Friday Squid Blogging: The Hawaiian Bobtail Squid Genome

The Hawaiian Bobtail Squid's genome is half again the size of a human's.

Other facts:

The Hawaiian bobtail squid has two different symbiotic organs, and researchers were able to show that each of these took different paths in their evolution. This particular species of squid has a light organ that harbors a light-producing, or bioluminescent, bacterium that enables the squid to cloak itself from predators. At some point in the past, a major "duplication event" occurred that led to repeat copies of genes that normally exist in the eye. These genes allowed the squid to manipulate the light generated by the bacteria.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on February 8, 2019 at 4:37 PM • 152 Comments

Comments

Hampton the HampsterFebruary 8, 2019 4:52 PM

Does anyone of the usual suspects incl. the host have an opinion on the new Google encryption scheme for low end Android phones called Adiantum?
I'm not yet decided what to think about it.

Sherman JerroldFebruary 8, 2019 5:08 PM

Believing it is important and is being completely ignored by the Corporate MSM
Regarding digital attacks on personal information security:

There are 10's (maybe hundreds) of thousands of little devices in people's homes that can easily (and likely) be listening in on everything, invading their privacy. They were the 'creation' of J. Bezos.

Mr.(and I use the term loosely) Bezos has been exposed as an adulterer and is now whining to the world that his privacy and personal security has been violated by the National Inquirer (I believe).

Does anyone see hypocrisy and irony in this??

Sherman JerroldFebruary 8, 2019 5:19 PM

to Hampton the Hampster,

First, your moniker drags my mind back to the ancient website hamsterdance.com. What a wonderful innocent expression that was.

Second, while I have no specific info on the Google encryption scheme for low end Android phones called Adiantum. I do have a very strong opinion (based on experience helping poeple that use android phones) that anything that Google does will not be secure when it comes to their harvesting people's information. Google, after all, took open source Linux and created their own locked down proprietary Golem of an O/S called Android. And, a huge number of the google apps for android are spyware. One partial reduction in app spyware you can take is to read ALL the permissions each app wants before installing it and selecting the one that suits your purpose that is the least intrusive. Many 'hoover-up' every bit of personal info from your android device that they can.

good luck Hampton.

1&1~=UmmFebruary 8, 2019 5:45 PM

@Sherman Jerrold:

"There are 10's (maybe hundreds) of thousands of little devices in people's homes that can easily (and likely) be listening in on everything, invading their privacy. They were the 'creation' of J. Bezos."

When trespass is committed, who is to blaim?

The trespassers or the property owner?

In Vampire Stories, they may only enter your property when invited.

In the Vampire Squid you mentions case, you have to not just buy the "little devices", but take them across your threashold, unpack them, install them, configure them, register them with the Vampire's Empire of soul sucking darkness and operate them.

It could be argued that was a fairly solid invitation for the Vampire Squid's Empire of soul sucking darkness to suck out your very essence and feast on it, yes?

One major human failing is "misplaced trust" another is "Not checking the horse".

Education apparently does not work against "Gee neat" personality types. Which might account for the need for iPhones, Velcro close shoes, scissors with plastic blades, knives without points, squeeze bottle ketchup and milk in two handle plastic no spill jugs. With some requiring soft floor and walls as well.

ismarFebruary 8, 2019 6:27 PM

And this "Dolphin Attack" for @Clive (and others off course)

"One way to carry out this type of attack is through ultrasound — a sound so high it is inaudible to the human ear. In an article published in 2017, researchers from Zhejiang University presented a technique for taking covert control of voice assistants, named DolphinAttack (so called because dolphins emit ultrasound). The research team converted voice commands into ultrasonic waves, with frequencies too high to be picked up by humans, but still recognizable by microphones in modern devices."

https://www.kaspersky.com/blog/ultrasound-attacks/25549/

Humma HummaFebruary 8, 2019 6:32 PM

Re: Adiantum

It is a positive development in the sense encryption is now on more devices but it really changes nothing in the ecosystem since attackers dont break encryption they subvert end points.

GreezMonkey72February 8, 2019 7:00 PM

Question for the security crowd...

Can we expect to have both anonymity and encryption at the same time?

1) It's reasonable to expect to have private communications, but it may be reasonable for crime investigation and national security to expect the senders of encrypted data to be identifiable.

2) It's reasonable to expect to be able to communicate anonymously, but it may be reasonable for crime investigation and national security to expect anonymous communications to be readable by law enforcement at least when a warrant is served.

3) Is it reasonable to expect to have complete privacy for both the content of communications and the identities of those communicating?

In my opinion it is reasonable to expect to use encryption without any backdoor to keep the content of communications private, but in that case maybe the individuals communicating need to be identifiable. If you make a land line phone call on a phone that isn't tapped then the content of communications are not recorded and are private, but the individuals communicating can be identified at least by the account information for the phone line.

I think it's also reasonable to expect to be able to communicate anonymously, so that people can speak freely without having to publicly identify themselves. If you are anonymous then the need for encryption may be reduced. It may not be realistic to have strong encryption and complete anonymity both at the same time as it leaves society vulnerable to pervasive criminal activity with no practical means of enforcement or attribution.

Happy Friday folks, I'd love to hear your opinions.

VinnyGFebruary 8, 2019 7:01 PM

@1&1~=Umm re: little spies - Well and good to judge that the fools who invited these nefarious guests past the door step are only reaping what they deserve, but what of innocent bystanders? There has yet been no court case testing whether unanimous consent from all adults in a household is needed before allowing such an intruder to enter. What of guests and other visitors whose privacy is just as much at risk? Is or should there be a requirement to inform others who enter that they are being spied upon? Or is it incumbent on the visitor to ensure the negative, and if so, how would one even go about doing that? Advice to just stay home and play with one's own toys would likely just lead to more and worse of the type of self-induced fantastical isolation that seems to be feeding this idiotic behavior. Lots of questions here, not many palatable answers...

About KarmaFebruary 8, 2019 8:33 PM

Story from Reuters: UAE government hacking unit "Project Raven" staffed by ex-NSA cyber ops to spy on iPhones, using a remote spyware tool named "Karma". Apparently used iMessage exploits in 2016 and 2017, without any phone user interaction required

If it's true that the Emirates "purchased Karma from a vendor outside the country", then probably other countries or large corporations were using it too (maybe under a different name)

https://www.reuters.com/article/us-usa-spying-karma-exclusive/exclusive-uae-used-cyber-super-weapon-to-spy-on-iphones-of-foes-idUSKCN1PO1AN

Sherman JerroldFebruary 8, 2019 9:13 PM

reply to 1&1~=Umm and VinnyG

Both of you bring up good points. The issue is incredibly complicated. Few people today even know what 'caveat emptor' means.

While I appreciate and enjoy working with people at our clinics who want to be helped and learn not to 'step in it' again, there are many who are quite willing to keep drinking whatever flavor of pop-culture kool-aid is popular, and ignore the warnings of Schneier, Krebs, EFF, techdirt, etc.

I'll only add a few items that I've experience with --

1)the little digital spies are being sold by a gigantic corp. with a 'great reputation' according to many of the sheople I've run into. They are sure that these corporation's billionaire owners would never take advantage of them, they see the ubiquitous 'benign' logo and think; I'll just bring it into my home, this is so cute, it doesn't look like and therefore couldn't be a Vampire Squid.

2)I run neighborhood computer clinics. Most who come there never research the devices they buy. They never read the 'terms and conditions', they are to excited about the 'gee-whiz' factor to do anything other than quickly register and provide all their personal info so they can quickly begin to play with their new toy. They never delve into the settings. They are amazed when I try to enlighten them with many of the security communities' warnings. Some do learn and appreciate what the knowledgeable sites warn. Some just keep drinking the kool-aid and ask me if I really have foil lining my hat.

3) In my world, popularity is never a valid way to judge the safety or efficacy of something. Maybe I'm too cautious compared to the majority, but I would rather do without a couple of whiz-bang features and have a more reliable and secure system.

4) 'Innocent bystanders' is an excellent point. Facebook starts hunting you down, starting with a facial recog. profile, the minute you show up in cousin Ed's family photo.

HumdeeFebruary 8, 2019 9:30 PM

@GreezMonkey

At some remove the distinction between encryption and anonymity breaks down. One can draw a distinction between sender identity and message content but the USA kills people based on metadata. Break the encryption one can often figure out who the sender is. Discover the name and social network of the sender and one can take a good guess at what the message said. It's a not perfect correlation but the law doesn't require perfection.

As the saying goes, those who trade privacy for security end up with neither.

Impossibly StupidFebruary 8, 2019 10:52 PM

GreezMonkey72 • February 8, 2019 7:00 PM

Can we expect to have both anonymity and encryption at the same time?

The concepts appear to be orthogonal. What dependency do you see between the two? Encryption isn't even a concept it makes sense to discuss in that context, because it's all just data that's being exchanged. I mean, just because someone in China can't read English doesn't mean this conversation is encrypted in any meaningful way. Indeed, unbreakable encryption (via OTP) just appears to be a random data stream; the ultimate foreign language. That can lend significant anonymity to the exchange, but there may be out-of-band metadata that allows parties to be identified. This is particularly true if a targeted individual is being monitored in advance, such that their actions can be causally be linked to any kind of signal.

It may not be realistic to have strong encryption and complete anonymity both at the same time as it leaves society vulnerable to pervasive criminal activity with no practical means of enforcement or attribution.

Uh, for any reasonable definition of "realistic", we have both. Just because law enforcement doesn't like mathematics doesn't mean they can do anything about it. They just have to go back to doing proper policing, which means going after specific criminal activity rather than going on fishing expeditions just because it was easy to hoover up everyone's data and sift through it.

rechercheFebruary 9, 2019 12:44 AM

"Police use new phone-cracking powers as Government works out the fine print"


URL: https://www.abc.net.au/news/science/2019-02-07/police-use-phone-cracking-powers-home-affairs-consultation/10780996

There were dozens (63?) proposed amendments to the bill that were due to be debated, but which have been deferred to the very-short 2019 pre-election sitting days, despite the bill being rushed through very late in the 2018 sitting days (noted December 12 on this blog):

https://www.schneier.com/blog/archives/2018/12/new_australian_.html

Quote from that Dec 12 entry:

New Australian Backdoor Law

Last week, Australia passed a law giving the government the ability to demand backdoors in computers and communications systems. Details are still to be defined, but it's really bad.

Note: Many people e-mailed me to ask why I haven't blogged this yet. One, I was busy with other things. And two, there's nothing I can say that I haven't said many times before.

--------------------

Well, a Senate committee is reviewing the legislation, and some of the submissions are... interesting:

In a submission to the parliamentary committee now reviewing the legislation, the Department said police and national security agencies have already used the Act to support their work.

The department is also currently circulating an "issues paper" to some companies, seeking feedback about a proposed framework that will guide how industry would give assistance to authorities.

The document, seen by the ABC, invites submissions on questions including how companies would like to be alerted about assistance requests and how to assess costs.

Describing the legislation as "fundamentally flawed", one industry insider said it was "odd" the paper was only being issued now after the bill was hurried through the Lower House and Senate.

[... lots of valuable information in the ABC news story elided, but the ending is golden:]

Criticisms made by the Communications Alliance and others were put to Home Affairs.

While declining to comment in detail, a department spokesperson said the legislation did not compromise the security of any Australians' digital communications.

The PJCIS must report back by 3 April 2019.

Clive RobinsonFebruary 9, 2019 2:09 AM

@ GreezMonkey72,

Can we expect to have both anonymity and encryption at the same time?

You have given insufficient information to answer the question as a yes/no answer.

At the simplest level to ensure "secure" encryption you need a shared secret between the two communicating parties only.

So providing you can share a secret securely the two communicating parties can make the actuall content of their message secure from third parties.

However can the first party communicate with the second party and have the content of the message be secure as well as being anonymous to the second party?

Well maybe yes, there are some protocols that supposedly enable a secret between only the first and second parties to be established in full view of third parties. However there is no established proof of secrecy just significant asymmetry of work factor for third parties. The NSA have allegedly broken 1024bit varients of the protocols for a number of reasons (common modulas, known RNG, side channel leakage, etc). Further "if and when" the right type of Quantum Computing (QC) becomes viable --if it ever does-- then the third party work factor may diminish significantly but not entirely.

So to a limited extent secrecy of the communications content is possible currently, thus if the first party takes care in what they put in a message they can remain anonymous from both the second and third parties who only see encrypted traffic at the second party.

However the Internet is not a broadcast network by design thus traffic between any two "linked" nodes/hosts on the Internet contain routing information to forward an outbound packet to a specific destination and for a reply to be sent that TCP and other "reliable protocols" currently require.

During WWII a young chap at Bletchly Park worked out that the flow of information or traffic that communications are was amenable to analysis without having to know the actuall communications content. Importantly Traffic Analysis (TA) as it became known could unlike cryptanalysis produce near real time actionable intelligence. So yes SigInt agencies can see your outbound traffic before it is completed and make assumptions about it's content even before the second party even knows it is being sent to them (apps often only inform users after the full message has been received, or a failure time out).

Thus any third party who can see sufficient information in the traffic flow can strip anonymity away.

There are ways to reduce this issue and back in the 1970's Gus Simmons[1], devised the notion of subliminal channels. These were to study hidden communications protocols inside of Shannon Communications channels. You can turn the idea on it's head and with care thwart TA but it is not easy to do. Also as with all other things mathematical the field generally advances (yes there is the potential for "lost knowledge" but generaly we avoid it).

My personal view point is with the current methods available to the average user they can not get anonymity at the push of a button or download of a package. Because one heck of a lot more is involved, as the CIA found by loosing operatives and sources in China and Iran.

[1] https://en.m.wikipedia.org/wiki/Gustavus_Simmons

Wesley ParishFebruary 9, 2019 3:11 AM

The recent US Federal govt shutdown over a certain someone's Border Wall reminded me that Border Walls are large-scale Security Theatre. And the problem with Security Theatre is, it is not very good theatre. You can plonk it in a Petite Guignol category, as a kind of Dadaism-in-motion, except that it is more often than not, painful, horrifying, or fatal to the victims.

Anyway, I have a suggestion to cut the Gordian Knot surrounding the proposed Border Wall - with some necessary caveats. President Trump has made a big deal out of his fabulous wealth - let him show just how important this Border Wall is to him, by paying for it out of his own pocket. I'm sure the Russians who funded him on previous occasions will be only too happy to step up and cover any shortfalls he finds he has ...

Here's where the caveats start to kick in. The border forces' jurisdiction now apparently reaches 100 miles inland of the US border. And the border forces are professionals. And if there is one thing that riles a true professional no end, it is intrusion of well-meaning amateurs into his field of expertise. So the suggested Trump Border Wall would need to be placed well outside of the one hundred mile limit of the border forces' extended jurisdiction - we can't have them going postal and potting Trump's undocumented workers while they are working on his wall, can we now?

This would bring it into conflict with some large cities, and it now being his private wall, he would not be entitled to use eminent domain to site his wall whereever he chooses, and would have to make it demountable so as to make way for these cities' natural growth. I suspect he'll make a deal with LEGO, to acquire special super-large LEGO bricks.

This Border Wall would also cross some quite large farms and ranches, and if I know anything about farmers and graziers, they would fight him tooth and nail before their let him bisect their properties. However, they would not have thought to register claims on the airspace above those properties. So Trump could quite legally purchase such airspace rights and build the Border Wall on stilts a hundred to a thousand feet above such properties. He would make his mark on history by this - no one has yet built a wall on stilts, so he would be a first.

Though Trump is notorious for lacking any sense of history, he would have taken notice of the fact that the Berlin Wall was one brick thick, and was dismantled in a single day, whereas the Great Wall of China is several metres thick and has never been dismantled yet. So he would need to make it several metres thick. He could then put rooms in it and fund the wall by renting rooms out to tourists ...

And lastly, he could remember that one of the best ways to inspire employees is to knuckle down and get to work alongside them, showing them that you are just as capable of putting in the hard yards as them. It would also serve to counter critics of such a Border Wall, if people could truthfully say, "I saw President Trump working for the same level of underpayment as his undocumented workers get!!!"

Also, LEGO might be willing to make bricks with a mosaic of his face. This would enable Trump to have a private Border Wall with his face on it, all thousand miles of it. Such a Border Wall would be justly recognized as the only avant-garde Dadaist self-portraiture in the world ...

And such a Border Wall, well outside the border forces' jurisdiction one hundred miles-inland of the border, made of super-large LEGO bricks in part, and at places a hundred to a thousand feet above the ground on stilts, would be Security Theatre that would pay for itself in no time. Tourists would flock from everywhere to see it.

And in the meantime, I have sad news to report. People on both sides of the Canadian-Mexican border, have been reporting that cowboys in the Militarized Zone between those two great nations, have been heard singing "Please Fence Me In." Grave concerns are held, particularly on the Mexican side, for the mental health of cattle exposed to such dirges. Cattle so depressed are bad news for toreadors. who in turn get depressed and cannot put up a decent corrida.

Ergo SumFebruary 9, 2019 4:42 AM

@Wesley Parish...

The border forces' jurisdiction now apparently reaches 100 miles inland of the US border.

If you meant "now" as 1953, then you are correct...

The 100-mile border zone were adopted by the U.S. Department of Justice in 1953. Quote from Tittle 8 CFR § 287.1 Definitions:

(a)

(1)External boundary. The term external boundary, as used in section 287(a)(3) of the Act, means the land boundaries and the territorial sea of the United States extending 12 nautical miles from the baselines of the United States determined in accordance with international law.

(2)Reasonable distance. The term reasonable distance, as used in section 287(a) (3) of the Act, means within 100 air miles from any external boundary of the United States or any shorter distance which may be fixed by the chief patrol agent for CBP, or the special agent in charge for ICE, or, so far as the power to board and search aircraft is concerned any distance fixed pursuant to paragraph (b) of this section.

(b)Reasonable distance; fixing by chief patrol agents and special agents in charge.

As per definition (b), BPA/CBP can extend the 100 miles range as they see fit, without any additional regulations.

The fact that most people live at the "edges" of the US, within the 100 miles zone, about 200 million people are under the jurisdiction of the US Border Patrol Agency.

In my view, the BPA should have this authority within the external boundaries of the US only.

Ergo SumFebruary 9, 2019 5:32 AM

@Sherman Jerrold...

Far from me to start a platform @metoo discussion...

I do have a very strong opinion (based on experience helping poeple that use android phones) that anything that Google does will not be secure when it comes to their harvesting people's information. Google, after all, took open source Linux and created their own locked down proprietary Golem of an O/S called Android. And, a huge number of the google apps for android are spyware. One partial reduction in app spyware you can take is to read ALL the permissions each app wants before installing it and selecting the one that suits your purpose that is the least intrusive. Many 'hoover-up' every bit of personal info from your android device that they can.

Certainly, Apple takes a different stand, quote from Tim Cook:

We feel this very deeply, that privacy is a fundamental human right. So that’s the angle that we look at it

That's admirable from a large corporation, but...

On the other hand, Google pays $3B per year to Apple for making Google the default search engine with Safari. Then, there's the other deal between Google and Apple, unknown yearly fee, for making Google the search engine for Siri.

While Mr. Cook talks a good talk, outsourced harvesting people's information just as damaging for people as directly doing the same. iOS with Google providing the search functions is just as intrusive as they are on the Android platform.

With that said, I do have an iPhone, where Siri, WiFi, BT, GPS disabled, and most of the times even the unlimited cellular data is disabled. It's not like that will stop data collection, I just believe that if you don't use it most of the times, then don't have it on...

ScottFebruary 9, 2019 7:56 AM

@Sherman Jerrold, regarding the Jeff Bezos story. Should I go to Hacker News instead of Bruce's comment section to have a good angle on this? )

https://news.ycombinator.com/item?id=19109474

It seems like a lot of people are not reading between the lines of this post. Bezos apparently believes that he was hacked by either the US or Saudi government and that now one or both of those governments are using the National Enquirer as an attack dog against him. That accusation is much bigger than any other piece of this story.

EDIT: Here [1] is a reporter from the Washington Post backing that up. The Bezos' camp believes this is a politically motivated attack and the data was acquired by a "government entity" (logically the US or Saudis).

[1] - https://twitter.com/ndrew_lawrence/status/1093715333079318530

***

I'm not sure if this has been discussed before, but should we all be worried, because of simple things like the security of major infrastructure and most of our devices, about the Linux Kernel's new Code of Conduct? Why, or why not?

https://itsfoss.com/linux-code-of-conduct/

Last year they did this to FreeBSD and we remained silent. Sort of.

https://www.theregister.co.uk/2018/02/21/freebsd_code_of_conduct_controversy/

Now they take onto the Linux Kernel itself.

***

I'm still looking for the article, some article @Bruce posted here some time ago discussing why authentication policies where businesses try to identify you, as the owner of the account (by asking personal questions like DOB, address, etc.) is a bad idea in the first place, and that businesses should identify the account (not you, the owner), so primary identifiers should be a login name and a password not tied to a person (and 2-factor authentication, or maybe a security question which you should fill with gibberish answers, so all in all, it's complicated). Can you point me to an article like this? So I can point businesses to it who use bad practices. Is this still "best practice," or has this approach been contested since then?

