Menu Close

Category: Newsletter (page 4 of 28)

Archives of the Exolymph email newsletter.

This website was archived on July 20, 2019. It is frozen in time on that date.
Exolymph creator Sonya Mann's active website is Sonya, Supposedly.

Perils of the Connected Farm

Note from the editor: My friend Greg Shuflin posted the following story on Facebook. I asked if I could redistribute it here, and he said yes.


It was a pretty crazy day on the farm — the farm of the neocyberpunk 2040s that is, where cybernetically modified agrohackers wielded vast armies of AI-controlled smart tractors and fertilizer drones to eke their genejacked grain out of the dry soil of the post-Ogallala hellscape that was once a polity called “Kansas”.

Old Farmer Mauricio had programmed his cyberbrain to start nanofabbing caffeine molecules at 6am, and ever since then he’d been dealing with shit — some web bandits had exploited a quantum memory zero-day and broken into half of his private cloud’s namespace. Probably some fucking thirty-something LOMPs [low-marginal-product-of-labor proles on basic income] with nothing better to do than fuck with people, Mauricio thought to himself darkly.

Before the sun was finished rising, Mauricio had patched the vuln, killed as many of the malware AIs as he could find on his network, and had started to restore the water-recycler control AI from backup. He grabbed a quick breakfast of rice porridge and a Chinese doughnut, then woke up his lazy teenage nephew Chuck, who was staying with him during the growing season.

“Time to get up, Chucko,” he said, as the sleepy teen fumbled for his ocular implant on the pile of dirty laundry near his bed. “We’ve been hacked. I really need your help today.”

Chuck quickly brushed his teeth, threw on some work clothes, and went to the hovertractor in order to go do a hard reset on the network node out in field #3. But as he pulled the tractor out of the garage, he found that his way forward was blocked.

All of the AI-controlled wheel hoes that his uncle owned were spinning in circles and brandishing their spikes, in the most menacing fashion that their hardware allowed. Of course, the damn wheel hoes were behind the same firewall as everything else! So they had been infected and turned by the LOMPs’ fuckery too.

Mauricio let his nephew set out, with a word of warning: “Watch yourself, kid. These hoes ain’t loyal.”


You may be wondering, “Was that whole story really just build-up for a pun based on a Chris Brown song?” The answer is that yes, yes it was. Watch out for the LOMPs at work today, y’all.


Header photo by Michele Walfred.

The Staid Side of Money

I interviewed my Twitter friend Marc Hochstein, who is the editor-in-chief at American Banker, about finance and technology. (He didn’t speak with me in a professional capacity, but I think his workplace is helpful context.)

Hochstein started his career as a wire service reporter at Dow Jones. He called it a “character-building experience” that involved a lot of cold-calling day traders. The upshot is that Hochstein has been reporting on banks and finance for decades, so his perspective on recent industry developments is interesting.

(Why you should care about this: Our world runs on money. The financial-services industry is hyper-entwined with government, and together they’re the base-level system that everything else is built on top of. That’s actually a simplification since “everything else” and “finance” developed concurrently, but you get the idea.)

I think this quote sums up a lot:

In the last two years — maybe three or four years — there’s been a lot more interest in technology as a potentially transformational force, than there has been in a very long time. You could argue that banking was always, in a way, a technological industry, or always a data industry. There’s a quote from Walter Wriston, who was the chairman of Citicorp back in the ’80s and ’90s. I forget the exact verbatim quote, but it’s something like, “A bank is nothing but a data warehouse, that’s always what it’s been.”

But the banks — financial institutions in general — have been slow to upgrade their core technology, and for some understandable reasons. Changing the core of the bank is a hard thing to do. […] When times are good, when they’re making a lot of money, there’s no real impetus to change anything. And then when times are bad, they don’t have the resources to do anything. Or resources are scarce, I should say.

Hochstein pointed out that the “Uber narrative” hasn’t played out in finance like it has in other industries. He told me, “The barriers to entry are higher. The stakes are higher, because you’re talking about people’s money.” Fintech startups can’t afford to beg forgiveness instead of asking permission. Regulators don’t take kindly to that, and users don’t either.

