PJ, at groklaw, recently realized that the internet, in its present form, is just too tempting for the control freaks who tend to gravitate to the tops of bureaucracies. And that the technology ultimately does not change the traceability of communication.
So, rather than risk receiving a warrant from bureaucrats on out of control fishing expeditions, she has decided to shutter Groklaw, apparently on the theory that operating it is tantamount to operating a honeypot for an out the out-of-control government that the US government has become. (Reference the NSA "revelations".)
In order to avoid argument, she locked comments on her final post. So, instead, the loyal readers are commenting via the previous post.
Many of those who have participated in her forum feel that shuttering it is unavoidable.
As a Christian who believes the Revelation of John, I see the end game. Truth will cover the earth as a flood, but that kind of leaves much of what we have assumed about privacy washed away in the flood. Someday, I'd like to write something about that, but rant like my blog posts will not do.
Why am I posting this here? I'm not sure.
Freedom has never come free. I've been trying to talk directly about that on my free-is-not-free blog. But it seems like I am talking around the real problems, after all. Not directly, at all. I've mentioned some relevant issues in my defining computers blog and pages, as well. (Security is not privacy or freedom, by the way.)
My solution to PJ's conundrum would be to just add a clause in the groklaw's site policies -- that the site operators would try to avoid cooperating with the tyrants in government, but that there are no promises.
That's the most that can be promised, anyway. We have no right to demand that another should put their lives on the line in some pre-programmed way, and that's what making any more promises than that would encompass.
If PJ cannot be comfortable with that, shuttering the site may be the best part of wisdom on her part. We can't judge that.
As far as making technology that would circumvent the attempts of the various governments to use a news forum for their own spying, the only way to make that kind of thing work is to set up a irregular, large volume wash of what is essentially identical to the spam we hate so much, and use steganography to hide the posts in the flow.
And if we could, what would we have done? Nameless voices are, in the end, nameless.
Nameless is good when you are doing what Jesus called "alms". In political movements, temporary anonymity helps keep movements alive in a hostile society, but the movers have to be ready for when the anonymity is inevitably broken. This is part of freedom, the willingness to take a stand in your own name on important issues. That's what redeems Snowden's behavior most of all.
Conclusion? I have none to offer beyond this. Setting up a temporary anonymous zone so that sites like Groklaw can continue is a bit beyond our current technological context.
What the wash looks like, by the way, is essentially pushing the internet to its correct form, fully distributed, every end-user running his or her or their own local servers -- e-mail, news, editorial (blog), etc. Beyond that, I don't have time to describe now, other than pointing to steganography.
We do have to break our current dependence on centralized certification and centralized software distribution. Proprietary IP does not mix well into this. (Go away, Microsoft, Apple, Oracle, Intel, and all your ilk.) This is a technical requirement.
Tuesday, August 27, 2013
Saturday, August 17, 2013
love passion power and Chicago
My wife put on her Best of Chicago album (the more recent one) again just now. She's been listening to it a lot lately, I'm not sure why. 
I'm a fan of Chicago. I have several albums stored somewhere across the Pacific, about half of their albums from Chicago Transit Authority to around Chicago XI. Some are rotting on tape, unfortunately.
To me, Chicago VII was the pinnacle of their work, and I still think so. Unfortunately, they backed away from their experiments in fusion jazz after that. Mixed with their high-fructose pop output, I'd have liked them to put out some more albums with the heavy fusion influence shown in VII. (Maybe it would have been hard for them to do that without Terry Kath -- the chemistry of a group changes when a member is taken away like that.)
(I notice that Stone of Sisyphus was released around five years ago while I wasn't looking.)
So we're listening to Chicago, somewhere before the tune "Stay the Night" in the play order, and I'm thinking that Chicago, except for V and VII, is pretty much heavy metal for non-metalheads. Metal adapted to pop.
But "Stay the Night" begs analysis. It came out while I was at BYU, and I and most of my friends listened to it, even danced to it, without really thinking too deeply about the lyrics. This was about a boy's passion for a girl, that was all.
I mean, I understood the irony in Heart's "Dreamboat Annie" when I was in High School. (Love that album. And wisdom and experience tell me so many more things when I listen to it now.) But it was several years later, when I met my cousin's sometimes boyfriend that she just couldn't leave behind, before I started really facing the irony that "Stay the Night" is so representative of.
Read the lyrics sometime. It's definitely youthful passion, definitely not the higher emotions of love. Watch the video with Debby Evans. It's amusing, very juvenile, very instructive of the value of juvenile passion.
