Summary page 34 of 36

Warning: This has been migrated from an earlier blog server. Links, images, and styles from postings before 2018 may be funky.

02 Oct 2003 — The mystery of the missing argument

Both IBM, in its counterclaims against SCO, and Red Hat, in its suit for declaratory judgement against SCO, assert that SCO knows that its statements about Linux’s IP infringements are nonsense, and they’re just trying to pump their stock by libeling their competition. (See IBM counterclaims, ¶ 65; Red Hat complaint, ¶¶ 67–69.) It’s interesting that neither IBM nor Red Hat make an argument that Moglen made in his OSDL position paper:

Even if Linux does infringe on an SCO copyright, the only people who are liable for that infringement are people who distribute copies of Linux. Merely using a program whose code violates someone else’s copyright is not illegal. Therefore, SCO’s offer to sell UNIX licenses to Linux end-users, and its threats to sue Linux users who don’t buy the licenses (Red Hat complaint, ¶¶ 42, 45, 59–61), cannot be justified as an attempt to cash in on SCO’s legitimate IP rights; it’s a shakedown operation, plain and simple.

Do IBM’s lawyers know something that Moglen doesn’t? Or are lawyers in the computer industry so accustomed to draconian licensing agreements that they didn’t notice this point?

02 Oct 2003 — One sentence that speaks volumes about this Administration

My favorite line from Robert Novak’s September 29 column, George W. In Trouble: “Reporters regularly on [the White House] beat say they have been getting their telephone calls returned the last two weeks.”

via Kos

02 Oct 2003 — Bring ’em on

Eben Moglen, FSF general counsel, on 10 September 2001:

“Look,” I say, “at how many people all over the world are pressuring me to enforce the GPL in court, just to prove I can. I really need to make an example of someone. Would you like to volunteer?”

The SCO Group, on 29 September 2003, responding to IBM’s latest counterclaims in SCO v. IBM:

The GPL has never faced a full legal test, and SCO believes that it will not stand up in court. We are confident that SCO will win the legal battle that IBM has now started over the GPL.

17 Sep 2003 — The right way to talk about computer security

Recently, Americans had to deal with two expensive failures in an infrastructure that millions of people use every day. In one of these failures, the blackout that struck much of the Northeast, the mass media quickly turned from a description of the blackout itself to a discussion of faults in the infrastructure, namely, the power grid. In the other, the one-two-three punch of Blaster, Welchia, and SoBig.F, hardly anyone in the mainstream is discussing the weakness in the corresponding infrastructure, Microsoft Windows, which has helped the worms spread so rapidly.

(A welcome exception is this Washington Post column, brought to me courtesy Kevin Drum, who also demonstrates why experienced Windows users will put off “critical” patches to their operating systems as long as they have something better to do with their time, e.g., root-canal work.)

Linux and Mac fans, of course, have noticed this media tunnel-vision every time a Windows exploit makes the front pages, all the way back to the Melissa virus. Every time it happens, we grind our teeth, mutter imprecations against Bill Gates, and wonder when reality will catch up with Microsoft’s marketing budget. I would suggest, however, that the way we geeks talk about security affects the way ~~suits~~normal people think about security, in a way that discourages them from seeking alternatives to Microsoft.

The wrong metaphor: war

Geeks of every OS religion share a vocabulary of computer security, and most of the terms in that vocabulary have military connotations. Passwords are cracked, and systems are penetrated, by exploits. Hosts on a network that need to be exposed to the public, but don’t have sensitive information on them, are put in a DMZ. Some operating systems have back doors that bypass whatever security their administrators have set up; in other cases, a program might accept an input that smashes the stack. Crackers find vulnerable dialup lines through war dialing and find vulnerable wireless Internet connections through war driving. Disgruntled employees set logic bombs to take revenge on their managers. A file that was advertised as a Britney Spears picture turns out to be a Trojan horse. You get the idea.

People who are familiar with computer security understand where the dramatic metaphor ends and where prosaic reality begins. If I have a physical firewall around my computer, and someone lights a physical fire outside of it, the safety of my computer depends on the resources of the arsonist: with the right chemicals, any firewall can be turned to rubble. If I have an electronic “firewall” between my computer and the public Internet, and the firewall is configured to block all incoming traffic, the world’s most brilliant network engineers with the world’s most powerful computers will not be able to override the firewall simply by sending packets to it over the Internet.

