- A remote Hawaiian island, East Island, was destroyed by Hurricane Walaka. East Island was 11 acres. It was also a key refuge for turtles and seals. Read more in The Guardian.
- Maersk has sent a ship, the Venta Maersk, through the Northern Passage. The journey and its significance were outlined by the Washington Post, with predictions of 23 days (versus 34 to sail via Suez). In reality, it took 37 days, according to the press release, “without incident.” The idea that there’s a sailable Northern Passage is astounding, even if a first sailing took longer than expected.
The ban on refugees is illegal, immoral and un-American, and as an American, I want to add my voice.
The ban is illegal. (“Trump’s Immigration Ban Is Illegal.”) I suspect that the United States also has legal obligations under treaties to accept refugees, but Google isn’t my lawyer, and I am no expert.
The ban is immoral. Those who have gone through our immigration process and gotten green cards are being restricted from returning to the US. Those people have followed the legal path to immigration and built lives here. We made a deal with them and we’re breaking it, suddenly and without warning. Those people might have jobs, school, or family to return to, and their lives are upended and uncertain. These are not illegal aliens, they are people who have gone through a complex, and sometimes kafka-esque immigration process.
I have worked with engineers from Syria. (I’m not going to name them in today’s climate.) They did good work, and were good people. They were dealing with the horror of hearing family back home was missing, and they did good work anyway.
The President is hurting America with this ban. By telling those here legally that their status can be upended at a whim, he makes a strong argument against coming here by following the rules as they exist on a given day. Some people will continue to come here in violation of the law; others will go elsewhere, and another country will get both the risk and the reward from that set of refugees.
It’s worth noting that the protests and court orders yesterday, while welcome, “Despite growing dissent, Trump gives no sign of backing down from travel ban.” I guess we need to keep calling this what it is: un-American.
Pictured is John von Neumann, refugee, and inventor of the von Neumann architecture that’s at the heart of the computer on which you’re reading this, and Sergey Brin, co-founder of Google, on his way to protest in San Francisco.
[Update: The hawks at Lawfare blog have an analysis, Malevolence Tempered by Incompetence:.]
This election has been hard to take on all sorts of levels, and I’m not going to write about the crap. Everything to be said has been said, along which much that never should have been said, and much that should disqualify those who said it from running for President. I thought about endorsing Jill Stein, the way we endorsed McCain-Palin in 2008, but even the Onion is having trouble being funny.
One thing which makes the American election system less functional is the electoral college system, which means that essentially a small number of states decide the election.
There is an effort underway to change that to a national popular vote, and there’s a group working towards that by getting states to agree amongst themselves to allocate their electoral college votes towards the winner of the national popular vote, once enough states have made that commitment to control the results of the elections. Its a pretty neat approach to patching the Constitution, and you can learn more at National Popular Vote.
Also in the spirit of nice things to see today, WROC in Rochester is streaming from the resting place of Susan B Anthony, whose tombstone has been covered with “I voted” stickers, and as I watch, people are reading the Seneca Falls Declaration.
Since 2005, this blog has had a holiday tradition of posting “The unanimous Declaration of the thirteen united States of America.” Never in our wildest, most chaotic dreams, did we imagine that the British would one day quote these opening words:
When in the Course of human events, it becomes necessary for one people to dissolve the political bands which have connected them with another, and to assume among the powers of the earth, the separate and equal station to which the Laws of Nature and of Nature’s God entitle them, a decent respect to the opinions of mankind requires that they should declare the causes which impel them to the separation. [Ed: That article is jargon-laden, and interesting if you can wade past it.]
So, while it may be chaotic in the most negative of senses, there’d be some succor should we see a succinct success as England secedes from the United Kingdom. Of course, London, West-Virginia-style, secedes from said secession. Obviously, after this, the United Kingdom of Scotland, Northern Ireland and London should remain a part of the EU, dramatically simplifying the negotiation.
Or, perhaps, in light of the many British who were apparently confused about the idea that Leave meant Leave, or the 2% margin of the vote, it would be reasonable and democratic to hold another election to consider what should happen. A problem with democracy is often that a majority, however slim, votes in a way that impacts the rights of a minority, and, whilst we’re waxing philosophic, we would worry were the rights of that minority so dramatically impacted as the result of a non-binding vote. Perhaps a better structure to reduce chaos in the future is two votes, each tied to some super-majority. A first to negotiate, and a second to approve the result.
