Joe Auricchio

Dear California:

I’m ashamed to tears to live in this state. Yesterday, 4.8 million of my neighbors voted against civil rights and equal protection. Proposition 8 was never about homosexuality, or religion, or the traditional marriage ceremony: it was about government adjudication of who can engage in domestic partnership, and the answer of the people is: “Not everyone”. The beliefs of a few about things that don’t affect them have now been turned into laws trampling on the rights of many. Congratulations, California, you just passed a miscegenation law.

To everyone who thinks this is a religious issue, to all Christians who voted yes on Proposition 8 because you interpret Leviticus 18:22 as declaring homosexuality a sin and calling you to take positive action to prevent same-sex couples from being happy in such sin, may I draw your attention to the New Testament: Luke 6:36-37, Colossians 3:13, 2 Corinthians 3:6, Galatians 5:14-15, and Galatians 3:19-28 for starters. You can think homosexuality is a sin, if you want to ignore the new covenant, follow all the laws of Leviticus, and declare putting meat and dairy on the same plate a sin as well, and miss the entire point of Christianity. But even if you do that, don’t you dare condemn other people for what you call a sin. Next time, try listening to what good old JC actually said before you try to do something in his name. Hint: it’s about forgiveness and love, not about legalism.

To all of you Yes on 8 campaigners who claimed this was about protecting the marriage of straight couples from some sort of degradation of society, or about what our children would be taught in schools, or that kids need both a mother and a father or they’ll grow up to be criminals and/or homosexuals, or especially anybody holding one of those signs that said “Prop 8 = less government”, come see me sometime, and I’ll send you to whatever hell you wish. You lied through your teeth to convince otherwise reasonable but tragically uninformed people that Prop 8 was something it wasn’t. I’ve been trying to keep my feelings today mostly in disappointment and not hate: but I really really really don’t like you.

My hopes and whatever feeble prayers I dare offer are with the ACLU, Lambda Legal, and the National Center of Lesbian Rights, who are currently challenging the constitutionality of Prop 8 in the California Supreme Court; and that the Court will do the right thing and protect the rights of all people.

I should be happy with the outcome of the Presidential election. The candidate I supported won, and I think the country sent a message that we’re not happy with the way things have gone. The power of the people is passing to a younger generation and we’re going to make some changes. I should be happy, but today I just can’t be. More than anything else, I’m shocked that this happened here. This is the West Coast, the land of hippies and greenies and crazies of all sorts. If this is what 47.9% of Californians believe, what does that say about the rest of the country? How can the same country elect Barack Obama and ban gay marriage? I just don’t understand.

All right. Back to infrequent natterings about technology.

P.S. Hey, Santa Clara county, where do you think you’re going? You come right back here. Santa Clara County, you screwed up big. 33.7% of you voted against BART. What the hell?! Who voted against BART? You’d better hope there are 5,000 more uncounted absentee votes for Measure B hiding somewhere. If B finally fails when every vote is in, I will find all of you and I will beat your ass back into the real world where we need BART in the South Bay so bad it hurts.

Full disclosure on my political & religious positions: I’m an atheist who sees a lot of value in the best teachings of Christianity and all religions; the teachings that nobody can always follow because it’s actually difficult to be a good person. I have strong respect for civil liberties and the rights of individuals. I’m a bit left on welfare issues. On the other hand, I don’t trust the free market as we know it today. I’d love to, but it proves itself time and again to be a terrible servant of the public good.

Today, Kyle said to me:

So, you know that whole hd dvd key thing? Everyone and their grandmother knows it now, or knows where to find it. But I don’t think anyone knows what the heck to do with it.

Why did the HD-DVD key become such an issue?

Content providers: Takedown letters are not the way to stop piracy. Still less are they the way to squelch people with an agenda.

Bloggers, Diggers, etc: Copying and pasting a couple dozen bytes does not equate to taking to the streets in glorious revolution. The key’s been public for months. Those who needed it to do business (software developers and pirates) had it long ago.

