" /> net.wars: August 2016 Archives

« July 2016 | Main | September 2016 »

August 26, 2016

Return of the penguin

two-angry-penguins.jpgBack in January, a motherboard malfunction led me to move my desktop machine to Linux. Some effort later, and I was mostly up and running - at least, able to work. What happened next is hard to describe. I had three classes of problems: old Windows stuff that needed to work or be replaced (or both); annoyances that I was probably just going to have to live with; and issues that had to be fixed for quality-of-life reasons. In the first category were things like Quicken (replaced by Gnu Cash) and Ecco (irreplaceable, even now, and I couldn't get it working); in the second were things like the GIANT icons in the task switcher and the way the stupid thing groups windows; in the third were oddities surrounding audio, video, and Flash.

I would love to tell you how I got Flash working, fixed the no-audio issue, and found a way to play DVDs and HEVC files. I can't. For one thing, even though the latest version of VLC is supposed to play HEVC files, my copy crashed almost every time I tried. (Sometimes it would play a minute or two and wait to crash until you thought it was going to work.) For the rest, I just kept following the advice I could stand to read on random web pages until somehow eventually the thing "suddenly" started working.

Thumbnail image for Emperor_penguins_(2).jpgAnd then, for months, calm descended. I imported my old Ecco address book into a giant spreadsheet. I posted an easel pad and began writing the weekly schedule on it (because Thunderbird's calendar is - let's call it - quirky about when it feels like reminding you about the thing you're supposed to have left for an hour ago. I switched to taking interview notes in LibreOffice and found its dictionaries are actually more configurable than Word 2003 and that, with version 5, it correctly imports comments and tracks changes from Word. I found that my Windows laptop could run Second Copy and keep the directories synched.

I also experienced a slight personality change, in that practices I found unacceptable when they were being done to me by Microsoft weren't so bad in the Linux world. Chiefly, automatic updates. Where I never felt I could enable those in Windows because I couldn't tell when something I was working on would vanish after an unexpected restart, I found Ubuntu unfailingly polite. Would you like to update this software now? Would you like to restart now or later? And when I chose later, it didn't keep asking me again every ten minutes. So a lot more updates happened, and I relaxed some of my iron-fisted insistence on having directories the way I wanted them instead of the way the software did.

And then - you can see it coming, can't you? - Ubuntu offered me an upgrade to 16.04. I had actually been waiting for this moment because, for reasons I still don't understand, 14.04 had mysteriously stopped powering down the monitors when they were left alone for a while. I thought some recent update must have broken that particular function, and maybe 16.04 would fix it. And newer has to be better, right?

In the early 1990s, I used to giggle furiously when some technology editor would get overexcited and install a new operating system on his (usually his) machine without making backups first and spend the next week frantically trying to retrieve everything. But that was then, when the computer industry was young and immature, and issues like those were part of what made computers a cliquish subculture rather than a mainstream technology.

I had forgotten all that; it was a long time ago. Plus, Ubuntu had been politely downloading updates and nothing untoward had happened. I got reckless. I got cocky. I hit the upgrade button. No, not before running the synch routines to ensure the data was all copied everywhere. Not. That. Stupid.

I suspect it was probably my fault - for touching the keyboard and fiddling - that led the upgrade to crash about a quarter of the way through. From there, it was a losing battle. The computer booted to a perpetual black screen. Trying to go forward with the upgrade led it to do some inscrutable downloading and proclaim it successful when it clearly wasn't: although I could log in from the terminal window, the graphical system kicked at my password, which meant all I could do with a quadcore and three large monitors was log onto the WELL. The computer was so confused that trying to run Software Update again led it to whine that it couldn't update from 16.04 to 14.04. And so on.

Thumbnail image for Danco_Island_Penguins_(15660612764).jpgSo, reinstalls all around, albeit with a slightly newer version of 14.04, and this time I'm keeping notes, which is the one piece of useful advice I'm offering here because otherwise you make the same errors of judgement as someone who gets months of medical treatments for cancer but thinks it was the homeopathic remedy that cured them.

Some things - audio, video, flash - have gone easier than last time. Samba, however, is putting up a long and boring fight that I nonetheless intend to win (apparently my idea of a summer vacation). Happy 25th birthday, Linux.

PS: I finally fixed the original screensaver issue by downloading Light Locker. I couldn't have thought of that first?

