granick cites a recent book on the subject: “In a Black Box Society, how can we ensure that the outcome is in the public interest? The first step is obviously transparency, but our ability to understand is limited by current law and also by the limits of our human intelligence. The companies that make these products might not necessarily know how their product works either. Without adequate information, how can we democratically influence or oversee these decisions? We are going to have to learn how, or live in a society that is less fair and less free.”
Ironically, the Obama Administration just addressed this issue:
"U.S. regulators announced new exemptions to a provision of the Digital Millennium Copyright Act (DMCA) that will make it possible for nerds to tinker with cars and gadgets without breaking copyright laws." The Electronic Frontier Foundation called the move a big victory for fair use.
This is, in fact, huge, and I will have more on it, soon. It means we have a right to scrutinize, as consumers and citizens, the algorithms and programs that will increasingly control every aspect of our lives.
(Take the latest example -- a ludicrously simple way to hack into a number of the boot processes used to a large extent by Linux distributions, but also potentially even more general: Just tap the backspace key 28 times in a row. A stunningly awful backdoor, especially given the US defense equipment is often Linux-based, under the notion that most bugs -- like this one -- get discovered by open-source methods. Note that some basic BIOS and Grub precautions can prevent this. Alas, you must be savvy-nerdy to get it just right, but see Comments, below.))
"U.S. regulators announced new exemptions to a provision of the Digital Millennium Copyright Act (DMCA) that will make it possible for nerds to tinker with cars and gadgets without breaking copyright laws." The Electronic Frontier Foundation called the move a big victory for fair use.
This is, in fact, huge, and I will have more on it, soon. It means we have a right to scrutinize, as consumers and citizens, the algorithms and programs that will increasingly control every aspect of our lives.
(Take the latest example -- a ludicrously simple way to hack into a number of the boot processes used to a large extent by Linux distributions, but also potentially even more general: Just tap the backspace key 28 times in a row. A stunningly awful backdoor, especially given the US defense equipment is often Linux-based, under the notion that most bugs -- like this one -- get discovered by open-source methods. Note that some basic BIOS and Grub precautions can prevent this. Alas, you must be savvy-nerdy to get it just right, but see Comments, below.))
The Administration's support of this shift to support of Open Source and personal access to our own purchases is just as important as when, two years ago, they declared decisively that we have a right to record our interactions with police. While one might have hoped for a a more full-throated and less tentative (three year) ruling -- and we must fight on -- you would not get this under any GOP president. Period.
== The Enemies of Openness are cranking up ==
Lest there be any doubt, I am fretful about the same trends that worry Granick and the EFF and other web-liberties activists. Take for example China, which we now know to have about 668 million web users. Google and Facebook would love to operate in China. But China's all-powerful Internet czar, Lu Wei (Minister of Cyberspace Administration) represents a wholly different fundamental ethos of how human beings can and should oiperate in relation to their states. One that, for centuries, has empowered state authorities to rule on behalf of the people. Chinese President Xi Jinping told the World Internet Conference in Wuzhen this week that "freedom and order are both necessary in cyberspace."
"We do not welcome those who make money off China even as they slander China's people," Lu has said. "These kinds of websites I definitely will not allow in my house." That he believes such a comment is somehow meritorious indicates that we are still revolutionaries against a way of thinking that enslaved nearly all our ancestors.
Political leaders in the West, like Hillary Clinton, have said in the past that they want an open house. "Countries that restrict free access to information or violate the basic rights of Internet users risk walling themselves off from the progress of the next century," she said when U.S. Secretary of State.
Yet, authors like Ms. Granick have a well-justified -- if very western -- reflex to see plots against such freedom looming in all directions. Even those that deem themselves to be protectors of liberty.
Is that reflex wrong? Of course not! I share it. But, as we'll see, she and a vast majority of would be civil liberties defenders get it all wrong, when it comes to how.
== The Enemies of Openness are cranking up ==
Lest there be any doubt, I am fretful about the same trends that worry Granick and the EFF and other web-liberties activists. Take for example China, which we now know to have about 668 million web users. Google and Facebook would love to operate in China. But China's all-powerful Internet czar, Lu Wei (Minister of Cyberspace Administration) represents a wholly different fundamental ethos of how human beings can and should oiperate in relation to their states. One that, for centuries, has empowered state authorities to rule on behalf of the people. Chinese President Xi Jinping told the World Internet Conference in Wuzhen this week that "freedom and order are both necessary in cyberspace."
"We do not welcome those who make money off China even as they slander China's people," Lu has said. "These kinds of websites I definitely will not allow in my house." That he believes such a comment is somehow meritorious indicates that we are still revolutionaries against a way of thinking that enslaved nearly all our ancestors.
Political leaders in the West, like Hillary Clinton, have said in the past that they want an open house. "Countries that restrict free access to information or violate the basic rights of Internet users risk walling themselves off from the progress of the next century," she said when U.S. Secretary of State.
Yet, authors like Ms. Granick have a well-justified -- if very western -- reflex to see plots against such freedom looming in all directions. Even those that deem themselves to be protectors of liberty.
Is that reflex wrong? Of course not! I share it. But, as we'll see, she and a vast majority of would be civil liberties defenders get it all wrong, when it comes to how.
== More warnings... without any useful guidance ==
Ms. Granick then goes on to discuss where even worse dangers lie: “Globalization means more governments are getting into the Internet regulation mix. They want to both protect and to regulate their citizens. And remember, the next billion Internet users are going to come from countries without a First Amendment, without a Bill of Rights, maybe even without due process or the rule of law. So these limitations won’t necessarily be informed by what we in the U.S. consider basic civil liberties.”