Technology hasn’t shaken up finance as much as people in Silicon Valley might have expected. Over the last few years, Hochstein explained, “The rhetoric changed from ‘fintech is going to eat the banks’ lunch’ to ‘fintech is going to make banking better at what they do’.” Still, “it’s a little early to say” whether fintech is actually improving banking, or what the degree of change will be. “I wouldn’t say it’s been a profound effect, but it’s there.”

On the bright side, “Transferring money is slowly getting faster.” The Automated Clearing House is finally moving to same-day settlement. “Part of the reason why they did that, why they finally had an impetus to go there,” Hochstein said, “is because of things like Ripple, and bitcoin, and cryptocurrency, as well as real-time payment systems that you see in a lot of other countries.” Hochstein noted that regulators and the Fed have also been pushing in this direction.

I find this slightly mind-boggling. It’s a big deal that ACH is moving to same-day settlement — not real-time, just same-day. In the year 2017.

I asked Hochstein which issues are going to dominate a lot of attention going forward, and he mentioned “open banking” and data portability. Basically, banks have a tremendous amount of lock-in because of all the information they’ve collected and stored about your identity and your account activity.

There’s some talk of forcing banks to provide this information to competitors — or whoever else might be authorized by individuals, e.g. money-management apps like Mint — via API. Guess whether the banks want to do that!

In conclusion, finance gonna finance. Big companies gonna rent-seek. They change when they’re forced to, either by regulation (Dodd-Frank Act, for example) or by the competitive environment. In general, these institutions move slowly. On balance that’s actually a good thing, considering how much havoc they could potentially wreak.


Thank you to Marc Hochstein for talking to me — follow him on Twitter or read his articles.

Photo of the Wall Street bull by Sam Valadi.

Trust Not the Green Lock

Eric Lawrence works at Google, where he is “helping bring HTTPS everywhere on the web as a member of the Chrome Security team.” (I preserved his phrasing because I’m not 100% sure what that means concretely, but working on security at Google bestows some baseline credibility.) A couple of days ago Lawrence published a blog post about malicious actors using free certificates from Let’s Encrypt to make themselves look more legit. As he put it:

One unfortunate (albeit entirely predictable) consequence of making HTTPS certificates “fast, open, automated, and free” is that both good guys and bad guys alike will take advantage of the offer and obtain HTTPS certificates for their websites. […]

Another argument is that browsers overpromise the safety of sites by using terms like Secure in the UI — while the browser can know whether a given HTTPS connection is present and free of errors, it has no knowledge of the security of the destination site or CDN, nor its business practices. […] Security wording is a complicated topic because what the user really wants to know (“Is this safe?”) isn’t something a browser can ever really answer in the affirmative.

Lawrence goes into much more detail, of course. His post hit the front page on Hacker News, and the commentary is interesting. (As usual! Hacker News gets a worse rap than it deserves, IMO.)

I want to frame this exploitation of freely available certificates as a result of cacophony of the web. Anyone can publish, and anyone can access. Since internet users are able to choose anonymity, evading social or criminal consequences is easy. (See also: fake news, the wholly fabricated kind.) Even when there are opsec gaps, law enforcement doesn’t have anywhere near the resources to chase down everyone who’s targeting naive or careless users online.

Any trust signal that can be aped — especially if it can be aped cheaply — absolutely will be. Phishers and malware peddlers risk nothing. In fact, using https is not inherently deceptive (although it is surely intended to be). The problem is on the interpretation end. Web browsers and users have both layered extra meaning on top of the plain technical reality of https.

To his credit, Lawrence calls the problem unsolvable. It is, because the question here is: “Can you trust a stranger if they have a badge that says they’re trustworthy?” Not if the badge can be forged. Or, in the case of https, if the badge technically denotes a certain kind of trust, but most people read it as being a different kind of trust.

(I’m a little out of my depth here, but my understanding is that https doesn’t mean “this site is trustworthy”, it just means “this site is encrypted”. There are higher types of certificates that validate more, usually purchased by businesses or other institutions with financial resources.)

High-trust societies can mitigate this problem, of evaluating whether a stranger is going to screw you over, but there’s no way to upload those cultural norms. The internet is not structured for accountability. And people aren’t going to stop being gullible.

Anyway, Lawrence does have some suggestions for improving the current situation. Hopefully one or multiple of those will go forward.


Header photo by Joi Ito.