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

August 19, 2016

The 0.06 percent

Indecline-Emperors-Trump-2016-08-19.pngIn line with increasing numbers of news sites - Popular Science, The Verge and the Daily Dot, Mic - National Public Radio has decided to get rid of its comments. The reasoning, ombudsman Elizabeth Jenkins writes, is based on numbers familiar in outline if not detail to anyone who has followed how virtual communities work. NPR's 33 million unique users in July produced 491,000 comments - written by only 19,400 commenters, or 0.06% of users. Just 4,300 users accounted for 67% of comments, and over May, June, and July 47% of comments came from 2,600 users. NPR concluded that therefore the comments system is serving a very small percentage of its users - and since it's costing twice what the organization budgeted, and NPR finds demographically broader engagement on Twitter and Facebook, out it goes.

I do sympathize; NPR, a fine organization, struggles constantly for funding (like every journalism organisation now). And really, aside from purely local papers which actually serve a definable community, why should reading news mean joining a community? News site comment boards are the product of two dated trends: the 2000 belief that community was essential to online business success, and "citizen journalism".

Thumbnail image for FremontTroll.jpgNPR's comment board troubles are same-old: in-fighting, point-scoring across unrelated topics, racism, sexism, general nastiness. Online was ever thus, and the only known solution is heavy, persistent, consistent, human moderation. It's expensive and labor-intensive, as former Guardian moderator Marc Burrows describes. As we found on CompuServe's UK Journalism Forum in 1993, real names aren't a fix, though what I call "Benidorm syndrome" definitely makes things worse - that is, the belief that online behavior has no real-life consequences. There have been some interesting attempts - most recently, a paper published by Yahoo! (PDF) - to automate identifying hate speech and abusive language, but that's just one aspect of online abuse, as the outline of Twitter's new quality filter shows.

Much public debate on this topic focuses on ad feminem attacks, but Burrows helpfully dissects the many forms of and motives for trolling from "agenda trolls" up to paid national armies. Burrows also provides numbers: 100 million monthly users, 73,000 comments a day.

I think that besides the often-discussed distancing effect of being alone behind a screen and the speed with which postings can pile on, the volatility of online discourse is similar to why a driver's conversation with a passenger is less distracting than one over mobile phone. In a physical space, everyone present helps moderate the trolls, and an authoritative presence can enlist others to the cause. Plus, the initial effort to attend tends to filter out casually obnoxious participants.

Online, however, travel and effort collapse, and all individuals are reduced to piles of letters. The room has no front, and no one has a microphone or a stage. Community standards and social norms require enormous discipline to maintain. Historical experience shows that smaller communities (such as the WELL) with communication backchannels have the edge in countering these effects. But technological support really helps: when, in 1994, the newsgroup alt.religion.scientology became the first serious battleground between regular posters and a well-resourced attacking external organization, users devised technical barriers. Today's poorly threaded web boards offer no such user-implementable aids. Better-designed technology could enable users to assist moderators, lowering the burden and cost. I'd guess most boards are designed less to foster community than to enable advertising and profiling, and that sites are sold on tools for moderators, not users. By contrast, on Facebook and Twitter users are their own curators.

ElizabethJensen-NPR.jpgJensen acknowledges the sadness that when Disqus removes the comment system, the archived comments will go, too. Though Disqus will presumably retain the data, former posters will not be able to visit the community they had formed. Short-term, I see the point. Long-term, I think sites will need to find their own alternatives to handing off engagement to businesses with their own agendas. We could see the rebirth of more general online forums - but these, too, will have to be moderated.

The Atlantic argues that comments are actively damaging to both readers' perception of a site's articles and their engagement with same. My question: what about those readers? Virtual communities back to the community Dot, have consistently found at least 90% lurk, 10% post, and 1% do the bulk of the posting. As online communities have scaled up, the percentages have skewed much further towards lurkers, as NPR's numbers indicate. In the comments to Jensen's piece, you find a number of people who now feel bereft of discourse they'd come to appreciate. Don't lurkers and Facebook refuseniks have rights, too?

