Thursday, November 08, 2012

Anchor to the left

Aside from all the bewildered centrist and right media pundits claiming a need to "reach across the aisle" in this next presidential term, I assert that instead, we should reach for the stars and force the GOP to choose between playing obstructionist games (and thus, I hope, frustrate their home base) or compromise and let us make progress.1

As such, I submit for your consideration a number of ideas:
  • Amend the Constitution to remove the electoral college and thus make every vote count equally for the presidency. Make the voting day a national holiday. Require that voting mechanisms be inspectable/verifiable by members of the public.
  • End the drug war. Spend the current funding on FDA approval tracks, social service harm reduction, and nationwide, fully-funded (optional) preschool education.
  • Replace the mortgage tax deduction (via 7 year step-down sun-setting clause) with a per-capita housing/rent-assistance stipend.
  • Single-payer healthcare.
  • Fix the whistleblower protection act.
  • Replace the corporate income tax with a series of fees related to the size of the business, and the number of regulatory areas the business falls in (i.e., to offset the expense of employing regulators, enforcers, etc.) Or at least reduce the corporate income tax to the point where that's effectively what it's paying for.
  • Universal high-speed internet as a federally funded public utility. If it's not available locally (with high standards for fidelity and price to consumer), the fed gov't will install it as an alternative.
  • Protection for LGBTQIA. (Civil) marriage for all. Repeal DOMA, DADT, etc.
  • Establish new rules for non-nation-state-war conflict. Reestablish writ of habeus corpus. Remove disparity for military combatant (citizen or no). Require bilateral nation-state-level treaty to allow US to prosecute such conflict on foreign soil. Citizens must get public (non secret tribunal trial), even in absentia, before being assassinated, and any such effort must show that (1) the target poses additional future risk and (2) that a capture operation's risk exceeds that of assassination operation risk and target's additional future risk combined.
  • Establish a bipartisan congressional committee to oversee exec branch invocations of state secrets.
  • Remove the senate secret hold rule.
  • Go back to the old senate fillibuster rules, requiring an actual senate member to stand and address the floor. At least it'll take away their time to devote to fundraising and other political causes, so it'd better be worth it to them and their base.
  • Treat capital gains as income for tax purposes. Reduce the income tax accordingly.
  • Institute redistricting rules that establish regular redistricting using a computationally fair model. (e.g., http://math.stanford.edu/~dankane/COMAP07.pdf)
Thanks to Planet Money, On The Media for several of these ideas. And I'm sure several filtered in from random sources via Boing Boing or Twitter.

1I assert that is what the GOP does anyway, so this is just using the tools of the trade.


Tuesday, March 20, 2012

Pwnd1

Jack jumped up the last few rungs, and through the open window, swearing again. He knew how to be careful. And this time was cutting it a little too close.



Crossing the border was always a nightmare. He expected the lines, the waiting, the mind numbing slowness, the bland faces of the agents working to sort through the safe from the un-. He expected to be pulled out of line—it was inevitable—and subjected to extra scrutiny and harassment. Such was the price for having irritated a few too many folks with ties into National Security. The only really irritating thing about it, other than the delay, was the dirty looks he received from the other passengers, as it already being a foregone conclusion that the agents must be right: He must be an undesirable. He must be worth taking away. “Now, that is a reflection of what’s wrong with society,” he thought as he shuffled toward a nondescript booth and the two hours of flowchart-directed Q&A. The answers flowed simply, for honesty was easy when there wasn’t anything to divulge, or, at least anything that would give them access to the technical underpinnings to accessing his digital life.

Later, sweaty, a bit worn, and more than a little frustrated for the G-men stuck in their roles as perennial persecutors, Jack emerged, papers and baggage cleared, sans phone. It was usually about a fifty-fifty chance he’d get his phone back, and even if he did, it was almost not worth the expense of delinting. Except for the wait, tossing it into the vendo-recycle and getting a new one was nigh equivalent – you still had to do a hardware x-ray, and providing your own firmware was de rigeur even if it weren’t required for safety. As much as the G-men were excited to try and probe his phone for some security hole, there wasn’t anything on it except for a few pointers to honeypots, and those were only to ensure that some long term key wasn’t rooted from one of his other servers. He imagined the look on their faces if they did happen to hit one of those servers though; the keys did guard information, but it was usually some carefully prepared wikileaks-style content package, and if he and his server got it right, it was usually dirt on the fellow actually doing the old skool B&E. Scaling the escalators to the transit bay, he traded some of his BC2 to dollars and some of those dollars into transit passes. First destination: the mall.

