Emergent Chaos: Romney/Ryan for America!

We here at Emergent Chaos have long been frustrated with the Obama Administration. Their failure to close Guantanamo, their failure to prosecute war crimes including torture, their choice to murder American citizens (never mind without due process), their invocation of the state secrets privilege, their persecution of whistleblowers, their TSA running rampant, the list of disappointments runs long.

But we’ve been waiting to see real evidence of a decisive and predictable leadership style from Mitt. We’ve been waiting for a real and demonstrated commitment to civil liberties. Now, with the combination of Paul Ryan and Clint Eastwood, we think he’s over the top.

We know that a vote for Romney/Ryan may leave many folks wondering what they’re voting for. Are they voting for mandatory health care for all that Romney passed in Massachusetts, leading the state to legalize gay marriage or are they voting for the Romney who rails against his plan being taken national with Obamacare? Or are they voting to put Ryan and his voucher-ization of Medicaid one heartbeat away from the Presidency? It’s rare that we see this kind of chaos emerge at the top of a ticket.

Chaos like that is close to our hearts, and four years ago, that was enough to win us over.

But stakes are higher today, and we’ve seen a scary degree of staying on the latest message from Mitt and his advisors. So we needed a high-stakes decision, one taken at a moment of obvious gravity and impact, one taken at the very top, to really help us judge if the velvet glove has forged Willard Mitt Romney into the sort of man we want commanding the most powerful military ever seen on the planet.

Romney decided he wanted a surprise at the convention, and chose Clint Eastwood. Now, as a rock-ribbed, gun-totin’, pro-abortion, pro-gay-marriage, pro-ERA Republican, we think he’s the sort of libertarian Republican who should be making the attendees’ days. He’s the sort of Republican who should be addressing the convention, hearkening back to the big-tent party that Ronald Reagan led.

But, traditional thinking in politics has become that conventions are tightly managed. That’s why RNC Chairman Reince Priebus changed the rules on the convention floor to lock out Ron Paul’s delegates. He wanted to show that the GOP stands fast in its commitment to the rule of law and the importance of democracy, not running a convention where anyone who just happened to have committed delagates can show up and hope to win their party’s nomination.

That’s the sort of strategic thinking that led Romney’s most senior advisors to not ask Clint for a rehersal. And, apparently, their commitment to free speech led them to just toss him a list of talking points and not worry about it. (No, really, go read it, and consider what it means about decision making.) And that’s the sort of emergent chaos that we can’t help but nervously endorse.

So months from now, if you want chaos in the financial markets or chaos on the international stage like we saw chaos on the convention stage, the choice is clear. If Romney/Ryan can let chaos like that into their moment to shine, just think about the chaos that will happen when they’re blindsided. So if you want more leadership like that, if you want to live in interesting times, vote Romney/Ryan. We’re not sure what we’ll get, but we’re confident it will be exciting.

Seattle in the Snow

Seattle snow (From The Oatmeal.)

It’s widely understood that Seattle needs a better way to measure snowfall. However, what’s lacking is a solid proposal for how to measure snowfall around here. And so I have a proposal.

We should create a new unit of measurement: The Nickels. Named after Greg Nickels, who lost the mayorship of Seattle because he couldn’t manage the snow.

Now, there’s a couple of ways we could define the Nickels. It could be:

  • The amount of snow needed to cost a Mayor 10 points of approval rating
  • The amount of snow needed to cause a bus to slide down Olive way and teeter over the highway
  • 2 millimeters
  • Enough snow to reduce the coefficient of city road friction by 1%.

I’m not sure any of these are really right, so please suggest other ways we could define a Nickels in the comments.

Email chaos: How to reach Adam Shostack

The servers that host my personal email have been taken offline by a surprise attack by the evil forces of snow and ice, and my email is likely to start bouncing soon.

If you need to reach me, you can use nameofthisblog @ google, or first.last @ microsoft. You can also ask me to follow you on Twitter (@adamshostack) and we can talk in very short fragments.

I apologize for the inconvenience.