But try to think like someone who doesn’t know much about computer security, doesn’t have the time or inclination to learn, and doesn’t know how to interpret the metaphors. Microsoft is the largest and wealthiest software company in the world, and Windows and Office are their flagship products. Surely, if they are vulnerable to computer viruses, then any comparable products from any competitor must be at least as vulnerable. Any claim that an operating system written by a bunch of volunteers is more secure than Windows doesn’t deserve a moment’s serious consideration — you might as well say that instead of using the United States Army to restore order to Iraq, we’d be better off sending in a few high-school marching bands.

The other wrong metaphor: disease

When people talk about computer worms and viruses, or say their server is infected, they are of course using a biological metaphor instead of a military one. Many geeks also assert that the Windows “monoculture” in the computer world makes it easier for worms to propagate. But they, too, are confusing the metaphor with the facts.

Why is biodiversity such a good defense against biological pathogens? Beyond a certain point, you can be too effective at defending yourself against bacteria — so effective that you starve to death, or suffer allergic reactions to all the available food, instead of eating something that might infect you. Every organism has to trade off a need to protect itself against infection with a need to eat, and breathe, and otherwise interact with a disease-filled world. For a species whose reproductive cycle is a few thousand times slower than a bacterium’s, part of that trade-off involves making your body chemistry as distinct as possible from your neighbors, to minimize the chance that a bug that infected your neighbors will be able to infect you. By the same token, a pathogen that can infect a wide range of hosts is paying a metabolic cost for its ability, and risks losing the evolutionary competition to a strain that can attack a smaller range of hosts with a lower energy expenditure.

Thus, in nature, we see pathogens that specialize and hosts that individualize. Diseases that cross from one species to another are the exception rather than the rule, and even for an extremely virulent disease (e.g., smallpox and Ebola), some hosts in the target species are naturally immune.

But these budget constraints, so to speak, do not apply to computers or computer “viruses”. They are artifacts constrained by human desire and skill, not organisms constrained by natural selection. A computer needs electricity to run, not a fresh supply of executable software from sources that its owners cannot trust. If the authors of SoBig.F had designed it to attack Linux as well as Windows systems, the worm would have taken up a few more kilobytes of hard-disk space and taken a few more milliseconds to travel from one host to another, but this burden would not have saved a single Windows machine from infection.

The right metaphor: con job

This is how to explain computer security to the general public:

Disguise, not force, is the essence of the confidence game. A criminal masquerades as a bank examiner, or a roll of dollar bills is switched with a stack of worthless paper. Likewise, in order to subvert a computer system without physically touching it, the attacker must impersonate privileges that he or she does not legitimately have.

Money and power can insulate a person or corporation against physical attacks, but not against cons. Consider, for example, the phoner toner scam: an office worker buys “discount” printer toner from someone who pretends to be the company’s regular supplier, and receives a case of poor-quality toner and an overinflated bill. The owner of a small company with low turnover can give all of its employees corporate credit cards, tell everyone to be careful, and trust that losses to this kind of scam will be rare and controllable. The directors of a large company can limit which employees have the power to spend the company’s money and impose rules on how it may be spent (for example, by only allowing them to get office supplies from authorized vendors). But a large company that doesn’t impose such controls is going to leak money — from “phoner toner” and similar scams, from employees who are careless about spending their employer’s funds, a
nd from deliberate fraud by insiders.

Imagine a company that starts out by treating its assets as a pool from which every worker can draw, grows into a huge firm without changing this attitude, and suffers humiliating losses from one crook after another. The directors add financial controls, but employees, even the honest ones, bitterly resist them. Why? Over the years, cliques within the firm have developed informal systems for sharing and exchanging resources. These systems have served the company and its customers well, but they are incompatible with the new regime. To avoid outright revolt, the directors quickly scale back their plans, trying to minimize the imposition on their employees, and institute piecemeal reforms. But because of the company’s great wealth, the number of employes with positions of financial responsibility, and its reputation as an easy mark, other criminals continue to probe the weaknesses in the system, and the losses continue.

That company is a metaphor for Microsoft Windows. Since its pre-Internet days, Windows has been designed to make it easy for programs to share information. If you’re a programmer who writes applications for Windows, or who is adding features to the operating system itself, this is very convenient. If, however, you’re trying to secure a Windows machine, or fix a Windows security hole without breaking something else, the reverse is true.