Anyone who's tried to comment here in the last few years may see the irony of this complaint. Here's what happened: It took me a while to figure out the publishing template was broken by an upgrade to the site's underlying software; all I knew was that the site had begun eating all non-spam comments. The template needs to be replaced...but in the meantime, more recently, spambot activity made posting new columns difficult and time-consuming, and the good people at Pair.com suggested disabling the comment system to frustrate the bots into going away. I do apologize. Fixing any of it is non-trivial (to me).

Illustrations: Parody statues of Donald Trump; the Seattle troll; Elizabeth Jenkins.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

August 12, 2016

Somebody else's problems

Flowerpowerportfolio.jpg"Before the bar of Fate and Nature, ignorance is never an excuse," a sign at a friend's house used to read.

Software vendors have long embraced the idea that they are not liable for anything bad that happens as a result of your use of their products. Windows crashes, taking with it the only copy of your PhD thesis, costing you years of work? Not Microsoft's fault. You email drops mid-delivery and never reaches its destination and you ? Not your email client's fault, your mail service provider's fault, nor your ISP's fault. You're abused on Twitter and lose your job? Not Twitter's fault. You probably deserved it.

These are all SEPs: Somebody Else's Problems. If you follow Douglas Adams' helpful instructions in The Hitchhiker's Guide to the Galaxy you need never see them.

All these scenarios are about lawyers: contractual policies that say "nyah, nyah, caveat emptor" all the way down. Even in the first, the simplest, case, exactly who should bear the blame is fuzzy. Why did Windows crash? It could be a bug in the operating system itself (Microsoft), the underlying hardware (which itself includes dozens of manufacturers at various levels), the word processor, other software running on the system, or a smidgeon too little power arriving from the electric company? In a way, email is simpler, because although there are myriad places it could fail along the way, the internet was designed with failure in mind, so what's supposed to happen is that packets that don't arrive get re-sent until they do. So instead the first place you look is your spam folder. On Twitter, while you could blame the system's lack of moderation, the real problem is millions of overactive human beings. It doesn't take much of a percentage to make real trouble.

In each case, there are reasons why we've put up with "it's not my problem" for so long. The first case is a hangover from general computer industry immaturity: until about ten years ago, you considered yourself lucky to have a computer that worked at all and whatever was wrong with this one would probably be fixed in the next version, a couple of years hence. All that has halted, as shown by this week's story that London's Metropolitan Police still has more than 27,000 computers running XP. (Like we said in 2014, when Microsoft terminated XP, software is forever.) On Twitter, it takes time to make the genuine calculation about where to put the boundary between unacceptable abusive behavior and essential freedom of speech. With email, check your spam folder. The internet's original design assumes unreliability and we have alternative channels. In that case, the lack of liability doesn't burn.

Now, however, this approach will fail - rapidly, badly, and soon. In the last couple of weeks, researchers have showed they can wirelessly unlock any of the 100 million Volkswagens sold in the last 20 years; open 75% of Bluetooth smart locks; spoof the world in a Tesla's sensors ; and infest smart thermostats with ransomeware. And yet some people think online voting is a pretty neat idea.

handsfree_BLE_hi-res.pngI have two reactions to these stories. One: people buy Bluetooth bike locks? *Why*? Two: What is wrong with these manufacturers? Security people have been banging on about flaws like transmitting passwords via radio in the clear for *25 years*. Why is selling such a thing even legal in 2016? "Not fit for purpose" applies in spades. It's one thing to decline liability for vulnerabilities that only surface when the software is deployed as part of complex systems. It's quite another to fail to do even the most minimal thinking about what could go wrong as a result of their product. As computers infest the physical world, "computer security" changes from "Oh, look - someone's cloned my credit card" into "They stole my car" and soon into "They killed my grandma". We are at the boundary beyond which we cannot afford to continue letting manufacturers glance sideways past and behave as though their ignorance doesn't exist. Today, it's our problem. It needs to be their problem, as Ross Anderson et al were saying back in 2008 (PDF).