FaustusFebruary 9, 2019 9:37 AM

@Scott

The policies seem pretty symmetric (not benefiting anyone in particular) and short and easy to digest. I came up in a time when men (it was mostly men) took pride in being able to weather the ridiculous attacks of aholes. But I don't think a hostile environment is necessary or helpful.

Linus (as brilliant as he is) really was a jerk to a lot of people. People should coach each other, not tear each other down.

Do you have a specific problem with these policies?

ScottFebruary 9, 2019 10:37 AM

@Faustus

Do you have a specific problem with these policies?

Other than what the linked articles were about?

The policies seem pretty symmetric (not benefiting anyone in particular) and short and easy to digest. I came up in a time when men (it was mostly men) took pride in being able to weather the ridiculous attacks of aholes. But I don't think a hostile environment is necessary or helpful.

Because what you are saying is not what these policies are about, or what the articles I referred to report about. Let's take FreeBSD, as it's easier! We have more info, and I've followed the story a bit. Bryan Lunduke had a good show about the issue on YouTube which he seem to put behind a paywall by now. Because he has to feed a family or something.

There was a serious bug in FreeBSD about a year ago, but they were so busy implementing their new code of conduct they couldn't care less to fix the serious bug for like, two weeks? Sorry I just don't have time to Google all these relevant things up for this discussion, but sure, all is well documented in the right places.

Some people say FreeBSD is already dead, so why cares? https://www.csoonline.com/article/3250653/open-source-tools/is-the-bsd-os-dying-some-security-researchers-think-so.html

FreeBSD didn't have a famous abrasive personality acting as a benevolent dictator over the project, and I'm sure you couldn't object the project's previous code of conduct either. For example, isn't a CoC like this one should be enough? https://wiki.gentoo.org/wiki/Project:Council/Code_of_conduct

The point is activists also known as social justice warriors are pushing an agenda here. OK, who cares about FreeBSD (actually I wanted to get into it, but maybe it's already too late), they should eat their own dog food, but messing with the Linux Kernel is on a different level.

This is perfect, with the comments: https://www.youtube.com/watch?v=Ib7tFvw34DM

There are people who follow 'the culture wars' online and people who follow technology and security. There is a slight overlap, but not much. Some people find this new code of conduct to the Linux Kernel alarming with possibly dire consequences to, you know, major infrastructure and most of our personal gadgets running Linux these days. On the culture wars side of things, you may want to look up the Joe Rogan podcast with quite a few interesting guest on related topics, including psychology professor Jordan Peterson who is all over the Internet these days: https://www.realclearpolitics.com/video/2017/06/05/jordan_peterson_why_you_have_to_fight_postmodernism.html#!

On the geeky side of things, you may be interested in looking up the many online discussions about these Codes of Conducts, maybe starting with the FreeBSD one, there are plenty of good discussions, it has a year long history so far and the Linux side of things is just taking off. A random discussion from another project's forum which came up to a random search, there are many good ones, by just sane people, I guess: https://forums.gentoo.org/viewtopic-t-1077386-start-0.html

Clive RobinsonFebruary 9, 2019 11:29 AM

@ Scott,

FreeBSD didn't have a famous abrasive personality acting as a benevolent dictator over the project, and I'm sure you couldn't object the project's previous code of conduct either.

Some will say that "You need to break eggs to make an omelet" others will say everyone should have a say.

The fact is you have to make a choice between getting things done and talking them to death. Any half way sensible business manager will tell you not only that but strong leadership builds strong teams, and wishy-washy managment spend all their time worying not about achiving goals but making every one feel part of the team irrespective of their contribution to reaching objectives. As in politics, businesses do not survive if they are not focussed on what the goals are.

The problem is thus deciding at any one time what the goals should be, their timelines and the risks they present.

History has shown use that people who create rarely have good human skills. There are lots of reasons that this may be so, not least of which is one of several "social communications disorders". They are as much if not considerably more so difficult for an individual than many physical disabilities.

I suspect many of those falling foul of these Codes of Conduct are actually being quite seriously discriminated against. Often by people who's only real contribution is their ability to disrupt things for their own personal self aggrandizement.

Have a look at the history of "Political Corectness" and what it did and did not achive. One of it's most notable achivment was a whole load of "Makework" positions in organisations basically creating havoc.

The mores of society change all be it slowely, those trying to push a personal agenda onto any society will face both criticism and resistance from the more conservative side of any given society. We see enough evidence of this in both religion and politics which is why as subjects they are generally taboo at social meetings, especially when the likes of alcohol are involved.

As has been pointed out by some the Linux CoC almost immediately created a controversy, especially when people started digging into the pasts of those involved and the "NSA and finessing" over random number generators popped up.

For years I've seen decisions made where some fairly lame "safety" reason was put forward as a way to decimate "security" arguing against it immediately turned into personal attacks by the those arguing that "safety" was the only reason or some other nonsense...

I take a view that when ever people push a policy or start taking a FUD approach, they almost certainly have a hidden agenda.

The problem is not just finding out what the agenda is but convincing orhers it exists, then taking it seriously...

There is a famous poem that starts,

    First they came for...

Often way to late do people realise that it is the way certain people work. It does not matter if their head has a peaked hat with braid or pink dayglow hair, the direction of the "directing mind" below it is very likely to be unfavourable to society in general, if they are alowed to succeed.

bttbFebruary 9, 2019 11:35 AM

Regarding Manafort, from https://www.emptywheel.net/2019/02/08/pardons-and-spooks-the-back-story-of-paulies-plea/ :

"Update: Rereading the transcript while I wait for the Whitaker [Acting Attorney General aka BDTS] hearing to resume. Here’s another instance where Weissmann [Mueller associate] suggests the normal incentives to cooperate weren’t in place [for Manafort], presumably because of a hoped for pardon.

'[Weissmann speaking] And to take — to go back to the example of Mr. Manafort’s saying to us: Well, that’s not what I said previously. What that showed is that the incentives of the agreement, where there are benefits to be had by cooperating, there are disincentives; because if you’re caught lying, that you can have serious consequences. It told us that those incentives were not working — were not working adequately. So, all of that factored into why we were making this decision.'


Update[2]: At the very end of the Matt Whitaker hearing today, TX Congresswoman Veronica Escobar asked the Acting Attorney General a really interesting question about pardons:

Escobar: Did you ever create, direct the creation of, see, or become aware of, the existence of any documents relating to pardons of any individual?

Whitaker: Uh, I am aware of documents relating to pardons of individuals, yes.

Admittedly, his response lacked any of his big “tells,” (such as drinking water or sneering or gritting his jaw), so this could be an answer pertaining to the normal role of the Attorney General in pardons (and Trump hasn’t pardoned all that many people, in any case). But it was an interesting exchange in any case."

Also https://www.bloomberg.com/news/articles/2019-02-08/manafort-prosecutors-have-questions-about-1-million-condo-loan

"...Special Counsel Robert Mueller wants to know more about a $1 million loan made to Paul Manafort’s family in the days after the FBI raided his home...." (about a 3 minute read)

FaustusFebruary 9, 2019 11:42 AM

@ Scott

Come on, Scott. I have work to do. I am not going to read a bunch of random links and watch a 45 minute video and try to intuit what you mean. Have the courage of your convictions and tell us what part of the Code of Conduct you don't like.

I believe in due process in every situation. People don't take into account how malleable memory is and how much our cognition is affected by social pressures. I don't "believe" anyone. People are innocent until proven guilty. If there is not sufficient evidence to prove beyond a reasonable doubt that somebody is guilty, they are innocent. Me, you, OJ Simpson, whoever.

But I also believe we should mind our own business. People should be whatever they are short of active direct hurters of other people. They have every right to be proud of whatever that is and talk about it, celebrate it. People have the right to free speech, however stupid, but I also have a right not to invite people I find to be idiots into my house or company. In a public space like FOSS my opinion about other people is not relevant.

I believe in meritocracy, and so do evolution and computers. It doesn't matter how nice you are: Your crappy code won't work right. People have a right to use code that works right. But everybody needs to learn, and, in public spaces we should help people succeed, not beat them on the head for being works in progress.

I don't invite people to enter spaces solely to cause trouble and enforce their morality. But people who legitimately want to contribute should be treated nicely. If I disagree with someone we should try to give each other space rather than kill each other off.

That is the main point: Let's stop trying to kill off people who think differently and feel differently and live differently than we do. People makes mistakes. Coach them to do better rather trying to exterminate them. And be open to the possibility that it may be you who is wrong.

The fact is: The future will find that most of what we believe today is wrong. Let's have some humility.

bttbFebruary 9, 2019 11:57 AM

@Scott, Sherman Jerrold

Regarding Bezos, Amazon/Washington Post, and Pecker, AMI/National Enquirer, from https://www.emptywheel.net/2019/02/08/open-thread-is-that-a-smile/ :

"... If you haven’t read Bezos’ open letter [ https://medium.com/@jeffreypbezos/no-thank-you-mr-pecker-146e3922310f ] to AMI you really should. There’s something about AMI’s attempt that’s more than squicky; it smells sloppy and desperate...."

Also https://www.thedailybeast.com/private-eyes-detail-inner-workings-of-national-enquirer-blackmail-machine

https://www.usatoday.com/story/life/people/2019/02/08/ronan-farrow-ami-blackmail-jeff-bezos-amazon-threats/2810712002/

ScottFebruary 9, 2019 12:46 PM

@Faustus

The future will find that most of what we believe today is wrong.

You are probably right that the 45-minute FreeBSD presentation isn't suited the best to get you up to speed.

But let's say you have no more than 12 minutes to get a good grasp on the situation. But you have to have 12 minutes. I recommend you to start not with the geeky stuff, but the background of all this, so you can go and check out the Jordan Peterson video/transcript on the RealClearPolitics site. It's a good summary of the major issue at hand.

Have the courage of your convictions and tell us what part of the Code of Conduct you don't like.

IANAL, but my understanding is the Geek Feminism (far from being a neutral source) inspired code of conducts are basically blank checks to ban anyone from a project for any reason if it's deemed necessary, similarly to the deliberately vague terms of services all the major social media platforms these days prefer to use, for similar reasons.

https://lulz.com/linux-devs-threaten-killswitch-coc-controversy-1252/

It's a fun site but has some good tweets and retweets (which should be short enough reads) of the case of high profile kernel developer and thought criminal, Ted Ts, who is of now, hold your drinks, accused of being a "rape apologist." He isn't accused of rape, but being an apologist. I'm not that well versed in contemporary American culture, what does that even mean? But I know that when you find yourself being accused of something like this, even if it has no base, you are in trouble. You see, according to the new Code of Conduct, accusing someone of being a rape apologist is fine, being accused isn't.

What you've said about meritocracy and technology is nice. These code of conducts are exactly against that.

***

To sum up two of the three issues I've originally raised. Two people have found heads of dead hordes in their beds recently: Linus Torvalds, and Jeff Bezos.

Clive RobinsonFebruary 9, 2019 1:07 PM

@ Scott,

The Bezos' camp believes this is a politically motivated attack and the data was acquired by a "government entity"

There are two things there, the first of "political motivation" other journalists[1] are refereing to it as a "Catch and Kill" for the Current US President, and the owner of the offending news paper.

They also say there have be subsequent "blackmail" threats to try and stop Bezo's investigation. Again by the owner of the paper, who is having his face put in the frame, on the front page of the UK's The Guardian newspaper.

Apparently the owner of the offending newspaper is a long term close and personal friend of the current US President.

As for the sources of the information this could be several. However some are puting forward the notion of a national security agency... Whilst I won't say that is not possible, I would not give it much credit. Look at it this way, the current President has a whole load of other "abuse of power" issues not just alleged but being investigated. It's those around him that are taking the fall currently. The President generally does not have direct contact with those who would be able to get such information through the national security agencies. Thus atleast one if not several human cut outs would be required and those jobs shall we say don't have long term career prospects.

Any way it's known from the compleate "phone hacking" scandle in the UK that the likes of News International and others had hackers on the pay role in one way or another.

Thus this "catch and kill" might turn into a "Find, Fix and Finish" for certain individuals.

Oh and there are a couple of other possabilities that fall under the "Hostile entities" umbrella. It could be a diseffected individual low in the ranks letting the cat out of the bag for One of the usual MICE reasons. But it could also be another National Government who is upto something, or worse did something like butcher a journalist then do Donald Trumps "Fake News" routine untill the drip drip of evidence showed them up for what they were...

Look at it this way, if people find it reasonable to say Russia Interfeared with the 2016 election, they also have to accept that any number of other nations could be ramping up for 2020 or a shorter time scale, for many many reasons[2]...

That's part of the fun of trying to work out "who" is doing "What" and "Why"...

[1] Front page story of UK's The Guardian Newspaper, though no other nationals were carrying it as a story from a quick browse in the supermarket ;-) https://www.theguardian.com/technology/2019/feb/08/jeff-bezos-blackmail-national-enquirer-trump

[2]
https://www.theguardian.com/technology/2019/feb/08/the-national-enquirer-v-bezos-scandal-hits-the-scandal-sheet

https://www.theguardian.com/technology/2019/feb/09/jeff-bezos-trump-national-enquirer-amazon-david-pecker

FaustusFebruary 9, 2019 1:28 PM

@ Scott

If FOSS people are trying to ruin FOSS because they are being called out on being jerks, this is their responsibility, not some Code of Conduct.

I looked at Geek Feminism. Some is reasonable, recognizing that there are multiple ways of looking at things and that geek guys may not be very socially adept. Some is selling their politics as absolute truth in a way that I find is untrue.

But the source of something is different than its content. This is the CoC:

In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.

It sounds fine to me. What is the problem? This is just common courtesy. You have a right to be a jerk but people also have a right to exclude you on that basis.

The killswitch approach simply justifies excluding potential jerks from the outset. It plays right into the hands of people who want to create a PC monoculture.

Sherman JerroldFebruary 9, 2019 1:43 PM

I am still convinced that most people contributing to this blog are doing so out of their substantive concern for protecting security and privacy for the populace. Not ego trips.

I read the lulz.com link article and the comments. What I see there, as in many areas of society I am exposed to, is a lot of people who are busy classifying and demonizing rather than working to contribute positively to projects that were originally intended to work-around the usual corporate and social abuses. FOSS and Linux, etc. should be inclusive and not focused on petty personal issues. Being civil is not the same as how the issue of being 'politically correct' has exploded out of control into hypersensitivity.

Jeff B. and the Inquisition (oops, pardon me, the Inquirer) are both destructive titans that are so focused on their own petty war, they miss the point of all the damage they do to all their victims (oops, pardon me, their users). If the u.s. gov't has muddied this up, I would be saddened, but not surprised.

I try not to be naive, but I can't abandon some idealism. I don't advocate a phony Rodney King 'can't we just get along' attitude. But, I am advocating a focus on productive work in the public interest to prevent total ownership of all our assets by the corporations. And, for doing so in a manner that is not petty or partisan.

Thank you, now I'll climb down off my soap-box and attentively and critically read what all of you write.

FaustusFebruary 9, 2019 1:45 PM

@ Scott

The story of Ted Ts is a good example of why, in this age of no grays, tech forums don't really need to drill down on the specifics of people's beliefs concerning what are basically unrelated and sensitive topics.

Clive RobinsonFebruary 9, 2019 1:59 PM

@ About Karma, Scott,

Story from Reuters: UAE government hacking unit "Project Raven" staffed by ex-NSA cyber ops to spy on iPhones, using a remote spyware tool named "Karma". Apparently used iMessage exploits in 2016 and 2017, without any phone user interaction required

There could be an intersection of these two stories. Whilst the US-UAE tie up with "supposadly" Ex-NSA groundlings is discussed, it would be fairly naive to think there is not a similar US-Saudi tie up. With not just Ex-NSA groundlings, but still on the US taxpayer payroll senior staffers from not just the IC but the MIC as well.

tazzer2000February 9, 2019 2:23 PM

Something seems to be going on in F--R--A--N--C--E, am I right or did I fall victim to fake news? lol...Something about parliment building being stormed??Seenms to be scant info out there gentlmen, but doesnt it seem like the f--r--e--n--c--h r--e--v--o--l--u--t--i--o--n is happening?

Sherman JerroldFebruary 9, 2019 3:18 PM

@faustus,
Thanks for your comment. You are right, in that there is nothing phony about the concept of us all getting along. I agree with you there.

However, the context of the Rodney King debacle (decades ago) who was rather a thug, was that when he was tried, he used that phrase to try to show he wasn't a thug and most people felt he was being phony and disingenuous. I used it because in today's world, there are many who use that tactic to try to seem reasonable while engaged in a series of petty ad hominem attacks.

I've seen many, first hand, who want to appear to be heroes while they're busy kicking someone who is down.

Premy RocherFebruary 9, 2019 4:24 PM

Re: Bezos

It’s nobody’s business what Bezos does in his personal life, and also the women are dishonored. Shame on the perpetrators. Bezos et al can with truth just disavow everything since what is being published is presented as public and they did nothing with a public intention. Didn’t happen, move along. Oh, and sue the Nat Enq into oblivion.

FaustusFebruary 9, 2019 4:31 PM

@ Sherman

I agree, the self proclaimed heroes of today are pretty much all hypocrites. Heroes don't proclaim themselves such. Manipulation by computer a la Facebook or by person a la politics is the norm.

My only exposure to Rodney King was on a season of Dr. Drew's Celebrity Rehab. He seemed like a nice guy in that context. Wasn't King trying to quell the LA riots by saying we should get along? It's hard to have a problem with that.

This is what he said in context:

"I just want to say – you know – can we all get along? Can we, can we get along? Can we stop making it horrible for the older people and the kids? And ... I mean we've got enough smog in Los Angeles let alone to deal with setting these fires and things ... it's just not right – it's not right. And it's not going to change anything. We'll get our justice; they've won the battle, but they haven't won the war. We'll get our day in court and that's all we want. And, just, uh, I love – I'm neutral, I love every – I love people of color. I'm not like they're making me out to be. We've got to quit – we've got to quit; I mean after-all, I could understand the first – upset for the first two hours after the verdict, but to go on, to keep going on like this and to see the security guard shot on the ground – it's just not right; it's just not right, because those people will never go home to their families again. And uh, I mean please, we can, we can get along here. We all can get along – we just gotta, we gotta. I mean, we're all stuck here for a while, let's, you know let's try to work it out, let's try to beat it, you know, let's try to work it out. "

https://en.wikipedia.org/wiki/Rodney_King#Aftermath

ScottFebruary 9, 2019 5:45 PM

@Faustus

It sounds fine to me. What is the problem?

Disclaimer: IANAL, but I see that for some reason you take this piece of the whole code of conduct. You better see it in context. If you aren't a lawyer (like me), the best way to spend 12 minutes to get some broader context is to really watch or read that Jordan Peterson speech over at the RealClearPolitics site. I sense you didn't do it so far. It's OK, your time and your preferences, but so we can debate.

Sorry if I'm a bore to repeat myself:

IANAL, but my understanding is the Geek Feminism (far from being a neutral source) inspired code of conducts are basically blank checks to ban anyone from a project for any reason if it's deemed necessary, similarly to the deliberately vague terms of services all the major social media platforms these days prefer to use, for similar reasons.

"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."
- Cardinal Richelieu

Take the whole code of conduct, not just the part you quoted, and if you are smart "like a lawyer," you can find the text to be a good pretense to kick out anyone you don't like from the project for any reason.

OK, let me quote the code of conduct by you again and give you some more context:

In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
The point is, how do you categorize people? How may categories can you really make? Who is a black, who is a white (and who is in between), who is mentally able, disable (and in between), who is hetero, who is homo (and in between)? The categories are endless. Facebook has some 57 categories of gender by now. Why only 57? If I feel like I'm an 58th gender, I very well feel excluded.

Off. This sounds funny (for a non-American): https://freebeacon.com/culture/gender-unicorn-kids-lets-color-gender-identity/

Disclaimer: I realize there is more to gender than binary male and female. But still. It feels some (activists) make it way more complicated than it should be.

Here's the second part of Jordan Peterson's argument regarding what I just described above. There are no limits to categories: https://www.youtube.com/watch?v=UnpB49iP5uU
But you should really start with the first piece at the RealClearPolitics site. First things first.

Anyways, I see that you guys aren't so interested in debating the overarching consequences of the new code of conduct to the Linux Kernel and I also feel a little bored debating over the Internet. I realized I spend my time better getting into the excellent discussion about the same topic over at the Gentoo Forums: https://forums.gentoo.org/viewtopic-t-1086552-postdays-0-postorder-asc-start-0.html

Some tidbits for you I've dug out of the thread so far, however:

https://postmeritocracy.org/

https://lkml.org/lkml/2018/9/19/234

@Clive Robinson

Thanks for the update on Bezos! To be honest, I didn't delve into it more than quoting the snippet I've found on Hacker News. As a non-American, this topic and the characters mentioned is a little farther away from me than the stuff with the Linux Kernel. Some entertainment value, but no more.

Impossibly StupidFebruary 9, 2019 6:31 PM

@Faustus

In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
It sounds fine to me. What is the problem?

The problem is mainly the emphasized parts. You can't claim you want a meritocracy, but then act like the unskilled and unaware are just as welcome as the experts. It's also a losing proposition to leave "harassment" undefined, because the world is full of people who will take offense at even the most innocuous things (e.g., telling someone they should take a class or read a book on data structures before they try to rewrite some library they have no experience with). From a security perspective, it's just a huge attack surface to allow anyone to derail a project this way.