Egypt and Information Security

Yesterday, I said on Twitter that “If you work in information security, what’s happening in Egypt is a trove of metaphors and lessons for your work. Please pay attention.” My goal is not to say that what’s happening in Egypt is about information security, but rather to say that we can be both professional and engaged with the historic events going on there. Further, I think it’s important to be engaged.

A number of folks challenged me, for example, “Care to enumerate some of those lessons? The big ones I see are risks of centralized bandwidth control, lack of redundant connections.”

There’s a number of ways that information security professionals can engage with what’s happening.

A first is to use what’s happening to engage on security issues with their co-workers and management on issues like employee safety, disaster recovery and communications redundancy and security. This level of engagement is easy, it’s not political, but it uses a story in the news to open important discussions.

A second way is to use Egypt as a source of what-if scenarios to test those sorts of plans and issues. This gives strong work justification to tracking and understanding what’s happening in Egypt in detail.

A third way is to use Egypt as a way to open discussions of how our technologies can be used in ways which we don’t intend. Often times, security technologies overlap with the ability to impose control on communications. Sometimes, for example with Tor, they can be used to protect people. Other times, they can be used to cut off communications. These are difficult conversations, fraught with emotion and exposing our deep values. But they are difficult because they are important and meaningful. Oftentimes, we as technologists want to focus in on the technology, and leave the societal impact to others. I think Egypt offers us an opportunity to which we can rise, and a lens for us to engage with these questions in the technologies we build or operate.

There’s probably other ways as well, and I’d love to hear how others are engaging.

Mobile Money for Haiti: a contest

This is cool:

The Bill & Melinda Gates Foundation is using its financial clout to push the Haitian marketplace toward change by offering $10 million in prizes to the first companies to help Haitians send and receive money with their cell phones…

The fund will offer cash awards to companies that initiate mobile financial services in Haiti. The first company to launch a mobile money service that meets certain criteria in the next six months will receive $2.5 million. The second operator to launch and reach these benchmarks within 12 months will receive $1.5 million. Another $6 million will be awarded as the first 5 million transactions take place, divided accordingly between those operators that contributed to the total number of transactions.

For more details, see the press release.

St. Cajetan’s Revenge

For some time, I’ve watched the War on Bottled Water with amusement. I don’t disagree with figuring out how to reduce waste, and so on and so forth, but the railing against bottled water per se struck me as not thought out very well.

The major reason for my thinking is that I never heard any of the venomous railing against water extending to any other drinks that come in bottles. To my mind, it seemed that a Coke, hey, that’s okay, but if you start with one and take out the sugar, the caffeine, the artificial flavors, and CO2 you end up with water. Coke okay, water evil.

Me, sometimes all I want is a cool drink of water. More often, I want something a little more. I’m very fond of those fizzy waters with a bit of essential oils in them, as well as iced tea. But I don’t want the sugar. I want an artificial sweetener even less, and often when faced with decisions, water is what’s available. When I’m traveling nearly anywhere, I think I’d rather have it in a bottle, thanks.

The prejudice against water comes from thinking that it’s just water. Rarely is there such a thing as just water. The only just water there is is distilled (or in a pinch deionized) water, and that is itself special because it is unusual for something to be just water.

And now, I can’t help but think, “Uh huh” as I read, “Millions in U.S. Drink Dirty Water, Records Show.”

The summary is that more than 20% of US water treatment systems have violated key provisions of the Safe Drinking Water Act over the last five years. The violations include sewage bacteria, known poisons and carcinogens, parasites, and so on. Mid-level EPA investigators say that the government has been interested in other things and just not enforcing things, and they don’t think change will happen.

Security isn’t just going after terrorists, it’s basic thing. Like water.

Tifatul Sembiring Causes Disasters

Padung-earthquake.jpgThe BBC reports that “Indonesia minister says immorality causes disasters:”

A government minister has blamed Indonesia’s recent string of natural disasters on people’s immorality. Communication and Information Minister Tifatul Sembiring said that there were many television programmes that destroyed morals. Therefore, the minister said, natural disasters would continue to occur.

His comments came as he addressed a prayer meeting on Friday in Padang, Sumatra, which was hit by a powerful earthquake in late September. He also hit out at rising decadence – proven, he said, by the availability of Indonesia-made pornographic DVDs in local markets – and called for tougher laws.

