April 11, 2019

An Old School Shoutout

Filed under: awesome,beauty,doom,future,microfiction — mhoye @ 8:58 am


It’s good to revisit the classics now and then.

February 28, 2018

The Last Days Of 20A0

Filed under: documentation,doom,future,interfaces,lunacy,microfiction — mhoye @ 5:58 pm

Science International – What Will They Think Of Next

At first blush this is a statement on the crude reproductive character of mass culture.

But it also serves as a warning about the psychohistorical destruction to come, the stagnation after revolution, the failure to remix.

I need to write this down, because I forget things sometimes, and I think what I heard today was important. Not to me, the time for me or almost anyone else alive on Earth today to make a difference has passed, but someone, somewhere might be able to make something of this, or at least find it helpful, or something. Once I’m done, I’m going to seal it up in a pipe, coat it in wax, and chuck it into the ravine. Maybe someday someone will read this, and try to put things together. If they’re allowed to.

It’s happening again.

The Phantom Time Hypothesis, developed by Heribert Illig, proposes that error and falsification have radically distorted the historical record. In his analysis, we have dilated the course of true events, so that they appear to cover far greater lengths of time than in fact passed. The so-called dark ages, for example, only appear that way because those centuries were mere decades.

You can feel it, can’t you? The relentless immediacy of crisis over crisis, the yawning void the endless emergency is stretched taut to obscure. The soul-bending psychological trauma; even moments of optimism seem unfairly compressed, hyperdense self-referential memetic shards landing like cartoon anvils and sublimated into vapor by the meteoric heat of the Next Thing. The spiritual torniquet of the perpetually immediate present twisting tighter, fractions of degrees at a time.

The space: do we not all feel it? The space. It may be said that the consumer cultures of the 1980s and 1990s, successively exhorting us to embrace artifice and then soul-crushing blandness, were manufactured to “cure” the residual confusion and cultural inconsistency that resulted from the methods used to effect mankind’s collective psychic displacement. The hidden “space,” however, manifests itself in curious ways – the obsession with youth and physical condition in those born in the 1960s and 1970s; oddities in climate change data; the apparently freakish pace of economic change in what we believe now to be the 1980s; and so forth.

You can hear fragments of the past that remain, the warning signs engineered to survive their own absence singing the speed, the mass of this oncoming train to anyone foolish or optimistic enough (and is there a difference, at this remove?) to put an ear to the tracks. It’s happening again; here we are in the moments before the moment, and it can’t be an accident that those who seem most adept in this psychosocial twilight, deftly navigating unmoored in cold storms of this howling psychic gyre are people who’ve lost their anchors or thrown them overboard by choice in the name of some dark mirrored vision of liberty or mere expediency, in the long calm of the before. They’re just one more set of symptoms now, signs of symbols nested in symbols whose ultimate referents are burned to ash beneath them.

It is happening again.

But the problem is a real one, not a mere intellectual game. Because today we live in a society in which spurious realities are manufactured by the media, by governments, by big corporations, by religious groups, political groups — and the electronic hardware exists by which to deliver these pseudo-worlds right into the heads of the reader, the viewer, the listener. Sometimes when I watch my eleven-year-old daughter watch TV, I wonder what she is being taught. The problem of miscuing; consider that. A TV program produced for adults is viewed by a small child. Half of what is said and done in the TV drama is probably misunderstood by the child. Maybe it’s all misunderstood. And the thing is, Just how authentic is the information anyhow, even if the child correctly understood it? What is the relationship between the average TV situation comedy to reality?

What’s left but what’s next, the twisting, the tightening, the inevitable snap; the collective spasm, the absence that will pass for absolution. The last fracturing as the cabals of consensus and permitted history are ground into the microcults gnawing at the fraying edges of tomorrow’s interstitials, memetic remixes remixed as memetic merchandise and malformed memories. Veracity hitting the kalidoscopic crystal of the weaponized postmodern like a bird hitting a window.

It. Is. Happening. Again.

We can’t say we weren’t warned.

