Urgent: skype vulnerability?

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

<base href="x-msg://600/"> I did a quick search through my data and there haven't been any major Skype vulns in a while.  There's a local privilege escalation from this last spring and URL snooping, but neither should result in massive Skype usage.  The Dark Comet Remote Access Tool (RAT) uses the Skype port and protocol to "phone home", so you might have a pest problem.  Even worse, a vulnerability was published last fall for getting in to the Dark Comet RAT via it's use of Skype - so if you have Dark Comet, someone could be breaking it to get into your computer.
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

<base href="x-msg://600/">
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

<base href="x-msg://600/">

Thanks, Raymond,

 

There is nobody else within an eight of a mile and the wifi barely reaches across the house. 

 

The stuff on my computer is standard office stuff.  The only unusual program I have is the music program finale. 

 

Does uninstalling Skype really get rid of it.  It had become a really pushy program and it fought of uninstallation for a bit. 

 

When I get back to Santa Fe, I think I am going to wipe the hard disk and start again.  Try to limp along until then.

 

Nick

 

Nicholas S. Thompson

Emeritus Professor of Psychology and Biology

Clark University

http://home.earthlink.net/~nickthompson/naturaldesigns/

 

From: Friam [[hidden email]] On Behalf Of Parks, Raymond
Sent: Friday, September 06, 2013 7:30 PM
To: The Friday Morning Applied Complexity Coffee Group
Subject: Re: [FRIAM] [EXTERNAL] Urgent: skype vulnerability?

 

I did a quick search through my data and there haven't been any major Skype vulns in a while.  There's a local privilege escalation from this last spring and URL snooping, but neither should result in massive Skype usage.  The Dark Comet Remote Access Tool (RAT) uses the Skype port and protocol to "phone home", so you might have a pest problem.  Even worse, a vulnerability was published last fall for getting in to the Dark Comet RAT via it's use of Skype - so if you have Dark Comet, someone could be breaking it to get into your computer.

 

I'd do an off-line, boot from CD/DVD, virus scan with your anti-virus of choice.

 

The Jet Pack provides a wireless access point - could someone be piggybacking on that?  What's your WiFi security?

 

Ray Parks

Consilient Heuristician/IDART Program Manager

V: 505-844-4024  M: 505-238-9359  P: 505-951-6084

NIPR: [hidden email]

SIPR: [hidden email] (send NIPR reminder)

JWICS: [hidden email] (send NIPR reminder)

 

 

 

On Sep 6, 2013, at 5:03 PM, Nick Thompson wrote:

Hi, everybody,

 

I have a Verizon jet pack for my internet here in Massachusetts and every once in a while huge charges have appeared on my usage, apparent downloads of a gigabyte scale of magnitude.  I complained to Verizon and they did an analysis of my record and tell me that these are VOIP usages.  Their suspicion is that some teenager in my house is using the box to make phone calls over skype.   But there is no teenager in my house and no other house within an eighth of a mile.  Is it possible that some Trojan is using skype to communicate.  Why?  What would be the benefit to the hacker.  Using my computer for what?  In any case, I have murdered skype.  Is there any other abuse of the voip protocol that could be going on in my computer?  Can I disable voip altogether on my machine?   My service costs ten dollars a gig, so this is not a small matter for me.  Anybody have any thoughts? 

 

Nick

 

Nicholas S. Thompson

Emeritus Professor of Psychology and Biology

Clark University

http://home.earthlink.net/~nickthompson/naturaldesigns/

 

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

 

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

<base href="x-msg://600/"> I did a quick search through my data and there haven't been any major Skype vulns in a while.  There's a local privilege escalation from this last spring and URL snooping, but neither should result in massive Skype usage.  The Dark Comet Remote Access Tool (RAT) uses the Skype port and protocol to "phone home", so you might have a pest problem.  Even worse, a vulnerability was published last fall for getting in to the Dark Comet RAT via it's use of Skype - so if you have Dark Comet, someone could be breaking it to get into your computer.

