Profile cover photo
Profile photo
Malcolm Rowe
846 followers -
Occasionally writes code
Occasionally writes code

846 followers
About
Malcolm Rowe's interests
Malcolm Rowe's posts

Post has attachment
The Life-Changing Magic of Tidying, Marie Kondō. 4★.

This is "how to transform your home so that it stays tidy". It reads a little bit like a sales pitch, although the author isn't selling anything specific, and I think they're just very enthusiastic.

Useful in some senses, though repetitive in parts, and a lot of instruction by anecdote. That said, the concrete recommendations here seem sensible and straightforward, and the book is easy to read.

Post has attachment
The Nightmare Stacks, Charlie Stross, number 7 in the Laundry Files series. 4★. At this point in the series, Bob is becoming an Invincible Hero, so we're moving the spotlight onto one of the characters from book #5.

Seemed a bit slow going to start with (as Alex is being introduced as a Bob 2.0), but developed nicely. Without being too spoilery, I definitely enjoyed the high fantasy / contemporary military conflicts; the fantasy side reminded me a bit of The March North.

Finished a little quickly, but AIUI the story is intended to continue into The Delirium Brief.

Post has attachment
Chalk, Paul Cornell. 3★.

Paul Cornell's written a lot that I like: the Shadow Police and Lychford series, for example. This has some aspects of the latter, but it's much closer to an early Stephen King, or James Herbert.

It's gory. It it intriguing in parts, but it's also a bit too incoherent — or possibly just too subtle — for my taste.

Post has attachment
A demonstrated practical attack against full SHA-1.

The downloadable example is two 400k PDFs with the same SHA-1 and different contents. "Furthermore, the prefix of the colliding messages was carefully chosen so that they allow an attacker to forge two PDF documents with the same SHA-1 hash yet that display arbitrarily-chosen distinct visual contents".

Post has attachment
The Google Site Reliability Engineering book is now available to read online, for free, under a CC license.

This is a great collection of articles and essays about some of the technical and cultural ways that Google manages systems in production. Worth reading if you're interested in engineering, whatever the scale.

Post has shared content
The UK's Investigatory Powers Act is a privacy disaster waiting to happen. Details below.

There's a petition to "repeal" it (really, to not enact it in the first place) at https://petition.parliament.uk/petitions/173199, though I have my doubts that that will achieve much.
Reposting this writeup (re: the UK's Investigatory Powers Act) from a friend who OKed doing so. It is verbatim except for a slight audience modification of mine at the end of the piece.

My commentary paragraph: The UK's relationship to encryption and surveillance has been worrisome to those of us technical enough to understand what kind of power it represents. I do not think it's hyperbole to say that the powers discussed here are significantly more intrusive than those exercised by the East German Stasi. The only thing preventing them from being used catastrophically is the good will of the government. This should worry people.

*

British people have a less adversarial relationship with government than is found in American culture. One of the consequences of this is that the intelligence services are more trusted to get on with things and do whatever is necessary. There’s plenty of material to make the case that such trust is misplaced (dodgy dossiers[1] are just the latest in a long trail of similar messes[2]) but none of it has resulted in substantial changes in this general disposition.

That’s one of the reasons why, back in the 1990’s while the US was enacting the DMCA, the UK government was passing a law[4] giving every trivial branch of the state substantial pen-register powers and requiring people to disclose encryption keys on pain of imprisonment. (If you don’t know a key that the police want you to disclose then you better hope you can prove that you don’t know it.)

This law was subsequently used to investigate hedge trimming, fouling of paths by dogs (more than a dozen times) and violations of car parking rules[5].

But, around 2008 (pre-Snowden), the Labour government was aware that the activities of GCHQ[3] (the British NSA) were past the point where even a deferential reading of the law could cover them. In the subsequent Snowden documents, while the NSA might have had the lead role, whenever something especially crazy came up it would be the logo of GCHQ on the slides. The NSA was tapping significant fiber lines coming into the US, but it was GCHQ that decided to keep a three day buffer of nearly the entire British internet. (Thirty days for metadata.)

The solution to this was to write a law[7] that gave GCHQ and friends the authority to do the things that they had already been doing for a while. Since none of it was public at that point, they hoped to neatly brush the excesses under the rug and make everything nice and legal for the future.

Due to a lack of political support, this plan never crystalised into a firm proposal. But the underlying problem remained for the next government, which appeared in 2010.

This new government was a coalition of a major party, the right-leaning Conservatives, and a minor party, the more socially liberal Liberal Democrats. The Conservatives in the form of the Home Secretary, Theresa May, were keen to essentially pick off where the previous attempt had failed and in 2012 things got to the point of being a draft law[8].

This time, the lack of support came from within the government: the minor coalition party withdrew their support and then Snowden finished it off.

Concurrent with that, the Labour party (which had been defeated in the election) held a leadership contest. Rather than pick the obvious and competent candidate they selected his younger brother. It’s probably the case that several powerful interests in the party though that the younger brother would be more compliant. Sadly, these interests didn’t realise that the younger brother, Ed Miliband, emphasised the idiot in “useful idiot” and it became clear that he was basically unelectable—dooming his party in the 2015 election.

The Liberal Democrats, the minor coalition partners from 2010, suffered terribly[9] in the same election because they were also led by an unskilled politician who was unable to navigate the compromise between sticking up for party principles and being part of a coalition.

Thus in 2015, the Conservatives had enough support to form a government without any coalition. Enough time had, seemingly, passed since Snowden that the same Home Secretary felt it was time for another attempt at granting the intelligence services the authority to do what everyone now knew they were doing anyway, plus whatever else they wanted for the future.