I don’t know if that man was crazy or not, but I think he was sane. As he was leaving, he said something about putting my house underwater. Please, don’t let them brush me away. Don’t let them hide us. Try and find more, I know there’s got to be more people who tried to leave something behind. Don’t let the world die in vain. Remember us.

We were here, and there was something here worth saving. There was such a thing as now, and we fought for it. We’ll leave the artifacts, hidden and codified as we have before, as best we’re able. Watch for them. Listen. You’ll be able to hear the Next Time, the shape and speed and mass of it approaching, and it may not be too late to throw it off the tracks. Reassemble this moment, rebuild who we were out of the hidden shards we’ve left. Hone yourselves to the gleaming edges you’ll need with the tools we’ve left you. Put your ear to the rails and listen.

No piece of information is superior to any other. Power lies in having them all on file and then finding the connections. There are always connections; you have only to want to find them.

We were here. This was real. Remember us.

June 8, 2017

A Security Question

To my shame, I don’t have a certificate for my blog yet, but as I was flipping through some referer logs I realized that I don’t understand something about HTTPS.

I was looking into the fact that I sometimes – about 1% of the time – I see non-S HTTP referers from Twitter’s URL shortener, which I assume means that somebody’s getting man-in-the-middled somehow, and there’s not much I can do about it. But then I realized the implications of my not having a cert.

My understanding of how this works, per RFC7231 is that:

A user agent MUST NOT send a Referer header field in an unsecured HTTP request if the referring page was received with a secure protocol.

Per the W3C as well:

Requests from TLS-protected clients to non- potentially trustworthy URLs, on the other hand, will contain no referrer information. A Referer HTTP header will not be sent.

So, if that’s true and I have no certificate on my site, then in theory I should never see any HTTPS entries in my referer logs? Right?

Except: I do. All the time, from every browser vendor, feed reader or type of device, and if my logs are full of this then I bet yours are too.

What am I not understanding here? It’s not possible, there is just no way for me to believe that it’s two thousand and seventeen and I’m the only person who’s ever noticed this. I have to be missing something.

What is it?

FAST UPDATE: My colleagues refer me to this piece of the puzzle I hadn’t been aware of, and Francois Marier’s longer post on the subject. Thanks, everyone! That explains it.

SECOND UPDATE: Well, it turns out it doesn’t completely explain it. Digging into the data and filtering out anything referred via Twitter, Google or Facebook, I’m left with two broad buckets. The first is is almost entirely made of feed readers; it turns out that most and maybe almost all feed aggregators do the wrong thing here. I’m going to have to look into that, because it’s possible I can solve this problem at the root.

The second is one really persistent person using Firefox 15. Who are you, guy? Why don’t you upgrade? Can I help? Email me if I can help.

May 1, 2017

Wooden Shoes As A Service

Filed under: academia,digital,doom,future,interfaces,vendetta — mhoye @ 10:57 pm


In international trade, the practice of selling state-subsidized goods far below cost – often as a way of crushing local producers of competing goods – is called “dumping”:

Under the Tariff Act of 1930, U.S. industries may petition the government for relief from imports that are sold in the United States at less than fair value (“dumped”) or which benefit from subsidies provided through foreign government programs. Under the law, the U.S. Department of Commerce determines whether the dumping or subsidizing exists and, if so, the margin of dumping or amount of the subsidy; the USITC determines whether there is material injury or threat of material injury to the domestic industry by reason of the dumped or subsidized imports.

To my knowledge there’s not much out there as far as comparable prohibitions around services. Until recently, I think, the idea wouldn’t have made much sense. How do you “dump” services? The idea was kind of nonsensical; you couldn’t, particularly not at any kind of scale.

If you put your black hat on for a minute, though, and think of commerce and trade agreements as extensions of state policy: another way to put that might be, how do you subject a services-based economy to the same risks that dumping poses to a goods-based economy?

Unfortunately, I think software has given us a pretty good answer to that: you dig into deep pockets and fund aggressively growing, otherwise-unsustainable service companies.

Now a new analysis of Uber’s financial documents suggests that ride subsidies cost the company $2 billion in 2015. On average, the analysis suggests, Uber passengers paid only 41% of the cost of their trips for the fiscal year ended in September 2015.