It doesn’t seem like so revolutionary an idea.
It didn’t take long for the Seahawk’s game-losing pass to get a label.
But as Ed Felten explains, there’s actually some logic to it, and one of his commenters (Chris) points out that Marshawn Lynch scored in only one of his 5 runs from the one yard line this season. So, perhaps in a game in which the Patriots had no interceptions, it was worth the extra play before the clock ran out.
We can all see the outcome, and we judge, post-facto, the decision on that.
In security, we almost never see an outcome so closely tied to a decision. As Jay Jacobs has pointed out, we live in a wicked environment. Unfortunately, we’re quick to snap to judgement when we see a bad outcome. That makes learning harder. Also, we don’t usually get a chance to see the logic behind a play and assess it.
If only we had a way to shorten those feedback loops, then maybe we could assess what the worst play call in infosec might be.
And in fact, despite my use of snarky linkage, I don’t think we know enough to judge Sony or ChoicePoint. The decisions made by Spaltro at Sony are not unusual. We hear them all the time in security. The outcome at Sony is highly visible, but is it the norm, or is it an outlier? I don’t think we know enough to know the answer.
Hindsight is 20/20 in football. It’s easy to focus in on a single decision. But the lesson from Moneyball, and the lesson from Pete Carroll is Really, with no second thoughts or hesitation in that at all.” He has a system, and it got the Seahawks to the very final seconds of the game. And then.
One day, we’ll be able to tell management “our systems worked, and we hit really bad luck.”
[Please keep comments civil, like you always do here.]
I started this post on December 14th, and couldn’t finish it. I’m going to leave the opening as I wrote it then: By now, everyone has heard of the tragic school shooting in Connecticut. My heart goes out to everyone touched by the events. But this isn’t the first school shooting on a December 14th. I went to a tiny school, Simon’s Rock, and on December 14, 1992, Wayne Lo murdered my friend Galen Gibson and Professor Ñacuñán Sáez. He also shot my friend Tom McElderry. I can still remember the phone call from my friend Chi, telling me that Tommy had been shot and was in the hospital. I remember being up all night, spreading what little information we had by phone, and wondering what the hell was going on. I remember that weeks later, I’d get emails from co-workers whose local papers in places like Japan finally carried the story. For years after, I took December 14th as a day off, because it was hard to handle life with that weighing on you.
It’s a sad reality that we now have enough school shootings that one of them was going to fall on an anniversary of another. (Statisticians call this the birthday problem.) It’s also a sad reality that we have enough of them that schools, police and emergency responders have plans for them.
What a fucking world.
Some people like to say things like “time heals all wounds,” but you know? Greg Gibson isn’t going to get his son back. Ñacuñán’s family isn’t going to get him back. And twenty or more families in Sandy Hook will never again be the same. I’m having trouble editing this more than a month later because of how the memories flood back.
All that to say that I have some understanding of these events, and I think I can talk about them differently than a random observer.
A lot of people are using this tragedy to say we need gun control. I understand where they’re coming from, and I disagree. We’ve had a lifetime of marijuana control, and it didn’t work. We suffered under crypto controls, and they didn’t work. Assholes who want a gun will likely to be able to get a gun whatever regime we put in place. There’s some truth to the claim that if guns are outlawed, only outlaws will have guns. Maybe we’d gain some ability to catch these nuts early, but maybe not. Those who say that easy availability of guns drives murder rates must do better than simply cherry picking data. What makes the US worse than Switzerland or Israel?
Yesterday, the President outlined a set of proposals including expanded background checks, and signed executive actions including one to “encourage federal agencies and state governments to share more information.” And now I find it hard to speak, and hard to remain silent.
Infringing privacy would not have stopped the events at Sandy Hook, and I worry that reducing privacy around mental health care is going to deter people who need health care from getting it. That may mean that more people will end up hurt or dead. I’m confident that no one wants that, and we need to rationally consider the tradeoff.
I also see a lot of people who are worried about gun control being so strident that they’re undercutting their own case. I agree that gun control is a poor response, and I think the NRA are coming off like a bunch of idiots. I’m trying not to be strident, just add a voice to say that even from a position of grief, it’s possible to see that what’s proposed probably will not meet the goals.