What is phony about us all getting along?

It's phony because it's unrealistic and unscientific to expect mutually exclusive belief systems to be compatible. There are people who want to eliminate entire populations because of their race or religion or sexual expression. How do you accommodate those people without upsetting the people they fundamentally hate? Hell, I seem to recall some project that ran out a guy because he was into something like S&M or B&D; it's so clearly a false message of inclusiveness when you do things like that.

Similarly, nobody wants to work next to someone that smells like a sewer or lives like a pig, so allowing all forms of "personal appearance" just isn't going to fly in the real world. You lose good people when you allow bad people to keep crying wolf. Sometimes you have to be a bit of a jerk to people who are being even worse jerks. Rules are fine, but you shouldn't let the clueless write them.

FaustusFebruary 9, 2019 6:41 PM

@ Scott

The thing is that I don't care about the categories. It is unprofessional to be anything less than nice to everybody of any conceivable category. Nothing in there picks me or anyone else out for abuse. That's good.

People are writing software. There is no reason to be nasty to people. Basically like it is here on this blog. Bruce doesn't put up with nastiness and it basically doesn't happen. Who needs it?

I know Jordan Peterson. His experimental psych work is fine, but he vastly simplifies complex subjects in his other work. He engages in his own witch hunts and over reactions. Frankly, he gets hysterical. He is simply the mirror image of that which he claims to despise. I don't see any value there for me. I know the topics he addresses better than he does.

I read the lkml link a bit. It is all a projection into the future about what hasn't happened. My understanding is that fellow programmers will be enforcing the pledge, not a pc commissar. I really think this is a little hysterical too. But come to think of it: I have been likewise hysterical about other things on this blog! We're all human.

I really think it is premature to forecast doom from a pledge to be nice to everyone. I know it sounds dangerous, but it all might work out.

FaustusFebruary 9, 2019 6:49 PM

Oh, @ Impossibly. Everybody was inexperienced at some time. Not harassing them does not mean you are committing bad code.

But I understand why you would be against this pledge. You really don't sound like a nice person. You sound like a problem to work with. Maybe you are inexperienced and will learn. But your attitude would have had you pulled out for a discussion and, if that didn't work, quickly bounced at places I worked at 30 years ago just from general business commonsense.

SteveFebruary 9, 2019 7:21 PM

@Faustus,

The thing is that I don't care about the categories.

You don't. The people who push these code of conducts do.

I know Jordan Peterson. His experimental psych work is fine, but he vastly simplifies complex subjects in his other work. He engages in his own witch hunts and over reactions. Frankly, he gets hysterical. He is simply the mirror image of that which he claims to despise. I don't see any value there for me. I know the topics he addresses better than he does.

Then some actual debate points, especially related to the two short pieces by him I posted would help more than some ad hominem remarks with no information whatsoever.

My understanding is that fellow programmers will be enforcing the pledge, not a pc commissar.

I truly envy your naive idealism. ) I can't help, but these two people to me just look exactly like that, PC comissars: )

https://twitter.com/CoralineAda - The author of the Code of Conduct

https://twitter.com/_sagesharp_ - A high profile activist going after Linus himself

I really think it is premature to forecast doom from a pledge to be nice to everyone.
I don't want to be a bore to quote myself again where I said that the code of conduct isn't about that, but much more.

Bryan Lunduke's take on the shenanigans as a naive journalist. The segment starts from 15:50: https://www.youtube.com/watch?v=BOp9DOaFb-4

He suggest a fruitful debate with all interested parties to find some common ground. Unsurprisingly, this turned out to be a completely unfruitful attempt. If you've watched/read the linked Jordan Peterson piece from RealClearPolitics, you understand why. It seems Lunduke just didn't get the memo.

OK, it's late here, good night!

ScottFebruary 9, 2019 7:24 PM

Ops. Let me correct the formatting errors in my above post!

Quote by you in blockquote:

The thing is that I don't care about the categories.

Quote by you in blockquote:

I know Jordan Peterson. His experimental psych work is fine, but he vastly simplifies complex subjects in his other work. He engages in his own witch hunts and over reactions. Frankly, he gets hysterical. He is simply the mirror image of that which he claims to despise. I don't see any value there for me. I know the topics he addresses better than he does.

Quote by you in blockquote:

My understanding is that fellow programmers will be enforcing the pledge, not a pc commissar.

I apologize for the confusion.

ScottFebruary 9, 2019 7:29 PM

Quote by you in blockquote:

I really think it is premature to forecast doom from a pledge to be nice to everyone.

I should have used the Preview.

FaustusFebruary 9, 2019 8:11 PM

@ Scott

I like the Lunduke segment, he seems like an honest guy. If you are a kernel guy I could see how it would be stressful. But he doesn't sound worried about the Code of Conduct itself. it's more about the reaction.

He is looking for someone who is pro abuse. Is that you @ Impossibly, or am I misreading you?

He's saying let's find the folks who are unwelcoming and help them to change. Give them love. Sounds pretty reasonable to me.

Do you consent to a virtual hug from me @ Impossibly? I don't remember you being so agro before. Is this Linus disappearance stressful?

name requiredFebruary 9, 2019 8:26 PM

What would a cable internet contractor miscreant be able to do, and would the company know this had happened?
And, would a normal installation call be expected to take more than a couple hours?

ScottFebruary 10, 2019 12:13 AM

Guys, can you brief me which quote by @Impossibly Stupid did you find pro-abuse? I've read his comment twice, carefully, and maybe it's just because of the time zone difference, but I don't see it. It seems to me he just doesn't like the code of conduct, which itself does not equal pro abuse to me. Help me, because I don't want to be an abuse apologist!

ScottFebruary 10, 2019 1:10 AM

Two random thoughts from the Hacker News thread on the new Linux Kernel code of conduct:

One.

https://news.ycombinator.com/item?id=18060711

"What part of the CoC requires you reveal anything? It simply says you can't treat people unprofessionally. Why do you want to treat people unprofessionally?"

https://news.ycombinator.com/item?id=18060891

"That's a motte-and-bailey argument. The easy to defend idea of CoC is of course that one shouldn't discriminate and act unprofessionally. But declaring a CoC is just the first step - it needs to be enforced. And by design the enforcement seems to involve backroom committees and no chance for the accused to even know about specific allegations, let alone defend against them. It can result in downright kafkaesque situations and unnecessarily forces identity politics into the mix."

https://heterodoxacademy.org/the-motte-and-the-bailey-a-rhetorical-strategy-to-know/

"The motte and bailey tactic is most dangerous when it stands in the way of legitimate, deliberation and debate."


Two.

https://news.ycombinator.com/item?id=18061451

"Codes of conducts sound like laws, but they arent written by legislatures, arent enforced by experienced judges, and do not get reviewed to balance their goals against any high minded ideals like free speech, or even fairness to minority opinion groups.
For example, while a CoC will ban something utterly because it is the easiest way to enforce, an actual law would throw in a caveat about malice being required, or dilineate how many chances you get before the ban hammer comes down.

Ironically, many internet forums have rules much more similar laws than these new CoCs.

Code of conducts sound like the ten commandments, they are good common sense but we need more than that to run a society... even a little one.

We need to know who will enforce something, how much lineincy can be given, and what punishments there will be."

1&1~=UmmFebruary 10, 2019 1:34 AM

@Faustus,Scott:

I'll just leave this here,

https://lkml.org/lkml/2018/9/23/212

It's by Eric S. Raymond, and amongst other interesting observations, contains,

"Every group of cooperating humans has a telos, a mutually understood purpose towards which they are working (or playing). Again, this purpose may be unwritten and is not necessarily even conscious. But one thing is always true: the ethos derives from the telos, not the other way around. The goal precedes the instrument."

"If the normativeness slider starts low and is pushed high, the consequences are much more visible; you can get internal revolt against the change from people who consider the ethos to no longer serve their interests. This is especially likely if, bundled with a change in rules of procedure, there seems to be an attempt to change the telos of the group."

"Strict ethoi are typically functional glue only for small groups at the margins of society; minority regious groups are the best-studied case. The larger and more varied your group is, the more penalty there is for trying to be too normative."

The CoC was from a new barely participating sub-group more concerned with pushing an agenda that was very much contrary to the long existing telos of the group.

The sub-group in question's public agenda was and still is to destroy one of the fundementals of the telos of Open Source. And when they had been rebutted by other Open Source groups the behaviour of the principles was to put it politely extremely undignified and very far from inclusively respecting others opinions.

Which brings up another of Eric S. Raymond's observations, which can be found at the end of,

https://theothermccain.com/2018/05/30/coraline-ada-ehmke-transgender-feminist-satanic-sjw/

The article probably uses the quote as justification for what proceeds it. That said it is perhaps one of the politer rebuttals of the Ehmke CC currently out there.

ThothFebruary 10, 2019 2:16 AM

I have just released 32-bit JavaCard smartcard source code for the ChaCha20 algorithm according to RFC-7539 under 3-Clause BSD license.

Current test uses 64 bytes of data to test a single encrypt/decrypt function with 1 run that completes both the keying of the entire ChaCha20 internal state and also executing the encrypt/decrypt crypto function within 1 second of time and probably even below 1 second.

I have not tested the function with more data but this is much more faster than the previous 8/16-bit ChaCha20 JavaCard source code which took somewhere about 5 seconds or more just to encrypt/decrypt 64 bytes of data.

The catch for the increased speed is the JavaCard must have 32-bit integer support enabled.

Link:
- https://github.com/thotheolh/jcChaCha2032

tazzer2000February 10, 2019 7:35 AM

@1&1~=Umm

It's all identity politics now. Exploiting peoples urges/natural inclinations to gravitate towards constructing a self image. Not only do we construct this false narrative but we are constantly refining, defining and updating it. And here comes the trully horrifying part. The power structures in the world which exist (As they most certainly do) know this and they are AGGRESSIVELY using it right now to cause changes. We're seeing the next generation of warfare, and its target is the mind. Talk about a large attack surface.

tazzer2000February 10, 2019 8:03 AM

Microcontroller, ASIC, SOC, FPGA chips can be turned into RF transmitters thru software by cleaver timing tricks to influence the behavior of nearby components. Combined with other low level hardware level based vectors from the past few years. Rowhammer, Meltdown, Specter and friends. You can do some nifty things with FPGA's, a neural net, and the right machine learning algorithms these days. Give me a half dozen of the right people, and 6 months. lol. It seems a fundamental problem that charge carriers like wires, chip pins, pcb traces, busses, ...ect, will act as an antenna (*shakes fist at fundamental laws of physics).

FaustusFebruary 10, 2019 9:17 AM

@ Scott

@ Impossibly is explicitly hostile to beginners, which is just absurd, because everyone was one. Telling somebody to read a book is also hostile, versus politely saying something like "It looks to me like that data structure is off. Could you explain it to me? Here's how I'm used to seeing it done link".

I've run a lot of projects. I might tell somebody how I see something being done. Good people often find their own way, and it is usually better than my off-the-cuff idea. That's a win for me. The product is the product, not my ego.

The whole diatribe about appearance (smell) is also rude. I was a technical project manager for a major consulting company and issues like that do come up, but they are treated with sensitivity, not derision.

The fact is: There HAS ALWAYS BEEN a code a conduct in place where @ Impossibly does his stuff. It's his reign of obnoxiousness. I came up in the NYC area starting in the early 80s and nobody has ever said anything like what he said to me in a professional situation. (If people thought it, they knew enough not to say it out loud.) It's bad business. It's bad for morale. It's bad for productivity. I much prefer the new CoC, which is apparently the one I have operated under my whole career.

This thread has been very helpful to me. I have apparently selected my work environments to the point where I have been like: "What bros? What sexism?" because I haven't seen it. Obviously it really is a big problem in some environments.

I do think that a CoC should be enforced with due process and a chance for people to make mistakes (within reason). But, in a work environment, people should be able to present themselves as they are (within the limits of treating other people well), and not be harassed in ANY way.

For example: I don't care how many genders you think there are. I don't KNOW how many genders there are. Future developments will tell us more. Until then, be excellent to each other and drop kick people who resolutely refuse to treat people nicely, for the sake of the project.

They can start their own project under another rubric with as many obnoxious people as they like. Fork!

For example, I released an open source encryption system, but I am not inviting coworkers. People can create issues or fork if they want to code themselves.

Scott, I appreciate the calmness with which you have presented this material. I find nothing objectionable about your demeanor, I just disagree in the ways I have stated. I have checked out some links, but to me, there is a lot of projections of horrible outcomes that have not happened mixed in with people demonstrating with obnoxiousness why people need to be nicer to each other.

Obviously I am not on twitter. I couldn't take the arrogance and rudeness. I was also treated very rudely when I joined The Well as a beginner in the 90s. This blog, schneier.com, is the best online community I have experienced.

ScottFebruary 10, 2019 9:26 AM

@1&1~=Umm

Following the links from theothermccain.com, it seems Eric Raymond's original essay: http://esr.ibiblio.org/?p=6918 and Ehmke's response: https://medium.com/rx3-magazine/why-hackers-must-welcome-social-justice-advocates-1f8d7e216b00 both worth reading. Later, when I dedicate some time to them.

I can't help, but the latter I have to read with extreme caution, as I got the warning from both Eric Raymond and Jordan Peterson. At a first glance, her style of writing might sound compelling, but I'm sure someone better versed in the culture wars could find lots of hidden meanings and agendas in said text the untrained eye would just skip over. IANAL.

Am I full of prejudices or what? I mean if you were a caveman and seen a lion in the open savanna, your prejudices that he wants to eat you were well justified. this is just basic human nature, right? https://www.youtube.com/watch?v=nk_GaFdWSME

TõnisFebruary 10, 2019 9:55 AM

@GreezMonkey72,

"Can we expect to have both anonymity and encryption at the same time?
1) It's reasonable to expect to have private communications, but it may be reasonable for crime investigation and national security to expect the senders of encrypted data to be identifiable."

The problem is that in authoritarian regimes everything becomes a crime or a "national security issue." For example, a law gets made that criminalizes wearing purple socks on Tuesday. You're suspected of wearing purple socks on Tuesday, and your communications and data at rest could be evidence. But not only your data, the data of all your contacts needs to be examined. You could all be plotting something, and on and on.


"2) It's reasonable to expect to be able to communicate anonymously, but it may be reasonable for crime investigation and national security to expect anonymous communications to be readable by law enforcement at least when a warrant is served."

The problem is that in authoritarian regimes those acting in the name of the government are beyond scrutiny; good luck getting any information when you suspect/witness a cop or political crony committing a crime; but every "warrant," when it comes to an ordinary citizen, gets rubber stamped by a judge. I firmly believe one must take privacy and security into his own hands. Judges are not beyond reproach when they violate constitutions and routinely rubber stamp warrants.


"3) Is it reasonable to expect to have complete privacy for both the content of communications and the identities of those communicating?"

Yes.

FaustusFebruary 10, 2019 9:58 AM

@ Scott

Sure, Ehmke's post gives me the willies. People must do this, must do that. Software projects need programmers, not politicians. If you don't program or do some other task related to the software (design, documentation), you don't need to be there.

I still believe that code should be committed on merit. If somebody doesn't have time to program, what does that have to do with FOSS? Either contribute or don't.

Obviously, the code should be administered by whomever decides on commits, in a similar way, simply on whether people's behavior fits specifications. The code of conduct is very simple. Detecting whether it is violated is likewise simple. Likewise, you don't throw out a whole chunk of code for a single flaw. You fix it. Example: "@ Impossibly, telling people to read books is unwelcoming behavior. Please coach nicely. Here are some best practices."

I am not suggesting people should be in the project just to harass people or simply be there to find offense. Contribute, learn to contribute, or go away.

vas pupFebruary 10, 2019 11:54 AM

@GreezMonkey72 and all involved in discussion:
"Can we expect to have both anonymity and encryption at the same time?"
Looks like there are two sides of the whole story:
legal and technical. It is possible technically to some degree at particular level of technology at the present time, but law should let such technical means to be applied without all those accusation of BS-type of crimes (e.g. obstruction of justice which is so vague to understand folks used operate with math and technology) and burden of proof should always remain on LEAs/prosecutors REGARDLESS of nature of the criminal investigation.

On Bezos: no sympathy to this guy at all. He is the worst example of capitalist with zero responsibility to society: next to zero charity activity (versus e.g. Facebook, Bill Gates, Buffet) and treatment of his employees (salary, benefits). That is my personal opinion. I hope after divorce his wife with her share of billions allocated to her would be more generous.
Moreover, Amazon is the first (I guess - grind me on that if I am wrong)company which clearly declared many years ago that your personal information is its property, and you have zero say on its usage, sharing, storage, right to be forgotten.

JG4February 10, 2019 12:27 PM


Had to bury a couple of friends. The best case outcome on your planet is that your friends come to shovel dirt on you.

https://www.nakedcapitalism.com/2019/02/links-2-9-19.html
...
Big Brother is Watching You Watch

Amazon’s Home Security Company Is Turning Everyone Into Cops Motherboard (resilc)

Facebook’s entire business model is in danger after it was given an unprecedented kicking by an EU regulator Business Insider (David L)

Dozens of Cities Have Secretly Experimented With Predictive Policing Software Motherboard. Resilc: “With all the gunz we have in USA USA, I wonder how many cameras will be shot out or laser blinded?”

US Senators Ask DHS To Look Into US Government Workers Using Foreign VPNs ZDNet

Beware Trojan horse of proposed E-commerce rules IPS News

Jeff Bezos Protests the Invasion of his Privacy as Amazon Builds a Sprawling Surveillance State For Everyone Else Intercept

Jeff Bezos’ investigator suspects ‘a government agency’ intercepted Amazon CEO’s text messages Boing Boing. Resilc: “Wow if real”
...

MetaLobsterFebruary 10, 2019 12:44 PM

@Scott

Since you asked for some substantiation of anti-Peterson sentiment, and because you really seem to idolize him - you’ve linked to his work half a dozen times already; here is why he is a hack.

His whole operation, nearly everything he’s done publicly not including the experimental psychology, is based on replaying the same troll move. He says some stuff that isn’t outright false, wraps it with some known/accepted good ideas like “make good friends” or “clean your room”, then proceeds to maximize incendiary while not entirely incorrect statements about a minority or otherwise disadvantaged group. From there, sometimes even before anyone from the target group has responded, he begins to wallow about being victimized for merely bringing something to the “marketplace of ideas.”

He has some good points, he articulates them well, etc, but his effect is to belittle disempowered groups and rally a mob of “free thinkers” (who are almost entirely MGTOW[1] types) around the cause of free speech or “common sense.” When people inevitably take offense, which is arguably his main motive for writing, he is “proven right.”

For all the posturing (eg: “stand up straight”) coming from his work he is quick to play the victim card. But really, think about his wholistic effect. His moves are not dissimilar from trump in terms of uniting a majority against some hypothetical fears about a minority-group’s needs. It is attention trolling from a position of power at the expense of an underrepresented group.

Also, for what it’s worth, the conclusions he draws from his lobster research were almost entirely wrong in that he cherry-picked attributes to fit his worldview and disregarded pretty much everything else[2].

1. http://www.marriedtothesea.com/index.php?date=031618

2. https://www.washingtonpost.com/news/posteverything/wp/2018/06/04/jordan-peterson-needs-to-reconsider-the-lobster/

bttbFebruary 10, 2019 12:45 PM

@Clive Robinson, Scott, Sherman Jerrold

Clive wrote: "There are two things there, the first of "political motivation" other journalists[1] are referring to it as a "Catch and Kill" for the Current US President, and the owner [Pecker] of the offending news paper...."

I think that post, and your subsequent posts cover a lot about Bezos and Pecker's and AMI's potential problems.

An additional, perhaps big, fly in the ointment for Pecker and AMI, iirc, is that AMI is under some sort non-prosecution agreement with the Southern District of New York obligation, like deferred adjudication, like not to break the law, along these lines:

"...Mr. Cohen [Trump's former lawyer] said the transactions were an effort to cover up the president’s “dirty deeds,” a claim that was buttressed when federal prosecutors [SDNY, not Mueller, iirc] announced that the tabloid publisher, American Media Inc., said it had bought [for 150 K USD] one of the women’s [former Playboy model McDougal's] stories to ensure she “did not publicize damaging allegations about the candidate [Trump].”

A.M.I. further admitted that its principal purpose in making the payment was to suppress the woman’s story so as to prevent it from influencing the election,” prosecutors said in a statement announcing they had struck a deal not to charge the company in exchange for its cooperation. As part of the deal, dated in September [2018] but previously kept private, the company also agreed to train employees in election law standards and appoint a qualified lawyer to vet future deals that may involve paying for stories about political candidates...."
https://www.nytimes.com/2018/12/12/nyregion/trump-american-media-michael-cohen.html


Also "Could the National Enquirer—Bezos scandal end AMI's federal plea deal?"
https://boingboing.net/2019/02/08/could-the-national-enquirer.html

https://www.bloomberg.com/news/articles/2019-02-08/national-enquirer-s-ami-said-to-be-scrutinized-over-bezos-story

Sherman JerroldFebruary 10, 2019 1:51 PM

"And now for something completely different" with apologies to Monty Python

I use firefox on a Linux computer. I clear history "everything" when closing firefox. I then run bleachbit and it removes ~20MB of additional firefox folders' detritus. This is very concerning to me. Does anyone have any insights into this??

also, just to close the loop (no flogging of dead equines intended)
@faustus, thank you for your added perspective. And, yes, Rodney King did present himself as a decent sort in public. I don't think he was a major criminal. However, as I recall, after the fame faded, he was later caught committing a number of crimes. My opinion of him is that he was a sad and confused petty criminal who did receive a perhaps unjustified beating by the police, and my opinion is just based on old and sometimes not crisp memories of those events.

