Tuesday, April 03, 2018

An ecologically valid & evolutionarily supported theory of "the hard problem of consciousness"

There are basically two generally accepted solutions to "the hard problem of consciousness", and both are the philosophical equivalent of "I don't have any real ideas." I think they're not thinking hard enough.  They will disagree, of course, and some philosophers have written entire books justifying their lack of imagination.  "What is it like to be a bat?" is one of those.

Beyond this non-solution, there are two trivial solutions to the hard problem: nothing is conscious, i.e. consciousness is an illusion, or else everything is conscious, including rocks and raindrops, which is called panpsychism.  A non-trivial, common-sense solution, in which some things are conscious and others are not, and which provides a plausible story for how consciousness may have evolved, seems to be very hard to find.

But not impossible to find.  I don't have space here to explain how to reach this solution, beyond saying that it's a two-stage path where the first stage involves the hard problem of conscious perception of the world, which is often called "the redness of the red", followed by a second stage in which that solution is applied to thought itself instead of to external perceptions.

"The easy problem of consciousness" can be characterized as a process that creates a "remembered present".  The remembered present follows naturally from consideration of how planned behavior arises both in individual brains and via biological evolution.  The evolutionary value of planning to an organim, in constrast to surviving without planning, should be easily apparent. In a real-time world where there are more things to think about than time available to think about them, attentionally guided planned thought will have substantial adaptive value, as well.

So what happens when the planning involved in managing limited mental and perceptual resources goes astray?  It creates the sensation that constitutes "hard problem" consciousnes -- it's an error condition that occurs when there is an attentional process that provides for mental focus on the levels of meaning that are present in every percept, and that proccess attempts to focus on the most foundational level of meaning, and overshoots, attempting to find some level of meaning below the lowest level.  Computer science calls this process "dereferencing", and has identified several ways that dereferencing overshoot can be addressed.  When you apply these solutions to possible mind designs, you find that most of them are substantially maladaptive, in an evolutionary sense.  One solution that, while not positively adaptive, is evolutionarily fairly neutral. This is the idempotent solution, in which mental and perceptual operations that might focus below the foundation yield only the foundation itself.  In terms of perceptual consciousness, "the redness of the red" is "just red".

This leaves us with the question, "OK, what is `just red?'"  We would like an answer in terms of physical theory, and to a certain degree we can get one. Red is a location in a nonlinear vector space of possible colors, and this vector space is made of information.  But from the perspective of subjective awareness and foundational physics, information has some problems.  Information is not autonomous: it's always assigned by some observer.  This doesn't stand up when you need to characterize the information within the observer itself.  Information also has no explicit place in the Core Theory of physics, that is the 17 quantum fields that make up the Standard Model of particle physics, plus gravity.  Information is everywhere, and nowhere, and the amount of information in a system depends on the scale at which you examine the system.  You can get around the scale problem by looking at the spectrum of information at different scales, and defining an information power that sums over all scales.

For physical purposes, we want to use algorithmic complexity theory as our framework for thinking about information.  Algorithmic complexity is relative to a particular computational basis, and we can choose the Lagrangian of the Core Theory as our "next state" function for that basis, and the amplitudes of the 18 quantum fields as its current state component, yielding a quantum equivalent of an L-system as our complexity basis.

With this foundation, and using autobiographical iconic memory as the 'remembered present", we can define a measure of the magnitude of consciousness as the integrated bandwidth of memory storage into the remembered present.  This measure is closely related to the integrated information theory of Tononi et al., but its psychological and evolutionary foundations are substantially deeper.  Due to its contacts with quantium field theory in the form of the Core Theory, it's also a lot more complicated.

Clearly, there's far more to be said about this theory than can fit into a post in an obscure blog, but I wanted to put one of the proverbial "stakes in the ground" and attach a timestamp to it.  It may be a year or more before I can complete a paper that explains this more fully.  There will probably be some presentation slides before then, and I'll announce them here.

Monday, March 19, 2018

Yet another attempt to "fix US healthcare"

Brad DeLong points out an article from Jason Del Rey at Recode.net:  Amazon is creating a health care company with the help of Warren Buffett and JPMorgan Chase: "Amazon... plans to work with Warren Buffett’s Berkshire Hathaway and JPMorgan Chase to create a new health care company...
...with the aim of “reducing healthcare’s burden on the economy while improving outcomes for employees and their families.... [The] initial focus... will be on technology solutions that will provide U.S. employees and their families with simplified, high-quality and transparent healthcare at a reasonable cost.” The announcement proclaimed that the company would be “free from profit-making incentives and constraints,” but an Amazon spokesperson declined to comment on whether the entity would be a nonprofit.... Even without many details, the news had an immediate impact on sector leaders; UnitedHealth’s stock was down 7 percent in pre-market trading, while Anthem and Cigna each fell 5 percent...

What's most remarkable about this announcement is the near dead silence from the punditocracy in reaction to it. [Well, Ben Thompson had something to say...] It appears that nobody has any ideas how to fix US healthcare beyond the politically locked-in ideas of giving people the freedom to suffer and die due to inability to pay, or Obamacare, or universal coverage via single-payer or single-provider systems. Since Buffett derives much of his wealth from insurance businesses, it seems unlikely that this group would go for anything that would destroy that industry.

Maybe I have a bit more imagination than those pundits: to my eyes there are three classes of problems with the healthcare system. (1) Pay for service pricing incentivizes (profitable!) overtreatment without accounting for interventions' effectiveness at maintaining patients' health. (2) Massive intermediation creates incredibly complex (and profitable!) supply chains and equally complex (and profitable!) payment chains. (3) Lack of transparent pricing and monopolistic abuse of intellectual property laws, and the fat tail of the distribution of costs of illnesses that makes shopping for cost-effective treatments intractable, prevent free markets from driving costs out of the system.

Other than the governmental single-payer/provider solutions, I see one private approach that hasn't been really tried yet, namely massive vertical integration. We're seeing bits of this with events like the merger of CVS and Aetna, and that could be just the beginning. Bezos has access to business process design expertise to drive out massive logistical costs ("Alexa, my baby girl has a rash, a headache and a fever, what should I do?") and partnering with Buffett's insurance expertise could help drive out payment costs. Of course, this was tried 30 years ago with "health maintenance organizations", and that didn't work out so well when for-profit HMO's discovered that is was cheaper to act as a Care Denial Organization than to deal with the complexity of millions of individual patient profiles. But in addition to its logistical expertise, Amazon's other core competence is its customer profiling capability. Keeping health records private to the standards set by HIPAA regulations while making them accessible to people and software with need to know is complex; building this kind of trust is hard; both Microsoft and Google have put their toes into health records management without obvious success.

There are a handful of HMO's that seem to have been successful in achieving the original vision of delivering a system that puts patient health ahead of other factors, but they've all been limited to regional scale. This group's approach appears to be similar to the one that has been suggested for Amazon's acquisition of Whole Foods, where they use their own company as a guinea pig and "first and best customer", which provides an initial starter, and then replicate for the rest of the country what works for themselves. This is also the launch strategy that was used with Amazon Web Services, which commercialized an infrastructure that they'd already built and tested for their own internal purposes. I'd be thrilled to see this group produce a healthcare system that works at national scale. But as the saying goes, "I should live so long..."

Tuesday, September 26, 2017

Cybersecurity strategy principles

So much of cybersecurity activity is focused on the latest and most terrifying threat or breach, or the latest tool or technique to deal with an individual type of incident, that people lose track of why they're doing what they're doing.  Not seeing the forest for the trees is a pervasive problem.

Even when you come across some mention of strategy, it is focused on "a strategy" used by a particular organization for budgetary justification.  These statements don't need to make conceptual sense, since they serve a political function rather than actually guiding security organizational and operational plans.

Here is a strategy that you can actually use.  It actually addresses the question "are we secure enough?" and if the answer is "not yet", provides a way to figure out how to get to that happy state. Unlike any strategy that I've ever seen, and I've seen a lot of them, it incorporates a way to approach cybersecurity that is not for losers. Winning cyberwars and cyber-engagements requires a new way of thinking about security, and this strategy begins to provide one.