Nice, words or warning. Alas, without a scintilla of suggestion how to respond to the volcanic determination of undemocratic nations to use the Internet as a vehicle of public control. We need democratic governments to be fiercely assertive in this matter, assisting those companies who are about to offer end-run technologies like new satellite systems that could let oppressed populations bypass state control.
The ironies in that sentence are profound. Granick does not deal with them, because it would entail viewing our own government as having a white hat role to play. Something difficult for her adversarial reflexes to grok.
The ironies in that sentence are profound. Granick does not deal with them, because it would entail viewing our own government as having a white hat role to play. Something difficult for her adversarial reflexes to grok.
Alas, things get less cogent when she discusses emails and the 4th Amendment, hailing a court decision that puts emails under that protection, while ignoring the fact that technology moves on and is more powerful than even law. And while such protections are, indeed, meaningful over the short term, they simply will not stand up to tech&time. (Show me a secret corner of the web that has ever been reliably and uniformly secure? Ever. Even one.) Indeed, the 2013 lesson was that hiding is futile...
...and that our militance should be focused instead on stripping shadows and shrouds away from the world’s elites. That can work. Ah, but try to follow this logic:
...and that our militance should be focused instead on stripping shadows and shrouds away from the world’s elites. That can work. Ah, but try to follow this logic:
“Surveillance couldn’t get much worse, but in the next 20 years, it actually will. Now we have networked devices, the so-called Internet of Things, that will keep track of our home heating, and how much food we take out of our refrigerator, and our exercise, sleep, heartbeat, and more. These things are taking our off-line physical lives and making them digital and networked, in other words, surveillable.
“To have any hope of attaining the Dream of Internet Freedom, we have to implement legal reforms to stop suspicion-less spying. We have to protect email and our physical location from warrantless searches. We have to stop overriding the few privacy laws we have to gain with a false sense of online security. We have to utterly reject secret surveillance laws, if only because secret law is an abomination in a democracy.”
== What? But… but you just said, just one paragraph earlier…. ==
In the end, for all her cogency and passion and determination to protect freedom and justice and all good things,Granick falls for the same zero sum thinking that dominates the Age of Sanctimony.
That we must choose between safety and freedom, between security and liberty, between a skilled caste of civil-servant protectors and a citizenry that can go about their lives unhampered and unafraid.
This fundamental flaw – zero sum thinking – will undermine and demolish everything Ms. Granick claims to stand for. As I showed in The Transparent Society – especially on the creepy-prescient page 206 – any future calamity will cause a panicked public to ratchet back any and every restriction that you now place on those protectors’ power to surveil. Notice how Edward Snowden has faded from view and conversation, in the wake of recent terror incidents? The Ratchet-Effect is very real, predictable, and it is just plain dumb to oppose it head-on, like an indignant sumo wrestler confronting a train.
You are erecting safety barriers made of smoke. Just smoke.
That we must choose between safety and freedom, between security and liberty, between a skilled caste of civil-servant protectors and a citizenry that can go about their lives unhampered and unafraid.
This fundamental flaw – zero sum thinking – will undermine and demolish everything Ms. Granick claims to stand for. As I showed in The Transparent Society – especially on the creepy-prescient page 206 – any future calamity will cause a panicked public to ratchet back any and every restriction that you now place on those protectors’ power to surveil. Notice how Edward Snowden has faded from view and conversation, in the wake of recent terror incidents? The Ratchet-Effect is very real, predictable, and it is just plain dumb to oppose it head-on, like an indignant sumo wrestler confronting a train.
You are erecting safety barriers made of smoke. Just smoke.
There is a way to aggressively and assertively protect freedom, with the equivalent of Judo. It can be done by putting choke chains not so much on what any caste of elites – from government protectors to corporations to foreign rulers can see as on what they can do to us. And the best way to stop them from doing bad things is to see them.
History supports that method. It has already proved vastly more effective than hiding… which is (make no mistake) the prescription of most activists, from Edward Snowden on down the line... and which is cowardly, in any event.
History supports that method. It has already proved vastly more effective than hiding… which is (make no mistake) the prescription of most activists, from Edward Snowden on down the line... and which is cowardly, in any event.
In fact though, Ms. Granick shows her own depth -- or lack of it -- when she openly avows that she no longer blogs, but only posts on Facebook. Enough said.
== Transparency-related Miscellany ==
See 2,600 years of Western culture spread across the map in five minutes – a stunning visualisation of historical trends.
Eeep! A perfect example of why locks are not our best safety measure. “If you have sensitive keys—say, a set of master keys that can open locks you’ve asked millions of Americans to use — don’t post pictures of them on the Internet.”
The U.S. wants access to anyone's email on earth and Microsoft is fighting back. Seeking to read a suspect’s emails in a drug case, the U.S. government served Microsoft with a warrant in December of 2013, requesting the company provide information including the content of emails of an Outlook.com user. Microsoft refused to comply, arguing that the data in question is stored only on servers in Ireland, and that the US government should go through Irish authorities, before going to Microsoft, to get it. Microsoft has been using such tactics to dig in its heels over access to users’ emails. The government has argued that US law, specifically the Stored Communications Act, which is part of the oft-malignedElectronic Communications Privacy Act (ECPA) passed in 1986, compels American companies to disclose data under their control, regardless of where the data is actually stored.
Brin’s Corollary to Moore’s Law: The cameras get smaller, faster, cheaper, better and more mobile every year, at a rate much faster than ML. Add better-distributed, as minority groups start arming themselves with the true Great Equalizer. And now… smarter. “In an era where artificial intelligence is beginning to converge with surveillance—in the wake of the Boston bombings, for instance, the BPD is reportedly experimenting with artificially intelligent mass surveillance.” “They call it their “sentient surveillance camera.”