Clive RobinsonFebruary 10, 2019 4:25 PM

@ bttb,

    A.M.I. further admitted that its principal purpose in making the payment was to suppress the woman’s story so as to prevent it from influencing the election,

I was aware of this deal but not the details (still not sure what they are ;-). Thus did not make comment.

However it bolsters my view that it's the SDNY, not Mueller who is going to be handing paperwork to Mr Trump as and when he ceases to be protected by where his rump is currently located[1]. Which unless the Mueller Investigation can convince a bunch of politicians who view Trump as a "useful idiot" to go for impeachment which appears currently unlikely, then Mr Trump will still have his feet under the Whitehouse table to carve up the 2019 turkeys...

But there is also the question of "Election Interferance by the FBI", already the preperations for 2020 elections have started, thus at best the Mueller Investigation has to produce a report by August or fall foul of interfering with further accusations of interfering with US elections (James Comey botch/hatchet job depending on view point)...

So the question falls to what will President Trump do? The Republicans could drop him, but it's in his own interest to stand either for them or an independent. Which takes us back to the little blackmail trick he used to get their nomination in the first place. He could also pardon his way out of any potential problems with the FBI etc.

Then there is speculation by some he could simply arrange a National Emergency. Lets be honest I don't think it likely... But if you consider the war on Terror is nearly two decades old. Based on that speculated theory the US could still be under George W Bush as President which mad as it might appear could have happened.

But the problem I still see is the Mueller Investigation is predicated on an unproven assumption, which is that "Putin did not want Hillary Clinton thus supported all other candidates". Which is a bit problematic for Mr Mueller as he's failed so far --as we know-- to investigate Bernie Sanders etc for "Russian Assistance". Which is unfortunate, because to some outside eyes it tends to confirm what Mr Trump and others claim is a politically inspired "Witch Hunt" against Mr Putin with Mr Trump being used as a surrogate for Mr Putin. This idea gets further legs by the view that the US political establishment sees Mr Trump as an outsider, thus expendable...

All of which adds another bowl or two of popcorn to the entertainment. Because that is the reality for by far the majority of people. They look in on the US and see the whole thing as just another "West Wing" soapumentry and find it ironic or downright laughable that the US found guilty of so much interference in other peoples elections and politics, should have it's panties in such a wad when it "supposadly" happens to them (when it was actually the US system and the Electoral College...).

As we talk about this in New York the US is pushing into the politics and elections of Venezuela at the UN. The excuse is that Venezuela is refusing US "humanitarian" aid. The Venezuelan position is the US has quite deliberately caused the issues by sanctions designed to destabilize the Venezuelan government (the implication being any US personnel will be effectively "agents of a hostile power" using grey propaganda against the duly elected government).

Much to US State Dept annoyance the US footwork in the UN is getting undone because of a Russian counter proposal... The realisation in the US State Dept being that Russia is now happy to do what it hardly did in comparason to the US for the last thirty years of the previous cenrury and veto proposals[2]...

https://www.aljazeera.com/news/2019/02/russia-present-rival-draft-resolutions-venezuela-190210085959911.html

[1] The constitutionality of indicting a sitting president currently is an unsettled legal question. It would involve the SCOTUS which being mainly conservative in view is likely to take the view that the least change if any at all is the best way to avoid future legal issues. Which makes it likely that an indictment is unlikely given the time remaining.

[2] From 1970 to 2008 the US has issued more vetos than any other of the permanent members of UN security council. From 1970 till the break up of the USSR in 91 --which the US has repeatedly claimed was due to their influence-- the USSR issued only a fraction of the number of vetos of the US (10:65). But since the break up and Russia taking the veto power, the number of vetos has doubled (10-20). Thus it would appear that US interference in USSR and Russian politics has been rather counter productive in this respect. You can see this up on the Wikipedia site page on the UNSC veto USA 65&15, USSR 10, Russia 20). But even with Russia doubling up the US still has way more than double the number of vetos from 1970 to 2008 (80:30).

ALFebruary 10, 2019 4:42 PM

Way I understand it, the President can be indicted for acts committed before he was president, since impeachment only covers high crimes/misdemeanors while he is president. Since impeachment is available for these issues, it is likely that indictment isn't possible since a remedy exists.

That would then lead to the question - could the president pardon himself for any crimes committed before he took office as president? It's possible.

Impossibly StupidFebruary 10, 2019 6:24 PM

@Faustus

People are writing software. There is no reason to be nasty to people.

But there's no reason to make it about any of the identity politics these CoC rules cover, either. Again, my points were made from a security perspective (because this is a security blog) and from a scientific perspective. If you allow anyone to waltz into a project and compromise the quality of the work being done based on claims that trigger words are hurting their feelings (or whatever), that is an attack vector. If you allow your rules to contain mutually contradictory clauses, they are unscientific. How nice or nasty you want to be about it doesn't even enter into the picture; it should be seen as a non-starter to any rational person who examines the context.

Everybody was inexperienced at some time. Not harassing them does not mean you are committing bad code.

You're missing my point: the actual attack is the harassment that can flow the other way due to a bad CoC. They're not all created equally, and the bad ones create more problems than they solve.

You really don't sound like a nice person. You sound like a problem to work with.

I'm actually quite pragmatic and professional. And I'm amused by the irony that you've decided to personally attack me full-on ad hominem while trying to make the point that harassing people is wrong. If I had a thinner skin and there were a serious CoC I could leverage, I could use it to have you "pulled out for a discussion".

He is looking for someone who is pro abuse. Is that you @ Impossibly, or am I misreading you?

Very much so, to the point I'm wondering if it is on purpose. I don't know how I could be more clear. Science is a field where you can be objectively wrong. People can die if you're building critical systems and make simple errors. People who take their jobs seriously don't have time to waste on inexperienced know-nothings who still need to be coddled like children. Nothing about that is said to excuse abuse, but only to remind "hug" happy types that they should, as the old saying goes, keep an open mind, but no so open that their brain falls out.

@ Impossibly is explicitly hostile to beginners, which is just absurd, because everyone was one. Telling somebody to read a book is also hostile, versus politely saying something like "It looks to me like that data structure is off. Could you explain it to me? Here's how I'm used to seeing it done link".

Oh, for goodness sake! It's not hostility to call a beginner a beginner. It is not hostility for an expert to direct them to a book that will help them become more knowledgeable. It is not hostility to expect people to do their job without excessive micromanagement. Your approach is actually quite counterproductive, and that's why I'd classify it as an attack on any organization that is actually trying to accomplish a task.

The whole diatribe about appearance (smell) is also rude. I was a technical project manager for a major consulting company and issues like that do come up, but they are treated with sensitivity, not derision.

It was not a "diatribe", it was pointing out an inconsistency that undermines the intent of a poorly written CoC. You can't say you're not going to make a deal about personal appearance and then do as you do and pretend that it's OK for you to break the rules because you're oh-so-sure you're being sensitive enough about it.

I have apparently selected my work environments to the point where I have been like: "What bros? What sexism?" because I haven't seen it. Obviously it really is a big problem in some environments.

It is. I've at least interviewed in those kinds of toxic environments. But you know what, a "Social Justice Warrior" environment can be just as toxic, because they lose sight of what work it is they're actually supposed to be getting done. A CoC should not be about respecting elements of identity politics, it should make the case that they're irrelevant to the project, and that making an issue of those non-issues by anyone is unacceptable.

1&1~=UmmFebruary 10, 2019 10:28 PM

@Scott:

"Am I full of prejudices or what? I mean if you were a caveman and seen a lion in the open savanna, your prejudices that he wants to eat you were well justified."

They would not be prejudices if based on life experience, but survival lessons learned.

It's a point many forget in their world view that others not only have a different POV, they are entitled to have a different POV, and often have life experiences that make their POV more than justified. Such forgetting is common in certain types of people who have the luxury of privilege, that means they have never suffered the stressors in life that lead to POVs that are very much based on having survived.

The problem with the sub-group in question is they have an agenda they have published that is the same as a "Universal Declaration of War" on any or all who chose to have a different POV.

If you like it's a "Borg assimilation" policy. Live their way or suffer the consequences they chose to inflict on you. In essence they have bluntly said 'their way or no way', which is not in any way an inclusive attitude, or other of the other things they claim as failings in others. Not only do they play the various "Think of the children" type cards they do indeed practice the 'Motte and Bailey stratagem' where if you argue with them they retreat from their real agenda and purpose that are undefensible to vacuous arguments or truisms they can defend, arguing you are misunderstanding them or putting words in their mouth. Only to return to their real agenda and purpose to ensnare the less cautious. They also tend to stage manage perception with 'weasle words', 'Humpty-Dumptying words', 'weak-man arguments' and "Tweedle-dee" arguments. All deceitful tactics they have become well versed in, which ordinary people not realising what is being done fall into, finding out to late it's become a trap, not only have they fallen into, but have facilitated if not built with their own hands.

Have a look at the time line. Linus started Linux near on a working life time ago. There was a telos that "good code was accepted" and with that proffessional recognition a meritocracy perhaps but most certainly a way to achive an objective, one that I might add has benifited not just a few but millions, a true act of selfless philanthropy.

Though unstated that is what the ethos was and still is, those who can giving the best of themselves so others may benifit. Their only reward originally recognition amoungst their peers. Later much later more material rewards became possible, but the telos and base ethos remained unchanged.

It attracted people who had gifts in certain areas of their lives, but like many people with what at heart are "creative skills" and the self imposed drive to forefill them, other areas of their lives were not what they might be, which in some ways is sad. However this is actually entirely normal, look on it like having a rubber band with a constant area inside as it's coverage which you could say is defined by that ineffable notion of 'base IQ'. Stretch it in any given direction then other areas must consequently diminish. If you think this is wrong, imagine if you can anyone who can stretch their band in every direction, not only would their IQ increase, they would frankly be hell on earth, unless they tried very hard to hide it. There is also the 'curse of the different' it's easy to treat with suspicion or even hate that which is obviously different, it is after all a very powerful survival mechanism that gave mankind tribalism. We chose to call it 'discrimination' these days and it has a duality of purpose under a directing mind. That is it's also fairly easy to use discrimination as a way to discriminate by faux argument of implied "moral high ground" etc.

Which is a fairly standard technique of those who were once called 'The PC Police' and their far worse brethren "The Social Justice Warriors".

The only aim of the PC and SJW types is to fantasize in a Walter Mitty way that they are somehow heros or successes they most certainly are not. At best they have failed at even mediocrity but their internal craving for power that nobody in their right mind and knowing what they realy are would in any way alow them. Thus their envy turns them towards those who have managed by their own ability to be what the PC and SJW types are not, which is successful by unassuming hard work. This envy 'sticks in their craw' as it burns in their minds, thus their envy turns to first hate then destruction. These people will not stop, destruction driven by embittered envy, is what drives them and they only thing they have marginal success at by deceit and deception.

Whilst I'm reasonably certain that there will be disagreement with this, I urge you not to listen, to either side of the argument, but go and investigate it as best you can yourself. Your POV is effectively unique to you or it should be, thus to gain your own insight you need to 'see for yourself' by whatever method of enquiry best suits your resources.

Clive RobinsonFebruary 11, 2019 12:01 AM

@ AL,

That would then lead to the question - could the president pardon himself for any crimes committed before he took office as president? It's possible.

The way the US Presidential election process works certainly alows the time for a departing US President to "salt the earth" for those that follow them, be they the (next) President elect or in this case potential investigators (as far as I'm aware it's not yet been fully tested in the US so likewise an unknown).

It's a problem that does not exist in other "first past the post" election systems where it is also "sudden death" to the encumbrent if they loose.

Supposadly being "President Elect" alows you time to form a Government. But it's based on a historic notion that, --was prior to "party politics,"-- in fact although it was a first past the post election for President, the person who came second was supposadly invited to become the Vice President. That is there were no "running mates" the election was "on the individual most suitable to be King" (head of state) in a non figurehead status. Supported by the second most able as a trusted advisor. Again not just in a non figurehead status, but also with a clearly defined right of succession should the "King" become incapable. Each "position" in the succession chain implicitly responsible to "the peoples interests" not those of party or others such as political donors.

Again under the "best man principle" the President elect would seek "without fear or favour" to find "the best men" for each of the executive jobs and most definitely without favour to a party or ideal, but with full loyalty to the pepole only (ie the voting citizens). But to select only after they had won not prior, to avoid the more obvious forms of patronage / favour. Also to remove the assumption the President would fail if others of "party" failed. As the "man of the peoples interests" the "two term limit" did not exist so "a good man" could "rule for life" ably advised by the best of the rest. The founding fathers were not adverse to the notion of "kings" and their duties to "God and the people" just "bad kings" and what went with them, hence the processes were designed to remove a bad king. Hence the US President holds "regis power in common interest" (first estate) over "courts" of the nobles (second estate) and commoners (third estate).

Some might say "High ideals brought low by misjudgment and corrupt practices", others trying to hold onto outmoded hierarchies of power.

A little of both perhaps, the recognition that the first estate of "King and Church" had to be seperated and also that the second estate of "nobles" was in essence "holders of estate of employment of commoners" thus only heredity by dint of "passing of estate" not "oldest son" etc which avoided the succession issues and alowed commoners to move up from employed to employing by talent and fortitude. With commoners given either employment or pastoral care by holders of estate that included the Church. The fact that parts of this have obviously failed in the US system perhaps suggests the first view of "High ideals" thwarted by those without them is the more likely to have happened. In part caused by the quaint notion that legal constructs of business are equivalent to "people with rights" but not equivalent by implicit or singular "directing mind" of "responsability" thus in effect seperating "actions from justice". Thus "nobles have been replaced by corporations without responsability" and the notion of employment and pastoral care vanished with it.

CassandraFebruary 11, 2019 4:06 AM

@Tõnis

"3) Is it reasonable to expect to have complete privacy for both the content of communications and the identities of those communicating?"

Yes.

No, because there are many powerful vested interests that wish to know either or both of the content of your communications and the participants in your communications.

One of the many tensions that fuelled the flame of the Revolution in the American Colonies was the habit of the King's soldiers and other functionaries of using 'general warrants' or 'writs of assistance' to allow them peremptorily to enter people's homes and remove papers, in the interests of identifying malcontents. As a result, the fourth amendment of the new constitution of the United States expressly guaranteed the right of people to be secure in their homes against unwarranted search and seizure of papers, and for warrants to require specific probable causes. So even the august and learned men who caused the Constitution of the United States to come into being felt that it should be possible for the relevant authorities to obtain warrants on the basis of probable cause to 'search and seize'. However, Encryption was known - George Washington and Benedict Arnold and others certainly used encryption in their work, and were familiar with its existence.

It is a pity we can't ask the founding fathers why encryption wasn't dealt with in the constitution. Use of encryption was important to the revolution. And while the constitution allows for search for and seizure of papers authorised by a proper warrant supported by probable cause, it is silent about what to do if the seized papers are encrypted. Much legal argument is expended trying to interpret other clauses to cover encryption.

If we give that the state will wish to know as much as possible about threats to its existence, it is reasonable to expect, human nature being as it is, that some people will do their best to defeat encryption by any means possible. It is unreasonable to expect human nature to be so changed that there are no people not willing to go to extreme lengths to preserve their position - the incentives can be venial or noble, with the same effect.

So while you might have a Utopian vision of a world where encrypted information is sacrosanct - that no 'reasonable' person would try to break or circumvent it - brutish reality will crash in. Human society in broad aggregate tends to be cooperative (it wouldn't work otherwise), but that broad aggregate contains outliers of both high-minded ideologues and people who make the most of 'situational ethics'.

You can put laws in books to make encryption sacrosanct - but human laws are not physical laws - they can be ignored or broken, and history tells us they will be. Private anonymous communication is too strong a weapon for subversives to overthrow power structures for power structures to ignore it. You might be able to withstand torture or endure unlimited incarceration rather than give up encryption keys, but you cannot guarantee the actions of people you would communicate with. Effective, private, anonymous communication can bring down governments. It is a weapon. Is it reasonable to expect power to ignore a threat to its existence?

Give my Love to Big Brother.

Cassandra

ScottFebruary 11, 2019 4:55 AM

This blog, schneier.com, is the best online community I have experienced.
This is nice, but my major constraint with this is time limits. We are commenting under blog posts which get buried. I have a lot to say on certain issues, but these blog posts with the comments become obsolete, much more so than on a forum. So what to do?
I was also treated very rudely when I joined The Well as a beginner in the 90s.
A search didn't help me to determine what do you mean by The Wall.

Now, let's go to the beginning!

Telling somebody to read a book is also hostile, versus politely saying something like "It looks to me like that data structure is off. Could you explain it to me? Here's how I'm used to seeing it done link".
Now let me make two versions of your quote:

One. "It looks to me like that data structure is off. Could you explain it to me? Here's how I'm used to seeing it done link to blog post or summary"

Two. "It looks to me like that data structure is off. Could you explain it to me? Here's how I'm used to seeing it done link to book"

As we are getting older, we realize the more we don't know. At least, this is the situation with me. As being on the student side, I can certainly appreciate good book recommendations, when it's timely. I think sometimes a short summary is timely, sometimes a book recommendation is timely. Are you a qualified teacher to determine when is the time for which approach? As most project contributors certainly aren't.

But let me crowdsource this question to gather more ideas around her! Do you fine @Impossibly Stupid and his ideas pro-abuse, or obnoxious? As I'm from a different time zone, I'm not that well versed in contemporary American pop culture, so no one taught me exactly what am I supposed to see pro-abuse and obnoxious in him and he ideas, as these thought didn't occur to me by myself.

CassandraFebruary 11, 2019 5:26 AM

@Scott

I was also treated very rudely when I joined The Well as a beginner in the 90s.

A search didn't help me to determine what do you mean by The Wall[sic].

Ahem. The Well, or The WELL aka Whole Earth 'Lectronic Link

A reasonably well known bit of computing history.

Cassie

ScottFebruary 11, 2019 6:22 AM

@Cassandra

Thanks! I don't want to take the role now as the resident diversity officer, but The Well (correctly) is priced at $15 a month, $150 a year. They may have good reasons for this, the issue I want to point to is not that with this pricing they aim at a certain income bracket (within a country), but they more or less exclude average users from most countries, like "the next billion" Internet users from developing countries.

I'm not arguing The Well should lower their prices, but personally I'm more interested in a community that is inclusive to this "next billion" which isn't Facebook Groups, because that's the community most of these people are introduce to when they find themselves on the Internet, for better or worse.

FaustusFebruary 11, 2019 8:00 AM

@ Impossibly

Since you glossed your feelings as not supporting being welcoming to beginners and wanting to police other people's appearances, perhaps I misread your other comments. It is possible that you didn't mean that you'd say "Go read a book!!", but rather "Would you like to borrow this great book I have?" If so, that is totally fine coaching.

But then you start on the identity stuff, and I begin to wonder. People are not asking for special treatment for their identities, they just don't want to be dumped on because they are different than male-white-cis-hetero-christian-athletic-whatever. I don't have a problem with it. I don't want to be dumped on for being a white male, either, a popular pastime today. This protects me and everyone else.

The projects have control over how the CoC is interpreted. I wouldn't farm it out to a professional agitator, although the home pages of the people mentioned were full of puppies and unicorns, not angry diatribes. We are programmers. I suggest an algorithm: if someone was convicted a violent crime then ... if someone makes threatening remarks then... etc. It would have to be elaborated like code, but that is what we do.

To argue that treating these different groups nicely would lead to great disaster reminds me of Jim Crow thinking: If blacks were free they would attack our women. Or later on: If gays got married, traditional marriage would be destroyed. You can't keep people in a box by arguing that you might be inconvenienced by their freedom. It's not right.

I am not saying that bad code should be committed. It should be rejected, or the product won't run correctly. But it should be rejected politely and constructively. Here I am assuming you mean code that doesn't work or is demonstrably inefficient, not just code that you wouldn't write that way.

@ Impossibly, obviously this is a more sensitive topic for you than me. I get riled up about stuff too. And it sounds like you have been heavily influenced by the demagogues of the other side. You know, the leaders of both sides are getting rich inducing us to fight with each other. I am tired of it. I have had my say. Thank you for expressing your views. It has clarified things for me.

Clive RobinsonFebruary 11, 2019 8:37 AM

@ Scott,

... but my major constraint with this is time ...

Time is a resource that you only get so much of be you a raw beginer or greybearded and wrinkled expert.

Thus whilst most people want to be helpfull they are very time constrained. The question of a raw beginer might require little time to answer but when you might have to answer a hundred or similar questions, that's a big time slice out of your productivity.

As has been noted in various ways such as "fourtune favours the prepared", "God helps those who help themselves" and many more you are expected to atleast meet people half way and not be spoon fed answers.