Now, you might think I’m just being snarky, but the opportunities that are open to a communication and information minister include communicating about earthquake or tidal wave safety, or how to cope afterwards. If Sembring is sharing his bizzaro ideas that a lack of morals causes people’s homes to collapse, then he is clearly putting his energy into the wrong message. He should be encouraging people to learn first aid, to have a small disaster kit, etc.

But to the extent that he’s delivering morality over engineering, preparedness, and response, he’s turning natural events into worse disasters.

Earthquake photo part of the Padang earthquake set by dapiiiiit

Vista Didn’t Fail Because of Security

Bruce Schneier points in his blog to an article in The Telegraph in which Steve Ballmer blames the failure of Vista on security. Every security person around should clear their throat loudly. Security is not what made Vista unpalatable.

Many people liked Vista. My tech reporter friends not only adored it, but flat couldn’t understand why people didn’t adore it. I have a number of other friends who adored it. In assessing Vista, this is important to keep in mind. Despite its bad rep, many people liked it. So why did many people not like it?

First, there were the gamers. Before Vista came out, Microsoft did a lot of marketing Vista to gamers. There were kiosks at gaming conventions and other places touting Vista as a gaming platform.

Unfortunately, it wasn’t. Reliable tests at the time said that Vista ran games about 20% slower than XP. Compounding this was that among the drivers that were dodgy when it first came out were video drivers. Many gamers felt that they had been sold a pig in the poke, and there was merit to this claim. Hardcore gamers are people who will spend money on bleeding-edge kit, and it was precisely this bleeding-edge kit that didn’t work well at first. And whatever it was that made games run slower (even if it was security features), that’s not the point. Microsoft’s statements to the gamers was that their gaming experience would be better on Vista, and it was worse. Once the 4chan crowd starts making memes about suckage, you’re behind the eight-ball.

Second, there were the cheapies. Many machines were marked as Vista-capable that either weren’t, or could only run the basics of Vista and not the fancy new stuff. There is an aphorism that Intel giveth and Microsoft taketh away. The problem is that most of the PC makers will try to sell you the cheapest possible computer, and these cheapest possible computers just didn’t have enough oomph to do Aero and the cool features in Vista. Microsoft took more than Intel gave and the customers felt they’d been sold a pig the poke. There were even lawsuits over this, and it added to Vista’s bad rep.

Third, there were the people on laptops. For whatever reasons, when Vista first came out, it was slow on laptops. One of my co-workers bought a ThinkPad to run Vista on for testing alongside her existing XP laptop, and it was much slower than the XP laptop running side-by-side.

I will add another personal anecdote. My brother-in-law bought my sister a brand-new Vista laptop. It ran slower than his older XP laptop. It was so bad that he would turn the screen of his XP laptop away so that she wouldn’t see him running XP and mentally compare it to her new laptop.

On the other hand, to repeat, the people who had high-end machines but not bleeding-edge machines adored Vista. If you had lots of memory, a not-quite-bleeding-edge video card, and a fast processor, Vista was great from the getgo.

However, this was not the buying trend of most PC makers. Their trend was to push people to ever-cheaper machines. Sadly, at the time Vista came out as well, all but the most expensive laptops were dodgy for Vista in all its glory.

This is a matter of zigging when you should have zagged, for the most part. But there were two other trends that caught Microsoft by surprise.

The first trend was virtualization. Vista was virtualization-surly. One of its cool features that’s great if you’re on a high-end computer is that it did a lot of pre-caching and pre-loading. Most people with lots of memory on a computer just don’t use that memory, and Vista had ways to use it to make the experience snappier. If you’re on a VM, this is precisely what you don’t want. In an ironically saving grace, though, Vista had a virtualization-surly license, as well. Only the most expensive Vista package was licensed for VMs, which was just as well given that it was optimized for big tower computers in a way that it was pessimized for VMs.

The second trend was netbooks. Intel gave not in the form of faster CPUs, but lighter, smaller, cheaper, less power-hungry CPUs in the Atom. The Atom, however, didn’t have the oomph for Vista, and this meant it had to run XP, which further tarnished Vista’s rep.

