Skip to main content

Songs on the Security of Networks
a blog by Michał "rysiek" Woźniak

Technocomplacency

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

I am amazed and saddened by the apparent and growing technological complacency we, technology people, find ourselves in. Ever more often we’re fascinated by blinky-thingies and shiny toys, falling out of our engineering mindframe that used to induce us to hack together great things – thankfully, in that regard the Warsaw Hackerspace is a shining exception.

A simple example. Not long ago Telecomix released 54GiB (!!) of Syrian Internet censorship equipment logs. A moment before that Apple had yet another of their conferences. Let’s compare those, shall we, taking Slashdot comment numbers into account?

A shiny new toy versus release of extremely important and complete, up-to-date information on human rights violations and Internet censorship in Syria, and on technology utilised to that end, gathered “red hot” in an area of a social conflict that’s most probably a defining moment for this decade, all that during an on-going discussion about implementing Internet filtering in Europe.

Shiny new toy wins with an almost 8-fold advantage.

Election Silence in Poland

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

There is a nice saying in Poland: where two Poles, three political opinions, giving away our national love to political discussions. This changes magically into a great, majestic elephant in the room once the election silence kicks in.

Oh isn’t it grand! And I mean it absolutely without irony – it is grand and beautiful how in the name of our national sport (politics) we Poles are able and willing to withhold our national pleasure: discussions on our national sport.

E-textbooks, Johnny Mnemonic, business and the Net

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Finally I have watched a cyberpunk classic – Johnny Mnemonic. And, as usual, my mind wandered a bit and I spotted a pattern, which obviously is a great foundation for stories, but also lies at the bottom of many important, current problems.

The pattern:

  • a serious problem of some kind exists;
  • a good, complete solution, beneficial to all affected, is known and available;
  • however, only a partial solution is implemented – hugely profitable to some group at the cost of the general public.

So, how does it look in practice?

Johnny Mnemonic:

  • a global epidemic is raging;
  • huge farmaceutical corporation posesses an effective drug that can cure it completely;
  • the corporation, however, only sells (with huge profit) drugs that handle the symptoms.

And on to more important issues.

E-Textbooks:

  • education is crucial, but textbooks are expensive;
  • it is possible to publish e-textbooks on permissive licences, which would save hundreds of zlotys for each Polish student;
  • that would obviously be less profitable for the publishers, so we still get textbooks in the dead tree format – not only are those costly, but also much less practical than electronic ones could have been (oh, and my compliments to orthopaedists trying to cure kids’ spines, deformed by 6kg backpacks).

Culture in the Digital Era:

  • culture, to strive and develop further, needs the possibility of citing, using, remixing and consuming works of art; these, however, are often in such a copyright lock that it’s impossible to use them, even if money is not the problem;
  • it’s possible to digitalize and just release the works on permissive licenses (like Creative Commons), while artists would make their profits on donations, concerts and other events, or through licensing their works for commercial use (e.g. in pubs, cafes, etc.);
  • of course that would mean much less money for the intermediaries (which, incidentally, are completely redundant in this day and age, in which each artist can get their work to the audience directly and almost hassle-free – through the Internet), so instead we get mangling the law, destroying the public domain and so on.

Some of those are black-and-white, unambiguous. Some show all kinds of gray in between. As long as e-textbooks are concerned we could estimate what’s more important to the society – existance of paper textbook publishers’ diversified market (also known as “the textbook market mess”) or our childrens’ effective and efficient education.

And then simply finance creation of e-textbooks from public funds (maybe through a grant or a competition) and put it out on a permissive free licence in the Net.

Similarily with the culture. Artists big and small publishing directly in the Internet (like Radiohead or Masala Soundsystem) and huge communities of artists and listeners (like Jamendo) show that the self-publishing openness model works. And not only in music – also in video production (vide Pioneer One) or videogame creation (huge success and reeditions of the Humble Indie Bundle).

Free market is not a value in its own right. It’s only means to an end.

Sometimes the means is not effective and not needed, as there’s a more important aim than what can be achieved with its help. Like education.