Labour, having lost another election, held another leadership contest and selected a hard-left candidate. Since most of the Labour members of Parliament are fairly centrist, the party was hopelessly divided and unable to function. This is still the case.

Thus both opposition parties were crippled and this third attempt at passing the law looked like the strongest, even now that the behaviour of GCHQ was publicly known. Mrs May even admitted in public that successive governments had essentially broken the law, something confirmed in 2016 by the tribunal[6] that was eventually compelled to investigate.

Nonetheless, there was hope that it could be stopped for a third time. Then the Brexit vote happened and nearly the entire political establishment exploded. Only one person was smart enough to stand back, Mrs May. Once everyone else had destroyed each other, she was the only significant person remaining and became Prime Minister almost by default.

At that point, I’m afraid, her pet project of five+ years was basically a done deal and the Investigatory Powers Act 2016[10] will soon be law.

Mrs May has also decided that the disaffected, anti-migration, fairly nationalist segment of the population that were the core of the Brexit vote would make a great pillar of political support in the future. The traditional core of Conservative support have been the more wealthy, but since they don’t have a real alternative, Mrs May is betting that she can focus on this new segment of voters and secure her future power.

She might well be correct and Americans might recognise some parallels with the Trump victory. Comparing Theresa May to Donald Trump would be inaccurate and insulting (to Mrs May), but there are similarities to the underlying political calculations; which is disquieting.

So it will soon be the case that UK ISPs must keep a record of every website visited, except that it’s not fully defined how much data ISPs must collect and it could be full netflow data in some cases. The police and other government organisations will be able to access this information at will: only the authority of a senior officer is required.

The intelligence services will have the authority to do the mass surveillance and mass hacking that is now their norm and we probably won’t find out what new things they’ll start doing for some time. They’ll gain the ability to demand “bulk personal datasets” from third parties too.

And, most problematically, they now have vaguely defined powers to compel cooperation from third parties on a variety of matters, all of which come with a gag order. This includes “technical capability notices” (section 254) which essentially can require anything “that [...] is (and remains) practicable” to demand. Oh and “a technical capability notice may be given to persons outside the United Kingdom (and may require things to be done, or not to be done, outside the United Kingdom)” and one “must not disclose the existence or contents of the notice to any other person without the permission of the Secretary of State.”

So the UK government reserves the right to demand anything that’s possible, extraterritorially or otherwise, and in secret.

Every other nation's intelligence community will soon be crying to their political masters that they they want one too and, in this political reality, anything is possible.

If you work at a technology firm, please keep this in mind when making design decisions. This internet that we’re building is a powerful tool and we engineers have more say than most about what this tool is going to be used for.


[1] http://www.independent.co.uk/news/uk/politics/chilcot-report-author-of-dodgy-dossier-accuses-uk-of-systematic-failure-a7123136.html
[2] http://www.bbc.co.uk/blogs/adamcurtis/entries/3662a707-0af9-3149-963f-47bea720b460
[3] https://en.wikipedia.org/wiki/Government_Communications_Headquarters
[4] https://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000
[5] https://www.bigbrotherwatch.org.uk/TheGrimRIPA.pdf
[6] https://theintercept.com/2016/10/17/gchq-mi5-investigatory-powers-tribunal-bulk-datasets/
[7] https://en.wikipedia.org/wiki/Interception_Modernisation_Programme
[8] https://en.wikipedia.org/wiki/Draft_Communications_Data_Bill
[9] http://www.parliament.uk/mps-lords-and-offices/mps/current-state-of-the-parties/
[10] http://www.publications.parliament.uk/pa/bills/lbill/2016-2017/0066/17066.pdf

Post has attachment
Stories of Your Life and Others, a collection of short stories by Ted Chiang. 5★.

This a fantastic collection: eight short stories (one very short) exploring a variety of themes in science (and also — in some of the stories — religion).

Since they're all short, it's hard to talk much about them without spoiling them to some extent; suffice to say that the stories cover vastly different topics, are written in different styles, and all of them are worth reading. The title story, Story of your life, was recently filmed as Arrival (2016), which is how I discovered the collection (and, brief digression: I think it'd spoil the film to read the story first, while the reverse isn't true, so perhaps watch the movie first).

Personally, my joint favourites here were Understand and Seventy-two Letters, and my least favourite was Hell is the Absence of God (which drove a little too close to mainstream religious dogma for me, despite the fantastic overtones, but I'm still glad I read it).


Post has attachment
All the Birds in the Sky, Charlie Jane Anders. 3★.

I have mixed feelings about this. This is a book about magic and science, and outcasts, and a planet that's falling apart, and a lot of it, I like.

However.

I don't think this book knows what it wants to be. It seems to drift between scenes of magical realism, of dystopian environmental concern, and of the tension between science and magic, but then also skips into slapstick, angsty teen romance (with post-teen protagonists), and an X-men film.

As I said above, parts of this I liked a lot (different schools of magic, science vs. magic), and I did like some of the weirder parts, but overall this is too uneven in tone to recommend that strongly.


Post has shared content
aka "What are you actually trying to achieve?"

I also find this useful for myself when yak shaving: sometimes the yak stack gets off course and needs reconsidering.

Post has shared content
https://www.wired.com/2016/11/googles-chrome-hackers-flip-webs-security-model/
"Starting in January, Chrome will flip the web’s security model: Instead of warning users only about HTTPS-encrypted sites with faulty or misconfi­gured encryption, as Chrome currently does, it will instead flag as “not secure” any unencrypted sites that accept a username and password or a credit card." Also it will be in words and not an icon so that people know what it is.
Wait while more posts are being loaded