I tend to answer peoples questions in "slack time" that is when on public transport, waiting on the medical fraternity or even when eating.

I've been accused on the odd occasion of taking up to much of this blog space. Yes I do take up a lot, but I hope people learn from it, as I also learn from peoples questions. This is one of the very few technology sites on the Internet that is usually well ahead of the technology curve, sometimes by as much as a decade, others the clock is still running on with quite viable attacks predicted by certain methods that have yet to come to light.

The downside is attack types that have been predicted here have turned up years later in the wild being used by the least desirable of attackers the State Level attackers, who by their theft of knowledge are without doubt criminals and should be shuned as such by all. Others like various supposadly legitimate security companies have likewise stolen the ideas weaponised them and sold them to all sorts of tyrants, dictators, secret police, thugs and others who should not ever be alowed near technology of any form due to the abuses they will put it to.

The result is unfortunatly a degree of hostility and unwillingness to share in the way people once did on this blog. It's easy to see that longterm posters with solid ideas have left for other places or stopped posting both of which are a shame.

I happen to believe in "freedom of ideas" and that people should be aware of technology that can both aid and harm them and how and how to limit its potential effects on them, thus be able to act rationally. Unfortunatly there is only one of me and many who would like some of my time, whilst others would also clearly like for me to not provide such information for whatever their paid for or personal agendas might be.

Like all of us I'm not as young as I used to be, and I would like others two or more generations younger than my self to start picking up to take over. It is these people who will help your,

"the next billion" Internet users from developing countries.

Unfortunately our current education and training systems are serving these younger generations very badly, hence all the questions that should be being answered by those who are taking vast sums of money from the young for at best a third rate service.

So I would like those not getting questions answered to direct their ire not at those who give freely of their precious and ireplacable time, and direct it where it should be. That is those who are taking raw beginers and others money and not delivering what they should, which is an honest education from agnostic fundementals not some get rich quick scheme tool set that will be gone in almost less time than it takes to get a degree.

A good education should last you a life time, what you should be taught is not just fundementals but how to build your own tools from scratch and test that they work. So that you know you can trust them as far as you can within the computing stack (which unfortunately is not far these days). You should not be taught some faux consultants patented arm waving methodology that promises much but delivers nothing or less, and demands a fat fee at ever step. Untill you are either brain washed or realise you've been ripped off (that's the behaviour of undesirable cults).

With regards,

Do you fine[d] @Impossibly Stupid and his ideas pro-abuse, or obnoxious?

Simple answer no, but you need to see the reasoning which is in the long answer below.

As has been noted above there are now cults of personality by shall we say those who are not the success in life the think they are entitled to be. Thus their only way to proceed is by false argument to destroy what others have by honest toil...

These destroyers insist there are problems where there actually are none of note. Thus having invented a problem they insist that their way is the only way to solve the problem, which means total and abject surrender to their whims. Which lets be honest is an unreasonable request as they are actually trying to keep their real intent hidden...

Once you have had the misfortune to have met one or two you quickly get wary of those who appear like them or those who have fallen for their false arguments. Remembering that the principles intent is to ensnare, hamper and destroy to build themselves up at others expense, short shrift disengagment is the only way to deal with them for your own safety.

Such destroyers will then argue that those who dare argue with them or treat them as what they realy are, are pro-abuse, obnoxious, misunderstanding, putting words in other peoples mouths and most if not all and more of the other deceitful behaviours given above. Because to not do so would implicitly be an admission of what they realy are, intent on destroying others for their own self aggrandizement.

Worse though they also know they can push people into behaviours due to abusing basic human nature, our host @Bruce has partially gone into this in the past.

Look at it this way if at almost every turn you take someone with pink hair leaps in front of your car causing you to emergancy break. How long befor even the most even tempered of people start telling them bluntly to "get out of the way" or even eventually fatigued end up running them down. The pink haired person sees either as a victory to be crowed about, so you can not beat them by reasonable normal human behaviour.

When you are dealing with people with an "I'm going to get in your face till you do what I want" attitude there is not much you can do, and they know that, it's why they do it. The only real solution is to get proffessionals involved who will hopefully put them in a place where their destroying mentality will cause no further harm to others.

Unfortunately such destroyers appear to be not just multiplying on the Internet but getting increased support from those who either do not take the time to reason what these destroyers are about, or have not been taught the skills to reason it out. Which sadly appears to be the way the world is progressing...

The important thing is though, to gather what facts you can and apply credible reasoning to them, then procead warily checking for angles you might not have spotted at first that points to it being a con, scam or cult. If you see such signs then as my father used to point out "The only safe place to be when there is trouble, is somewhere else where trouble is not". There are proffessional people in society paid to deal with troublesome or troubled persons, and I suspect that few of this blogs readers are those proffessionals, though some do know some such proffessionals.

FaustusFebruary 11, 2019 9:01 AM

@ Thoth

I have just released 32-bit JavaCard smartcard source code for the ChaCha20 algorithm according to RFC-7539 under 3-Clause BSD license.

Congratulations on your release. I am a bit cowed because I know nothing about JavaCards or even SmartCards. And my idea of a stream cipher is AES in CTR mode!! Your post induced me to read up. I am curious if you know of any particularly cool applications of SmartCards. It seems like their normal uses are not too exciting (key storage, etc), however important.

Could you see smart cards being used as the basis of an alternative currency with some of bitcoin's attributes and maybe lower energy consumption? Would there be any purpose to using them in n-dimensional cube networks?

Chacha20 looks like a pretty algorithm. I have always been discouraged from writing cryptographic primitives, but this one looks tractable. Is there a standard test bed for verification?

I have been curious about what other group members actually do. What do they program? Thanks for sharing an example of your work.

FaustusFebruary 11, 2019 9:39 AM

@ Clive

Look at it this way if at almost every turn you take someone with pink hair leaps in front of your car causing you to emergancy break. How long befor even the most even tempered of people start telling them bluntly to "get out of the way" or even eventually fatigued end up running them down. The pink haired person sees either as a victory to be crowed about, so you can not beat them by reasonable normal human behaviour.

Your argument is self refuting.

1. It is significant to you that this person has pink hair. So your response is not contingent solely on their behavior, but on your disdain for people with pink hair.

2. Of all the possible solutions, you can only think of screaming at them or running them over as solutions.

3. 1 & 2 suggest to me that you would find other alternatives if the person looked like you.

4. And finally, your concern is not to go wherever you were going, but to "beat" this "pink haired" person. (Meaning to win, not to hurt I would assume, except for the running over part.)

Yes, you are correct. These new CoC policies were created to address people who act like you describe you would. Obviously, this is a thought experiment on your part, but my observations still hold. Your words clearly express a malice against different (pink haired) people that you are proud of, and no limit on what you would do to get your way.

In 3 days, the posters on this thread have perversely convinced me that there is a real problem that needs to be addressed by something like this CoC, or stronger. Do you think you will "beat" the PC folks by arguing like this? Apply reason.

Clive RobinsonFebruary 11, 2019 9:50 AM

@ Faustus

1: False it's just a non prejudicial way of saying the same person easily recognised person. Would you rather I said "Big Nose" or "large flappy feet"?

2:False I gave two other very clear answers that you are most deliberatly ignoring. "be somewhere else" "get proffessional help".

3:Compleat bullshit you are trying to put words in my mouth I neither said or implied.

4: Again a false and quite deliberate assunption on your behalf, but it does confirm your perfidity with your 2.

As for the rest of your diatribe it is clearly either a strawman argument or a motte and bailie tactic.

I suggest rather than try and so discord you go and have a think about what your attemots here have said about you.

FaustusFebruary 11, 2019 10:34 AM

@ Clive

I wrote a long answer and accidentally deleted it, so I'll take it as a hint from the universe. And I don't have any more time.

The important part:

- I think we are all in trouble when we mistake our anger for reason. None of us are as reasonable as we think.

- Likewise I don't mistake what seems to me as angry statements on your part as an indication that you are a bad person.

- You make great contributions to the group, you have kindly answered many of my questions, and I appreciate you.

FaustusFebruary 11, 2019 11:26 AM

@ Faustus

I understand now why my subconscious had me delete my original answer. I have no interest into arguing with you to get you to affirm my original interpretation. What would that serve?

If I understood incorrectly, and you are totally fine with treating different people the same as more familiar ones, if you would ask for professional or higher level help with difficult personalities rather than applying punitive measures, then we have nothing to disagree about.

I apologize for my misunderstanding. I tried to state what I was understanding as logically and dispassionately as possible. I respect you as an intelligent adult who respond when queried about your positions. If I thought you were an idiot, I would not have bothered.

bttbFebruary 11, 2019 12:32 PM

From https://www.newyorker.com/magazine/2019/02/18/private-mossad-for-hire :

"Private Mossad for Hire
Inside a plot to influence American elections, starting with one small-town race.
By Adam Entous and Ronan Farrow
Psy-Group offered its avatars for influence campaigns, boasting that they could plant the seeds of thought in people.

[...]

Psy-Group stood out from many of its rivals because it didn’t just gather intelligence; it specialized in covertly spreading messages to influence what people believed and how they behaved. Its operatives took advantage of technological innovations and lax governmental oversight. “Social media allows you to reach virtually anyone and to play with their minds,” Uzi Shaya, a former senior Israeli intelligence officer, said. “You can do whatever you want. You can be whoever you want. It’s a place where wars are fought, elections are won, and terror is promoted. There are no regulations. It is a no man’s land.”

In recent years, Psy-Group has conceived of a variety of elaborate covert operations. In Amsterdam, the firm prepared a report on a religious sect called the Brunstad Christian Church, whose Norwegian leader, Psy-Group noted, claimed to have written “a more important book than the New Testament.” In Gabon, Psy-Group pitched “Operation Bentley”—an effort to “preserve” President Ali Bongo Ondimba’s hold on power by collecting and disseminating intelligence about his main political rival. (It’s unclear whether or not the operations in Amsterdam and Gabon were carried out. A spokesperson for Brunstad said that it was “plainly ridiculous” that the church considered “any book” to be more important than the Bible. Ondimba’s representatives could not be reached for comment.) In another project, targeting the South African billionaire heirs of an apartheid-era skin-lightening company, Psy-Group secretly recorded family members of the heirs describing them as greedy and, in one case, as a “piece of shit.” In New York, Psy-Group mounted a campaign on behalf of wealthy Jewish-American donors to embarrass and intimidate activists on American college campuses who support a movement to put economic pressure on Israel because of its treatment of the Palestinians.

Psy-Group’s larger ambition was to break into the U.S. election market. During the 2016 Presidential race, the company pitched members of Donald Trump’s campaign team on its ability to influence the results. Psy-Group’s owner, Joel Zamel, even asked Newt Gingrich, the former House Speaker, to offer Zamel’s services to Jared Kushner, Trump’s son-in-law. The effort to drum up business included brash claims about the company’s skills in online deception. The posturing was intended to attract clients—but it also attracted the attention of the F.B.I. Robert Mueller, the special counsel, has been examining the firm’s activities as part of his investigation into Russian election interference and other matters...."

bttbFebruary 11, 2019 12:46 PM

Glenn Greenwald was on Democracy Now this morning.

As Bezos Protests Invasion of His Privacy, Amazon Builds Global Surveillance State https://www.democracynow.org/2019/2/11/glenn_greenwald_as_bezos_protests_invasion

How Can Democrats Support Trump’s Push for Regime Change to Seize Venezuela’s Oil?
https://www.democracynow.org/2019/2/11/greenwald_how_can_democrats_support_trumps

Glenn Greenwald Defends Rep. Ilhan Omar: Criticizing Israeli Lobby & AIPAC Is Not Anti-Semitic
https://www.democracynow.org/2019/2/11/glenn_greenwald_defends_rep_ilhan_omar

“This Is Just the Beginning”: Greenwald on Rising State Violence & Homophobia in Bolsonaro’s Brazil
https://www.democracynow.org/2019/2/11/this_is_just_the_beginning_greenwald

Also https://theintercept.com/2019/02/08/jeff-bezos-protests-the-invasion-of-his-privacy-as-amazon-builds-a-sprawling-surveillance-state-for-everyone-else/

ScottFebruary 11, 2019 12:52 PM

@MetaLobster

Well. Let's get to the culture war side of things first!

@Everybody

Let's get to the code of conduct stuff and how it may affect the Linux Kernel second!

Since you asked for some substantiation of anti-Peterson sentiment

No. But to facilitate a healthy discussion, I'm still curious to some rebuttals or arguments against the exact short clips I've posted of him, ranging from 3 to 12 minutes.

and because you really seem to idolize him

I certainly don't consider myself idolizing him, but just because I posed a few short clips by him I've found personally useful or interesting, do I seem like I'm doing so? That's interesting.

He has some good points, he articulates them well, etc, but his effect is to belittle disempowered groups and rally a mob of “free thinkers” (who are almost entirely MGTOW[1] types)

I've heard, and it sounds more reasonable to me that Jordan Peterson is liked by a diverse group of people, some of them might be even MGTOW types. So what? Should we declare them as deplorables to be thrown away? That didn't work for Hillary last time. Should a clinical psychologist declare them as deplorable,t hrow them away and not help them? That would against his credo, not help certain types of people. Even MGTOW types. Or KEK boys, for that matter: https://twitter.com/jordanbpeterson/status/851464151708950528

This tweet sparked a controversy. As a clinical psychologist, how he dares to help those deplorable people? Your link doesn't work, by the way.

Let me play devil's advocate here! If someone keeps the mass media so buys producing hit pieces after hit pieces on him (in general of low quality), that person might have some interesting to say, can't he?

I would see the whole topic in a broader context. The mass media is losing. Not just about JP in particular, but in general. Take PewDiePe, the YouTube gamer, with his 75 million subscribers. He is a major threat to them. Naturally, he is declared an extremist by now.

Here's a publication all of you might be interested in: https://quillette.com/about/

Here's an article to start with from the interesting publication Peterson-haters might ponder: https://quillette.com/2018/03/22/jordan-b-peterson-appeals-left/

I wouldn't consider myself a fan, neither a hater. Just curious. On another note, I'm interested in some good critique. I usually go to Amazon, and see the most helpful positive, and the most helpful negative critique of books to help me decide. In JP's 12 Rules for Life, the top rated review is a joke: 3 lines of fluff, 1 star, which 180 people have found helpful. This on top of the 2nd most helpful review, 5-star, which 1200 people have found helpful. Amazon is filling the role of the PC-police in this case. It's a shame, because I would be truly interested in a thoughtful critical review.

Let's say you can't recommend his 12 Rules for Life (a book I haven't read) under any circumstances to anyone. What other self-help book or other resource can you best recommend to readers of such books, who truly need them or just want to improve their lives? Not everyone have the background to afford the luxury to just laugh at the notion of self-help. And psychotherapy is expensive. Not everyone can afford it, either.

I'm not an expert on lobsters. What I know is that science is more exact when we are talking about math, physics, and computer science and more murky when we get to less abstract topics such as biology and psychology. Lobster psychology, as I understand is an interdisciplinary study between biology and psychology. Both Jordan Peterson and the PhD student who wrote the rebuttal are psychologists, but neither of them are biologists as far as I know. I'm still not on the level to argue with any of them on lobster psychology. Are you? The rebuttal was published in the now left-leaning Washington Post. As I mentioned, this kind of science is murky, how do you decide who is right and who is wrong? Cognitive bias?

***

Now let's get to the Linux Kernel and Code of Conduct stuff!

@Faustus

You quoted a small portion of the CoC which you've found not objectionable. I've found an error in it, I've reasoned for it as well before, but I can see it was a segment which seems relatively harmless to the untrained eye.

Richard Stallman come to my mind, and I've found another snippet with commentary in the StallmanWasRight subreddit which should be clearly controversial, even to those who are untrained to detect newspeak: https://www.reddit.com/r/StallmanWasRight/comments/9gutzz/stallman_on_the_gnulinux_coc_controversy/e6928xj/

Then I went further in my thinking: Does the GNU project have a code of conduct? As it turns out, it has: https://www.youtube.com/watch?v=S48VzyCwwtk

Such as SQLite, both of which I find fun, both of which are obviously unacceptable to Ehmke & co. I sincerely hope Stallman will turn out to be a tougher cookie to crack for the pushers of the nonsense-style code of conducts than most project leaders. I've read somewhere Ehmke was only part of the Ruby project for 2 days when she started to push her code of conduct.

And finally, Lunduke reads some of the hilarious newspeak commentary that are now part of the Linux Kernel: https://www.youtube.com/watch?v=pj66JP4Df3k

Taking aside the fun factor and examining the issue strictly from a security perspective: Do you see our major infrastructure and billions of gadgets are still as safe as they were before important commentary for kernel developers were rewritten to newspeak? I understand the words were nasty before, but let's take aside your feelings about the project should be inclusive and participants shouldn't swear that much: Is our infrastructure and gadgets as safe as before as contributors now have to translate newspeak to normal language while reading the code commentary every time?

David WalshFebruary 11, 2019 3:06 PM

Wesley Parish

Thankyou for your brilliant story about the Wall

Missing so far from the popular narrative has been your astute observation as to what has happened, historically, when walls are built.

I have flicked an email copy in full along with your geo-location and PII to Homeland Security

I'm confident you'll receive an imminent offer of employment in the Executive

I was expanding on your ideas. Fundraising opportunites.
There could be a secret door in the wall, with a lock. There could be a competition to find the door. And then, whoever can best implement the skills of this guy

https://locklab.com/

to open the door, gets a prize. Say, a choice from a 'lucky dip'.
(Gifts include, novelty red noses, glow in the dark crayons, Ten Pin Bowling discount coupon. )

albertFebruary 11, 2019 5:55 PM

@Sherman Jerrold,

Re: bleachbit.

What version of Firefox are you using and is it in privacy mode?

. .. . .. --- ....

Clive RobinsonFebruary 11, 2019 6:03 PM

@ Lawrence D’Oliveiro,

Anybody here still believe in “intelligent design”?

What sort of "intelligent design"?

If you mean the phrase by the common usage of the words, then yes I do as it's in effect the same as "thoughtful engineering innovation" and goes on all the time.

If however you mean as in turning them into "weasel words" or "Humpty dumptying" them. As certain people do, to then use them to imply that the notion of evolution is not possible, then I most certainly don't.

It's why those who espouse the second agenda use such phrasing to sound "rational" when in fact they are at best grasping at straws whilst drowning in their own lack of rational statments.

Unfortunatly those who espouse the second agenda, have in their misguided views, setup templates that others now use for their own unreasoned agendas...

MetaLobsterFebruary 11, 2019 9:03 PM

@Scott, and others on the CoC topic

We’re simply aglow with fear that our projection of the needs of a minority group will lead to a cataclysm in the Linux kernel. It's very similar to Peterson’s panic about trans pronoun laws and lefty invaders at large. I posit that the Linux kernel will be fine and our FUD about SJWs hijacking the project is just FUD.

Back to Peterson, he goes out of his way to be as offensive as possible while treading a line of subjectivity with the facts. People are offended because he tries to offend. It’s trolling. Despite that, about 75% of what he peddles is common sense or tautologies. I don’t have an argument against those. Common sense appeals to most people (even lefties), you could say I agree with ~75% of what Peterson says. It’s the other 25% and how he goes about it that is problematic to me.

The MGTOW overlap is interesting because he appeals to a pretty specific crowd that fancy themselves a bit more enlightened (definitely free of any blue pill nonsense) and who derive some level of glee from seeing minorities suffer (or get “owned” or otherwise shamed for a YouTube clip). His agitator schtick is not that novel and leaves a lot of hurt people in it’s wake. Yes, there are a lot of folks who overreact to him on Twitter, and who make horrible attempts at arguing with him; and yes I agree with a lot of his common sense stuff. I just can’t get over his wholistic effect, wielding trump-like orations to rally majorities against minorities.

The trans pronoun lawsuits he predicted never materialized. The “postmodern neo-Marxist intellectual invasion” is similarly not as dire. No one is genuinely anti-logic and pro-hysteria; but it’s easy to paint someone you disagree with as such, particularly if you manage to offend them deeply in some way.

It’s interesting to me that you went into “devils advocate” so quickly. Was the devil made of straw?

My points are: 1) attention trolling from a position of power at the expense of an underrepresented group is bad - and 2) the CoC FUD is an elaborate straw man where the straw is mostly hypothetical. IMO It wouldn’t hurt the project to swing a little too far in the direction of civility before correcting any CoC elements that are actually problematic in practice.

Sherman JerroldFebruary 11, 2019 9:15 PM

@albert,
Thanks for responding. I'm not a coder. I guess (hope) I'd fall in the category of curious 'superuser'. For me, this is more of an intellectual endeavor to better understand the various aspects of browsers that could compromise security. I'm also going to be using the knowledge I'm gaining through research and experience to help my cousin tutor victims of domestic violence in a shelter situation keep under the radar. I'm not extremely worried about vulnerabilities. No foil lining my hat, yet. I'm really careful to not visit suspect sites, click on ads, etc. And, if necessary, I can reload a clean version of any one of a number of distro's from CD/DVD. The PC is an old lenovo thinkcentre I got from the junkyard and rebuilt.

