Steve Reads

Adam Kessel points us to a severe Linux security hole, but also reminds us that “even a major exploit like this one pales in comparison to any one of the dozens of trivial Outlook or IE cracks that are circulating.”

So perhaps it’s valuable to point out precisely why this new exploit is so much less awful than a traditional Windows exploit. The Linux exploit allows anyone with shell access to your Linux machine to lock it up, requiring a reboot. All one has to do is download the code, compile it with gcc, and run it. Most kernels lock immediately; a few don’t. But the important thing to note is that only those users who have shell access stand a chance of making this happen. And shell access is hard to come by. On my machine a total of seven people (including myself) have such access, and most of them don’t even use it. The result of a hacker exploiting this vulnerability is that the system would lock up; no one would gain root access (i.e., no one would become the all-powerful user who can mess up any other user’s files).

In contrast, take one of the many Windows vulnerabilities — particularly the ASN.1 vulnerability, which is fairly typical:

A security vulnerability exists in the Microsoft ASN.1 Library that could allow code execution on an affected system. The vulnerability is caused by an unchecked buffer in the Microsoft ASN.1 Library, which could result in a buffer overflow.

An attacker who successfully exploited this buffer overflow vulnerability could execute code with system privileges on an affected system. The attacker could then take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges.

Two details about this vulnerability are important to bring out: 1) anyone in the world could attack your Windows system this way, meaning that the total number of potential attackers is conservatively in the thousands; and 2) a successful attacker could completely destroy your machine.

And of course there’s already a patch for the Linux vulnerability, whereas Microsoft is famous for taking months to deploy fixes.

Let’s hope the mainstream press doesn’t start claiming that Linux is just as insecure as Windows. We know better.

If Paul Krugman didn’t exist, it would be necessary to create him (my cache).

 . . . And then there’s David Brooks, again trying to encode the nation in binary. I continue to assert that Krugman and Brooks appear near each other on the Times’s op-ed page so that the latter’s vacuity can stand out all the more clearly.

Jack Balkin has a characteristally well-written piece on the Pentagon torture memo — the one which claims that torture laws don’t bind the president. Balkin argues persuasively that the memo is legal hogwash, that it obviously promulgates an unconstitutional doctrine, and that carrying out its dictates would bring impeachment on the president. All of this is, I suppose, subject to the inevitable vicissitudes of case law (i.e., principle isn’t everything), but Balkin at least seems quite confident that this memo is unenforceable. Which makes it a bit easier for me to breathe.

I’m reading Steven Pinker’s fascinating and very well-argued book How The Mind Works, whose primary thesis is that the mind is a collection of modules specially evolved for our ancestors’ needs. There are modules for processing visual data, modules for hunting down animals, and so forth, but we don’t have modules evolved for living in large anonymous cities or negotiating traffic. It obviously has to be more precisely stated than that (maybe we have a more general module that includes the ability to negotiate traffic, say), but that’s the idea.

And it’s the lack of formal mathematical models that’s rather irritating to me. In part it’s because I just left Gigerenzer et al.’s Simple Heuristics That Make Us Smart, about a set of sketchy but useful experiments on the structure of inference rules in our minds; that book was all experimental. Before that it was a book by Herbert Simon, who carries a flame for logical positivists.

The part that’s getting to me about Pinker’s book right now has less to do with him and more to do with the theory of evolution, which in many presentations — including Pinker’s — comes off sounding like a clever collection of just-so stories. I’m thinking particularly of how Pinker explains the development of insect wings:

The theory of the evolution of insect wings proposed by Joel Kingsolver and Mimi Koehl, far from being a refutation of adaptationism, is one of its finest moments. Small cold-blooded animals like insects struggle to regulate their temperature. Their high ratio of surface area to volume makes them heat up and cool down quickly. (That is why there are no bugs outside in cold months: winter is the best insecticide.) Perhaps the incipient wings of insects first evolved as adjustable solar panels, which soak up the sun’s energy when it is colder out and dissipate heat when it’s warmer. Using thermodynamic and aerodynamic analyses, Kingsolver and Koehl showed that proto-wings too small for flight are effective heat exchangers. The larger they grow, the more effective they become at heat regulation, though they reach a point of diminishing returns. That point is in the range of sizes in which the panels could serve as effective wings. Beyond that point, they become more and more useful for flying as they grow larger and larger, up to their present size. Natural selection could have pushed for bigger wings throughout the range from no wings to current wings, with a gradual change of function in the middle sizes.