Shades of Person of Interest? The only surprising thing about all this is that anyone finds any of it surprising.
That animated map of migration was very interesting to watch, but it suffers from a blindness common to historical evaluations: it is based entirely on written records, which record where famous people were born, lived and died. Being limited in this way, it is missing a whole lot of information. An overall view based on birth records and burial data would have been more useful, though reliable birth records are not available everywhere and everywhen. Cemetery data is generally better, though few headstones record place of birth.
ReplyDeleteI try to not be negative about these things, however...
ReplyDeleteMatt Bevin was elected governor of Kentucky, on a platform of ending the Affordable Care Act, in spite of the fact that polls show:
"
When it comes to views of the new health care law, sometimes it’s all in a name.
In Kentucky, a new Marist poll conducted for NBC News finds that 57 percent of registered voters have an unfavorable view of “Obamacare,” the shorthand commonly used to label the 2010 Affordable Care Act. That’s compared with only 33 percent who give it a thumbs up – hardly surprising in a state where the president’s approval rating hovers just above 30 percent.
By comparison, when Kentucky voters were asked to give their impression of "kynect," the state exchange created as a result of the health care law, the picture was quite different.
A plurality – 29 percent – said they have a favorable impression of kynect, compared to 22 percent who said they view the system unfavorably. Twenty-seven percent said they hadn't heard of kynect, and an additional 21 percent said they were unsure.
“Call it something else, and the negatives drop,” said Marist pollster Lee Miringoff. "
-- NBC News
So, when you say: "Amen, as far as that goes. I am motivated by the same dream – a mostly-open world, in which most people know most of what’s going on, most of the time, so that light can serve as the great disinfectant of oppression and error. That is the core message of The Transparent Society.", I really wonder how that's going to work.
People don't seem to care to Know.
-- Hans
That Linux hack is only relevant to people that have a) untrusted people using their computer locally, and b) actually locked down their boot process, including hardware modifications.
ReplyDeleteMost people do not have (a), so it hardly matters.
And of those that have (a), most of them have *completely* failed at (b). They either forgot to set a BIOS password, forgot to set a boot loader BIOS, or just forgot to keep people from opening the case and resetting the BIOS. (Or my fav trick, unplugging the hard drive SATA so the machine boots off USB anyway, and then hot-plugging the hard drive back in after startup, which is actually pretty safe with SATA. This works about half the time, depending if they removed USB from startup or just changed the boot order. And if it works, the machine doesn't mysteriously end up without a BIOS password.)
I remember, back in my college days, we had some linux machines that were basically just for web browsing. It was difficult, but not impossible, to get to a command prompt, but even there, you were just a low-priviledged account, one that got reset at every logout.
But they, uh, had forgotten to change the permissions on the lilo config file, so a quick cat of it and I knew the lilo password. (Which also happened to be the root password, saving me a few steps, but I could have gotten root with just that. Boot up in single-user mode, hide an SUID bash somewhere, and tada.)
Securing computers that will be *unwatched* from untrusted people is, uh, pretty hard. If I had to manage computers like that, I *wouldn't let them reboot*, because that way leads to so many possible security holes...specifically, I'd have boot-time encryption on the drives, and if the computer reboots, well, it's just going to sit there at the password prompt until I can get around to typing it in. (Lesson to be learned from person who ends up with a non-working computer: Stop rebooting my computers.)
Erm, forgot to set a boot loader *password*, not 'forgot to set a boot loader BIOS'
ReplyDeleteVery enlightening, DavidTC. One has to wonder about the many interlaced Linux systems aboard US Navy vessels, if they have such procedures. and whether a one-time failure of procedure might compromise it all... see BattleStar Galactica.
ReplyDeleteNo, Linux systems do not contain an easy backdoor. Grub is a bootloader that boots Windows too, and hardly anyone uses the boot password feature that was broken because it doesn't actually provide much security in the first place. That was just typical poor tech reporting. Actual security requires drive encryption.
ReplyDeleteHans:
ReplyDeleteBy comparison, when Kentucky voters were asked to give their impression of "kynect," the state exchange created as a result of the health care law, the picture was quite different.
Didn't Senate majority leader Mitch McConnell run on getting rid of "Obamacare" but keeping Kynect intact?
I guess once you've accepted "voodoo economics", anything is possible.
ReplyDeleteFirst & foremost, internet 'freedom' is a mirage because its 'freedom' (aka its 'absence of restraint & regulation') has always been both relative (insomuch as it represents the restricted, ordered & limited freedom of the electronic queue instead of true anarchic freedom) & complexity-dependent (meaning that it remains subject to abrupt 'simplification' and/or collapse).
Second, the assumption that cultures do NOT have to choose between 'safety & freedom' is an insane one, especially when the term 'freedom' (as above) is best defined as an 'absence of restraint' (or the 'liberty TO' do whatever) and the term 'safety' is best defined as 'the quality of being protected' or 'freedom FROM' the potentially harmful liberties of others), meaning that safety & freedom can only be said to coexist through compromise.*
That a positive sum 'sweet spot' (of maximum allowable safety & maximum allowable freedom) may exist in equilibrium between these two opposing forces is a given, yet this compromise cannot be said to represent either unalloyed freedom or unalloyed restraint without giving rise to the Orwellian conclusion that 'freedom is maximum restraint (aka 'slavery').
Likewise, in regards to mutual transparency, reciprocal accountability & relational equity, any & all positive sum outcomes require similar compromise, enforced (mutual) rule obedience and increased complexity, leading to an ever-more complex and precarious compromise which (in turn) necessitates increased economic costs, diminished technical returns & ever-increasing risk of catastrophic social collapse.