Where do the folks selling zero day exploits seem to invest effort when it comes to Linux?   Do they work against versions that are in wide distribution (2.6.32), or try to get in early and sell bugs early in the hopes the lifetime of the work will be relatively longer (3.12)?    Is bleeding edge kernel and system software any better or worse security wise than a service contract for RHEL, etc. (and immediate updates).   If there are bad statistics, that would suggest to me some benefit from security from obscurity?

It still blows me a way that governments trust vendors that use international development teams, but do not disclose source code.   Why not more of a push toward systems that can _really_ be audited?   It seems to me like using medicine that has no systematic study or peer review.      

If this is accurate, it looks to me like the databases on exploits tends to be against old software?

http://www.cvedetails.com/vulnerability-list/vendor_id-33/product_id-47/year-2013/opgpriv-1/Linux-Linux-Kernel.html

Marcus

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Marcus G. Daniels wrote at 09/11/2013 07:55 PM:
> If there are bad statistics, that would suggest to me some benefit from security from obscurity?

That reminds me.  Did anyone see Stephanie's presentation?  It has always struck me that diversity and co-evolution constitute a superset of obscurity.

--
glen e. p. ropella, 971-255-2847, http://tempusdictum.com
Whoever fights monsters should see to it that in the process he does not become a monster.   And when you look long into an abyss, the abyss also looks into you.   -- Nietzsche, "Beyond Good and Evil"


============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Glen wrote:

"It has always struck me that diversity and co-evolution constitute a
superset of obscurity."

I posit that co-evolution moves faster in today's open source world,
because:

1) More independent thinkers.  Drones tend not to care, and not caring
leads to not thinking.  Passive aggressive compliance, brain rot.

2) Improved access to information -- the source code, and a community
around it.  This allows motivated individuals to educate themselves rapidly
about things, and to be empowered to use this information.  

3) A culture that has low tolerance for secrets.

4) Similar incentive structures for Linux in the server space as would
exist for the Windows Server line.

On the other hand, the Windows world surely has more people working on
finding vulnerabilities.  But many of those people are working without
direct knowledge of how their target works. They have to infer it.  Perhaps
that has benefits, but it has costs too.

Marcus

--------------------------------------------------------------------
mail2web.com - Microsoft® Exchange solutions from a leading provider -
http://link.mail2web.com/Business/Exchange



============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

[hidden email] wrote at 09/12/2013 09:30 AM:
> I posit that co-evolution moves faster in today's open source world,
> because:

At first, I agreed vehemently.  Then I started thinking (always a mistake).  It depends on what you mean by "faster".  It's possible that the species diversity might increase.  But, perhaps _like_ a fluid going through a diverging nozzle, as the cross-section grows, the velocity shrinks.  Perhaps while the progress of any one lineage slows, more lineages arise?  Of course, I'm assuming there's some conserved property.  It's also possible there is no conserved property, or that the whole co-evolutionary machine takes better advantage of the various nooks and crannies of the world.

> 1) More independent thinkers.  Drones tend not to care, and not caring
> leads to not thinking.  Passive aggressive compliance, brain rot.

I think it's important to consider that the drones are caring and thinking ... they're simply thinking about other stuff ... like who they'll vote for on some reality TV show, or whether to go to the mall or buy from amazon.com.  The real trick is that of marketing.  How to corral a bunch of drones into caring and thinking about what you want them to?  How to manufacture care/thought?

> 2) Improved access to information -- the source code, and a community
> around it.  This allows motivated individuals to educate themselves rapidly
> about things, and to be empowered to use this information.

It also allows us to lavish kudos on the fame-tolerant we find there.  E.g. Musk, Diamandis, Branson, Dawkins, Tyson, Lady Ada, etc.  The more we can turn these unfortunate suckers into role models, the easier it will be to corral the drones.  Without the improved access to information, we're stuck with the dually diagnosed (deeper-digging _and_ charismatic).  Improved access to information allows us to worry less about charisma and focus on people who do things, regardless of what they look like or their stage/tv presence.

