I'm a security engineer with a lot of side projects, most of which find their way here. I like to center my research around computer security, cryptography, Python, math, hard problems with simple answers, and systems that uphold their users' values.
You can also find me on Twitter.
27 February 2016
More Politics in Software
Over the past two months, I've been writing a series of posts on the intersection of politics and technology. The series consists of two bookend posts, with a number of focused topic discussions between them; this is the second bookend post.
Programmers are incredibly good at finding stuff to get worked up about. What's your favorite text editor? Vim? emacs? Maybe (god help you) Notepad? gedit? kate? nano? Or maybe you don't use an editor -- ok, then what's your favorite IDE? Eclipse? Visual Studio? NetBeans? Something obscure and language-specific?
Speaking of, what's your favorite language? Python? C? Java? C++? C#? Javascript? Lisp? Haskell?
Astute readers may have picked up on a theme here: Unless you're getting ready to draft a specification or set up a group workflow, none of these questions matter at all. And yet, we're all expected to have strong opinions on them. Conversations like these cement computer science's male-dominated reputation, because they are all about unabashed dick-wavery.
I wouldn't mind this so much if it weren't for the fact that it distracts a lot of smart people from things that actually matter. If you're making the case that easter eggs like "M-x tetris" proves yours is the editor of the gods, you're not making the case that, say, fair use provisions are critical to the future of internet culture. If you're arguing ad nauseam that Eclipse is so bloated as to be all but unusable, you're not wrong, but you're also not learning anything. If you're arguing that modal editors like vim are better because the lack of chording means you're less likely to get carpal tunnel, that's nice, but also kind of weirdly specific.
There are thousands of these silly little issues. My goal with this series was to try to find software-related issues that actually, in some broader sense, matter. With that almost comically lofty goal in mind, let's take a lightning tour of the topics visited.
We started out with a discussion of boot security, where we tried to wrap our heads around the question of how to detect (or maybe even prevent) hardware attacks. The political angle: the recently adopted UEFI standard claims to solve this problem, but in fact makes it worse in a way that
Next, we took a look at the still-emergent "sharing economy", and explored the good and the bad which lurk therein. One takeaway was that while change can be very good, "disruption for disruption's sake" is an absolutely absurd (and absurdly pervasive) guiding principle. Another takeaway: as services get decentralized, it gets really hard really fast to regulate them in any meaningful way, and this can lead to some really bad situations.
The sharing economy post momentarily brushed up against the issue of online platforms serving as facilitators for harassment and abuse. The next installment dealt with this issue head-on. It's incredible that there are large groups of people to whom which this post's title, "Ignoring Abuse On Your Social Platform Is Not a Neutral Stance", is actually a controversial claim.
The final "body" post, "You Can't Legislate Reality", took on a somewhat broader scope, looking at ways that the legislature has gotten tech completely wrong in mind-boggling and often dangerous ways. In particular, that post saves some heated language for a discussion of the TPP.
Now that we've reached the end, there's only one thing left to do. I've heard it said that all that's needed for the triumph of evil is that the good do nothing. Now, that's not entirely wrong, but it's not entirely right either. It's good to be educated about the issues facing your domain of expertise. But that alone is not enough.
A friend once asked me to help fix his computer, and he refused to believe me when I told him I couldn't. "But you're a computer science major!" Yeah, I replied -- so I can give you a really detailed walkthrough of why it's broken! But that doesn't get us any closer to finding the fix. This is the difference between diagnosis and cure.
Tens of thousands of computer hobbyists sitting in tens of thousands of homes or offices could all independently educate themselves about the issues facing their field, all get tremendously incensed about something like the locking-down of router firmware or the government-mandated corruption of digital maps, and all independently decide that Something Must Be Done... but it wouldn't make one iota of difference unless they decide, given that knowledge, to do something.
The fact is, being able to explain exactly how and why the world is getting worse does nothing by itself to forestall this worsening. The people worsening your world for their own interests could not care less how well or poorly you understand what they're doing, as long as you don't try to get in their way. But how do we get in their way?
It's not easy: Most of these issues are national in scope, and very few of us have standing invitations to that particular big-kids table. But that's a bit of a silly complaint coming from people in a field where median incomes are almost all six figures. We've got money to burn, and there are groups who've been fighting the good fight for decades, and they accept donations.
Foremost among these groups is the EFF, a non-profit that relies largely on donations for its funding. We all owe them a debt of gratitude for the work that they've done towards our community's ends. As with any organization, donations are critical to retaining that focus. Once you land that sweet job and start making more money than you know what to do with, maybe think about starting to pay that debt back.