For example, after installing the recent patches to shield themselves from the Blaster worm, some users report that they can no longer connect to remote Microsoft Exchange email servers. By contrast, your humble author found out about an SSH security hole while composing this message, and upgraded the machine that serves this Web page without even breaking his laptop’s connection to it.

Even with the best tools, it is hard to write robust software, and Microsoft’s popularity makes it an especially attractive target for vandals. But these two facts are not enough to explain the high cost of Windows security holes. This cost is a by-product of the design of Microsoft Windows, and until Microsoft’s customers demand some fundamental changes in that design, they will continue to pay that cost.

Not just Microsoft

Before open-source fans get too smug, I should remind them that BIND and sendmail, two venerable open-source packages, have long been poster children for bad security. Judging from what others have written about them, they suffer from the same design weaknesses as Windows, on a smaller scale. Fortunately, for both of these packages, there are a variety of competing open-source packages that provide almost all the same functionality.

26 Aug 2003 — The evolution of slash

Catherine Salmon and Donald Symon have written a book, Warrior Lovers, in which they try to use evolutionary psychology (or sociobiology, or whatever they’re calling it this year) to explain slash fiction. This strikes me as a silly idea on its face, but Henry Farrell was brave enough to read the book, and reports that yes, it is a silly idea.

26 Aug 2003 — The advance of civilization

Then:

One boy,
Boy for sale.
He’s going cheap.
Only seven guineas.
That—or thereabouts.

Now:

They rose before the sun on a crisp September day in 2001 and headed off on the long drive from Groton to Fenway Park. Sticking close together, and to the social workers who drove them in, Joe and Art found their way into the old stadium and out onto the mesmerizing green of the field…

It was an “adoption party,” one of the festive but controversial such events organized by public and private agencies. Interested adults were invited to scan the crowd of foster children from a distance and, reserving a measure of anonymity, ponder whether to take the first cautious step toward adoption.

25 Aug 2003 — Quiquid latine dictum, altum videtur

In the course of an otherwise interesting commentary on last week’s parsha, Rabbi Avraham Fischer says:

[Someone who feels very distant from God] must continue to pursue Hashem, to revere Him from the position of beholding the “mysterium tremendun” [sic] and to obey His commands.

Reading this, I wondered: why, in the course of a d’var Torah written for an Orthodox Jewish audience, does this rabbi use the language of the Roman Catholic Church?

As far as I can tell from Google, “mysterium tremendum” was first used by Rudolph Otto, in his book The Idea of the Holy (1923), referring to God as a Wholly Other Being who inspires a numinous dread. The phrase also appears in an oft-quoted sentence from Martin Buber: “God is the mysterium tremendum that appears and overthrows, but he is also the mystery of the self-evident, nearer to me than my I.”

OK, so I think I understand what he means now, and it’s not like “mysterium tremendum” is some term that the Vatican came up with that refers to the Trinity. But I am still left with two questions:

Why should a person in this situation regard God specifically as the “mysterium tremendum?” Why not, say, the mystery of the self-evident? This issue probably deserves a page in and of itself, but instead the matter is just referred to in passing in the next-to-last paragraph of the drash.
Why can’t R. Fischer just say what he means in plain Yiddish?

24 Aug 2003 — We’ve come a long way since Job

…although, perhaps, not in the right direction.

Shorter John Derbyshire:

“Pat Robertson and Jerry Falwell thought that 9/11 was divine punishment for American hedonism. We Episcopalians don’t have such a crude view of divine justice. Then again, Episcopalian theology is kind of watered-down and PC compared to the way it was in the good old days, and those Baptists sound really butch when they breathe fire about God’s wrath being visited upon the heathens. Then again, they’re probably wrong.”

via Matthew Yglesias

22 Aug 2003 — Peer-to-Palestinian-peer networking

It appears that some Arabs in the West Bank and Gaza are so confident of victory over the Israeli Defense Forces that they are taking on an even more formidable enemy: the Motion Picture Association of America. To quote their press release:

Earthstation 5 is at war with the Motion Picture Association of America (MPAA) and the Record Association of America (RIAA), and to make our point very clear that their governing laws and policys [sic] have absolutely no meaning to us here in Palestine, we will continue to add even more movies for FREE.