(But does he want to take the time to understand her?)
And so forth. When passion remains untempered, when nothing gets in the way, something is lost.
I still enjoy the music, and the way it underscores the melodramatic lyrics. It seems I enjoy popular music now for the irony as much as I used to for the passion.
I'm a fan of Chicago. I have several albums stored somewhere across the Pacific, about half of their albums from Chicago Transit Authority to around Chicago XI. Some are rotting on tape, unfortunately.
To me, Chicago VII was the pinnacle of their work, and I still think so. Unfortunately, they backed away from their experiments in fusion jazz after that. Mixed with their high-fructose pop output, I'd have liked them to put out some more albums with the heavy fusion influence shown in VII. (Maybe it would have been hard for them to do that without Terry Kath -- the chemistry of a group changes when a member is taken away like that.)
(I notice that Stone of Sisyphus was released around five years ago while I wasn't looking.)
So we're listening to Chicago, somewhere before the tune "Stay the Night" in the play order, and I'm thinking that Chicago, except for V and VII, is pretty much heavy metal for non-metalheads. Metal adapted to pop.
But "Stay the Night" begs analysis. It came out while I was at BYU, and I and most of my friends listened to it, even danced to it, without really thinking too deeply about the lyrics. This was about a boy's passion for a girl, that was all.
I mean, I understood the irony in Heart's "Dreamboat Annie" when I was in High School. (Love that album. And wisdom and experience tell me so many more things when I listen to it now.) But it was several years later, when I met my cousin's sometimes boyfriend that she just couldn't leave behind, before I started really facing the irony that "Stay the Night" is so representative of.
Read the lyrics sometime. It's definitely youthful passion, definitely not the higher emotions of love. Watch the video with Debby Evans. It's amusing, very juvenile, very instructive of the value of juvenile passion.
I don't want you to misunderstand me
(But does he want to take the time to understand her?)
I just want to say what's on my mind(No time? What's so much more important than understanding?)
No need to hit me with an attitude
Because I haven't got the time
And so forth. When passion remains untempered, when nothing gets in the way, something is lost.
I still enjoy the music, and the way it underscores the melodramatic lyrics. It seems I enjoy popular music now for the irony as much as I used to for the passion.
Friday, August 9, 2013
subconscious vs. unconscious vs. pre-conscious vs. ...
Went to wikipedia to look for a Japanese equivalent of the subconscious mind and was rudely reminded that the argument about the existence of the unconscious elements of the mind are not at all resolved. (I knew that, why was I surprised?)
Freud talked about the unconscious and the pre-conscious.
The unconscious is the suppressed elements of the mental processes, and the preconscious is the parts which are not yet either expressed or suppressed.
And he argues that the "subconscious" is too ambiguous a term to be meaningful.
I'll give him one on that last, but I wanted him to admit that "unconscious", "preconscious" and "conscious" are also rather ambiguous classifications, not forming a true partition.
What we suppress changes from moment to moment. So does what slides in-and-out of focus.
If I wanted to make the divisions he makes, I would do it this way:
I would make another set of classifications, cutting across the first set, dividing by the topics they cover:
But the third is not just a subset of the first two. Whether we have deliberately suppressed a topic or not, the question of focus cannot be answered reliably. This may be somewhat the class Freud was intending by pre-conscious.
Forgotten topics are not just out-of-focus. They are in cold storage.
In a computer system, the first class of topics would somewhat correspond to data in cache. (Except there are hard limits to computer cache, not so much to our minds' cache.) The second class of topics would be data in high-speed store (RAM, in current systems). The fourth would be data stored on disk (or tape, etc.) in persistent store, indexed and addressable, but it takes a while to get at it.
The third would be discarded data, results that seemed, at the time, to unnecessary or even counter to the goal of solution. If a computer system is capable of bringing the discarded data back, it is data that must be regenerated, recalculated, re-indexed, etc.
This is one of the remaining differences between human cognition and mechanical reasoning -- Humans generally can, if they have enough motivation, bring suppressed topics into memory and into focus. Computer systems generally (still) require human intervention to do so.
There are at least four more classes of thoughts that need to be considered:
Revelation, of course, is off the board when it comes to scientific discussion.
Wait. I want to refine this last list:
Internal thought processes includes the following:
Socially imposed thought processes include
By "other beneficial" I mean various forms of revelations from good sources -- words of warning and encouragement from angels, some of whom are mortal and some of whom are not. Also, scripture, and the more direct revelation from what the Christians call the Holy Spirit.