Seeking Digital Citizenry

For years, Estonia has experimented with expanding their territory via the internet. You can become an “e-resident” of this small, friendly European country. But that’s not enough for Estonia — no, Estonia continues to innovate! Now they’re planning to export their brand:

We have built one of the world’s most advanced digital societies and are offering our country as a service. Estonia also means a clean environment, Arvo Pärt, our president and startup hubs, largest gender pay gap in the EU, UNESCO heritage and sky-high CO2 emissions — all the good and the bad. No logo would do us justice. Instead we have a lot of interesting stories and a clear vision.

Estonia's visual branding

Estonian visual asset.

I find Estonia’s eagerness charming, but also cringeworthy. The self-deprecating faux-pride about their gender pay gap and CO2 emissions is off-putting. Nevertheless, I’m intrigued by Estonia’s effort just like I’m intrigued by seasteading and Liberland. More people and institutions should be attempting to invent less arbitrary forms of nationalism.

Estonia’s oddball expansion feels like the flipside of John Perry Barlow’s infamous vision for the internet:

Governments derive their just powers from the consent of the governed. You have neither solicited nor received ours. We did not invite you. You do not know us, nor do you know our world. Cyberspace does not lie within your borders. Do not think that you can build it, as though it were a public construction project. You cannot. It is an act of nature and it grows itself through our collective actions. […]

Cyberspace consists of transactions, relationships, and thought itself, arrayed like a standing wave in the web of our communications. Ours is a world that is both everywhere and nowhere, but it is not where bodies live. […] Your legal concepts of property, expression, identity, movement, and context do not apply to us. They are all based on matter, and there is no matter here.

He was mostly wrong — but a little bit right. See “The Cyberpunk Sensibility” for my take on that.

I Hope You Like the NSA Because the NSA Sure Likes You

Today’s news about the NSA feels a little too spot-on. I hope the hackneyed scriptwriters for 2017 feel ashamed:

In its final days, the Obama administration has expanded the power of the National Security Agency to share globally intercepted personal communications with the government’s 16 other intelligence agencies before applying privacy protections.

The new rules significantly relax longstanding limits on what the N.S.A. may do with the information gathered by its most powerful surveillance operations, which are largely unregulated by American wiretapping laws. These include collecting satellite transmissions, phone calls and emails that cross network switches abroad, and messages between people abroad that cross domestic network switches.

The change means that far more officials will be searching through raw data. Essentially, the government is reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people.

Really? Expanding the NSA’s power, so soon after the Snowden plotline? A move like this might be exciting in an earlier season, but at this point the show is just demoralizing its viewers. Especially after making the rule that no one can turn off their TV, ever, it just seems cruel.

At least the Brits have it worse? I dunno, that doesn’t make me feel better, since America likes to import UK culture. (It’s one of our founding principles!)

Now is a good time to donate to the Tor Project, is what I’m saying.

In other news, researchers can pull fingerprints from photos and use the data to unlock your phone, etc. Throwback: fingerprints are horrible passwords.

Remember, kids, remaining in your original flesh at all is a poor security practice.


Header photo via torbakhopper, who attributes it to Scott Richard.

Reclaiming the Panopticon

The following is Tim Herd’s response to the previous dispatch about sousveillance.


A tech executive was quoted saying something like, “Privacy is dead. Deal with it.” [According to the Wall Street Journal, it was Scott McNealy of Sun Microsystems. He said, “You have zero privacy anyway. Get over it.”]

I think he’s right, for most working definitions of “privacy”. I think that security professionals, privacy advocates, etc, are fighting rearguard actions and they will lose eventually.

Less than a year after Amazon rolls out Alexa, cops pull audio from it to get evidence for a conviction. That microphone is on 24/7, and in full knowledge of this people still buy them.

Why?

Information is valuable. The same technology that lets me look up photos of your house for shits and grins, or to stalk you, is what powers Google Maps.

Privacy and these new technologies will, and have already, come into conflict. The value of the new tech is way, way more than the value of the privacy lost.

This can devolve into 1984 lightning fast. On the other hand, think about this: “Probably the best-known recent example of sousveillance is when Los Angeles resident George Holliday videotaped police officers beating Rodney King after he had been stopped for a traffic violation.” [From the Steve Mann paper.]

The same surveillance tech that makes us spied on all the time, makes other people spied on all the time. I can’t get up to no good, but cops can’t either.

It’s a tool, and it all depends on how it’s used.

