Category Archives: emergent chaos

Microsoft Backs Laws Forbidding Windows Use By Foreigners

Posted on by

According to Groklaw, Microsoft is backing laws that forbid the use of Windows outside of the US. Groklaw doesn’t say that directly. Actually, they pose charmingly with the back of the hand to the forehead, bending backwards dramatically and asking, “ Why Is Microsoft Seeking New State Laws That Allow it to Sue Competitors For Piracy by Overseas Suppliers? ” Why, why, why, o why, they ask.

The headline of this article is the obvious reason. Microsoft might not know they’re doing it for that reason. Usually, people with the need to do something, dammit because they fear they might be headed to irrelevancy think of something and follow the old Aristotelian syllogism:

Something must be done.
This is something.
Therefore, it must be done.

It’s pure logic, you know. This is exactly how Britney Spears ended up with Laurie Anderson’s haircut and the US got into policing China’s borders. It’s logical, and as an old colleague used to say with a sigh, “There’s no arguing with logic like that.”

Come on, let’s look at what happens. I run a business, and there’s a law that says that if my overseas partners aren’t paying for their Microsoft software, then Microsoft can sue me, what do I do?

Exactly right. I put a clause in the contract that says that they agree not to use any Microsoft software. Duh. That way, if they haven’t paid their Microsoft licenses, I can say, “O, you bad, naughty business partner. You are in breach of our contract! I demand that you immediately stop using Microsoft stuff, or I shall move you from being paid net 30 to net 45 at contract renegotiation time!” End of problem.

And hey, some of my partners will actually use something other than Windows. At least for a few days, until they realize how badly Open Office sucks.

What should a printer print?

Posted on by

Over at their blog, i.Materialise (a 3D printing shop) brags about not taking an order. The post is “ATTENTION: ATM skimming device.” It opens:

There is no doubt that 3D printing is a versatile tool for materializing your 3D ideas. Unfortunately, those who wish to break the law can also try to use our technology. We recently received an order which bore a strong resemblance to an ATM skimming device. Basically, the customer placed a 3D print order for a device similar to the one below which is inserted in an ATM machine.

The plastic part can be attached to an ATM machine and with the appropriate hardware and tapped keyboard can scan cards and get personal data. In most cases, such a device does not prevent the cardholder from withdrawing funds from their account, but as their card has been scanned, it can later be reproduced and funds can be stolen from their account.

Fortunately, our engineers were quick to react, and after communication with the customer, the decision was made to decline the order. We do not support criminal activity and will do everything in our power to prevent possible crimes.

The choice that i.Materialise has made is their business. And I appreciate the impulse to protect people from the potentially negative side effects of their awesome business. At the same time, I think it’s a thought provoking and questionable decision for a whole slew of reasons:

  • There are legitimate uses for an ATM skimmer part. For example, as a security expert, I might want such a thing to wave around at conferences. Bank employees might want some for training people on what to look out for. (This is somewhat mitigated by their reaching out, but do I want a business that makes judgement calls about what I print? Maybe I’ll take my adult toy business elsewhere, rather than thinking about what it means for their engineers to be “quick to react.”)
  • The public needs to start to understand that physical objects like this are coming. As 3D printing becomes common, many things will become easier to spoof and fake. Caveat emptor will return. I expect we’ll see a race between high and low volume manufacturers where the high volume folks will specialize in things that are hard to make at home, perhaps using things translucent plastics, toxic ingredients and/or aluminum and titanium, both of which require high temperatures.
  • The banking industry needs to understand that skimmers are getting insanely realistic, and they would be fools to rely on the good graces of 3d printing firms. Skimmers are already so realistic that they’re being installed on in-bank ATMs. Banks are going to need to figure out what to do about that. I figure they can go seamless curvy metal, settle on a single card slot design and roll it out, or start hiring mural painters to customize each ATM machine. Banks will also find it increasingly expensive to stay with magstripe + PIN.
  • This may set a precedent for i.Materialize to not be a “common printer” but a co-conspirator in production. (I believe the company is in Belgium, so their mileage will vary.) In the US, we have a concept of a common carrier, that is, one that will take all customers who can pay. You can choose to discriminate, but if you do, you’re answerable for it. If i.Materialise produces a part that’s used in a future crime, they’ve set a precedent that their engineers should have prevented it. I certainly wouldn’t want to have to answer in court for the statement that we’d “do everything in our power to prevent possible crimes.”