Note also that (1) 'compromise' (aka 'making mutual concessions') exists on a similar continuum with 'competition' (aka 'striving against each other') & possesses an equally narrow, delicate, precarious & increasingly complex positive sum 'sweet spot', and that (2) 'competition drives complexity' (which, in turn, suggests that our cultural position becomes that much more complex & precarious with every increase in competition).
More on Dr. Joseph Tainter's view of Complexity & Collapse at https://www.youtube.com/watch?v=G0R09YzyuCI
Best
The key to a free internet to make it a Mesh network, not a Pipe network. That's truly Social Networking - pass along from one computer to another trusted one without the use of a central pipe system - or minimal use.
ReplyDeleteYour boy Dr. Joseph Tainter is very squishy in his definitions ("complexity simplifies," and how he defines "sustainability" fails the rationality test.) Good thing I sped it up with VLC. He has a political agenda. Incoherent in that his theory does not cohere. Many ignored factors such as birth control go unremarked, and he seems to ignore that stupidity plays as much a part in failures he discusses as concrete energy budgets.
ReplyDeleteHe claims, without offering any evidence, that R&D requires greater funding for comparable results. This is hand waving. His figures are from manipulated categories. (increasing nonsense changes in patent law is not discussed.) He looks for doom and if he can't find it, he will create it. Much like the proverbial man who quit the patent office because in 1900, everything had been invented.
ReplyDeleteYeah, I'm not very impressed by the "Linux" hack (really, it's GRUB, which is just a bootloader). GRUB is the most common bootloader for Linux PCs, but it's also used to manage dual-boot configurations for Linux/BSD/Windows/etc.
ReplyDeleteThe big thing though, is attacks that require someone with physical access are much harder to pull off anonymously and with a much greater risk of getting caught. If you're worried about a data breach because you lost your computer on the subway, you'd better be using disk encryption anyway. If someone can execute this attack, they can certainly pull the drive and mount it under an OS on another computer.
Dr. Brin:
You're not wrong about a one-time failure leading to progressive compromise. I can't point to instances aboard a Navy ship, but that's certainly happened in industrial settings. Air gaps are really hard to maintain. Even without networking or internet access you still end up needing to transfer data for diagnostics, control, security updates, etc. To say nothing of some person plugging their phone into a compromised public charging station and then later into a computer within the air gap. That's where defense in depth comes in. Proper security will detect, contain, and mitigate the damage when one component is compromised.
I urge you all to read locum's missive above, and to grasp thereupon the complexity of human mental life, such that those who are unable to perform a mental function can still dance around the edges, pretending that they do. In this case, paragraph after paragraph show an absolute... and I mean absolute... inability to grasp what "positive sum" means. Accompanied by a desperate try to USE words like "positive sum" by squishing them into the one-dimensional and at-best zero-sum mental modality to which he is constrained. It would be funny, if it weren't kinda tear-jerking.
ReplyDeleteNo, what is sad is that a sapient person, when told by many people that he is color-blind, might express CURIOSITY about the thing that he cannot see. None of that here.
If he has a point, it's lost in the word salad.
ReplyDeleteHere's a neat history of the use of "one-time pads" in cryptography. They arrive curiously late in history. The reader may want to consider how to use computers to ensure this method remains secure, even if no one computer is deemed spy-proof.
ReplyDeletehttp://users.telenet.be/d.rijmenants/en/onetimepad.htm
Little loci thinks he grasps the meaning, but to him it is (like compromise) the language of the Devil. As I have said before, his contributions always sound just like what I have heard in virtually every religious establishment I have set foot it. Culture blinds us to other ways and views in myriad subtle ways as it is, but there are some cultures that very directly and openly teach and encourage their ethnocentrism, rather than seeing it as a flaw to overcome. That desire to USE the language of the Adversary is a way of appearing to have conquered the enemy, if only in a metaphorical sense. But all cultures, even the most deliberately narrow, are complex and multifaceted, with many a meme-stream running through, often at cross purposes. As an example, when my son was taking swimming lessons at the local YMCA, I overheard many a conversation about supposed scientific evidence for Creation. Why would the faithful need to make up bullshit "scientific evidence" to support their faith? Because science is seen broadly as a source of legitimacy (and most people are unaware of the Fallacy of Special Pleading). So to have their cake and eat it too, they claim to have scientific evidence for their faith out of one side of their mouths while badmouthing science out of the other. The arrogant assertion that my tribe is right about everything, always and forever, is as old as humanity. The odd combination of analogical reasoning with claims to scientific legitimacy is probably only a couple centuries old. It is the voice of scientism, not actual science. Anyone living in the modern era would do well to understand the difference.
ReplyDeleteEvery single open-source project I've seen in depth does not care at all for users. They care for developers. And coverage testing isn't sexy, so most developers don't do it. Testing at all isn't sexy, and often isn't done in any systematic way.
ReplyDeleteOpen-source methods for finding bugs before they manifest themselves do not work, in my opinion, based on my experiences.
As far as locumranch's comments, it boils down to 'Am I free to punch you in the face?' If I am, then your safety is not absolute. If I'm not, then my freedom is not absolute.
Responses to:
ReplyDeleteGrub is a bootloader that boots Windows too, and hardly anyone uses the boot password feature that was broken because it doesn't actually provide much security in the first place.
If someone can execute this attack, they can certainly pull the drive and mount it under an OS on another computer.
