Author: tlr

Henry Kissinger’s “On China” is part historical and strategic tour de force, part personal memoir, part political legacy. It’s a book you must read.

Starting with a quick survey of China’s long history, Kissinger sets out to investigate the interaction between China and other powers near and far — from the barbarian management strategies practiced by the Middle Kingdom over millennia, through the unequal treaties of the 19th century, to the subsequent century and a half of turmoil, both foreign and domestic.  Kissinger is at his best as a writer and story-teller when he can mix strategy, history, personal memory, and the explication of diplomacy: The diplomacy and negotiation of the 1960s and 70s are at the heart of the book, and worth the read alone — both as an account of Chinese and US strategic challenges and eventual alignment, and as the story of careful negotiation and diplomacy, with all its absurdities and difficulties.

Yet, all that — and the subsequent material about the country’s stabilization under Deng and tense relationships post Tiananmen — is merely a foil before which Kissinger sets out, in the book’s epilogues, the strategic imperatives and challenges that the US (and the West more broadly) face in interacting with a resurging China today:

Both sides run great risks through confrontation; both sides need to concentrate on complex domestic adjustments.  Neither can afford to confine itself to its domestic evolution, important as it is.  Modern economics, technology, and weapons of mass destruction proscribe preemption.  The histories and economies of both countries compel them to interact.  The issue is whether they do so as adversaries or in a framework of potential cooperation. […] history lauds not conflicts of societies but their reconciliations.

Are we facing an inevitable conflict (as Germany and the UK might have before World War I, by some analysis), Kissinger asks, or can we manage to evade conflict, by recognizing what relationships, what histories, and what potential futures are at stake?

This blog started on self-rolled software (deservedly lost), then moved to Movable Type, then to posterous.  As a result of Posterous’ untimely demise, it’s now hosted on WordPress.com, but under a domain name under my control.

Two quick notes.

1. It was reasonably easy to redirect the URIs of the old Movable Type instance of this blog to its new version.  Wouldn’t it be nice if posterous at least gave us a chance to keep old links intact?  Alas, none of that.

2. Why wordpress.com?  I originally looked for something self-hostable.  WordPress is reasonable blogging software, but sufficiently insecure that I don’t want to have to administer it. The paid, cloud-hosted service sounded like the right balance between ease of use, outsourced administration, and ability to just install the software myself and move on should I wish to.

Inspired by the Big Data panel at this year’s Computers, Privacy and Data Protection conference, a few quick questions.

We know that human cognition is full of bias and fallacy, and that humans aren’t Econs. Among other pieces, we know that humans confuse correlation for causation, and that machine learning and big data operate on the level of correlations only. We also know that machine learning can generate good hypotheses for what might be a controlling variable, and what might be a useful course of action.

The questions, then: What determine’s society’s attitude toward the tradeoffs between machine and human decision making, and is that attitude rational? What are the qualities we seek in these decisions?

And: Who’s said interesting things about these questions since danah boyd’s work in 2010, e.g., in “Privacy and Publicity in the Age of Big Data“?

When in the US, I’ll usually avoid roaming fees by using a T-Mobile SIM card and a Boston number. Due to a recent phone upgrade, I had to move to a different SIM card form factor.

Imagine my surprise when the interaction at the T-Mobile shop in Berkeley today went, roughly, like this: “What’s your number” — ” 857 …” – “Thomas?” – “yes” – “Hold on.”

I paid for the new SIM card, in cash. I put it into the recently-acquired phone. It worked. I walked out of the shop. At no point did I have to prove ownership of a SIM card that belonged to that phone number. And at no point did I have to produce any credentials.

Now, I’m suspecting that some of this might be related to me lacking a US street address — I’m just traveling here. But even if they were to ask me about an address: Just knowing somebody’s phone number and address, and nodding convincingly when asked whether I’m their first name, doesn’t strike me as a useful way to check that I actually am the owner of that number.

Anybody else see a problem here?

With all the recent attention to WHOIS, it’s time for a confession: I’m somewhat guilty for the infamous WHOIS Data Reminder Policy. With hindsight, it’s a bad policy, and it needs to die.