> 3) A culture that has low tolerance for secrets.

I think you might be slightly off on this one.  It's not a low tolerance for secrets so much as a need for _qualified_ secrets.  We don't care if you won't answer a question, as long as we're happy with _why_ you won't answer it.  The focus is on authenticity rather than openness.

> 4) Similar incentive structures for Linux in the server space as would
> exist for the Windows Server line.
>
> On the other hand, the Windows world surely has more people working on
> finding vulnerabilities.  But many of those people are working without
> direct knowledge of how their target works. They have to infer it.  Perhaps
> that has benefits, but it has costs too.

As with my prattling about your (3), I'd suggest the issue is less with the reverse engineering (which is fun) and more with the monolithic nature of Windows.  Tools in that world are too tightly coupled... it makes for a fragile tool chain... very efficient when used in the right context, but seemingly broken when abused.  And, as with Merle's "outsider everything", _abuse_ is the new _use_.

--
glen e. p. ropella, 971-255-2847, http://tempusdictum.com
Cynics regarded everybody as equally corrupt... Idealists regarded everybody as equally corrupt, except themselves. -- Robert Anton Wilson


============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

> 2) Improved access to information -- the source code, and a community
> around it.  This allows motivated individuals to educate themselves
rapidly
> about things, and to be empowered to use this information.

"It also allows us to lavish kudos on the fame-tolerant we find there.
E.g. Musk, Diamandis, Branson, Dawkins, Tyson, Lady Ada, etc.  The more we
can turn these unfortunate suckers into role models, the easier it will be
to corral the drones."

I think it is better to not deprive the drone prone of important
existential angst.  Make them sit around these people for a few days until
they lose their religion.  That won't happen if they just watch them on
TED, or in carefully produced speeches in the East Room of the White House,
or even in university lecture rooms.

> 3) A culture that has low tolerance for secrets.

"I think you might be slightly off on this one.  It's not a low tolerance
for secrets so much as a need for _qualified_ secrets.  We don't care if
you won't answer a question, as long as we're happy with _why_ you won't
answer it.  The focus is on authenticity rather than openness."

If an interface promises to do Y when it sees X, and that is tested and
declared `compliant', it doesn't tell me for sure what happens when it sees
Z, when Z is never mentioned (e.g. in the documentation).   Maybe it will
indeed again deliver Y when X is seen again, but meanwhile also deliver X
to the Mossad?  I want to see the logic that leads to Y, and see exactly
how it happens.  Otherwise all I have is a sketchy contract and it is up to
me to try to break it with Z and whatever other misuse one can think of, or
break down the obsfucated artifact (executable) into smaller bits and try
to rationalize that.  As you point out, that's different than trying to
POSIX open(2) a file and being given EPERM.   That's a refusal, but it can
be checked for consistency with other sorts of queries (e.g. stat(2)).  

Marcus

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://link.mail2web.com/mail2web



============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

[hidden email] wrote at 09/12/2013 02:32 PM:
> I think it is better to not deprive the drone prone of important
> existential angst.  Make them sit around these people for a few days until
> they lose their religion.  That won't happen if they just watch them on
> TED, or in carefully produced speeches in the East Room of the White House,
> or even in university lecture rooms.

Yeah, I know.  But that doesn't scale.  Somehow we need to replace silly role models like Justin Bieber with real ones like Spot Draves (draves.org) ... or _you_. 8^)  There's no way to get all the drones into a religion-losing interaction, especially when/if the role models really do continue working.

But where do you stop, in your ideal?  Do you stop at the source code?  Or do you also need a transparent compiler?  Linker?  Run-time? System? Component, vhdl, ceramics, doping, drawing methods?  Do you have to _be_ Yog-Sothoth in order to finally sit back and say to yourself "OK, there are no secrets, here"?

Of course, the answer is that it depends on who "you" are.  Some of us are satisfied quickly, very near the interface.  Others need to dig in and pick every nit they can (and eventually go mad ;-).  But, in the end, all of us tolerate secrets.  It's just a matter of the quality/character of those secrets.