Take me, for example. With a handful of exceptions that I am not putting to paper, there is nothing in my life that is particularly problematic. If the government were spying on me 24/7, it wouldn’t even matter. I have nothing to hide.

(I understand the implications regarding wider social norms. I’m working under the assumption that That Ship Has Sailed.)

The people who do have things to hide, well, we made that shit illegal for a reason. Why should I care when they get burned? That’s the whole goddamn point of the law.

(Aside: I believe that the more strictly enforced a law is, the better it is for everyone overall, because consistency of expectations is important. I bet that the roads would be much safer and more orderly if every single time anyone sped, ever, they automatically got a speeding ticket. Always. No matter what. No cat-and-mouse games with cops, no wondering which lights have speed cameras. Just a dirt-simple law. Here is the rule. Follow it and we are fine. Break it and you will always lose. So many problems are caused by people trying to game the rules, break them whenever possible, and follow them only when they have to.)

(Continued aside: Obviously shit would hit the fan if we started automatically 100% enforcing every traffic law. But you better believe that within a month of that policy being rolled out nationwide, speed limits would rise by at least 50%.)

The reason we care about surveillance is that a lot of things are more illegal than we think they should be.

Obvious example: In a world of perfect surveillance, 50% of California gets thrown in federal prison for smoking weed.

All of this is build-up to my hypothesis:

  • The fully surveilled world is coming, whether we like it or not.
  • This will bring us a ton of benefits if we’re smart and brave enough to leverage it.
  • This will bring an unprecedented ability for authorities to impose on us and coerce us, if we are not careful.

Which brings me to the actual thesis: Libertarianism and formal anarchy is going to be way more important in the near future, to cope with this. In a world of perfect surveillance, every person in San Francisco can be thrown in prison if a prosecutor feels like it. Because, for example, literally every in-law rental is illegal (unless they changed the law).

The way you get a perfect surveillance world without everyone going to prison is drastic liberalization of criminal law, drastic reduction of regulatory law, and live-and-let-live social norms that focus very precisely on harms suffered and on restorative justice.

A more general idea that I am anchoring everything on: A lot of people think tech is bad, but that is because they do not take agency over it. Tech is a tool with unimaginable potential for good… if you take initiative and use it. If you sit back and just wait for it to happen, it goes bad.

If you sit back and wait as Facebook starts spying on you more and more, then you will get burned. But if instead you take advantage of it and come up with a harebrained scheme to find dates by using Facebook’s extremely powerful ad-targeting technology… you will benefit so hard.


Header artwork depicting Facebook as a global panopticon by Joelle L.

Watch Yourself

Let’s talk about sousveillance again. For those not familiar with the word, it literally translates to “undersight” — as opposed to oversight. Surveillance is perpetrated by an authority; sousveillance is perpetrated by the people. The unwashed masses, if you will.

Steve Mann (no relation) led the paper that coined the term. It came out in 2003! They had no idea about Instagram! What’s interesting is how much the connotations of “sousveillance” have morphed since Mann and his colleagues first came up with it. Here’s their original conception:

Organizations have tried to make technology mundane and invisible through its disappearance into the fabric of buildings, objects and bodies. The creation of pervasive ubiquitous technologies — such as smart floors, toilets, elevators, and light switches — means that intelligence gathering devices for ubiquitous surveillance are also becoming invisible […]. This re-placement of technologies and data conduits has brought new opportunities for observation, data collection, and sur/sousveillance, making public surveillance of private space increasingly ubiquitous.

All such activity [until now] has been surveillance: organizations observing people. One way to challenge and problematize both surveillance and acquiescence to it is to resituate these technologies of control on individuals, offering panoptic technologies to help them observe those in authority. […]

Probably the best-known recent example of sousveillance is when Los Angeles resident George Holliday videotaped police officers beating Rodney King after he had been stopped for a traffic violation. The ensuing uproar led to the trial of the officers (although not their conviction) and serious discussion of curtailing police brutality […]. Taping and broadcasting the police assault on Rodney King was serendipitous and fortuitous sousveillance. Yet planned acts of sousveillance can occur, although they are rarer than organizational surveillance. Examples include: customers photographing shopkeepers; taxi passengers photographing cab drivers; citizens photographing police officers who come to their doors; civilians photographing government officials; residents beaming satellite shots of occupying troops onto the Internet. In many cases, these acts of sousveillance violate [either explicit or implicit rules] that ordinary people should not use recording devices to record official acts.