The Kingsolver and Koehl paper, for those who are curious — I know I am — is

Kingsolver, J.G., & Koehl, M.A.R. 1985. Aerodynamics, thermoregulation, and the evolution of insect wings. Differential scaling and evolutionary change. Evolution, 39, 488-504.

(P.S. (9 August 2005): Their paper is available on Prof. Koehl’s website.)

I admit at the outset that I’ve not read the paper. But Pinker’s description has the backward-gazing feel of a lot of descriptions of natural selection: here’s this thing that happens now, and here’s this possible explanation — among thousands of possible explanations — for what could have happened. We get these all the time. (“There could be a gene for math proficiency because  . . . ”)

Now, obviously this explanation holds more than the standard pseudo-evolutionary crap. For one thing, presumably scientists studying insects could test this model against other data, and it’s not immediately falsified by a quick glance at the facts. But somehow its applicability seems really limited. It seems undertheorized. I want a theory that will tell me that birds have wings and humans don’t, at the same time that it tells me that fish live in the water and birds don’t, at the same time that it tells me that cheetahs run fast and humans don’t run nearly so fast. All the explanations I get from “pop evolution” are backward-looking and limited; they explain small areas of form, but not much beyond that.

And again, without much knowledge of the evidence, it seems that these areas have to remain undertheorized. Does the geological record tell us much about how insects used their flaps, for instance? I’m skating on thin ice at this point, of course, but it seems like a long leap to assume that the wing used to be a thermal insulator, despite its lack of physical implausibility. (From Pinker’s description, I’m hesitant to say “plausibility” outright.)

Where’s the theory that will predict for me something I’ve never seen? Where’s the equivalent of the atomic theory to tell me that there must exist an element with atomic weight 244? What does evolution predict that we’ve never seen?

I’m sure the answer is “a hell of a lot, actually.” I need to read Stephen Jay Gould’s magnum opus; perhaps it will answer all these questions.

Michael Lewis is really an amazing author. I’ve now read his books Moneyball, The New New Thing, and Liar’s Poker, and all are amazing. So are the articles he writes for the New York Times, including his astonishing and deeply tongue-in-cheek article about the teenaged stock trader Jonathan Lebed (my cache).

His latest is about corporations behaving ethically (my cache). It has a lot of interesting things to say about what constitutes good corporate citizenship. Among other observations is this:

The C.E.O. of Birkenstock, Matt Endriss, listened politely to what the business-school students had to say. “I wrestle with the words and phrases they throw around,” he said afterward. “‘Formalize’  . . .  ‘standardize’  . . .  ‘best practices’  . . .  ‘bang for your buck.’ Those words don’t live in this organization on a daily basis. A lot of them are words we try to abolish.” He tells me, “There’s a lot of discussion inside Birkenstock about ‘authenticity.’” While that concept is notoriously hard to define, its opposite is not. It is inauthentic to seem not to care too much about making money in the interest of making even more of it. It is inauthentic to go bragging about corporate goodness, in hopes of selling more shoes. When you are honest only because honesty pays, says Birkenstock’s C.E.O., you risk forgetting the meaning of honesty. When you are socially responsible only because social responsibility pays, you lose any real sense of what responsibility means.

Granted, the article is about a lot more than outright corporate giving — things like treating your employees well and not harming the environment. But there is an ethical question in the above paragraph: what if, by behaving in many ways like an ordinary corporation, you can afford to give away more of your money to charitable causes? You’re selling out in part, but you’re doing a great deal for a lot of good causes. This sounds a lot like what Google’s doing: they’re becoming a public company under certain very restrictive conditions, they’re taking a lot of power away from their investors, and they’re giving 1% of their profits to charity. In many ways Google is a typical corporation (certainly more so than Birkenstock, if one believes the article), but that 1% will probably grow quite a lot over time.

This sort of tradeoff happens all the time, in greater or lesser degrees. I thought about it while reading The Making of the Atomic Bomb: it’s debatable whether this is true, but what if it was really the case that killing hundreds of thousands of Japanese people at Hiroshima and Nagasaki saved hundreds of thousands more lives later? Isn’t it then more ethical to bomb than not to bomb? (This leaves open the debate about whether dropping the bomb actually did stop greater damage, of course.)

