erroneous thoughts

I can only say, hooray for Google! LOL

What would Richard Feynman do?

is the title of a nice movie (available online) directed by Aaron Russo. Quoting from the link:

Some of the premises of the film include:

• The Federal Reserve System is unconstitutional and has maxed out the national debt and bankrupted the United States government.
• Federal income taxes were imposed in response to, or as part of, the plan implementing the Federal Reserve System.
• Federal income taxes are unconstitutional or otherwise legally invalid.
• The use of the Federal income tax to counter the economic effects of the Federal Reserve System is futile.

It’s an activist movie. As it sometimes happens with this kind of movies, some claims are exacerbated, resulting in criticism and consequent loss of credibility. That’s why I defend that in politics (and other places…) one should strive for honesty and integrity, not only as they are commonly understood, but also and mainly as they are understood in scientific conduct.

I give one example: in the movie, Russo clearly states that income tax is only applicable to gains arising from corporate activity (i.e. profit), thus automatically excluding salaries and wages. However, the New York times, for example, refutes this claim. But what’s really interesting, is this (emphasis added):

Early in the film Mr. Russo, the narrator, asserts that every president since Woodrow Wilson and every member of Congress has perpetrated a hoax to tax people’s wages and issue them dubious currency. All of the federal income tax revenue, the film says, goes to these bankers to pay interest on the national debt, even though by the broadest measure the federal government’s interest payments are less than 40 percent of the individual income taxes, according to an examination of every federal budget since 1995.

So on one end, all the tax money goes to pay interest, on the other one, «only» 40% of the tax money goes to that end. The truth probably lies somewhere in between…

Now with this state of affairs regarding this particular subject, one can’t help but wonder: what about all the rest that’s covered in the movie? And we are talking about important issues, like privacy, the value of the Constitution, and the behaviour of government regarding its citizens. If the tax information was biased, then what assurances do we have that the rest of the movie is not also biased? I fear that what might happen is akin to what happens in some court disputes regarding some technological issue: experts are brought in, usually by both parties, and if experts can’t agree, the court is likely to decide based on other grounds entirely. If “experts” can’t agree on the important matters I mentioned earlier, then the vast population is likely to keep ignoring the issues, effectively granting de facto authority to governments to do as they please. The only thing worse than a dictatorship is a dictatorship disguised as a democracy.

Despite having my own opinions, I can’t accurately judge all the claims made in the film; but I hope it will at least stir up the debate (but I’m sceptical, it’s a 2006 movie…)

Is the name of a yet another movie about copyright, intellectual property, yadda yadda, in the digital age. It’s a great, eclectic film, not too long (little under an hour), and there’s no need to say anything else because the it speaks for itself (and you can get it here; yes you can download it, you bloody pirate ).

After seeing the film, I found myself thinking that the real motive pushing for the development of digital technology is NOT its better quality or even because it’s cheaper than analogic technology. That may well be the case now, but for instance, when scanners first came along, the digital photographs produced by most were no rival to the good old paper ones. The same was true when digital cameras came along. Why then, is all the fuss around the «digital»? Because digital information can be transmitted much easily, and it is much easy to correct transmission errors (i.e. increased reliability). One might cite storage is as yet another reason, and it could be considered as one, but that’s arguable, so best refrain from it. If you additionally consider the advent of the Internet, it could accurately be said that one of the strengths of digital information is the easiness with which it can be spread. Moreover, it’s a part of its nature. Which is good news for anyone who does not happen to own or be in a business whose model relays on spread control (read “distribution [of content] industry”) to make a profit. The only way to save such a business would be to completely shun digital technology (an unlikely event, to put it mildly). You can try to put leashes around it, but that’s doomed to fail. In face of such tremendous change, new ways to conduct business should be looked into. And, as with so many changes before, innovation often comes from where it is least expected.

Sounds like a contradiction, does it not? But if the “feature” I’m about to describe doesn’t qualify as obfuscated, then I don’t know what in Earth does.

It all started with me documenting a considerable chunk of Javasript (JS) code. Now as you might know, when a web page is rendered, if no pre-processing is done, JS code is sent to the client browser as is, and executed therein. And so, to avoid having the code documentation sent to the client, I started searching for a way of striping comments out of JS code, and eventually found jsstrip. It’s a very simple script, and two versions of it are provided: one in Perl, the other in Python.

