Emergent Chaos: Romney/Ryan for America!

We here at Emergent Chaos have long been frustrated with the Obama Administration. Their failure to close Guantanamo, their failure to prosecute war crimes including torture, their choice to murder American citizens (never mind without due process), their invocation of the state secrets privilege, their persecution of whistleblowers, their TSA running rampant, the list of disappointments runs long.

But we’ve been waiting to see real evidence of a decisive and predictable leadership style from Mitt. We’ve been waiting for a real and demonstrated commitment to civil liberties. Now, with the combination of Paul Ryan and Clint Eastwood, we think he’s over the top.

We know that a vote for Romney/Ryan may leave many folks wondering what they’re voting for. Are they voting for mandatory health care for all that Romney passed in Massachusetts, leading the state to legalize gay marriage or are they voting for the Romney who rails against his plan being taken national with Obamacare? Or are they voting to put Ryan and his voucher-ization of Medicaid one heartbeat away from the Presidency? It’s rare that we see this kind of chaos emerge at the top of a ticket.

Chaos like that is close to our hearts, and four years ago, that was enough to win us over.

But stakes are higher today, and we’ve seen a scary degree of staying on the latest message from Mitt and his advisors. So we needed a high-stakes decision, one taken at a moment of obvious gravity and impact, one taken at the very top, to really help us judge if the velvet glove has forged Willard Mitt Romney into the sort of man we want commanding the most powerful military ever seen on the planet.

Romney decided he wanted a surprise at the convention, and chose Clint Eastwood. Now, as a rock-ribbed, gun-totin’, pro-abortion, pro-gay-marriage, pro-ERA Republican, we think he’s the sort of libertarian Republican who should be making the attendees’ days. He’s the sort of Republican who should be addressing the convention, hearkening back to the big-tent party that Ronald Reagan led.

But, traditional thinking in politics has become that conventions are tightly managed. That’s why RNC Chairman Reince Priebus changed the rules on the convention floor to lock out Ron Paul’s delegates. He wanted to show that the GOP stands fast in its commitment to the rule of law and the importance of democracy, not running a convention where anyone who just happened to have committed delagates can show up and hope to win their party’s nomination.

That’s the sort of strategic thinking that led Romney’s most senior advisors to not ask Clint for a rehersal. And, apparently, their commitment to free speech led them to just toss him a list of talking points and not worry about it. (No, really, go read it, and consider what it means about decision making.) And that’s the sort of emergent chaos that we can’t help but nervously endorse.

So months from now, if you want chaos in the financial markets or chaos on the international stage like we saw chaos on the convention stage, the choice is clear. If Romney/Ryan can let chaos like that into their moment to shine, just think about the chaos that will happen when they’re blindsided. So if you want more leadership like that, if you want to live in interesting times, vote Romney/Ryan. We’re not sure what we’ll get, but we’re confident it will be exciting.

Seattle in the Snow

Seattle snow (From The Oatmeal.)

It’s widely understood that Seattle needs a better way to measure snowfall. However, what’s lacking is a solid proposal for how to measure snowfall around here. And so I have a proposal.

We should create a new unit of measurement: The Nickels. Named after Greg Nickels, who lost the mayorship of Seattle because he couldn’t manage the snow.

Now, there’s a couple of ways we could define the Nickels. It could be:

  • The amount of snow needed to cost a Mayor 10 points of approval rating
  • The amount of snow needed to cause a bus to slide down Olive way and teeter over the highway
  • 2 millimeters
  • Enough snow to reduce the coefficient of city road friction by 1%.

I’m not sure any of these are really right, so please suggest other ways we could define a Nickels in the comments.

Email chaos: How to reach Adam Shostack

The servers that host my personal email have been taken offline by a surprise attack by the evil forces of snow and ice, and my email is likely to start bouncing soon.

If you need to reach me, you can use nameofthisblog @ google, or first.last @ microsoft. You can also ask me to follow you on Twitter (@adamshostack) and we can talk in very short fragments.

I apologize for the inconvenience.

Egypt and Information Security

Yesterday, I said on Twitter that “If you work in information security, what’s happening in Egypt is a trove of metaphors and lessons for your work. Please pay attention.” My goal is not to say that what’s happening in Egypt is about information security, but rather to say that we can be both professional and engaged with the historic events going on there. Further, I think it’s important to be engaged.

A number of folks challenged me, for example, “Care to enumerate some of those lessons? The big ones I see are risks of centralized bandwidth control, lack of redundant connections.”

There’s a number of ways that information security professionals can engage with what’s happening.

A first is to use what’s happening to engage on security issues with their co-workers and management on issues like employee safety, disaster recovery and communications redundancy and security. This level of engagement is easy, it’s not political, but it uses a story in the news to open important discussions.

A second way is to use Egypt as a source of what-if scenarios to test those sorts of plans and issues. This gives strong work justification to tracking and understanding what’s happening in Egypt in detail.