The mall is a necessary device. As mundane and reductive as it is for most of its custom, Jack is a fine breed of mall dweller. How many other patrons use its X-ray stores, not for self-MRI or for fine-tuned diagnostics of one’s own health, but instead for the devices they have on them. Jack steps out of the mall-bound bus mid-stop and heads across from the Orange Julius to the vending machines, and picks out a Kazer 103a. His BC2 is diminished, but now he has the device that will serve him until the next border, or next time someone pins him down. Kazer is a good brand, and more importantly, an often purchased brand, and thus not worth the G-men bugging every version, especially out of Southcenter. His natural device has about twice the horsepower, and four times the memory, but that’s far from being the important limitation… this new device, as much as it has a lovely intro movie to explain each aspect of how one might use it, is, well, unclean. The 90s and early 00s showed most people that giftware was crapware, if not outright spyware, and the denizen of the 10s brought their firmware with them. Unfortunately, Jack was not so blessed. Being stripped of his machinarium by the gestapo-lice meant that he was vanilla boy, home schooled, bootstrappin’ for great justice. He acquired a mundane firmware at another station, and refried the device as he walked to the x-station. Feigning recent cataract surgery, he said, I want to know if they “implanted something”, and got himself scanned. Looking at his device in the scans, he could see no foul play: The 389 would have been readily visible if it was there, gleaming like a bulbous capacitor above the headphone port. More advanced stuff was necessarily larger, and would have stood out like a sore thumb.

Jack walked into the mall transit station. His device, having locked into local Wifi, 4.5G, and subter, had started to download his packages… the ones that will let him actually talk to any part of the world that wasn’t right in front of him. Boarding a Westlake-bound train, he pressed his left cheekbone against the glass as his device woke up and figured out that there's a whole new world of applications ready to download and run. The physical world blistered by, and by the time he emited out of First Hill, his phone was now finally ready to use.

“Don’t even f’ing go there.” After he entered his shortcode and 2authconf, that admonition displayed on the frontispiece. “Well, that’s just f’ing grand. What the hell else am I supposed to do,” he murmured, purportedly to himself, but anyone within earshot got a load of his invective. “I’ve just been done over by the gendarme and need a freakin’ break.”

Under the covers, his transmission headed out, carried on a stream of data from one accepted host to another. The very protocol he invented, multicast SSL, carries an alternate form across at least two other streams and makes his connection not just “hard,” but “solid”… a term used by his former teammate when he was able to ensure a control signal even despite 80% signal cancellation and “no way to get in”. The 2authconf seeded the phone with several one-time-bufs, and was able to live on those for minutes while trying to get in touch with the one person who might have made his trip to the homeland worthwhile: The Prince.

The Prince was busy.

Instead, Jack lurked on channels, opening one to the “389,” cruel homage to those that might track them and hunt them down. The 389 chip was a signal processing unit that would copy signal to another track and transmit it. Straightforward (mostly), and harmless (mostly), modulo those silly folks who still thought their unmodulated signal would not be noticed by the powers that be.

Jack got off the train, and walked nary a half block way, to the T-bar, where he ordered a double-espresso and Jameson’s, and tried to make contact. In the meanwhile, he tried normal avenues — Facebook (still an old standby) and Twitter, simple but misused, venue. Both seemed stymied, until… pure signal.

One of the unadulterated joys of the watched, concerned, or paranoiac crowd is a SSL .95 signal. That doesn’t even make sense unless you’re talking about multicast, which probes all available connection points for channels through the murk. It’s easy enough if you have a sufficiently faithful line to source, where you’re faithful all 100%, unless you drop packets. Instead, it’s when you’re watched, marked, nigh surrendered that .95 is the a4some, when despite signals being hacked, subverted, closed, or snooped on, you were entirely sure that what you had to say would not end up on some poor NSA analyst’s desk. Ninety-five-point, is what you call it, and it works… until it doesn’t.