All of this together — bad performance among gamers, bad performance on cheap computers and laptops, combined with the trends towards virtualization and netbooks were what gave Vista a bad rep. The people who bought a computer that was a high-end desktop but not a gaming machine loved Vista (and love it to this day). Unfortunately, this demographic is precisely the demographic that also tends to buy Macs. Vista’s problems were all from zigging when you should have zagged.

Some of Vista’s problems can be laid at the feet of “security” (which I intentionally put in scare quotes. UAC was rightly ridiculed for excessive dialogs, but is that a security failure or a UI failure? Yes, kernel improvements delayed getting drivers out (which is one of the things that made the gaming experience suboptimal) and some other bumps. But those were compounded by marketing that went opposite of reality. If the Vista marketing had said, “Hey, it’s going to be a bit slow, and there will be some rough edges. But you’ll really like how we’re sticking it to virus writers” then there may have been a different perception. It is also not fair to blame counter-factual marketing on security.

The bottom line is this. Vista was great for some people. It was bad for others. But the marketing said it was going to be great for everyone. Good marketing that took Vista’s plusses and minuses as facts could have made things better. It was bad timing that Vista came out when the prevailing trend of every-faster computers everywhere started to change. Facing that could have made the difference.

None of that has anything to do with security.

Dept. of Pre-Blogging: Swine Flu edition

In no particular order, your friendly neighborhood Dept. of Pre-blogging hereby predictively reports on:

  • Increased speculation, coupled with a spike in Twitter activity.
  • Politicization of the event from the Right (blame Mexico and/or Big Government), the Left (if we spent money in the right places, this would not happen), and out in left field (this is actually the result of an experiment by the CIA/NSA/World Bank/Freemasons/etc).
  • Rapid adoption of irrational coping mechanisms, perhaps including a run on N95 respirators and surface disinfectants.
  • Reassuring releases from the Pork Council that in addition to being the Other White Meat(tm), yummy bacon cannot transmit influenza unless it has previously been used as a handkerchief.
  • An upcoming Schneier blog item on swine flu hysteria being related to confirmation bias.
  • Brad DeLong on the bailout

    Brad DeLong has a FAQ up about Geithner’s plan to purchase toxic assets on the theory that the market has undervalued them, and will in time price them properly. Among the items:

    Q: What if markets never recover, the assets are not fundamentally undervalued, and even when held to maturity the government doesn’t make back its money?
    A: Then we have worse things to worry about than government losses on TARP-program money–for we are then in a world in which the only things that have value are bottled water, sewing needles, and ammunition.

    This response reminded me of a conversation I had over a beer with a banking regulator back in August 2006 or thereabouts. He reported on a IM conversation he had had with a colleague whose expertise lay in the area which subsequently imploded. After jokingly asking “Time to buy gold, huh?”, there was a pregnant pause. Then came the response: “Buy ammunition”.
    I ordered another beer.

    Closing the Collapse Gap

    There’s a very interesting annotated presentation at “Closing the ‘Collapse Gap’: the USSR was better prepared for collapse than the US.” In it, Dmitry Orlov lays out his comparison between the USSR and the USA of 2006. Posting this now because a talk he gave at Long Now is getting lots of attention.

    In closely related news, Maurizio d’Orlando lays out that U.S. debt approaches insolvency:

    In 2007, public debt in the United States was 10.6 trillion dollars, compared to a GDP (gross domestic product) of 13.811 trillion dollars. Public debt in 2007 was therefore 76.75% of GDP. In just one year, direct and indirect public debt have grown to more than 100% of GDP, reaching 176.9% to 184.2%. These percentages exclude the debt guaranteed by policies underwritten by AIG, also nationalized, and liabilities for health spending (Medicaid and Medicare) and pensions (Social Security)[2]. By way of comparison, the Maastricht accords require member states of the European Union (EU) to reduce their public debt to no more than 60% of GDP. Again by way of comparison, in one of the EU countries with the largest public debt, Italy, public debt in 2007 was equal to 104% of GDP.