I'm using a rather 'tweaked' version of ubuntu that a software developer friend gave me. The browser is firefox 60.2.0 ESR canonical which is the latest I can update to in this environment. I like the features and performance of this 'hot-rod ubu' and would rather not have to install a newer standard version of xubuntu. I might be tempted to try Backbox 2.0

I've tried 'open new private window' in firefox and used that private browsing for full sessions and the results are the same. At the end of the browsing session I tell firefox to 'clear everthing' and Bleachbit (as user, and admin) still finds 15-20MB of 'stuff' to clear which is in firefox directories.

I've been reading about browsers and there are hundreds of opinions, not too many factual analyses and I'm a little amazed at how many people (sheople?) seem to just go with whatever's popular with their friends.

Sherman JerroldFebruary 11, 2019 9:26 PM

@albert,
Also, I'm curious, the code at the bottom of your post looks like morse. Is it e i e i o h?

Hope you won't be offended, that reminds me of an old joke I heard in Jr. High School:
Q: How does a redneck spell farm?
A: eieio

WeatherFebruary 11, 2019 9:32 PM

@Coc
When you recompile the Linux kernel, and spend a hour select yes,no or default, you release a lot of work has gone into it.

When I had Linux I used Slackware it had kernel headers and most C library that you don't need to search over the internet for, was DVD .
I think its not supported anymore :(

Sherman JerroldFebruary 11, 2019 10:13 PM

@Weather @Coc,

FYI: I just checked distrowatch to make sure. From Distrowatch: Slackware Linux, created by Patrick Volkerding in 1992, is the oldest surviving Linux distribution. Forked from the now-discontinued SLS project, Slackware 1.0 came on 24 floppy disks and was built on top of Linux kernel version 0.99pl11-alpha. It quickly became the most popular Linux distribution, with some estimates putting its market share to as much as 80% of all Linux installations in 1995. Its popularity decreased dramatically with the arrival of Red Hat Linux and other, more user-friendly distributions, but Slackware Linux still remains a much-appreciated operating system among the more technically-oriented system administrators and desktop users.

Slackware Linux is a highly technical, clean distribution, with only a very limited number of custom utilities. It uses a simple, text-based system installer and a comparatively primitive package management system that does not resolve software dependencies. As a result, Slackware is considered one of the cleanest and least buggy distributions available today

previous release 14.2 in 2016
current release of today 11feb2019

ScottFebruary 12, 2019 5:52 AM

@Clive Robinson

You previously wrote:

For years I've seen decisions made where some fairly lame "safety" reason was put forward as a way to decimate "security" arguing against it immediately turned into personal attacks by the those arguing that "safety" was the only reason or some other nonsense...

Bruce use to contrast security against convenience. But security against safety? This sounds like much more nuanced.

You later wrote:

Once you have had the misfortune to have met one or two you quickly get wary of those who appear like them or those who have fallen for their false arguments. Remembering that the principles intent is to ensnare, hamper and destroy to build themselves up at others expense, short shrift disengagment is the only way to deal with them for your own safety.

The first paragraph from the https://heterodoxacademy.org/the-motte-and-the-bailey-a-rhetorical-strategy-to-know/ article I linked to previously:

The freedom to be exposed to and engage in true substantive argument has been the historical strength, and even greatest gift, of a college education in the United States. Recently, that strength has been treated as a weakness by many who would rather stifle debate than brook dissent they view as offensive.

According to this theory, supported by the Jordan Peterson segment from the RealClearPolitics site, and shown in the of how example how Bryan Lunduke, an established, independent Linux journalist couldn't gather Ehmke & co. to have reach a common ground with their ideas to the wider community tells me it's "their" side who are incapable of an honest debate, not "us."

According to this answer: https://www.quora.com/What-is-your-opinion-on-the-UC-Berkeley-protest-against-Milo-Yiannopoulos-Feb-2017/answer/Richard-Muller-3, Berkeley professor Richard Muller argues there were ideologically diverse debates back in the 60s in said campus, they even invited a true neo-Nazi to debate. He lost the debate, by the way. What has changed since then? A lot.

Thanks for your support, as well as @1&1~=Umm!

ThothFebruary 12, 2019 6:14 AM

@Faustus

"Congratulations on your release."

Thanks.

>> "I am a bit cowed because I know nothing about JavaCards or even SmartCards."

Read up on ISO-7816, GlobalPlatform Smart Card Specs 2.1.1 and JavaCard Runtime Environment Spec v2.2.2 and v3.0.4.

>> "I am curious if you know of any particularly cool applications of SmartCards. It seems like their normal uses are not too exciting (key storage, etc), however important."

That's it's normal job as a secure key storage, crypto execution and secure execution environment. Lookup topics on ISOApplet, OpenPGP smart cards, PIV, Bitcoin Smartcard wallet, NFC FIDO smart card applet.

>> "Could you see smart cards being used as the basis of an alternative currency with some of bitcoin's attributes and maybe lower energy consumption?"

Lookup Ledger Hardware Wallet. It is based of a smart card chip as it's security processor.

>> "Would there be any purpose to using them in n-dimensional cube networks?"

Unlikely.

>> "Chacha20 looks like a pretty algorithm. I have always been discouraged from writing cryptographic primitives, but this one looks tractable. Is there a standard test bed for verification?"

RFC-7539 has a bunch of test vectors to verify the algorithm's proper implementation.

ScottFebruary 12, 2019 7:19 AM

Sorry if you are bored by it, but at least I think the CoC topic is a very important issue, so let's not forget the far-right magazine, It's FOSS' take on the issue: https://itsfoss.com/linux-code-of-conduct/

Let me extract two key tweets from Ms Ehmke:

https://twitter.com/CoralineAda/status/1041441155874009093

https://twitter.com/CoralineAda/status/1041465346656530432

@Faustus previously wrote:

I read the lkml link a bit. It is all a projection into the future about what hasn't happened. My understanding is that fellow programmers will be enforcing the pledge, not a pc commissar.

And one from commissar Sharp:

https://twitter.com/_sagesharp_/status/1041480963287539712

I don't know about you, I'm not a Kernel developer, but one of the billions of users of said Kernel, I already feel myself in re-education camp. Do you?

One of the top comments under the It's FOSS article by Pinko:

As a female programmer my opinion is that this is cancer, pure and simple. gender politics has no place in programming, or indeed in any area of civilised life where people have more than two brain cells to rub together. Keep your bullshit “social justice” wank out of life as a whole. Why is doing things on merit bad? How do you achieve anything of quality if you don’t? How do you end up with anything other than low quality shit from shmucks if you choose your code contributions based on whoever the raving lunatic blue-haired assholes like this week? (Please note I have pink hair).

Again. Just what I stated in my original question when I brought up the topic, plain and simple: From a purely technical and security standpoint, should we not worry about these developments for our our infrastructure and gadgets, or should we? If so, what could we possibly do (as humanity)? Maybe fork the Linux Kernel, but is it viable?

This discussion keeps coming up to my lame search efforts: https://www.linux.org/threads/will-we-see-kernel-fork-free-from-sjw-agenda.20027/

Resident here does not seem to be aware, or care for the implications of the dangerous agendas of ideologues.

Clive RobinsonFebruary 12, 2019 8:11 AM

@ Thoth,

I do like the bit where the three researchers say of "security experts",

    security experts tend to discount attacks involving enclaves because these locked-down code spaces are more constrained than normal system processes – enclaves can only issue system calls, to interact with the operating system, through their host application, and they can't handle I/O operations directly. That should stop bad code within an enclave from reaching the outside world.

I should fall about laughing, but I won't because "It's bleeding obvious" (as @Wael will probably provide a link for). When designing C-v-P I assumed that the "prisons" would be made hostile if an attacker could get hostile code into them, hence designed in a number of preventative measures.

If you take a moment to think about it, these execution "enclaves" are effectively like the "Prisons" but with way way less security protection. Because the "security experts" the researchers are talking about have "failed to consider privileged insider attacks" and how they happen...

That is the code in the enclave could be hostile to the rest of the machine not just the machine being hostile to the enclave code. In effect the "security experts" apparently only considered security from one direction not both[1]. As my son has been known to say "Epic fail"...

Thus using one or two now known tricks an attacker can get such code into an enclave which is not overly difficult to do[2] just complex/fiddly. Thus even external attackers with a little inside knowledge can get malware up into these "On so secure" NOT enclaves to perform privileged insider attacks for them...

The simple "take home" for those reading along is this,

    Just as in the real world with roads, most communications channels thus security are NOT ONE WAY... As the road crossing advice given to children says "Always look both ways".

Otherwise you might end up under the wheels of the bus as they "go round and round...".

[1] This may not be the "security experts" fault. We know certainly in the case of Intel that there are lots of avoidable horrors getting into their chip designs. Why, well managment are normally the people for being responsible for making these sort of SNAFU mistakes. That is the security people get over-ruled by marketing and publicity types, all so the pissing up the wall "Specmanship" go faster stripe contests can be held (not that anybody cares about them these days). That is any one who actually has real skin in the game, on CPU/memory performance such as "Cloud Companies" etc, will be using "their own in house tests" on new CPU and memory chips, and the motherboards they will run in.

[2] The way things currently work is a code image is loaded into memory via an "OS signed code load process". Unfortunately all this guarentees is the signed code good or bad is for a small fraction of a second the code that is in core memory as no further checks are carried out (a fatal mistake @Nick P and myself talked about frequently). Thus from that initial point in time onwards the code is highly vulnerable to change by "privileged processes" running on the CPU, DMA or other background load processes and bubbling up attacks running below the CPU, or reach around / down attacks from above the CPU.

ThothFebruary 12, 2019 8:35 AM

@Clive Robinson

Assuming In/Security Enclaves are applications that run on their own memory stack and are not given the usual privileges in the current Enclave setup where they can do whatever the OS and Hypervisor layers cannot, then it would effectively have made it difficult to leverage for escalation of privilege and then used as an attack.

I am still bewildered why Intel can't simply make those Enclaves incapable of privilege access.

The fact that many research papers and experiments have shown that Enclaves are a bad thing when abused, is a bad thing but the market current is filled with Snake Oil security with claimed Enclave based security.

Anybody can do code-signing and just dump a signed binary with malicious codes and that's all it takes to not only compromise the Userspace Environment but also probably other Enclaves so agreed that code-signing totally means nothing.

bttbFebruary 12, 2019 8:49 AM

From https://www.emptywheel.net/2019/02/11/a-primer-on-how-to-read-so-the-nyt-can-stop-telling-paul-manaforts-lies/ :

"NYT [New York Times] Continues to Tell Paul Manafort’s Lies for Him

It has been two and a half days since I [emptywheel] pointed out that their single anonymous source — described as “a person knowledgeable about the situation” — lied to the NYT last month when it reported that Paul Manafort and Rick Gates shared poll data, “most of which was public,” “in the spring” with Konstantin Kilimnik.

[...]

The NYT has not corrected the error [mostly public] and identified who turned them into a vehicle for significant propaganda.

[...]

They don’t mention that the judge, Amy Berman Jackson, Andrew Weissmann [Mueller Associate], and even Manafort’s lawyer Richard Westling, all acknowledge this was not just public polling data.

[...]

Because the NYT is struggling so much, as a service to them (and in hopes they expose whoever lied to them), I’m going to provide a primer on how to read redacted documents so they don’t have to continue to be a mouthpiece for Paul Manafort.

[...]

Paul Manafort doesn’t want the public to know he gave highly detailed polling data to a GRU-tied Russian, Konstantin Kilimnik, at a clandestine meeting he may have flown home from on Oleg Deripaska’s plane. He doesn’t want the public to know that because it’ll kill his chance for a pardon.

And for some unfathomable reason, the NYT doesn’t appear to want the public to know that, either."

bttbFebruary 12, 2019 9:07 AM

From The New Yorker, Private Mossad for Hire :
[...]
"The 2016 election changed the calculus. In the U.S., investigators pieced together how Russian operatives had carried out a scheme to promote their preferred candidate and to stoke divisions within U.S. society. Senior Israeli officials, like their American counterparts, had been dubious about the effectiveness of influence campaigns. Russia’s operation in the U.S. convinced Tamir Pardo, the former Mossad director, and others in Israel that they, too, had misjudged the threat. “It was the biggest Russian win ever. Without shooting one bullet, American society was torn apart,” Pardo said. “This is a weapon. We should find a way to control it, because it’s a ticking bomb. Otherwise, democracy is in trouble.”

Some of Pardo’s former colleagues took a more mercenary approach. Russia had shown the world that information warfare worked, and they saw a business opportunity. In early 2017, as Trump took office, interest in Psy-Group’s services seemed to increase. Law firms, one former employee said, asked Psy-Group to “come back in and tell us again what you are doing, because we see this ability to affect decisions that we weren’t fully aware of.” Another former Psy-Group employee put it more bluntly: “The Trump campaign won this way. If the fvcking President is doing it, why not us?”

[...]

"but the new clients fell through, and, in February, 2018, Burstien [of Psy-Group] found that he couldn’t make payroll.

Psy-Group’s financial woes coincided with sudden scrutiny from the F.B.I. The Bureau had taken an interest in George Nader for helping to organize a secretive meeting in the Seychelles ahead of Trump’s Inauguration, with the aim of creating an unofficial channel with Vladimir Putin. In January, 2018, F.B.I. agents stopped Nader, an American citizen, at Dulles International Airport and served him with a grand-jury subpoena. Nader agreed to coöperate, and told F.B.I. agents about his various dealings related to the Trump campaign, including his discussions with Zamel. (Nader has been granted immunity in exchange for testifying truthfully, according to one of his representatives. “Someone who has this kind of immunity has no incentive to lie,” the representative said.)

The following month, F.B.I. agents served Zamel with a grand-jury subpoena. Agents also tracked down Burstien in the San Francisco area, where he was on a business trip. Burstien returned to his hotel room and found a note under his door informing him that the Bureau wanted him to come in for questioning. Burstien told friends that he was “in shock.” The F.B.I. also visited Psy-Group’s so-called D.C. office, at the WeWork, and seized a laptop computer that had been hidden in a desk drawer, where it had been running continuously.

[...]

“The F.B.I. seemed genuinely surprised that this sh!t wasn’t illegal,” a former Psy-Group employee said.

In an interview, Burstien said that he was comfortable with how Psy-Group had operated but believed that changes were needed to protect average citizens. “I’m coming from the side of the influencer, who really understands how we can make use of online platforms,” he said. “There needs to be more regulation, and it’s up to our legislators, in each and every country. What have U.S. legislators done since they learned, more than two years ago, about the potential of these new capabilities? They have the power to move the needle from A to B. Nothing substantial has been done, as far as I know.”...

Clive RobinsonFebruary 12, 2019 9:28 AM

@ Scott,

... I think the CoC topic is a very important issue ...

Codes of Conduct are a "necessary evil" you will find in increaaing numbers of work places, primarily as a response to legal actions take by past employees. They are basically "Corporate Wallpaper" used to cover not just the cracks in their organizational behaviour but the cracks of senior managers. IMPORTANTLY they are legaly enforcable documents frequently drawn up by qualified lawyers. If they are not drawn up by lawyers then as the old saying has it "you are cruising for a bruising" and will get mauled in court.

The one thing you can say about the Ehmke CoC in question is not only is it not drawn up by lawyers, it offers no protection to the FOSS organisations from law suits, infact it makes them more likely. Worse it has two political agendas from M. Ehmke behind it, and don't think those tweets admitting it are just sarcasm they are not, they are two edged swords to alow deceitful behavior as M. Ehmke decides how to play it to advantage.

The first thing people have to remember is a list of rules is legaly a binding contract that involves two or more parties who are named. Political manifestos are not legaly binding have no named parties and are unfortunately "Wish lists with teeth".

It's fairly clear that the Ehmke CoC is a political manifesto with not just teeth but some quite nasty retractable claws under political control not legal control. Such documents are very dangerous as there is no way to easily defend yourself against them as Ted Ts'o has discovered.

FOSS and OS in general has a problem, you can see that from the number of licences out there that many lawyers could drive a bus through. If you try to play as a corporate body does, not as a small club or association does, then legally you can not have it both ways. You will be treated the way a lawyer convinces a judge (and jury) which may be significantly to your disadvantage over and above that of court costs and bad P.R.

Most FOSS/OS projects are not even small clubs or associations they are frequently a single individual doing a personal project in public, that might attract one or two like minded individuals. There are no contracts, written rules, or much of anything else other than series of usually aligned view points.

Such entities are entirely defencless against malcontents, journalists, lawyers or political agitators.

Whilst Codes of Conduct are important and should be done properly by appropriate lawyers, there is one heck of a lot of other legal work that needs to be done first. Otherwise any CoC is at best usless, through to being a loose canon aimed at not just the project but every single person involved, even if all they do is just "use the code".

The Ehmke CoC is clearly a weapon of destruction and not just will but is being used for that purpose, it's like having a 10,000lb unexploded bomb in your back garden, once you realise what it is you should get rid of it as quickly and safely as you can.

If people decide they need a CoC, then first they need a "mission statement" for the project that "encapsulates the telos". From this a project contract that encapsulates the project team ethos including dispute resolution and limits on remediation should be drawn up. Effectively a contract of association / employment. If these are not done before the CoC and refrenced in the CoC then as a team you might as well all put your feet on the table and blast away at them with a shotgun.

The reason a horse is usually infront of the cart is "unconditional stability" that is the horse pulls not pushes the cart. You need to see the CoC as at best the trailng edge of the rear tailgate of the cart and the horses nose should be as far away from it as possoble, otherwise instability will result.

WeatherFebruary 12, 2019 9:58 AM

FireWire is like USB connection but unlike USB has direct memory access, a hardware device the plugs into the FireWire port could monitor the PC memory to stop malware and other threads to some degree.

MetaLobsterFebruary 12, 2019 11:07 AM

@Scott/Clive

How much more risk does the project take on by continuing to operate the way Linus ran things?

A lot of the people who are most knowledgeable are not as young as they once were. As new members/leaders try to establish themselves the cultural direction of the project will be in flux with or without a code of conduct.

Regardless of bad intent from SJWs or others the project will still depend on knowledgeable people committing code. And, to my point about our hypothetical cataclysm, I don’t see the code of conduct having a significant impact on this. It will just steer some of the interpersonal interactions the go along with things.

@Scott, I can’t resist taking a jab at your Berkeley link. Why was it good for them to give a platform to a neo nazi in the 60s? Freedom of speech is great, but advocating genocide (or otherwise rallying a mob) does not need to be carefully facilitated by every organization.

The subtlety that is missed when you defend free speech this way is that on one side of the equation you have someone “bringing things to the marketplace of ideas” and on the other side you have wholistic fear for livelihood, identity, and/or life. When the dynamics fit that shape it’s more than a friendly debate and shouldn’t be endorsed/funded/platformed by anyone with decency.

FaustusFebruary 12, 2019 11:22 AM

@ Scott

I may disagree with you, but I find you reasonable and civil. I read quillette and reason.com. I'm a libertarian. My initial reaction to the CoC was disagreement. It is mostly the tone of many of the anti CoC posters in the threads you shared that led me to see a problem.

Obviously there are plenty of disagreeable arguments on both sides. But anti CoC people are making strategic errors basing their arguments on the specifics of people's identities. I and most libertarians are going to end up on the side of being agnostic towards such issues in favor of letting people do their thing.

SkizzoFebruary 12, 2019 11:33 AM

@Scott
"Guys, can you brief me which quote by @Impossibly Stupid did you find pro-abuse? I've read his comment twice, carefully, and maybe it's just because of the time zone difference, but I don't see it. It seems to me he just doesn't like the code of conduct, which itself does not equal pro abuse to me. Help me, because I don't want to be an abuse apologist!"

I was wondering the same thing. And of course, as we all know, there are certain individuals here who would cite this as an underhanded, thinly-veiled insult, and immediately circle the wagons while running to the mod to have it removed. Don't know if @IS is just more mature than these other people or just not part of the circle the mods work for.

SkizzoFebruary 12, 2019 12:35 PM

Are there really people advocating "Learn to program in C! Join the Linux Kernel Project!"?

SkizzoFebruary 12, 2019 12:42 PM

@Faustus
"But then you start on the identity stuff, and I begin to wonder. People are not asking for special treatment for their identities, they just don't want to be dumped on because they are different than male-white-cis-hetero-christian-athletic-whatever."

I thought you were talking about programming. What in the hell does any of the above have to do with that subject? Is everyone just standing around the water cooler, discussing anything and everything, other than programming, which is what they were 'hired' to do and claim is their 'job'?

SkizzoFebruary 12, 2019 1:01 PM

And Faustus takes a lesson from Echo and gets to backpedalling. Too bad, was guaranteed to be an eye-opener.LOL

"Faustus • February 11, 2019 10:34 AM

@ Clive

I wrote a long answer and accidentally deleted it, so I'll take it as a hint from the universe. And I don't have any more time.

The important part:

- I think we are all in trouble when we mistake our anger for reason. None of us are as reasonable as we think.

- Likewise I don't mistake what seems to me as angry statements on your part as an indication that you are a bad person.

- You make great contributions to the group, you have kindly answered many of my questions, and I appreciate you."

Such a shame...you must know a thing or two about NPD too. It wouldn't have ended nicely for you because this place has its own CoC, starting with "Thou must not threaten Big C's fragile ego."

bttbFebruary 12, 2019 2:42 PM

From https://www.eff.org/deeplinks/2019/02/countries-zero-rating-have-more-expensive-wireless-broadband-countries-without-it :

"When an ISP decides to exempt certain applications or services from cutting into a user's data cap, that's zero rating. And the evidence is in that it conclusively makes broadband more expensive.