I don’t know what we should do. I do think that taking the entire TSA budget and moving it to mental health care would be a fine start.
Another fine way to proceed would be to threat model and try to judge the efficacy of the mitigation techniques. (For those who don’t know me, I spent a few years designing threat modeling tools and techniques which you can read about here.) Perhaps that starts from data on how people who use guns to hurt themselves or others get them. There’s an easy trope of “buys a gun and shoots someone.” Is that because it’s common, or because the stories are highly “available” and spring to mind? I don’t know, and in that vein, more studies of gun ownership and gun violence are probably going to help. Whatever approach to threat modeling we take should also include the hundreds of millions of guns owned by hundreds of millions of people and not misused.
We can and should do better than bringing back ideas that didn’t pass muster in calmer times. We should be cautious about trading a little liberty for a little safety. And whatever we do, we should do so respectful of the victims.
Comments are closed.
Oh, what the heck, it hasn’t been chaotic enough around here. So, I’ll give you a topic: Paul Ryan. Commentary from The Economist starts:
IN THE polarised world of American politics, achieving bipartisan agreement on any topic is a rare feat nowadays. So perhaps it’s worth celebrating the fact that, had it been put to a vote, the pick of Paul Ryan as Mitt Romney’s running-mate likely would’ve gained support from both parties.
Please, continue. Was it a hail mary move? Will Ryan energize the Republican base enough to get out more votes? Will he drive votes to the Democrats?
What do you think?
Oh, and bonus points if you can tie in internet security.
I wrote a blog post regarding the BSidesSF/RSA conf dust-up.
(If I knew how to work Adam’s twitter integration thingy, you’d have been spared this)
(From The Oatmeal.)
It’s widely understood that Seattle needs a better way to measure snowfall. However, what’s lacking is a solid proposal for how to measure snowfall around here. And so I have a proposal.
We should create a new unit of measurement: The Nickels. Named after Greg Nickels, who lost the mayorship of Seattle because he couldn’t manage the snow.
Now, there’s a couple of ways we could define the Nickels. It could be:
- The amount of snow needed to cost a Mayor 10 points of approval rating
- The amount of snow needed to cause a bus to slide down Olive way and teeter over the highway
- 2 millimeters
- Enough snow to reduce the coefficient of city road friction by 1%.
I’m not sure any of these are really right, so please suggest other ways we could define a Nickels in the comments.
There’s been much talk of predictions lately, for some reason. Since I don’t sell anything, I almost never make them, but I did offer two predictions early in 2010, during the germination phase of a project a colleague was working on. Since these sort of meet Adam’s criteria by having both numbers and dates, I figured I’d share.
With minor formatting changes, the following is from my email of April, 2010.
Regulation E style accountholder liability limitation will be extended to commercial accountholders with assets below some reasonably large value by 12/31/2010. Why: ACH and wire fraud are an increasingly large, and increasingly public, problem. Financial institutions will accept regulation in order to preserve confidence in on-line channel.
An episode of "state-sponsored SSL certificate fraud/forgery" will make the public press. Why: There is insufficient audit of the root certs that browser vendors innately trust, making it sufficiently easy for a motivated attacker to "build insecurity in" by getting his untrustworthy root cert trusted by default. The recent Mozilla kerfuffle over CNNIC is an harbinger of this. Similarly, Chris Soghoian's recent work will increase awareness of this issue enough to result in a governmental actor who has done it being exposed.
But only because for this one I forgot to put in a date (I meant to also say “by 12/31/2010”, which makes this one
I was motivated to make this post because I once again came across Soghoian’s paper just the other day (I think he cited it in a blog post I was reading). He really nailed it. I predict he’ll do so again in 2012.
When the LAPD finally began arresting those of us interlocked around the symbolic tent, we were all ordered by the LAPD to unlink from each other (in order to facilitate the arrests). Each seated, nonviolent protester beside me who refused to cooperate by unlinking his arms had the following done to him: an LAPD officer would forcibly extend the protestor’s legs, grab his left foot, twist it all the way around and then stomp his boot on the insole, pinning the protestor’s left foot to the pavement, twisted backwards. Then the LAPD officer would grab the protestor’s right foot and twist it all the way the other direction until the non-violent protestor, in incredible agony, would shriek in pain and unlink from his neighbor.