When your house gets flooded, as mine was a month ago, you learn that you are dependent on more services to maintain a civilized lifestyle than you were aware of.  In elementary school, I learned about "food, clothing, and shelter".  Here's what's needed in reality.
  1. dry shelter. As long as your furniture & bed are above water, you can wade from one room to another.
  2. drinkable, "potable" water.  In hurricane-prone areas, we are told to keep a week's worth of bottled water on hand throughout hurricane season, which officially lasts from June 1 through November 30 for the North Atlantic and Gulf of Mexico areas.
  3. electricity - this powers my water well, among other things.
  4. sanitation - flush toilets need water to function
  5. communication - we used to rely on radio and TV, but cellular voice and data are even more important these days.
  6. transportation - the car needs to be kept out of any flood waters, and supplies need to include fuel.  Also roads and gas stations need to be functional.
The people who keep all of these working don't get enough credit during ordinary times.  In times of disaster, they become heroes.

Friday, July 14, 2017

The Internet of Things Will Never Get Hypergrowth

Because client-server architectures preempt Metcalfe's Law.

Many investors, including myself, are looking for just the right combination of infrastructure or application components that when put together with insightful, competent management, will provide the kind of hypergrowth that social media companies like Facebook, Snap/Instagram, and even Twitter have experienced.  If you find the magic formula, you'll become very rich, very quickly.  With the IoT, it's not going to happen.

What do social media have that the IoT doesn't?  Superlinear scaling of value.  Metcalfe/s  Law observes that the value of a fully interconnected network such as Ethernet or the Internet increases as the square of the number of nodes.  For a social network, as individual participants  connect to a linearly increasing number of friends, the value of Facebook as a whole increases as the square of the number of participants.  This phenomenon and its consequences have been discussed many times - a quick search found a collection by Dion Hinchcliffe of 22 nonlinear scaling laws for social media.

The same perspective can be applied to the IoT, but I haven't seen it discussed this way, perhaps because the implications are not so wonderful.  IoT devices at the edge of the network, unlike people, don't have individual networks of friends -- they talk only to their servers.  This means that when more things connect to the IoT network, the value of the network only grows in proportion to the number of devices, rather than to the number of devices multiplied by the number of each device's own "friend" devices.

There are vast opportunities to automate everything under the sun and connect everything to the internet, but the value of doing that is "only" going to be vast, rather than hyper-vast.  No supereconomies of scale, no monopolistic concentration of winners due to network effects at the edge.  The hyperscaling opportunities are all in the backend datacenters, where we already have winners in the cloud space:Amazon Web Services, Google Cloud, and Microsoft Azure.  It's already too late to displace them.

Tuesday, July 11, 2017

Top Security Blogs

Feedspot recently posted its list of the Top 100 Information Security Blogs for Data Security Professionals.  I follow about 20 security blogs myself - see the list to the right for some of them.  My list has 6 overlaps with this list.

Wednesday, April 26, 2017

Top 5 things wrong with the USA

Just getting them off my mind... plus an extra that just makes everything worse.

  1. Lack of economic growth.  Thomas Piketty's Capital in the Twenty-first Century makes a pretty convincing empirical case that lack of growth is the cause of inequality.  A tide that rises fast enough lifts all boats, even leaky ones.  Problem: nobody understands where growth comes from.  The prevailing theory in economics treats the main driver of growth, which is mostly technology, as an empirically determined, external parameter, like the value of the fine structure constant in particle physics.
  2. A healthcare system that puts profits ahead of patients.  Ramez Naam has a brief list of things that need to be fixed, short of instituting a "medicare for all" single-payer system.  Medicare has its problems, to be sure, but it's a basis that is already in place and can be patched incrementally.  Of Naam's list, his number one is also my number one.  You can't have a functioning market if prices are kept secret and you don't find out how much an item or service costs until after you've bought it.
  3. A bloated and inefficient military establishment that assumes unilateral responsibility for global peace.  In 2016 the US spent more than the next 8 largest countries combined, according to the Stockhom International Peace Research Institute.  Other countries that the US defends derive some of their prosperity from our protection, at our expense.  They need to provide their fair share.  If the US could convert just the waste component of its military and healthcare spending to infrastructure spending on roads, sewers, water supplies, electrical and internet distribution, not to mention bike lanes and high-speed rail, the growth problem would be nearly solved.
  4. A gerrymandered, hyperpartisan political establishment that puts party interests ahead of national and state interests.  This appears to be an inevitable consequence of a two party system.  The fix for partisanship is to get rid of "first past the post" voting systems and adopt some form, any form, of preference voting.  Simple to understand and easy to compute is more important than perfect accuracy or fairness.  Election integrity must be assured by auditable paper copies of ballots and routine audits.  Getting rid of the electoral college via the National Popular Vote interstate compact will help a lot Presidential politics.
  5. Worsening climate and environmental trends.  It's not too early to think about converting from a "no net loss" mindset to working on reversing the damage.  A useful analogy for climate change is that when your house is on fire, you turn off the gas, and don't add more fuel, regardless of how the fire started or what is the main component that's burning.  We can do this.  We did it with fluorocarbons and the stratospheric ozone layer, and we did it with acid rain.  The Clean Air Act and the Clean Water Act are working and need to be strengthened. (You still need a gas mask to drive down Tidal Road in Deer Park near the San Jacinto battlefield.) We can do it with greenhouse gases, too.
  6. And to top everything off, macroeconomics, the portion of economics that is addressed to economies as a whole, is a cargo cult more than a science.  It has all the trappings of science: highly mathematical papers in prestigious journals and serious pronouncements at important conferences, but its foundational principles ignore with pride major components of real economies such as finance and distorted markets. Nobel Memorial Price winning economists write entire books explaining that the goal of economics is to make up plausible stories with no concern for whether they are actually true.  This has to stop.  Economics needs to adopt the hypothesis-testing methods of all other sciences, and abandon theories that fail to describe reality as it is.  The observation of the biologist Thomas Huxley, "The great tragedy of science - the slaying of a beautiful hypothesis by an ugly fact," needs to be extended to economics, where there are ugly facts in abundance.  That this may devastate much of historical economics simply means that the next generation of economists has great opportunities ahead of them.

Friday, February 03, 2017

Constitutional secession without amendment or war

I've figured out a tricky way to do it - it will surely work for border states; interior states not so clear.  Call the process Territorial Reversion and Release.  Here's how it would work.  Redraw the borders, converting 99% or less of the state to a territory, and leaving a tiny remnant to retain the un-secedable state identity.  The remnant doesn't even have to be contiguous with the other 47, as Alaska and Hawaii have proven already.  Then give the territory its freedom.

There are precedents for each of these steps.  Redrawing state borders happens occasionally without any fanfare, for example when a border is defined by a river and the river changes course.  The majority of the land in California could be redrawn to become Eastern Guam, for example.  One of the military bases could become the capital of the remnant State of California.  China Lake Naval Air Weapons Station, at 4500 square kilometers in size, is larger than Rhode Island.  Camp Pendleton is the California base with the most people, though -- China Lake is mostly bombed-out desert.

Then you give the Territory of Guam its freedom.  Freeing territories happens all the time, equally without fanfare, because those territories are usually parts of the US that we don't have much interest in anyway.  The biggest release that I can think of is the Philippines, which were acquired by the US following the US victory in the Spanish-American War, and released as an independent country in 1946.  Once Greater Guam has been given its independence, it can change its own name to New California, and dispose of the Island of Guam as it wishes.  It could even lease the airbase there back to the US for additional income.

In a similar process, Texas could combine with Puerto Rico or the Virgin Islands.  Fort Hood could become the new capital of Texas, although it might be more sensible to the have Panhandle with Amarillo or the Big Bend and El Paso become New Texas, adjacent to New Mexico.  The hardest part would be Texans' ornery, uncooperative nature, which would make them averse to joining forces with another territory to achieve a common goal.  The New Texas Republic would probably want to keep Puerto Rico as a subject territory itself, just out of spite.

Thursday, December 29, 2016

Predictions - mostly long term

'Tis the season... Here are a couple:

All pundits are wrong, some are useful.  The great industrial designer Raymond Loewy had a phrase for how it's necessary to moderate your views in order to maintain an audience, yet stay "edgy" and interesting: MAYA - Most Advanced Yet Acceptable.

