2009-02-24

TLS/SSL usability

Security researcher Dan Kaminsky posted this article where he mentioned:
Moxie introduced (to me anyway) the concept of Positive vs. Negative Feedback. Negative Feedback systems occur when the browser detects an out-and-out failure in the cryptography, and posits an error to the user. In response to the New Zealand bank data, in which 199 of 200 users ignored a negative prompt, browsers have been getting crazier and crazier about forcing users to jump through hoops in order to bypass a certificate error. The new negative errors are at the point where it is in fact easier to “balk” — to stop a web transaction, and move onto something else.

So Moxie’s putting his energy on the old positive feedback attacks — simply disabling the security, and seeing if anyone notices. And here he shows up with some pretty astonishing data: Nobody noticed. To be specific, absolutely 0% of users presented with missing encryption on important web sites, being asked to provide sensitive financial data to those websites, refused on the basis of missing security.

Wow. 0%. Seriously.
TLS/SSL has a fundamental problem not in that the encryption doesn't work - the encryption works, even though the "trusted" part of "trusted third party" is problematic. The most serious issue, however, is that people have no clue about distinguishing secure sites from insecure ones, and will go so far as to ignore security warnings unless they are outright intimidating.

Thus, all that a phisher has to do is serve people their bank's login page in plain HTTP, and everyone will merrily provide their login information. This, then, leads to fraud and economic loss.

Users' ignorance and willingness to conduct transactions through unsecured links will continue until:
  1. Browsers begin to require encryption by default, and start providing intimidating negative feedback before they'll let you use a nonencrypted site.
  2. The likes of Google, and all other sites, realize that by saving on not using SSL, they are contributing to the problem by preventing browsers from implementing #1, and by getting users used to non-encryption.
That, of course, poses a tough, possibly unworkable problem of coordinated action:
  • If a single site moves to SSL-only, it's expensive and delivers little benefit until everyone else does so (if ever).
  • On the other hand, changing the default behavior of browsers to discourage unencrypted net access will elicit cries (and possibly lawsuits?) from people who want to continue running unencrypted sites.
Is there anything anyone can do instead?

Putting DNSSEC aside (whenever that will be ready), there could be a secure registry of sites which must be accessed via SSL. This registry would itself have to be accessed securely, and browsers would check sites against this registry automatically. Browsers would then enforce either secure navigation to these sites, or provide strong negative feedback to discourage unsecured access. Sites with public content and those that want to remain insecure could remain that way with no issues, whereas security on sites that require it would be more difficult for attackers to work around.

2009-02-23

The U.S. should probably nationalize banks

The situation in the U.S. currently appears to be like this:
  1. Everyone is used to paying for their houses and cars with loans.
  2. The U.S. tax system, in fact, is geared to encourage taking loans and discourage saving up and then buying. (I'd like to learn more about that; this is what I heard.)
  3. Banks have made investments for which they are now not sure to what extent they will be repaid. Each individual bank is therefore compelled to abstain from loaning and to bulk up on capital until they know what their situation is.
  4. Since most banks are in the same situation, however, most banks are abstaining from loans, and people cannot get financing for their large purchases.
  5. In a no-loan environment, it will take years before most people save up enough money to buy houses and cars with cash. When they do, the houses and cars bought this way will tend to be smaller and more economic.
  6. In the meanwhile, as most people have neither loans nor savings, houses and cars aren't getting sold.
  7. Houses and cars not being sold causes prices to fall, people to go out of work, incomes to drop, and therefore even less houses and cars to be sold.
  8. As real estate prices drop, the number of people who will walk away from their mortgages rises.
  9. As more people walk away from their mortgages, there are more foreclosures.
  10. Banks lose money on foreclosures, so therefore, the worse the real estate market gets, the more threatened the banks feel, and the less likely they are to lend.
In this situation:
  • Tax cuts won't help. The state of the economy is such that people will place most of that money into banks, who won't lend it, so it will lay dormant.
  • Stimulus can help a little bit, as long as it is spent paying people who will actually spend most of it, i.e. people who would otherwise be unemployed. Even so, any multiplier effect will be minimal, because after a couple of transactions, the money will just get stuck in banks again. Also, if stimulus is spent on paying people who would otherwise have jobs regardless, it's being wasted; that money will get stuck directly in banks.
But neither stimulus nor tax cuts address the crucial part of the problem, which is that money is getting stuck in banks. What the banks are experiencing is in fact a coordination problem. For any individual bank, it makes sense to wait and see, for fear of a catastrophe. But when all the banks are doing this, the fear of catastrophe is self-fulfilling. In order to avoid this, banks therefore all have to be made to start lending at the same time. There is only one entity that can arrange this, and that is the U.S. government.

Banking shares are already trading at next to zero, and will approach zero along with the rest of the economy if the situation continues.

Therefore, the U.S. government should probably nationalize banks in the short run, make them lend, and then as soon as the economy recuperates, turn the banks around to the highest bidder.

