Friday, July 11, 2014

Tesla was smarter than even the conspiracy folks think.... here's why.

Using high frequency RF energy, the HAARP project is able to modify the conductivity of areas of the ionosphere to lower frequencies (and even DC)... if you did this in a manner to cause the conductive area to shift back and forth, you could turn the entire ionosphere into a MASER.
This was Tesla's grand plan. To harness almost unlimited power from the solar wind, and turn it into usable electricity that could be received by anyone, anywhere, for free.

It wasn't a replacement for power lines... it was way, way better than that!

Monday, May 05, 2014

The future I want to prevent

I've written often about the inadequacy of our current approach to computer security. The biggest problem we face isn't technological, its our hidden, deeply entrenched assumptions about what is (and isn't) possible to do with computing, in general.

I want to describe some of the things I see coming down the road, if we continue our current course of action, hopefully to expand our imagination a bit, and to create the necessary cognitive dissonance to shake things up, and rouse us all to finally fix this, and get on with our lives.


Scenario 1: The I-95 virus.

April 27, 2021  The entire Northeast United States goes under Martial law to deal with the latest cyber-attack. Launched by the "free peoples party of Belgium", it has disabled all Toyota, Lexus, Ford, and Kenworth vehicles implementing the new V2V standard. Over 250,000 vehicles were involved in a series of accidents that took place at 6:51 AM EST.

In the weeks that follow, computer experts determine that a zero day flaw in the subsystem supplied by Acme Limited was successfully exploited to cause this cascade effect. The simultaneous disruption of so many vehicles contributed to the 1,000,000+ injuries and yet unknown number of deaths.

... more scenarios to follow.

Multi-level secure computing.

Multi-Level Security was worked out in the late 1960s in order to allow computing both Secret and "Top Secret" information in the same computer at the same time. The use of the Bell-LaPadula [wikipedia.org] model ensures that a lesser privileged user can never cause grief for a more privileged user. If we had Mutli-Level secure systems, we could safely run any program we want in a sandbox, and it could never, ever crawl back out of it.
The closest you're likely to approach is if you enable the MAC option [freebsd.org] in FreeBSD, which is experimental.
The Genode project [genode.org] aims to provide a capability based security system which can run Linux Apps... it is the best chance I see going forward for a truly secure system that isn't military grade. In such systems, you specify at run time exactly which files can be accessed by an application. This has the benefit of explicitly limiting the side effects of said application, and thus making for a far more secure system. You might be tempted to think this would make it unusable (as App-Armour tends to be)... but it doesn't have to be that way. In fact, it's possible to make apps behave almost identically, as far as the user is concerned, without compromising anything.
I think we're still 10 years out before people wake up and realize that our collective assumptions about computer security are wrong, and this needs a more rigorous, carefully engineered solution, instead of the layers of patch we currently employ. I'm hoping that my frequent postings on this subject are informative, and help shorten that time-span significantly.

Sunday, March 16, 2014

Facebook jumps the shark

There are lots of reasons not to like Facebook, but until recently, the network effects of my social graph overcame them. They made it a pain in the ass, but I could sign in, reset the sort order (on a pseudo-random basis it would go to the new "omelette" (or top news) mode)

Now that Facebook has decided that I don't need to see things in order, and am not allowed to... the negatives completely outweigh the positives.

I go there to see what people are doing... how can I ever be "done" if I can't have a rational view of who is doing what?

Facebook has jumped the shark.

Monday, March 10, 2014

Remembering the past, and choosing a different future.

Doc Searls pointed me at The myth of the fall, by Eric Raymond, and a companion piece by Tim O'Reilly. As I recently read, when you see something that is "wrong"... what you really learn is that there is a world view in which the opinions you encounter are consistent. It appears that both Eric and Tim share a consistent world view, that of former Unix enthusiasts.

I come from a different perspective, in which the "myth" that they disagree with is far more true. I grew up with various microcomputers, then CP/M, and finally MS-DOS and Windows.  The "golden age" for me was one of the dual floppy computer system, and eventually, hard drives.  The things were slow, crashed a lot, but the beauty of them was that you always had a fresh copy of your OS and Toolkit on hand, and a quick, sure way to make more. This provided safety in abundance, which we have now lost in almost all cases.

When you can reboot and restore your computer to functionality without cost, when USERS can do it, reliably and without cost, you have amazing freedom. You can try almost anything you like, and if it works, add it to your toolbox over time. This freedom, and the ease with which 8", then 5 1/4", and finally 3.5" floppy diskettes were copied lead to an amazing boom in software, and the birth of the shareware movement, which Stallman et al were able to push towards "Free Software", with the appropriate Beer/Freedom quotes, etc. over time.