Or how about something closer to home: what if the only coffee shop in your area is the much-maligned Starbucks? Hell, what if Starbucks isn’t the only such shop? Starbucks reportedly does all kinds of good things, including giving its employees health insurance, providing them domestic-partner benefits, and buying a lot of fairly-traded coffee. Smaller coffeeshops are much less likely to do this. So you lose one ethical battle — furthering small, local businesses — but you win some other ones. Ethics is a series of tradeoffs. What if you could guarantee that the only coffeeshops left in the world would be owned by Starbucks, but that in exchange all the world’s coffee would be fairly traded, every coffeeshop employee would get health insurance, and so forth? Would you do it? The world would be a blander and more homogenous place, but you’d get a lot of other stuff in return. Worth thinking about, anyway.

Josh “Yahooooooo!” W: have you been getting any of my emails? I fear that they’re going down the Hotmail drain.

Sometimes reality is just unbearably depressing (my cache).

What follows is a long thought out loud about some of the more amazing things that cheap storage will allow us to do — some back-of-the-envelope calculations about how expensive it would be to, for instance, record every moment of your life on video.

(more…)

As much as I love Linux, I often find its documentation quite lacking. I only occasionally find unnecessary complication added to simple processes, but that’s exactly what I find today. All I’m trying to do is install another package, namely the one that’s responsible for the Network Information Service (I want to do at home what I’ve been doing for others).

Just a quick primer, for those who don’t already use Linux: since Linux distributions can install their packages over the web, and since that’s the only way to get the most up-to-date packages (including security updates), you need to tell your distribution where to look for new packages. Which server should it go to, for instance? Under Debian, you need to edit the /etc/apt/sources.list file, whose text is mildly arcane but basically understandable; here’s an example:

deb http://debian.lcs.mit.edu/debian stable main contrib

The first term, “deb,” indicates that the rest of the line is a standard Debian source.

The “http” bit tells us where to look on debian.lcs.mit.edu.

“stable” is one of a few possibilities for which packages you want to install; possibilities here are “stable,” “unstable,” “experimental,” “updates,” and possibly others; all denote various levels of stability in the package, but even “unstable” is pretty stable. Listing “stable” above means that among all the packages within that Debian repository, I’ll only care to look at the stable ones.

“main” and “contrib” are areas within the Debian repository; another one is “non-free,” which has been set aside in the Debian Social Contract so that the rest of the codebase stays purely free.

So basically, these all tell you where you’re supposed to look for new packages. The only trouble, really, is bootstrapping your way in — that is, knowing where to find the list to begin with, which you can then stick into /etc/sources.list. I believe that some of these sources may even be included in the Debian CDs. The best approach would be for a nice wizard to ask you, “Where do you live?” which would then find the Debian repositories nearest you. Then it would ask whether you’d like to search for only stable components or unstable components, whether you’ll tolerate little bits of non-free software on your system, and so forth. It doesn’t do this yet, though I see that there’s an apt-get.org that has some promise.

Debian at least offers the virtue that its documentation is clear. Mandrake’s, unfortunately, appears to have been written by people who don’t speak English as a first language. And there’s so much complicated structure to the list of sources (“media,” in Mandrake-speak) that there’s a web page to help you construct new sources.

But then, look at that last web page. Still there’s a lack of good UI. I’d like to hit anyone who writes any kind of code that says, “A requires B, so if you do A make sure to do B.Error: a not configured few plf packages need contrib, therefore you should add contrib if you add plf,” then your code should reflect this fact: adding a plf source should automatically add the contrib source. Or how about all the stuff at the top of that page? I shouldn’t have to care if various lists are broken; that’s what the programmer’s supposed to take care of.

Admittedly, that site is provided by a volunteer, and I shouldn’t look gift web pages in the mouth. But at the same time, we are competing against operating systems that are at least ostensibly easier to use than Linux is; every bad UI decision we make is judged twice as harshly as a similar Windows or Mac decision would be.

Finally, I’m aware of what the appropriate response here is, and what the appropriate response is whenever one deals with any open-source software: fix it myself. If I can contribute more-clearly-written documentation, I should do that. And I think that will be my next task, after I take care of the thing that got me so flustered to begin with.