2009-02-12

The Fun-Fun Ultra Super Happy People

Eliezer Yudkowsky wrote an intriguing short story where three civilizations of conflicting values meet accidentally for the first time and face the dilemma of what to do with one another.

If you are interested in reading this quite interesting story, perhaps now would be a good time to scoot over and do that before I ruin it for you.

Eliezer skilfully presents a sandwich situation where humans run into an inferior race, the Baby-Eaters, who most highly value an activity that's genocidally awful to the point of requiring intervention from the humans' point of view, just when a third civilization arrives, the Maximum Fun-Fun Ultra Super Happy People, that is most powerful, and which finds both the Baby-Eaters and the humans' ways morally unacceptable. A dilemma arises whereby humans can either accept genetic reprogramming to make humans compatible with the Super-Happies, relinquishing the ability to suffer, while the Super-Happies adjust themselves to be compatible with humans too; or, the humans can escape this "awful fate", but at great cost - by blowing up a solar system, sacrificing billions of people.

For some reason, Eliezer, and apparently most of his readers, seem to think it self-evident that humanity ought to preserve its nature and sacrifice the several billion people to avoid merging with Super-Happies.

Eliezer's plot is further biased by a conspicuous absence of any human in the plot even considering that melting with the Super-Happies might be a desirable outcome, even if it was not forced.

Furthermore, when humans are faced with the prospect of having to undergo genetic reprogramming in order to become more like the Super-Happies - incapable of pain and suffering, primarily - Eliezer's plot has people commit mass suicides, with something like half the human population offing themselves to avoid this "awful, awful" fate.

What on Earth?

Given Eliezer's mighty (and admirable!) plans of building an AI to solve all of the world's problems; and given the importance he places on correctly infusing the AI with proper values, of which I am also convinced; and given his disregard for superficial niceties, in which I also agree with him;

given all this, I must honestly state that Eliezer has gone nuts a little bit, assuming perhaps that the values he considers intuitive are more universal, and shared by a vaster majority of people, than they in fact are.

The very fact that his story represents no character among the crew of the Impossible Possible World who would argue in favor of joining the Super Happies... and yet here I am... shows that he is likely assuming too much universality to his preference. Which, apparently, would be to kill off billions of people in the fictional scenario, so that people can continue "being human".

I have been in a state where I felt the sentiment "I do not want to change because then I will be not-me, I will be different". That was crap! I was miserable. It was hard to give up the miserable part, and to become a happy person. But I did, and guess what, now I don't miss being miserable!

Eliezer does not state the real reason why joining the Super Happies might not be preferable. It would not be preferable to become Supper Happy if it were not functional. If, for example, the Super Happies regularly wandered into self-destruction because they could not feel pain when doing harmful things, then this would be a strong argument in favor of not becoming Super Happies.

But instead, Eliezer portrays the Super Happies as a highly functional, superior civilization. As such, I see no reason humans should not agree to change themselves and join them - other than reasons that are self-destructive and vacuous.

Wanting to "remain human" is much like nationalism. It is speciesism, and will be similarly harmful.

Will conversion into Super Happy change your experience fundamentally? Yes. Will it cause you to stop experiencing? No. Will it vastly improve the quality of your experience? Yes. Then what's the holdup?

An even more annoying shortcoming of Three Worlds Collide is that it assumes that all three civilizations want to urgently impose their values on the others. The Baby Eaters want the humans to start eating their babies too; humans want the Baby Eaters to stop eating their babies; and the Super-Happies want everyone to be super happy. That just seems like naive bollocks to me. Not giving a damn about what nasty things other creatures do, as long as they keep it to themselves, is what allows the world to go round. Whereas, a civilization that wants to impose its values on all existing creatures cannot be consistent in this, unless it spreads throughout the entire Universe and does the most it can to find all perceived victims, and force their aggressors to refrain. A civilization that wants to enforce its values universally like that - would be like the jihadis.

2009-02-09

The doghouse: Costa Cruises

We haven't been on a cruise yet, but we were excited about the idea, so we booked a Caribbean cruise through Costa. We were supposed to go on the Costa Fortuna which, among other things, features an "Internet Point".

Our recent traveling experience is that internet access is by now available everywhere. Literally wherever we went in the United States - from cities to rural areas to remote deserts - we could always plug in our laptops. We expected that the same would be available on the ship. After all, who do cruises cater to, if not people who have the means to afford them, and who have careers that require them to stay in touch? So if there is an Internet Point, it should be possible to plug in our laptop and take care of business. Right?

Wrong. As we found out only after we already paid in full, not only does the Costa Fortuna's Internet Point not allow you to plug in your laptop; you have to use their public computers, the access is painfully slow, and costs 50 cents per minute to use.

Since we have to get online for several hours every day to take care of busines, this is entirely unacceptable. We simply cannot enter our work passwords on a public machine. And even if we could connect our laptops, the frustration of trying to get things done over a painfully slow link would dominate our experience, while the 50 cents per minute would overwhelm the cost of our trip.

