blarg?

My father, David Hoye, died on Sunday at about 5:30 in the morning. He was seventy years old; he’d been married to my mom for the last forty-five.

He had his own ideas about what was right and how things should be done, and though he’d always listen he didn’t much care who disagreed with him. He was impractical and idealistic and stubborn and if you know me at all I’m sure that comes as no surprise whatsoever. We were differently stubborn people with different ideas though, or perhaps “of course”; finding a common language, much less common ground, was never all that easy. It took me a long time to recognize what I’d decided in my teens was overbearing micromanagement for the uncomplicated thing it really was: caring. Lots of it, all the time. I’ve inherited that too, to my chagrin. And it never goes away and I can never turn it off and if I’m lucky someday my kids will hate it just as much as I did. If I’m really lucky they’ll eventually feel the way I feel about it now, but who can say?

He never complained about pain, ever, so when he had to cut a March visit short because his back was “bothering him”, that was worrying. He was diagnosed with prostate cancer shortly afterwards, and it took longer than we would have liked to get him on a treatment program and a pain-management regimen that seemed to be working. But prostate cancer is one of the ones we’re supposed to be able to manage, right?

It looked that way for a while; the numbers were moving quickly in the right direction, and though he was still weak from the medication and radiation treatments he was lucid, could still move around with some effort and things seemed to be moving in the right direction. On May 5th, though, he was checked back into the hospital in considerable pain, where we found out that whatever he had had metastasized and by that point was basically on fire.

All of his kids got a chance to talk to him while he was still lucid and fully present, for which I’m grateful.

It wasn’t a good week; cancer doesn’t give out many of those. But he was himself, right to the end; stubborn, determined and caring deeply about his wife and family. Another thing I’ve apparently inherited from him is that painkillers don’t work for shit; on Friday I watched him, in a body that barely worked at all, fight his way up past enough morphine to put down a mule to tell my mom he loved her. On Saturday with the painkillers running as hot as the hospital staff could set them he was still struggling to talk, but the only thing we could make out were the names of his wife and kids and him asking us to take care of each other.

I want to tell you a story about him.

This happened in mid-November, I think, when I was seven or eight years old. We’d had a warm, dry lead-up to winter, and though the leaves were long off the trees we hadn’t seen any snow yet. But that evening while the temperature dropped on our calm one-block street, we got about a quarter-inch of freezing rain on top of everything.

Dad woke us up for this; it gets dark early in the winter so I have no idea how late it really was but it felt late. Dad woke us up and got us dressed in our snowsuits and we went out to the front porch, where he helped us put on our skates.

In hindsight, I doubt we were out there for more than twenty minutes. But how can I describe those twenty minutes, through an eight-year-old’s eyes? Everything I’ve grown up around suddenly made of crystal, the whole world from asphalt to the treetops shining in the old yellow streetlights like one diamond. Skating up and down the street, arms out like a superhero, stumbling over exposed pavement and turning around to try again. Ruining our skates, I’m sure, for a few minutes of surreal, magical flight up and down our block.

We were the only kids out there that night of the dozen or so young families on the block, and this is what I wanted to tell you about my Dad: he found this for us, this moment that was as close to magic as anything I’ve ever seen. And anybody else could have done that, sure. But nobody else did, and I doubt anybody believed me when I told them about it the next day or any day since, and I don’t care. I had dreams about it afterwards for years; to this day, sometimes, I still do.

He died early Sunday morning, slowing to a stop after his first decent, painless (I think, I hope) night’s sleep in a long time. And I’ll miss him, and I hope that when my time comes that I can show my family a fraction of the love and dedication that he did.

Goodbye, Dad. I love you.

horse-castle

A friend of mine has called me a glass-half-broken kind of guy.

My increasingly venerable Nokia N9 has been getting squirrelly for a few months, and since it finally decided its battery was getting on in years it was time for a new phone.

I’m going to miss it a lot. The hardware was just a hair too slow, the browser was just a hair too old and even though email was crisp and as well done as I’ve ever seen it on a small screen, Twitter – despite being the one piece of software that periodically got updates, strangely – was always off in the weeds. Despite all that, despite the storied history of managerial incompetence and market failure in that software stack, they got so many things right. A beautiful, solid UI, an elegant gesture system that you could work reliably one-handed and a device whose curved shape informed your interaction with the software in a meaningful way. Like WebOS before it, it had a consistent and elegantly-executed interaction model full of beautiful ideas and surprisingly human touches that have pretty much all died on the vine.