But, it’s their business, and their choice to make. It’s important to understand that 3D printing is getting faster, cheaper and more exciting every year, and that’s going to lead to a lot of chaos emerging.

I’m not aware of anything that makes it unlikely that there will be commercial, inexpensive home 3d printers in 5-10 years. Many of those will be based on open source software like RepRap, just as many inexpensive home routers either ship with or advertise support for dd-wrt. Those home devices will print ATM skimmer covers because it will be easy to remove code that tries to censor what can be printed. They’ll also print bomb parts, “drug paraphernalia,” and print-at-home Star Wars toys. Sorry, Kenner! And Pottery Barn, your days of selling glazed clay may be coming to an end. Later on, we’ll be able to print with easily worked metals like copper, silver or zinc, and those patented cables will be conspicuous consumption.

What’s happening to music and books will happen to physical things. The experience (the concert, the cruise with the band) becomes part of the artist’s revenue stream. Etsy will replace WalMart, because it will be cheaper to print plastics at home than to print them in China, ship them and warehouse them. And you’ll be able to buy plastic and clay that you know are BPA-free, or whatever the latest fad is. You’ll get your circuits or other harder things at shops like Metrix:Create Space. What you’ll pay for, and what Etsy is set up to deliver, is artistry and uniqueness.

Most of us in what’s left of the first world will be able to print the things we want, in the colors, designs and customizations we want. We’ll be better off for it. GDP will likely go down while our standard of living goes up.

Whichever way all this goes, lots of chaos is going to emerge, and we’re going to live in interesting times.

(Thanks to Boing Boing for catching the story.)

Egypt and Information Security

Posted on by

Yesterday, I said on Twitter that “If you work in information security, what’s happening in Egypt is a trove of metaphors and lessons for your work. Please pay attention.” My goal is not to say that what’s happening in Egypt is about information security, but rather to say that we can be both professional and engaged with the historic events going on there. Further, I think it’s important to be engaged.

A number of folks challenged me, for example, “Care to enumerate some of those lessons? The big ones I see are risks of centralized bandwidth control, lack of redundant connections.”

There’s a number of ways that information security professionals can engage with what’s happening.

A first is to use what’s happening to engage on security issues with their co-workers and management on issues like employee safety, disaster recovery and communications redundancy and security. This level of engagement is easy, it’s not political, but it uses a story in the news to open important discussions.

A second way is to use Egypt as a source of what-if scenarios to test those sorts of plans and issues. This gives strong work justification to tracking and understanding what’s happening in Egypt in detail.

A third way is to use Egypt as a way to open discussions of how our technologies can be used in ways which we don’t intend. Often times, security technologies overlap with the ability to impose control on communications. Sometimes, for example with Tor, they can be used to protect people. Other times, they can be used to cut off communications. These are difficult conversations, fraught with emotion and exposing our deep values. But they are difficult because they are important and meaningful. Oftentimes, we as technologists want to focus in on the technology, and leave the societal impact to others. I think Egypt offers us an opportunity to which we can rise, and a lens for us to engage with these questions in the technologies we build or operate.

There’s probably other ways as well, and I’d love to hear how others are engaging.

Unmeddling Housing

Posted on by

For a great many years, US taxpayers have been able to deduct interest paid on a home mortgage from their taxes. That made owning property cost roughly 20% less than it otherwise would have (estimating a 25% tax rate on interest on 80% of a property). So everyone could afford 20% “more” house, which meant that property values inflated until things were in balance again.

It was a good deal for those who were in at the start. But we should also ask, who lost out? First, anyone renting who couldn’t take the deduction. Second, anyone who assumed that this state of affairs would go on forever. Because this week, the chair of the FDIC called for a re-examination of that policy.