I surveyed both, and when I was looking at the latter, the following snippet of code draw my attention:

while (i < slen):
# skip all “boring” characters. This is either
# reserved word (e.g. “for”, “else”, “if”) or a
# variable/object/method (e.g. “foo.color”)
j = i
while (j < slen and chars.find(s[j]) == -1):
j = j + 1
if i != j:
token = s[i:j]
result.append(token)
i = j

Python is quircky about indentation, but apparently not as strict. (Oh, please don’t use the sample code, HTML trambles indentation…) From all I’d read about Python indentation rules, I thought that code would yield a downright error. But it does not! It took me a while to find out why: you see, all the indentation is done with 4 space blocks, except for the line with ‘j=i’, and the lines right below and above it (fourth, fifth and sixth lines in above snippet). Those lines is indented with a tab. And what’s more surprising, not only that won’t yield any errors when running the script (unless you pass the -tt handle; the -t only issues a warning), but has a curious (to say the least…) effect: the tab characters act like an extra indent block!

So the above code is actually equivalent to the referred lines with an extra “tab”. I think the reason for this to work is the tab is translated to 8 spaces, and that amounts for the extra indentation. (although in my test on the Python prompt, a tab get translated to 7 spaces…)

I’m not saying this ain’t useful sometimes (in this script’s case it saves having a big chuck of code with an extra indent…), but it really shunned the idea the idea that I had of Python as a clean language. Moreover, I only noticed the extra indent because when I ran the code under the pdb debugger (for which this is a great intro), the indentation used was “unrolled”, so to speak (it appeared as in the second code snippet).

Roughly translating a former Portuguese reporter, «And what about this one, hein»?

Wikipedia defines it as:

Full disclosure requires that full details of a security vulnerability are disclosed to the public, including details of the vulnerability and how to detect and exploit it. The theory behind full disclosure is that releasing vulnerability information immediately results in quicker fixes and better security. Fixes are produced faster because vendors and authors are forced to respond in order to save face. Security is improved because the window of exposure, the amount of time the vulnerability is open to attack, is reduced.

Of course, full disclosure is not without its own set of problems. If on the one hand it puts pressure on the vendor to fix the vulnerable system ASAP, on the other hand, if enough information is provided, it makes it easier for exploits to be developed and used (sometimes exploits are provided when the bug is reported…). And this in turn causes yet another problem: even if the vendor patches the flaw in a timely fashion, there’s no guarantee that the users will do the same. Thus if exploits are available (or can be easily devised) script-kiddies galore!

But that’s exactly why we need full disclosure. It puts pressure not only on the vendor to patch the affected system, but also on the users to update their systems:

Getting rid of full disclosure would only make these problems worse. Sure, as Ranum argues, there would be less script kiddies spewing Web graffiti and shutting down sites with denial of service. But that would be replaced with something far worse: attackers who can uncover their own vulnerabilities, or have the connections to pay for them. With an environment of silence these attackers could cruise through networks with impunity knowing that their vulnerability knowledge will be useful for many months.

I can almost hear a counter argument, using the car analogy: back in the day, when cars were a novelty, you (almost) had to be a mechanic to drive one. Nowadays, cars have become more reliable, and you can safely drive one with little to no knowledge of its internals. This is (one of) the goals software development should strive to. More over, users should not have to know (or care) about updating their software. Wrong! If you can drive a car without being a mechanic, you do have to know (or learn) how to drive! Similarly if you want to use the internet, you should know (or learn) how to keep at the very least the software on your machine clean.

Counter argument number 2: «responsible disclosure». Here the idea is to release information stating that the bug exists to the widespread users, but disclosing details only with the vendors/developers. This approach has two problems: first, the vendor might downplay the bug, which if a bad thing by itself, it might have an ever worse effect: that of making users swallow that downplay, and not paying enough attention to updates. The other problem is that if the details of the security bug are never disclosed, one can never be sure the problem is really fixed (wasn’t Eric Raymond that said something in the lines of: “never trust closed source”?)

Finally, I quote the last paragraph from the above link:

Common sense has a tendency to trump all rules and regulations. While the decision whether or not to disclose or report a vulnerability is a difficult one, common sense should prevail. All the law requires is that we act reasonably. If only we could agree on what that was.

Interesting read, though it really doesn’t say anything new:

To pay so much attention to Bill Gates’ retirement is missing the point. What really matters is not Gates, nor Microsoft, but the unethical system of restrictions that Microsoft, like many other software companies, imposes on its customers.