Sometimes the means is ineffective as its functioning is disrupted (here: by lobbying and seemingly unlimited resources at the disposal of the biggest players) and some definite actions, changes are needed for it to start working correctly again. As with culture on the Net.

Diaspora-Based Comment System

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

I think I already threw that idea on the (Diaspora) wall, but now I had a bit longer to ponder about it, so: how about we make a Diaspora-based comment system for websites/blogs?

How it could work

When creating a blog (or brag) entry, a post with the whole or part of it, and a link to original source, would be created, e.g. using a user specifically created for that particular website. The website operator could then facilitate discussion of that entry by either:

  • including the Diaspora comment system through an IFrame (with a proper post and discussion of it), or
  • using some API to feed comments to Diaspora and get replies from it.

Of course, there could be other ways to use that comment system on a website.

Advantages

I can see at least a few serious advantages of that approach:

  • discussion could go on on Diaspora and on the website, while still being perfectly in sync;
  • Diaspora users wouldn’t have to set-up accounts with the website just to partake in the discussion;
  • anonymous posts could be catered for by creating a special, pod-wide user for anonymous postings on all website using a given pod, or by a website-specific anonymous user - both ways enable easy enabling and disabling of Anonymous comments (via aspects), even down to given entries;
  • who is able to comment on a given story would be also trivially controlled by simply setting the aspects that the entry is being posted in on Diaspora.

I don’t, however, see any disadvantages. Though that doesn’t mean there aren’t any.

What would be needed

Some good, stable, thought-through API, obviously; maybe a dedicated pod just for such a use would be a good idea, too. I think OAuth functionality would be required to be able to give users a possibility to comment on the website and yet get the comment posted on Diaspora under their UID.

Comments?

I’d love to hear your comments and ideas on that – let’s experiment with that and already use Diaspora to that end: here’s the thread.

Conflict of values

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Today a bit more philosophically, regarding the main topic of the next 48 hours – tenth anniversary of the 9/11 Attacks.

Without even going into some more or less interesting conspiracy theories – this was a tragedy. One, that without a doubt changed the world. In many, many ways.

One of the changes was a complete reevaluation of values. Such a terrifying, unimaginable scenario was, for example, the reason to instantly tighten security measures across the scale – effective or not, yet still very much felt and visible.

So here’s the thing: after 9/11 under the pretext of enhancing safety (of flights, but not only) some fundamental values have been sacrificed. Values that have been considered the cornerstone of democracy, especially the American one. Of course, not all at once, but rather a step at a time – nevertheless the overall outcome is the same. This sacrifice, this lack of respect for those values is ironically the most intense in the USA.

Right to privacy lost with wiretapping (including illegal wiretapping); personal inviolability (in Englih law called Habeas corpus; in Poland – Neminem captivabimus) has found itself jailed in Guantanamo; personal dignity every day dies a little bit in busy hands of TSA operatives and on screens of porn-scanners; tolerance and multiculturalism gave way to racial profiling.

All of those instruments are meant to enhance security; however, even if we assume that they are effective in their stated purpose (which, in many cases, is doubtful), there is a question that needs an answer: safety of what, exactly, is being thus enhanced? After stripping away rights, personal freedoms, dignity, all is left is the purely biological fact of being alive.

Asked directly, however, we would probably agree that this simple biological fact, breathing, heart beating, etc., is not a value in and of itself. This is not what we learn from history’s heroes; this is not what we read in literature; this is not what was being instilled in our minds since infancy – regardless of culture we come from. We know and respect examples of giving one’s life for love, for country, for family… Human life is valuable not in and of itself, but rather (for example) because of what this man could achieve. In other words, there are some higher values.

There were those that sacrificed their lives fighting for (among others) dignity, freedom from surveillance, racial and religious tolerance. And they are considered heroes.

Which, apparently, is at odds with current hierarchy of values in the States (and, more and more, also abroad). Looks like after 9/11 we all have collective split personality – one part still tries to keep appearances as if there were higher values (like dignity) more valuable than biological life; the other part is hell bent on defending this very sum of biological processes, even at the price of those “higher” values.

