Don't Blame the Mice.
Your kitchen is alive with vermin! Who is to blame? The cruel forces of nature? Or, might it be you - the fellow who scattered delicious crumbs everywhere; spilled honey a thousand times without picking up a mop once; and kept a mountain of old newspapers around for rodents to chew into nest liner? Your friends come over for tea, and turn out to be less-than-pleased to meet the roaches floating therein. Feel free to explain that your home is a year-round restaurant for vermin because you live under a curse. Blame the pests, blame the devil - anybody but yourself.
Now perhaps your kitchen is cleaner than an operating room. Yet the above applies to you just the same, unless you are reading these words in a museum, on a resurrected Lisp Machine. Or on a lowly Soviet BK-0010 microcomputer, wired to the Net through some eldritch wizardry. Or some other rara avis which gives the operator a useful window into the real-time doings of the CPU.
Every once in a while, journalists, activists, and political busybodies of all stripes descend into a self-pitying whining orgy about the electronic escapades of spy agencies. Those dirty crooks, we are told, have the audacity to break codes, spread malware, and - as luck would have it - sabotage security products, open1 and closed-source alike.
The kind of shenanigans we've been hearing about lately2 aren't the least bit new. Crypto AG supplied the entire planet with diddled cipher machines for decades - and continues to do brisk business! Microsoft's crock of shit masquerading as an operating system was ham-handedly back-doored in the '90s.3 People whose money, freedom, or even lives appear to depend on keeping snoops and snitches at bay continue to run Windows. If they don't care, why should anyone else? Nations openly hostile to the United States eagerly run their defense industry (and, by some accounts, even weapons systems) on Microsoft's turdware. They purchase silicon designed by American engineers, route their packets - often without bothering with crypto of any kind whatsoever - over American networks. They almost literally beg to be pwned. They demand, plead, wheedle: "Please, please intercept our email and telephone conversations! Please supply us with Trojaned operating systems and network hardware! Please sabotage our nuclear fuel refineries!" These words are not spoken out loud, but they are certainly heard - by the "walls that have ears." And dollars speak louder than words in any case. They speak very loudly indeed.
The naïveté of bean-counters and bureaucrats may be excusable; that of seasoned academics and engineers isn't. Mr. Torvalds eagerly hitched the security of the Linux kernel to Intel's Trojaned wagon. And now the fun which can be had with diddled random number generators is finally getting some press, but the underlying idiocy of the Unix architecture (and all other conceptual foundations underlying today's computing systems) - to no great surprise on my part - isn't. And won't. Educated persons who read Ken Thompson's "Reflections on Trusting Trust" throw up their hands in stoic resignation, as if they were confronted with some grim and immutable law of nature. But where is the law of physics which tells us that any computation must be broken up into millions of human-unintelligible instructions before a machine can execute it? Not only is it possible to build a CPU which understands a high-level programming language directly, but such devices were in fact created - many years ago - and certainly could be produced again, if some great prince wished it. It is also eminently possible to build a computer which can be halted by pressing a switch, and made to reveal - in a manner comprehensible to an educated operator - exactly what it is doing and why it is doing it. Can you buy such a computer at your local electronics store? Of course not. The Market, that implacable Baal, Has Spoken! - it demands idiot boxes. And idiot boxes are what it will get.
We are told that spies are reading SSL-encrypted messages at their leisure. We are also told that saboteurs have infiltrated international standards committees for the purpose of weakening crypto systems. This gives you indigestion? Don't rely on security systems designed by committees! PKI is - and has always been - a sham. A cheap sham, at that. Consider the fact that Bitcoin, for all of its faults, gets by perfectly well without anything resembling PKI. Loudmouth activists, who put up such a ferocious fight against outright key escrow in the '90s, ended up buying the very same wine in a different bottle with SSL and every other PKI-based faux-security system currently in use - where you are stuck with relying on a handful of con artists not to cough up the master keys to whomever they please.