Pundits like to make short-term predictions, and assert them with vast confidence.  These are long term, and uncertain.  Students of mathematical chaos know that the only thing that is certain is that conditions will diverge from their current state faster and faster.  Even how fast they diverge is uncertain in today's world.

Nevertheless, demographics and economics are destiny.  Unless the GOP changes its approach to Mexico and immigration, hispanic populations will continue to grow faster than anglo groups, and Texas will become purple, then blue, and due to its 36 electoral votes, Donald Trump may be the last Republican president for a long, long time.   One wildcard move might be to switch allocation of electoral votes from winner take all to proportional allocation.

Decarbonization of the energy ecosystem continues. It's been ongoing for a long time, but an improvement path that doubles the cost-effectiveness of renewable power every 8-10 years is incomprehensibly slow for the typical news consumer, until some threshold is passed and suddently everything is different.  We're just about at that tipping point.

Fracking has lowered the cost of natural gas so much that it's half the cost of gasoline and diesel fuel per BTU equivalent, and is displacing them on some long haul routes - on a road trip over the holidays I passed a UPS truck that was running on compressed natural gas.  The low price of natural gas is also driving the extinction of coal-fired electric power plants.  EPA regulations requiring expensive pollutant removal can be fought in Congress and legislatures, but lower prices require fighting petroleum companies - a much tougher opponent.

IEEE Spectrum, a magazine directed at electrical engineers, who should not be easily spun in their area of their expertise (although the article's comments suggest otherwise), reports that "According to the venerable financial advisory firm Lazard Ltd. Thanks to falling costs and rising efficiency, reports Lazard in an analysis released in September, utility-scale installations of solar panels and wind turbines now produce power at a cost that's competitive with natural gas and coal-fired generating stations—even without subsidies."

The University of Texas at Austin Energy Institute released an interactive US map of the Full Levelized Cost of Energy for various technologies, with county by county resolution.  It shows that for a large portions of the US, wind and solar are already cheaper than fossil fuel and nuclear sources.  Don't like their numbers?  You can plug in your own rates and see how the boundaries move.

I grew up with "our friend the atom" and the prediction that in the future, electricity from nuclear power will be "too cheap to meter".  I recently realized that this promise has come true, except that it's for rooftop solar power.  The nuclear furnace has simply moved 90 million miles away.  That's close enough for me.

Thursday, December 01, 2016

Follow the money: Or, Corporate mission motivations for security among the big 5 internet companies

SF writer & design theorist Bruce Sterling calls them "the stacks": Facebook, Amazon, Google, Apple, and Microsoft. Giant tech companies that are competing to own your digital life.  These are companies for which the phrase "the X way of life" potentially makes sense.  (It's very hard to make a pronouncable acronym out of any permutation of AAFGM.  The best I can do is FAGAM.)

They all have to be secure to a certain degree, and they all do a pretty good job.  But some of them have a corporate mission that gives them comprehensive motivation to weaken the security that they provide in certain ways that they might consider minor, but that you or I might consider important. Here's a simple table that lays out those missions and their implications for security and privacy.

Company: Facebook
Hardware: None
Software: Facebook.com
Revenue source: advertising
Mission: connecting people together as a means to show them ads
Security implication: they will harvest and organize anything they can find out about you, and use that information to present you with targeted ads.  They may sell categories of people to advertisers, but the details that they know about you are their competitive advantage, so they will work to keep that a trade secret. However, trade secret protection efforts don't extend to government requests for information when they're accompanied by warrants, subpoenas, National Security Letters, or similar lawful demands.

Company: Amazon
Hardware: Kindle e-reader, Amazon Fire tablet (phone discontinued), Echo (how do you describe this?), Dash (pushbutton ordering), Amazon TV webTV box (is this still being produced?)
Software: amazon.com
Revenue source: retail "catalog sales", distribution for other retailers, music, video, advertising
Other businesses: Amazon Web Services, the original cloud server platform, bigger than all its competitors combined.
Mission: making it easier to buy more stuff from them
Security implication: they will harvest and organize anything they can find out about you, mainly from your purchasing and search/browsing history, in order to present you with compelling opportunities to buy more stuff. They may sell categories of people to advertisers, but the details that they know about you are their competitive advantage, so they will work to keep that a trade secret. However, trade secret protection efforts don't extend to government requests for information when they're accompanied by warrants, subpoenas, National Security Letters, or similar lawful demands.

Company: Google
Hardware: Android phones, Chromebook/Chromebox web PCs, Google Home (like Echo), Android Wear smartwatch, Nest smart thermostat, Chromecast webTV box
Software: google.com search, maps, YouTube, Gmail, Google Play app store for Android & Chrome, etc.
Revenue source: advertising, limited royalties from Android & download fees from the Play store, royalties from movie and music views/listens
Other businesses: Google Cloud, lots of high-profile research projects that may never pan out
Mission: "organize the world's information" and deliver ads to people who use that organization
Security implication (1): they will harvest and organize anything they can find out about you mainly from your search/browsing and purchase history, in order to providers with more effective ads. They may sell categories of people to advertisers, but the details that they know about you are their competitive advantage, so they will work to keep that a trade secret. However, trade secret protection efforts don't extend to government requests for information when they're accompanied by warrants, subpoenas, National Security Letters, or similar lawful demands.
Security implication (2): Android phones, on the other hand, are not sold to you by Google(*); they're provided by cellular carriers. These carriers don't get any value from the information on the phone - a phone is simply a vehicle to sell cellular service.  If you buy an insecure phone from a cellular phone store, the carrier will still get the same amount of money. Even if the customer becomes unhappy with security issues, the damage goes to the phone brand, not to the carrier brand. Patching security defects is  simply a cost with very little benefit.
Security implication (*): Unless you buy an unlocked phone directly from the phone manufacturer. For phones other than Google Nexus or Google Pixel, the hardware manufacturer can still shift the blame for problems to the OS provider, i.e. Google, so their motivation to fix software security defects is less.
Security Conclusion: if you must get an Android phone, get an unlocked Google phone directly from Google.

Company: Apple
Hardware: iOS phones & tablets, MacOS/OS X notebook & desktop PCs, Apple Watch smartwatch, Apple TV webTV box
Software: iTunes music & video, Beats Audio, iCloud services:mail, calendar, etc.;  Apple app store for iOS & OSX, etc.
Revenue source: sales of devices, royalties from iTunes purchases & app store purchases, Beats subscriptions
Other businesses: none
Mission: produce products with "insanely great" design and quality, via a closed ecosystem in which those products "just work".  This mission has been losing energy in recent years.
Security implication: the only one of the Stacks in which business interests are fully aligned with consumer interests.  The only one which doesn't make any money by selling customer information. Apple has made security an explicit brand differentiator.  Nevertheless, Apple can collect significant amounts of customer information in the course of providing a superlative user experience, from sources like iCloud, Apple Mail and Maps, and Siri.  As with the other stacks, Apple is motivated to keep details about the content and analysis of this information a trade secret.  However, trade secret protection efforts don't extend to government requests for information when they're accompanied by warrants, subpoenas, National Security Letters, or similar lawful demands.

Company: Microsoft
Hardware: Surface hybrid tablet/PC, Surface Studio desktop, XBox gaming system, various peripherals
Software: Microsoft Windows, Microsoft Office, Microsoft Office 365, Windows app store
Revenue source: royalties from preloaded system & other software, enterprise & individual licenses for games, Office and other installable software, enterprise & individual subscription revenue from Office 365 etc., advertising on Bing & other cloud products
Other businesses: Bing search, Azure cloud, enterprise software including Windows Server, SQL Server, Microsoft Dynamics, etc.
Mission: maintain market dominance as the largest "software company"
Security implication (1): They will exploit their near-monopoly position in the OS space to drive user behavior to their other products and services, including advertising. They will harvest and organize anything they can find out about you via Bing, Cortana and other means, and use that information to present you with targeted ads.  They may sell  categories of people to advertisers, but the details that they know about you are their competitive advantage, so they will work to keep that a trade secret. However, trade secret protection efforts don't extend to government requests for information when they're accompanied by warrants, subpoenas, National Security Letters, or similar lawful demands.
Security implication (2): Microsoft's enterprise customer base demands security and has the technical expertise to recognize when they're not getting it, so Windows 10 Enterprise Edition is potentially the most secure OS ever fielded in large scale. (Linux fans will disagree, but they're quite wrong, in more ways than most of them can imagine.) Consumers don't have the expertise to perform detailed security management, and are cost sensitive, so Windows Home Editions are configured less securely, and are missing key security features  such as Bitlocker and TPM support.
Security conclusion: if you must get a Windows PC, get a business PC with a Pro or Enterprise Edition of Windows, and make the effort to turn on the security features and configure them effectively.