Now, wait a second. This security issue hardly effects anyone at all, but it *is* theoretically possible to have set up a secure computer system, via putting the computer inside some sort of locked case, setting a BIOS config password, setting a Grub password, and locking down the OS...and having this bug destroy the security of that by letting people boot Linux with any arguments they want, including pointing to /bin/bash as init so there are no passwords.
As I said, no one actually *does* set that up correctly, even if they think they have. But it is possible.
Additionally, this bug really only effects Linux and other Unix setups, if only because if someone has a secure system like that, they're hardly going to let it boot multiple OSes, and no one installs Grub on solely Windows machines. MS provides a perfectly functional boot loader for *just* Windows, and installing Grub from Windows is pretty convoluted last I checked.(1)
Whether or not that fact makes this a 'Linux bug' is a semantic debate. It's a bug in something that comes standard with pretty much all Linux distros. In fact, with all free Unix distros. And it's also a bug that effects a super-hardened security setup which no one has. Call it what you will.
1) I was going to point out that, even if they did use Grub for Windows bootup, Windows doesn't have boot time arguments anyway, so they can't do anything to Windows startup, just boot it or not...but actually, Grub *itself* can mount Windows partitions and move files around and whatnot, so it would be easy enough to install a Windows root kit from within Grub.
But trying to make 'installing a piece of third party software on your computer can allow random users to manipulate the Windows filesystem' anything to do with *Windows* is a bit dubious. How is Microsoft supposes to stop that? The thing isn't even running *under* Windows! Linux distros *choose* to give that program out and put it on people's computers...MS did not.
Raito: Sounds like you've been involved in some crappy projects!
ReplyDeleteI've participated in a number of open source projects, and I can definitely say that some absolutely care about users. That's not true for all projects, not necessarily even a majority, but I can't count the times I've been deep in trying to solve user problems with fellow developers. How to make tasks faster and easier for users, how to automate the busywork and let users focus on being creative, etc.
There's a wide range of projects in the open source world, just as in the proprietary software world. Some put lots of effort into making users happy and productive, others couldn't care less. Most projects are very small, sometimes just one or two people trying to solve a problem they had and making the results available in case it's useful for others.
I've seen as much truly awful software that's closed source as open, and both can be buggy, unstable messes. For a time, I contributed simultaneously to two projects in similar niches. One was a mess of unreproduceable heisenbugs that hadn't released a stable version in years, whose testing was haphazard at best while they kept adding features. The other had far simpler functionality, but added unit tests for every feature and insisted that commits to trunk had to pass all tests (because that makes life easier for the developer...on the way to building useful software). This second project released very frequently and almost always on time.
Testing is hard. It's easy to test for the things you think to test for, much harder to ensure correctness always. There will always be cases your tests don't cover unless your problem domain is small and well controlled.
The open source "many eyes make all bugs shallow" method can't find any bugs before they manifest. It's not a replacement for good automated testing, but it's an excellent complement to it. The project that put so much effort into testing still found bugs the "open source way" and even managed to find and report bugs in underlying libraries that the other project missed (which was made much easier by digging into the source code)!
Source code is an invaluable tool to help characterize and even fix the bugs. That does require a skilled user, but whenever I've had to diagnose and work around a black box, it's been hell. A quick look at the source code often leads to understanding of why something doesn't work and how to fix it.
Automated tests are a way to minimize easily foreseen errors. User testing, documentation, and public source code are all ways to correct and back out of the errors developers can't see, and to enable third-party experimentation.
DavidTC: (We sure do have a lot of Davids here!)
ReplyDeleteThanks for pointing out that there is a case (heh) affected here. A good example might be a shopping kiosk that a person can reboot but that's too hard to open without someone noticing. It deals with sensitive information, so you don't want it compromised, but doesn't necessarily store sensitive data. (This is quite distinct from the "Oops, I lost the laptop full of top secret data on the subway." scenario, which requires drive encryption.)
If you knew you needed to lock down this kind of system, so people could use it unsupervised, then this kind of bug would be quite worrying.
Wow, great and unexpected computer discussion! A bit over my head but I am learning a lot. I got the smartest community on the web. ;-)
ReplyDeleteDavid Jordan,
ReplyDeleteWe're all products of our experiences. Mine have been bad. Yours haven't all been bad. Fortunately, we have brains and communication and can exchange experience.
And while in theory you can always fork, usually it's not worth the time. The user swill just tell you you should be contributing to the project you forks from. You know, the one that didn't care in the first place...
Buggy, unstable messes have been my job to clean up for most of my career. That includes the companies as well as the code.
Dr. Brin:
ReplyDeleteI'm glad you're learning a lot! Feel free to ask about anything that's gone over your head.
Perhaps you might update your post to indicate that it's pressing 28 backspace 28 times during the boot process and not just any time. It's also probably not an (intentional) backdoor, so much as a garden variety out-of-bounds vulnerability. This kind of thing happens all the time when programmers forget to do proper bounds-checking and is reasonably explained by lack of hyper-competence.
Backdoors imply someone put it there to enable secret access.
This may be "pie in the sky" thinking, but I am convinced that recent experiments in Quantum Telecommunication will soon make our current Internet™ look like the Gutenberg press. I do not mean the amazing capabilities of sending quantum keys for cryptography and knowing if your data stream is being observed, but pure point to point telecommunication with zero intermediary infrastructure. So I want to talk to me mum and we both have stable entangled electrons (or full buckyballs), then that phone call is free in virtually any context. It kills the oligopoly of the Telecoms and decimates any Great Firewalls.