On his unadulterated, vanilla unit, it sang “free and clear!” repeatedly until it got shut off. It wasn’t even clear until afterwards that whomever had watched what was transpiring on his social network actions had modulated signal, closing connections on one side, and then the other, hoping to be on the right side of entropy, and learn the keys that were controlling the session. Sadly, this kind of attack, which Jack’s software would have been warned against, was muted by vanilla versions of the same software, which had no idea that anyone might want to subvert them.

The tick-tock of repeating channel switching transpired as the vanilla unit tried to ensure the connection. Key-exchange after key-exchange occurred, with the watchers gathering data on the nonces, looking for patterns in the supposed randomness. The Kazer line was known not to have randomness faults, plenty of entropy given it took into account touch lengths, distances, accelerometer readings and, if necessary GPS slop. Yet still, given enough evidence, and a large enough MapReduce, the watchers could smoke an ordinary machine. It might take minutes or hours, days if you were careful and kept track of your exchanges.

To Jack, it looked like a craptastic connection, a regular occurrence while on the light rail, that finally stopped being so slow about the time that he reached Westlake. He tried one last time to reach The Prince before hitting the dead drop.

“When you need something done right, format it yourself,” is a motto held by many neteratti who have seen bad software ruin good devices. Jack failed again to contact his friend, but it was solace to be able to walk into the Nitelite, find the stored USB fixed drive secreted in one of the booths, and firmware replace the Kazer with Nutella 0.81b. Two slow gin fizzes masked the ghastly slowness of the update and the partial reconfiguration of the OS on the device after it compared package MD5 hashes and elected to sidestep the normal installation channel for some Important Updates.

The crowd was a normal before-10 croud, waiting for someone to start them up, or some DJ to blaze the latest crazed mix of house dubstep into their willing ears. After dragging a decent BC2 paytip onto a fringe and snapping it off onto the table, Jack was ready to leave.

And yet.

When people are well funded, when they’re out for blood and you’re a means to an end, one doesn’t expect fair play. Four large men in trenchcoats entered the Nitelite and scanned for their target. Sometimes having a regularly vacillating hairstyle pays off, and Jack noticed his “admirers” first. Dropping a “shiiiii…,” Jack silently shouldered through the employee door, ducked between two waiters, and dashed outside to the alley. Tearing north and then eastward, he stepped up onto one of the brick walls and grabbed the fire escape, mounting it with impressive force. Breathing hard, he launched himself through the half-open window into Gemini’s pad, and breathed a sigh of relief as the hard noise of boots on pavement echoed below and the G-men ran by.

Sunday, March 11, 2012

Attribution burden for podcasts

Editor’s note: I am an avid listener and sponsor of On The Media, and acquaintance of the author of the Feminisnt blog, who uses the moniker Furry Girl when posting on that site.

On March 2nd, OTM producer Sarah Abdurrahman was featured in a segment on the On The Media podcast, talking to with Bob Garfield about making Freedom of Information Act (FOIA) requests about herself. In that segment, she refers to her source idea, being “this blog post about this woman who” made FOIA requests about herself. She then goes on to quote several details out of this blog post verbatim, specifically, some of the entries in the FOIA results. Bob moves on to discussing Sarah’s own experience doing the same and never is the blog mentioned, nor the author of the blog post mentioned.

Sarah also produced her own blog post on the OTM site the same day, covering some of the same details as the segment. It, too, never mentions either the name of the blog, or the author, but does provide a link to the Feminisnt blog post from which she gathered her source idea.

This event, which, on a better day would have served the dual purpose of spreading the word about citizen access to government information, and more readership of a blog which helped initially promulgate that information, ended up turning sour.

The original Feminisnt blog post has, at the bottom, a little icon, Creative Commons License, and a comment that the text is licensed under the Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License. It requires that, presuming you’re a non-commercial entity (OTM is a not-for-profit), that you would need to provide attribution if you were to share the work (i.e., copy, distribute, or transmit). Whereas the OTM blog post has a link (and thus attribution), it doesn’t strictly, license-wise, need one—it is not copying, distributing or transmitting the original work, but merely providing a reference. On the other hand, the OTM segment, copies/transmits select small portions of the work over the public radio airwaves and via the internet in podcast form.

The lack of attribution by the OTM show itself spawned a series of angry tweets and a blog rant and, so far, one response by OTM’s Senior Producer, Katya Rogers, which includes a denial: “neither our blog post nor our broadcast segment constitute copy, distribution or transmission of Furry Girl's original work.”