Wednesday, September 21, 2016

Russian robot makes break for freedom

Twice!  Another robot is arrested in a political demonstration..  Or should that be "awareness impaired robot wanders off aimlessly, but is soon rescued" ?

As someone who's had near exposure to age-related dementia and runaway children I suspect the latter.

Wednesday, August 10, 2016

Insecure boot for Windows

  1. If you don't own the hardware "secure root of trust" and the encryption keys that it contains, it's not your computer.
  2. Many vendors still don't include a hardware security module (TPM) in consumer PCs.
The Register's headline says most everything else that needs to be said:

Tuesday, August 09, 2016

more causes of stagnation

Economists are puzzled why macroeconomic growth seems to have slowed to about half the rate that it was over most of the twentieth century.  They have lots of ideas, but don't seem to be able to grasp the notion that there may be no single cause -- economic growth, and its faster or slower rate, may be a multifactorial phenomenon.

Here's a simple hint for any economists who may read this about how to deal with multifactorial problems.   Consult with statisticians for technical details and more clarity.

When you examine a noisy complex phenomenon, you'll have many possible factors contributing to it.  Each factor is correlated with the phenomenon to a greater or lesser degree, and Each factor is correlated with each of the others.
As a first approximation, assume that each factor contributes linearly to the the phenomenon.  The statistical framework for this is called the "general linear model".  In possibly excessively simple terms, the square of the correlation coefficient between the factor and the phenomenon is the "variance accounted for" by the factor.  When you have enough factors to account for 100% of the variance, you've completed your model of how the phenomenon is composed.

Or you could use factor analysis to discover how the factors are related.

I don't understand why economists aren't doing something like this already.

Statistical preliminaries aside, I have two ideas about why this slowdown occurs  that I haven't seen discussed.

The complexity barrier of economic systems is being reached. Here's how this works: total growth is a battle between forces for growth and forces against growth. Both of these are accelerated by economies of scale and diseconomies of scale.  For normal sectors, the existence of fixed costs and per-unit costs and unit-based revenue lead to growth with economies of scale.  In industries with network effects and technology feedback, such as information technologies, you can have exponential, accelerating growth.  However, in material industries, at some point resource limitations begin to kick in and unit cost increases with scale, even with sustainable resources.  With unsustainable resource needs, costs grow hyper-exponentially as the proportion of resources used grows ever-closer to "all of it".  This is what "peak oil" activists rant about, for example.  Substitution effects and technological advances can offer an escape from these limits, as solar and wind energy replace fossil fuels, and hydraulic fracturing makes new oil resources available.

In evolutionary systems, there is another source of exponential increases in costs.  Evolutionary systems grow in scale and complexity because "there's always room at the top".  Growth in scale is limited by the allometric square-cube ratio, where the costs of maintaining a 3-dimensional body grow as the cube of its size, while the amount of support and resources needed to sustain it grow only as the square of the size.  Systems composed of networks, e.g. brains and ecosystems and economic systems are limited by the exponential "combinatorial explosion" in the size of the state space of the system needed to be searched in order to find an effective functional process, in comparison with the diameter of the network.

The financialization and servicization of the economy is adding less than the dematerialization and globalization of the economy is taking away.  Here's an example.  In a recent interview with Barron's, the CFO and CEO of HP Inc. explained that the company's PC business has infinite return on invested capital.  If this were a conventional economy, that would mean that any additional investment of a few dollars in capital should create enormous profits.  Yet their PC business is barely profitable and is sustained by huge cash flows.  For HP, a large ROIC is the result of not investing, rather than an incentive to invest.

[I need to reboot my PC.  More on this soon]
[original post 2016-08-09]
[update 2016-08-27: added more on complexity]

Sunday, July 17, 2016

Why I'm not upgrading to Windows 10

I tried...  Actually, I tried three times and succeeded once, I think...

I have two Windows PCs, an HP Envy x360 hybrid notebook/tablet that came with Windows 8.1, and an HP Pavilion that came with Windows 7 and Microsoft Media Center.  Media Center is a TV tuner and DVR.  Since I have a rooftop antenna and live in a large metro area, I get something like 75 broadcast channels.  I've cut the cable/satellite TV cord and never looked back.  The only cable channel I miss is Speed TV and its Formula 1 races.  I have a Roku player which gives me so many free movies that I don't even subscribe to NetFlix or Hulu any more.

The Envy has worked fine with Win8, but it developed severe power management problems after its first Windows 10 upgrade, to the point where it wouldn't even boot.  It was going to take a return to the factory to get it fixed, but I finally tried a Windows 8 factory software restore, which wiped out all my data (I have backups) but magically fixed the problem.  

Six months later, hoping that HP and Microsoft had found and fixed some firmware bugs behind the scenes, I took the upgrade offer once again.  This worked even more smoothly than the first attempt, and seems to have succeeded fairly well.  The system still has problems shutting down when I close the lid, and staying down after I do a manual Sleep.  I'll put it to sleep in the evening, and when I come back in the morning, it's on and running hot.  Sometimes a Shutdown won't complete and I have to do a hard halt by holding the power button down.  These kinds of problems happen every few days.  It's been a month and a half since the upgrade, and the trend seems flat.  As long as the problems don't get worse, I can live with this.
I like the Windows 10 user interface, but I rarely use Tablet Mode, even with the screen folded back.

I don't have any problems with Win7 on the Pavilion, but decided to try the upgrade offer before it expired.  A few steps into the process, the system kindly announced that Windows Media Center is not supported on Windows 10.  Sorry, Cancel. The backout process worked smoothly.  The display for this system is a 55" HDTV, which has its own tuner, but I really need the DVR capability in Windows Media Center.

I guess I'll stay with Win7 for this system until something breaks or a major change in capability arises that needs new hardware.  I used to replace my PC every two generations, but there's nothing revolutionary on the horizon these days.  "The Machine" from HP Labs is pretty revolutionary, but the project has gone quiet recently, and Meg Whitman has replaced Martin Fink as CTO and director of HPE Labs, suggesting that he wasn't meeting his promises for progress on heir number one R&D project.  The potential of memristor is enormous, but trying to get it into a cost-effective commercial product may have been more difficult than it appeared.

Friday, June 24, 2016

Why the bad guys win

The US NIST has released a draft of SP 800-179, Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist, It's 65 pages long, with 10 appendices adding another 48 pages.

There's no doubt that these are useful, important configuration parameters that have to be set correctly in order to exclude attackers from their targets.  But how many professional system admins are going to follow these guidelines, and make intelligent, threat-sensitive decisions on which ones to modify, and then reliably apply them to all the OS X systems under their control?  I don't think very many -- a sysadmin's first job is to keep the systems ruining, and most IT managers are under such budget pressure that they barely provide enough resources to accomplish this task.  Operational security such as this kind of configuration management is far too often left as a secondary task, performed to satisfy the justifiable professional pride of the admins.

Security advocates have been pushing the concept of "secure out of the box" for more years than I can remember any more.  Why are these settings not the defaults?  I blame the customer. If security isn't important enough to that security issues lead to more lost sales than the cost of securing the product, the product won't ship in a secure configuration except in the easy aspects.

Wednesday, February 17, 2016

What's the next step to greatness for Hewlett Packard Enterprise?

Short answer:  spin off HPE Services and the HP security products, then move into IoT for building and manufacturing systems. Recognize the HPE's mission is to provide smart infrastructure for enterprises.  (Not "intelligent infrastructure" for software reasons described below.)

Update, 25 May 2016: HPE announced that it was spinning out its services division, which would merge with CSC.  Phase 1 complete.

Update, 9 March 2016: Trend Micro finally sent out a "Welcome to Trend Micro TippingPoint" email to its new customers.