Let's go back to your kitchen. It is squeaky-clean, you say, because nowhere in your house do you make use of Microsoft's miserable imitation of an operating system. Guess what, the mounds of garbage are still there, stinking brazenly; the mice leap, they play without fear, because virtually all of your cryptographic needs are serviced by some variant of OpenSSL. What a monstrous turd of a library! Have you read and understood it - any of it? Do you personally know a single living soul who has done so? Dare to contemplate the very idea of plowing through these megabytes of gnarly crapola. But let's examine the reason for the bulk. The idiot 'C Machines,' and the few operating systems commonly used therein, are, one could almost say, criminally negligent in failing to provide any real support for most of the basic building blocks of modern computing: from bignum arithmetic to garbage collection. Authors of libraries like OpenSSL are to be applauded for their feat of creating something useful on top of this obscene Babel. But the result is always and inevitably a pile of garbage - comprehensible4 by no one, with plenty of hidey-holes for creepy crawlers of every species. Get the conceptual foundations right, and the vermin scurry away.
I for one am greatly surprised to see respectable men of science like Bruce Schneier calling for lawsuits and parliamentary hearings to rein in the snoops. The very notion of limiting the authority of a secret police agency via laws and regulations is laughable. Quis custodiet ipsos custodes? Who is going to bring down the law upon these fellows? You? Your neighbor? Mr. Schneier? The Pope? The Grand Inquisitor? 5
On top of it all, I fail to grasp the public's anger at our cloak-and-dagger friends. It is much like hating the Public Executioner for chopping heads. It's what he's paid for! If you don't care to be separated from your head, take some measures. Said measures could be political (bow in eternal fealty to your beloved Führer) or technological6. The one measure which is guaranteed not to work is whining.
Civilized society traditionally privileged certain professions - medicine, law, the priesthood - in return for certain obligations. A priest takes an oath not betray the seal of confession, and in return he is trusted with the most damning secrets. The doctor swears not to harm his patient, even when the latter has committed terrible crimes. The lawyer tries to defend miscreants he knows to be guilty. One clever soul suggested applying this doctrine to yet a fourth profession, creating a kind of "programmer priest."
Perhaps one day there will indeed be someone you can trust to pronounce - truthfully and competently - that a crypto-system is strong, that a protocol has not been diddled, that your computer serves only a single master. But don't hold your breath; today's digital shaman will not help you; he is on the king's payroll, and will speak the words he was ordered to speak by his liege-lord. And no seal of confession seals his lips. So if you want security, you will have to achieve it on your own: by using systems which you actually understand. All the way down to the silicon. These do not presently exist, but could be made to exist.
Bringing the comprehensible computer into existence is no easy task - but it is surely a considerably-easier (and ultimately more rewarding) task than trying to persuade the headsman to put down his ax and leave your head on its shoulders merely from the kindness of his heart (or because a piece of parchment, written long ago, proclaims that your head ought to stay attached.) Clean up the kitchen - banish the vermin. While you still can. Or learn to live with the squeaks, the ruined food, the dung.
- How does one sabotage the security of an open-source product? Let the good doctor S. Craver teach you exactly how. ↩
- Mr. S could very easily turn out to be a skilled and courageous disinformation agent, all of whose "leaks" were lovingly scripted by a handful of talented fellows in grey suits - who are now laughing all the way to the bank. If I ran a national intelligence agency, and the latter did not possess an effective pill against modern crypto, I would certainly order just this kind of 'PR' campaign - to undermine public confidence in popular security tools. But for the purposes of this discussion, let's stipulate that the leaked documents are genuine. ↩
- But it probably isn't today, at least not in the usual sense - unless you consider "Windows Update" to be a remote back-door (which it most certainly is!) "Accidental" bugs, of which there is a seemingly-inexhaustible supply, make for just as effective - and, more importantly, deniable back-doors. ↩
- The notion that a useful and modern computing system understandable to an educated user cannot be built is a deliberate lie promoted by crapware vendors. Don't take my word for it; ask Charles H. Moore - of FORTH fame - who will be happy to show you a working counter-example. Don't listen to me, listen to Moore's working VLSI CAD systems that fit in 500 lines. A useful and complete computing system doesn't have to be a shanty town of kludge upon kludge. It can in fact consist of a small number of "moving parts," each with a perfectly-clear purpose - like a Kalashnikov. ↩
- If we possessed the secret of time travel, I would dearly love to watch these poor misguided souls try to sue the KGB. Or perhaps call upon the Politburo to send an inquisitor against it. ↩
- Let me know when they start gassing people for using one time pads. A $50 hard disk can hold a year's worth of one-time pad for telephone conversations. If the King's men really want to listen to your table talk, let them do it the old-fashioned way. ↩
Edit: I am not the only one who noticed that OpenSSL is a turd.