Sousveillance was supposed to be a way to Fight the Man, to check the power of the state. Unfortunately, many governments’ surveillance apparatuses* were poised to take advantage of the compulsive documenting habit that smartphones added to daily life.

For example, the NSA has wonderful SIGINT. Theoretically they can mine Facebook and its ilk for whatever insights they might want to extract. Encryption mitigates this problem, but it’s not clear by how much. Anything that’s publicly available online can be scraped.

So now you have n00bs posting photos of protests on Twitter and accidentally exposing people with open warrants. Elle Armageddon wrote a two-part “OPSEC for Activists” guide, but by default the attendees of unplanned, uncoordinated events aren’t going to follow the rules.

Welp ¯\_(ツ)_/¯


*I thought it would be “apperati” too, but as it turns out, no. See this and this.

Image credit: My Second or Third Skin by Claire Carusillo.

A Blossoming Strand of Fear

“I saw the best minds of our generation, writing mind viruses and trying to start cults” — @radical_praxis

Thank goodness, at least someone is making an effort!

Flickr user new 1lluminati always delivers.

Flickr user new 1lluminati always delivers.

As far as I can tell, there are four ways to start a cult:

  • charismatic crazy person
  • charismatic cynical person
  • crazy or cynical person with a lot of firepower
  • stand-alone complex

Sometimes these vectors combine.

The term “stand-alone complex” comes from a famous cyberpunk anime called Ghost in the Shell. Per some random Wikipedia contributor(s):

A Stand Alone Complex can be compared to the emergent copycat behavior that often occurs after incidents such as serial murders or terrorist attacks. An incident catches the public’s attention and certain types of people “get on the bandwagon”, so to speak. It is particularly apparent when the incident appears to be the result of well-known political or religious beliefs, but it can also occur in response to intense media attention. […]

What separates the Stand Alone Complex from normal copycat behavior is that there is no real originator of the copied action, but merely a rumor or an illusion that supposedly performed the copied action. There may be real people who are labeled as the originator, but in reality, no one started the original behavior.

The weird spate of “killer clowns” a few months ago was arguably a stand-alone complex. (Didn’t hear of it? You’re in luck, because Know Your Meme compiled the relevant incidents.) The now-infamous PizzaGate controversy has elements of a stand-alone complex.

It would be an interesting art project to generate a stand-alone complex, but I wonder if that’s even possible — do you have to be sincere for it to work? When the SAC got away from you, as it must in order to flourish, would you feel responsible for its results?

Heed the Memes

I’ve encountered some delightful little creatures called memeballs, and apparently these ones represent different strains of anarchism. You can tell by the colors. My partner showed me the first specimen for reasons that will become obvious immediately:

when your crush hooks up with some diskhead jock with poorly optimized security software so you replace all of his childhood memories with a boot prompt for an industrial paint mixer

He had it coming, right? Besides, future industrial paint mixers could lead happy lives. Our protagonist might have done the diskhead jock a favor.

When you send your son to his room for being naughty and he creates his own state and attempts to annex your fridge so you fire a tomahawk missile at him

This also seems completely justified and not an overreaction in the slightest.

My resolution for 2017 is to look at more anarchist memes. (Does it matter how well they hew to the actual philosophy? Probably not.) I’ll get my partner to curate them for me, since I can’t stand 4chan myself.

Jokes aside, I do think that memes are important. Both in the original Richard Dawkins sense — the meme as a knowledge unit that reproduces — and in the “humorous captioned image” sense. RIP Harambe.

I don’t know much about their impact in other countries, but memes were important to the US election. “Meme magic” is truly potent — Tara Isabella Burton wrote a great article about this. Reality is a mutual social creation.

What remains to be seen is whether the mainstream can harness meme magic to fight the insurgent fringes, or whether their efforts will remain consigned to /r/FellowKids.

¯\_(ツ)_/¯ tfw asymmetric information warfare is a feature, not a bug

“Strange dueling subcultures and their own narratives, folk beliefs, superstitious techno-animism, language-games — to the extent that any kind of ‘database culture’ can be called a narrative as opposed to simply just a collection of memetic primitives — have taken control of the means (perhaps now memes) of knowledge production.” — Adam Elkus

© 2019 Exolymph. All rights reserved.

Theme by Anders Norén.