Before The Hewlett-Packard Company split into HP Inc. and Hewlett Packard Enterprise, pundits were unable to recognize all the different things that the company did: they called it a "PC and printer company", and since "PC's are doomed", HP was also.  Now that the split has occurred, it's HP Inc. that's doomed, and HPE has already become invisible, except to a few specialists.

There are really two parts to this problem.  First, are they really doomed?  Second, can either one of them ever become great again?   "Doomed" in this context really means shrinking to a size where they will be purchased by another company -- chapter 7 bankruptcy with dissolution of assets almost never happens for corporations any more.  Big companies like HPQ and HPE can survive by shedding unprofitable assets for a long time.  Even after purchase, brands can stay around for a long time.  When HP merged with Compaq in 2003, the Compaq brand stayed around for at least ten years afterwards.  Both companies have decade-long contracts with organizations like government agencies that will produce revenue for many years regardless of what happens to the company's big picture.   If they're doomed at all, their doom will take the form of a long, slow fading away.

Can they achieve greatness again?  We need to understand what makes a great company to answer that.  A company has three constituencies: its customers, its employees, and its investors.  To be great, a company has to be great in the eyes of all three.  Customers want great products.   Employees want to build great products, but they also need great pay scales and great working conditions.  Investors want great profits.  A company also needs a compelling mission in order to pull these factors together into a coherent picture.   When HP was an instrumentation company, its mission was clear.  The mission of HP Inc. is coming into focus, while the mission of Hewlett Packard Enterprise remains very muddy and hard to characterize beyond "buy the stuff that we make and the things that we can do for you".

There's a chicken and egg problem here: it takes great employees to build great products; customers produce great revenue from great products, which allows management to support great employees and to return great results to investors.  It's an unstable dynamic system, which is seeded by investments and can grow in a virtuous cycle, or drain into a vicious cycle of deterioration.  It's also an open system, with strong exogenous influence from global economics and technological successions.  As global companies, both HP's have been battered by the global economic downturn of the great recession and by "currency headwinds" as the US recovers faster than the rest of the world. In the face of a leaky boat in a storm, throwing furniture overboard may buy some time to fix the leaks, but a boat without furniture is no longer great transportation.

The common control parameter on all three aspects of greatness is net profit.  Not necessarily profit margin per unit sold, but profit per employee and profit per share.  Profit per unit sold can be low as long as there are economies of scale in production and delivery.   These are obtained by delivering great products that "everyone" wants, and by focusing on simplification and sharing of product capabilities in order to obtain amplification of the effect of great components resulting in effective scaling without loss of attractiveness.  Both HP's produce more individual products and services than they can count, and this represents an absence of focus that prevents effective scaling, causing their margins to be lower than they could be.   Large catalogs can be effectively scaled by employing the principles of hierarchical decomposition that are second nature in software architecture, but the top levels of the hierarchy can't be coordinated without a coherent mission.

Of course the PC that represents HP Inc. isn't doomed, any more than Apple is doomed after posting the most profitable quarter by any company in history.  Ironically, the people who are writing those doom stories are writing them on PC's and they have no plans to change.  Anyone who thinks that you can get any significant work done on a phone, or even a tablet, is out to lunch, and it's probably a three-martini lunch as well.   Nor is HPI's other branch, printing, doomed, despite decades of hype for the "paperless office".   Ink on paper still has advantages in legibility in bright sunlight, long term information stability, and low power consumption that are unmatched by any existing technology.  People are still going to be taking books to the beach instead of tablets or even e-Readers for a long time. There are technologies in existence in various labs that may change this in the next ten years for the handheld device, but it will take many decades for ambient imagery, that is package labels and signage, to become active and ink-free.  In any case, HP Inc. has a plan for entering and dominating a new, highly hyped market, namely 3D printing with its Multijet Fusion technology.   Execution errors are always a possiblity, but an HP that has market-leading positions in notebook and desktop PCs and PC displays, and consumer printers and industrial digital printers in 2D and 3D promises a growth trajectory that could be compared to the HP of the 1960s through 1980s without embarrassment.

Hewlett Packard Enterprise has a tougher problem.  They are burdened with a four-part strategy with two and a half weak components.  The four parts are a server hardware line ranging from small business servers to supercomputers and HP's own NonStop brand of mainframe, an enterprise networking business with significant capability in campus wireless networks, a disjointed security portfolio, and a large services division whose mission is to pull it all together.

Just like the PC is doomed, the server and company-managed datacenter is doomed, except for the small market in the highest-end mainframes and supercomputers, displaced by cloud computing providers, which are dominated by Amazon Web Services with Microsoft Azure and Google Cloud Services following at a long distance, and a bunch of small companies that will be losers in an ecosystem where Metcalfe's law operates.  HP Labs has a project for a revolutionary computer architecture called The Machine, which if it succeeds, will put the final nail in the coffin of the storage media industry, which is already being disrupted by the displacement of rotating disk media by solid state flash memory.  HPE's enterprise systems division gets a large portion of its profit from their 3PAR storage unit, and will be disrupted as much as anyone by this technology transition.

A services business is an impediment to greatness, because it is so dependent on massive quantities of people.  These people are continually subject to being displaced by automation and other economies of scale, which cloud computing is driving to occur at a faster rate than ever before.  Un-automated people are a burden on profit margins.  The stresses on the morale of services employees continually fighting to not be below the line when the workforce reduction trimmer makes its next pass turns the employee's goal into mastering the internal politics of the company rather than solving customers' problems, which is a distraction that impairs productivity and blocks the achievement of greatness.  This is not only a problem for HPE Services; IBM, Wipro, Tata and other computer services companies have the same problem.  IBM's problems have been written about in depth by people such as Robert X. Cringely.

So the next big move for HPE is to spin off HPE Services somehow.  But without some other compensating move, the remainder of HPE will be below critical size for greatness, leaving it with the fate of other remnants of once-great computer companies that are still somehow surviving, like Cray, SGI, and NCR.

What else can HPE do?  One move is to strengthen its enterprise networking and security businesses. Networking capabilities continue to grow faster than Moore's Law, and enterprise campus networking will remain a field full of gaps waiting to be filled for the foreseeable future.  The wired LANs threading throughout buildings will be displaced by wireless LANs or 5G cellular microcells, but need for physical onsite infrastructure means that there is no company like Amazon on the horizon able to undercut every other competitor on price and offer more sophisticated services at the same time.

Stronger enterprise networking is not a significant enough change to compensate for the loss of a services division, but it provides a hint to a worthwhile direction.  Underneath the wireless future of office networking is the automated control of the buildings that support those offices, that is, the HVAC, lighting, and security systems.  These are part of the trendy, explosively growing Internet of Things environment.  HPE could achieve significant product synergies by acquring a building management systems company such as Johnson Controls, and optimizing their management and security to work with HP networking infrastructure.  Johnson Controls itself is probably inappropriate at this time due to its pending merger with Tyco and their investment in legacy systems, but a smaller, more progressive company in the same area would offer a strong foothold in the IoT space for HPE to build on.

The next step in IoT development beyond building management would be factory systems management refreshment.  Manufacturing SCADA systems worldwide are notoriously old and insecure, and need to be upgraded to modern capabilities.  HP is known for its ability to drive and implement open standards; manufacturing IoT is small enough for HP to have a significant impact on it, rather than being a passive recipient of server orders from giant companies like General Electric that have already announced their intention to focus on IoT as a key portion of their corporate strategy.

I haven't mentioned software in this discussion, because HP has always been at its heart a hardware company.  HP's forays into software-dominated businesses have almost invariably been failures.  Autonomy and Palm are notorious failures by HP; does anyone even remember Mercury Interactive?   Software companies need a critical mass of executives who understand programming and programmers, and an HR department that can structure compensation and benefits structures that correspond to programmer and software architect design skills and workstyle needs.  Trying to combine the hardware engineering culture with the software development culture is an almost impossible task, and the culture clash friction will be an impediment to greatness.  Because of its low manufacturing costs, success in a software business is dominated by Metcalfe's Law, which implies that there will be only a few huge successes in any area, and a long tail of also-rans that will inexorably fade away.   Solutions that are tied to hardware are immune to attack by free software, since the free software reduces the market equilibrium cost of the hardware-based solution, rather than reducing its price.