Quoting the article’s title, «It’s not the Gates, it’s the bars»

EDIT: this has been slashdotted.

Se há quem pense que os políticos portugueses já de si trabalham pouco, então em véspera de férias ainda menos, os eurodeputados é ao contrário: é precisamente antes das férias que aproveitam para modificar à pressa a «Telecom Package». O objectivo inicial era reformar e uniformizar o mercado de telecomunicações europeu, mas depois das modificações (amendments), o efeito prático de tal reforma serão 1) os cidadãos que esqueçam a sua privacidade electrónica; 2) os ISP’s passam a funcionar como «copyright police» e 3) as companhias de entretenimento (media biz) passam a ter autoridade judicial para julgar «violações» de copyright, inter alia.

As implicações são catastróficas (link em Inglês):

European Internet users could be blocked from lawful activities by mandatory spyware, in the interests of their security. The right to use free software for internet access would therefore not be assured anymore. The neutrality of the Internet is also directly attacked, as is the principle that technical intermediaries have no obligation to prior surveillance of contents. Other amendments will de facto enable administrative authorities to obligate ISPs to work with content producers and rights-holders’ private police, including the sending of intimidating messages, with no judicial or regulatory oversight.

These measure goes further than the French “graduated response” project, which has been subject to widespread opposition, including by the European Parliament on April 10th. That is undoubtedly why those amendments have turned up on early july, and why those drafting them use subtle rhetoric and crossed-references to make the overall text harder to understand (more than 800 amendements on 5 directives were tabled).

A votação é no dia 7 de Julho (!!!): esse é o prazo para fazer chegar reclamações e queixas aos eurodeputados (também chamados de MEP – Members of the European Parliament). No caso de Portugal, os contactos dos eurodeputados podem ser encontrados aqui.

This is really serious: I urge you if you possibly can to write to your MEP. You can do it using the fab WriteToThem [British MEP's only] service, which makes it as easy as can be. Make sure it gets to them before July 7th (yes, it’s tight – that’s how sneaky they’ve been).

Eis o que enviei:

Escrevo para expressar a minha preocupação com as alterações propostas à “Telecom Package” (TP). Se inicialmente o objectivo da TP era regulamentar o mercado das telecomunicações europeu, de modo a estimular a concorrência, as alterações propostas (H1, H2, H3, K1 e K2)[1] vão muito, muito para além disso. Desde de violações da privacidade dos cidadãos até à concessão de poderes judiciais a corporações, nomeadamente ligadas ao mundo dos media.

A introdução do conceito de «lawful applications» e «lawful services» só pode ser aplicado através de vigilância generalizada. Não é possível vigiar apenas determinados tipos de conteúdos: a vigilância ou existe ou não existe. E caso seja posta em prática, essa vigilância abre caminho para que sejam criadas enormes bases de dados com informação sobre a vida privada de vastos milhões de pessoas. Mas por muitas garantias que sejam dadas, a verdade é que não existem bases de dados seguras, conforme mostram problemas ocorridos em anos recentes no Reino Unido [2]. E na eventualidade de essa informação ser revelada, graves danos seriam infligidos nas pessoas a quem a informação se refere.

Adicionalmente a distinção referida acima, entre «lawful» e (implicitamente) «unlawfull» é um sério obstáculo a diversidade da Internet. Ora, é precisamente nessa diversidade que reside a sua força. Em particular, foi essa diversidade que permitiu a evolução de software livre, cujo potencial tanto a nível económico como a nível de inovação só recentemente se tornou notório.

Finalmente, é inconcebível que alterações desta natureza sejam votadas sem um período razoável de discussão pública. A data da votação é dia 7 de Julho, ou seja a próxima segunda, muito próximo do período de férias do Parlamento Europeu. Isto apenas contribui para aumentar o desconhecimento das leis por parte dos cidadãos, o que sua vez apenas debilita as próprias leis. E como escreveu John Locke, «Wherever Law ends, Tyranny begins.»[3]

[1] – http://www.laquadrature.net/wiki/Telecom-Package_Compromise-Amendments_ITRE-IMCO_7th-July

[2] – http://news.bbc.co.uk/1/hi/uk/6160800.stm

[3] – http://en.wikiquote.org/wiki/John_Locke

The things one finds out about in MSN… LOL [link in Portuguese].

I wanted to post about this a (long!) while ago, but I never got myself to. It won’t be now either, because I don’t have that kind of time right now. But I do have time to post this:

Let envy ensue!!