ReplyDeleteNow I know the recent (back in May) experiments on quantum telecommunication have yet to be fully tested, especially to see if "transmissions" are instantaneous as ordinary "spooky action" is or limited to the celestial speed limit for some reason. Hell if it does turn out to work instantly, well then that is just plain time travel. But of all the recent technological "game changers" (quantum computing, controlled fusion, solar panel efficiency) this is the one I am the most excited and hopeful for.
-AtomicZeppelinMan
Anyone who has 'upgraded' their Microsoft/Apple operating software recently OR attempted to renew their DMV/DVLA operator's license in person knows that, past a certain point, increased complexity tends to create escalating costs & more problems than it solves, so much so that 'diminished returns' and a less favorable cost/benefit ratio are all but inevitable, and so it is with an increasingly complex modern society.
ReplyDeleteThis is why the once rare 'Catch 22' has (and will) become an increasingly frequent global phenomenon: We find that the things we MUST DO to survive as a collective have been expressly FORBIDDEN by the same collective. We do this for all the best reasons, of course.
(1) We are required to defend others, yet we are forbidden to defend ourselves;
(2) We are compelled to tolerate one another without fail, yet we are also compelled NOT to tolerate one another's intolerance under any circumstance;
(3) We are encouraged to bear witness to diversity's unseen benefits, while we are required to ignore its witnessed depredations;
(4) We attempt to protect free speech by instituting mandatory silence; and
(5) We are told (in simultaneous fashion) that CO2 production is both an unmitigated socioeconomic evil & a good indicator of our socioeconomic well-being.
As the 'double-binds' proliferate & become more intolerable, more & more of our weakest social links will fail (sentinel events), and we approach catastrophic failure at an alarming rate UNLESS we simplify.
More socioeconomic complexity is NOT the answer.
Best
_____
Note that I am not condemning information technology as the villain in this scenario because, increasingly, it is the glue that holds our fracturing civilisation together, even though it's advancement tends to multiply complexities, making even the smallest failure that much more catastrophic.
I'll put it this way: Your smartphone possesses greater computing power than the the Apollo space program & it is indispensable for modern life. Does this not imply that our day-to-day activities have become (at least) as complex as putting a man on the moon?
What's your breaking point?
"Compelled" has many layers and I do not see the state forcibly "compelling" most of the noxious politically correct over-reaches these guys whine about. They are "compelled" by social finger-wagging... sometimes by nasty "micro-aggression" managers of a meddlesome far left...
ReplyDelete...that can be shrugged or accommodated without too much life disruption or even too much irritation. These would be 'tyrants' of PC are (currently) nowhere near as powerful or dangerous as their equivalents on the spectacularly treasonous and harmful Mad Right. But they could BECOME dangerous if the Mad Right keeps going, starting to radicalize the vast majority of moderate liberals.
Thanks for pointing out that there is a case (heh) affected here. A good example might be a shopping kiosk that a person can reboot but that's too hard to open without someone noticing.
ReplyDeleteAnd note that 'a person can reboot' any computer that they can reach the power cable or electrical breaker of.
That said, luckily, most kiskos do not have physical keyboards at all.
Although a startling number of them have USB jacks you can plug things into. Think photo kickos. I've never tried to see if USB keyboards work in them. (Before anyone says 'They'll notice that', that's what wireless keyboard dongles are for.)
Ironically, it's possible someone thought of this and made sure to block the OS from loading USB keyboard drivers...which of course wouldn't stop the keyboard from working in the BIOS or in Grub! (I wonder if Grub has USB drivers or needs USB keyboard compatibility mode. It's complicated enough that I suspect it has drivers. Grub is, at this point, basically a damn OS, and I really have no idea what the hell they think they're doing.)
Interesting the number of Linux user who posted on this blog. I have been a user for 12 years. I keep truly sensitive data on a encrypted thumb drive that needs the passphrase to decrypt the data every time it is mounted.
ReplyDelete"It's a bug in something that comes standard with pretty much all Linux distros. In fact, with all free Unix distros."
ReplyDeleteOpenBSD does not ship with grub, so I'd wager that this statement is false. Also, one need not even complicate a (modern IBM PC compatible) system with grub, as UEFI can load the linux kernel directly. One might also wonder why it took so long to fix the rather too dumb PC BIOS, or why UEFI was even invented given the ready existence of open firmware...
Wholly Mackeral.... Elon and the Spacex team just did it!
ReplyDeletehttp://www.spacex.com/webcast/
Amazing!
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThat was incredible!
ReplyDeleteDoes that mean that Elon Musk is now looking to build his Secret Base in a Volcano?
He will also need a white Persian cat.
ReplyDelete(Fun movie at the time but, come to think of it, what *was* the business model to building a space vehicle 60 years ahead of its time in order to snaffle Gemini astronauts from orbit?)
That and where does Blofeld keep getting these HENCHMEN who are willing to die in droves... so he can kill the world? Um?
ReplyDeleteOne thing I love is how the crowd was busy chanting U.S.A. for the successes of a company founded by a South African Canadian-American immigrant.
ReplyDeleteSadly, whenever I tried to use Elon Musk or Syrian-American Steve Jobs as examples of why immigration isn't a bad thing, the anti-immigration friends of mine just block their ears and refuse to listen (and say nasty things about Jobs). In fact, an argument concerning immigration of Syrian refugees acted as a catalyst which resulted in me taking a six-month vacation from my friends.
But hey, that's why I have a dog now. Intense loyalty in exchange for being taken for walks and being fed. ;)
Rob H.
Oh, the "USA!" chant was a default and most of Elon's wealth and engineers and opportunities arose here. I'd love it if they chanted "California!"
ReplyDeleteWhat you are pointing out is a need for a patriotic chant - thumbnail for western civilization.
https://www.youtube.com/watch?v=HzIYEaeIB_8
ReplyDelete1,2,3,4...
