Sunday, March 16, 2014

Facebook jumps the shark

There are lots of reasons not to like Facebook, but until recently, the network effects of my social graph overcame them. They made it a pain in the ass, but I could sign in, reset the sort order (on a pseudo-random basis it would go to the new "omelette" (or top news) mode)

Now that Facebook has decided that I don't need to see things in order, and am not allowed to... the negatives completely outweigh the positives.

I go there to see what people are doing... how can I ever be "done" if I can't have a rational view of who is doing what?

Facebook has jumped the shark.

Monday, March 10, 2014

Remembering the past, and choosing a different future.

Doc Searls pointed me at The myth of the fall, by Eric Raymond, and a companion piece by Tim O'Reilly. As I recently read, when you see something that is "wrong"... what you really learn is that there is a world view in which the opinions you encounter are consistent. It appears that both Eric and Tim share a consistent world view, that of former Unix enthusiasts.

I come from a different perspective, in which the "myth" that they disagree with is far more true. I grew up with various microcomputers, then CP/M, and finally MS-DOS and Windows.  The "golden age" for me was one of the dual floppy computer system, and eventually, hard drives.  The things were slow, crashed a lot, but the beauty of them was that you always had a fresh copy of your OS and Toolkit on hand, and a quick, sure way to make more. This provided safety in abundance, which we have now lost in almost all cases.

When you can reboot and restore your computer to functionality without cost, when USERS can do it, reliably and without cost, you have amazing freedom. You can try almost anything you like, and if it works, add it to your toolbox over time. This freedom, and the ease with which 8", then 5 1/4", and finally 3.5" floppy diskettes were copied lead to an amazing boom in software, and the birth of the shareware movement, which Stallman et al were able to push towards "Free Software", with the appropriate Beer/Freedom quotes, etc. over time.

Bill Gates wasn't able to solve DLL hell. Nobody did... and now we've got systems that we can't reliably back up or restore (unless we virtualize the whole danmed thing, which is impractical for most users). Nobody is crazy enough to just try things anymore... you might "break"the computer, and end up spending days, hundreds of dollars just to have it "fixed"  (and not as trustworthy, ever again).

Things used to be better... and they've definitely gone down hill. From a purely functional perspective, I see  2 ways out, either going to booting from, and running code from USB sticks (one for OS, one for Data), or building an OS that knows not to trust programs with the whole system state (AKA capability based security)

Either one of those choices is so radical, it's unlikely to take off and become mainstream, although there are some powerful incentives to try. Imagine being able to just play, and not risk hundreds or thousands of dollars worth of frustration at each and every turn. Imagine actually owning your computer, and using it as your tool again... the way you used to... but 1000x faster, with 1000,000 times the disk space.

The future we wanted is almost here... except for the damned fragile egg nature of our current OSs... even Linux.

Lets reset our course, and get the future we want.

Thursday, January 02, 2014

It's nearly impossible to describe how absurd things are, unless you get it.

There is a big cognitive hump that needs to be overcome, and I fear that nobody is up to the task of guiding people over it. Even people who get it, in their minds, still don't get it in their hearts... it's that kind of weirdness that I'm on the other side of, in so many things lately.

Let me clue you in, if you dare to do a bit of intellectual hill climbing, so to speak.

Computers

We use computers to do everything, we trust them with our documents, our photos, or online experience of the present... yet the overwhelming evidence is that they will fail. We accept that the hard drive may go at any instant... or it might get hacked, or a virus, or will simply just never turn on again without explanation.  We treat them as magical devices, and computer repair people as wizards, who just happen to have skills that mere mortals don't possess.

We believe the persistent marketing myth that each version is somehow better than the past. Only the massive jarring cognitive dissonance of Windows 8 is even making a dent in this, and it's only to smooth the transition to a tablet based, cloud backed new world.

Now... there are several protections that readers of this will use to shield themselves, and their ego from seeing the absurdity of it all, so far (and there is more on the way).

Mac people will tell themselves that their machines are better, cooler, and don't get viruses. They have a special, well trained class of Wizard at their disposal (for the right amount of gold across the palm)... behold the Genius, and the Apple Retail Store. All problems can be solved by Apple....

Linux people will tell themselves that their knowledge is better, their code is free and open, and thus subject to non of the evil of Microsoft. Sure there are some tricks to learn, but freedom has its price.. and they've already paid it, and are willing to help you get free, breaking the chains of "the man".

Windows people just know that things break sometimes, and their friend, or shop, or someone can be paid enough to fix it. Besides, everyone wants to have a spiffy new machine after things get slow in a year or two... it's normal, right?  Nothings perfect, and they know better than to have foolish notions to the contrary.


If you made it this far, you think you understand the situation... but it's MORE ABSURD than that, far more. Everyone believes they can trust their computer, or understand its limitations. (For the reasons outlined above) There is a design flaw so deep into this picture, with such profound implications that if you don't already know what it is... you can't imagine it.