Mortal angels would include friends and family in their positive moments, some church members who influence us for good, influential teachers, and so forth. They may not be official messengers from God, but they do bring us good and helpful things to think about, and the confirmative feelings by which we generally recognize that there is something worth listening to, checking, pursuing.
I'm not going to talk about immortal angels because God will do what He will do, and there really is not much use talking about that. For the same reasons these sorts of things are not subject to scientific inquiry, they are not generally of much use except to those who receive them.
But I will say this, they are more common than we generally recognize. We have a certain blindness.
The Holy Spirit is, among other things, the primary source of our conscience. I won't say much about this either, except that if you believe there is anything true and good, it is by the power of the Holy Spirit that you believe it. I'm not saying you are a closet Christian, I'm saying that the Holy Spirit is so universal, so ubiquitous. And we often can't see the forest for the trees.
If we believe in love and truth and good, the influence that gives us the confidence to believe is what I call the Holy Spirit. If we find ourselves questioning the errors and excesses of certain religionists, partisans, politicalists, charismats, it may be the same Holy Spirit telling us that they've gone too far.
Anti-beneficial external influences? Well, yes, I did mean to talk about the adversary of our souls and those who follow him. Father of lies -- 99% truth so as to pervert it all and undo it all with that 1% lie.
But refraining from talking about the devil is a good idea, anyway. Much more beneficial to talk about good things and good influences and our relationships to them.
Freud talked about the unconscious and the pre-conscious.
The unconscious is the suppressed elements of the mental processes, and the preconscious is the parts which are not yet either expressed or suppressed.
And he argues that the "subconscious" is too ambiguous a term to be meaningful.
I'll give him one on that last, but I wanted him to admit that "unconscious", "preconscious" and "conscious" are also rather ambiguous classifications, not forming a true partition.
What we suppress changes from moment to moment. So does what slides in-and-out of focus.
If I wanted to make the divisions he makes, I would do it this way:
- deliberate thought processes
- non-deliberate thought processes
I would make another set of classifications, cutting across the first set, dividing by the topics they cover:
- topics of focus
- topics out of focus
- suppressed topics
- forgotten topics
But the third is not just a subset of the first two. Whether we have deliberately suppressed a topic or not, the question of focus cannot be answered reliably. This may be somewhat the class Freud was intending by pre-conscious.
Forgotten topics are not just out-of-focus. They are in cold storage.
In a computer system, the first class of topics would somewhat correspond to data in cache. (Except there are hard limits to computer cache, not so much to our minds' cache.) The second class of topics would be data in high-speed store (RAM, in current systems). The fourth would be data stored on disk (or tape, etc.) in persistent store, indexed and addressable, but it takes a while to get at it.
The third would be discarded data, results that seemed, at the time, to unnecessary or even counter to the goal of solution. If a computer system is capable of bringing the discarded data back, it is data that must be regenerated, recalculated, re-indexed, etc.
This is one of the remaining differences between human cognition and mechanical reasoning -- Humans generally can, if they have enough motivation, bring suppressed topics into memory and into focus. Computer systems generally (still) require human intervention to do so.
There are at least four more classes of thoughts that need to be considered:
- instinct
- social consciousness
- divine revelation
- false revelation
Revelation, of course, is off the board when it comes to scientific discussion.
Wait. I want to refine this last list:
- internal thought processes
- socially imposed thought processes
- other beneficial thought processes
- other anti-beneficial externally thought processes
Internal thought processes includes the following:
- instinct from patterns in our genetic material,
- para-instinctual patterns from our existence in the pre-birth spiritual realm,
- habitual and other patterns from our mortal lives to the present,
- and our own active thoughts, the ones we are most responsible for.
Socially imposed thought processes include
- trained patterns -- most of what we refer to as "common sense",
- lessons of social propriety -- obligation and duty, etc.,
- reactive thought processes -- analytic, semi-analytic, confirmative, etc.,
- rebellion processes,
- etc.
By "other beneficial" I mean various forms of revelations from good sources -- words of warning and encouragement from angels, some of whom are mortal and some of whom are not. Also, scripture, and the more direct revelation from what the Christians call the Holy Spirit.
Mortal angels would include friends and family in their positive moments, some church members who influence us for good, influential teachers, and so forth. They may not be official messengers from God, but they do bring us good and helpful things to think about, and the confirmative feelings by which we generally recognize that there is something worth listening to, checking, pursuing.