A third way is to use Egypt as a way to open discussions of how our technologies can be used in ways which we don’t intend. Often times, security technologies overlap with the ability to impose control on communications. Sometimes, for example with Tor, they can be used to protect people. Other times, they can be used to cut off communications. These are difficult conversations, fraught with emotion and exposing our deep values. But they are difficult because they are important and meaningful. Oftentimes, we as technologists want to focus in on the technology, and leave the societal impact to others. I think Egypt offers us an opportunity to which we can rise, and a lens for us to engage with these questions in the technologies we build or operate.

There’s probably other ways as well, and I’d love to hear how others are engaging.

Mobile Money for Haiti: a contest

This is cool:

The Bill & Melinda Gates Foundation is using its financial clout to push the Haitian marketplace toward change by offering $10 million in prizes to the first companies to help Haitians send and receive money with their cell phones…

The fund will offer cash awards to companies that initiate mobile financial services in Haiti. The first company to launch a mobile money service that meets certain criteria in the next six months will receive $2.5 million. The second operator to launch and reach these benchmarks within 12 months will receive $1.5 million. Another $6 million will be awarded as the first 5 million transactions take place, divided accordingly between those operators that contributed to the total number of transactions.

For more details, see the press release.

St. Cajetan’s Revenge

For some time, I’ve watched the War on Bottled Water with amusement. I don’t disagree with figuring out how to reduce waste, and so on and so forth, but the railing against bottled water per se struck me as not thought out very well.

The major reason for my thinking is that I never heard any of the venomous railing against water extending to any other drinks that come in bottles. To my mind, it seemed that a Coke, hey, that’s okay, but if you start with one and take out the sugar, the caffeine, the artificial flavors, and CO2 you end up with water. Coke okay, water evil.

Me, sometimes all I want is a cool drink of water. More often, I want something a little more. I’m very fond of those fizzy waters with a bit of essential oils in them, as well as iced tea. But I don’t want the sugar. I want an artificial sweetener even less, and often when faced with decisions, water is what’s available. When I’m traveling nearly anywhere, I think I’d rather have it in a bottle, thanks.

The prejudice against water comes from thinking that it’s just water. Rarely is there such a thing as just water. The only just water there is is distilled (or in a pinch deionized) water, and that is itself special because it is unusual for something to be just water.

And now, I can’t help but think, “Uh huh” as I read, “Millions in U.S. Drink Dirty Water, Records Show.”

The summary is that more than 20% of US water treatment systems have violated key provisions of the Safe Drinking Water Act over the last five years. The violations include sewage bacteria, known poisons and carcinogens, parasites, and so on. Mid-level EPA investigators say that the government has been interested in other things and just not enforcing things, and they don’t think change will happen.

Security isn’t just going after terrorists, it’s basic thing. Like water.

Tifatul Sembiring Causes Disasters

Padung-earthquake.jpgThe BBC reports that “Indonesia minister says immorality causes disasters:”

A government minister has blamed Indonesia’s recent string of natural disasters on people’s immorality. Communication and Information Minister Tifatul Sembiring said that there were many television programmes that destroyed morals. Therefore, the minister said, natural disasters would continue to occur.

His comments came as he addressed a prayer meeting on Friday in Padang, Sumatra, which was hit by a powerful earthquake in late September. He also hit out at rising decadence – proven, he said, by the availability of Indonesia-made pornographic DVDs in local markets – and called for tougher laws.

Now, you might think I’m just being snarky, but the opportunities that are open to a communication and information minister include communicating about earthquake or tidal wave safety, or how to cope afterwards. If Sembring is sharing his bizzaro ideas that a lack of morals causes people’s homes to collapse, then he is clearly putting his energy into the wrong message. He should be encouraging people to learn first aid, to have a small disaster kit, etc.

But to the extent that he’s delivering morality over engineering, preparedness, and response, he’s turning natural events into worse disasters.

Earthquake photo part of the Padang earthquake set by dapiiiiit

Vista Didn’t Fail Because of Security

Bruce Schneier points in his blog to an article in The Telegraph in which Steve Ballmer blames the failure of Vista on security. Every security person around should clear their throat loudly. Security is not what made Vista unpalatable.

Many people liked Vista. My tech reporter friends not only adored it, but flat couldn’t understand why people didn’t adore it. I have a number of other friends who adored it. In assessing Vista, this is important to keep in mind. Despite its bad rep, many people liked it. So why did many people not like it?

First, there were the gamers. Before Vista came out, Microsoft did a lot of marketing Vista to gamers. There were kiosks at gaming conventions and other places touting Vista as a gaming platform.