Some friends have been proposing a hedge-fund model where they follow my twitter feed, scrape it for any piece of technology I express interest in and then short that company’s stock immediately and mercilessly. The reasoning being, of course, that I tend to back underdogs and generally underdogs are called that because of their unfortunate tendency to not win.

So now I own a Nexus 5; do with that information what you will. The experience has not been uniformly positive.

Android, the joke goes, is technical debt that’s figured out how to call 911, and with KitKat it seems like somebody has finally sent help. For a while now Android has been struggling to overcome its early… well, “design process” seems like too strong a term, but some sort of UI-buglist spin-the-bottle thing that seemed to amount to “how can I ignore anyone with any sort of design expertise, aesthetic sensibility or even just matching socks and get this bug off my desk.” KitKat is clearly the point we all saw coming, where Android has pivoted away from being a half-assed OS to start being a whole-assed Google-services portal, and it really shows.

Look: I know I’m a jagged, rusty edge case. I know. But this is what happened next.

As you open the box, you find a protective plastic sheet over the device that says “NEXUS 5″ in a faint grey on black. If you don’t peel it off before pushing the power button, the Google logo appears, slightly offset and obscured behind it. It’s not a big thing; it’s trivial but ugly. If either word had been a few millimetres higher or lower it would have been a nice touch. As shipped it’s an empty-net miss, a small but ominous hint that maybe nobody was really in charge of the details.

I signed in with my Google Apps account and the phone started restoring my old apps from other Android installs. This is one of the things Google has done right for a long time; once you see it you immediately think it should have worked that way everywhere the whole time. But I didn’t realize that it restored the earlier version of the software you had on file, not the current one; most of my restored pre-KitKat apps crashed on startup, and it took me a while to understand why.

Once I’d figured that out and refreshed a few of them manually, set up my work email and decided to see if Google Goggles was neat as it was last time I looked. Goggles immediately crashed the camera service, and I couldn’t figure out how make the camera work again in any app without power-cycling the phone.

So I restart the phone, poked around at Hangouts a bit; seems nice enough and works mostly OK, could use some judicious copy-editing in the setup phase to sound a little less panopticon-stalkerish. (But we’re all affluent white men here it’s no big deal, right? Who doesn’t mind being super-easy to find all the time?)

I went to make dinner then, and presumably that’s when the phone started heating up.

Eventually I noticed that I’d lost about a quarter of my battery life over the course of an almost-idle hour, with the battery monitor showing that the mail I’d received exactly none of was the culprit. From what I can tell the Exchange-connection service is just completely, aggressively broken; it looks like if you set up the stock mail client for Exchange and pick “push” it immediately goes insane, checking for mail hundreds of times per second and trying to melt itself, and that’s exciting. But even if you dial it back to only check manually, after a while it just… stops working. A reboot doesn’t fix it, I’ve had to delete and recreate the account to make it work again. Even figuring out how to do that isn’t as easy as it should be; I’ve done it twice so far, one day in. So I guess it’s IMAP and I’ll figure calendars out some other way. We use Zimbra at the office, not Exchange proper, and their doc on connecting to Android hasn’t been updated in two years so that’s a thing. I’m totally fine in this corner, really. Cozy. I can warm my hands on my new phone.

I’ve been using my Bespoke I/O Google Apps accounts before Google doubled down on this grasping, awful “G+ Or GTFO” policy, and disabling G+ in Apps years ago has turned my first-touch experience with this phone into a weird technical tug-of-war-in-a-minefield exercise. On the one hand, it’s consistently protected me from Google’s ongoing “by glancing at this checkbox in passing you’re totally saying you want a Google+ account” mendacity, but it also means that lots of things on the phone fail in strange and wonderful ways. The different reactions of the various Play $X apps is remarkable. “Play Games” tells me I need to sign up for a G+ account and won’t let me proceed without one, Play Movies and Music seem to work for on-device content, and Play Magazines just loses its mind and starts into a decent imitation of a strobe light.