Bill Gates wasn't able to solve DLL hell. Nobody did... and now we've got systems that we can't reliably back up or restore (unless we virtualize the whole danmed thing, which is impractical for most users). Nobody is crazy enough to just try things anymore... you might "break"the computer, and end up spending days, hundreds of dollars just to have it "fixed"  (and not as trustworthy, ever again).

Things used to be better... and they've definitely gone down hill. From a purely functional perspective, I see  2 ways out, either going to booting from, and running code from USB sticks (one for OS, one for Data), or building an OS that knows not to trust programs with the whole system state (AKA capability based security)

Either one of those choices is so radical, it's unlikely to take off and become mainstream, although there are some powerful incentives to try. Imagine being able to just play, and not risk hundreds or thousands of dollars worth of frustration at each and every turn. Imagine actually owning your computer, and using it as your tool again... the way you used to... but 1000x faster, with 1000,000 times the disk space.

The future we wanted is almost here... except for the damned fragile egg nature of our current OSs... even Linux.

Lets reset our course, and get the future we want.

Thursday, January 02, 2014

It's nearly impossible to describe how absurd things are, unless you get it.

There is a big cognitive hump that needs to be overcome, and I fear that nobody is up to the task of guiding people over it. Even people who get it, in their minds, still don't get it in their hearts... it's that kind of weirdness that I'm on the other side of, in so many things lately.

Let me clue you in, if you dare to do a bit of intellectual hill climbing, so to speak.

Computers

We use computers to do everything, we trust them with our documents, our photos, or online experience of the present... yet the overwhelming evidence is that they will fail. We accept that the hard drive may go at any instant... or it might get hacked, or a virus, or will simply just never turn on again without explanation.  We treat them as magical devices, and computer repair people as wizards, who just happen to have skills that mere mortals don't possess.

We believe the persistent marketing myth that each version is somehow better than the past. Only the massive jarring cognitive dissonance of Windows 8 is even making a dent in this, and it's only to smooth the transition to a tablet based, cloud backed new world.

Now... there are several protections that readers of this will use to shield themselves, and their ego from seeing the absurdity of it all, so far (and there is more on the way).

Mac people will tell themselves that their machines are better, cooler, and don't get viruses. They have a special, well trained class of Wizard at their disposal (for the right amount of gold across the palm)... behold the Genius, and the Apple Retail Store. All problems can be solved by Apple....

Linux people will tell themselves that their knowledge is better, their code is free and open, and thus subject to non of the evil of Microsoft. Sure there are some tricks to learn, but freedom has its price.. and they've already paid it, and are willing to help you get free, breaking the chains of "the man".

Windows people just know that things break sometimes, and their friend, or shop, or someone can be paid enough to fix it. Besides, everyone wants to have a spiffy new machine after things get slow in a year or two... it's normal, right?  Nothings perfect, and they know better than to have foolish notions to the contrary.


If you made it this far, you think you understand the situation... but it's MORE ABSURD than that, far more. Everyone believes they can trust their computer, or understand its limitations. (For the reasons outlined above) There is a design flaw so deep into this picture, with such profound implications that if you don't already know what it is... you can't imagine it.

When you run a program on ANY of the above mentioned systems, you are REQUIRED to trust it completely. You really have no options in this matter. The actual underlying mechanisms at work are so fast, and beneath so many layers of abstraction, you can't possibly know exactly what is happening on your behalf. In the time you take to read this sentence, your computer has run over 1 billion operations. Nobody can check all the lines of code, on all the layers, to know whats going on. (Ok.. so the NSA might know, collectively, but no single person in there does)

There is NO person on earth who can walk you down all the layers and show you every single line of code. I just found out about a few more layers myself yesterday. (Did you know SD cards have multiple microprocessors in them?   I didn't)

So, on this unknowable, unreliable, 20 (a guess on my part) layer deep sandwich of stuff, we still get a failure rate that is amazingly GOOD. Its entirely possible to have a computer perform what you want, for 10 years straight. (Especially if not connected to the internet)

The engineering is incredible, even on the cheapest piece of junk..It is always impressive to me to behold. Moore's law has served us very well indeed.

But... there's that flaw...

When you run a program... you are REQUIRED to trust it completely... which is nuts. The whole system could work almost exactly the same way (as far as actually using it), and wouldn't cost more, and you could throw that requirement straight out the door.