> As you point out, that's different than trying to
> POSIX open(2) a file and being given EPERM.   That's a refusal, but it can
> be checked for consistency with other sorts of queries (e.g. stat(2)).

Ha!  Nice.

--
glen e. p. ropella, 971-255-2847, http://tempusdictum.com
Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. -- C. S. Lewis


============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

On 9/12/13 6:23 PM, glen e. p. ropella wrote:
> But where do you stop, in your ideal?  Do you stop at the source
> code?  Or do you also need a transparent compiler?  Linker? Run-time?
> System? Component, vhdl, ceramics, doping, drawing methods?
One way to avoid going down and down is to build a paranoid compiler.  
Imagine using a loop of adds to do a multiply (or for base 2, left
shifts), and in another case just using a multiply instruction.  If the
hardware is broken or malicious, cross checks on the functionally
equivalent calculations can be identified.

An area where these issues come up is for resilience of high performance
computing systems.  Very large systems are prone to soft-errors from
cosmic rays, voltage regulation, and faults from heat.  If a calculation
can be performed two times or more on different processors, then by
voting it is feasible to identify when  memory feeding a calculation or
when a calculation itself is in error.

Doing this at a higher level is possible, but the more complex the
instructions are, the harder it may be to formulate isomorphic cases.  
How do you convert a "Drive to work" operation into to "Fly to New York
City" operation?

I do think it is necessary for safety-critical or performance-sensitive
applications to have a compiler that allows for public review of its
mechanisms.    Ideally compilers would also be better about explaining
bad outcomes.   An example that comes to mind is
-ftree-vectorizer-verbose in GCC, which shows the hazards that prevent
converting a sequence of scalar operations into vector operations.

Going to another level, the runtime and system software is open source
with Linux, even some firmware.
Going down again there are examples of full microprocessor Verilog
designs like the UltraSparc T1 & T2 available as source code.
http://www.oracle.com/technetwork/systems/opensparc/opensparc-t2-page-1446157.html

Reconfigurable and synthesizable hardware (FPGAs, Tensilica/Intel Quark)
already offer control at the hardware level.
And with nano-fabrication tools and desktop electron microscopy systems,
one can imagine someday building/checking computing devices atom by
atom.   Eventually everything will be software..

One person is unlikely to have the breadth to understand the preferred
form (source) of all of these, but diverse overlapping communities
working in public could secure them, and no reverse engineering would be
needed.   Companies like Red Hat have working business models around
this kind of development.

Marcus

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

On 9/12/13 6:23 PM, glen e. p. ropella wrote:
> Or do you also need [..] doping [..]
Saw this on /. this morning.
http://people.umass.edu/gbecker/BeckerChes13.pdf
Yikes..

Marcus

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Marcus/Glen -
> On 9/12/13 6:23 PM, glen e. p. ropella wrote:
>> Or do you also need [..] doping [..]
> Saw this on /. this morning.
> http://people.umass.edu/gbecker/BeckerChes13.pdf
> Yikes..
Reading this article reminded me of the following:

UNM/HPC did some Visualization work for Sandia regarding both MEMS and
IC "diffing" back around 2000 that was impressive at the time. Part of
the challenge was partial data from multilayered work.  I was doing
ad-hoc (e.g. free) consulting with them at the time and found it one of
the more interesting problems...  among other things, we looked at the
equivalent of "blink comparators" and also dabbled with "stereopsis" as
a method for looking for *significant* differences among the plenitude
of noisy, *insignificant* differences.

This level of "mutation" seems precedented in various parts of Molecular
Biology and I'm reminded how intrinsically "digital" molecular biology
is, despite living in an analog milieu, yielding idealized random
numbers from the (brownian) environment.   My limited understanding of
(some) viral mechanisms seems to be a good analogy...   the goal being
to introduce differences which affect function of host cellular
machinery without being detectable by simple inventory style means.

