Skip to content

The Best Cyber Security Tip yet? Don’t Have Secrets and to Hell with Intellectual Property

Medium Link

As anyone who’s undergone security clearance vetting knows, the main objective is ensuring that the candidate can’t be black mailed. That they don’t have some secret which can be used as leverage against them. This simple principle has broad implications, from intellectual property to piracy to a naughty browser history. Let’s examine privacy consent in positive and negative contexts.

When we talk about the right to privacy, what do we actually mean? Let’s not confuse contexts with legality and secrecy. It’s perfectly legal to purchase sex toys, but would you want your parents or your work colleagues knowing your adult toy purchasing preferences, or you porn browsing history? Most certainly not! That’s context. That’s what Incognito Mode is for.

The right to privacy is the right not have information about your activities be misused by leaking or doxxing. In short, the right to maintain context boundaries. This is the dark stuff, this is where the law must protect you. Negative freedom, freedom from having your information exfiltrated from differing contexts for the purpose of doing harm.

The European Union’s General Data Protection Regulation on the frontier here. Consent is key. Data can be a toxic asset, and we don’t want data about our browsing activities, purchasing habits or sexual preferences misused.

But data privacy rights isn’t just about negative freedom. It’s also about positive freedom; freedom towards. How reassuring is it to find that others have encountered the same problems we have and have already come up with a useful solution? This works on an individual level such as “which internet service provider gives me the best plan and customer service?” or “how do I solve problem X?”, to more general problems such as “how do I integrate this API with that service to solve challenge Y?”.

I work in technology consulting, and I’ve come to the conclusion that organisations aren’t all that unique. Organisations and businesses have common challenges, yet much like humans, they think they’re unique and their problems are special. Psychologists will say the same. Sorry snowflake, you’re not special, you’re just like everyone else!

The secret is differentiating common problems from special problems. How do we distinguish common problems from special problems? By sharing your problems with others, and by never thinking that the solutions you come up with are special and necessitate secrecy. Value lies in relationships and implementation details, not in intellectual property secrecy.

Have you ever successfully interviewed for a job by stating you have a cache of secret approaches to problems? Didn’t think so. You got the job by demonstrating you can work well with others and you have a good understanding of the knowledge domain you’re being hired for.

The devil is in the the details; in actually making something work. But the patterns, the tool set for approaching the problems are probably common knowledge in your industry.

So, to hell with secrecy! Actually implementing the solution requires the skill of the seasoned consultant. Re-inventing the wheel by keeping secret caches of code, of patterns, of diagrams, is both counter-productive and ineffective if not downright stupid.

It’s counter-productive because someone probably has already figured an approach to the problem you face, it’s stupid because your solution hasn’t been road-tested and it could also be risky because you’ve failed to take into account issues that the collective intellect has already come across and resolved.

So let’s put the fantasy of the lone genius in their garage who will come down from the mountain to regale us with their pearls of wisdom to rest for good. Most of the problems an individual or an organisation faces are faced by other individuals or organisations, so it’s safe to assume that the solutions to most of these problems can and have already been solved collectively. So when faced with a problem or challenge, start with the assumption that the problem has already been faced by others previously, and that a working solution has already been attempted. And if not, it’s a problem which merits collective troubleshooting, and the crowd will probably be better at figuring out a solution than some individual. And for god’s sake, share the solution, the pattern, the approach, with everyone. Actually implementing it to fix a specific problem will be a far greater challenge than coming up with that magical idea in the first place.

So share often, ask others, and don’t keep it a secret!

The need for Social News Aggregators

Attempts to create open source alternatives to Facebook failed. the reasons are similar to why Linux never really made it as a mainstream desktop OS: user interface, ease of use, lack of applications geared towards end users. Open source cannot compete will the technology giants, who can pour millions into developing partnerships and building their walled garden ecosystems.