The OTM segment was clearly not a whole copy, but neither is it free of the work in question. From a legal perspective (and I am not a lawyer), it seems that both of the following are true: (1) OTM only borrowed a small amount, and (2) even if that were to be sufficient to show a prima facie case of copyright infringement, OTM could argue fair use.

That said, I argue that there’s been a bit of a departure from ethics on OTM’s part. In order to bolster their OTM segment, presumably due to the humor value and simultaneous big brother nature of the FBI commentary, they use another person’s produced information. This is information that they could not get for themselves: In the case of Furry Girl’s story, OTM FOIA requests would never return such data, it being a request that only Furry Girl could have fulfilled. In terms of Sarah’s own data, FOIA requests are notorious for how long they take to fulfill, so they could have waited until the FBI finally responded to put up the story, but they did not–they instead used information from the original blog post. I know that we don’t own the news we break, but in this case, there’s no available, more original direct source. The fact that OTM did this and didn’t bother to refer to the original source material in situ is what I take issue with. They could have produced the entire segment without any of the Feminisnt source material, and gotten most of the idea across and not incurred an ethical obligation.

It does not suffice that Bob gave a link to Sarah’s post and that Sarah’s post, in turn, gives attribution to Furry Girl. The OTM segment itself should have given attribution, and not just in the form of a “if you want to know more, here’s a link”.

If it had been a random guest on the show instead of Sarah, it would have been an issue I would have taken with that guest about their own standards of sourcing and attribution. Instead, the segment was produced entirely by the OTM staff, who raise the bar about journalism standards around the globe, and it seems that they, of all people, should know how to do better.

P.S., Whereas I think the OTM staff could have done better, the hyperbolic escalation by Furry Girl and the yield-no-ground nature of Ms. Rogers’ response seem to me to be largely wasted efforts on both sides. All Furry Girl wanted was attribution, and attribution would have been trivial to provide. Instead, we have a threatened legal battle and Google bombing, and who knows what future waste. Aren’t there more things wrong on the Internet to which we can now attend?

Wednesday, January 25, 2012

Proactive Legislation

The recent SOPA/PIPA debacle has me marvelling, not at the hamfisted nature of the MPAA, but at the vast, disparate collection of internet companies, startups, luminaries in the fields of CS, and privacy, and forward-thinking individuals and the effort that was brought to bear on our various legislators. For the most part, it was a loose organization of people and enterprises acting on their own, and the concerted nature of the blackout seemed to be a avalanche where small important actors triggered the event rather than ran it. And the amount of effort and energy that went into it was pretty staggering.

Just think if that amount of energy was put into writing legislation rather than merely blocking legislation?

Providing our congress-critters alternative legislation, completely drafted, seems like it could be far better than MPAA-, RIAA-, Big Oil, Big Whatever providing a significant amount of the guidance as to what the laws should be enacted. We should have our own groups put together ideas, crafting and analysing and reshaping laws to be ultimately given to legislators to introduce in their fora, and then be there to guide them as they try to reshape them to discuss our choices (especially when we chose otherwise).

The problem is that Big Whatever works. Fragmented groups of self-interested individuals and corporations never seem to form a cohesive movement, and only act in concert when threatened and then only from each of their own fears. There is no such thing as Big People or Big Citizenry. If there were, we'd ship the vast majority of Congress home and replace it with people willing to do our bidding, and change the laws to better ensure that they did so. As it stands, Big Citizenry politics is a study in waveform superposition -- it's only when there's enough people who happen to be aligned, when there's a "rogue wave" of citizen support for change, that we stand any chance of making progress. And Congressional rules increasingly impede progress, so that any such wave is likely to dissipate before any action is completed.1 So we have to be strategic when such a wave occurs, and dismantle the structure Big Everyone-Else has created.