I went looking for alternative software, but The Play Store reminds me a lot more of Nokia’s Ovi Store than the App Store juggernaut in a lot of unfortunate ways. There are a handful of high-profile apps there work fast and well if you can find them. I miss Tweetbot and a handful of other iOS apps a lot, and keep going back to my iPod Touch for it. In what I’m sure is a common sentiment Tweetbot for Android is looking pretty unlikely at this point, probably because – like the Ovi Store – there’s a hundred low-rent knockoffs of the iOS app you actually want availabl, but developing for Android is a nightmare on stilts and you make no money so anything worth buying isn’t for sale there.

It’s really a very nice piece of hardware. Fast, crisp, big beautiful screen. Firefox with Adblock Plus is way, way better than anything else in that space – go team – and for that on its own I could have overlooked a lot. But this is how my first day with this phone went, and a glass that’s half-broken isn’t one I’m super happy I decided to keep drinking from.

I may revisit this later. Consider this a late draft. I’m calling this done.

“Should array indices start at 0 or 1? My compromise of 0.5 was rejected without, I thought, proper consideration.” — Stan Kelly-Bootle

Sometimes somebody says something to me, like a whisper of a hint of an echo of something half-forgotten, and it lands on me like an invocation. The mania sets in, and it isn’t enough to believe; I have to know.

I’ve spent far more effort than is sensible this month crawling down a rabbit hole disguised, as they often are, as a straightforward question: why do programmers start counting at zero?

Now: stop right there. By now your peripheral vision should have convinced you that this is a long article, and I’m not here to waste your time. But if you’re gearing up to tell me about efficient pointer arithmetic or binary addition or something, you’re wrong. You don’t think you’re wrong and that’s part of a much larger problem, but you’re still wrong.

For some backstory, on the off chance anyone still reading by this paragraph isn’t an IT professional of some stripe: most computer languages including C/C++, Perl, Python, some (but not all!) versions of Lisp, many others – are “zero-origin” or “zero-indexed”. That is to say, in an array A with 8 elements in it, the first element is A[0], and the last is A[7]. This isn’t universally true, though, and other languages from the same (and earlier!) eras are sometimes one-indexed, going from A[1] to A[8].

While it’s a relatively rare practice in modern languages, one-origin arrays certainly aren’t dead; there’s a lot of blood pumping through Lua these days, not to mention MATLAB, Mathematica and a handful of others. If you’re feeling particularly adventurous Haskell apparently lets you pick your poison at startup, and in what has to be the most lunatic thing I’ve seen on a piece of silicon since I found out the MIPS architecture had runtime-mutable endianness, Visual Basic (up to v6.0) featured the OPTION BASE flag, letting you flip that coin on a per-module basis. Zero- and one-origin arrays in different corners of the same program! It’s just software, why not?

All that is to say that starting at 1 is not an unreasonable position at all; to a typical human thinking about the zeroth element of an array doesn’t make any more sense than trying to catch the zeroth bus that comes by, but we’ve clearly ended up here somehow. So what’s the story there?

The usual arguments involving pointer arithmetic and incrementing by sizeof(struct) and so forth describe features that are nice enough once you’ve got the hang of them, but they’re also post-facto justifications. This is obvious if you take the most cursory look at the history of programming languages; C inherited its array semantics from B, which inherited them in turn from BCPL, and though BCPL arrays are zero-origin, the language doesn’t support pointer arithmetic, much less data structures. On top of that other languages that antedate BCPL and C aren’t zero-indexed. Algol 60 uses one-indexed arrays, and arrays in Fortran are arbitrarily indexed – they’re just a range from X to Y, and X and Y don’t even need to be positive integers.

So by the early 1960’s, there are three different approaches to the data structure we now call an array.

  • Zero-indexed, in which the array index carries no particular semantics beyond its implementation in machine code.
  • One-indexed, identical to the matrix notation people have been using for quite some time. It comes at the cost of a CPU instruction to manage the offset; usability isn’t free.
  • Arbitrary indices, in which the range is significant with regards to the problem you’re up against.

So if your answer started with “because in C…”, you’ve been repeating a good story you heard one time, without ever asking yourself if it’s true. It’s not about *i = a + n*sizeof(x) because pointers and structs didn’t exist. And that’s the most coherent argument I can find; there are dozens of other arguments for zero-indexing involving “natural numbers” or “elegance” or some other unresearched hippie voodoo nonsense that are either wrong or too dumb to rise to the level of wrong.