Looks like a new version of The Manchurian Candidate is coming out this summer, and IMDb has the trailer. It looks like it could be really good. The original was a very thinly veiled attack on McCarthyism starring Frank Sinatra and, of all people, Angela Lansbury (who was astonishingly brilliant — I can’t speak highly enough of how well she carried that role and that film). This time around, the film takes place around the current time, might have something to do with the Gulf War, and features Denzel Washington in Sinatra’s role and Meryl Streep in Lansbury’s. Washington may again be in his “one pure-hearted man against the world” routine, which doesn’t really seem to fit; that’s a role filled by Vin Diesel, not by someone of Washington’s range. As for Streep, she’s got one character in which she’s unfortunately been typecast; it’s the Weepy, Barely Dignified Woman. She has many other roles that she plays — I’m thinking especially of Adaptation — and it looks like this time around she may have avoided playing Meryl Streep. Lansbury’s performance cast her as Lady Macbeth with a thousand shades of nuance; I’m interested to see whether Streep can pull it off. If the trailer’s accurate, Streep’s perfect for it.

So I pre-recommend this movie. The expected value of my Bayesian prior for this film’s rating is four stars out of five. (Technical bit added in for no good reason. I just mean that I’m taking a bet ahead of time; after I see it, I’ll see how closely my real reaction matches the predicted one.)

Yale Law professor Jack Balkin has a beautiful explanation of why Jose Padilla should not be held in prison indefinitely, for those who may remain unconvinced. In light of the Abu Ghraib tortures, says Balkin, our trust that the government is actually playing the good guy in the Padilla case — thereby justifying our faith in them to do the right thing — has been fatally undermined. But of course, we shouldn’t have that sort of faith in them to begin with; the Bill of Rights was correctly set up so that we wouldn’t need to have this sort of faith. The Bill of Rights puts checks on what the government can do in its pursuit of suspected criminals. The Bush Administration, by imprisoning American citizens without charging them with a crime and without giving them access to a lawyer, has deeply undermined the rule of law and the basis of what makes our country great. I hope the Court wisely overturns the Padilla imprisonment, and indeed most of the Administration’s post-September 11 policies.

Having installed a new hard drive a while back, I’ve been ripping all my CDs to disk. Now that I’m doing it, I’m starting to wonder how we got along using unreliable CDs. I’m right now in the middle of ripping a Frank Sinatra CD that I’ve had for something like 15 years, and the ripping software is having a hell of a time working through all the little minor scratches. Tracks on other CDs have failed to rip altogether, because their scratches were just too deep. Had I been forward-thinking, I would have ripped all of them as soon as I bought them, then never touched the CDs again. Alas.

Now that disk space is so cheap, it’s worthwhile to ask whether we should just rip the straight WAV file and do without the encoding altogether. At 700 megs per CD, 1000 CDs (pretty much the limit of what most people I know own) would take up about 700 gigs. At $150 or so for a 200-gig disk, that’s $525 in disk space, which isn’t terrible at all. Give it a couple years, and that price should be at least halved.

The real trouble, of course, comes when you try to have your friends download your music collection: if the compression ratio for most digital-music encodings is around 15:1, we’ll have to wait until our bandwidth has increased by a factor of 15 before straight WAV ripping will be feasible. Bandwidth isn’t increasing all that fast, so we may have a while to wait.

Digital files are just so much more convenient than CDs. For one thing, backing up your entire music collection from one disk to another would be phenomenally easy: just attach a slave drive to your primary hard drive, then do a disk-to-disk copy, detach the slave, and  . . .  I dunno, put the slave drive in a safe deposit box somewhere.

Better yet, I’m looking forward to the day when offsite backup services over high-bandwidth lines are common. Then filesystem-level backup would be really neat: every time you change a file, the change trickles over the wire to your backup provider. (More reasonably, of course, the filesystem would buffer changes and only send them in 100-megabyte chunks or every hour or somesuch.)

In the meantime, something like a RAID setup makes a lot of sense, given the amount of data that we’re accumulating: every time you make a change to your disk, it gets mirrored (in some clever way) to a number of other local disks. Corporations already use RAID, but it needs to come to the desktop.

Relatedly, I’ve been thinking about the soon-to-arrive day when no one throws away anything on his computer at all. We’ll keep all our music files, all our movies, all our photographs, every document, every draft of every document, and on and on. It seems that we’ll need smarter filesystems to handle this. For one thing, the idea of a filename is really a holdover from an earlier day: I shouldn’t have to think of the name of a file. I should write a bunch of bits (a video, a word-processing document, or whatever), and those bits should have a bunch of metadata attached to them. Then my computer should decide how to display that metadata. For instance, when I rip a CD, the software automatically pulls the album’s title, artist and so forth from the FreeDB; the software then renames the file to match some template — say, the name becomes “Artist—Album—TrackNum—SongTitle.Extension,” where “Extension” depends on the album’s format (MP3, Ogg, etc.)

