Thursday, February 28, 2013
Truth in Advertising (Or why we need Crypto Licenses)
Imagine someone came to you, and sold you a car they promised would drive you wherever you wanted. They told you that it could talk to other cars so that driving would be automatically reported to SquareFace and MyPints. (Not as dangerous as it sounds: after all a car that can drive itself is perfect for suburban pub crawls). However, you ask if there is a way to turn off this feature.
"Of course" says the salesman. "Just flip this switch and no one can track you".
So you buy the car, drive off, with the switch flipped in the position where no one can track you. But it turns out that the people in charge of implementing this feature were barely trained in the relevant details of how to make it work out, and flipping the switch does nothing. Of course, this is is because you asked for snow tires and the car has a rather strange design.
I imagine you would be rather pissed, and then probably file a nasty letter asking for them to provide the funds to ensure that their stupidity be fixed.
Yet, when a software company loudly proclaims that it cannot read your files, and then in the small print and documentation for a feature they also widely advertised, it turns out this is not true if you use the relevant feature. I imagine you would be rather pissed.
This is exactly what SpiderOak is doing. Their new mobile client does all decryption of your files server-side. Their loud proclamations of protecting your privacy are so much hogwash: they decided to make their development a priority over your privacy. What's more, some basic failures in security exist in their user authentication protocol. Crypton is not fairing much better: they promise to fix the issues in the next release, while carrying out some rather incompetent development in public.
Contrast with the behavior of Colin Percival and his Tarsnap service. Tarsnap clients are open source, and he explains the entire process by which you send encrypted data and store it. Dr. Percival has a design that is conservative, easy to analyse, and can be audited by anyone. We should demand that critical vendors follow suit in cryptographic products.
Given the consequences of bad cryptography, I propose that anyone writing a product that uses cryptography be required to hire a licensed cryptographer who will sign a sworn proclamation that the design and implementation is in accordance with good practice, and that it has been designed with a reasonable threat model in mind. This may be the only way to prevent bad cryptographers from killing more people then they already have.
This licensing would have prevented TLS 1.0. It would have spared the world the horror that is WEP. It would also shut down endless numbers of fly-by-night snake oil salesmen.
Monday, February 20, 2012
Questions about Norms
It seems that the War on Error is actually slowing down. So I'ld like to talk about some thoughts I had in response to Jay Michaelson's Megashabbat talk on social norms in sexuality. Michaelson's core argument was that hidden behind the battle over gay marriage was a question about whether or not we were going to have a sexual ethos peculiar to sexuality.
This wasn't the only argument he gave: he also argued that underlying the question of social norms was an anxiety over very closely held beliefs that make people fear violation of rules, and that sexual norms in particular are tied closely to beliefs that we would see as central to religious belief.
I think regardless of whether we think it is desirable or not, we don't live in a society where we can form a coherent social set of expectations and roles. The act of living according to the dictates of all 613 mitzvoth has a very different meaning today then it did in early Rabbinical Judaism. Conservative Christians define themselves as being outside the norms of society through their beliefs. Historically these wouldn't be active choices: it's impossible to imagine Orthodox without Reform, and impossible to imagine either without Jewish emancipation making Jews into citizens.
Yet at the same time I'm willing to concede that there are norms that I would like to see in relationships. I would endorse the norm that relationships should benefit those involved and mutual respect should be a component of them. But this inevitably leads to the realization that we don't live in a society in which any norm could possibly be created, especially not in a society where sexual violence is endemic. Must we wait for society to change before we can change how relationships look?
This wasn't the only argument he gave: he also argued that underlying the question of social norms was an anxiety over very closely held beliefs that make people fear violation of rules, and that sexual norms in particular are tied closely to beliefs that we would see as central to religious belief.
I think regardless of whether we think it is desirable or not, we don't live in a society where we can form a coherent social set of expectations and roles. The act of living according to the dictates of all 613 mitzvoth has a very different meaning today then it did in early Rabbinical Judaism. Conservative Christians define themselves as being outside the norms of society through their beliefs. Historically these wouldn't be active choices: it's impossible to imagine Orthodox without Reform, and impossible to imagine either without Jewish emancipation making Jews into citizens.