I haven't mentioned security, because security is an attitude, not a solution.  There isn't a unified security market or security industry.  Security remedies only exist because of security failures somewhere else.  In fact, you could say that "for every product or solution, there is a corresponding security product or solution".   Yes, this applies to security products themselves -- we call the corresponding security response to failures of security solutions "defense in depth".  In other words, there is no possibility of a comprehensive, coherent security portfolio -- there are only a bunch of partial, point solutions.    Trend Micro announced last October that they would buy HPE's TippingPoint intrusion prevention system product line, although there's been no followup news four months later.  In order to bring more coherence to its solution portfolio, HPE needs to either acquire a full-range security company (doesn't seem likely to me) or get rid of the remainder of its security products, ArcSight and Fortify.   Like there is "no silver bullet", there's no single path to security greatness -- greatness in security is a side effect of greatness elsewhere.  HPE's path to greatness doesn't want sideshows.

As with HP Inc., Hewlett Packard Enterprise has severe challenges in execution along its return to greatness plan.  Even assuming perfect execution, successful strategies for HPE are very hard to imagine.  This is one of them.

Friday, February 12, 2016

Why Windows 10 could be the most secure mainstream OS

Because of Isolated User Mode and Device Guard.  Start by remembering that kernel bloat is an insidious disease.  I'm not going to expound here on why kernels should be kept as minimal as possible, and separated by hardware protection from all other functions, just take that as a basic premise.

In the beginning, there was no separation between user processes and kernel processes.  MS-DOS and early versions of Windows are examples of this, as well as the first 9 versions of Apple's OS.Separation of kernel mode from user mode famously begain with MULTICS, with 8 "rings" of protection.  Unix, as a simplification of MULTICS, has only user mode and kernel mode. Windows NT introduced separation between user mode and kernel mode into the Microsoft world, while OS X introduced it to the Apple world.  OS X incorporated the Mach microkernel, which put device drivers in hardware-separated space.  For a long time OS X was the most secure kernel of any mainstream OS.  But Apple succumbed to the temptation of kernel expansion, and its kernel is now as bloated as any.

Windows after NT, like Unix and Linux, was always a fat kernel.  But Windows is less secure than Linux because users normally have admin access, which allows a malicious user process to install malicious into the kernel.  Once the malicious process is in the kernel, it can steal passwords and other secrets, and thanks to a weakness in Active Directory and Kerberos, can use them to move onto other systems in an enterprise using a technique called "pass the hash".   With pass the hash, the malicious code doesn't even need to wait until some user actually types a password, but can use the stored, encrypted password at any time.

Now, with Device Guard, device drivers are signed and isolated, so that a malicious driver can't be installed, and even if it's installed, its code can't get into the kernel in order to steal passwords and other secrets.

Isolated User Mode is even better.  It takes the stored, encrypted passwords and moves them out of the kernel, and into a hardware-isolated space.  Documentation on IUM is hard to come by, but there is a very good series of videos on Microsoft's channel9 video site where it is explained by Dave Probert.  Videos are usually pretty inefficient at communicating technical stuff,  but in the absence of white papers, these are pretty good.

Part 3: More on Process and Features

Thursday, January 28, 2016

The Zeroth Law of markets with effective competition

This is the one that market "analysts" never tell you about.   In a market with effective competition, prices fall to meet the cost of production.  Barring conspiracies to fix prices (explicit cartels, or implicit "gentleman's agreements"), there's always someone who is willing to trade profit margin for market share, leading to the famous joke "we'll lose money on every unit, but make it up on volume".  Unfortunately I've worked for companies that acted like this in real life.

The result is that you can tell how efficient a market is by how close the average participant is to bankruptcy.   Post-deregulation airline companies have a good example of this.  I've seen claims that since deregulation in 1978 the air transport industry as a whole has still not made a cumulative profit.

Financial economics has a very influential concept called the "efficient market hypothesis" which suggests that trying to pick stocks that beat the whole market is always going to fail over the long run.  The fact that there are many industries where nearly every participant is profitable provides clear evidence to me that the EMH is basically false.  But an academic economist can have a quite successful career exploring all the myriad ways that markets can fail to be efficient.

Thursday, January 14, 2016

The second law of unregulated market self-destruction

The first law being "Unregulated markets destroy themselves" via monopolies, cartels, or other phenomena that result in price fixing and breakage of the price setting and production regulating functions of supply and demand.

The second law (okay, it's technically a hypothesis or conjecture at this point, but I'm confident about its correctness) is more complex. "Unregulated market economies destroy themselves" via a process whereby monopolism leads to concentration of wealth in high income brackets, and financialization of wealth management in contrast to invest leads to emptying of the middle class and corresponding loss of demand.  Loss of demand leads to lower prices, which creates a deflationary and recessionary death spiral.

If this sounds much like the situation that a lot of the world is in these days, and the "great malaise" that Joseph Stiglitz is writing about, that's not an accident.

Sunday, January 03, 2016

The new evolution slogan

Darwin's original slogan, "Survival of the fittest" is confusing: "fittest" means something quite different from athletic capability, and "survival" has nothing to do with longevity.  Here's something significantly better:

Selective differential replication.

or in a somewhat longer form:

Natural selection of spontaneously varied different heritable characteristics.

It's amazing how difficult it is to condense the key concepts down into three or four (or 8) words, and how slippery that optimal combination of words is even when you've found it.   I've been searching for this phrase for years, and have forgotten it at least once even after discovering it.

Saturday, September 19, 2015

US crude oil exports and global security strategy

In the U.S., export of crude oil is currently prohibited, and there is an ongoing debate about whether that rule should be changed.  The success of hydraulic fracturing in opening up new supplies of oil has driven the domestic price of oil below the global price, and oil producing companies are laying off employees left and right because oversupply has driven the price below the cost of production.  Those companies see a global market with higher prices, and are frustrated that they are not allowed access to it.

But if oil companies are able to sell globally at a higher price, that will reduce domestic supplies, and increase domestic prices, which will be bad for oil consumers, and bad for the domestic economy, so the politically sensitive regulators in charge of the export rule are would not be inclined to change it as long as they place the interests of voters ahead of the interests of oil company lobbyists.

So, what are the interests of US citizens, and can they be aligned with the interests of the oil companies?

The geopolitical argument for keeping the no-export rule is that the US gets mired in Middle Eastern troubles because we're dependent on foreign oil imports from countries like Saudi Arabia.  The sheikdoms and kingdoms in that region are as far from democracy as it is possible to get, and they support extremist religious ideologies like Wahabism that lead to war and terrorism.  But they have lots of oil, which we need and our European friends need, so we have to be nice to them.

If the US didn't need to import oil, the US could leave them alone to fight among themselves, and stop sending our troops and munitions to be killed and destroyed there.  So we shouldn't permit oil to be exported until the US achieves energy independence, and exports should be limited to only the excess after first satisfying 100% of US demand.

A longer term view suggests a different conclusion.  Allowing US oil to contribute to the global oil market will increase global supplies and reduce global prices.  This will reduce oil income to Mideast oil-producing states, and decrease their ability to finance their jihadist projects.  It will also increase domestic fuel prices, making renewable energy more attractive.  Increased demand for renewable electricity accelerates the technology-driven reduction in the price of renewable electricity.  Renewable energy is already cheaper than fossil energy in some regions of the US, and its adoption is being held back by regulatory shenanigans from coal and oil producers and by generation companies who are seeing their old power plants become uneconomical and major customers go away, never to return. Until room-temperature superconductors are discovered, there is no global market for electricity, and renewable energy is non-exportable.  Converting the world from oil to renewable electric power is good for both the environment and for US national security.   Lifting the no-export rule will accelerate this transition.

In the broadest analysis, civilization is at risk from deterioration in four areas:
  • Fuel supplies
  • Food supplies
  • Environmental services (clean air, clean water, climate stability, ecosystem stability, etc.)
  • Civil and international disorder
Lifting the no-export rule helps with 3 of these four areas, so everyone should be for it, not only oil companies.