The fact of it is this: before pointers, structs, C and Unix existed, at a time when other languages with a lot of resources and (by the standard of the day) user populations behind them were one- or arbitrarily-indexed, somebody decided that the right thing was for arrays to start at zero.

So I found that person and asked him.

His name is Dr. Martin Richards; he’s the creator of BCPL, now almost 7 years into retirement; you’ve probably heard of one of his doctoral students Eben Upton, creator of the Raspberry Pi. I emailed him to ask why he decided to start counting arrays from zero, way back then. He replied that…

As for BCPL and C subscripts starting at zero. BCPL was essentially designed as typeless language close to machine code. Just as in machine code registers are typically all the same size and contain values that represent almost anything, such as integers, machine addresses, truth values, characters, etc. BCPL has typeless variables just like machine registers capable of representing anything. If a BCPL variable represents a pointer, it points to one or more consecutive words of memory. These words are the same size as BCPL variables. Just as machine code allows address arithmetic so does BCPL, so if p is a pointer p+1 is a pointer to the next word after the one p points to. Naturally p+0 has the same value as p. The monodic indirection operator ! takes a pointer as it’s argument and returns the contents of the word pointed to. If v is a pointer !(v+I) will access the word pointed to by v+I. As I varies from zero upwards we access consecutive locations starting at the one pointed to by v when I is zero. The dyadic version of ! is defined so that v!i = !(v+I). v!i behaves like a subscripted expression with v being a one dimensional array and I being an integer subscript. It is entirely natural for the first element of the array to have subscript zero. C copied BCPL’s approach using * for monodic ! and [ ] for array subscription. Note that, in BCPL v!5 = !(v+5) = !(5+v) = 5!v. The same happens in C, v[5] = 5[v]. I can see no sensible reason why the first element of a BCPL array should have subscript one. Note that 5!v is rather like a field selector accessing a field in a structure pointed to by v.

This is interesting for a number of reasons, though I’ll leave their enumeration to your discretion. The one that I find most striking, though, is that this is the earliest example I can find of the understanding that a programming language is a user interface, and that there are difficult, subtle tradeoffs to make between resources and usability. Remember, all this was at a time when everything about the future of human-computer interaction was up in the air, from the shape of the keyboard and the glyphs on the switches and keycaps right down to how the ones and zeros were manifested in paper ribbon and bare metal; this note by the late Dennis Ritchie might give you a taste of the situation, where he mentions that five years later one of the primary reasons they went with C’s square-bracket array notation was that it was getting steadily easier to reliably find square brackets on the world’s keyboards.

“Now just a second, Hoye”, I can hear you muttering. “I’ve looked at the BCPL manual and read Dr. Richards’ explanation and you’re not fooling anyone. That looks a lot like the efficient-pointer-arithmetic argument you were frothing about, except with exclamation points.” And you’d be very close to right. That’s exactly what it is – the distinction is where those efficiencies take place, and why.

BCPL was first compiled on an IBM 7094here’s a picture of the console, though the entire computer took up a large room – running CTSS – the Compatible Time Sharing System – that antedates Unix much as BCPL antedates C. There’s no malloc() in that context, because there’s nobody to share the memory core with. You get the entire machine and the clock starts ticking, and when your wall-clock time block runs out that’s it. But here’s the thing: in that context none of the offset-calculations we’re supposedly economizing are calculated at execution time. All that work is done ahead of time by the compiler.

You read that right. That sheet-metal, “wibble-wibble-wibble” noise your brain is making is exactly the right reaction.

Whatever justifications or advantages came along later – and it’s true, you do save a few processor cycles here and there and that’s nice – the reason we started using zero-indexed arrays was because it shaved a couple of processor cycles off of a program’s compilation time. Not execution time; compile time.

Does it get better? Oh, it gets better:

IBM had been very generous to MIT in the fifties and sixties, donating or discounting its biggest scientific computers. When a new top of the line 36-bit scientific machine came out, MIT expected to get one. In the early sixties, the deal was that MIT got one 8-hour shift, all the other New England colleges and universities got a shift, and the third shift was available to IBM for its own use. One use IBM made of its share was yacht handicapping: the President of IBM raced big yachts on Long Island Sound, and these boats were assigned handicap points by a complicated formula. There was a special job deck kept at the MIT Computation Center, and if a request came in to run it, operators were to stop whatever was running on the machine and do the yacht handicapping job immediately.