[...] At this point, if you still trust in the very idea of PKI, or rely on security software you haven’t personally understood the source code of, you’re a chump. [...]
I don't think I trust your memory allocator's compactness, speed, and corruption recovery to match EXT4; those gigabytes you waste add to the cost of the system. That supercapacitor to keep the RAM and the disk turned on for at least tens of seconds while dumping the all data to disk in event of power loss costs at least ten dollars. The memory bandwidth lost to relocating garbage collection, the garbage collection coprocessor, the dual-port memory, however you end up doing it, adds to the cost of the system.
But sure, I'd pay twice as much as I paid for my current computer to buy a computer that I can see everything that happens on. Then I would still use my current computer for everything anyway, because it's programmable enough, and has broken DRM so I can access copywritten content.
The reason everyone has a glorified toy instead of a workstation is that toys were cheap, fast, and had like games and stuff.
And the kicker is, thank you Microsoft.
Thank you for making Windows such crap that people were never really comfortable with Windows everywhere.
Thank you for pushing software with security holes that can be exploited for piracy purposes, without which copyright would be much more strict.
Thank you for making Windows so bloated, everyone needs the fastest computer possible to even write text.
Without the proprietary world sucking so much, open source might never have succeeded at putting a copy of Linux with GCC, or MinGW and GCC, in the hands of everyone who's interested. 20 years ago, you needed to spend a lot of money to buy developer tools. On some platforms you need a "professional equipment" contract.
If the proprietary world had decent security, there would never have been viruses, or piracy. Spam, or pseudonymous Internet samizdat.
Can you imagine a world with nothing but lisp machines and PS4s? That's a world where a few people who work for rich companies have access to programming, and everyone else has a 100$ TI calculator and a bunch of entertainment devices, without even much third-party software (the whole "app store" idea was forced on Apple by people jailbeaking their iPhones and loading apps on them). In short, it's the world of Stallman's "Right to Read" story.
No, I'll take my world of cheap, crashy, kludgy toys that happen to run Javascript.
The Web browser could have ended up secure, proprietary web apps only, Windows only, DRM enforcing; but for Microsoft sucking. As a bonus, it has Javascript, which is a decent programming language.
Why is it important to put it in everyone's hands? So that it can't be taken away from us.
So that's really my answer to you.
(1) Because it's cheaper that way
(2) Because it's faster that way
(3) Thank God it happened that way, because it led to fragmented systems with programmability and broken DRM
Forth is kind of usable, but for what?
How can a simple computing system exist yet at the same time be appealing to look at and use?
I don't WANT to have a commandline for _everything_. I want to be able to watch a movie and drag the window around to where I want it to be on the screen. I want to be able to cut and paste from different applications. I want to be able to work at the correct level of abstraction.
All this 'return to simplicity' stuff, I kind of get it. I grew up on the Commodore 64 with a BASIC prompt. I tinker with languages as a fun intellectual thing to do. At the same time, I can't imagine how a GUI that lets us do everything we can do today can be built on a system as simple as Moore's Forth machine, without adding layers on top of it that move it from being comprehensible to being what we have now.
I'd love to hear your thoughts on this, I'll phrase it exactly as I'd want to ask it: "How can we have a comprehendible computer with the power to play Grand Theft Auto 5?" How does that thing get built and stay comprehendible, while being as powerful? Is that possible?
Forth is a very low level language (and environment). Smalltalk could easily support a rich, fancy-looking GUI.
[...] an inexpensive, user-auditable gadget which attempts to deal with the problem discussed in “Don’t Blame the Mice.” Refer to Mr. Popescu’s page for more [...]
[...] regarding the doings of spies in general: there is really no limit as to what can be done to a physically-molested computer. [...]
[...] difficult, there is they real chance that if they suspect you might be sufficiently interesting they would compromise your machine to make your keys available to [...]
[...] difficult, there is they real chance that if they suspect you might be sufficiently interesting they would compromise your machine to make your keys available to [...]
[...] the United States controlling both sides of the legislature and the attention given to the recent, though not especially surprising, Sony Pictures breech it is likely that some "cyber" equivalent of the Patriot Act may [...]
or y'know, destroy the thing that creates the spies.
There will always arise a thing which creates spies because creating spies conveys a competitive advantage. Your "solution" is not a solution.
How can a simple computing system exist yet at the same time be appealing to look at and use?