But Linux is far from a failure. It is THE standard for server-side uses. Lesson here is one I repeat endlessly to clients. There’s no such thing as the ultimate product that can fulfill all possible use cases. Let Apple and Microsoft have their desktop OSes, let Google and Apple dominate the mobile space, let Facebook and Twitter dominate social networks. Social networks are great for banter, bragging, arguing, meeting new people & sharing otter videos. But we need to take back control of how we gather news and information. Yes, by resurrecting RSS and Atom possibly, by creating a Goodreads for news and blog aggregators.

It would be great to work on a social news and blog aggregator, integrated with facebook, so one can create lists and share them with FB friends, and have a twitter-like real-time feed of articles friends have read/shared/liked, or lists of interesting sources friends have created. I’ve found none so far that are free that do just that, but many tools and libraries exist, it’s just a case of patching them together.

Liu Cixin’s Deaths’s End

“Weakness and ignorance are not barriers to survival, but arrogance is”

Liu Cixin’s final instalment of the Three-Body Trilogy, Death’s End, takes our nice normative homilies and throws them at a dark yet mostly scientifically-correct universe to see what sticks. The end result is surprisingly less pessimistic than one would expect. If one were to novelise Ray Brassier’s Nihil Unbound, the Three-Body trilogy would be it. I would compare TB to Rick & Morty. Morty is the well-intentioned leftie that spouts the homely normative claims about how civilisation should be, cooperative vs competitive, market competition vs socialism, etc, but his claims are too parochial, too constricted historically. When these claims are examined through the temporal and spatial scales of the actually existing universe, they’re completely ridiculous. They’re not even worthy of contemplation by the Trisolarian aliens, whose fitting response in the first book is simply: “you’re bugs”.

Rick knows all of this already, he’s travelled a fair bit around the multiverse and easily destroys Morty’s moral positions and normative claims for the puerile idiocies that they are. Rick, like Liu Cixin, knows the universe is cold, bleak and indifferent, driven by natural forces of immense power, and, by short SF extrapolation, very possibly inhabited by extremely powerful and advanced alien species, for whom committing mundicide is as routine as scrubbing bugs off a windscreen. Yet, in these depictions of the universe there is still place for hope, cooperation and love. Which is granted a much higher status as these are recognised as being all the more rare and therefore worthy of treasuring and defending.

“Mere existence is already the result of incredible luck. Such was the case on Earth in the past, and such has always been the case in this cruel universe. But at some point, humanity began to develop the illusion that they’re entitled to life, that life can be taken for granted.”

Innovation or Outsourcing?

I do praise Apple for its history of kicking Microsoft in the gut. It’s one of the few companies that has managed to do this (albeit never directly) and get away with it, the results being better technology for end users and ultimately that is all that is important. Yet this latest trend of taking design shortcuts by essentially outsourcing interconnectivity to external peripherals is, interesting. Immediately other forms of outsourcing come to mind.

Outsourcing is largely done to offload risks, cost and externalities onto a third party. This is a core global business logic with disastrous effects on the planet and on people. Outsourcing makes it possible for Apple to claim ethical business practices while Foxconn workers commit suicide and the horrors of coltan mining in Congo happen, elsewhere.

trs_connector

image from wikipedia

Apple is not really innovating here, they are merely outsourcing the physical hassles of digital to analogue conversion (DAC). The audio jack hasn’t changed in a century because sound is created by way of physical vibrations in speakers and its design is good enough. Apple would have innovated had they delivered a new approach to transmitting the digital information in an audio file, by inventing a connector reduced in size with equal or better analogue audio fidelity characteristics, or by inventing new ways of using digital audio information to make speakers vibrate just the right way to create higher quality sound. Instead they just externalised/outsourced the problem.

This is outsourcing with a thin veneer of innovation marketing as cover. I write this on a 2015 Macbook with only one USB-C port. I need another device (at my cost of course) to connect anything to it. Apple and Microsoft. Trump and Hillary.