I’ve never heard of “Earthstation 5” before, but I’m impressed with how customer-focused this document is. It’s more readable and fact-filled than most of the other press releases that I’ve seen, and their president resisted the urge to make some snarky comment about Hollywood being controlled by Jews. The release even boasts of “FREE ten SEX channels” — shouldn’t Islamic Jihad do something about that?

Nomi keeps telling us that we should watch Salach Shabbati, an Israeli comedy about the travails of a Sephardic immigrant, but our local video stores and Netflix don’t carry it. Do you think someone in Jenin has a tape that they’re willing to share?

via The Looking Glass

22 Aug 2003 — Meanwhile, back in Afghanistan…

Charles Dodgson excerpts a recent NPR program on the situation in Kandahar. Our good friends in Afghanistan, the provincial warlords, are making sure that we don’t run out of Taliban to fight with:

It is absolutely clear in Kandahar that these so-called US allies are in fact allowing the extremist elements back in from Pakistan. It’s like a man flying two kites. They’re flying the American kite and the extremist kite at the same time. And they are just tweaking the strings enough of each side to keep them both in the air.

20 Aug 2003 — Dr. Laura to God: But what about my needs?

In September 2000, The Jewish Homemaker, a magazine published by Organized Kashrus Laboratories, published In Defense of Dr. Laura, an essay praising the talk-show host and describing her journey to an Orthodox Jewish conversion.

According to the article, Rabbi Reuven Bulka, of Ottawa, shepherded her through the conversion process. When her speech before a secular Jewish group got a frosty reception, Rabbi Bulka “was on the phone every afternoon, trying to talk me through this. He told me, ‘I don’t want to go down in history as the rabbi who lost Dr. Laura!’”

Well, I hope the good rabbi can find some other way to make his mark in history. According to the Forward:

In a shocking if little-noticed revelation, Schlessinger — who very publicly converted to Judaism five years ago — opened “The Dr. Laura Schlessinger Program” on August 5 with the confession that she will no longer practice Judaism. Although Schlessinger said she still “considers” herself Jewish, “My identifying with this entity and my fulfilling the rituals, etc., of the entity — that has ended.”

…

Schlessinger began her August 5 program by noting that, prior to each broadcast, she spends an hour reading faxes from fans and listeners. “By and large the faxes from Christians have been very loving, very supportive,” she said. “From my own religion, I have either gotten nothing, which is 99% of it, or two of the nastiest letters I have gotten in a long time. I guess that’s my point — I don’t get much back. Not much warmth coming back.”

Schlessinger even hinted at a possible turn to Christianity — a move that, radio insiders say, would elevate her career far beyond the 300 stations that currently syndicate her show. “I have envied all my Christian friends who really, universally, deeply feel loved by God,” she said. “They use the name Jesus when they refer to God… that was a mystery, being connected to God.”

In her 25 years on radio, Schlessinger said she was moved “time and time again” by listeners who wrote and described that they had “joined a church, felt loved by God and that was my anchor.”

…

Of her conversion to Judaism, Schlessinger said, “I felt that I was putting out a tremendous amount toward that mission, that end, and not feeling return, not feeling connected, not feeling that inspired. Trust me, I’ve talked to rabbis, I’ve read, I’ve prayed, I’ve agonized and I came to this place anyway — which is not exactly back to the beginning, but more in that direction than not.”

…

In 2001, despite the controversy surrounding her, the National Council of Young Israel honored Schlessinger for her “traditional American values.” Rabbi Pesach Lerner, the executive director of Young Israel, was surprised by Schlessinger’s defection but declined to comment on it.

In the Jewish Homemaker article, the remark that got Schlessinger into trouble was “the benign observation that the only thing missing from a fund-raising video about the group was the fact that giving charity is a mitzvah. In her words, ‘It doesn’t matter if you feel’ like giving; tzeddakah is mandatory.” Now, however, Schlessinger has discovered that she doesn’t feel like following Jewish rituals, so she won’t do it any more.

I thought that if you’re an Orthodox Jew, you call yourself a Jew and you observe the mitzvot because you are fulfilling commandments that were given to you by the Powerful, Great, Mighty, and Awesome God, who took you out of the Land of Egypt to serve Him. Apparently, Schlessinger thought she was signing on to a different kind of Orthodox Judaism, one in which you’re “identifying with this entity” and as “fulfilling the rituals, etc., of the entity” as long as the rest of the Jewish community pats you on the head, or as long as you are “feeling connected” and “feeling inspired.”