Monday, September 07, 2015

The Water Knife

Paolo Bacigalupi's latest novel deserves a tweak to the old movie poster tagline "Ripped From Tomorrow's Headlines!"  Hollywood agents should be all over this property. Suppose James Bond worked for the South Nevada Water Authority instead of the British Government, in a landscape ranging from lawless slums matching those of Lagos or Mumbai to self-sufficient Chinese-built arcologies that would match any Bond villain's lairs in scale and luxury.  With Bond Girls who are not mere eye-candy: one a Pulitzer Prize winning journalist, the other am orphan Latina teenager with a .44 magnum pistol.

Not enough explosions, terrorists or smartphones, but plenty of gunfire, narco gangs and amputations in a world where Mad Max would feel right at home.  Refugees from Texas are a running joke.   It's all to realistic an extrapolation from today's incendiary political rhetoric and denial of the possibility that the 200-year drought that eliminated the previous civilization in the Southwestern US a thousand years ago could come again.   What will happen to your precious water rights then?   If Cadillac Desert serves as a precedent, it will take more than lawyers to keep the actual wet stuff flowing towards its rightful owners. The Water Knife don't need no double-0 license to do his work.

Saturday, August 08, 2015

Why tech is always a bubble

Ten years ago, at the height of the previous big tech bubble, economist William Nordhaus developed a model of retention of benefits from innovations with the startling result that only about 4% of the value ends up in the creators' pockets. His paper "Schumpeterian Profits and the Alchemist Fallacy" captures his analysis. Alas, like too many economics studies, it's written up as "theory first, data afterwards". (Rhymes with that remark by the Red Queen in Alice in Wonderland). Nevertheless, it's a useful antidote to the hype coming from the Silicon Valley venture capital community about "unicorn" companies like Uber.

Tuesday, May 12, 2015

Saturday, March 07, 2015

Seven ways the United States will end

Political pundit Matthew Yglesias has a long essay in Vox arguing that American Democracy is Doomed, maybe not today, maybe not tomorrow, but inevitably.  Yglesias doesn't go into details of the precise mechanism of collapse, although there are two sidebars that look at some of the options. Dylan Matthews lays out a sequence of events in which the presidency becomes more and more powerful, achieving the reality of right-wing rhetoric of "dictatorial executive powers" while still remaining elected, and where Congress degenerates into little more than a rubber stamp for executive decrees. Ezra Klein predicts that the current mess will continue to deteriorate, but everyone will just muddle through, making minor changes that alter the functional trajectory so that it never reaches a point of total collapse.

These scenarios don't begin to cover the range of different ways that the US could come to an end.  In particular, they ignore the role of the states, which are much more diverse and effective than  journalists steeped in Washington gridlock can imagine.  Here's a list of ways this could happen.

Constitutional Dissolution

The Constitution provides for several ways that we could get to a situation where there's an official legally arrived-at declaration that "The United States of America no longer exists".

  1. Constitutional Convention.  Article V allows for two-thirds of both houses of Congress or two-thirds of the states to call a convention to decide on amendments to the Constitution.  No limits on the quantity or content of the amendments are given, except that a state may not be deprived of its representation in the Senate.  The legality of an amendment that completely eliminates the entire Senate could be problematic, but in an environment where such an amendment could be ratified you could be skeptical that anyone would care about such a fine point.  A constitutional convention would have the power to completely rewrite the document and give the country an entirely new form of government, or to make any number of lesser changes.
  2. Congressionally-initiated individual amendments.  This is the way that the 17 amendments since the Bill of Rights have been accomplished.  Article V again prescribes that two-thirds of both houses of Congress shall propose the amendments, There's nothing in the Constitution preventing the proposal of a single amendment consisting of the text that "Articles I through VII of this Constitution are hereby repealed."  Since there are 7 articles in the Constitution, that would be everything except the Preamble.
  3. A Secession amendment.  The legal basis for the Civil War was that there is no provision in the Constitution to allow for exit from the Union. Politicians from one state or another occasionally threaten to secede from the Union.  Texans are famous for believing that as a condition for joining the United States in 1845, Texas reserved the right to later split itself into up to 5 states.  There are dozens of more or less well-organized secession movements across the country.  But you can tell whether they're serious or not by whether they are reaching out to other states for support of an amendment to make their rhetoric legal, since that amendment would need to be ratified by three-fourths of the states.  None of them are.
  4. De-facto secession. Since the replacement of the Articles of Confederation by the Constitution the issue of how much the federal government can override decisions by individual states has been contentious. Although Section 10 of Article I of the Constitution requires Congressional approval for any formal Compact between states, in the 20th century the coordination of virtual oligopolies among airlines, phone companies, and other industries without any explicit collusion between executives has developed into a fine art.  States could begin to informally coordinate their laws with each other in areas where they do not conflict with Federal laws, and agree to link them together in much the same way as the National Popular Vote agreements link the behavior of individual states' Presidential electoral votes together. These linkages would form a virtual regional government encompassing multiple states, and when enough states began to participate in such a virtual government, their legislatures could coordinate the policies of their respective Congressional delegations to provide Federal approval of formal Compact agreements permitting the creation of armies and the negotiation of treaties with foreign powers, becoming a new country to everyone in the world except the remaining portions of the legacy United States. 

 Extra-constitutional Dissolution

  1. Successful secession. Some die-hard Southerners still argue that the Army of the Confederacy could have won the war if only a few blunders like Pickett's Charge at Gettysburg had been avoided.  After a few dozen years of the kind of Washington gridlock that Yglesias decries and the election of a feckless president rather than the great one that we had in Abraham Lincoln, the outcome of some new secession attempt might be something like "just let them go".
  2. De-facto dictatorship becomes official.  At some point the Imperial President that Dylan Matthews envisions can decide that he's had enough of this pussyfooting around and pretending to defer to Congress, and declare himself President For Life, or even Emperor. This sequence of events has happened more times than any but the most compulsive historian can count, and dates back to at least the takeover of the Roman Senate by Julius Caesar in 49 and 48 B.C.
  3. Military coup.  During the chaos surrounding the attempted assassination of Ronald Reagan in 1981, at a White House press conference immediately after the incident while Vice President George Bush was incommunicado aboard Air Force Two, Secretary of State General Alexander Haig was asked "who's in charge?".  Haig responded, "I am in control...here."  Until the Vice President finally arrived in Washington, at least in the mind of General Haig, the Constitutional order of succession had been suspended, and a strong military personality appeared to believe that he had taken over the country.  A few hours later, word emerged that Reagan had not been so severely injured that formal transfer of Presidential powers to the Vice President according to the rules laid out in the 25th Amendment to the Constitution had been necessary.  For those of us who had seen the movie or read the book "Seven Days in May", it was a scary moment.

Thursday, January 01, 2015

The world is not falling apart

At the new year, the media are full of stories about how awful the past year was.  It's well known that good news doesn't sell ads as well as bad news, so it's important to maintain your perspective with information such as this article by Steven Pinker and Andrew Mack.

Sunday, August 10, 2014

past singularities

I came across a post by Cosma Shalizi listing some evidence that the Industrial Revolution qualifies as a technological singularity.  Shalizi has a very good list of criteria that should be satisfied in order for a singularity to be recognized.   As someone who did research in cell biology and in social sciences at different times long ago, I think there are a lot more in the history of life on the planet.  Here's a list of candidates -- most of Shalizi's criteria are met by each one.  Note that when I say "discovery" I mean discovery by "selfish genes" or "memes" that spontaneously replicate and are naturally selected for, not by individuals.
  1. The sequestration of molecular replication in membrane-bounded cells
  2. The switch from storage of genetic information in RNA sequences to its storage in DNA sequences.
  3. The discovery of photosynthesis by the ancestors of cyanobacteria.
  4. The discovery of the rules for cellular differentiation, adhesion, and migration that led to multicellular organisms
  5. The discovery of backwards development by deuterostomes that led to internal skeletons rather than exoskeletons  Not saying that arthropods are bad, just that endoskeletons are better at growing big.  Deuterostome development certainly leads to other severe problems.
  6. [not saying anything about all the mass extinctions that led to mammalian domination of land animal life]
  7. The discovery of learning by imitation rather than individual trial and error
  8. The invention of controlled fire
  9. The discovery of information storage and retrieval from conspecifics by means of reverence for tribal elders, via "old wives' tales"
  10. The discovery and institutionalization of marketplaces
  11. The invention of writing
  12. The first industrial revolution
  13. The second industrial revolution of information technology, robotics & biotechnology
  14. The third technological revolution of controlled ecological engineering
Somebody should write a book.  Not me, I have other books to write.