Why do you care?

Because if you didn't have to trust the programs you run... the world would be a little more efficient. (Not much, not enough to really notice).  Your computer would be a little more reliable, outside hardware failures... enough you might notice. Your computer wouldn't ever get a virus again.... which you would only notice years later.

So, nothing much to see here... just move along, right? After all, there is no noticeable difference.

If you are happy with having your computer subject to the whim of the NSA, and every hacker on the planet (like it is right now, no matter who you are)... keep being happy, have a nice life.

If you would rather have a computer that acts as stable as a hammer, or drill press, or rolling pin... read on...

When you run a program, the computer should ask (or infer) what you are willing to trust it with. Right now the model is to allow the program to do anything possible, on your behalf.  It doesn't have to be that way. When you run a word processor, the operating system (and not the program) should as what file you wish to work on. In most cases, you wouldn't even notice the difference which layer of things were asking for what, so it wouldn't require any change on your part.

But... then the word processor couldn't run that Macro virus that sucks up your email addresses, and just set it to some far corner of the globe.

That web page couldn't just grab your Quicken data and encrypt it, and demand a ransom.

That web page couldn't just be subverted by the NSA to run something they want installed.

You would actually have control over things... as flawed as the 20 layer sandwich is... you would still have some pretty damned good control over it.  You wouldn't have to run a virus scanner. You wouldn't ever have hackers take over your machine. You could surf the internet without fear. You could even download and install any program you damned well please, and it would either work for you, or you'd get rid of it.

No fear
No viruses
No NSA/FBI spy shit.

It's called Capability Based Security... and it works.


Credit Cards

Credit cards in the US are about as absurd as the computer situation. Here the oligarchy of card companies insist that its perfectly reasonable to have a 16 digit number (oh... 19 now with the code on the back) and your name be the only thing stopping some random hacker from taking your money. This is 1960s level technology, and it's stupid beyond belief.

We could instead have cards that generate a one time number that a store could use one time only.. to handle transactions.  We could have a Visa/Mastercard/Amex site we log into that gives us a longer number to copy/paste for transactions on the internet that would be one time use. ANY competent web site guru could set up such a site for them, and it would be a mere pittance in terms of cost to them... it would cut fraud massively because stolen one time numbers have ZERO value... zip, zilch, nadda.

We don't do this, and instead have to hire companies to watch our credit scores, check every statement carefully, and waste massive amounts of resources, so the credit card oligarchy doesn't have to change out anything this year, and affect this quarters results. (Never mind the massive potential savings in a year or two).

Again... it's massively screwed up, and yet we live with it.

Health Care

We accept the paper forms, endlessly filled out, as the way things are done. We don't want electronic records, because they might be hacked, or might be used against us.

How could they be used against us?  #1 in my book is by insurance companies to deny coverage and save themselves money.  If we got rid of insurance companies... that would save us all money.

Why not Federalize (or have the States do it) health care?  Instead of giving a massive payout to insurance companies, why not take the money we already spend, and just help people be well?

It would cost less (YES, LESS) that we already spend to give everyone the best level of care. It would also eliminate the #1 cause of  bankruptcy in the USA.

Electronic records would be more accurate, because they history would be cumulative and objective, not based on the things you can remember under duress in the Emergency Room.

Big Pharma

And then there's the whole Big Pharma, prescription drug thing. We want Big Pharma to come up with well tested, life saving drugs... and for a long time they did a good job. Lately, though, they've been more worried about profits, and have resorted to gaming the system to sustain them.

They engage in all sorts of tricks to extend the patent dates on medicines, and hold off the wave of money saving generics, costing us all the billions that they then claim as profit.

They have resorted to marketing antibiotics as a way to make our food slightly cheaper, and in the process effectively destroying our ability to have antibiotics that actually... save lives.

It's messed up... really messed up. There are many more ways the world is messed up... I'm waiting to hear what other people care to share.

Thanks for letting me rant... good night, Internet. See you tomorrow.

Technology threatens the flow of love, in a very deep and real way.

Love is attention... attention is the intentional spending of the "now" time stream, to harmonize with the story of ourselves and our life's stream. Technology threatens the flow of attention, and thus

Technology threatens the flow of love...   now that you, dear reader, are aware of this, you can choose to make better choices.

My 3 word mantra for 2014 is "Be - Less - Grumpy"

So, here is a video about the "Be" part of that mantra.. the present, the now... the time scale of short term memory, and how it is threatened by technology.

http://www.ted.com/talks/abha_dawesar_life_in_the_digital_now.html