A comprehensive multi-year study by the non-profit Epicenter.works, comparing the 30 member countries of the European Union (EU) on net neutrality enforcement, has found that zero rating business practices by wireless carriers have increased the cost of wireless data compared to countries without zero rating. This directly contradicts all of the assertions by major wireless carriers that their zero rating practices are “free data” for consumers.

Based on the evidence, zero rating not only serves as a means to enhance ISPs’ power over the Internet, but it’s also how they charge consumers more money for wireless service...."

Also, from EFF, https://www.eff.org/deeplinks/2019/02/net-neutralitys-day-court , "The Court of Appeals for the D.C. Circuit heard the case of Mozilla v. FCC today [1 February] to determine whether the Federal Communications Commission (FCC) is allowed to repeal its net neutrality rules and abandon its authority over the broadband industry...."

https://www.eff.org/deeplinks/2019/02/enough-5g-hype

https://www.eff.org/deeplinks/2019/02/real-net-neutrality-more-ban-blocking-throttling-and-paid-prioritization

https://www.eff.org/deeplinks/2019/02/san-francisco-district-attorneys-10-most-surveilled-places

https://www.eff.org/deeplinks/2019/02/life-eff-activist , Life as an EFF Activist, and

https://www.eff.org/about/opportunities/jobs ,
job openings at EFF

vas pupFebruary 12, 2019 2:48 PM

Psychology: Robot saved, people take the hit:
https://www.sciencedaily.com/releases/2019/02/190208115312.htm
"The more the robot was depicted as human -- and in particular the more feelings were attributed to the machine -- the less our experimental subjects were inclined to sacrifice it," says Paulus. "This result indicates that our study group attributed a certain moral status to the robot. One possible implication of this finding is that attempts to humanize robots should not go too far. Such efforts could come into conflict with their intended function -- to be of help to us."
***************************************
Scientists develop first fabric to automatically cool or insulate depending on conditions:
https://www.sciencedaily.com/releases/2019/02/190207142242.htm

"Researchers have engineered a new fabric from synthetic yarn with a carbon nanotube coating that is activated by temperature and humidity, releasing heat in warm humid conditions and trapping heat when conditions are cool and dry."

My take how long it takes DoD to utilize this for our troops /SOF?


Grant HodgesFebruary 12, 2019 2:51 PM

Hi Everybody,
My two cents several days late on the Bezos hockeypucks everyone is getting for their homes. Why on earth would anyone in security let someone listen to conversations in their homes? Incredibly misses the point of our profession.

FaustusFebruary 12, 2019 3:38 PM

@ Skizzo

Are you just here to cause trouble? So what if I disagree with Clive on occasion? I can't think of anything you have contributed. I'd take Clive over you any day.

Impossibly StupidFebruary 12, 2019 4:08 PM

@MetaLobster

I posit that the Linux kernel will be fine

Only in the same way that humanity was doing "fine" before vaccinations were available for diseases, and would be "fine" without them. Policies like a CoC are general things that get applied to specific projects and people. The right way to approach that is to be scientific and rational. The work should be about the work, not pitting people against each other based on their identity. I don't want the Linux kernel to be "fine", I want it to be the best it can possibly be, and I don't think that can happen when everyone is wasting their time in meetings talking about who is or isn't gay and which religions are or aren't conversely offended by them.

It wouldn’t hurt the project to swing a little too far in the direction of civility before correcting any CoC elements that are actually problematic in practice.

You don't need the kind of CoC we've seen to champion civility. It only serves to attack the productivity of a project by introducing elements that have nothing to do with the work being done. The more I see it happening, the more I have to wonder if it isn't also an intentional influence campaign to use liberal freedoms as a weapon against western democracies. After all, why would those techniques only be applied to elections? We all need to be cautious that we don't just become tools for a foreign propaganda machine.

MetaLobsterFebruary 13, 2019 3:05 AM

@CoC discussion

If I’m understanding correctly, the scenario we risk by not changing the CoC before it’s too late is something like the following: All core contributors run afoul of the CoC and are lambasted for their error; driven away by a mob of SJWs. Now, the project grinds to a halt while the SJWs take issue with the “manspreading” 8char tab spacing or something and begin making formatting changes as fast as they can en mass. Congratulatory emails abound in place of Linus’ diatribes. Calendars are filled with meetings to discuss who is gay. Chaos! No CVE patches. End scene.

I can’t see that actually happening. Being civil isn’t _that_ difficult. Core contributors have a lot invested and a lot to share with new contributors. Rough edges tend to wear down naturally given time and commitment. Saying “oops, sorry” isn’t actually _that_ bad. I won’t rule out the spacing changes, but I’m sure the maintainers intend to service critical patches as they always have and they shouldn’t need more than a handful of meetings to discuss who is gay and who is not.

I suppose we’ll either need to modify the code of conduct or wait it out and see. But what would we change? Essentially it says “be nice while you’re working together, or else!”. Where the “else” option is to say “oops, sorry” or to leave. Nothing prevents productive discussion or debate, but it could become harder to navigate for some. I agree with @Clive that Linus should consult a lawyer to evaluate risk, but this is not likely to happen[1].

Other adopters of this CoC don’t seem to be imploding[2]. Some are thriving. None of them have rejected science and/or logic as far as I can tell (except maybe phpMyAdmin.. actually a few might have.. hmm - I’d wager they lost touch before adopting the CoC in most cases).

The one case I’m aware of where these fears somewhat played out was the case with a core contributor to the opal project. He allegedly said something mean. They got mad. He dug in. They tried to run him out of the project based on this CoC. It was stupid, I don’t disagree with that sentiment. But, it was stupid from both sides.

Really, we’re all at risk of falling prey to a Twitter mob (or an otherwise dramatized mass-hysteria fueled digital assault) more so than in the past. This could cause ejection from a community even without a code of conduct. Don’t get me wrong; I’m all for personal liberty, doing what thou wilt, and promoting the freedom for folks to go off and “Galts-Gulch” each other to their heart’s content[3]. It might be good if the CoC encouraged those who want a little more personal liberty to fork. It’s probably overdue.

1. https://www.theregister.co.uk/2016/08/26/linus_torvalds_calls_own_lawyers_nasty_festering_disease/

2. https://www.contributor-covenant.org/adopters

3. https://www.vice.com/en_us/article/bn53b3/atlas-mugged-922-v21n10 . Perhaps these “men of the mind” needed to establish some kind of behavioral rubric.

Clive RobinsonFebruary 13, 2019 6:11 AM

@ Scott,

But security against safety? This sounds like much more nuanced.

It's known as "finessing", I've seen it when "standards committees" get together. The trick is to take what the various SigInt agencies want in the way of "easy access" to phone calls, and dress it up to look like it is for "Safety Reasons". Thus an "eavesdrop facility" gets renamed "Operator emergancy assist override" or some such. Under either name it's technically a way not just to break into a phone call from an exchange but also just to listen in without being detected[1].

It's just one of the reasons I point out that "Technology is agnostic to use, it's the directing mind that decides if that is good or evil".

Dressing up the technology in a fancy name is a form of "weasel wording" or "Humpty dumptying" where they decide what words mean, such that you think the opposit of what they are realy being used for the NSA use of "collect" is a more well known example.

[1] These "little tricks" have been going on for over an average lifetime in the UK. Each time a new phone standard comes along it gets this "Operator break in" or similar added from previous standards. It's the reason why it is so very easy for an "operator technician" to turn your mobile phone into a bug...

Clive RobinsonFebruary 13, 2019 6:49 AM

@ Thoth,

I am still bewildered why Intel can't simply make those Enclaves incapable of privilege access.

I've deep and increasing suspicions about Intel, that these things are not just down to their managment bring incompetent.

I used to design "thermal noise systems" for use in TRNG's because whilst there were other ways then as now to generate a high entropy source, they were not expensive, did not use dangerous components or needed recalibrating within the expected operating lifetime.

However they could go wrong or fall under the influance of an external signal etc. Which is why I always buffered the entropy source output and brought it out to a coax connector on the back pannel so it could be checked in various ways.

It's actually very important that you should do this, especially before any "Magic Pixie Dust" tricks like hashing or encrypting the output that hide 99.999% of any issues.

So when Intel first brought out their on chip RNGs I was deeply suspicious and told the various Intel sales droids I would not be using their product untill they fixed the issue. I always got the "We'll speak to the technical people and get back to you on that"... Which as I expected they never did. Well as normal when I mentioned this to other engineers I usually got one of two responses, a knowing nod or a why are you paranoid type question...

Well as time has progressed various people have started waking upto the fact I'm not being paranoid but have suspicion with good cause. The classic was what happened with the Linux kernel development and the RNGs it used.

I don't trust Intel, I have no reason to nor does anyone else. The fact that there behaviours raise even more suspicions means that I actively avoid their "security" features on the assumption they are going to be not of any real use. I can not say if their sofar list of security failings is down to incompetence or deliberate action. Either way it does not matter, they simply can not be trusted, and thus treating them with a large stick with a sharp point on it appears to be the safest option to follow.

bttbFebruary 13, 2019 7:44 AM

A US MSM headline:

"How Manafort’s 2016 meeting with a Russian employee at New York cigar club goes to ‘the heart’ of Mueller’s probe" [ https://www.washingtonpost.com ]

The 2016 nominating conventions had recently concluded and the presidential race was hitting a new level of intensity when Paul Manafort, Donald Trump’s campaign chairman, ducked into an unusual dinner meeting at a private cigar room a few blocks away from the campaign’s Trump Tower headquarters in Manhattan.

Court records show that Manafort was joined at some point by his campaign deputy, Rick Gates, at the session at the Grand Havana Room, a mahogany-paneled space with floor-to-ceiling windows offering panoramic views of the city.

The two Americans met with an overseas guest, a longtime employee of their international consulting business who had flown to the United States for the gathering: a Russian political operative named Konstantin Kilimnik.

[...]

The new details provide a rare hint at what Mueller is examining in the final stretch of his nearly 21-month-old investigation — and underscore his deep interest in the Grand Havana Room gathering, which ended with the three men leaving through separate doors, as Judge Amy Berman Jackson noted.

[...]

It was at that meeting that prosecutors believe Manafort and Kilimnik may have exchanged key information relevant to Russia and Trump’s presidential bid. The encounter goes “very much to the heart of what the special counsel’s office is investigating,” prosecutor Andrew Weissmann told a federal judge in a sealed hearing last week.

[...]

Jackson told the lawyers she will probably rule Wednesday on whether she believes that Manafort lied to prosecutors, a decision that could impact his sentencing in March.

The Grand Havana Room meeting took place during a critical moment in the 2016 race.

[...]

During last week’s hearing, the judge devoted a significant portion of time to discussing what appeared to be the polling data — something she noted Manafort initially said “just was public information.”

Manafort’s defense team also suggested that the information was too detailed to be helpful and would have been useless to Kilimnik. “It frankly, to me, is gibberish . . . It’s not easily understandable,” Westling said.

Jackson appeared skeptical. “That’s what makes it significant and unusual,” the judge said.

[...]"

https://www.washingtonpost.com/politics/how-manaforts-2016-meeting-with-a-russian-employee-at-new-york-cigar-club-goes-to-the-heart-of-muellers-probe/2019/02/12/655f84dc-2d67-11e9-8ad3-9a5b113ecd3c_story.html ; article

https://www.washingtonpost.com/politics/2019/02/12/why-early-august-has-become-central-russia-investigation-timeline ; timeline

https://www.washingtonpost.com/politics/2019/02/12/russian-oligarch-offers-significant-denial-mueller-probe ; Deripaska say's something like 'not me'

Clive RobinsonFebruary 13, 2019 7:56 AM

@ Rach El,

Russia plans to disconnect from internet

They originaly said they were going to do this back in 2014 at the ITU gathering in Doha.

Basically most of the world sees the internet like a spiders web with an evil black widow spider sitting in the center...

Put simply the Internet for various financial and some technical reasons has been built on an "All roads lead to Rome" basis, with Rome being the US and the NSA. Flowing outwards again the major junctions or "choke points" fall under the jurisdictions of the main Five-Eyes nations.

When African nations tried setting up other physical routes they suffered from "cable cuts" supposadly by "draged anchors" and the like.

China has however "demonstrated" micro-sub underwater systems to not just cut subsea cables but to splice into them. Thus have the ability to "wire-tap" the data.

Whilst the US is making a lot of fairly usless noise over "fake news" and "election hacking" most other second and third world nations are deeply aware of the vast quantities of "fake news" and "election interferance" originating in the US from various organisations receiving "hedge-fund" backing which has quite a right wing bias.

Put simply most nations want to break the Internet away from the US entirely. There are two ways they can do this. The first is politically through the UN and ITU and the second is by "voting with their feet". They have tried the first method unsuccessfully, so they are going for the second. Whilst this will cause them issues in the short term, if China and India join them as they to have thretend to do as well as many African and ME nations and with the EU putting increasing legal preasure on US corporates, it appears that the second route is starting and will in time flourish, at which point the US will discover their "Bat and ball have been taken home by others"...

What the US will try to do to prevent this is as yet unknown, but as they have a propensity of "Bombing back to the stone ages" with third world countries it may not be good.

The next World War is over due, however it might not start kinetically but as information control wars. One or two nations have already started physically pulling their gold reserves out of the US and are also moving to secure other resources, which tends to suggest that their governments are getting nervous of the US's intentions.

bttbFebruary 13, 2019 9:30 AM

Two Questions:

a) Is Pardo's statement credible?

"Russia’s operation in the U.S. convinced Tamir Pardo, the former Mossad director, and others in Israel that they, too, had misjudged the threat. “It was the biggest Russian win ever. Without shooting one bullet, American society was torn apart,” Pardo said." [1]

b) With Mueller's Counterintelligence (CI) investigation and SDNY's investigations heating up, might President Trump be likely to declare emergency measures or start, or escalate, a war soon? Other?

[1] https://www.newyorker.com/magazine/2019/02/18/private-mossad-for-hire


Regarding Venezuela

From https://www.democracynow.org/2019/2/11/greenwald_how_can_democrats_support_trumps :

"GLENN GREENWALD: Obviously there’s a lot of criticism of Nicolás Maduro, including by leftists who were loyal to President Chávez. It doesn’t just come from the Venezuelan right or from capitalists in the West. There is a lot of criticism of President Maduro. The question is not, though: Do you like President Maduro? The question is: Do you think the Venezuelan people are going to be helped by having Donald Trump, John Bolton, Mike Pence and Elliott Abrams intervene in their country, engineer regime change and then prop up whatever leader they like best?

[...]

AMY GOODMAN: And the significance of them having as a partner Bolsonaro, the new far-right, former Army captain, the president of Brazil?

GLENN GREENWALD: Yeah, I mean, it’s—I mean, you know, usually what happens in these kinds of cases is there’s at least an attempt made to make liberals feel good about what the real motives are: You know, we’re going to change the regime in Libya, not because we care about their oil, but because we just want to help the Libyan people be liberated from this bad dictator; the same with Iraq, you know, pulling babies out of incubators. There’s at least an attempt made. And here, there’s barely an attempt made. It’s all very explicit and blatant.

And the fact that the leading U.S. partner in Latin America to do this is Jair Bolsonaro should tell you everything you need to know about what the real motives are in terms of what the U.S. government is trying to accomplish in Venezuela. It’s nothing good for the Venezuelan people, no matter what your view of Nicolás Maduro is. It’s all about imposing a far-right ideology for the benefit of everybody but the Venezuelan people."

and

Finally, https://www.democracynow.org/ had a segment today about possible weapons shipments to Venezuela by air, perhaps by "21 Air LLC".

Impossibly StupidFebruary 13, 2019 10:41 AM

@MetaLobster

If I’m understanding correctly

You're not. Constructing elaborate strawman scenarios is unnecessary; simply address the very specific points I've made. Terms are left undefined. Clauses are inconsistent. Regardless of how it exactly plays out, no good can come from that. The very fact that such a clearly flawed CoC is adopted indicates that poor leadership is in place, so the project is already in the process of failing.

Being civil isn’t _that_ difficult.

Indeed, so why is the CoC about identity politics rather than civil behavior? But keep in mind that being "civil" isn't always about being nice, especially when you're being deliberately attacked.

The one case I’m aware of where these fears somewhat played out was the case with a core contributor to the opal project. He allegedly said something mean. They got mad. He dug in. They tried to run him out of the project based on this CoC. It was stupid, I don’t disagree with that sentiment. But, it was stupid from both sides.

Few issues have "both sides" equally at blame. The core problem here is that anybody can choose to be offended by anything. Even the most inane comments can be considered "mean" or taken as harassment (just in this thread we've had @Faustus cry about how hostile it is for someone to offer up a good book to read!). It's really a disservice to those who legitimately suffer from harassing behaviors. That's what a poor CoC will always do, and that's why it's a terrible mistake to adopt them in the first place.

It might be good if the CoC encouraged those who want a little more personal liberty to fork. It’s probably overdue.

Encouraging reduplicating effort and division is not a good idea. It's yet another attack on the productivity of organizations. If you're not working for the propaganda machine of some foreign entity, please stop trying to create an environment that exacerbates the infighting. Or, at the very least, do it somewhere else; this blog's audience won't be as receptive as your regular social media fodder.

albertFebruary 13, 2019 11:28 AM

@Sherman Jerrold,

Re: Firefox. I see the main problem is, rather than saving information, sending it back home. Perhaps editing the about:config would help, although there's always a chance that you can break something by deleting/editing the wrong thing. Deleting garbage prevents FF from having stuff to send home, but what monitors what is being sent when you're running FF?

You are correct about my sign-off.
. .. . .. --- ....

Sherman JerroldFebruary 13, 2019 1:03 PM

@albert,
Thanks for the info. I think you are correct that a big problem is what is being 'phoned home' by Firefox that can't be thwarted. As I understand it Firefox is being 'bought' by one of our favorite abusive behemoths. Therefore, I think maybe finding a practical more secure browser is a better use of time and resources. Tor is good, but not really practical and its use can attract unwanted attention. I'll report any substantive info on browser security I uncover to this blog.

The duckduckgo search engine doesn't track you. However, every 'major' website loads google (and other!?) tracking junk on you, rather nullifying the good intentions of duckduckgo.
Tongue firmly planted in cheek "Guess I'm gonna hafta get a roll of heavy duty foil to line my hat with"

P.S. to all: Aside from the occasional 'sibling squabbles', I still consider this blog one of the really great resources for people to discuss and keep informed about digital security and safety.

FAFebruary 13, 2019 1:40 PM

Re. the post-meritocracy debate:

Following one of the links posted above, I found this gem:

> We should be able to reject valid proofs from people with intolerant ideas.
> We should also accept incomplete and invalid proofs in name of diversity.
> That is the way mathematics should be.

That's how stupid it gets...

bttbFebruary 13, 2019 2:15 PM

From @OmarBaddar today: "You can't make this sh!t up." regarding a tweet by @kenklippenstein saying: ".@IsraeliPM deleted their tweet and replaced “war with Iran” with “combating Iran”":
https://twitter.com/kenklippenstein/status/1095762437368877056

In addition, here is emptywheel's (@emptywheel ; https://www.emptywheel.net/ ) "updated docket of prosecutors involved in the Mueller and other RU cases":
https://docs.google.com/document/d/e/2PACX-1vQGXst08sN_GlwQ9n-c8drHrBGnDHXv18Rb7B8OcXfTyW3rnyZ5F9X_Ee4aOAAGNMDpwXQH_Mw5MSe5/pub ; may update every five minutes

Clive RobinsonFebruary 13, 2019 4:45 PM

@ FA,

That's how stupid it gets...

Err no, replace "gets" with "starts", as left without challenge it will get worse a lot lot worse, and those who argue with such policies will get vilified and the political equivalent of tied to a stake for burning.

The people behind such "anti-meritocracy" view points in the past have been way way more intolerant than most can imagine. Their intent was to destroy not just peoples credibility but their ability to earn a living, just to be made examples of. History has many examples of what can realy go wrong when "meritocracy" is seen as evil by those who obtain power, some are well within living memory.

As an example of how bad look up Saloth Sâr --politically taught by the French Communist Party-- and his "agrarian socialist society" workers cooperative utopia inspired by Joseph Stalin. Which wiped out 25% of the nations population who were Drs, Nurses, University lecturers, teachers and all manner of engineers and technical workers, basically the professional middle and upper classes...

Extream perhaps but it has happened quite a number of times last century when "political ideology" gains to much power. And it is the political ideology of "anti-meritocracy" which is the root cause driving this particular CoC.

As I've said above, I've no real problems with CoC's if they are well thought out and have proper checks and balances and have been checked by specialist legal experts.

However the CoC in question has had no such consideration, and the person behind it has been known to willfully change it just to get at a single person... That gives me less than zero confidence about it's legitimacy.

MetalObsterFebruary 13, 2019 9:41 PM

I’m almost flattered you think I’m a shill. I might be the closest thing to an “SJW” ever to post on this blog. Perhaps @Anura on occasion could be mistaken for one. Most of the accused shills have espoused pro-Russian sentiments or been too skeptical for their own good.