When you run a program on ANY of the above mentioned systems, you are REQUIRED to trust it completely. You really have no options in this matter. The actual underlying mechanisms at work are so fast, and beneath so many layers of abstraction, you can't possibly know exactly what is happening on your behalf. In the time you take to read this sentence, your computer has run over 1 billion operations. Nobody can check all the lines of code, on all the layers, to know whats going on. (Ok.. so the NSA might know, collectively, but no single person in there does)

There is NO person on earth who can walk you down all the layers and show you every single line of code. I just found out about a few more layers myself yesterday. (Did you know SD cards have multiple microprocessors in them?   I didn't)

So, on this unknowable, unreliable, 20 (a guess on my part) layer deep sandwich of stuff, we still get a failure rate that is amazingly GOOD. Its entirely possible to have a computer perform what you want, for 10 years straight. (Especially if not connected to the internet)

The engineering is incredible, even on the cheapest piece of junk..It is always impressive to me to behold. Moore's law has served us very well indeed.

But... there's that flaw...

When you run a program... you are REQUIRED to trust it completely... which is nuts. The whole system could work almost exactly the same way (as far as actually using it), and wouldn't cost more, and you could throw that requirement straight out the door.

Why do you care?

Because if you didn't have to trust the programs you run... the world would be a little more efficient. (Not much, not enough to really notice).  Your computer would be a little more reliable, outside hardware failures... enough you might notice. Your computer wouldn't ever get a virus again.... which you would only notice years later.

So, nothing much to see here... just move along, right? After all, there is no noticeable difference.

If you are happy with having your computer subject to the whim of the NSA, and every hacker on the planet (like it is right now, no matter who you are)... keep being happy, have a nice life.

If you would rather have a computer that acts as stable as a hammer, or drill press, or rolling pin... read on...

When you run a program, the computer should ask (or infer) what you are willing to trust it with. Right now the model is to allow the program to do anything possible, on your behalf.  It doesn't have to be that way. When you run a word processor, the operating system (and not the program) should as what file you wish to work on. In most cases, you wouldn't even notice the difference which layer of things were asking for what, so it wouldn't require any change on your part.

But... then the word processor couldn't run that Macro virus that sucks up your email addresses, and just set it to some far corner of the globe.

That web page couldn't just grab your Quicken data and encrypt it, and demand a ransom.

That web page couldn't just be subverted by the NSA to run something they want installed.

You would actually have control over things... as flawed as the 20 layer sandwich is... you would still have some pretty damned good control over it.  You wouldn't have to run a virus scanner. You wouldn't ever have hackers take over your machine. You could surf the internet without fear. You could even download and install any program you damned well please, and it would either work for you, or you'd get rid of it.

No fear
No viruses
No NSA/FBI spy shit.

It's called Capability Based Security... and it works.


Credit Cards

Credit cards in the US are about as absurd as the computer situation. Here the oligarchy of card companies insist that its perfectly reasonable to have a 16 digit number (oh... 19 now with the code on the back) and your name be the only thing stopping some random hacker from taking your money. This is 1960s level technology, and it's stupid beyond belief.

We could instead have cards that generate a one time number that a store could use one time only.. to handle transactions.  We could have a Visa/Mastercard/Amex site we log into that gives us a longer number to copy/paste for transactions on the internet that would be one time use. ANY competent web site guru could set up such a site for them, and it would be a mere pittance in terms of cost to them... it would cut fraud massively because stolen one time numbers have ZERO value... zip, zilch, nadda.

We don't do this, and instead have to hire companies to watch our credit scores, check every statement carefully, and waste massive amounts of resources, so the credit card oligarchy doesn't have to change out anything this year, and affect this quarters results. (Never mind the massive potential savings in a year or two).

Again... it's massively screwed up, and yet we live with it.

Health Care

We accept the paper forms, endlessly filled out, as the way things are done. We don't want electronic records, because they might be hacked, or might be used against us.

How could they be used against us?  #1 in my book is by insurance companies to deny coverage and save themselves money.  If we got rid of insurance companies... that would save us all money.

Why not Federalize (or have the States do it) health care?  Instead of giving a massive payout to insurance companies, why not take the money we already spend, and just help people be well?

It would cost less (YES, LESS) that we already spend to give everyone the best level of care. It would also eliminate the #1 cause of  bankruptcy in the USA.

Electronic records would be more accurate, because they history would be cumulative and objective, not based on the things you can remember under duress in the Emergency Room.

Big Pharma

And then there's the whole Big Pharma, prescription drug thing. We want Big Pharma to come up with well tested, life saving drugs... and for a long time they did a good job. Lately, though, they've been more worried about profits, and have resorted to gaming the system to sustain them.

They engage in all sorts of tricks to extend the patent dates on medicines, and hold off the wave of money saving generics, costing us all the billions that they then claim as profit.

They have resorted to marketing antibiotics as a way to make our food slightly cheaper, and in the process effectively destroying our ability to have antibiotics that actually... save lives.