Maybe it’s time to ask, though, how much of it is a personality disorder, and how much is deliberate calculation and hypocrisy.

On-line privacy and anonymity: case in point

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

From a comment in a discussion on Diaspora:

I used a nym(*) through most of the Bush years as I live in a very conservative area and my criticism of the prez and warz was carried in some pretty prominent places. I actually feared for my life. So, I hid behind anonymity.

Surprise! Even in “the land of the free” people exercise their right to anonymity fearing ostracism and persecution for political views.

Now, does anybody have any more enlightening comments as to why we do not need on-line anonymity (as, supposedly, if you’re not doing anything wrong you have nothing to hide) and how nobody wants on-line privacy?.. I’m looking at you, Schmidt and Zuckerberg!

**) “nym” - pseudonym*

On being careful with words

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

A certain whirli, on Diaspora, dropped a nice text on Google’s Real Name Policy and how it can affect the whole industry – and our lives.

I agree with the basic premise and the reasoning that once Google gets away with that, probably many other companies and websites will follow; that puts online anonymity and privacy in huge jeopardy (for more on that, read the linked article, not much I can add to what’s there).

However, I do have a problem with use of certain words and phrases in the text. “Transparency”, someone/something being “open for scrutiny”, “accountability” – have been applied by authors to private persons, regular users of online services. That should not be.

“Accountability”, “transparency”, “openness to scrutiny” are terms/qualities that in our democratic society have inherent positive air to them, we feel that those properties are good and important.

Governments, companies, public servants, officials, treaties, negotiations, lawmaking, etc. – these are examples of what should be “accountable”, “transparent” and “open for scrutiny” in a democratic state. All of these have big influence on private persons’ lives and hence must be possible to observe and control by those same persons.

On the other hand, when the situation gets reversed (as it can be feared once Real Name Policy gets enacted across the web) and it will be private persons being watched and controlled by governments, companies, public servants and officials, something wrong happens and the state of affairs seems to drift towards totalitarianism.

In such a case using words and phrases with positive emotional load – like “accountability” or “transparency” – doesn’t play well: if Google or a government official tried to use those terms in such a context, I would even say it’s an intentional manipulation meant to show something inherently bad (total state/corporate control of private persons’ lives) as inherently good.

I feel that words like “invigilation” and “surveillance” much better fit the purpose then.

Update

I had a very constructive and interesting discussion, first by e-mail, then on Diaspora, with (among others) the author of the article.

To sum it up – I might have overreacted a bit due to my engagement in both:

  • fighting for privacy and anonymity of private persons, against surveillance;
  • advocating transparency and accountability of official dealings, governments, corporations, etc.

To the first stipulation, written above, I would like to add a second one: using such positively-loaded words to describe negative phenoena dilutes that positive emotional load, making it harder to use it in the positive context (e.g. advocating transparency of government).

Mind you, that’s just for the record, a Gedankenexperiment if you will; I fully accept that in the case of that particular article this might not apply.

Of malware, hot steam, privacy, using one's brain and paedoparanoia

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

So I read today about an Apple Service employee that installed malicious software on his female customers’ lappys. The software then asked for the lappy to be placed “near hot steam”(!) to “clean an internal sensor”.

Guess what. Ladies then actually took their lappys to the bathroom while they were taking showers. Yes, nude photos were made with the built-in webcam – that was the whole idea.

Now, in the later section of the linked article one can read that for instance Geek Squad has a policy of searching their customers’ computers and reporting any and all allegedly illegal material found. That means (among others) child pornography, obviously.

The Perfect Storm

Okay, let’s go out on a limb here and imagine what could happen with those combined:

  • a 14yo girl’s father takes her MacBook to an Apple Service where, incidentally, our little “voyeur” works;
  • lappy gets a servicing and some malicious software treatment;
  • back at home, the 14yo daughter gets the “place near hot steam” message and promptly – probably after consulting her father – takes her MacBook to the bathroom while taking a shower;
  • nudie pics are made – those qualify as child porn;
  • some time later the father, for one reason or the other, takes the MacBook to Geek Squad;
  • GS finds alleged child porn and reports the father to the authorities.