Since no one informed us of this "tiny little catch", we had to cancel our trip, and did so immediately upon verifying this. We received back part of our payment, but Costa declined to refund us the full amount, despite our formal complaint. They kept a $500 penalty and sent a letter saying, basically, screw us for believing their hype, thinking there's actual internet access on board the ship. (In much nicer words.)

I guess we won't be traveling with Costa.

2009-02-08

Madame Prosecutor

The Economist about Carla Del Ponte's memoir:
Ms Del Ponte, a Swiss prosecutor, was appointed to the tribunal in The Hague in 1999. Ruthlessly harrying the former Yugoslavs into giving up those that the court had indicted for war crimes including genocide, Ms Del Ponte became the most loathed woman in south-eastern Europe. One of the most enjoyable aspects of this memoir, which was published in Italy last year and is now coming out in English, is to see that loathing so heartily reciprocated. There are no diplomatic niceties here.

After one Bosnian Croat was acquitted of a massacre, Ms Del Ponte’s colleagues discovered that crucial evidence had been doctored. The Croats set up a whole team specifically to thwart the tribunal’s work. Croatian leaders, she notes, always made bountiful promises before resorting to “stealth and deception and attack from behind”. Citing a colleague, she concludes: “The Serbs are bastards... But the Croats are sneaky bastards.”

[...]

Most disturbing is Ms Del Ponte’s tale of how her team investigated allegations that in the summer of 1999 up to 300 people were kidnapped with the involvement of men, some very senior, from the Kosovo Liberation Army, a guerrilla group. From Kosovo they were taken to Albania where all were murdered, a small number after their organs had been harvested. The investigation failed to provide enough evidence to form the basis of a case, however. That may not be surprising: one Albanian prosecutor told her team, “If they did bring Serbs over the border from Kosovo and killed them, they did a good thing”.
Del Ponte kids you not. Such are the spirits of the Balkans. The heart of Europe, rather sadly, inherits more conniving, unscrupulous, lethal baggage from its tribal past than would befit aspiring "civilized" nations.

2009-02-03

The cause of the crisis

Amidst all the confusion, finger-pointing and bad news, we forget to realize that this recession has a reason - a fairly deep and simple one, at that; a contradiction, a false assumption that led the world into this. In the acuteness of a suffering state, the true reason is harder to see, because unexpected suffering begets indignation, indignation begets anger, and anger requires an external cause to be angry at. But the true deep reasons for this crisis are not negative aspects of human nature such as greed, or misaligned incentives of financial managers, or the policy of Federal Reserve, although for sure all of these played a part.

The true deep reason is a benign, yet shortsighted and naive, desire that most people would consider justified. It is the desire for a secure and prosperous retirement.

What fails to be emphasized is how both the tech stock bubble and the housing bubble could not have happened if it was not for an overwhelming deluge of funds, a deluge which exceeded the supply of worthwhile assets to invest in. These funds came from all over the world and were, all things considered, money belonging to savers everywhere. It was money belonging to people who would not consume today the results of their work, but wanted to postpone their consumption until tomorrow, or the day after tomorrow. In the case of the tech stock bubble, it was money that people hoped would be multiplied. In the case of the housing bubble, it was money that people hoped would be invested safely until it's needed.

The lesson to be learned from this crisis is that the safe and lucrative investments that savers everywhere are looking for, do not exist in numbers large enough to cater to all.

When a large population is being persuaded that they should invest someplace and get a long-term return larger than GDP growth, it is a hoax. It is physically impossible for an entire population of savers to enjoy future returns that are better than GDP growth.

As a saver, one is staking out a piece of the future economy, and wants to get as large a slice as possible. It is not possible to get a slice larger than the entire economy. But the entire population, as a whole, owns the economy. It is not possible for the entire population today to own more than the entire economy of the future. Hence, everyone's investments, on average, cannot grow faster than the economy.

This crisis has a reason, and the reason is... everyone was trying to find a place to invest their money and get safe, above-average returns. It turned out that such places are illusions. Yes, production capacities still exists; yes, factories still stand; yes, we have the means to create everything we were creating before this. But what we were creating was consuming the money of people who thought they were saving, but were in fact giving it away.

If no government had intervened, this lesson would have reached the ultimate causers of this crisis: the hundreds of millions of bank depositors who think that saving is as simple as stashing your income at the bank, and seeing interest roll in. As it is, governments did step in; as a society, we apparently want depositors to be able to maintain this illusion.

This is bad. If people understood that it is their propensity to save that caused this crisis - that the problem is the world's inability to accomodate that many savers and give returns - they would not react to this crisis by saving more. Instead, they would spend. And spending today, not tomorrow, is exactly what is needed to make the economy zoom again.

But given that governments are committed to sparing depositors, the state of the economy makes people save more, so more of their money stays in banks. This money could again be spent, to get the economy going, if only the banks would lend. But the banks have been burned, so they lend less than they used to, and the money just sits there. This will make the economy grind quite a bit slower for a while, until banks become confident enough to lend again.