It was horrible to watch, and apparently designed to terrorize the rest of us. At least I was sufficiently terrorized. I unlinked my arms voluntarily and informed the LAPD officers that I would go peacefully and cooperatively. I stood as instructed, and then I had my arms wrenched behind my back, and an officer hyperextended my wrists into my inner arms. It was super violent, it hurt really really bad, and he was doing it on purpose. When I involuntarily recoiled from the pain, the LAPD officer threw me face-first to the pavement. He had my hands behind my back, so I landed right on my face. The officer dropped with his knee on my back and ground my face into the pavement. It really, really hurt and my face started bleeding and I was very scared. I begged for mercy and I promised that I was honestly not resisting and would not resist.
Let me start with an extended quote from “Why I Feel Bad for the Pepper-Spraying Policeman, Lt. John Pike“:
They are described in one July 2011 paper by sociologist Patrick Gillham called, “Securitizing America.” During the 1960s, police used what was called “escalated force” to stop protesters.
“Police sought to maintain law and order often trampling on protesters’ First Amendment rights, and frequently resorted to mass and unprovoked arrests and the overwhelming and indiscriminate use of force,” Gillham writes and TV footage from the time attests. This was the water cannon stage of police response to protest.
But by the 1970s, that version of crowd control had given rise to all sorts of problems and various departments went in “search for an alternative approach.” What they landed on was a paradigm called “negotiated management.” Police forces, by and large, cooperated with protesters who were willing to give major concessions on when and where they’d march or demonstrate. “Police used as little force as necessary to protect people and property and used arrests only symbolically at the request of activists or as a last resort and only against those breaking the law,” Gillham writes.
That relatively cozy relationship between police and protesters was an uneasy compromise that was often tested by small groups of “transgressive” protesters who refused to cooperate with authorities. They often used decentralized leadership structures that were difficult to infiltrate, co-opt, or even talk with. Still, they seemed like small potatoes.
Then came the massive and much-disputed 1999 WTO protests. Negotiated management was seen to have totally failed and it cost the police chief his job and helped knock the mayor from office. “It can be reasonably argued that these protests, and the experiences of the Seattle Police Department in trying to manage them, have had a more profound effect on modern policing than any other single event prior to 9/11,” former Chicago police officer and Western Illinois professor Todd Lough argued.
Former Seattle police chief Norm Stamper gives his perspective in “Paramilitary Policing From Seattle to Occupy Wall Street“:
“We have to clear the intersection,” said the field commander. “We have to clear the intersection,” the operations commander agreed, from his bunker in the Public Safety Building. Standing alone on the edge of the crowd, I, the chief of police, said to myself, “We have to clear the intersection.”
Because of all the what-ifs. What if a fire breaks out in the Sheraton across the street? What if a woman goes into labor on the seventeenth floor of the hotel? What if a heart patient goes into cardiac arrest in the high-rise on the corner? What if there’s a stabbing, a shooting, a serious-injury traffic accident? How would an aid car, fire engine or police cruiser get through that sea of people? The cop in me supported the decision to clear the intersection. But the chief in me should have vetoed it. And he certainly should have forbidden the indiscriminate use of tear gas to accomplish it, no matter how many warnings we barked through the bullhorn.
My support for a militaristic solution caused all hell to break loose. Rocks, bottles and newspaper racks went flying. Windows were smashed, stores were looted, fires lighted; and more gas filled the streets, with some cops clearly overreacting, escalating and prolonging the conflict. The “Battle in Seattle,” as the WTO protests and their aftermath came to be known, was a huge setback—for the protesters, my cops, the community.
But we have a real problem here. It’s not the pepper spray that makes me want to cry, it’s how mutually-reinforcing up a set of interlocking systems have become. It’s the police thinking they can arrest peaceful people for protesting, or for taking video of them It’s a court system that’s turned “deference” into a spineless art, even when it’s Supreme Court justices getting shoved aside in their role as legal observers. It’s a political system where we can’t even agree to ban the TSA, or work out a non-arbitrary deal on cutting spending. It’s a set of corporatist best practices that allow the system to keep on churning along despite widespread revulsion.