Sunday, July 13, 2014

Android device encryption

The description for Android 3.0 at https://source.android.com/devices/tech/encryption/android_crypto_implementation.html implies that only /data is encrypted. Two questions:

  1. What about / and other filesystems?
  2. Has anything changed with Android 4?

Sunday, April 13, 2014

Capital in the 21st Century

Universally acknowledged to be An. Important. Book.
Reviewed by Paul Krugman.
Summarized by Matthew Yglesias.
Brad DeLong collected 12 early reviews by economists.
Econospeak has a succinct, balanced description for the politically inclined of Piketty for Dummies

Summary summary: when economic growth slows down, people who own capital still grow in wealth, while people who only produce labor, don't get any richer.   I haven't read the book myself (yet), so I don't know if the author has discovered these two facts:
  • "A rising tide lifts all boats" but  leaky boats don't rise as quickly, and their owners have to spend more time bailing than sailing.
  • The rich get richer faster.  They have access to expensive financial advice, and fancy high yield financial instruments that less wealthy people don't have the entry fees for.  They can afford to participate in higher yielding, higher risk investments because they can purchase complex hedging products that reduce their exposure to potential losses. (Update: Robert Solow recognizes this in his review in The New Republic.)
Typical conservative reaction: "Cool! anyone can become a billionaire!  It's Easy!".   Typical liberal reaction: "We must tax the rich more aggressively!"

What nobody has any ideas how to do: raise the growth rate of global economies, when resources are becoming harder to obtain, and processing them into valuable goods creates pollution, and can be done by robots in any case, i.e. by using capital rather than some wage-producing processes.

Saturday, November 02, 2013

Moore's Law for solar power

Internet entropy strikes again!  The original version of this important article is gone from the Scientific American website:

• Ramez Naam, The Moore’s Law of solar energyScientific American guest blog, 16 March 2011.

However, even without having to invoke the Wayback Machine, there's a copy at IEET.

Update (9 April 2014):  The Telegraph declares victory. That is, the tipping point where solar power without any subsidies is cheaper than all forms of fossil fuel, has already been passed in 19 global regions, according to Deutsche Bank.

Update 2 (June 2014): The v7 edition of the Lazard Levelized Cost of Energy study, dated August 2013, indicates that by 2015 (next year!) utility-scale solar plants will have a lifetime ROI greater than fossil-fueled plants in 6 of the 10 largest US metropolitan areas.  In the light of this transformation, in late May, Barclays "downgrades the entire electric sector of the U.S. high-grade corporate bond market".

Monday, October 28, 2013

Tradeoffs in Cybersecurity

The ever-insightful Dan Geer made a very interesting talk at the UNC Charlotte Cyber Security Symposium earlier this month.  He's put the text up on his website.  Anyone who's concerned abut the tension between cybersurveillance and civil liberties should read it and understand it.

His final paragraphs summarize his argument:
The total surveillance strategy is, to my mind, an offensive strategy
used for defensive purposes.  It says “I don’t know what the
opposition is going to try, so everything is forbidden unless we
know it is good.”  In that sense, it is like whitelisting applications.
Taking either the application whitelisting or the total data
surveillance approach is saying “That which is not permitted is

The essential character of a free society is this: That which is
not forbidden is permitted.  The essential character of an unfree
society is the inverse, that which is not permitted is forbidden.
The U.S. began as a free society without question; the weight of
regulation, whether open or implicit, can only push it toward being
unfree.  Under the pressure to defend against offenders with a
permanent structural advantage, defenders who opt for forbidding
anything that is not expressly permitted are encouraging a computing
environment that does not embody the freedom with which we are
heretofore familiar.
This is the latest corollary of the basic law of strategy attributed to Carl von Clausewitz 195 years ago, that the defender needs to be successful hundreds of times (in cyberwarfare, hundreds of millions of times), while the attacker needs to be successful only once.  In order to be totally effective at defense, one must have totalitarian control over the environment and all the actors within it.

Or, as Benjamin Franklin put it 250 years ago:
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.

Tuesday, August 06, 2013

Red Plenty -- A dream that failed

I don't know why there was so much puzzlement about this book when it came out. It's a historical novel, albeit a thoroughly documented one, with 70 pages of notes and references. It's about a period a long time ago and very far away now, the Soviet Union of the 1950s and '60s. It's also a novel of ideas, and the idea is that centrally planned economies can produce a material utopia in which everyone works at what they are good at, and everyone receives everything that they need, without the soul-destroying, self-destructive overshoots of capitalism.

I was in elementary school and high school during this period, and was made to read FBI Director J. Edgar Hoover's book "Masters of Deceit" in order to know how evil communists were. I seemed to be one of the few students who realized that we were being fed propaganda, but I didn't have access to Marx's Capital or even the Communist Manifesto, so I was simply left with the impression that we were supposed to be opposed to commies simply because they were the bad guys, in the same way that the Aggies were the bad guys if you were a UT or OU football fan. This kind of an opposition didn't seem worth destroying the world in a nuclear holocaust for.

In Red Plenty, the characters are simply trying to get by in a rickety, inflexible economy that doesn't really respond to their needs, just like wage-earners in the US. But they have as a secret advantage in the person of Leonid Vitalevich Kantorovich, a real person and a genuine genius, who invented the mathematical method of optimization called linear programming, at about the same time that the American George Dantzig did. Both Dantzig and Kantorovich received the Nobel Prize in Economics for their achievements.

It was linear programming that Soviet economists hoped would push their economic system over the threshold from failure to success, by allowing the myriad of dependencies between all the supplies needed to produce a washing machine or an overcoat or a limousine or a long-range bomber to be identified and coordinated so that every component part was produced in just the right amount without surpluses or shortages that would prevent each end product from being pulled together in just the right quantity needed. In capitalist economies, the coordination problem is solved by a myriad of free markets, but markets lead to profits and profits lead to capitalists, and in the Soviet Union, that could not be allowed. So marketless central economic planning had to be made to work, regardless of the consequences. And the consequences were severe, and even then, economic planning failed.

Red Plenty is a much richer story than can be captured in a few paragraphs - it deserves extended analysis by many authors. And it has received these analyses in an internet symposium by a distinguished team of high-end bloggers organized by the "editors" of Crooked Timber. In addition to some of the usual Crooked Timber contributors such as John Holbo and John Quiggin, it contains essays by economists Brad DeLong and Cosma Shalizi, and writers Ken MacLeod and Kim Stanley Robinson, among 14 others. This amounts to an open review journal study, since in addition to the symposium essays, as a blog each essay was allowed to have comments from any reader who cared to reply. Some of the comments are extremely insightful, though others are extremist, intolerant, and/or uninformed, as blog comments will be.

The highlight of the symposium for me is the essay by Shalizi, who uses computational complexity theory to explain that the planning process itself is simply too big and time-consuming to work in a real economy, even using today's hyperscale computers that are millions or billions of times more powerful than the BESM-6 mainframes available to Kontorovich and his colleagues.

Of course, economic interactions are often nonlinear and would have to be addressed by a generalization of linear programming rather than directly with LP, but while the complexity of mathematical optimization is robust to some kinds of nonlinearities ("convex functions"), many of the nonlinearities in real economies are concave, and the known algorithms for optimizing them are much slower (exponentially slower) than those for linear or convex functions.

Worse than that, in economies that are not planned, such as market economies, it is impossible to predict their future behavior. The reason for this follows from the diagonalization argument used by Goedel and Turing in their proofs of incompleteness and undecidability. As soon as you make a valid prediction about an economy, someone can take that prediction and use it to arbitrage the markets that are predicted, and the money that is involved in exploiting those predictions will affect the market itself, and thus invalidate the predictions. There is quite a bit of interesting research to be done in describing the magnitude of those invalidation effects.

It's not clear that capitalism can be saved from recurring, unpredictable disasters, but we know that the Soviet Union could not be saved. Red Plenty may change your view of that collapse from a triumph of capitalism to that of a tragedy of socialism.