Now, this week, Goldman Sachs predicted a 20% drop in Seattle home prices over the next two years, so as a renter, I get to feel a little schadenfreude. But more important, I think, is the chaos of unwinding 50 years of distortion in the housing market.

A great many people have taken the rise in home prices as a bankable truism. Conflating the rise in prices has been a massive increase in the size of houses and lots, underwritten by cheap oil and large highways, but I’m going to mostly set that aside, and focus on the impact of social policy.

Homeownership has a number of downsides. It locks up a tremendous amount of capital in an illiquid investment. It conflates investment and emotional concepts of home. It makes it hard to move when you need a new job.

Now, a government policy to encourage homeownership (uber alles) encourages homeownership. The trouble is, it does so in an unnatural way, and in a way which it now seems appears unsustainable to our bank regulators. That it’s unnatural and unsustainable was always obvious. It’s inherent in the fact that it’s being encouraged. At the margin, there are either people who buy because it’s encouraged, or the policy is an utter failure. So there are people who, without such a policy, would not be homeowners. And homes cost more than they otherwise would.

But after 50 years of meddling in the market, reducing the support for housing is going to be exceptionally complex and chaotic. And the chaos isn’t going to be evenly distributed. It’s going to be a matter of long, complex laws whose outcomes are carefully and secretly influenced. Groups who aren’t photogenic or sympathetic will lose out. (I’m thinking “DINKs” in gentrified urban areas.) Groups who aren’t already well-organized with good lobbyists will lose out. (See previous parenthetical.) Those who believed that the government housing subsidy would go on forever will lose.

Most of all, those of us who lived within our means are going to lose out as the taxpayer “helps cushion” the “unpredictable” changes.

The worst part is, government never needed to get involved.

[This was written in June, I forgot to hit post, so the dates are a little off.]

Emergent Chaos has TSA “trolls,” too

Posted on by

Over at We Won’t Fly, George Donnelly writes:

I was about to delete an offensive comment on this blog – one of the very few we get – and thought, hmm, I wonder where this guy is posting from? Because, really, it is quite unusual for us to get nasty comments. Lo and behold, the troll posted to our website from an IP address controlled by the federal government’s Department of Homeland Security! Here is the taxpayer-funded troll’s gem of a comment, for your entertainment:

In response to Chris’s “Ron Paul supporter inadvertently gets iPhones banned from U.S. aircraft” we got a comment from 216.81.80.134. It was from Ran, and he wrote:

“What color eyes and hair did the terrorist who shot up the Holocaust museum a few days ago have? How about the guy who murdered that abortion doctor?
Are you suggesting that your blonde haired blue eyed friend should be given a pass when alarming airport metal detectors because he has an X-Ray image that he claims is of his ankle? You have got to be kidding, right?”

Which, really, isn’t a dumb comment. It’s an element of a reasonable threat assessment. Which just plays into my confirmation bias that our commenters are regularly smarter and more insightful (or at least more aware of privacy enhancing technologies and practices) than other blogs commenters.

Thank you all for a lovely year of insightful comments here at the combo.

The Emergent Chaos of Facebook relationships

Posted on by

This is a fascinating visualization of 10MM Facebook Friends™ as described in Visualizing Friendships by Paul Butler.

A couple of things jump out at me in this emergent look at geography. The first is that Canada is a figment of our imaginations. Sorry to my Canadian friends (at least the anglophones!)

The second is that borders seem to be remarkably effective at inhibiting friendships, especially in Asia.

Facebook-World.png

Animals and Engineers

Posted on by

It’s been hard to miss the story on cat tongues (“For Cats, a Big Gulp With a Touch of the Tongue:)”

Writing in the Thursday issue of Science, the four engineers report that the cat’s lapping method depends on its instinctive ability to calculate the balance between opposing gravitational and inertial forces.