Unfortunately, it wasn’t. Reliable tests at the time said that Vista ran games about 20% slower than XP. Compounding this was that among the drivers that were dodgy when it first came out were video drivers. Many gamers felt that they had been sold a pig in the poke, and there was merit to this claim. Hardcore gamers are people who will spend money on bleeding-edge kit, and it was precisely this bleeding-edge kit that didn’t work well at first. And whatever it was that made games run slower (even if it was security features), that’s not the point. Microsoft’s statements to the gamers was that their gaming experience would be better on Vista, and it was worse. Once the 4chan crowd starts making memes about suckage, you’re behind the eight-ball.

Second, there were the cheapies. Many machines were marked as Vista-capable that either weren’t, or could only run the basics of Vista and not the fancy new stuff. There is an aphorism that Intel giveth and Microsoft taketh away. The problem is that most of the PC makers will try to sell you the cheapest possible computer, and these cheapest possible computers just didn’t have enough oomph to do Aero and the cool features in Vista. Microsoft took more than Intel gave and the customers felt they’d been sold a pig the poke. There were even lawsuits over this, and it added to Vista’s bad rep.

Third, there were the people on laptops. For whatever reasons, when Vista first came out, it was slow on laptops. One of my co-workers bought a ThinkPad to run Vista on for testing alongside her existing XP laptop, and it was much slower than the XP laptop running side-by-side.

I will add another personal anecdote. My brother-in-law bought my sister a brand-new Vista laptop. It ran slower than his older XP laptop. It was so bad that he would turn the screen of his XP laptop away so that she wouldn’t see him running XP and mentally compare it to her new laptop.

On the other hand, to repeat, the people who had high-end machines but not bleeding-edge machines adored Vista. If you had lots of memory, a not-quite-bleeding-edge video card, and a fast processor, Vista was great from the getgo.

However, this was not the buying trend of most PC makers. Their trend was to push people to ever-cheaper machines. Sadly, at the time Vista came out as well, all but the most expensive laptops were dodgy for Vista in all its glory.

This is a matter of zigging when you should have zagged, for the most part. But there were two other trends that caught Microsoft by surprise.

The first trend was virtualization. Vista was virtualization-surly. One of its cool features that’s great if you’re on a high-end computer is that it did a lot of pre-caching and pre-loading. Most people with lots of memory on a computer just don’t use that memory, and Vista had ways to use it to make the experience snappier. If you’re on a VM, this is precisely what you don’t want. In an ironically saving grace, though, Vista had a virtualization-surly license, as well. Only the most expensive Vista package was licensed for VMs, which was just as well given that it was optimized for big tower computers in a way that it was pessimized for VMs.

The second trend was netbooks. Intel gave not in the form of faster CPUs, but lighter, smaller, cheaper, less power-hungry CPUs in the Atom. The Atom, however, didn’t have the oomph for Vista, and this meant it had to run XP, which further tarnished Vista’s rep.

All of this together — bad performance among gamers, bad performance on cheap computers and laptops, combined with the trends towards virtualization and netbooks were what gave Vista a bad rep. The people who bought a computer that was a high-end desktop but not a gaming machine loved Vista (and love it to this day). Unfortunately, this demographic is precisely the demographic that also tends to buy Macs. Vista’s problems were all from zigging when you should have zagged.

Some of Vista’s problems can be laid at the feet of “security” (which I intentionally put in scare quotes. UAC was rightly ridiculed for excessive dialogs, but is that a security failure or a UI failure? Yes, kernel improvements delayed getting drivers out (which is one of the things that made the gaming experience suboptimal) and some other bumps. But those were compounded by marketing that went opposite of reality. If the Vista marketing had said, “Hey, it’s going to be a bit slow, and there will be some rough edges. But you’ll really like how we’re sticking it to virus writers” then there may have been a different perception. It is also not fair to blame counter-factual marketing on security.

The bottom line is this. Vista was great for some people. It was bad for others. But the marketing said it was going to be great for everyone. Good marketing that took Vista’s plusses and minuses as facts could have made things better. It was bad timing that Vista came out when the prevailing trend of every-faster computers everywhere started to change. Facing that could have made the difference.

None of that has anything to do with security.

Dept. of Pre-Blogging: Swine Flu edition

In no particular order, your friendly neighborhood Dept. of Pre-blogging hereby predictively reports on:

  • Increased speculation, coupled with a spike in Twitter activity.
  • Politicization of the event from the Right (blame Mexico and/or Big Government), the Left (if we spent money in the right places, this would not happen), and out in left field (this is actually the result of an experiment by the CIA/NSA/World Bank/Freemasons/etc).
  • Rapid adoption of irrational coping mechanisms, perhaps including a run on N95 respirators and surface disinfectants.
  • Reassuring releases from the Pork Council that in addition to being the Other White Meat(tm), yummy bacon cannot transmit influenza unless it has previously been used as a handkerchief.
  • An upcoming Schneier blog item on swine flu hysteria being related to confirmation bias.