Jobs on the IBM 7090, one generation behind the 7094, were batch-processed, not timeshared; you queued up your job along with a wall-clock estimate of how long it would take, and if it didn’t finish it was pulled off the machine, the next job in the queue went in and you got to try again whenever your next block of allocated time happened to be. As in any economy, there is a social context as well as a technical context, and it isn’t just about managing cost, it’s also about managing risk. A programmer isn’t just racing the clock, they’re also racing the possibility that somebody will come along and bump their job and everyone else’s out of the queue.

I asked Tom Van Vleck, author of the above paragraph and also now retired, how that worked. He replied in part that on the 7090…

“User jobs were submitted on cards to the system operator, stacked up in a big tray, and a rudimentary system read, loaded, and ran jobs in sequence. Typical batch systems had accounting systems that read an ID card at the beginning of a user deck and punched a usage card at end of job. User jobs usually specified a time estimate on the ID card, and would be terminated if they ran over. Users who ran too many jobs or too long would use up their allocated time. A user could arrange for a long computation to checkpoint its state and storage to tape, and to subsequently restore the checkpoint and start up again.

The yacht handicapping job pertained to batch processing on the MIT 7090 at MIT. It was rare — a few times a year.”

So: the technical reason we started counting arrays at zero is that in the mid-1960’s, you could shave a few cycles off of a program’s compilation time on an IBM 7094. The social reason is that we had to save every cycle we could, because if the job didn’t finish fast it might not finish at all and you never know when you’re getting bumped off the hardware because the President of IBM just called and fuck your thesis, it’s yacht-racing time.

There are a few points I want to make here.

The first thing is that as far as I can tell nobody has ever actually looked this up.

Whatever programmers think about themselves and these towering logic-engines we’ve erected, we’re a lot more superstitious than we realize. We tell and retell this collection of unsourced, inaccurate stories about the nature of the world without ever doing the research ourselves, and there’s no other word for that but “mythology”. Worse, by obscuring the technical and social conditions that led humans to make these technical and social decisions, by talking about the nature of computing as we find it today as though it’s an inevitable consequence of an immutable set of physical laws, we’re effectively denying any responsibility for how we got here. And worse than that, by refusing to dig into our history and understand the social and technical motivations for those choices, by steadfastly refusing to investigate the difference between a motive and a justification, we’re disavowing any agency we might have over the shape of the future. We just keep mouthing platitudes and pretending the way things are is nobody’s fault, and the more history you learn and the more you look at the sad state of modern computing the the more pathetic and irresponsible that sounds.

Part of the problem is access to the historical record, of course. I was in favor of Open Access publication before, but writing this up has cemented it: if you’re on the outside edge of academia, $20/paper for any research that doesn’t have a business case and a deep-pocketed backer is completely untenable, and speculative or historic research that might require reading dozens of papers to shed some light on longstanding questions is basically impossible. There might have been a time when this was OK and everyone who had access to or cared about computers was already an IEEE/ACM member, but right now the IEEE – both as a knowledge repository and a social network – is a single point of a lot of silent failure. “$20 for a forty-year-old research paper” is functionally indistinguishable from “gone”, and I’m reduced to emailing retirees to ask them what they remember from a lifetime ago because I can’t afford to read the source material.

The second thing is how profoundly resistant to change or growth this field is, and apparently has always been. If you haven’t seen Bret Victor’s talk about The Future Of Programming as seen from 1975 you should, because it’s exactly on point. Over and over again as I’ve dredged through this stuff, I kept finding programming constructs, ideas and approaches we call part of “modern” programming if we attempt them at all, sitting abandoned in 45-year-old demo code for dead languages. And to be clear: that was always a choice. Over and over again tools meant to make it easier for humans to approach big problems are discarded in favor of tools that are easier to teach to computers, and that decision is described as an inevitability.