Yet at the same time I'm willing to concede that there are norms that I would like to see in relationships. I would endorse the norm that relationships should benefit those involved and mutual respect should be a component of them. But this inevitably leads to the realization that we don't live in a society in which any norm could possibly be created, especially not in a society where sexual violence is endemic. Must we wait for society to change before we can change how relationships look?
Tuesday, January 31, 2012
David Brooks Hits a New Low
David Brooks today cited Charles Murray's new book approvingly. Let that one sink in for a bit: it's like trusting Schmitt on jurisprudence. He doesn't mention that the book is really just worrying about white people becoming divided by class, and doesn't care about black people. This isn't innocent oversight.
Secondly Brooks creates an ideal type: the urban university-educated professional who goes to church and married before they had kids. He then has the chutzpah to say this is 20% of white america, and that it represents traditionalism.
There's something deeply wrong with this argument: just because some college educated people go to church more often and marry before having children doesn't mean you can construct a sociological narrative of college educated people with particular values leading them to this. Certainly the attitudes of the urban elite towards homosexuality, birth control, abortion, secularism, and the existence of other modes of life are deeply untraditional.
Furthermore, lower-class americans are working less not because they are less industrious, but there is less work that exists for them. The decline in wages and benefits of lower-tier work has been a constant trend since the 1970's. Pinning this on attitudes towards work changing requires evidence, and I don't trust Dr. Murray to tell me what the evidence is. The work that does exist is under conditions of scheduling and environment that do not lend themselves to social engagement.
Lastly, the elite is not homogenous. If we think Upper East Side we get a different picture from wealthy Dallas doctor. Social attitudes are not the ultimate predictors of success that Brooks has them be in his editorial.
Secondly Brooks creates an ideal type: the urban university-educated professional who goes to church and married before they had kids. He then has the chutzpah to say this is 20% of white america, and that it represents traditionalism.
There's something deeply wrong with this argument: just because some college educated people go to church more often and marry before having children doesn't mean you can construct a sociological narrative of college educated people with particular values leading them to this. Certainly the attitudes of the urban elite towards homosexuality, birth control, abortion, secularism, and the existence of other modes of life are deeply untraditional.
Furthermore, lower-class americans are working less not because they are less industrious, but there is less work that exists for them. The decline in wages and benefits of lower-tier work has been a constant trend since the 1970's. Pinning this on attitudes towards work changing requires evidence, and I don't trust Dr. Murray to tell me what the evidence is. The work that does exist is under conditions of scheduling and environment that do not lend themselves to social engagement.
Lastly, the elite is not homogenous. If we think Upper East Side we get a different picture from wealthy Dallas doctor. Social attitudes are not the ultimate predictors of success that Brooks has them be in his editorial.
Friday, December 9, 2011
Assassinations in War
Remember when Osama bin Laden was killed in Pakistan? Many people asked the question about whether or not his killing, clearly ordered at the highest levels, was keeping in the laws of war. I am not a lawyer, and this post should not be taken as legal advice by the handful of people who will ever be in this situation, but the answer is that it was. Why do I believe that?
First off, this was not the first time that the US had specifically targeted an enemy leader in war. Fidel Castro aside, the US killed Isoroku Yamamoto during World War II by deliberately shooting down a plane transporting him. The British assassinated Reinhard Heydrich in cooperation with Czech partisans during World War II as well.
Why were these killings permissible? While neither Yamamoto nor Heydrich were active in hostilities at the moment they were killed, they were commanders who were actively engaged in the war effort. Clearly part of the uniformed military, both of them were planning attacks, and so was bin Laden.
And was there a war in which Osama bin Laden was a commander? Yes: right after 9/11 the Congress authorized the use of military force against those who planned the attacks. Osama bin Laden was always a military target: the real surprise isn't that he got killed, but that very few of the critics of the recent action realized this earlier.
First off, this was not the first time that the US had specifically targeted an enemy leader in war. Fidel Castro aside, the US killed Isoroku Yamamoto during World War II by deliberately shooting down a plane transporting him. The British assassinated Reinhard Heydrich in cooperation with Czech partisans during World War II as well.