Every time this "arms" race escalates to a new strata (in this case
chemistry within the morphology), a new level of indirection or degree
of freedom is added to the system... it seems as though (can't conjure a
good example without going off on a tangential ramble) there is a
structural or phase space imperative that stacking too many degrees of
freedom will lead to a complexity collapse.   It may be part of the
story of punctuated equilibrium?

- Steve

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Steve Smith wrote at 09/13/2013 08:09 AM:
>> On 9/12/13 6:23 PM, glen e. p. ropella wrote:
>>> Or do you also need [..] doping [..]
>> Saw this on /. this morning. http://people.umass.edu/gbecker/BeckerChes13.pdf
>> Yikes..
> Reading this article reminded me of the following:
>
> [...] looking for *significant* differences among the plenitude of noisy, *insignificant* differences.

That is a fantastic paper!  But I still wonder at the practical utility of their chosen use cases.  I can kinda grok the utility of reduced attack complexity because you can simply produce trojans en masse and hope they percolate into the critical sub-systems you will need/want.  But I'm too ignorant to understand the utility of the side-channel use case.  How would the black hat get the chip into the right place?  The same way?  By flooding the target with chips that all contain the hidden side channel?

--
glen e. p. ropella, 971-255-2847, http://tempusdictum.com
Whenever we depart from voluntary cooperation and try to do good by using force, the bad moral value of force triumphs over good intentions. -- Milton Friedman


============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Marcus G. Daniels wrote at 09/12/2013 09:24 PM:
> One way to avoid going down and down is to build a paranoid compiler. Imagine using a loop of adds to do a multiply (or for base 2, left shifts), and in another case just using a multiply instruction.

It all boils back down to state-less computing ... we need a new motto: "security through anarchy" ... doesn't rhyme as well as security through obscurity, though.

> Doing this at a higher level is possible, but the more complex the instructions are, the harder it may be to formulate isomorphic cases. How do you convert a "Drive to work" operation into to "Fly to New York City" operation?
> [...]
> One person is unlikely to have the breadth to understand the preferred form (source) of all of these, but diverse overlapping communities working in public could secure them, and no reverse engineering would be needed.

If we know this is/will-be the case, then why press for absolute transparency at all?  Why not be anarcho-capitalist and allow for the opacity of some, strategically allowed, opacity?

Regardless, the genetic construction of "Drive to work" vs. "Fly to NYC" need not be that different, though they probably _will_ be very different in any particular case.  It reminds me of a conversation I just had with a bunch of automatic programming skeptics.  My role in the argument was to assert the typical ALife case that it is difficult to _abduce_ from the one example of life that we have to a general understanding of life. (I learned a new word at the same conference - though not in this particular argument - "gnotobiotic" http://www.merriam-webster.com/dictionary/gnotobiotic.)  And a noble objective would be to try to regenerate life forms based on new genetic structures, ideally computational structures.  They didn't give me a chance to allow for synthetic biology because their reactions were so .... vehement.  One guy said it's flat out impossible.  Another guy expressed that it was a complete waste of time.  The only female in the discussion kept asking loaded questions i
mplying that I was either feeble-minded or insane. 8^)  The conversation devolved into objective functions and I found myself torn between adopting my "wacko/moron" role vs. lecturing them on implicit objective functions and co-evolution.  Guess which one I chose. ;-)

Anyway, my point here is that working at the interface level carries more benefit than cost for the same reasons that test-driven development has taken over (at least in hype) the s/w development world.  I tend to view it as a "constraint based approach" to the world.  Forcing absolute transparency (even if only in the ideal) seems like a low RoI commitment.

Lastly, it's also important to realize that your egalitarian concept of of the diverse overlapping communities _might_ turn out to be naive or overly simple.  If we think in terms of gaming, there should arise some seriously competent gamers who pool resources into a very small (and controllable) cabal that has a better understanding of the entire stack than anyone else.  And, not only will the transparency _not_ assist the rest of us schlubs in keeping that cabal honest, it will _prevent_ that because the cabal can hide behind the illusion of transparency.