It's messed up... really messed up. There are many more ways the world is messed up... I'm waiting to hear what other people care to share.

Thanks for letting me rant... good night, Internet. See you tomorrow.

Technology threatens the flow of love, in a very deep and real way.

Love is attention... attention is the intentional spending of the "now" time stream, to harmonize with the story of ourselves and our life's stream. Technology threatens the flow of attention, and thus

Technology threatens the flow of love...   now that you, dear reader, are aware of this, you can choose to make better choices.

My 3 word mantra for 2014 is "Be - Less - Grumpy"

So, here is a video about the "Be" part of that mantra.. the present, the now... the time scale of short term memory, and how it is threatened by technology.

http://www.ted.com/talks/abha_dawesar_life_in_the_digital_now.html

Tuesday, December 17, 2013

Project Snowball

I want to stack the following layers of code into a coherent collection of things that actually work...

Genode  (A capability based security, which uses an L4 trusted kernel)
Linux (which can run already as an app in Genode)
WINE (yeah, I want to run Windows apps)

I'm going to have to deal with QT5 for GUI elements, and my choice of programming languages to try to tie things together.

I want to lock Windows XP applications in sandboxes, in a way transparent to the application, and mostly to the user. This would allow legacy Win32 applications to get a non-proprietary fountain of youth, while also providing actually secure computing.
The main idea is to virtualize applications in such a way as to allow them to work... the way they always did... but not be able to compromise the OS, or anything else. Careful use of scripting to handle events such as file dialog boxes would make it also appear to work the same as it always did, to the user.

They don't have to know that the application actually writes changes to a temporary workset, and only gets true access to files that the user selected via Powerbox (that is made to look identical to the Windows File Open dialog), and then passed to the application via the simulated dialog box not shown to the user. Careful management of interfaces to the application, and to the user, can create a seamless native experience, without the insecurity.

Lots to learn, but at least we don't have to re-write any applications. 

Who is with me?

Hope for the future?

After this mornings posting, on the drive to work... I had an epiphany that may make it possible to have secure computing for everyone after all...

Here's are the working parts going into this ghost of an idea


  • Genode, a L4 microkernel based OS has been churning towards self hosting for a while, and delivers complete Capability Based Security.
  • Genode can run Linux programs as a process.
  • The Linux Wine project has gotten to the point where it can run Windows XP programs quite well.
  • The APIs for Windows are somewhat well known at this point.
If one were to write the code to manage an XP application as a process under Linux / Wine inside of Genode, you could make it appear to the user to be just like XP for most things.

But... a layer of manangement would make things more secure.  How?   Intercept all the dialog boxes for file names, etc... and have them passed up to the user as normal, but then add those as capabilities to the process. This would allow the application to believe it's in a normal XP world, and not have to be tweaked.  The user would still ask for files, etc... like normal.

The difference would be when the application tried to access something outside its normal mission... the management layer would then translate it to the appropriate access, OR just fake it so the application thinks it got away with it.... and toss the results after run-time.

This means that Macro Viruses would work just fine (as far as they knew), but wouldn't actually do any damage. All without tweaking Word, Excel, etc.

A back-end which had a database of appropriate settings could be maintained for everyone which volunteers could add to, in order to support new apps as they were discovered.

This would lead to a secure XP like system (which actually wasn't dependent on Microsoft), and could be managed remotely, at very low cost, for a very long time.

How secure? No virii, no need for scanners. ;-)  Surf any web site with IE6, and it just works, does no damage, and life goes on.

Now to figure out how to make this idea actually work.  Comments and help appreciated.

The lost opportunity of computer security.

I have lost faith in the future. I know that we've lost a key opportunity to build a better future. It's very tempting to look back and point the finger at 4 key men: Gates, Jobs, Torvalds and Stallman, but that wouldn't be fair to them. They had their own battles and fog of war to overcome.

Nobody seems to really understand how truly fucked up things now stand. We could have computers on our desks, and in our hands which are honestly secure. No virus scanners, no constant need to live in fear of something taking them out at random just because you looked at the wrong document, email, or web page.

We don't have that... instead we have layers of scanners trying to quantify evil before it gets executed. We're locked into a future of having devices we can never trust. Devices which will always be a possible tool of oppression.

There is only a narrow window left, while there are still enough desktops and developers to use them to develop something new. An honestly secure operating system, which can be the foundation of honest and trustworthy computing for the masses.

I've explained capability based security so many times, and so many places... your first instinct is to say I'm calling for a silver bullet... but it's not magic, it is just common sense when you think about the really big picture. It's also not a bullet, as it's going to take epic amounts of work to get everything ported to it, years of work.

But... if we can turn this ship, just a bit, we can have computers we can trust. Computers that could then be trusted to talk to other systems. We can end the persistently insecure end-node issue, and start building an internet we can control and govern ourselves.

I hope this makes sense, and catches hold in your psyche... the stakes are huge, and I think you, dear reader, are the only hope left.

Thank you for your time and attention.

Blog Archive