Thursday, November 26, 2020

identity is not property - so how can you "steal" it?

 another poor metaphor (as with security theater, which isn't even poor stand-up), identity theft.

as with music piracy (aka p2p file sharing), you copy, you don't  take. but in this case, the metaphor of theft is even less apt, as identity has some deep roots (e.g. biometric attributes) and some more shallow (notarised documents like birth cerrtificates, passports) and some social contextual attributes (people vouch for you)

mistaken idenity (the mcguffin of many a fine play, film, book, but perhaps not song) is apt

but identity theft just isn't.

Thursday, November 19, 2020

Computational Thinking Considered Harmful.

 I was a big fan of Jeanette Wing's initiative on computational thinking - it came at a time when we were developing the computing at schools initiative and the Raspberry Pi and so on, and fitted in well with our optimism about how anyone could pretty much get to grips with the core ideas of reasoning in the style computer science has developed (not just logic/algorithmic, but also systems and many other sub-disciplines).

I'm now worried that what has happened is to enable people with the capacity to adopt the technology, much as with  nuclear and biological weapons (or going back further, gunpowder, TNT, or even just any projectile weapon, crossbow, longbow, slingshot etc) and now we have asymmetric warfare, but it is really asymmetric warfare by the few against society. Now we have people hacking on democracy, on trust in science, on social cohesion. 

I'm not talking about the PRC or the Kremlin.  I am talking about the unpleasant, sociopathic power-hungry in our midst. People that were put in their box by long fights to improve everyone's lot over since the enlightenment or even since the renaissance  (or whatever equivalent there was in your non European part of  the world).

People who have adopted the ways of thinking about problems in manners that let them scale-out,, rapidly. Crucially, for  which  we  as yet  have no effective defence (computationally thought out  or otherwise).

I think we need a Pugwash or Asilomar, or even a Butlerian Jihad against computational thinking without appropriate checks and balances.

Now this  is a very tricky proposition as it is quite different  from proposing ethical controls of dangerous technologies. It is about modes of thought. This hasn't been something people outside of ancient Mesopotamia or modern totalitarian states a la 1984  have considered. How to modulate computational  thinking so that it is inherently a moral  framework would be, for me, the thing we need urgently to do. 

Sunday, November 15, 2020

when people say Security Theater, just what do they think they mean?

Security Theater is a  terrible metaphor.

In theater, you suspend disbelief, sure, but that's so you believe  the characters are real, and  that the  characters are subject to true motives and actions are  in reaction too circumstances in  the universe of the play.

So when Macbeth falls for his personal initerpretation of the 3 witches predictions, this is true. and when Burnham Wood is come to Dunsinane, the attack/deception works.

Even the  twist at the end of a whodunnit like the venerable Mousetrap, or the   clever Sleuth (or indeed Whodunnit) catch you by surprise. 

If security  operatives employed techniques like this, they  would essentially be carrying out a mix of

a) real security

b) social engineering on the adversary.

No,  what people really mean is like the well-meaning uncle who says he'll entertain a room full of 9 year  old kids full of sugary drinks with a very  bad conjuring show that  they immediately see through. Not tragic or comic, not even really bathetic or pathetic. Just bad.

People go to the theater to be taken out of themselves. What people call security theater is stressful because it is transparently useless and incredibly boring at the same time. 

When you go parachute jumping or scuba diving and check your equipment, it is quite interesting. That's because theatrics only happen if you don't.

Friday, November 13, 2020


back in the day(*) the UCL internet gang (Indra) built a IP over the international X.25 packet switched system, that operated by tunneling IP packets over virtual circuits (VCs) that the various  telcos operated.

to indicate that the VC was carrying IP rather than (say) remote  terminal traffic from the quaintly named PAD (Packet Assembler&Disassembler), they used a fiield in the VC setup, that could carry Call User  Data (arbitrary stuff up to 128 bytes as far as I recall) and this could even have a copy of the IP address and other useful metadata...

so this is the grrandparent of SMS which uses call user data in the old GSM call setup packet to carry text messages.

so SMS begat Whatsapp and Twitter and who knows what more universes of discourse.

So these "features" are a great deal more powerful than mere options.but also less dangerous than fully programmable protocols (like, say, SIP).

They are like "lifting" in programming languages. And as such should be celebrated.

I'm going to call protocols with such an apparently lowly, but actually grand affordance, hyperextensible, as they allow shortcuts to entire new worlds.

* bob braden, peter kirstein et al, probably around 1980.

Blog Archive

About Me

My photo
misery me, there is a floccipaucinihilipilification (*) of chronsynclastic infundibuli in these parts and I must therefore refer you to frank zappa instead, and go home