Understand, I'm not talking about trying to protect people from their own stupidity. It's never going to be Tesla's fault if your kid is a crappy driver. Equally, though, it's never going to be an average person's fault that the bike lock they trustingly buy has failed to properly randomize its session keys - how would they even test this? We need security standards that manufacturers have to meet for computer systems that affect the physical world and for which they must accept liability if they don't. In the automotive world, some suggestions have been that the insurance industry will be the forcing function. That's fine as long as you're dealing with quantifiable risks like bike theft; companies can publish a list of acceptable locks. It's not clear that the risks inherent in scalable attacks using cars, streetlights, thermostats - the Internet of Things generally - can be calculated. It's the computer equivalent of derivatives, which Warren Buffett famously called "weapons of financial mass destruction". The best we can hope is that insurance companies refuse to take it on.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

August 5, 2016

Going for the Golem

Pokemon-Golem.png"They'd probably do something stupid anyway, whether it was texting or email, or something else," he said. He was maybe teens, maybe early 20s, standing in front of the house opposite mine with a similarly-aged friend. Both were wearing backpacks that looked ready for a day's hike, and when I spotted them out my window standing motionless I went out to ask: were they calibrating their phones or playing Pokémon Go? Neither, as it turned out, though the second one has been playing the game a lot. Had he done anything stupid yet? "No." Hence the first one's comment.

We've said for a long time that cyberspace is invading the physical world, and there could be no better example of what that's going to mean than Pokémon Go, a prototype for conflicts to come.

The first - and first-reported - effect has been to exaggerate even further the dismaying trend of Phone Absorption, which leads apparently normally intelligent people to walk up the center of high-traffic London streets oblivious to how lucky they are that the cars behind them have slowed to a near-halt. This lemming behavior has led to unseemly gloating in the media, which have raced to find the clearest shoo-ins for the Darwin Awards (we predict a particularly fierce competition this year). Charles_Darwin_1880.jpgThe Guardian kind of won this effort by running a spot-the-fake-story quiz. For the full Schadenfreude, play at the Rio Olympics.

That problem will resolve in time as people adapt, wise up, or are culled from the herd. The second is harder to fix: the game designers' apparent inattention to the impact on real-world locations and individuals. Pokemon gyms have been found in cemeteries, in front of isolated rural homes, and other contentious locations. I don't imagine that I own the right to decide who walks down my tiny street, but if several hundred strangers started showing up every day, it might be worth a pout.

The game's designers have said they will remove locations that ask to be excluded, but it's not clear that opt-out is really the right model for this. What's probably needed is a clearer set of social norms for game designers surrounding what should and should not be regarded as available for gaming. Lauren Weinstein has suggested some reasonable ideas such as curfews to limit nighttime visitors to some areas. Augmented reality applications - not just games - are dependent on the quality of their data; this may require cross-checking among multiple sources. I also wonder if these apps could leverage the phone's location and other sensors to warn people of at least some approaching dangers - the car behind them, the cliff they're about to fall off, There are, however, issues of bias surrounding labeling some neighborhoods as "dangerous". That sort of classification always needs context: dangerous for whom and in whose opinion?

The third is that, as we have said before, community does not scale. Above a certain threshold: abuse arrives. Pokémon Go reached that threshold in record time. In online communities the results of crossing that threshold are unpleasant - disruptive behavior, spam, bullying, and threats - but barring doxing most happen safely on the other side of a computer screen. With Pokémon Go the physical risks are built into the game's intention to lure people, especially kids, to specific desirable places. What could go wrong? The one good effect is this may move us on from some of the moral panic about the internet - the internet is still big, it's the scares that got small, as Gloria Swanson might have said if she'd headed a Silicon Valley company.

Don't get me wrong. I'm thrilled that mobile phone games are getting people out to roam around the real world. But this phase of augmented reality development is recapitulating the way each new generation of software designers thinks they need pay no attention to the lessons of the past. Web users today are still plagued with programming errors that were solved more than 50 years ago. It would be nice to think that every augmented reality designer will look at what's happened in the last month and use it to plan a better development process. Unfortunately, it seems more likely that they'll go, "That was the best publicity ever! A game worth walking off a cliff for!"

The Law of Truly Large Numbers says that if billions of people are interested in something there are going to be a lot of people abusing it, even if the percentage is tiny. It's reasonable for Niantic to say it never expected Pokémon Go to be adopted by so many so fast. But still: perhaps next time start with a few smaller test markets than whole nations? And maybe offer the selected towns the chance to look over the plans and raise objections?

We want public spaces to remain public and open; requiring augmented reality developers to get permission before proceeding is exactly the kind of preemptive closure we protest with respect to the internet. At the same time, augmented reality can't be allowed to colonize public space at the expense of the public. The balance in this case is going to be tricky to find.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.