Anyway:

You're not. Constructing elaborate strawman scenarios is unnecessary;

I quoted you and others verbatim in parts and wanted to somehow connect the hypotheticals posed to a security-related outcome. Please put some arms and legs on your assertions for me. My hypothesis is that they will all end up sounding a bit ridiculous (I thought mine was a little humorous at least).

simply address the very specific points I've made. Terms are left undefined. Clauses are inconsistent. Regardless of how it exactly plays out, no good can come from that.

I’ll assume the specific sections you’re referring to are the following. I’m not seeing the inconsistency tho, maybe you could point that out. It’s not a long document and these are the least defined pieces:


  • we’ll get you; *if* you engage in [...] + “Other conduct which could reasonably be considered inappropriate in a professional setting”
  • we reserve the right to “ban temporarily or permanently any contributor for other behaviors that [maintainers] deem inappropriate, threatening, offensive, or harmful.”
  • don’t misuse your project affiliated email in these ways [...] where “Representation of a project may be further defined and clarified by project maintainers.”
  • “Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project’s leadership.”

This might be the heart of our disagreement but I don’t see the above vagaries as negative. Anything pursued with bad intent falls apart. You might say that even the founding fathers of the U.S. constitution didn’t sufficiently account for bad intent in the executive branch. But these are more suited to enabling the maintainers to act. That is bad if the maintainers are bad, but if the maintainers are bad the project has other issues. The project has a pretty solid history of interpersonal snafus, the good that could come from this CoC is that those snafus have a pretty quick path to resolution now.

And, to @Clives point Coraline has indeed modified the document after ousting the Opal guy. You could say she weaponized it toward him. Or, you could say she corrected an oversight to avoid the issue in the future.

In my career so far I have been asked on several occasions to step in where a project was “going off the tracks” in some way. The resolutions varied from process tweaks, to re-architecting/deprecating things, to outright redoing things. I have noticed that homogeneous/insular teams always have the most “funk” built up in their code. I assert that the inclusiveness fostered by this CoC will have a net positive effect.

In some cases a source for the funk is misapplication of a meritocracy. As the proctors of merit appraisal start to lose touch, things “fall through the cracks” and often the folks keeping that under control are not rewarded (sometimes they leave). This incentivizes gamification of the merit points or sequestration of domain knowledge, both of which are detrimental.

I do agree that a meritocracy is the best ‘ocracy discovered so far. So, I’m not pushing for a welfare CR approval system or something (again not trying to make an elaborate straw man but let’s play out these hypothetical assertions). None of this has happened to other projects that use this CoC.

The core problem here is that anybody can choose to be offended by anything. Even the most inane comments can be considered "mean" or taken as harassment (just in this thread we've had @Faustus cry about how hostile it is for someone to offer up a good book to read!). It's really a disservice to those who legitimately suffer from harassing behaviors. That's what a poor CoC will always do, and that's why it's a terrible mistake to adopt them in the first place.

I feel like this argument supports my point a bit too. You guys hashed it out without much ado. If it had escalated a CoC would have let the moderator slap your wrists in turn.

Impossibly StupidFebruary 13, 2019 11:24 PM

@MetalObster

I’m almost flattered you think I’m a shill.

I don't think that. I merely pointed out that influence campaigns can be broad. Perhaps you're simply someone who has been a target/victim. Perhaps your beliefs are self-determined. Regardless, they don't seem to have any foundation that I find rational, for the reasons I have already given, so any way you paint it I think I'm wasting my time with you.

Please put some arms and legs on your assertions for me.

No. That's a further waste of my time. An intellectually honest person can assess the inconsistencies in the policies and on that basis alone have good cause to reject them. There is no need to construct elaborate fiction to make my point.

I assert that the inclusiveness fostered by this CoC will have a net positive effect.

Your bald assertions are of no value. The plain fact is that such a CoC is not driven by inclusion, in the same way that creating a list of 57 genders is not about inclusion. The right way to be inclusive is to not care about such things at all, and certainly not to harass people who are just trying to do their job.

None of this has happened to other projects that use this CoC.

Immaterial. It's Chekhov's Gun. It will come into play in due time. It's like any other security flaw, sitting idle and seemingly innocuous until the day it gets used in an attack.

ThothFebruary 13, 2019 11:41 PM

@Clive Robinson

US DOD's DISA are developing a hardware chip while partnering with Qualcomm that will continously authenticate the user via biometric and human body movement.

Aoparently they (USG) is highly aware of the tactic of snatch and go of portable computing devices (i.e. Ross Ulbricht) when an encrypted laptop or device that have been booted up and successfully authenticated becomes a target where anyone can physically snatch the device and do whatever they one on the unlocked device.

Link: https://www.nfcworld.com/2019/02/13/361626/us-military-tests-continuous-multi-factor-biometric-verification-on-android-phones/

WeatherFebruary 14, 2019 12:31 AM

Don't now how to direct this at,
But Debian and Ubuntu are just free Windows Is, I wanted to test out raw sockets, Debian doesn't allow it, Window you need to code a device driver, which Ddos software will do anyway.
Debian has GUI support for more hardware but if dhclient etc fail I would still like ifconfig and route,
Why does it haft to go to general users,
I'm happy with Debian and Ubuntu, but..
I use C partly as a scripting lauwage, calling System, I want something that I don't need to jump through hupes, I ran as Root account, it bad practice but its not for defense,
I'll prefer to be insulted, than that, at least tomorrow I would have forgotten.

Clive RobinsonFebruary 14, 2019 1:26 AM

@ Thoth,

Aoparently they (USG) is highly aware of the tactic of snatch and go of portable computing devices (i.e. Ross Ulbricht)

That's kind of funny in a way.

You know I have this thing about techbology being agnostic to use. Well what feels like years ago now @Nick P and myself had quite extensive conversations on the use of "Dead-Man's Switches"... Not for stoping trains (good) or blowing up bombs (bad) but to erase encryption keys etc in desktops in safes and later laptops.

We looked at "foot pedals" "knee pushes" and even smart cards in keyboards attached to a users wrist by a short length of very stout but flexible strap.

The reason we discussed it was the "FBI Rush" where they "smash-an-grab" computers and the like.

@Nick P liked the "knee push" because it could be set up easily but in such a way that even if the FBI shot you dead which was clearly becoming one of their evidence gathering tactics your body would still trigger the "Deadman's switch" as a "fail safe".

The problem though is not the switch per se but what happens next. Most OS's and apps are way to complicated for their own good and spray data and heaven alone --as the developer certainly does not-- knows what all over the place. The result is "cutting the power" is messy and even if done accidently requires a lot of clean up afterwards, just to get things back to a normal background state.

The other thing is that mess contains very valuable data and could be easily in plaintext form tucked away in odd places (it's just one of the reasons the NSA has a prefrence for "Inline Media Encryptors" for hard drives etc).

Even modern DRAM can with a little knowledge be persuaded to remember bit states, each one of which could be useable key or information data.

All of which means you have to consider how to ensure you don't leave mess hanging around. From a 20,000ft view "encrypt all mutable memmory" is the way to go... But as you get closer to the metal lots of issues pop up, all of which you need to solve.

Scarily though your design ends up getting closer and closer to old "big iron" solutions going back not just decades or a quater century but "back to the Sixties" more than half a century ago.

In essence three microcontrolers to do,

1) User interface.
2) Data processing.
3) Storage.

Each is segregated from the other by "mandated choke points". For ease of design serial interfaces are the easiest to deal with many $1 microcontrolers having multiple SPI interfaces that happily talk a multitude of protocols to all sorts of usefull low cost devices.

The problem of course is no fancy Windous UI just the good old command line in 25 lines of 80 characters or less to reduce "sholder surfing" with a "long lens" or CCTV bug in the ceiling mount smoke detector etc.

Something tells me this DOD chip is realy not going to work without one heck of a lot of other work at the OS and App level.

However,

    DISA scientist Stephen Wallace told Federal Computer Week,
    “If you do it at a software level, you’re dependent on the hardware below it for your security.”

Which "speaks volumes" if you have ever tried designing a reliably secure system from data sheet up.

ThothFebruary 14, 2019 6:02 AM

@Clive Robinson

Something of a physical hack I find interesting for the "Smash-and-Grab" prevention tactic would be something rather unconventional and probably most frowned upon.

It would be the use of NFC smart cards. There are some smart card that contain e-Paper or embedded OLED display screens in the smart cards and for the higher end ones, they would also include NFC antenna.

Assuming an NFC display card is used, the card can negotiate a Diffie-Hellman KEX with the computer and churn out a 8 digit DHKEX secure channel code that would display on the computer and the NFC smart card screen and the communication is over NFC. Once the DHKEX over NFC is exchanged and the 8 digit checksum of both the card and computer matches, the card could continue to ask user for PIN code to be entered over the computer and encrypted and sent over the NFC secure channel to the card to verify the identity of the user and thus allow secure services to be accessed via the card.

In the event somebody's gonna snatch the computer, they would have to actually snatch the computer and carefully snatch the card as well to ensure the secure channel doesn't break otherwise they would have to somehow obtain the PIN code again to access the secure services.

Assuming the computer is programmed properly to forget the PIN code after entering into the smart card, this would be a headache for attackers using the method of "Daylight Device Robbery" because an NFC channel usually have a distance of only 4 cm and snatching it and running would inevitably cause the card to move out of 4 cm radius and probably from the force of forcefully snatching a device, the card would have fallen to the ground as well or slimmed out of the hand thus causing the secure session to break.

Clive RobinsonFebruary 14, 2019 8:32 AM

@ Thoth,

because an NFC channel usually have a distance of only 4 cm and snatching it and running would inevitably cause the card to move out of 4 cm radius

A problem I see is it slipping or sliding of the reader during ordinary use.

Imagin you are sitting in a coffee bar with the laptop on your lap. It would take little or nothing to cause it to move / drop off the NFC sensor...

Thus I can see "user convenience blue tac" or similar being used to on effect glue the card to the reader. It's just the way humans are... As our host @Bruce has noted befor, users think rationaly about "Security-v-job", security is not going to get a look in when it comes to meeting months end quota when your 10-20% down in week four.

As a rule of thumb, when designing security systems, assuming the user is more danger to security than any external attacker is not a bad starting point...

As my son has a habit of saying "That's the way it be bro".

But I like the idea of the NFC card and e-Paper design, so maybe actually build in guide rails to hold the card in place, with hinges and dimples such that a card tethered to the wrist or arm etc with a reasonably strong strap would just "break out" of the rails with say just 454g/16oz pull.

That way the user has less incentive to use blue tack etc. That just leaves the problem of ensuring they tether it to the wrist. One way would be to have a heart rate / body temp biometric sensor in the wrist cuff.

Thus the trick is to raise the users "pain threshold" whereby compliance with security is less than any potential work around they might come up with.

Mind you there is one biometric that some businesses have tried to do with "hot desk workers" where an IR body sensor is put under the desk. One newspaper got called out by their own journalists that called them things like "crotch cams". The point is appropriate IR sensors under the laptop would be able to pick up signals of the users lap along with pulse etc.

If the laptop had accelerometers then grabing or droping the laptop would produce higher than normal G-Forces to act as an alarm / shutdown signal.

Hmm it does not take to much thinking to come to the realisation that an FBI "snatch-n-Grab" or "Shoot-n-Catch" can be easily out-whitted by even quite rudimentry technology.

Oh and using an NFC card as an encrypted key store such that the laptop has to "get the key" each and every time an encrypt/decrypt is performed and then delete it from the laptop memory would also make life difficult for would be snatchers.

vas pupFebruary 14, 2019 2:30 PM

@all:
History Channel is running new featured program/movie based on real events: 'PROJECT BLUE BOOK' every Tuesday at 10/9 CST. It is about all exciting things: UFO, government conspiracy, moral obligation of scientist, relationship between civil Secretary of DoD and Pentagon high level generals, Russian spies, mind control, etc.

Rach ElFebruary 14, 2019 3:44 PM

Following from Vas Pup recommendation. My thoughts intended to respond to Clives discussion of countries seeking to liberate their internet from the clutches of the central spider, and the complexities of such.

We have a show here Le Bureau des Légendes in english 'The Bureau' widely considered about the best television France has produced. It's the DGSE - French external security.
very gripping drama heavily character development focus, lots of attention to detail. a lot of time spent on the complexities of islamic splinter operations in multiple countries - must have done a ton of research. NSA offer FSB three examples of attribution to Kasperksy in exchange for intel. Stuxnet and attempts at Gen 2, no restraint on the heated feelings between the French and US agencies and the former point out they know the latter is monitoring all their traffic regardless of niceties. Fairly frequent technical references to what can be done with phones and compters remotely. Natives won't be watching with a short memory of their operational history, however. At least there was a momentary reflection on the Rainbow Warrior incident, that was something

WeatherFebruary 14, 2019 5:38 PM

Rachel so will you talk to me,you know the system, so why the drop box bin at a air studio

ThothFebruary 14, 2019 9:22 PM

@Clive Robinson

"Thus I can see "user convenience blue tac" or similar being used to on effect glue the card to the reader."

Yup, that's one thing that is worrying. The difference is if the user is really paranoid, they wouldn't bother to blue tac the NFC card onto the card reader as that would be suicidal. If the user really doesn't care about security, than no matter what ideas that we can come up with, they will still go ahead to breach every single security procedure you can put in place to protect them.

"Oh and using an NFC card as an encrypted key store such that the laptop has to "get the key" each and every time an encrypt/decrypt is performed and then delete it from the laptop memory would also make life difficult for would be snatchers."

Just use a different content encryption key the likes of email encryption (i.e. PGP) where a private key is used to encrypt the content key. This will force the laptop or computer to frequently send in encrypted headers for the smart card to use it's internal private key to decrypt and return the content decryption key and the inverse of the process for generating an encrypted header. In fact this is what OpenPGP smart card does and installing the open source OpenPGP applet codes onto off-the-shelf NFC capable smart cards are very common.

MetaLobsterFebruary 15, 2019 3:35 AM

@Impossibly

An intellectually honest person can assess the inconsistencies in the policies and on that basis alone have good cause to reject them. There is no need to construct elaborate fiction to make my point.

But by claiming that, we avoid looking at how ridiculous the claims sound when played out. If the project maintainers suddenly abandoned logic we would be in trouble, but they haven’t. They have adopted a CoC with intent to shift the culture over time so that it is more inclusive. The assumption seems to be that this will lead to some terrible security outcome. I’m trying to demonstrate that it won’t, because all the claims and assertions implying a dire outcome from this CoC are based on projections that the leadership is already beyond hope. If that were the case the CoC is immaterial to the project’s demise.

Some examples of the implications / projections I’m talking about:

“Science is a field where you can be objectively wrong.”, “The Ehmke CoC is clearly a weapon of destruction”, “Only in the same way that humanity was doing fine before vaccinations were available for diseases”, “pitting people against each other based on their identity”, “It only serves to attack the productivity of a project by introducing elements that have nothing to do with the work being done”

None of that is in the CoC (or the kernel project’s interpretation guidelines). Nothing declares that the project will devalue the merit of a contributor’s work (it stipulates that merit has to be paired with an attempt at following the CoC, but that is the same as before). It doesn’t pit anyone against anyone else. Nothing precludes objectivity (but, it’s easy to wrap a personal attack in thinly veiled claims of objectivity or “facts don’t have feelings” type rational as Peterson et all demonstrate ad nauseam, which was my original reason for jumping into this discussion. This is easier to root out with the new CoC). It doesn’t attack productivity. It doesn’t introduce elements that have nothing to do with the work being done (interpersonal dynamics exist and have impacted the project for years without a good rubric for resolution. They are the necessary evil that goes along with any group project and necessitates the evil of a CoC to begin with).

Immaterial. It's Chekhov's Gun. It will come into play in due time. It's like any other security flaw, sitting idle and seemingly innocuous until the day it gets used in an attack.

The fear about anyone being able to claim offense at anything is valid to the degree that the maintainers will indulge it. The best way I see to assess that is by looking at what they’ve done in the past. The old CoC had the same vulnerabilities and was more vague about them but it never led to any of the dire projections here.

As a contributor with good intentions, the new CoC provides much more tangible guidance than the old one. As a contributor with bad intent “Be excellent to each other” leaves a lot more loopholes. It is a great sentiment but it doesn’t help at all if someone is sowing discord or pushing others out with subtle or overt intimidation/harassment.

The right way to be inclusive is to not care about such things at all,

Not caring leads to inadvertent offensiveness and opens the door to more possibilities for someone with bad intentions.

and certainly not to harass people who are just trying to do their job.

This embodies the general sentiment that somehow no one will care about the merit of a contributor anymore. Why? All the bits of the old CoC regarding a high quality bar are still present in the interpretation guidelines. If they’re just trying to do their job but can’t be bothered to communicate in a way that fulfills the CoC who is to blame? This starts bleeding into the hypotheticals again, so I’ll leave it at that.

One last thought on the matter; how many contributors have been pushed away because this wasn’t done sooner? Given Linus’ history it’s probable that we have missed out on a lot of time/energy that would have enhanced the project.

WeatherFebruary 15, 2019 5:52 AM

Rachel
Sorry don't know why I directed that at you, just something that happened in the past.

bttbFebruary 15, 2019 6:58 AM

From https://mobile.twitter.com/jacklgoldsmith/status/1096212972433752064 :

"Jack Goldsmith Verified Account
@acklgoldsmith

1/ Harold Koh and John Yoo once wrote a law review article together, in 1992, that discussed emergency powers. It is interesting in light of current events. scholarship.law.berkeley.edu/cgi/viewconten… [ https://t.co/jEK9FWjWrB ; pdf, about 47 pages ]. Here are some excerpts from 1992 that are just as apt today:
5:01 PM - 14 Feb 2019

[...]

6/ “Congress and the Court have encouraged the President to act first, relying on existing statutory ‘blank-check delegations,’ while avoiding the more politically difficult, though constitutionally preferred, route of seeking specific legislative approval for emergency acts.”"

FaustusFebruary 15, 2019 9:43 AM

@ Impossibly

"just in this thread we've had @Faustus cry about how hostile it is for someone to offer up a good book to read!"

Impossibly this is simply a lie and an example of why CoC's are needed. Rude people will misrepresent and lawyer about, which is exactly why a specific CoC is needed.

This is what you said:

"You can't claim you want a meritocracy, but then act like the unskilled and unaware are just as welcome as the experts. It's also a losing proposition to leave "harassment" undefined, because the world is full of people who will take offense at even the most innocuous things (e.g., telling someone they should take a class or read a book on data structures before they try to rewrite some library they have no experience with)."

You are explicitly admitting that you are being unwelcoming. You are not offering up a good book. You are telling somebody that they shouldn't contribute because you don't deem them experienced enough.

(Which I think is funny, because you show no sign of any experience working in any environment.)

Keep on talking, dude! You are the example that supports CoC's. You single-handedly convinced me they are needed. Well done!! Keep talking please.

Clive RobinsonFebruary 15, 2019 3:01 PM

@ Thoth,

installing the open source OpenPGP applet codes onto off-the-shelf NFC capable smart cards are very common.

PGP, GPG and the derivatives are something I stopped tracking a few years ago when it looked like a flame war was going to blow up.

I figured --wrongly it would appear-- that such forking etc would be the death of it. Because whilst forking major non security projects one usually survives, security stuff tends to blow up entirely (possibly why Moxie is as protective of his back end as he is).

bttbFebruary 15, 2019 4:34 PM

From https://prospect.org/article/trumps-emergency-action-unlawful-and-unconstitutional :

"Trump’s ‘Emergency’ Action: Unlawful and Unconstitutional

Erwin Chemerinsky
February 15, 2019

Presidents have no extra-constitutional powers during real emergencies, much less fictitious ones.

The federal courts and ultimately the Supreme Court should quickly and emphatically hold that President Trump’s attempt to fund the border wall by declaring a national emergency is illegal and unconstitutional. In 1974, when President Richard Nixon made an unprecedented claim of executive power to resist complying with a subpoena from the Watergate special prosecutor, the Supreme Court unanimously rejected this assertion and enforced constitutional checks and balances. We should hope and expect that even the conservative Roberts Court, with two justices appointed by President Trump, will likewise follow the Constitution and reject Trump’s dangerous claim of emergency powers.

The Constitution has no clause that gives the president emergency powers. This was a deliberate and wise choice...."

bttbFebruary 15, 2019 4:47 PM

From https://www.washingtonpost.com/world/national-security/us-cyber-force-credited-with-helping-stop-russia-from-undermining-midterms/2019/02/14/ceef46ae-3086-11e9-813a-0ab2f17e305b_story.html :

"U.S. cyber force credited with helping stop Russia from undermining midterms

Senators from both political parties on Thursday praised the military’s cyber force for helping secure last year’s midterm elections,

[...]

He, too, refrained from disclosing details, but said, “I can just tell you that the types of cyber activity that Russia, through multiple agencies and third parties [was conducting], was most certainly impacted during this process.”"

Impossibly StupidFebruary 15, 2019 5:35 PM

@MetaLobster / @Faustus

There's nothing more I need to add; people are welcome to read what has already been written and reach their own conclusions. You continue to demonstrate a desire to blow things out of proportion and waste time on matters of no real consequence. I'm sure a lot of people will fall for it, but your argument falls short of swaying me.

It's a new Friday, thus a new squid post is up. Here's hoping for more productive discussions there.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.