They can always say things like "It's all on the up and up!  The source code's out there.  Check it yourself."  ... all the while _knowing_ that without their billions of dollars in assets we normal people cannot "check it ourselves".  Hence, perhaps similar to "green washing", the good gamers will use our own ideology against us.

--
⇒⇐ glen e. p. ropella
And even though I'm sitting waiting for Mars; I don't believe there's any future in cause
 

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

On 9/13/13 2:57 PM, glen wrote:
> If we know this is/will-be the case, then why press for absolute
> transparency at all?  Why not be anarcho-capitalist and allow for the
> opacity of some, strategically allowed, opacity?
The anarcho-capitalist will try to extract every bit of value from any
vocabulary they own or influence.  It's fine for them to try to do that,
but it is also fine to make them obsolete.   For example, GPU vendors
own their hardware designs and their driver stacks.  If their driver
stacks are open sourced, or reverse-engineered that gives a little more
insight into how their hardware works.  If people know how their
hardware works, then some competitor can come along and create similar
hardware at a lower price point.  Provided an open source effort can
come along and make a sort of similar VHDL design that puts them out of
business, it's all good.   Most anarcho-capitalists aren't that, of
course, they are capitalists, and expect public investment to be there
to protect their IP for them, through copyrights, patents, and so on.  
The GPU vendors want an interface like OpenCL so that they can keep
people away from the actual design.  That's annoying, and misrepresents
the concept of `open' for their own selfish purposes.
> Anyway, my point here is that working at the interface level carries
> more benefit than cost for the same reasons that test-driven
> development has taken over (at least in hype) the s/w development
> world.  I tend to view it as a "constraint based approach" to the
> world.  Forcing absolute transparency (even if only in the ideal)
> seems like a low RoI commitment.
Some users can't afford to trust, and will have a very sensitive cost
function.   Other users have a more risk/reward structure. But it is ok if there are schlubs, if provided one chooses to be one.  
Membership in the cabal comes from cognitive investment, not capital.
> They can always say things like "It's all on the up and up!  The
> source code's out there.  Check it yourself."  ... all the while
> _knowing_ that without their billions of dollars in assets we normal
> people cannot "check it ourselves".  Hence, perhaps similar to "green
> washing", the good gamers will use our own ideology against us.
>
I've worked on a variety of types of code, and I don't find I need to
appeal to individuals controlling teams of people and domain experts to
understand the parts I'm interested in.    There's a scale free property
to good codes that makes it possible to understand them.   Understand
the goals, inputs, the outputs, and starting building out an
understanding..   If there is no source code it is much more difficult
(but not impossible).

Marcus

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

This economy is not working for everyone. And one of the points we make in the film, which I have been writing about, but the wonderful thing about the film is that you can dramatize something, is that the economy is not something out there, it is not kind of a state of nature, the economy is a set of rules. It is based upon, basically, rules that are decided upon by our democracy. And if our rules are generating outcomes that are unfair, that don’t work very well, that don’t spread enough of the gains of economic growth to enough people, we change the rules.

If we know this is/will-be the case, then why press for absolute transparency at all?  Why not be anarcho-capitalist and allow for the opacity of some, strategically allowed, opacity?

The anarcho-capitalist will try to extract every bit of value from any vocabulary they own or influence.  It's fine for them to try to do that, but it is also fine to make them obsolete.

...

Most anarcho-capitalists aren't that, of course, they are capitalists, and expect public investment to be there to protect their IP for them, through copyrights, patents, and so on.  The GPU vendors want an interface like OpenCL so that they can keep people away from the actual design.  That's annoying, and misrepresents the concept of `open' for their own selfish purposes.

Lastly, it's also important to realize that your egalitarian concept of of the diverse overlapping communities _might_ turn out to be naive or overly simple.  If we think in terms of gaming, there should arise some seriously competent gamers who pool resources into a very small (and controllable) cabal that has a better understanding of the entire stack than anyone else.  And, not only will the transparency _not_ assist the rest of us schlubs in keeping that cabal honest, it will _prevent_ that because the cabal can hide behind the illusion of transparency.