The year was 2002. ICANN’s DNSO (soon to be renamed as the GNSO) had a WHOIS Task Force, and was trying to extract policy choices from an ill-conceived and worse-executed survey of assorted self-selected stakeholders. As today, the topics at hand included privacy protections, compliance (and graduated sanctions for non-complying registrars), and accuracy of WHOIS records.

To get the discussion going, I threw a few of the proposals that had come up in the survey into a draft report as straw men; I probably made up a few more policy proposals out of whole cloth. Alas, there it was: The seemingly-innocuous concept that having an annual data reminder might be good customer service, and that it might somehow help to increase data accuracy. Next to graduated sanctions and other proposals on the table at the time, this idea had the attraction of saving face in the accuracy area, while not being an obviously bad idea by the standards of that particular task force. And so we inflicted it on the gTLD registrars and registrants of the world. And on ICANN’s not-yet nascent compliance department.

The policy appears to be implemented by most registrars in the form of an e-mail notification to registrants (even though it doesn’t have to be in email). By definition, these notifications include almost entirely public information. They’re therefore a first-rate phishing vector: For example, send a notification with slightly (but embarrassingly) wrong WHOIS data, give a link to fix the data, and hope that people will click that link and hand over the credentials that they’re using to manage their registration.

More generally, this policy exhibits a few flaws that are symptomatic for the broken policy process of the time: It micro-managed a particular piece of registrars’ interactions with their customers. It didn’t have a sunset date. It had no clear success metrics (e.g., number of corrections traceable to notices) that would have permitted ICANN to phase it out if unnecessary. It had no proper review for its security impact on registrants.

Even the WHOIS Review Team acknowledges that the policy is probably ineffective.

It’s time for the GNSO to propose to the Board to repeal this policy. Should be a slam dunk of a task force.

I’m on my way to the IETF meeting in Paris, and it’s close enough to take the train. Timing means that I won’t use the direct TGV from Luxembourg to Paris today, and so the trajectory I’m taking — a regional train to Nancy, and then onward by TGV –, carries some strong reminders of Germany’s and France’s long and painful history with each other, and that history’s traces in the region where the two countries touch.

I live in the Mosel valley, on the Luxembourg side of the river. In walking distance, a bridge across, and a somewhat decrepit train station on the German side. The railway that follows the Moselle is today a minor regional affair, but was originally built as a Prussian / German military investment: Purpose-built to transport troops and heavy guns from Berlin to Thionville, and onward to Metz; often tunneling through the Moselle’s tightly wound vineyards to not make those heavy trains brake. When it was built, that railway line had the world’s longest rail tunnel, and the infrastructure is still impressively over-engineered for today’s use.

The tracks are still there all along the Mosel, and along that route, Thionville train station still shows some of its belligerent past, in the form of bunkered-up artillery casemates right next to the station (and a matching fortress across the river) — as does the gorgeous city of Metz, with one of the larger surviving fortresses of the region. And even as the train makes it further into France, through towns too small for a stop and therefore nameless to this traveller, there are castles and fortresses to be seen, witnesses of wars gone by.

Also along these tracks: The remains of the steel mills that once contributed to making Lorraine a strategically important bone of contention between Germany and France — now either owned by Arcelor Mittal, torn down, or turned into repurposed heritage structures.

It would have seemed natural for me, then, to have jumped on a regional train to take me to Metz or Nancy along these direct tracks, and onward to Paris from there. But alas, that train doesn’t run: To this date, the German railway system stops at Perl, and the French one stops a kilometer or two upstream at Apach. Between them, Sierck-les-Bains, an old seat of the Dukes of Lorraine, features the ruins of their castle torn down by war in the early 1700s. Across the Moselle in Luxembourg lies the small village of Schengen, with its peaceful vineyards. The Schengen agreement was signed on a ship on the river right where Germany, Luxembourg, and France meet each other.

That one or two kilometer piece of train tracks between Perl and Apach is crossed by two local passenger trains in each direction every Saturday, and by the occasional freight train between France and Germany. To this date, there is no direct train connection between the neighboring cities of Trier, Thionville and Metz, and German train passengers have to travel through Luxembourg to make it into Lorraine — and back into the Moselle valley. Even today, the train routing strangely exaggerates the distance between Trier and Thionville.