Forgive me if I sound reactionary. I’m on the bloggers’ side on the whole. Certainly I’m no friend to the MPAA and RIAA. I just thought we’d been through all of this back in 2002 when DVD-Jon went to trial. It’s the same DMCA, same technology (video DRM), same fair use and anticircumvention issues. Of course, none of these issues actually came up in Johansen’s trial; they were just discussed to death on the net. I’m annoyed that this all came back a few days ago, but glad everybody shut up at the end of the day.

TMBO had a photo (sorry, no link) of a guy who tattooed the key to his chest. He’s going to feel really silly next year when nobody remembers or cares anymore, and even sillier in five when the next-next-gen formats arrive with the same folks backing them.

(I hope he feels silly already because back when we had the export restrictions fifteen years ago people did the same with strong crypto algorithms.)

Speakeasy, the last insanely great national ISP, just got bought out by Best Buy.

Speakeasy is known in the community for giving the speeds they promise, not throttling on the last mile nor unreasonably overselling their middle mile, for not blocking any inbound or outbound traffic, and encouraging users to run personal and game servers. These are things no other ISP really does. We’d be with them today, on 6×768 DSL, if we were closer to our CO. I can personally attest to their excellent customer support: the couple of problems I had were both resolved in a ten minute phone call to actual employees (not call centers). Not bad for a company of only 300 people.

And now they’ve been bought out by Best Buy for barely a year’s revenue.

At least it’s the Best Buy business division. That means we won’t have salesdrones pressing DSL on top of service agreements. And business-facing people seem to have their stuff together, on the whole. So I’m not completely without hope. I guess we’ll know in a year or so if Best Buy nukes the management.

Shoutouts to (in no particular order):

Paul, Ava, Ben, Kelsey, Rushi, Sheenika, Jonathan, Dan, Chris, Mooneer, Stephi, Hanna, Scott, Danny, David, Nik, Jess, Brad, Bethany, D.J., Sheree, Aaron, Lily, Eric G, Auston, Mark “The Knife” “The River” Gahagan, Meg, Chi, Amrit, Tam, Amado, Rego, James, Kim, Amy, Proud, Sharon, Christine, Michael, Melissa, Christie, Eric B-D, Billy, Cody, Dylan, Brandon, Iron Jeff, The Swede, Ryan, Cano, KG, Gabe, Cha-cha, Mary (my other mother), Bilow, Flo (“zis country would be so much betteir if it weir cohvered wis a meeteir of snow!”), Kris, Amanda, Lizzie, Rose, Brigette, Kerry, Marla, Kristjiana, Iain, Mike, Van, everyone else from HS, John and Elaine, Brian, Chris, Ted, Danny, everyone else from UCSD, Bill Clabby, Jeanette Ibarra, Professors Chu, Ord, Tullsen, Sato, Ito, Pineda, and Rhodes, Gabriele, Pat, Matsumiya-sensei (wherever you are), the Big Domy (you know who the Big Domy is), and of course Teresa, Rick, Amy, and Jessie. If, somehow, I forgot you, you know you’re on there too.

Further corporate propers to:

Apple Core OS team, 2 Dogs Coffee (Morro Bay), Eventful, Fern Canyon Press (and all their endeavours), Microsoft Xbox 360 team (all right, ya done good), Nintendo, Xilinx (I hate your software but I love your hardware), most of UCSD, Google, all the backbone network operators, OmniGroup, Matz, _why, and the Ruby core team, Linux kernel developers, Red Hat/Fedora, every single man woman and child who has contributed to Debian, NoMachine, irssi.org, Freenode, GNU Project, SureFire, Streamlight, Wes Hinkle’s San Diego Volvo (Service department), and of course Apple circa 1976, for the dream and the spirit.

All of these people touched me in 2006, almost universally for the better, and made my life what it was. I look forward seeing you all in 2007.