In other words: given enough subsidy, a software startup can become an attack vector on a services-based economy. A growing gig economy is a sign of extreme economic vulnerability being actively exploited.

I don’t know what to do about it, but I think this is new. Certainly the Canadian Special Import Measures Act only mentions services as a way to subsidize the offending company, not as the thing being sold, and all the recent petitions I can find in Canada and the U.S. both involve actual stuff, nothing delivered or mediated by software. At the very least, this is an interesting, quasi-guerilla way to weaponize money in trans-national economic conflicts.

For industries not yet established, the USITC may also be asked to determine whether the establishment of an industry is being materially retarded by reason of the dumped or subsidized imports.

I have a theory that the reason we’re not calling this out an as act of trade war – the reason we can’t see it at all, as far as I can tell – is that the people worst affected are individuals, not corporations. The people losing out are individuals, working on their own, who have no way to petition the state for redress at that scale, when the harm done in aggregate is functionally invisible without a top-down view of the field.

It’d be easy to make this sound isolationist and xenophobic, and that’s not what I intend – I like cool things and meeting people from other places, and international trade seems like the way the world gets to have that. But we know to put a stop to that when trade policies turn into weapons by another name. And I don’t understand down here at street level if there’s much of a difference between “foreign subsidies artificially undercut price of steel ingots” and “foreign subsidies artificially undercut price of cab rides”.

March 24, 2017

Mechanized Capital

Construction at Woodbine Station

Elon Musk recently made the claim that humans “must merge with machines to remain relevant in an AI age”, and you can be forgiven if that doesn’t make a ton of sense to you. To fully buy into that nonsense, you need to take a step past drinking the singularity-flavored Effective Altruism kool-aid and start bobbing for biblical apples in it.

I’ll never pass up a chance to link to Warren Ellis’ NerdGod Delusion whenever this posturing about AI as an existential threat comes along:

The Singularity is the last trench of the religious impulse in the technocratic community. The Singularity has been denigrated as “The Rapture For Nerds,” and not without cause. It’s pretty much indivisible from the religious faith in describing the desire to be saved by something that isn’t there (or even the desire to be destroyed by something that isn’t there) and throws off no evidence of its ever intending to exist.

… but I think there’s more to this silliness than meets the rightly-jaundiced eye, particularly when we’re talking about far-future crypto-altruism as pitched by present-day billionaire industrialists.

Let me put this idea to you: one byproduct of processor in everything is that it has given rise to automators as a social class, one with their own class interests, distinct from both labor and management.

Marxist class theory – to pick one framing; there are a few that work here, and Marx is nothing if not quotable – admits the existence of management, but views it as a supervisory, quasi-enforcement role. I don’t want to get too far into the detail weeds there, because the most important part of management across pretty much all the theories of class is the shared understanding that they’re supervising humans.

To my knowledge, we don’t have much in the way of political or economic theory written up about automation. And, much like the fundamentally new types of power structures in which automators live and work, I suspect those people’s class interests are very different than those of your typical blue or white collar worker.

For example, the double-entry bookkeeping of automation is: an automator writes some code that lets a machine perform a task previously done by a human, or ten humans, or ten thousand humans, freeing those humans to… do what?

If you’re an automator, the answer to that is “write more code”. If you’re one of the people whose job has been automated away, it’s “starve”. Unless we have an answer for what happens to the humans displaced by automation, it’s clearly not some hypothetical future AI that’s going to destroy humanity. It’s mechanized capital.

Maybe smarter people than me see a solution to this that doesn’t result in widespread starvation and crushing poverty, but I only see one: an incremental and ongoing reduction in the supply of human labor. And in a sane society, that’s pretty straightforward; it means the progressive reduction of maximum hours in a workweek, women with control over their own bodies, a steadily rising minimum wage and a large, sustained investments in infrastructure and the arts. But for the most part we’re not in one of those societies.