Why were these killings permissible? While neither Yamamoto nor Heydrich were active in hostilities at the moment they were killed, they were commanders who were actively engaged in the war effort. Clearly part of the uniformed military, both of them were planning attacks, and so was bin Laden.
And was there a war in which Osama bin Laden was a commander? Yes: right after 9/11 the Congress authorized the use of military force against those who planned the attacks. Osama bin Laden was always a military target: the real surprise isn't that he got killed, but that very few of the critics of the recent action realized this earlier.
Wednesday, December 7, 2011
False Charity
This is the time of year when people give to charity. As such people are probably thinking to whom to give. Should they give to the orphanage down the street, or to the anti-malaria campaign in Africa? Maybe they should give to an organization protecting the environment, or to the local alma mater.
Until recently this was a very difficult question to answer. But thanks to there is an answer. GiveWell ranks charities according to the one metric that matters: will they be a good use of your donations? Not the donations in the past, but the one that is sitting in your pocket right now.
But only one of those is actually doing a good dead. If you were good, you would put your money were it would do the most good. Any motivation other then that isn't actually good. So where should you put your money?
Until recently this was a very difficult question to answer. But thanks to there is an answer. GiveWell ranks charities according to the one metric that matters: will they be a good use of your donations? Not the donations in the past, but the one that is sitting in your pocket right now.
Give Well. Because if you haven't, you didn't actually give at all.
Monday, December 5, 2011
Social Security
And it's back on. I've been a bit busy, distracting from my duties in the war on error.
Today's error is a common one: Saying Social Security does not add to the deficit because its future claims are covered, or reversing this claim. I'm not going to weigh in on the second part: it's an accounting issue, and I'm not qualified to answer. But I can say that the Trustees of the Social Security Trust Fund disagree.
So if the US government has these obligations to retirees, why aren't they part of the deficit? Simply put, it's because the government doesn't have to pay these obligations. Social Security benefits are defined by Congress and can be cut at any time. Furthermore, the obligations are on a fund which holds Treasuries and not on the Treasury itself. The debt only describes the amount the Treasury owes, and not the obligations that other government entities have.
Social Security doesn't add to the deficit because it's in good financial shape. It doesn't add to the deficit any more then you owe your Aunt a present because you said you would get her one. It also doesn't add to the deficit because it's separate from the obligations the government owes, the same way your debt isn't your brother's debt, even if you think he might bail you out.
Today's error is a common one: Saying Social Security does not add to the deficit because its future claims are covered, or reversing this claim. I'm not going to weigh in on the second part: it's an accounting issue, and I'm not qualified to answer. But I can say that the Trustees of the Social Security Trust Fund disagree.
So if the US government has these obligations to retirees, why aren't they part of the deficit? Simply put, it's because the government doesn't have to pay these obligations. Social Security benefits are defined by Congress and can be cut at any time. Furthermore, the obligations are on a fund which holds Treasuries and not on the Treasury itself. The debt only describes the amount the Treasury owes, and not the obligations that other government entities have.
Social Security doesn't add to the deficit because it's in good financial shape. It doesn't add to the deficit any more then you owe your Aunt a present because you said you would get her one. It also doesn't add to the deficit because it's separate from the obligations the government owes, the same way your debt isn't your brother's debt, even if you think he might bail you out.
Sunday, December 4, 2011
AIDS Denialism
AIDS denialism is one of the few forms of error with a quantifiable death toll. In South Africa AIDS denialism along with conservative views on spreading information about sexual health contributed to the deaths of millions as an epidemic spread unchecked.
Now does HIV cause AIDS? I would be very surprised if it did not.
The Durban Declaration, available for free from Nature summarizes the evidence for the HIV AIDS hypothesis in very detailed, still nontechnical language. It will take about 5 minutes to read thoroughly. There is much about the epidemic that the HIV causation hypothesis explains, from the Lazarus effect of ARV to the rapid spread across the world of the epidemic.
Denialism costs lives: not believing HIV causes AIDS can cause people to be nonchalant about condom usage or ARVs. This is inevitably a deadly course of action. Unlike climate change there doesn't seem to be a lot of money in the opposing position. So why do people deny that HIV causes AIDS?
Subscribe to:
Comments (Atom)