So what do we do about it? Civil comments welcome. Venting welcome. Just keep it civil with respect to other commenters.
Image: Pike Floyd, by Kosso K
I headed down to Occupy Seattle before a recent vacation, and have been mulling a bit on what I saw, because the lack of a coherent message or leadership or press make it easy to project our own opinions or simply mis-understand what the “Occupy” protests mean, and I wanted to avoid making that mistake. I think I saw two big themes there: an anti-war theme, and a combination of anti-capitalism and anti-corporatism. I think the second is more interesting, because it’s a combination of views, some of which I support, and others I think are somewhat foolish.
I think capitalism is a good thing. I’ve taken a salary from (venture) capitalists who were able to pay me because they captured “surplus value” from startups, and ploughed some of that profit back into more startups. I use the Marixst term of “surplus value” because I understand the Marxist critique, have lived it, and still think it’s a better system than all those others that have been tried from time to time. (I also think that Marx’s critique of capitalism is excellent, and even more so in light of the poorness of his suggested fixes.) The accumulation of capital in private hands greatly expands the range of entrepreneurship, allowing new products and services to emerge. And for those new products to succeed, they need to serve needs better than what preceded them. So we all benefit to a degree from the capital that accumulates in the hands of investors (even with the costs of creative destruction and externalities.)
At the same time, I think that there’s an emergent system of what we might call corporatism that I think is incompatible with a free society, and is in fact incompatible with free markets. By a free market, I mean one in which people contract with each other and with companies, and the court system enforces fair and predictable limits on those contracts. Fair limits might include that the parties came to a genuine meeting of the minds before exchanging value, that contracts are severable (so no indentured servitude or slavery), that interpretation favors the party that received the contract (rather than the drafter), and that neither party engaged in deceit in advertising their services.
Corporatism, at its heart, involves twisting the free market via government intervention in a number of ways:
- Lobbying for rules that allow the company to exclude competition. See, for example, AT&T’s gradual re-monopolization of the phone system.
- Manipulations of the contract system in ways which prevent fair redress. These include mandatory binding arbitration, prohibition of class action suits, clauses that allow the contract to remain in force even if the drafter puts in many clauses which shock the conscience of a court.
- Un-knowable systems (in particular, the American credit system) in which companies work together to ensure that you do what they demand, even if it’s wrong, because if you don’t, they will destroy your ability to contract with anyone else on fair terms.
- Convincing the government to take all the downside risk and none of the upside of the banking crisis, and then failing to prosecute those who enriched themselves via a game they knew full well was rigged.
Corporatism comes from the discovery that rules and meta-rules (the rules that are used to set the rules) are manipulatable. Of course, this is nothing new:
“People of the same trade seldom meet together, even for merriment and diversion, but the conversation ends in a conspiracy against the public, or in some contrivance to raise prices. It is impossible indeed to prevent such meetings, by any law which either could be executed, or would be consistent with liberty and justice.” (Smith, “The Wealth of Nations.”
There were a good number of frankly anti-capitalist signs and groups at Occupy Seattle. It’s a free country, they’re entitled to their opinion, and I can disagree.
But they were not the only signs. I saw lots of signs which seemed to take aim at the unaccountable: the bankers, the corporations (“I won’t believe that corporations are people until Texas executes one”). And I think that responses to currently unaccountable corporatism is going to be one of the key outcomes of the Occupy Movement.
The servers that host my personal email have been taken offline by a surprise attack by the evil forces of snow and ice, and my email is likely to start bouncing soon.
If you need to reach me, you can use nameofthisblog @ google, or first.last @ microsoft. You can also ask me to follow you on Twitter (@adamshostack) and we can talk in very short fragments.
I apologize for the inconvenience.
Reportedly, Seattle police have begun issuing tickets to drivers who honk their horns after 10 PM in support of the Occupy protest there.
To the extent that the police are only doing this to those expressing a specific point of view, there seems to be a legitimate issue. I am certain that the police would say they’d enforce the law equally, but it’s just that all the honking is for Occupy support.
If I were a Seattle prankster, I’d have a “Honk if you support law enforcement” sign made, and test that claim in whatever passes for a conservative ‘hood out there.