Instead, what it’s likely to mean is much, much more of what we already have: terrified people giving away huge amounts of labor for free to barter with the machine. You get paid for a 35 hours week and work 80 because if you don’t the next person in line will and you’ll get zero. Nobody enforces anything like safety codes or labor laws, because once you step off that treadmill you go to the back of the queue, and a thousand people are lined up in front of you to get back on.

This is the reason I think this singularity-infected enlightened-altruism is so pernicious, and morally bankrupt; it gives powerful people a high-minded someday-reason to wash their hands of the real problems being suffered by real people today, problems that they’re often directly or indirectly responsible for. It’s a story that lets the people who could be making a difference today trade it in for a difference that might matter someday, in a future their sitting on their hands means we might not get to see.

It’s a new faith for people who think they’re otherwise much too evolved to believe in the Flying Spaghetti Monster or any other idiot back-brain cult you care to suggest.

Vernor Vinge, the originator of the term, is a scientist and novelist, and occupies an almost unique space. After all, the only other sf writer I can think of who invented a religion that is also a science-fiction fantasy is L Ron Hubbard.
– Warren Ellis, 2008

December 15, 2016

Even the dedication to reason and truth might, for all we know, change drastically.

Filed under: academic,documentation,doom,future,interfaces,vendetta — mhoye @ 12:19 pm

The following letter, written by Carl Sagan, is one of the appendices of the “Expert Judgement on Markers To Deter Inadvertent Human Intrusion into the Waste Isolation Pilot Plant” document, completed in 1993.

It’s on page 331, and it hurts to read.

Dr. D. Richard Anderson
Performance Assessment Division
6342 Sandia National Laboratories
New Mexico

Dear Dr. Anderson:

Many thanks for your kind invitation to participate in the panel charged with making recommendations on signing to the far future about the presence of dangerous long-lived radioactive waste repositories (assuming the waste hasn’t all leached out by then). It is an interesting and important problem, and I’m sorry that my schedule will not permit me to participate. But I can, in a few sentences, tell you my views on the matter; perhaps you would be kind enough to pass them on to the members of the panel:

Several half-lives of the longest-lived radioisotopes in question constitute a time period longer than recorded human history. No one knows what changes that span of time will bring. Social institutions, artistic conventions, written and spoken language, scientific knowledge and even the dedication to reason and truth might, for all we know, change drastically. What we need is a symbol invariant to all those possible changes. Moreover, we want a symbol that will be understandable not just to the most educated and scientifically literate members of the population, but to anyone who might come upon this repository. There is one such symbol . It is tried and true. It has been used transculturally for thousands of years, with unmistakable meaning. It is the symbol used on the lintels of cannibal dwellings, the flags of pirates, the insignia of SS divisions and motorcycle gangs, the labels of bottles of poisons — the skull and crossbones. Human skeletal anatomy, we can be reasonably sure, will not unrecognizably change in the next few tens of thousands of years. You might very well wish also to include warnings in major human languages (being careful not to exclude Chinese and Arabic), and to attach a specification of the radioisotopes in question — perhaps by circling entries in a periodic table with the appropriate isotopic atomic numbers emphasized. It might be useful to include on the signs their own radioactive markers so that the epoch of radioactive waste burial can be calculated (or maybe a sequence of drawings of the Big Dipper moving around the Pole Star each year so that, through the precession of the equinoxes, the epoch of burial, modulo 26,000 years, could be specified) . But all this presumes much about future generations. The key is the skull and crossbones.

Unless a more powerful and more direct symbol can be devised, I think the only reason for not using the skull and crossbones is that we believe the current political cost of speaking plainly about deadly radioactive waste is worth more than the well-being of future generations.

With best wishes,


      Carl Sagan

September 22, 2016

Falsehoods Programmers Believe About Economics

Filed under: academic,documentation,doom,interfaces,want — mhoye @ 8:38 am


Late update: This post has been added to this excellent list of falsehoods programmers believe, and I’m pretty proud of that.

Two similar jokes rolled past me late last week, the first when I mentioned that running a Java program in JVM in a Linux VM in a container on AWS is a very inefficient way of generating waste heat, and that I could save a lot of time and effort by cutting out the middleman and just setting money on fire.