My previous post pointed out to me a failing of terminology to describe compatibility. To paraphrase FOLDOC:

• Backward/downward compatibility means playing DVD discs in Blu-Ray players. It is a property of the new system.
• Forward/upward compatibility means DVD players were originally designed to play Blu-Ray discs with some level of degradation. It is a property of the old system. (This is not true, of course. DVD players have no idea what a Blu-Ray disc is and will spit it right out. The physical layer wasn’t designed to be gracefully forward compatible.)

I’m looking for a term that means that Blu-Ray discs were designed to be played in DVD players. It’s a property of the new system; the new system was built to work with the old system, the old system never had a clue about the new system.

Via Bruce Schneier’s blog. Read it first.

When you reduce “admissibility” to a more simple and general form, it becomes the question “What happens to the data after it changes hands from the provider to the user?”. At some point, the handoff must occur, and beyond that point the server can have no knowledge or influence on the data’s further disposition. A few technologies, such as end-to-end encryption (SSL, etc) can help move the handoff to the client endpoint’s network stack, but at some point the data is decrypted, and it becomes accessible to the user’s code and eyeballs. This is the intention of a good secure system — to give the right data to the right users.

With that, necessarily, is the risk that other code and eyeballs will steal that data from the intended recipient – and that is a completely separate security problem that can only be solved on the client side. The parameters of the problem are the same “Four As” (or “CIA”) we already know. The security of the entire system scales like a fractal, to smaller and smaller scopes, until at last we have CRT to eyeball and fingers to keyboard (which leaves the realm of computer security and becomes an old-fashioned physical security problem) ((I’m not trying to minimize the value of physical security; if anything, it’s a lot harder than computer security. It’s merely a different kind of problem, and a different set of people need to work on it once it reaches that level.))

The security of the client is a problem; but it is neither the server’s problem nor a problem the server can solve at all. A server can never have any assurance whatsoever that its client is not vulnerable to attack. There are two ways for the server to obtain an answer to that question: the server can invasively investigate the client, or the client can claim to the server that it is secure. If the server invasively investigates the client, it can be tricked into investigating a clean-looking virtual machine. If the client claims it is secure, or rather, that some sort of configuration-management software running on the client claims the client is secure, that response can be spoofed by an attacker, or the configuration-management software can be compromised.

If this whole server-trusting-the-client’s-configuration sounds vaguely familiar, it’s exactly the same problem that ruins identd: the trust isn’t placed in identd, the trust is placed on the sysadmin of the remote machine. But how do you know to trust them? How do you know their machine is not lying and has not been hijacked? You cannot, and that is why identd is not a usable authentication system. ((So why do most IRC networks still require it, or make you wait thirty seconds until the request times out?))

Ultimately, the admissibility question reduces to “What are you going to do with this data after I give it to you?” This is not a new question, nor is it an easy one to ask and answer. Some of its unhappier answers include users taking laptops home after work where they can be burgled, or users deliberately giving or selling data to third parties. These are all completely outside the design of the security system. ((This problem of “what are you going to do with the data, now that you have it?” applies at all levels, including within the server as requests are processed, an area I think may be overlooked too often. This is the level at which you ask questions like “Do I trust that this data will not be snooped out of the kernel’s networking stack, before it’s sent out the ethernet port?”—don’t laugh, it’s happened!))

Until the day when data itself grows teeth and can defend itself against misuse, we have to carefully limit who we authorize, do our best to teach how to secure their own environments, and finally, trust those authorized users and their environments. That’s the way we do things now, and it’s not always a very fun way (especially that second part), but it’s the only way.

I hope somebody’s working on that teeth thing, though.

A final word: One-time passwords and time-based credentials (Opie, SecurID…), properly implemented, can make all forms of sniffing a LOT less profitable. The first credit card company that uses rotating card numbers based on a SecurID-style token is going to get my business. Alternatively, I’ve heard some European banks give customers scratch-and-sniff cards with a few dozen one-transaction authorization codes. That’s a nice low-tech solution that’s just as good at the end of the day.