But it is ok if there are schlubs, if provided one chooses to be one.   Membership in the cabal comes from cognitive investment, not capital.

They can always say things like "It's all on the up and up!  The source code's out there.  Check it yourself."  ... all the while _knowing_ that without their billions of dollars in assets we normal people cannot "check it ourselves".  Hence, perhaps similar to "green washing", the good gamers will use our own ideology against us.

I've worked on a variety of types of code, and I don't find I need to appeal to individuals controlling teams of people and domain experts to understand the parts I'm interested in.    There's a scale free property to good codes that makes it possible to understand them.   Understand the goals, inputs, the outputs, and starting building out an understanding..   If there is no source code it is much more difficult (but not impossible).

Marcus

I was left wondering if Marcus' arguements about Open Source don't apply well to Governance and Economics.  The Stick and the Carrot of any society seems to be it's Legislation and Policy and it's Economic System.

Isn't a Democracy a system for supporting "code development"?   And isn't Economics the primary execution environment for that code?  It seems like much of our discussion about transparency in government and accountability is not unlike demanding that we be able to read the code that is being executed.  Democracy itself is the act of writing code; the rules of execution of everything from government itself (compilers, interpreters, system libraries, OS) to economics to criminal justice (exception handling?)

IS there a large enough contingent of aspiring "technocrats" such as ourselves who might understand this parallel well enough to drive a phase change?  Proprietary Code *still* has a huge place in our technosphere, but Open Source (including Open Hardware) has become incredibly powerful just as the *very ideas* of Democracy and then Free Markets once were themselves.  

Just a thought...

- Steve


============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Marcus G. Daniels wrote at 09/13/2013 02:59 PM:
> If people know how their hardware works, then some competitor can come along and create similar hardware at a lower price point.  Provided an open source effort can come along and make a sort of similar VHDL design that puts them out of business, it's all good.

Right.  So, it would work fairly well without a requirement for absolute transparency.

>Most anarcho-capitalists aren't that, of course, they are capitalists, and expect public investment to be there to protect their IP for them, through copyrights, patents, and so on. The GPU vendors want an interface like OpenCL so that they can keep people away from the actual design.  That's annoying, and misrepresents the
> concept of `open' for their own selfish purposes.

Well, to be fair, copyrights and patents have to be defended by their owners using the public infrastructure as a lever.  If you're too poor to defend your own property, that public infrastructure is worthless to you.  Some of the larger organizations often argue that _they_ are the primary source of the public infrastructure in the first place.  So, it's not quite as cut and dried.

But you're right, these capitalists are not anarcho-capitalists by any stretch.  They want state-corp integration ... preferably asymmetric integration.

> Membership in the cabal comes from cognitive investment, not capital.

I disagree.  Membership in the set of cabal _tools_ ... the technically competent person, comes from cognitive investment.  Ownership/control of those tools comes from capital, usually in the form of "golden handcuffs".  What percentage of geeks do you know that wouldn't opt for a 6 figure salary in exchange for their indentured servitude?  ... at least for a little while?

Membership in the actual cabal requires you to be able to own/control the tools, which means you need money to pay them some sort of competitive salary (or perhaps lavish them with avant technology).  In some rare cases, you can exert control through charisma or machiavellian manipulation.  But that's the exception, not the rule.

> I've worked on a variety of types of code, and I don't find I need to appeal to individuals controlling teams of people and domain experts to understand the parts I'm interested in.    There's a scale free property to good codes that makes it possible to understand them.   Understand the goals, inputs, the outputs, and starting building out an understanding..   If there is no source code it is much more difficult (but not impossible).

Again, for the most part, I agree.  But you have to remember two things 1) you're not the average and 2) the _types_ matter.  For example, it's one thing to be curious about, say, operating systems.  But it's another thing, entirely, to be curious about cryptographic systems.

--
⇒⇐ glen e. p. ropella
Among the metal ones a messenger will soon arrive.
 

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com