This isn’t just Worse Is Better, this is “Worse Is All You Get Forever”. How many off-by-one disasters could we have avoided if the “foreach” construct that existed in BCPL had made it into C? How much more insight would all of us have into our code if we’d put the time into making Michael Chastain’s nearly-omniscient debugging framework – PTRACE_SINGLESTEP_BACKWARDS! – work in 1995? When I found this article by John Backus wondering if we can get away from Von Neumann architecture completely, I wonder where that ambition to rethink our underpinnings went. But the fact of it is that it didn’t go anywhere. Changing how you think is hard and the payoff is uncertain, so by and large we decided not to. Nobody wanted to learn how to play, much less build, Engelbart’s Violin, and instead everyone gets a box of broken kazoos.

In truth maybe somebody tried – maybe even succeeded! – but it would cost me hundreds of dollars to even start looking for an informed guess, so that’s the end of that.

It’s hard for me to believe that the IEEE’s membership isn’t going off a demographic cliff these days as their membership ages, and it must be awful knowing they’ve got decades of delicious, piping-hot research cooked up that nobody is ordering while the world’s coders are lining up to slurp watery gruel out of a Stack-Overflow-shaped trough and pretend they’re well-fed. You might not be surprised to hear that I’ve got a proposal to address both those problems; I’ll let you work out what it might be.

Watching

Before they were called cubicles, the prefabricated office furniture we all now take despondently for granted was part of an idea called an “Action Office”. Though they’ve apparently lost their way at Herman Miller where the idea was born the idea was, at least in part, that:

[...] during the 20th century, the office environment had changed substantially, especially when considering the dramatic increase in the amount of information being processed. Despite the change in what an employee had to analyze, organize, and maintain on a daily basis, the basic layout of the corporate office had remained largely unchanged, with employees sitting behind rows of traditional desks in a large open room that was devoid of privacy. Propst’s studies suggested that an open environment actually reduced communication between employees, and impeded personal initiative. On this, Propst commented that “one of the regrettable conditions of present day offices is the tendency to provide a formula kind of sameness for everyone.“ In addition, the employee’s bodies were suffering from long hours of sitting in one position. Propst concluded that office workers require both privacy and interaction, depending on which of their many duties they were performing.

Action offices, in short, were meant to provide a variety of environments and physical working positions, so people weren’t forced into a single space and position for the whole day. Which, it turns out, is really really bad for you. That’s not the history of office furniture we know, of course – all it quickly became was a cheap way of providing prefab desks and air circulation to shabby, beige and slightly greenishly-lit cubefarms furnished by the lowest bidder, because the invisible hand of the free market likes nothing better than flipping off the proles. But the idea, at least, had a lot of merit.

About three weeks ago, I switched to a standing desk. It’s this bolt-on model, and while I love it, it’s not perfect. My desk has an unfortunate amount of of flex to it, making the heavy Ergotron dingus a bit bouncy, but I’ve mostly addressed that that a bit by screwing in an extra table leg just under the bracket.

I love it. A lot. I don’t think I’m going to be able to go back to using an office chair.

What moved me to do this was two things. First: after poking around, the best information available suggests that spending ten or fifteen hours a day sitting is approximately as bad for you as smoking, and in a lot of ways worse. The other thing was that largely of curiosity I picked up a Jawbone Up wristband and, doubling down on the metrics tools, a Fitbit One*.

Whatever else those Quantified Life dongles claim, the one thing they can do very accurately is tell you how much time you spend doing nothing. And would you look at that, it turns out that I spend… nineteen hours or more of a typical day basically immobile. Um, that can’t be good. I’m going to have to do something about that.

During the first week. you really feel it. All those little muscles in my back that I really hadn’t been using, they expressed considerable displeasure at being suddenly called back into active duty, and understandably given the abusive relationship I’ve had with my knees, they’re were right there in line too. But sometime late in week two, that all settled right down. Even biking to work and lifting stuff around the house, back and knee pains I’ve had for years are going away, my posture is clearly getting better and that oh-god-it’s-painful-to-stand-up process I used to experience after uncoiling from an hour or four over hunched over a terminal just doesn’t happen anymore.

I feel unaccountably strong. I doubt I’m actually any stronger than I was a month ago, but I end my day feeling like I’ve put in a day of real work and I’m looking forward to the bike ride home, rather than feeling like I’m spent and I’ve got to drag my sorry ass across town again, and that’s not nothing.