For the second, a friend observed that startups are an extremely inefficient way of transferring wealth from venture capitalists to bay-area landlords; there’s a disruptive opportunity here to shortcut that process and just give venture capital directly to the SoCal rentier class for a nominal service fee. I suggested he call his startup “olygarchr”, or maybe “plutocrysii”; you heard it here first, in two years YCombinator will be obsolete.

With that in mind and in the spirit of the now-classic Falsehoods Programmers Believe About Time and Falsehoods Programmers Believe About Names, I asked for this on Twitter the other day and got some pretty good feedback. But I guess if I want something written up, I’ll be the one writing it up.

I may add some more links to this over the next little while, but for now here you go.

Falsehoods Programmers Believe About Economics

  1. Economics is simple.
  2. Econ-101 is a comprehensive overview of the field.
  3. Economics is morally neutral.
  4. Economics is racially- and gender-neutral.
  5. The efficient markets hypothesis is true.
  6. Classical economics is empirically grounded.
  7. Politics is an entirely unrelated field.
  8. Externalities are the same as inefficiencies.
  9. Pareto efficiency exists.
  10. Information symmetry exists.
  11. People are rational actors.
  12. OK, sure, people, I get it. But I’m a rational actor.
  13. “Rational” to me is the same as “rational” to everyone else.
  14. Rational actors exist at all.
  15. Advertising doesn’t influence or distort markets.
  16. Ok, fine, but advertising doesn’t influence me.
  17. Just-so stories make predictive economic models.
  18. Just-so stories make effective public policy.
  19. Price is an indication of cost.
  20. Price is an indication of value.
  21. The system works for me, therefore the system works for everyone.
  22. Wealth is an indication of worth.

August 29, 2016

Free As In Health Care

This is to some extent a thought experiment.

The video below shows what’s called a “frontal offset crash test” – your garden variety driver-side head-on collision – between a 2009 Chevrolet Malibu and a 1959 Chevrolet Bel Air. I’m about to use this video to make a protracted argument about software licenses, standards organizations, and the definition of freedom. It may not interest you all that much but if it’s ever crossed your mind that older cars are safer because they’re heavier or “solid” or had “real” bumpers or something you should watch this video. In particular, pay attention to what they consider a “fortunate outcome” for everyone involved. Lucky, for the driver in the Malibu, is avoiding a broken ankle. A Bel Air driver would be lucky if all the parts of him make it into the same casket.

 [ ]

Like most thought experiments this started with a question: what is freedom?

The author of the eighteenth-century tract “Cato’s Letters” expressed the point succinctly: “Liberty is to live upon one’s own Term; Slavery is to live at the mere Mercy of another.” The refrain was taken up with particular emphasis later in the eighteenth century, when it was echoed by the leaders and champions of the American Revolution.’ The antonym of liberty has ceased to be subjugation or domination – has ceased to be defenseless susceptibility to interference by another – and has come to be actual interference, instead. There is no loss of liberty without actual interference, according to most contemporary thought: no loss of liberty in just being susceptible to interference. And there is no actual interference – no interference, even, by a non-subjugating rule of law – without some loss of liberty; “All restraint, qua restraint, is evil,” as John Stuart Mill expressed the emerging orthodoxy.

– Philip Pettit, Freedom As Anti-Power, 1996

Most of our debates define freedom in terms of “freedom to” now, and the arguments are about the limitations placed on those freedoms. If you’re really lucky, like Malibu-driver lucky, the discussions you’re involved in are nuanced enough to involve “freedom from”, but even that’s pretty rare.

I’d like you to consider the possibility that that’s not enough.

What if we agreed to expand what freedom could mean, and what it could be. Not just “freedom to” but a positive defense of opportunities to; not just “freedom from”, but freedom from the possibility of.

Indulge me for a bit but keep that in mind while you exercise one of those freedoms, get in a car and go for a drive. Freedom of movement, right? Get in and go.

Before you can do that a few things have to happen first. For example: your car needs to have been manufactured.

Put aside everything that needs to have happened for the plant making your car to operate safely and correctly. That’s a lot, I know, but consider only the end product.