Along this trip, it is tangible how the European unity, the Schengen agreement, and globalized trade more generally have helped to bring peace to this region that was ravaged by war for centuries, and changed owners far too often, and far too violently. But it is also tangible how the traces of past wars, past borders, and artificially built-up distance between nations still exist — for example in that direct railway track without a direct train.

Most of the time, Robert Harris writes great speculative fiction — I’m mostly a fan, and have hugely enjoyed several of his novels. However, I’m afraid that Fear Index isn’t a book I can recommend.

In Fear Index, a genius computational particle physicist turned rich and successful algorithmic hedge fund manager in beautiful Geneva has a spectacularly bad day: Is the world going mad? Is a mysterious adversary trying to drive him crazy? Is past depression coming back to haunt him? Is he falling victim to a brain tumor? And what is going on in his company whose computers are placing incredibly risky, but eventually hugely successful bets in the market?

Set before the background of the Dow Jones Flash Crash in May 2010, Fear Index has many of the ingredients of a great thriller, and is often well written. However, half way through the novel, Harris runs out of ideas: It’s blindingly obvious that the AI has gone both conscious and mad, and is plotting a massive assault on the market, leading to the 2010 flash crash. Also, the AI (which is predicated on predicting fear in the markets) has set out to kill its inventor, who in turn tries to kill the AI — only to predictably realize at the novel’s climax that it is now beyond his powers to do so.

In the end, this novel is yet another knock-off of the sorcerer’s apprentice theme, set in the age of the computation, communication, and algorithmic trading, complete with the depressed genius, yet another quick visit to CERN and yet another cameo appearance by Tim’s old NeXT workstation — and, even worse, yet another conscious-by-accident AI as the main antagonist that (when it isn’t highly profitable on the stock market) rents computing centers, buys old books, hacks the psychiatrist’s laptop, and manipulates the building’s elevator. The characters are mostly clichés, and while the AI’s machinations are quite creative, Harris lacks the imagination to give the reader any motivation why that would be the case. I’ll take 2001’s HAL over Harris’ VIXAL-4 any time.

I know I’m late to the party: I finally got hold of Neal Stephenson’s Anathem. Still, the book is worth a quick review, and a whole-hearted “go read it.”

The first quarter or so is a fun, but somewhat slow read: Some ideas and the academic world of Arbre that serves as the backdrop for so much of the story are gently introduced. Those of us who deal with computer science in any shape or form get to chuckle at the phrase “syntactic devices” for Turing machines, and at discussions whether human thought knows meaning beyond what an AI can comprehend. We learn that Arbre was devastated by the Terrible Events (whose details the world has forgotten in the mist of time) that led the worldly society to seclude its all too resourceful and perhaps irresponsible academics in space and time, and itself on a stage of technical development that feels roughly contemporary to the reader, but must look like a plunge into the dark ages to those on Arbre who might remember what had been known and put to both good and terrible use before — and now seems almost forgotten.

But then, the story’s hero (a young academic, only ten years removed from the sæcular world) begins to encounter the unexpected, and the carefully structured world of Arbre comes apart on a scale that few would even think of, and that requires the best brains on the planet to address.

That’s when Anathem’s story picks up its pattern, and when it becomes virtually impossible to put the book down: Stephenson has wrought a first-rate thriller out of an improbable set of ingredients all across philosophy, cosmology, physics — and Socratic dialogue. On another level, Anathem can be read as asking some inconvenient questions about the responsibility of those who develop and build technology that is deployed on a global scale, and their relationship to traditional social and governance systems. 

If you haven’t read it yet, you’re missing out!

All sorts of cloud services want to get their hands on all sorts of private data these days.

Case in point today, Funambol — looks like a nice combination of cross-platform synchronization software, a bunch of open source software to build applications on top, and a probably useful web service. Now, do I trust this service with my address book?

Conveniently, the fail begins early enough that I don’t even get to the point where I look at the privacy policy: Not just are password choices that I can make when signing up constrained in all the wrong ways — all the interaction with the web portal is, of course, through plain HTTP.

Why, exactly, dear Funambol, do you think that I’d trust you with others’ home addresses and private phone numbers when you don’t even bother to take the elementary steps to keep my password and those data out of the hands of the attacker who’s probably sniffing the wireless network I’m using at the airport?

Come back when you’ve built a secure site. Right now, you’re not even getting past the smell test.

So, I’ve made the jump.  Initial impressions: