@fsi I believe that's demonstrating my point.

Allowing that Crypto's (closed-source) software was more capable of serving NSA intercept interests doesn't refute the fact that the mechanical system had been doing just that.

Free Software experiences with SSH (Debian time-of-day seed 86,400 values), OpenSSL, and others, shows that even unintentionally introduced weaknesses can persist for years.k

Long-standing suspicions of NSA "blessed" crypto seed values likewise.

Or Intel's HW RNG.

@dredmorbius

Are you basically saying "we were terrible for years therefore we will be terrible forever and there is no point in trying"?

Secure and stable systems are achievable in software (mechanical systems don't even compare, as they rely on security through obscurity and not cryptography), and open hardware is a necessary prerequisite. Currently the entire industry is crippled by proprietary software norms, and that affects even the foss projects, as they (only) have to adhere to the standards set by those norms. When we have international standards of quality and a number of companies competing to produce objectively the best implantations/builds of completely foss cryptographic software/hardware, with mandatory warranties and guarantees(just like any normal engineering industry), and they continue to miserably fail for several decades, then and only then it might be reasonable to doubt the feasibility of such systems.

@fsi

@namark Is that the most charitable interpretation of my argument you can conceive?

@fsi

@namark How about:

- Crytpography and surveillence avoidance are hard.
- Past proclamations that FS/OS systems will inevitably result in greater freedoms and less surveillance have ... proved premature.
- Security and freedom aren't products, they're processes.
- Complexity increases capabilities but reduces reliability.

Open Silicon may be a Good Thing. It may not be.

The assertion that it will necessarily benefit seems naive.

The past 60 years of infotech surveillence judge us.

@fsi

@namark Mike Godwin is writing right now about the questions of surveillance and free speech (these are tightly coupled concepts):
slate.com/technology/2020/02/t

Paul Baran, co-inventor of packet-based networks, wrote of the risks of comprehensive surveillance and monitoring, in the mid-1960s.

(His works are freelly online at RAND at my request several years ago: rand.org/pubs/authors/b/baran_)

Herbert Simon referenced the Holocaust in dismissing fears. IBM proved him wrong: mastodon.cloud/@dredmorbius/10

@fsi

@namark And of course, there's Shoshana Zuboff who's noted the apparently inextricable link between information technology and surveillance and control: #surveillanceCapitalism

A book reviewed, as it happens, in the #WholeEarthCatalog "Signal" edition, edited by one of those early cyberpunk prophets, #KevinKelly

streettech.com/bcp/BCPgraf/Str

@fsi

@dredmorbius

I have no doubt of your good intentions, and if my argument seemed like a personal attack, I apologize. I am not talking about privacy issues in general, but specifically technical implementation of cryptographic systems, my main argument being that your pessimism about their feasibility is unfounded.

Now to continue being the abrasive pedant that I am:

- Crytpography and surveillence avoidance are hard.

Cryptograpohy and surveilence avoidance are two different thing, and the OP was about a critical cryptographic system failure. They didn't manage to somehow steal some keys or break into a house with some state of the art metaphysical mambo jumbo(I'm looking at you, quantum computer!), they just had a master key to every house and people didn't even have a clue.

- Past proclamations that FS/OS systems will inevitably result in greater freedoms and less surveillance have ... proved premature.

Can you give me an example of free and open source software running on free and open source hardware today? Fully free and open source systems have never even been deployed on anything but passionate hobbyist scale, and my whole argument was that in industry crippled by proprietary software norms, even the few existing FOSS projects are measuring up to the same norms, and their success or failure doesn't prove anything. But I guess you just TLDR, as you repeat this argument verbatim.

- Security and freedom aren't products, they're processes.

The only thing that is a process there is the human factor, again the OP was not about the human factor, it was a most embarrassing system failure. The system themselves, as a whole including the hardware, are most definitely products.

- Complexity increases capabilities but reduces reliability.

That's what a caveman would say about building a skyscraper(or even a humble 5 story building) looking at a bunch of others miserably failing to put a tent up. A very compelling argument in that setting, except that it is false.

@fsi

@namark @dredmorbius @fsi@mastodon.f-si.org Excuse me for jumping into the conversation with a nitpick, but

> Complexity increases capabilities but reduces reliability.

is not entirely correct — more capabilities usually indeed cost complexity (and thus reduced reliability), but not vice versa — increased complexity is not necessarily more capabilities.
Metaphorically speaking, complexity is just the measure of how much energy an engine consumes, not how it performs.

@amiloradovsky Fair point. I was short-cutting the longer argument:

Capabilities of sufficient richness have a minimum complexity requirement. More complexity is a necessary but not _sufficient_ requirement for such capabilities -- it's possible to have complexity _without_ deliviering a specific property. It's _not_ possibly to have that property without the requisite complexity.

Complexity -- more parts, interactions, minimum tolerances -- increases odds of failure.

@namark @fsi

Follow

@dredmorbius @namark @fsi@mastodon.f-si.org Yep, I can only add that the notion of complexity itself is very evasive… Sure, intuitively it's clear that a non-existent system can't perform it's function. OTOH, proving a lower bound for the complexity is virtually impossible. And what exactly we mean by the complexity as a quantity is a separate and deep question: asymptotic complexity of an algorithm or digital circuit, 's complexity of a string, something else?

@amiloradovsky Carl Zimmer of the NYT posted a story some years back on a computer simulation of problem-solving behaviours where an "organism" (simulated) had to "evolve" a set of capabilities to solve some problem (maze traversal IIRC).

There was no complexity cost constraint (so highly-complex organisms evolved), but success required some *minimum* set of abilities which showed up in the experiment. Statsitically demonstrable if not logically provable.

@namark @fsi

Sign in to participate in the conversation
Functional Café

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!