I'm not going to talk about immortal angels because God will do what He will do, and there really is not much use talking about that. For the same reasons these sorts of things are not subject to scientific inquiry, they are not generally of much use except to those who receive them.
But I will say this, they are more common than we generally recognize. We have a certain blindness.
The Holy Spirit is, among other things, the primary source of our conscience. I won't say much about this either, except that if you believe there is anything true and good, it is by the power of the Holy Spirit that you believe it. I'm not saying you are a closet Christian, I'm saying that the Holy Spirit is so universal, so ubiquitous. And we often can't see the forest for the trees.
If we believe in love and truth and good, the influence that gives us the confidence to believe is what I call the Holy Spirit. If we find ourselves questioning the errors and excesses of certain religionists, partisans, politicalists, charismats, it may be the same Holy Spirit telling us that they've gone too far.
Anti-beneficial external influences? Well, yes, I did mean to talk about the adversary of our souls and those who follow him. Father of lies -- 99% truth so as to pervert it all and undo it all with that 1% lie.
But refraining from talking about the devil is a good idea, anyway. Much more beneficial to talk about good things and good influences and our relationships to them.
Saturday, August 3, 2013
powerful programming languages -- php5 and suhosin
PHP5 is pretty powerful. 
Powerful languages have a problem. They allow things to happen that the language designer hasn't even imagined. Some of those things sometimes allow mean-spirited sorts of people to attack servers, steal credit card numbers, and make general malicious mischief.
So PHP version 5.3 needed a band-aid, to help the naive web programmer avoid blowing him/herself away with good intentions poorly implemented. The band-aid was called "suhosin".
Unfortunately, the three German engineers who developed suhosin seem to have gotten busy doing other things, according to this post at Arch Linux. And the current suhosin doesn't match the current version of php5. [update: If you fail to follow all of the links Pierre provides, at least look at this mailing list post from one of suhosin's developers.]
I had been thinking about brushing up my php skills, so I had installed php. With the upgrade to 5.4 in Debian wheezy, suhosin doesn't load. Instead, it fills my error log files with complaints of incompatibility.
So I checked, and nothing else gets removed when I remove php5. So I removed it.
When I really need it again, I'll install it again. Maybe by that time the guys who run php will have folded all of the functionality of suhosin into the language itself.
But this is not a solution, it's a knee-jerk reaction. More first-aid fixes that don't really do the full job.
This highlights one of the problems in software architecture: The power of a powerful language is in its expressiveness. To the more expressive a language is, the fewer limits there are to the things which can be expressed in it. But security in current practice requires setting limits. We need to give the programmer power, but we need to take power away from the end user.
There is an inherent conflict here. I mean, sure, we could go the direction taken with Java, using execution policies to tune the expressiveness available in the end-user's context, but that has its own set of traps --
The answer of the US Constitution was "Use checks and balances and keep it simple." Both of these principles have been long ago set aside as legislators and special interest groups press for responsive government.
Is there something wrong here?
Can we as general members of society learn enough about systems to pare back the legal kruft that is currently overburdening (and overly burdening) society (and is a primary cause of budget problems, not to mention the bureaucratic abuses that show every sign of continuing to increase)?
Can these principles be applied to computer systems? If they can, how?
I think they can, but I'm not sure anyone reading this would understand. (I'm not intending to insult. No one has time to study every necessary subject, and this particular subject has been advertised by certain special interest groups as unnecessary.)
And it seems no surprise to me that the current trends in systems design seem to be going towards increasing complexity in the provided systems, which parallels the political atmosphere, and is exactly not the solution. Precisely what we should not be doing.
We put power in the end users' hands (quite literally with the new crop of portable information devices that match the supercomputers of a few years ago). We spend a lot of money, time, and effort putting power in the end users' hands. Then we spend a lot of money, time, and effort trying to limit that power to some definition of "right" uses. We are
We can't understand everything the end user wants to do, and we can't predict what would be "safe" or "dangerous" beyond making crude and overly broad walls. (We, as an industry, try to make straitjackets, really, but we fortunately tend to fail to get the user into the straitjackets -- Fortunately, indeed, since success would make us unable to even consider band-aids like suhosin.)
And we (the primary movers of the industry) don't want to believe that end users could really want to use our systems, any more than we want to believe that the end user could understand new and appropriate ways to use our systems.
We don't want to believe that the end users might be smarter than the system designers about what the end user wants to do with the systems.
And yet, it is the only the smart end user that can safely use the system.