That’s all very backwards, if you think about it. Yes, there’s metadata attached to that album. But sometimes I’ll want to look for a song that’s by a jazz artist and is longer than 10 minutes, and sounds like Charlie Parker. The filesystem should be able to help me with this. As it stands, I’m expected to categorize the album on my own — put it in a jazz directory, then a Charlie Parker directory, then look at the Charlie Parker directory and run some special tool to extract each song’s length. That’s just silly.

One reasonable approach, it seems to me, is to have some central database on disk of metadata that’s appropriate for each media type (say, “album,” “artist,” “genre” and others for songs; “director,” “producer,” “actors” and so forth for films; etc.). Then I could configure songs to be displayed in whatever way I wanted: the format could be “genre—artist—album—song” or whatever.

Because I want to do away with directories, the next step is to turn a filesystem into a model-view-controller setup: each file just becomes another row in a very large database table with a lot of metadata attached to it, and I can choose to present all that data in whatever way I want. I wouldn’t have an “MP3s” folder and a “video” folder anymore; basically what I’d have is the set of objects returned from a specific database query. Maybe today I want to organize all of my Charlie Parker objects — not just his albums, but also the movie Bird, say — under one view. Tomorrow I may want to organize my data under “bop,” “free jazz,” “cool jazz,” and so forth; under that view, Charlie Parker and Thelonious Monk might appear in the same “folder.” It all depends upon what I want. The filesystem shouldn’t force me to move all my Charlie Parker MP3s into a different directory every time I think about my data in a different way.

The point is simply that when we’ve got this much data, we’re going to spend absurd amounts of time just organizing it unless our systems change with us. We have a wonderful distributed system (see the FreeDB) for attaching metadata to objects. Now it’s a question of how we use that metadata to get ourselves better organized. I think filesystems are precisely where we need to start.

I spent eight hours today trying to finish my work for a local nonprofit, setting up Mandrake Linux and getting it to work with their pre-existing Windows and Mac machines. I’m about 90% of the way there. The final big piece is getting NIS to work with OS X. As with most modern computers, you can configure OS X to figure out where to look for usernames. Most operating systems just pull usernames out of a standard database on disk. Another approach is to get them from Unix flat files (/etc/passwd, for instance). A third, and the one I was aiming for, was to pull from an NIS server that I had already configured elsewhere within the nonprofit, which was already serving usernames properly to the Linux boxes. (Which I just find hellaciously neat.)

So I did what the handy web page linked above told me to do, only presumably I messed something up: when I rebooted one of the OS X machines, it no longer recognized any usernames, local or NIS or otherwise. I couldn’t log in. I jumped into single-user mode (Option+S while booting), which means “the Unix command line.” The trouble is that single-user mode, unless you go through some hoops, doesn’t do much: it’s not running any daemons, and I couldn’t get it to run the nibindd daemon that would allow me to modify the part of the NetInfo Manager tree that I had munged.

Here it might be valuable to revisit the idea of stupidity.

(more…)

My friend Ken sent me a link to some photos from the Cambridge midnight marriages of gay couples. I promptly cached them, because that’s what I do. They’re great, and they make me really glad to live in an enlightened state like Massachusetts. Hopefully more of the country will follow suit when they notice that the sky hasn’t fallen.

And just because I like to get in plugs for free software wherever appropriate, I’ll note that I copied the contents of Joev Dubach’s site using wget, an open-source package that makes the job phenomenally easy. Not only is it free-as-in-free-speech; it’s also free-as-in-free-beer. It’s available both for Windows and Linux. Enjoy.

You know what I want to read? A weblog from a Palestinian “militant.” I want to read a blog from an Iraqi “insurgent” or a “Shiite cleric.” The only perspective we ever get on these people is that they are opponents to some lawfully instituted power. (Lincoln always referred to the Southern states as “rebels,” so that the Civil War never became anything worse than a police action to keep down illegal activity.) For once, I’d like to see them from their side. I feel like I’m in Brazil most of the time, only hearing about the “terrorists” from people who have an ulterior motive in calling them terrorists (viz., justifying a war that brings them power). Let’s get some blogs that do what they promise to do — namely, bring us disparate voices.