Tony, it amazes me sometimes how some of us can look back on the cinema of our youth and see all the flaws we didn't notice then, while others continue to pine for the good ol' days, and the good ol' movies.
ReplyDeleteRob, who makes for better conversation, the canine or the dittoheads? A toss up?
Dr. Brin, as chants go, I like the one Bill Nye came up with. Science!
Are we waiting for a top blog post to discuss Star Wars? Waiting for a spoiler window to close? I'd like to get David's reaction to it as a "prosecutor" in the "Star Wars on Trial" discussion. Let us know when you would like to open the can of worms, Doc. Until then...
ReplyDeletePaul, I love my friends dearly. One of them has been a friend for over 20 years. I take no joy in not talking to them. But the break will likely do us all good. Or the friendships will end and I'll learn from the experience.
ReplyDeleteRob H.
Tripping off topic for a moment: a former Republican Congressman talks about rekindling the Civil War.
ReplyDeletehttp://www.theblaze.com/stories/2015/12/20/former-republican-congressman-calls-for-political-revolution-among-gop-and-has-eye-opening-words-about-violence/
According to Walsh, the first step for “revolutionaries” — or, conservatives, Tea Partiers and grassroots activists — is to “clean out the Republican Party.” If that does not work, he said, a new political party or movement could be on the horizon.
“It’s hard to say, ‘don’t’ be afraid of it,’ because we don’t know what’s going to happen,” Walsh, 53, said. “Remember, revolution is a scary term. It implies violence; it implies open rebellion. People shouldn’t be afraid because initially we’re going to use the political system in this revolt to try to fight back.”
“It’s not going to get violent at first, but look, the two prior revolutions we had got violent — the American Revolution and the Civil War,” the one-term congressman continued. “Our founders believed that it may take violence to take back our country every now and then.”
Rob, sorry, I know how you feel. I even miss some of the knuckleheads I used to hang out with 20 years ago. I don't miss their attitudes on a lot of subjects, but some of them were still good friends in spite of our differences. Hopefully both parties learn something, without it having to end.
ReplyDeleteGo, SpaceX!
ReplyDeleteI'm glad they got permission to land on stable ground rather than the bobbing platform out in the ocean, although that might have been safer; that seems to have made all the difference. SpaceX did the Delta Clipper one better, because it went on to deliver a payload (several!) into orbit, as well as a safely retrieved first stage. Heinlein, rest his soul, is grinning madly somewhere right now.
Matthew I was not panting to get to the theaters. My family and I have 3D tickets for a showing Christmas Eve. No spoilers till then.
ReplyDeleteMy own "New Hope"? With Lucas exiled and with Kasden as writer, maybe... just maybe...
I hope it was clear enough that I urged playing the New York Dolls' "Human Being" (one of their few outstanding, excellent numbers) as a celebratory homage to the launch as, like David puts it, I'm so damn proud to be a member of a species that does such things.
ReplyDelete@locumranch:
ReplyDeleteI'll put it this way: Your smartphone possesses greater computing power than the Apollo space program & it is indispensable for modern life. Does this not imply that our day-to-day activities have become (at least) as complex as putting a man on the moon?
Not even close. The real computing done during the Apollo era was going on inside the heads of those involved. Since such groups exist today doing a variety of coordinated things, your analogy fails. What my smartphone does is make certain kinds of coordination EASIER and other kinds POSSIBLE. If our day-to-day activities are more complex today, it is because we choose to use the tools to do the formerly impossible. That is not necessarily true, though. We might also be giving up what we USED TO DO.
Remember that human attention is still a finite thing. Until a tool exists to do things for us, what we can watch and do involves zero-sum decisions regarding allocation of attention. When your smartphone acts FOR you, it extends your attention and that changes the whole game. If you want to worry about what happens when we lose access to these extensions, you are not being unreasonable. That’s part of why our host keeps poking at his robustness argument. I argue that you are TOO worried, though. Small failures occur every day and fail to produce catastrophic results. Try a test of your idea, though, instead of reading my content. Go back and watch the first episode of Connections (James Burke) and ask yourself why the outage he describes doesn’t happen all the time. Ask yourself how we’ve managed to build a MUCH more elaborate world since without catastrophic collapse. My argument boils down to this… It should have already happened… we’ve had ample opportunity.
I don't mind people wanting to clean out a party or start a new one, but I do point out to them that we have a special word for people who do it through violence. Some of us call them terrorists. One has to take a careful path through rebellion before I'll grant them recognition as a 'rebel'.
ReplyDeleteJeez, that congressman is from my neck of the woods in Illinois.
ReplyDeleteAs for Star Wars, I also am not in a hurry to buck the crowds, but will probably see it while it is still in theaters. I'm also guardedly hopeful that it will get back to some of the fun that was missing from the prequels but which I thoroughly loved back in '77
Alfred Differ:
ReplyDeletebut I do point out to them that we have a special word for people who do it through violence. Some of us call them terrorists.
The American right-wing is curiously two-faced when it comes to criticism of America. If someone complains about America from the left, we should love it or leave it and go back to Russia. But criticizing America the right--saying we've become too tolerant of deviants or too secular or too "feminized"--is considered patriotic.
It's telling that, in the immediate aftermath of 9/11, both Susan Sontag and Jerry Falwell said the terrorist attacks were comeuppance for some failing of America's, but only one of then was vilified for it.
All I can say is that fun is back on offer in the GFFA. Further deponent sayeth not.