Uhm, no, I don't have a happy solution to the problems yet, at least no quick, straightforward patches. The only real solution I can see is not going to be quick, not going to contribute immediately to anyone's bottom line of monetary profit, not going to be considered acceptable to any of the current crop of investors, managers, and accountants.
Powerful languages have a problem. They allow things to happen that the language designer hasn't even imagined. Some of those things sometimes allow mean-spirited sorts of people to attack servers, steal credit card numbers, and make general malicious mischief.
So PHP version 5.3 needed a band-aid, to help the naive web programmer avoid blowing him/herself away with good intentions poorly implemented. The band-aid was called "suhosin".
Unfortunately, the three German engineers who developed suhosin seem to have gotten busy doing other things, according to this post at Arch Linux. And the current suhosin doesn't match the current version of php5. [update: If you fail to follow all of the links Pierre provides, at least look at this mailing list post from one of suhosin's developers.]
I had been thinking about brushing up my php skills, so I had installed php. With the upgrade to 5.4 in Debian wheezy, suhosin doesn't load. Instead, it fills my error log files with complaints of incompatibility.
So I checked, and nothing else gets removed when I remove php5. So I removed it.
When I really need it again, I'll install it again. Maybe by that time the guys who run php will have folded all of the functionality of suhosin into the language itself.
But this is not a solution, it's a knee-jerk reaction. More first-aid fixes that don't really do the full job.
This highlights one of the problems in software architecture: The power of a powerful language is in its expressiveness. To the more expressive a language is, the fewer limits there are to the things which can be expressed in it. But security in current practice requires setting limits. We need to give the programmer power, but we need to take power away from the end user.
There is an inherent conflict here. I mean, sure, we could go the direction taken with Java, using execution policies to tune the expressiveness available in the end-user's context, but that has its own set of traps --
- Will some of the programmers remember to set up the policies?
- Do the programmers understand how the policies are used to secure the system?
- Does the policy end up preventing the end user from doing important things?
- Do legislators understand the interaction with law and regulation and the potentials for abusing the laws and regulations?
- How does the government protect the people's security without inducing more chances for treacherous abuse?
- And how can a government make the people secure without excessively limiting their freedoms?
The answer of the US Constitution was "Use checks and balances and keep it simple." Both of these principles have been long ago set aside as legislators and special interest groups press for responsive government.
Is there something wrong here?
Can we as general members of society learn enough about systems to pare back the legal kruft that is currently overburdening (and overly burdening) society (and is a primary cause of budget problems, not to mention the bureaucratic abuses that show every sign of continuing to increase)?
Can these principles be applied to computer systems? If they can, how?
I think they can, but I'm not sure anyone reading this would understand. (I'm not intending to insult. No one has time to study every necessary subject, and this particular subject has been advertised by certain special interest groups as unnecessary.)
And it seems no surprise to me that the current trends in systems design seem to be going towards increasing complexity in the provided systems, which parallels the political atmosphere, and is exactly not the solution. Precisely what we should not be doing.
We put power in the end users' hands (quite literally with the new crop of portable information devices that match the supercomputers of a few years ago). We spend a lot of money, time, and effort putting power in the end users' hands. Then we spend a lot of money, time, and effort trying to limit that power to some definition of "right" uses. We are
- Not trying to teach the end user how to use the power wisely.
- Not trying to show the end user how to get around the traps.
- Not trying to give the end user more power to do right things.
- Not really trying to give the user solutions, just things that we can sell as if they were solutions
We can't understand everything the end user wants to do, and we can't predict what would be "safe" or "dangerous" beyond making crude and overly broad walls. (We, as an industry, try to make straitjackets, really, but we fortunately tend to fail to get the user into the straitjackets -- Fortunately, indeed, since success would make us unable to even consider band-aids like suhosin.)
And we (the primary movers of the industry) don't want to believe that end users could really want to use our systems, any more than we want to believe that the end user could understand new and appropriate ways to use our systems.
We don't want to believe that the end users might be smarter than the system designers about what the end user wants to do with the systems.
And yet, it is the only the smart end user that can safely use the system.
Uhm, no, I don't have a happy solution to the problems yet, at least no quick, straightforward patches. The only real solution I can see is not going to be quick, not going to contribute immediately to anyone's bottom line of monetary profit, not going to be considered acceptable to any of the current crop of investors, managers, and accountants.
Subscribe to:
Comments (Atom)
 
 
 
 Posts
Posts
 
