27 August 2012

Privacy as a weapon

Remember the bogus bomb threats at the University of Pittsburgh? Apparently they were sent by email, anonymously, through a system called Mixmaster. The email passed through a computer in New York, which the FBI seized in April.

Now it is natural to wonder why we even have such things. Why is it OK for people to send email anonymously when it can cause such mayhem? Here’s what the computer’s owners have to say about it:

Q: Doesn’t Mixmaster/anonymous remailers enable criminals to do bad things?

A: Criminals can already do bad things. Since they’re willing to break laws, they already have lots of options available that provide better privacy than mixmaster provides. They can steal cell phones, use them, and throw them in a ditch; they can crack into computers in Korea or Brazil and use them to launch abusive activities; they can use spyware, viruses, and other techniques to take control of literally millions of Windows machines around the world.

Mixmaster aims to provide protection for ordinary people who want to follow the law. Only criminals have privacy right now, and we need to fix that.

All this is true, up to a point. Criminals have actually done all those things. It is also entirely plausible, though, that the particular culprit in question chose Mixmaster. Shortly after that server was seized, the bomb threats stopped.

My thoughts about privacy have changed. I used to think this:

People who keep secrets have something to hide.

I understood at the time that it was a simplistic truism, but it seemed useful anyway. But it’s not useful, because:

People who wear clothes have something to hide.

See? It just doesn't work. Here is what I think now:

Everyone has something to hide from a sufficiently reprehensible adversary.

It doesn’t trip off the tongue quite as lightly.

The FBI in this case was presumably acting with the best intentions, but many governments around the world are plenty reprehensible. Privacy cuts both ways. The ability to track down a miscreant sending bogus bomb threats is exactly the same thing as the ability of an oppressive government to track down activists and rebels and kill them. This is a real concern in some places, and people in those places have to use secure systems that protect their privacy or else give up the fight.

I do think it’s good to have some form of technological constraint on government surveillance, in addition to a reasonable system of checks and balances (requiring warrants for wiretaps, for example). Tracking people down and finding out every detail of what they’ve been doing should be hard. If it’s not, the government will eventually just track everything we do.

People who work on privacy and censorship-circumvention software have already shifted to building systems where there’s no central equipment to seize. Systems like Tor. Governments still have ways of attacking such systems, technologically and otherwise. How governments have tried to block Tor is a startling and absolutely fascinating 2011 talk about this. Watch the first five minutes of that.

One last thing. Anyone in the U.S. will recognize the “Criminals can already do bad things” quote as an argument against gun control. Whether it’s anonymity or a handgun, powerful tools have both offensive and defensive uses. Giving everyone such power is dangerous. Taking this power away from the people is dangerous.

Four hours

On Sunday I had the pleasure of introducing a C/C# programmer to Python.

I always tell people it only takes 4 hours to learn Python, and I say it because it’s true. But when I actually see someone pick up a whole new language from scratch, port some existing scrap of C code to Python, learn where the documentation is, set up virtualenv, and write a web app that sends somebody a text message, all in four hours f’real wall-clock time, well. It gets me right here.

When I was interviewing for Mozilla, Mike Schroepfer asked me two questions. (I bombed them both; to this day I have no idea why they hired me.) One was something like: why is it that dynamically-typed languages can be so much more productive than statically-typed languages? I mumbled something inane about not having to write out the types. Worst answer ever, and I knew it.

It was especially chastening because I had spent a lot of time thinking about it, apparently without drawing any insightful conclusions.

The question seems a little passé to me now, but only because about a decade of my life was a fantastically stupid flame war over that one thing. Not because we really finished with it.

I wonder if we could have a better discussion about this now that we’re all grown up. Maybe I’d have something intelligent to contribute now.

19 August 2012

Time travel

In the garden-variety time travel story, there is a single, fully logically consistent timeline. Trying to change the past is futile. There can be no change. You can be the proximate cause of whatever actually happens, if that’s your thing.

Of course it is never quite clear why nothing could be changed. It just happens that nothing changes, however mightily the characters strive to change things, as if by coincidence. Or Fate is watching—but why is watching enough? Doesn’t Fate actually have to intervene somehow to make everything line up?

It occurred to me once that there could be a possible physical theory to explain this, using fixed points.

I’m not surprised that someone already thought of this. I’m a little surprised that it was Richard Feynman, in a paper titled “Classical electrodynamics in terms of direct interparticle action,” back in 1949.

The Stanford Encyclopedia of Philosophy’s entry on Time Travel and Modern Physics, section 3, explains all.

13 August 2012

A bit more about the library

Nashville hack day happened Saturday and it was awesome. Click the link—every single talk was great, and that page has slides, links, source code, etc. for all of them.

Mine was on sorting and searching at the library.

The talk starts out talking about what happens if you take a book off the library shelves and put it back in the wrong place. When I wrote it, I got curious, so sent email to the library, asking:

Hi, I have a few questions about the library system.

  1. How many books are in the library system?
  2. Do you ever take a full inventory of the library, scanning every book on the shelves?
  3. If not, is there any other way to know if a book is missing? (that is, the catalog shows it as Available but it's not actually on the shelves in the right place)
  4. If you do track missing books, how many are missing right now? How long does it usually take for them to turn up?

I'm not planning a book heist. :) I'm preparing a talk about information technology and libraries for a local event for software engineers.

Engineers are always interested in “failure modes” -- that is, what happens when something goes wrong.

I didn’t get the response in time to change the talk, but the library sent me email this morning with these answers:

  1. There are 1,629,308 items in the collection.
  2. No, we do not do a complete inventory of our entire collection.
  3. We do monthly weeding (de-selection) reports for items that haven't circulated in 1-2 years and that usually catches most missing items. We cover almost the entire collection within one year. However, we also will do a system-wide ILS report and change items automatically to missing status in the computer that haven't circulated in branches in a very long time. We also do this for items stuck in transit mode between locations for a long time.
  4. We do not track missing items at a level that will provide us with statistics like return rate. Anecdotally, however, it is rare that missing items are located again. They are usually missing because of theft.

(I’ll just note that the way they actually track missing items means they wouldn’t detect items that are only misshelved for a month or two. There might be a lot of them. I find two or three every week.)

Anyway, the talk was picked up on Reddit programming and got some wonderful comments. My favorites:

  • “My high school did a volunteer day where we took our entire class year and spent an hour in a class learning how they sort the library books, then sent us each to a section to go through, find misplaced books and put them back in order. It took 2-300 of us ~5 hours to sort all of the library.” –Kimano

  • “This posting reminds of when I visited a warehouse that had automated storage and retrieval of items from the warehouse.

    “One of the cool things that had to happen periodically was essentially the real-world equivalent of defragmenting a hard disk. If you think a hard disk is slow, imagine how slow it is to physically move pallets and cartons!” —grandzooby

  • “The reason we can insert books in a shelf is that there are some gaps distributed between books, and insertion shifts a couple books around to make space. Insertion sort is O(n log n) is a fun research paper that describes a similar way to organize data in arrays, with enough bogus elements (gaps) for insertion to be logarithmic time, but not so many that binary search is super-logarithmic.” —phkuong

And several folks linked me to ShelvAR, a super-cool augmented reality app for keeping library books in order. (Incidentally, those guys seriously need to cheat to get higher apparent performance!)

Hack day was so great that I can’t wait to do another one.