Her conversion was (as far as I know) halakhically valid, and I shouldn’t rejoice in any Jew’s announcement that he or she is no longer performing a mitzvah, so I can’t say “good riddance.” But … sheesh! Can someone find this lady a therapist, a real one?

By the way, I would be interested in hearing Schlessinger, or the rabbis who praised her, explain why Jewish ethics permit someone with a doctorate in physiology to call herself “Doctor” on a radio show in which she dispenses psychological advice. Aren’t there issues of geneivat da’at here?

via MaxSpeak

08 Aug 2003 — Save Adam’s marriage!

Adam Felber has posted a heartfelt plea to arrest the gay-marriage movement before it…um…does something bad to him.

…Because when our gay friends start getting married, it will cheapen and destroy what we have. Not in a religious way (No. Legislating on those grounds would be illegal, for heaven’s sake!). It’s more of a general thing. Like, generally, gays getting married will undercut everything Jeanne and I have tried to build because… because… it will make our union less special. It will. We’ll lose interest. We’ll probably just start thinking, “What’s so important about our vows? After all, even gay people can make them.”…

Straight people are good with marriage, too. Jeanne and I can look around at other married couples — at least the ones that aren’t currently dealing with serial infidelity, divorce, spousal abuse, or bigamy — and think to ourselves, “Yes, that’s what we’re striving for. That kind of sanctity.” I’m not sure that gays would show the same universal respect for the institution that comes so easily to us straight people.

via Matthew Yglesias

08 Aug 2003 — Life imitates B-movie

In Demolition Man, Sylvester Stallone plays a cop who is cryogenically preserved for thirty years and then thawed out in a sterilized future. As she brings him up to date with current events, Sandra Bullock makes a passing reference to “President Schwarzenegger.” Stallone is confused, since Ah-nold isn’t a natural-born citizen. Oh, Bullock says, he was so popular that we amended the Constitution to allow him to run.

Ten years later, the Terminator is running for governor of California, and Sen. Orrin Hatch (R–Utah) has introduced a Constitutional amendment that would allow people who have been US citizens for twenty years to become President.

I suppose I could live with a Schwarzenegger Administration: he’s more liberal than Reagan, after all, and more articulate than Dubya.

via Matthew Yglesias

06 Aug 2003 — Don’t give him a hand

Jose Hernandez-Rebollar, of George Washington University, has developed a glove that can translate the manual alphabet, and some signs in ASL, into spoken English. He expects a two-handed version to be ready by 2005.

The AP article mentions the military applications of similar devices, but highlights the glove’s potential as a machine for helping the deaf. How stupid is this idea? Let me count the ways:

According to the article, “the device usually is accurate, though the precision declines with complicated movements; for example, words that start with the same hand movement or orientation.” If the machine can’t reach this level of accuracy, I doubt it can handle the modulation that distinguishes “is red,” “is very red,” and “becomes red.” And how well is it going to resolve — let alone translate — ASL classifiers?
ASL is not just made with the two hands, but with the face and, to a lesser extent, the upper body. A motion of the eyebrows and a tilt of the head, combined with a modulation of the hand movement, distinguishes “Should I help you?” and “Regarding my helping you…” from “I help you.” Benjamin Behan wrote a 1996 dissertation on how ASL can mark subject-verb agreement with facial expression alone. A complete translation system, therefore, is going to require more than just two gloves.
Even if someone had the hardware to pick up all the linguistically relevant parts of ASL, the software would still have to translate from ASL to English. This is much harder than typing German text into a Web form and getting something resembling English text from the Babelfish server; it’s more like speaking Navajo into a microphone and getting English out of the computer’s speaker.
Of course, if you stop describing this machine’s input as “American Sign Language,” you could have a machine that understands a manually coded English system, and translates the words it picks up to spoken or written English. But what deaf person would use it to communicate with hearing people, when they could just as well use a pencil and paper?

The article quotes Andy Lange, president of the National Association of the Deaf: “Some feel that being deaf is not a deficiency. It’s simply another way of life and the deaf should not use artificial means to overcome a loss of hearing.” I realize that people in Mr. Lange’s position want to take every opportunity to teach the hearing public about Deaf Culture. However, in this case, such an argument is a distraction.

At most, a “talking sign-language glove” is a novelty: if they could be mass-marketed for $20 each, they might catch on as toys. But as a tool to help deaf people communicate with the hearing, this is just silly.