I don’t know who’s got my chair at MoTo right now, and I don’t care. I think I’m pretty much done with it.

I wouldn’t have thought that mathematics or signal processing would have a cultural bent, but I just sat through a conference call where everyone was reasonably clear except for one guy, with a pronounced central-African accent, whose voice was getting audibly butchered by the noise cancellation algorithm on the line. The beginning of every sentence, and every pause, was punctuated by a sort of wierd, static-and-squarewave tug-of-war with the background noise.

I think it’s some combination of his accent and cadence of his speech, and it was really weird to notice the trend. On reflection, it makes perfect sense – algorithms optimized for the majority, as defined by the people who wrote them, would of course have a cultural impact on people at the margins – it just hadn’t occurred to me how that would work until just now.

Bricks

I was going to write this to an internal mailing list, following this week’s PRISM excitement, but I’ve decided to put it here instead. It was written (and cribbed from other stuff I’ve written elsewhere) in response to an argument that encrypting everything would somehow solve a scary-sounding though imprecisely-specified problem, a claim you may not be surprised to find out I think is foolish.

I’ve written about this elsewhere, so forgive me, but: I think that it’s a profound mistake to assume that crypto is a panacea here.

Backstory time: in 1993, the NSA released SHA, the Secure Hashing Algorithm; you’ve heard of it, I’m sure. Very soon afterwards – months, I think? – they came back and said no, stop, don’t use that. Use SHA-1 instead, here you go.

No explanation, nothing. But nobody else could even begin to make a case either way, so SHA-1 it is.

It’s 2005 before somebody manages to generate one, just one, collision in what’s now called SHA-0, and they do that by taking a theoretical attack that gets you close to a collision, generalizing it and running it for around 80,000 CPU hours or so on a machine with 256 Itanium-2 processors running this one job flat out for two weeks.

That hardware straight up didn’t exist in 1993. That was the year the original Doom came out, for what it’s worth, so it’s very likely that the “significant weakness” they found was found by a person or team of people scribbling on a whiteboard. And, note, they found the weaknesses in that algorithm in the weeks after publication when those holes – or indeed “any holes at all” – would take the public-facing crypto community more than a decade to discover were a theoretical possibility.

Now, wash that tender morsel down with this quote from an article in Wired quoting James Bamford, longtime writer about all things NSA:

“According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.”

“Many average computer users in the US”? Welp. That’s SSL, then.

So odds are good that what we here in the public and private sectors consider to be strong crypto isn’t much more of an impediment for the NSA than ROT-13. In the public sector AES-128 is considered sufficient for information up to level “secret” only; AES-256 is for “top secret”, and both are part of the NSA’s Suite B series of cryptographic algorithms, outlined here.

Suite A is unlikely to ever see the light of day, not even so much as their names. The important thing that this suggests is that the NSA may internally have a class break for their recommended Series B crypto algorithms, or at least an attack that makes decryption computationally feasible for a small set of people that includes themselves, and indeed for anything weaker, or with known design flaws.

The problem that needs to be addressed here is a policy problem, not a technical one. And that’s actually great news, because if you’re getting into a pure-math-and-computational-power arms race with the NSA, you’re gonna have a bad time.

A little while ago, the espresso machine in our office broke down. This doomsday scenario is, and I say this without the least bit of hyperbole, the most catastrophically dire situation that can exist in this or any other possible universe. If the intertubes felt slow for you the last few weeks, that’s probably why.

After a while, I started asking a colleague, Sean Martell, to ‘shop up some old war propaganda every few days, to express our dismay.

So, here you go.

We Need Coffee To Survive

It Can Happen Here

We Can Do It

Mercifully it is now fixed, and productivity should normalize in a day or two.

So, this is a cute trick that’s been making the rounds:

In Firefox, right-click your bookmarks bar and pick “new bookmark”. Call it “Quick Notepad”, and in the Location box, put:

data:text/html,<html contenteditable>

and now when you click on that bookmark, your browser window will basically become Notepad, a very light text editor. File -> Save works great, too.

Perhaps better, if you check the “Load this bookmark in the sidebar” option, that will give you an nice little way of making notes about a tab, though unfortunately this option isn’t easy to save.