Here is a chart of the set of legislated standards that vehicle must meet in order to be considered roadworthy in Canada – the full text of CRC c.1038, the Motor Vehicle Safety Regulations section of the Consolidated Regulations of Canada runs a full megabyte, and contains passages such as:

H-point means the mechanically hinged hip point of a manikin that simulates the actual pivot centre of the human torso and thigh, described in SAE Standard J826, Devices for Use in Defining and Measuring Vehicle Seating Accommodation (July 1995); (point H)

H-V axis means the characteristic axis of the light pattern of a lamp, passing through the centre of the light source, used as the direction of reference (H = 0°, V = 0°) for photometric measurements and for the design of the installation of a lamp on a vehicle; (axe H-V)

… and

Windshield Wiping and Washing System

104 (1) In this section,

areas A, B and C means the areas referred to in Column I of Tables I, II, III and IV to this section when established as shown in Figures 1 and 2 of SAE Recommended Practice J903a Passenger Car Windshield Wiper Systems, (May 1966), using the angles specified in Columns III to VI of the above Tables; (zones A, B et C)

daylight opening means the maximum unobstructed opening through the glazing surface as defined in paragraph 2.3.12 of Section E, Ground Vehicle Practice, SAE Aerospace-Automotive Drawing Standards, (September 1963); (ouverture de jour)

glazing surface reference line means the intersection of the glazing surface and a horizontal plane 635 mm above the seating reference point, as shown in Figure 1 of SAE Recommended Practice J903a (May 1966); (ligne de référence de la surface vitrée)

… and that mind-numbing tedium you’re experiencing right now is just barely a taste; a different set of regulations exists for crash safety testing, another for emissions testing, the list goes very far on. This 23 page PDF of Canada’s Motor Vehicle Tire Safety Regulations – that’s just the tires, not the brakes or axles or rims, just the rubber that meets the road – should give you a sense of it.

That’s the car. Next you need roads.

The Ontario Provincial Standards for Roads & Public Works consists of eight volumes. The first of them, General And Construction Specifications, is 1358 pages long. Collectively they detail how roads you’ll be driving on must be built, illuminated, made safe and maintained.

You can read them over if you like, but you can see where I’m going with this. Cars and roads built to these standards don’t so much enable freedom of motion and freedom from harm as they delimit in excruciating detail the space – on what road, at what speeds, under what circumstances – where people must be free from the possibility of specific kinds of harm, where their motion must be free from the possibility of specific kinds of restriction or risk.

But suppose we move away from the opposition to bare interference in terms of which contemporary thinkers tend to understand freedom. Suppose we take up the older opposition to servitude, subjugation, or domination as the key to construing liberty. Suppose we understand liberty not as noninterference but as antipower. What happens then?

– Philip Pettit, ibid.

Let me give away the punchline here: if your definition of freedom includes not just freedom from harassment and subjugation but from the possibility of harassment and subjugation, then software licenses and cryptography have as much to do with real digital rights and freedoms as your driver’s license has to do with your freedom of mobility. Which is to say, almost nothing.

We should be well past talking about the minutia of licenses and the comparative strengths of cryptographic algorithms at this point. The fact that we’re not is a clear sign that privacy, safety and security on the internet are not “real rights” in any meaningful sense. Not only because the state does not meaningfully defend them but because it does not mandate in protracted detail how they should be secured, fund institutions to secure that mandate and give the force of law to the consequences of failure.

The conversation we should be having at this point is not about is not what a license permits, it’s about the set of standards and practices that constitutes a minimum bar to clear in not being professionally negligent.

The challenge here is that dollar sign. Right now the tech sector is roughly where the automotive sector was in the late fifties. You almost certainly know or know of somebody on Twitter having a very 1959 Bel-Air Frontal-Offset Collision experience right now, and the time for us to stop blaming the driver for that is long past. But if there’s a single grain of good news here’s it’s how far off your diminishing returns are. We don’t need detailed standards about the glazing surface reference line of automotive glass, we need standard seatbelts and gas tanks that reliably don’t explode.