Prosecution, persecution and stigmatization ensue. Family is ruined. Father is finally found not guilty, but after many years of trial and being treated as a paedophile. Probably loses his job and acquintances in that time.

What went wrong

Obviously the guy in the Apple Service shouldn’t have installed the malware. But that’s just the tip of the iceberg, and that is what is really scary.

First of all, people should have some minimal understanding of the technology they use, and make some use of their brains. I’m not talking about understanding how a NOR gate in a CPU works, I’m talking about “electronics and hot steam? that doesn’t sound right” kind of mental process.

Secondly, come on, when you’re sending your electronic device for service, you should at least clean it up a bit (if that’s possible, obviously); nobody will respect your privacy if you yourself won’t.

Then there’s the Geek Squad sifting through people’s private stuff. It’s as if you ask a plumber to fix the drain and he starts looking in your basement for clues of a possible murder. His job is to fix the darn drain, not to be a self-appointed criminal investigator, and if he thinks otherwise, well, that’s trespassing – isn’t it.

And finally – but I guess most importantly – the continuous paranoia about paedophiles everywhere. This is exactly what apparently justifies the Geek Squad to invade ones privacy during PC servicing; this is exactly what causes the father to be stigmatized, family to be destroyed, before the verdict is brought in. This is what changes “innocent until proven guilty” into “paedophile once alleged”. This is what caused a paediatrician to be harassed and driven out of her home, seeking police protection, after a mob mistook “paediatrician” for “paedophile”.

This, and not using ones brain.

Kragen Thinking Out Loud

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

I found this diamond accidentally (well, not quite; I follow Jacob Applebaum), but I just might end up observing it closely. Kragen Thinking Out Loud, or a mailing list on which Kragen Sitaker shares his thoughts with the world. Something like a blog, but without the blog, RSS, etc.

Some great starters to get the hang of it:

The last one is especially mind-tickling; it’s one of those texts one reads and gets an Instant Epiphany of some Basic Truth (in this case – that P2P cannot work effectively on an ADSL Internet connections, due to the dreaded A).

The second text I would like to wholeheartedly recommend to all the Apple and Google fans out there. No, no trolling.

Oh, and I just might add a newsletter functionality here on the brag for all of you that prefer the traditional way of getting their news.

Willpower, productivity and cycling

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Just read a great article on willpower, addictiveness and productivity; if you haven’t yet, do, it’s well worth a read (as is the article that inspired it).

Anyhow, I have two short conclusions from this read, one more personal, the other more general.

The personal one stems from the fact that I used to cycle each day at least 30 minutes, as I lived on the outskirts of Warsaw and that was the best means of transport (at least for me). I always thought that the single biggest gain for me in that was the physical exercise – sun or rain, wind or snow, every day at least 30 minutes of biking.

After what I’ve read a second great gain pops to my mind: Each day, I had at least 30 minutes of completely uninterrupted time with myself and my thoughts. I suddenly remembered how much was I able to think through during this time. I’ll have to make myself start cycling (or possibly frequenting a swimming pool?) again, for both reasons.

The more general conclusion has a premise: there is a continuum of types of people, between completely focused, wielding formidable willpower (and hence very productive) on one end of the spectrum, and totally disorganised, run mainly by impulses and urges (and hence less productive) on the other – and I am probably somewhere in the middle; please bear in mind that “being productive” is used here as in original text, a much wider term than just “productive at work”.

And here’s the kicker: I have a feeling that almost all of the marketing, economic and political agendas of any significant power (be it a large corporation, an important political party, etc.) are geared towards the impulse-driven part of the society, as it’s probably much easier that way. But wait, there’s more! It would seem they are actually actively working towards moving as many people as possible from the “willful, productive” part of spectrum towards “impulsive, weak-willed, consumerist” (sic!) end.

And that’s both scary and unacceptable.