IT is not magic pixiedust

Security is overrated

geekdom, IT is not magic pixiedust
Published on

Charlie Stross has made a little list of where computer science went wrong:

I’m compiling a little list, of architectural sins of the founders (between 1945 and 1990, more or less) that have bequeathed us the current mess. They’re fundamental design errors in our computing architectures; their emergent side-effects have permitted the current wave of computer crime to happen …

Let’s not quibble about the examples Charlie gives, but assume that he is right to say that these are what makes computer crimes of all sort possible. But does it matter? Or should we just look at computer crime as an unfortunate cost of actually being able to do something useful with computers? Of the six specific “sins” Charlie mentions (von Neumann architecture, String handling in C, TCP/IP lacking encryption, The World Wide Web, User education and Microsoft) at least three are the way they are because that’s what made them useful in the first place. Von Neumann architecture, where data and code are stored in the same memory and can be freely mixed made it much easier to program computers, hack them to do all kinds of tricks and squeeze the most out of limited means — not so important now perhaps, but very important even a few decades ago. TCP/IP being simple and largely unsecure makes it easy to setup and use; it’s a “good enough” solution to the problem of coupling disparate computers and networks together. The World Wide Web is again something that worked from the start and could evolve itself towards ever increasing complexity, as the hackability that does make it vulnerable to attack also meant it could be extended quite easily to scale up and deal with new demands.

Even Microsoft, evil as it is and crappy as much of its software still remains, is the way it is because it has consistently tried to give people useful hacks rather than properly designed vapourware. Ironic as it is, I’ve always had the sneaking suspicion MS DOS and Windows did as well as they did because they were so open and easy to hack around in compared to their competitors.

As Charlie admits, the most secure mainstream computer today is perhaps the IPad, in which basically you can only do what Steve Jobs allows you to do: a consumer device like your television more than a real computer. Any fule knows that security comes at the expense of usability: the more secure a computer the less you can do with it, certainly the less you can use it in unexpected ways. The other side of the medal is that with increased freedom comes greater vulnerability.

On the other hand, even if the right choices had been made way back when, does anybody doubt that with our reliance on computers and the internet in our daily lives and businesses, computer crime would be any less? You use something, it will be abused.

Link like it’s 1995

IT is not magic pixiedust, Law in action
Published on

It’s hard to imagine these days, but remember back in the nineties when the web started to go mainstream and all sort of not very IT aware companies took their first baby steps on it? Remember how quite a few of those companies just didn’t understand linking and how some of those tried to get their lawyers to forbid socalled deeplinking, wanting to gain control of whoever was linking to them and requiring them to only link to their homepage, rather than “deeplinking” to a specific page on the site? Well, it seems in some remote corner of Belgium it’s still 1995, as the national railways have forbidden links to anything but their welcome page (in dutch).

Specifically, the NMBS doesn’t like it when you link to this page (Dutch), explaining how you can get compensation when your train is delayed. At least one blogger who linked to this page got a cease and desist letter for their troubles (Dutch again). Very likely the NMBS doesn’t have a leg to stand on, but I’m not a lawyer and the chilling effect is bad enough. Even if a blogger could win a lawsuit, the question is whether they could afford one. It’s all deeply silly, symptomatic of a company that doesn’t understand the internet or why they should be doing more with it.

On Kindle will reading highlights become ads?

"Literature", IT is not magic pixiedust, Life under Capitalism
Published on 1 Comment on On Kindle will reading highlights become ads?

In the same vein as that Facebook security leak that’s gotten Palau annoyed over at Prog Gold, here comes another scary story about how we’re losing our privacy and paying for the priviledge. This time it’s the Kindle that’s at the heart of it. Via Matt Ruff:

The Amazon Kindle, Kindle for iPhone and Kindle for iPad each provide a very simple mechanism for adding highlights. Every month, Kindle customers highlight millions of book passages that are meaningful to them.

We combine the highlights of all Kindle customers and identify the passages with the most highlights. The resulting Popular Highlights help readers to focus on passages that are meaningful to the greatest number of people. We show only passages where the highlights of at least three distinct customers overlap, and we do not show which customers made those highlights…

Matt invented a similar scheme for his novel Bad Monkeys, involving a bug in the spine of physical books noting how long you spent reading each page, so he’s a bit miffed somebody made his paranoid fantasy real. The next step is to sell ads based on this data… It reminds me slightly of the soup ads the German publisher of Terry Pratchett’s Discworld novels used to insert in his books. They’re not his publisher anymore.

Socialist Unity gets dragged into Toube libel suit

IT is not magic pixiedust, Law in action
Published on 1 Comment on Socialist Unity gets dragged into Toube libel suit

The supposed libel case George Galloway has mounted against David Toube for a comment he left at Socialist Unity has now dragged the latter in:

Many readers will be aware that George Galloway and Kevin Ovenden are each seeking redress from David Toube of Harry’s Place for a libellous comment made by David on this blog back in December.