But that dollars sign, and those standards, are why I think free software is facing an existential crisis right now.

[ ]

I think it’s fair to say that the only way that standards have teeth is if there’s liability associated with them. We know from the automotive industry that the invisible hand of the free market is no substitute for liability in driving improvement; when the costs of failure are externalized, diffuse or hidden, those costs can easily be ignored.

According to the FSF, the “Four Freedoms” that define what constitutes Free Software are:

  • The freedom to run the program as you wish, for any purpose (freedom 0).
  • The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
  • The freedom to redistribute copies so you can help your neighbor (freedom 2).
  • The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

The cannier among you will already have noted – and scarred Linux veterans can definitely attest to the fact – that there’s no mention at all of freedom-from in there. The FSF’s unstated position has always been that anyone who wants to be free from indignities like an opaque contraption of a user experience, buggy drivers and nonexistent vendor support in their software, not to mention the casual sexism and racism of the free software movement itself, well. Those people can go pound sand all the way to the Apple store. (Which is what everyone did, but let’s put that aside for the moment.)

Let’s go back to that car analogy for a moment:

Toyota Motor Corp has recalled 3.37 million cars worldwide over possible defects involving air bags and emissions control units.

The automaker on Wednesday said it was recalling 2.87 million cars over a possible fault in emissions control units. That followed an announcement late on Tuesday that 1.43 million cars needed repairs over a separate issue involving air bag inflators.

About 930,000 cars are affected by both potential defects, Toyota said. Because of that overlap, it said the total number of vehicles recalled was 3.37 million.

No injuries have been linked to either issue.

Potential defects.

I think the critical insight here is that Stallman’s vision of software freedom dates to a time when software was contained. You could walk away from that PDP-11 and the choices you made there didn’t follow you home in your pocket or give a world full of bored assholes an attack surface for your entire life. Software wasn’t everywhere, not just pushing text around a screen but everywhere and in everything from mediating our social lives and credit ratings to pumping our drinking water, insulin and anti-lock brakes.

Another way to say that is: software existed in a well-understood context. And it was that context that made it, for the most part, free from the possibility of causing real human damage, and consequently liability for that damage was a non-question. But that context matters: Toyota doesn’t issue that recall because the brakes failed on the chopped-up fifteen year old Corolla you’ve welded to a bathtub and used as rally car, it’s for the safety of day to day drivers doing day to day driving.

I should quit dancing around the point here and just lay it out:  If your definition of freedom includes freedom from the possibility of interference, it follows that “free as in beer” and “free as in freedom” can only coexist in the absence of liability.

This is only going to get more important as the Internet ends up in more and more Things, and your right – and totally reasonable expectation – to live a life free from arbitrary harassment enabled by the software around you becomes a life-or-death issue.

If we believe in an expansive definition of human freedom and agency in a world full of software making decisions then I think we have three problems, two practical and one fundamental.

The practical ones are straightforward. The first is that the underpinnings of the free-as-in-beer economic model that lets Google, Twitter and Facebook exist are fighting a two-ocean war against failing ad services and liability avoidance. The notion that a click-through non-contract can absolve any organization of their responsibility is not long for this world, and the nasty habit advertising and social networks have of periodically turning into semi-autonomous, weaponized misery-delivery platforms makes it harder to justify letting their outputs talk to your inputs every day.

The second one is the industry prisoner’s dilemma around, if not liability, then at a bare minimum responsibility. There’s a battery of high-caliber first-mover-disadvantages pointed at the first open source developer willing to say “if these tools are used under the following conditions, by users with the following user stories, then we can and should be held responsible for their failures”.

Neither of these problems are insoluble – alternative financial models exist, coalitions can be built, and so forth. It’ll be an upheaval, but not a catastrophic or even sudden one. But anyone whose business model relies on ads should be thinking about transitions five to ten years out, and your cannier nation-states are likely to start sneaking phrases like “auditable and replaceable firmware” in their trade agreements in the next three to five.

The fundamental problem is harder: we need a definition of freedom that encompasses the notion of software freedom and human agency, in which the software itself is just an implementation detail.