…After calculating things like the Froude number and the aspect ratio, they were able to figure out how fast a cat should lap to get the greatest amount of water into its mouth. The cats, it turns out, were way ahead of them — they lap at just that speed…The engineers worked out a formula: the lapping frequency should be the weight of the cat species, raised to the power of minus one-sixth and multiplied by 4.6. They then made friends with a curator at Zoo New England, the nonprofit group that operates the Franklin Park Zoo in Boston and the Stone Zoo in Stoneham, Mass., who let them videotape his big cats. Lions, leopards, jaguars and ocelots turned out to lap at the speeds predicted by the engineers.

I was also listening to the Quirks and Quarks story on “Wet Dogs Rule,” in which the researchers have used high speed photography figured out that dogs (and other animals) shake water out at a precisely optimal rate for energy invested versus surface tension and other factors that keep the water in their fur.

What’s surprising to me is the surprise that … “they lap at just that speed.” As anyone who’s ever read Darwin knows, any animal that expends extra energy on something, be it drying off or drinking water, will be disadvantaged compared to one that spends less energy for the same benefit. And over time, the animal that spends its energy more efficiently will have more energy to reproduce. To the extent that such strategies are influenced by genes, those genes that drive better strategies will spread. So I’m surprised that engineers are surprised that they can’t improve on millions of years of evolution.

Incidentally, congratulations to the CBC for being a news site that clearly links to the real academic work and researchers web sites.

Collective Smarts: Diversity Emerges

Posted on by

Researchers in the United States have found that putting individual geniuses together into a team doesn’t add up to one intelligent whole. Instead, they found, group intelligence is linked to social skills, taking turns, and the proportion of women in the group.
[...]
“We didn’t expect that the proportion of women would be a significant influence, but we found that it was,” Prof. Woolley, an organizational psychologist, said in an interview. “The effect was linear, meaning the more women, the better.”

The Globe and Mail, “If you want collective smarts…” In her interview with Quarks and Quirks, Woolley was careful to say that it wasn’t gender per se, but social awareness, but that such awareness correlates strongly with gender.

Money is information coined

Posted on by

In the general case, you are not anonymous on the interweb, but economically-anonymous, which I propose to label “enonymous”, and that’s not the same thing at all. If you threaten to kill the President, you will be tracked down, and the state will spend the money it takes on it. But if you call Lily Allen a a hereditary celebrity and copyright hypocrite (not my own views, naturally) then it’s not worth the state’s money to track you down. If Lily wants to spend her own money on tracking you down and taking a civil action for libel, then fair enough, that’s the English way of limiting free speech. If the newspapers want to spend their own money on it, fine.

I think this is an interesting approach, bringing friction into the definition. It resonates as related to an information-centric definition of anonymity. If we say that money is information coined, then we bring in Hayek. Which is always good fun.

The explicit introduction of money as a way to measure (a subset of) privacy invasions allows us to think about the erosion of privacy by the addition of technology. We know that the internet makes it easier, and perhaps money is that yardstick. What does it take to track down your property taxes? It’s gone from sending someone to the county records office to having someone with a browser. So Alice’s privacy with respect to Bob is not only lower, it’s no longer related to the cost of travel. We’ve zero’d out a term in the cost equation, and that leads to all sorts of chaos.

Anyone engaged in the NSTIC discussion should read and ponder the line of reasoning that Dave extracts over a long and chaotic set of sources. His post advances the discussion around NSTIC, and raises questions that must be answered if that work is to lead anywhere.

The NSTIC proposal places no value on anonymity; indeed, it evinces an apparent lack of understanding of what anonymity really means. It takes for granted the need for authentication (if we pay in cash, why does a merchant, much less a common carrier or government agency, need to know about us other than that our money isn’t counterfeit?) and confuses a policy that purportedly restricts disclosure of our identity with actual non-knowledge of our identity.
[From Papers, Please! » Blog Archive » Public says “No” to national cyberspace ID proposal]

If we in Europe decide to develop our own kind of European Strategy on Trusted Identites in Cyberspace (ESTIC) then I think it should not only include both conditional and unconditional anonymity but should strive to make it clear that, like pseudonymity, these types of online persona will be the norm, not the exception.