ihoby wog

Here is my grid for keeping track of how authentication methods compare to one another. Apologies if you’re color blind, since I’m using green for good, yellow for okay, and red for bad. The “hoby netid” method is a protocol of my own design that has yet to be implemented.

I recently moved… and because my internet connection was DSL, I had to change it, either to move the service or start a new one of some kind.

It had been a while since I’d looked around, so I thought over my options:

1. Stay with my current ISP
   DSL from Launchnet (based in California) and connected by Covad
   6mbit down, 2mbit up, and 5 IPs for a not cheap price per month
2. Some local, cheaper DSL provider
3. Fiber optic: super fast for cheap
4. Cable: faster and cheaper
5. WiMax: portable

1. 3 mbit DSL
2. 20 mbit Comcast for about the same price
3. 3-8 mbit Clear for slightly less

• Launchnet is small and ambiguous but Covad is now owned by Megapath, who has a history of buying providers and ruining their good service at the expense of consolidation profits. Megapath in turn is now owned by Best Buy. What are they like? Well the most I could find is some financial crimes.Evil Factor: minor.
• Clear has the most sordid origin, which was started by seed money from such evil forces as Goldman Sachs and the Texas Rangers. Later it had some semi-shady deals to get it’s wireless spectrum and gain more investment and shareholders like Intel, TimeWarner, and oddly enough Comcast. Currently it’s mainly owned by Sprint though. Evil Factor: not good.
• Comcast is just as evil as they’ve ever been. They spend millions of dollars lobbying legislators to push internet and media policies that are diametrically opposed to my world view. They have the worst customer satisfaction rating of any U.S. company or organization (including the IRS). They block service, they discriminate, they cap, and they attempt to buy every sports team and media company in the country. They even had the gall to try buying Disney. They’ve been caught multiple times for filling federal hearings with randomly hired people off the street, just to keep opposing citizens from testifying before Congress or the FCC. Evil Factor: absurdly evil.

Ahh the age old battle between Security and Usability.

I hope in the future that we arrive at these conclusions:

• Obscurity is not security
• Security problems most popular in the news (and in Congress) are the least common in reality
• Current forms of security don’t work for people and the data proves that
• Most implementations widely used only provide the perception of security
• Nothing is uncrackable or unhackable

• Usability is usually more important than security
• Security need only be sufficient to demoralize malice, while usability must succeed in actually enticing interest in an unappealing activity (luring is more difficult than impeding)
• When we make more usable functionality quicker to implement (one line of code) then developers will welcome it
• When we prove with data that many threats are not reality and security is often overkill then employers can feel good about tipping their investment in favor of usability

Currently we have a lot of fearful perception and “what if” corner cases polluting the landscape. Getting consensus on this topic doesn’t easily happen right now. Security is entrenched in technology and that point of view is what wins most often, especially in the States.

reply to ZDnet post “Using selfishness to put crowds to work for you”

Self interest is only one of many factors one must factor in attaining a goal with other people – a detail which must be balanced along with everything else.

Seeking to promote selfishness as the prime mover is an inherently flawed tactic. Using the stock market as an example – hello Enron anyone? Even with all the criminal prosecutions every year from constant policing of Wall Street, there are still countless acts of swindling and corruption that plague this market and as far as choice of investment goes – we’ve all now seen where the self-interested masses have placed the most “value”: the hollow future payments of predatory loans, price-fixed commodities (diamonds, oil, etc), war profiteering, and book-cooking corporate monopolies. The market turns out to be unfairly anti-competition, completely corrupted, and driving the world economy off a cliff. Great.. good job, capitalism. Unregulated self interest at work.

But back to coding..

The main reason why documentation doesn’t happen is because of a combination of culture clash and isolation.

The personalities of people that like to code are not the same as people who like to document. People who like to document don’t gravitate toward code people, the code itself, or seek to understand code. People who like code gravitate toward function, and any documentation that appears to serve no immediate function is dismissed as superfluous. There are of course, rare individuals that span both sides of the fence.. but they’re not the norm.

Many coders are also traditionally solitary or a small isolated group. Isolation not only discourages empathy but it acts to remove it from a person’s reality – therefor making it an irrelevant factor.

So the proposed suggestion of encouraging the clash and isolation will just lead to further instances of esoterica being driven into the outer reaches of specialization – doomed eventually to be lost in obscurity. No matter how good the code is, if its pushed out of reach for future understanding then it will be forgotten – only to be needlessly re-invented later on.

A better path is to recognize the many factors of human nature and personality culture to build and maintain inclusive community. I say inclusive because community with a purpose must have enough diversity for empathy to stay relevant between all personality types, making a complete project a common goal. That way, self interest, group interest, project interest, and outsider interest are all taken into account and real factors for every member of the project. A balance of self-to-other.

So with an intelligent mix of coding types, documenting types, and the various other types of personalities being intentionally “included” in a project community, there is translation between the specialties and basic knowledge spreads. Personal culture lives inside of project culture.

Altruism is not just sacrifice for strangers, it’s sharing your own interest with the interest of others. It’s tapping into the (usually present) innate human capacity to relate to other people and realize/simulate how you would feel as them.. knowing the joy and pain of others as you do your own.

And besides that, altruism isn’t even necessary for many forms of people doing things for others.. many people either by ideology or by circumstance are just compelled to assist others because it is entertaining to do so. Maybe it’s a talent, a hobby, a way to socialize, a means to another end.. a thousand reasons could be in the mix.

“Hey, you want a beer, too?” – Altruism at work.

(comment on ZDnet about security admin pet peeves)

Of course people don’t like security, it tends to be obtrusive, unfriendly, difficult, oppressive, and demanding practices that are very un-human. It also is something that can often be bypassed with varying ease by anyone determined to do so.

For any kind of security to gain real traction, it has to be tailored to people and become extensions to individuals as much as possible. Remove the oppression. Imagine for instance, being able to remotely “feel” if your house is being intruded.. see and hear who they are, and if you want them out, being able to do so as easily as moving your own body. Your house would know you, it becomes part of you. Regulations should keep it non-violent but no agency would dictate your interactions with your house.

That’s the kind of sci-fi that should be the goal with security for a variety of functional and ethical reasons.

What exactly is the source of ZDnet’s obsession with attempting to strike fear into the hearts of everyone who uses digital technology? Why must they constantly push the “you will be attacked” and “there could soon be a virus that does this” angles?

The mundane truth is still that most security breeches are from disgruntled employees (a result of corporate abuses) and most intentional cracks are done solely for the purpose of sending spam (a result of public gullibility).

Real breeches are about the almighty dollar, not destruction.