    [Update: I’d meant to include both Bruce Sterling, “2009 Will Be a Year of Panic” and Rob Sama, “
    The Federal Government Has Jumped The Shark

    President for Ten Minutes

    During a chat I had this afternoon, someone brought up an interesting situation to contemplate. The Presidency of George Bush fils ended today at noon EST, but Mr. Obama wasn’t sworn in until 12:10. Who then, the question was, President during those ten minutes.

    One mildly unsatisfactory answer is Ms. Pelosi. If there is neither a President nor Vice President, then the duty falls to the Speaker of the House.

    An even less satisfactory answer is Mr. Biden. The way that was explained, he was sworn in at 11:58. I find it unsatisfactory for two reasons. The most important to me is that after conjuring up this inter-administration gap, this closes it before it started. The second reason follows from what I think the best answer is.

    The best answer to my mind is the simplest: no one. The office doesn’t magically fall to the next person in line, they actually have to be sworn in. When Mr. Kennedy was murdered, there was a short gap between his death and Mr. Johnson being sworn in and during that gap, there was no President. It’s the swearing in that makes the President. Similarly, in the event that an election gets thrown into the House and they didn’t decide until the 21st, there’d be no President for that day.

    If there was indeed a gap (I could argue there was none), the person to whom the office fell was unequivocally Mr. Obama. He was at the time President-Elect. Even if Mr. Biden were somehow actually Veep, the obvious President-to-be is the President-Elect. Of course, this is also why the answer of Ms. Pelosi is unsatisfying. Even if we’re running the Executive like a Swiss railway, we know who the incumbent executives are.

    Nonetheless, it’s fun to muse over. Feel free to spin your own argument for whomever.

    The clever reader may also note that I said “today” despite it being past midnight server time. I have a personal rule that it’s still today until one goes to bed; it’s still night until one has breakfast; it’s still morning until one has lunch. And besides, it’s still the 20th in Hawaii, the President’s home state.

    Disaster Preparedness by Conair

    Mini-me guest posting on The Guerilla CISO tells us all some hard learned lessons in Data Centers and Hair Driers. In it we learn (yet again!) that Disaster Recovery/Emergency Response/Business Continuity rely heavily on documentation, process being followed and above all regular testing. Regular testing is more than just practicing via drills or table top exercises, but also verifying that your documentation is accurate for the entire infrastructure down to capacity, wiring for alarms (at one employer we found out the hard way that one of the fire sensors wasn’t hard wired to the Emergency Power Off rather than to the cutout board and as a result, took down the data center while doing some emergency welding) and servers are facing the right way in the racks. In the end, it’s far better to find out in non-emergency situations that something is wrong. Also never forget that a hair dryer can help you test your fire alarms system…
    [Image is Dog Fluffer by Phitar]

    Failure of Imagination


    USA Today tells us, “Sci-fi writers join war on terror,” in which, “the Homeland Security Department [sic] is tapping into the wild imaginations of a group of self-described “deviant” thinkers….”

    There are many available cheap shots as well as fish to shoot in that barrel. I’m going to take a cheap shot at one not in the barrel. The writers brought in are: Jerry Pournelle, Arlan Andrews, Greg Bear, Larry Niven and Sage Walker.

    Do you notice anyone missing who should be there? How about Tom Clancy, who wrote a novel in which a Boeing 747 is used as a cruise missile to take out the US Capitol and much of the government?

    I can almost excuse the DHS, after all, they’re the ones who admit to not having enough imagination. But look at this:

    During a coffee break at the conference, Walker, Bear and Andrews started talking about the government’s bomb-sniffing dogs. Within minutes, they had conjured up a doggie brain-scanning skullcap that could tell agents what kind of explosive material a dog had picked up.

    Oh, wow! Brain-scanning dogs. (Incidentally, this shows how ignorant they are of how sniffer dogs work. They’re playing “find the ball” by smell. They don’t know explosives from treats.) Why did none of the writers ask each other in a coffee break, “Hey, why isn’t a guy who actually predicted this sort of thing here?”

    Probably because, “for this group, Walker says, there’s no such thing as an ‘unthinkable scenario.'”

    Sometimes with imagination, less is more.