We don’t have a definition of freedom that’s both expansive in its understanding of what freedom and agency are, and that speaks to a world where the line between data security and bodily autonomy is very blurry, where people can delegate their agency to and gain agency from a construct that’s both an idea and a machine. A freedom for which a positive defense of the scope of the possible isn’t some weird semitangible idea, but a moral imperative and a hill worth dying on.

I don’t know what that looks like yet; I can see the rough outlines of the place it should be but isn’t. I can see the seeds of it in the quantified-self stuff, copyleft pushback and the idea that crypto is a munition. It’s crystal clear that a programmer clinging to the idea that algorithms are apolitical or that software is divorced from human bias or personal responsibility is a physicist holding to the aetheric model or phlogiston when other people are fuelling their rockets. The line between software freedom and personal freedom is meaningless now, and the way we’ve defined “software freedom” just about guarantees its irrelevancy. It’s just freedom now, and at the very least if our definition of what freedom is – and our debate about what freedom could be –  isn’t as vast and wide-ranging and weird and wonderful and diverse and inclusive and scary as it could possibly be, then the freedom we end up with won’t be either.

And I feel like a world full of the possible would be a hell of a thing to lose.

December 5, 2015

Barbiephonic (redux)

Filed under: awesome,digital,doom,interfaces,lunacy,parenting,toys,vendetta — mhoye @ 9:51 pm


I have a funny story about the recent Hello Barbie networked-device security failure. This is doubly a repost – it started its current incarnation as a twitter rant, and longtime readers may remember it from the dim recesses of history, but the time has come for me to tell it again.

Back in 2007 Mattel had a site where they’d charge parents two bucks to have one of Mattel’s franchise characters give their child a real phone call, because people still did that in 2007. They’d let you hear the call before paying, which I suppose was good of them, but I poked around a bit and pretty quickly discovered that whatever company Mattel had hired for this was not so good with the infosec.

The subject of the calls – Dora would say it’s important to learn to read or help around the house, Barbie would tell you to work hard in school, that sort of thing – was pretty pedestrian, harmless despite the weirdly Reagan-era-esque Kid-Celebrities-Help-You-Just-Say-No-To-Drugs vibe. But the indexes on the folders storing all those component sound files they’d assemble into your custom call were wide open.

And the other thing lying around on those open shares were recordings of names. To reach a wide audience they’d recorded some unstoppably perky young woman reciting kids’ first names, Aaron, Abbot, Abby, Abigail, Adana, Adena, in an upbeat barbie-girl voice, every single one. And there I was with a pile of free disk space, university bandwidth, wget and why not.

There were seventeen thousand of them.

After a bit of experimentation, I figured out how to stitch them all together with .4 seconds of silence between each. The resulting audio file was almost five hours long; four hours and forty five minutes of relentless Barbiedoll voice reciting seventeen thousand first names in alphabetical order.

To my knowledge, nobody has ever listened to the whole thing.

Of the six attempts I’m aware of, four were called off when the death threats started, one due to the near-breakup of the couple making the attempt, and one person drinking themselves to unconsciousness at about the 90 minute mark. I’m not saying that to make a joke. I’m telling you because this is real and it’s an SCP-grade psychic biohazard. No highly esteemed deed was committed here; this is not a place of honour.

So don’t say I didn’t warn you.

For your listening pleasure: here it is.

Have a good weekend, Internet.

UPDATE: Somebody made a Youtube video.

November 9, 2015

The Devil And Strong Crypto

Filed under: digital,documentation,doom,future,interfaces,linux,vendetta — mhoye @ 1:23 pm

Period scenery-chewing aside, this is largely how I feel about strong, backdoorless cryptography.

When the last wires were tapped, your last passwords broken and the State finally turns on you, how would you hide, with all your secrets exposed? The internet is a forest of crypto from coast to coast – the user’s crypto, not the State’s – and if you cut that down, and you’re just the man to do it, do you really think you could stand upright in the winds that would blow then? Yes, I’d give the internet’s worst users the benefit of strong crypto, for my own safety’s sake.

Older Posts »

Powered by WordPress