ReplyDelete"I'm also guardedly hopeful that it will get back to some of the fun that was missing from the prequels but which I thoroughly loved back in '77"
ReplyDeleteIt does (spoiler)
Larry, what you wrote about two-faced criticism doesn't seem curious to me in the least. I used to hear this all the time, and was often told to go live in Russia. The concept of hypocrisy is lost on those people. Oddly enough, when he was a kid my older brother was really into war movies (of the WW2 variety) and became enamored of the British Army. He was more critical of the American military, so unsurprisingly people told him to go live in Russia.
ReplyDeleteThink about who the right- and left-wing critics were. Sontag was a lefty, a feminist with Communist leanings, and Jewish. Falwell was a TV preacher with a following of millions who believed his words were divinely inspired words of God Himself, and were fool enough to send the bastard millions to live in the lap of luxury while they toiled away. Falwell had the supposed authority of God on his side, while Sontag had only her own human experience and reason to go on. From the perspective of many, the choice of who to believe was obvious, especially when the modus operandi of religious leaders is to flatter their congregations by telling them that they are the chosen ones. The hypocrisy goes right over their heads because it goes straight to their egos.
Dr. Brin, I managed to get in by going on a weekday in the morning. I honestly only went because too many of my students would think I was some kind of alien if I didn't. I'll save discussion for after you have seen it, except to say that I think you will find the substitute that fills the role of the green, wrinkly oven mitt a major improvement.
ReplyDelete@PaulSB,
ReplyDeleteWhat struck me at the time (9/11) was not just "left-wing bad; right-wing good", but the utter hypocrisy of saying that Sontag's criticism was unwarranted because she was blaming the victim (America) when everyone should be laying the blame for the attacks on the terrorists.
But Falwell, saying that God had let 9/11 happen because America was too tolerant of gays and feminists, was also blaming America. I'm not sure if the "love it or leave it" crowd doesn't notice, or just doesn't care.
ReplyDeleteI, too, am impressed at SpaceX's success at bringing Atari's 'Lunar Lander' game to fruition, especially when tail landings on 'a tower of fire' has been a SciFi staple since the 1930's. That said, it's a huge jump from a single successful tail landing to spacecraft reusability, mostly because we've been there before with the Shuttle's booster system which was also considered 'reusable' until it failed catastrophically upon reuse.
Alfred is, of course, quite right when he says that "The real computing done during the Apollo era was going on inside the heads of those involved". Unfortunately, this argument about what is 'going on inside the heads of those involved' can only support my thesis on the pending Western Mental Health crisis brought about by modern social complexity & information technology dependence.
Current US estimates indicate the prevalence of chronic mental illness at 35%, with a total society-wide mental illness prevalence that approaches 50% when acute (and/or temporary) mental illness is taken into account, something our host points out frequently in his US political posts. Modern social complexity is (literally) driving a significant proportion of our population insane; hence the growing social tendency to suicide by firearm (accounting for 2/3rds of all US firearm deaths), suicide by cop, suicide by random violence, suicide by polysubstance abuse and (coming soon) suicide by revolution.
I see these people every day in US Emergency Rooms (aka 'The Social Safety Net of Last Resort') and they are Legion. I point this out here, frequently, on this site because you (collectively) represent our Best, Brightest & Most Resilient, possessing in superior coping & problem-solving skills, yet you choose to fiddle while Rome burns, either out of collective (insular) ignorance or reckless social disregard, in the mistaken belief that the social collapse (which has not yet happened here) can never happen.
Good luck with that.
Best
locum said, in a surprisingly coherent manner:
ReplyDeleteThat said, it's a huge jump from a single successful tail landing to spacecraft reusability, mostly because we've been there before with the Shuttle's booster system which was also considered 'reusable' until it failed catastrophically upon reuse.
Truth! But there were two massively corroding factors involved with the Shuttle SRBs: (1) the fuel [ammonium perchlorate aluminum composite] and (2) the landing mode (floating in saltwater). These increased refurbishment difficulty and cost massively. I will not go into the disastrous design compromises that completely bolluxed the Shuttle overall as it would take all day.
Nonetheless there are uncertainties involved. Both SpaceX and Blue Origin are now going to have to do detailed engineering tolerance testing on returned components and see what really does break down on reusable boosters. This is unexplored territory. A booster will inevitably blow from fatigue on some component insufficiently tested or explored. Fortunately, unlike the Shuttle, there won't be humans without an abort system aboard when that happens (okay, sorry, I really will quit now).
PS If locum's day job is in an ED I can forgive him some of his attitudes. Disagree, still, but understand and empathize. You really find out what humans are capable of working there, and it's not always pretty.
Sometimes I think in locumranch's view, happiness is a crime against humanity and love is a capital offense.
ReplyDelete...or as the boss in "Dilbert" once put it:
ReplyDelete"Job satisfaction is like stealing from the company."
Hi Catfish
ReplyDeletethe landing mode (floating in saltwater).
Floating is saltwater is not good
Hitting the saltwater at 30mph?? - is worse
Sure half of our neighbors are mentally ill in some ways. So? That a large fraction are capable of some sanity -- satiability, re-evaluation based on evidence, contemplation of the possibility of being wrong, and so on -- strikes me as miraculous. And many sadnesses abound in a civilization that has invested too little into mental health.
ReplyDeleteBut:
1) we are learning at a spectacular pace.
2) To call what we see ANY sort of increase calls for historical myopia of a towering degree. When I was a kid public drunkenness was farmore common and media portrayed it as somehow "cute." Domestic violence wasn't tabulated because it was "normal." And half our population - women - had to - to a degree that ranged from slightly to tragically - suppress themeselves for the good of the team... or to survive.
Sorry. Grouches bear the burden of proof.
onward
ReplyDeleteonward