Projects like RootStrikers are on the right track, but the larger "we" need a game plan. First, we have to strike at the things that impede political change:
  1. Cut the flow of money from lobbyists to congress-critters in all arenas: gifts, election donations, PACs, superPACs.
  2. Replace or remove old and anti-democratic Congressional rules: (secret) holds, anything that means we have to have a supermajority to pass anything, anything that requires that every piece of legislation take some undue amount of time and prevent discussion/handling of alternative legislation.2
  3. Improve the ability to hold congress-critters accountable to their campaign statements and their vows in office. This requires a bit more noodling on my part (and I'll take suggestions), but I'm thinking having some kind of contract-like device that allows something short of impeachment happen when they don't follow up at all or, worse, go directly against what they claimed they would do in office. (Can you say, "Transparency?" I knew you could.)
Second, we need to strike at the things that greatly facilitate Big Brother3:
  1. Strengthen privacy transparency requirements. Companies need to be extremely transparent about what of your data is consumed (even if not the special sauce of how).
  2. Strengthen minimum privacy requirements. Companies need to limit what they record about people that is ephemeral to their actual service, and not share it with other companies without explicit approval (that isn't buried in some arcane Terms of Service).
  3. Decentralize. While this isn't a government thing entirely, nor should it be mandated,  having a best-practices document and easy how-tos to ensure you don't have all of your online presence stuck in a company's monolithic service umbrella, and that some things are explicitly separated so as to ensure that collusion of several companies and the government (I'm looking at you, AT&T) are required to perform clandestine domestic spying.
Third, we need to strike at the things that inhibit technical progress:
  1. Overhaul the Copyright office. Restore expiration terms to their original values, making considerations for increased lifespans of the creators. Set up iron-clad fair use examples and put the onus of responsibility on the creator to show at least some infringement before issuing take-downs. Make bad take-downs cost you (e.g., a Copyright version of SLAPP).
  2. Overhaul the Patent offices. Require Software Patent Bonds, monies put in by big corporations when applying for patents, that get paid out to finders when said approved patents are later found to have prior art–don't make the system perversely set up to make it so that creators want to not look at the set of other patents to avoid the triple penalty for possible infringement (if someone finds out). Clean the house of bad patents and figure out how better to interoperate with international patents.
  3. Fix the state of anti-logic/anti-science education. It's impossible to get things done when you're not operating with people even remotely attempting to be rational actors.
Then there's a swath of other things I would get at (healthcare, taxation), but I'll save that for another day.

The remaining question is who or what group(s) is/are best set up to provide a cohesive set of legislation to enact these things, and full logistics support to shepherd them through a narcissistic, divisive Congress? And how do we rally the Big Citizenry to support them? How do we start this avalanche?
--
1To some extent this is a good thing, so that rational thought and consideration drive change rather than instinct and reaction, to avoid the perverse and destructive tendencies of the latter two (e.g., post-911 security theater), not to mention the cost of vacillation when the needle swings back the other way. I just think the knob has been adjusted too far.
2Even the operating system vendors have finally gotten on the bandwagon of not running blocking operations on the main/UI thread. Legislation should have deadlines for congresspeople to consume, understand, and hear back from their constituents, but it shouldn't require spinwaiting; the filibuster should not stall other legislation.
3Government or even corporate strongarming via data collection, aggregation and mining will always be possible. Making every internet service required to have some backdoor putatively for "organized crime" or more recently "the terrorists" just allows entities like the FBI/NSA/CIA/police to selectively target individuals or communities it takes issue with for harassment in the form of selective prosecution.

Thursday, March 03, 2011

[Non]recourse loans

NPR’s Planet Money had a podcast describing differences between nonrecourse loans, which Americans traditionally have, and recourse loans, which everyone else traditionally has. The pros for nonrecourse loan systems is that borrowers are more willing to take risks, and thus capitalize on them, increasing the general wealth, at the cost of finding it slightly harder to find banks willing to make loans and general extra volatility of the system with regards to speculative prices. The pros for recourse loan systems is that banks are more willing to make loans, so finding them might be easier, and the consequences of a default give incentive to the potential borrowers to be more conservative, reducing volatility.

What is left out of the discussion is that these systems are not in isolation. The fact that the vastly increased volatility of the nonrecourse mortgage market in the United States has been the single largest factor in the most recent financial crisis weighs in on the pros and cons, since the negative effects of that crisis has sent ripple effects across the Atlantic.

The problem, as I see it, is that we have an iterated prisoners’ dilemma: Whereas the recourse-loan-based societies might enjoy relative stability of their markets if they were in isolation, the fact that we’re all in the same boat means that if other societies “defect” to become nonrecourse-loan-based, then the volatility spills over, the value the recourse-loan-based societies are expecting from stability is decreased. In effect, it means that there’s a new pressure to cause further “defections”—the reward for increased capital risk now costs less, since they’re already incurring some volatility.