Last Wednesday I received a letter from Mr Toube’s solicitors saying that should either or both of these libel actions proceed then David Toube will seek to join me as a third-party (part 20) defendant and will seek full indemnity from me in respect of all costs and other liabilities that Mr Toube incurs under the Civil Liability (contribution) Act 1978.

In essence, despite all his huffing and puffing about free speech, David Toube has the chutzpah to publish comments on this blog, and then when faced with the consequences, is seeking to hold me legally responsible for his own actions.

In fact I do consider that the comment made by David T was libellous, and I sought to mitigate that libel by refuting the inaccurate content in subsequent comments on the same thread. This blog does not operate pre-publication moderation, so David Toube’ comment appeared and was read by hundreds of people without any participation whatsoever by the administraors of Socialist Unity blog.

If David Toube’s legal argument is successful, it will mean the end of blogging as we know it, as the burden of responsibility for libel will be shifted to the registered proprietors of blogs, and people posting libellous comments will seek to hide behind the blog owners to avoid legal responsibility.

Unfortunately for Andy, his assumptions here are slightly wrong. The way he puts it, he seems to think that David Toube’s action to drag Socialist Union into this suit is wrong, as if without this action he couldn’t be hold liable for David’s alleged libelous comment. However, this is not true. Had Galloway wanted to, he could’ve held Socialist Unity responsible from the start. Now I’m not a lawyer, so treat the following with all due skepticism.

There’s a semi-famous libel case called Godrey vs Demon Internet 1999 which already gives that chilling effect that Andy worries about. In that case Demon was held responsible for an Usenet post not even posted but propagated through their servers and the judge found that the “common carrier” defence Demon mounted (i.e. you can’t hold the post office responsible for a libelous letter) wasn’t adequate.

Which means that any blog with comments can probably be hold responsible for its commenters already, more so if said blog already screens comments, as Socialist Unity does, as it has banned several commenters for being disruptive (including yours truly). For Andy therefore to think he has no part in this when he led the allegedly libelous comment stand, when he has deleted other comments (including ones for possible libelous intent) and even banned people, is somewhat premature. The idea is that the more you filter, the more you become like a publisher, hence responsible for the content of the comments you allow, whether you agree with them or not. As such, a blog can therefore have a duty of care to remove comments that are held to be libelous at the very least when they are pointed out to them, or face the consequences in court.

At the time the judgement in Godfrey vs Demon 1999 was given there was somewhat of a panic about what this meant in practical terms. Should all Usenet post be pre-vetted, or would Usenet be dropped by internet providers as not worth the trouble? The upshot was that many ISPs started removing posts as soon as they got complaints about them, which is a course also open to blogs. This may have a chilling effect, in that malicious people could complain about reasonable comments then removed by blog owners fearful of costly ligitation, but I’m not sure how much of an effect it has had so far…

Now personally I think Galloway has had some grounds to complaint about David’s original comment, but think he should have complained to Andy/Socialist Unity directly, as David himself couldn’t remove the comment anyway, only ask SU to do so for him. The more so considering the ties Socialist Unity has to Respect and Galloway anyway.

Chatroulette: old skool internet

geekdom, IT is not magic pixiedust
Published on

Says danah boyd:

I love the way that it mixes things up. For most users of all ages – but especially teens – the Internet today is about socializing with people you already know. But I used to love the randomness of the Internet. I can’t tell you how formative it was for me to grow up talking to all sorts of random people online. So I feel pretty depressed every time I watch people flip out about the dangers of talking to strangers. Strangers helped me become who I was. Strangers taught me about a different world than what I knew in my small town. Strangers allowed me to see from a different perspective. Strangers introduced me to academia, gender theory, Ivy League colleges, the politics of war, etc. So I hate how we vilify all strangers as inherently bad. Did I meet some sketchballs on the Internet when I was a teen? DEFINITELY. They were weird; I moved on. And it used to be a lot harder to move on when everything was attached to an email that was paid for.

This is the one thing I miss the most about the idea of Usenet (as opposed to the current reality of it, a cesspool of obsessives and spammers). Usenet’s structure was a topdown, subject based hierarchy of groups: if you hate Barney the dinosaur there was only one place to go to: alt.barney-dinosaur.die.die.die, so you were forced to mix it up with all kinds of people, some which you liked, some which you didn’t, some you hated. It didn’t matter, they were all part of the same community, something you don’t have as much with blogs, let alone Facebook and such.

It’s not entirely black and white of course: Usenet groups did often evolve into semi-closed communities which you had to adjust to to fit in and you can have inter- and intrablog dialogues on something approaching the same scale as was possible on Usenet. But it still seems to me that online socialising has become much more splintered and individualised, with online public spaces now (part-)privatised.