Update: I made a set of predictions New Year's Day 2004. It's now the end of the year. Some of them have come to pass. Others have been disproven. Here's how it goes:

1. SCO will lose, or drop its case and go out of business. However, no SCO principals will be brought to justice for abuse of legal process. Microsoft will pretend never to have been involved.
   • The trial shows no sign of going away soon. Sigh.
2. The U.S. dollar will continue to sink versus the euro and versus gold. Lack of confidence in the U.S. economy will be largely due to failures of corporate accountability and the continuing costs of the Iraq occupation.
   • Gold has risen from $415 in January to $438 as of December. The euro has risen from $1.15 to $1.36 in the same time frame. Not bad.
3. Microsoft and its allies will release increasingly tightly controlled end-user systems. They will be increasingly inappropriate for enterprise reliability and control needs.
   • Microsoft has been pretty quiet on the technical-control front, instead continuing legal "licensing" threats and FUD.
4. During the first quarter of 2004, a European nation will demand extradition of a ROKSO-level spammer from the United States.
   • Didn't happen. We did see the prosecution, conviction, and sentencing in the U.S. of Jeremy Jaynes, aka Gaven Stubberfield. Jaynes was the ROKSO-level spammer responsible for the "horse porn" zoophilia spam that my users are so glad to be rid of.
5. Red Hat's market share in the United States will decline somewhat as Novell's SuSE takeover yields a manageable enterprise Linux. As with the old SuSE, this will not be 100% Open Source. Red Hat will remain profitable.
   • Red Hat is still profitable. Novell has made SuSE more, not less, open source; and has released instead a desktop Linux system.
6. Armed conflict will continue in Iraq throughout 2004. A major new front will emerge between Turkey and the Kurds of northern Iraq, possibly including violence targeting civilians on either side.
   • Turkey and the Kurds seem to be a non-issue. The word "quagmire" came and went -- right now, it seems ''worse'' than just a quagmire. Perhaps a fireswamp.
7. The current Debian testing will be released as Debian GNU/Linux 4.0 by mid-year.
   • Didn't happen, and they're calling it 3.1 anyhow. Instead, more and more people seem to be treating testing as stable right now, including using it on servers.
8. At least two worm outbreaks of similar scale to Code Red, Slammer, and Welchia will attack Windows systems worldwide. The Linux, BSD, and Mac OS X platforms will remain free of widespread viruses and worms, despite rising popularity.
   • Not so far. Spammer viruses spread by email continue to be a big pest on Windows -- using social engineering and Microsoft vulnerabilities to propagate. Alternative platforms have gained in popularity but still not seen a widespread virus or worm.
9. A majority of the captives held at Guantànamo Bay will be released without charges.
   • Many have been released. Not most.
10. European and other non-United-States government agencies will increasingly migrate IT operations to Linux and other Free Software systems.
    • Several have, yes.
11. Electronic voting will be a debacle, and its current advocates in government will distance themselves from it.
    • It has been a debacle this year, although not as much as the general lack of transparency and accountability, with "national security" frauds kicking media observers out of vote counts in Ohio. The discrepancy between exit polls and reported election results remains unexplained.
12. John Ashcroft will leave office.
    • And there was much rejoicing. (Yaay.)

My last essay here was rather insulting towards the nontechnical user. This one will, therefore, be more sympathetic, taking the user's lack of understanding and turning it to an opportunity.

Many end-users seem to lack a systematic grasp of the concept that programs are something that people write: that every piece of software and every function of that software is something that someone designed and wrote out.

People understand far better the idea that software has owners than that it has authors. They readily accept the idea that some aspect of their Windows computer is owned by Microsoft, but have (understandably!) more difficulty with the idea that the component Microsoft owns is a writing, in its nature more akin to the text of an encyclopedia than to a kitchen gadget -- that it's the product of hundreds of people typing in things that look like math.

The metaphors of software as ordinary property (belonging to its owner, like a lawnmower or a house) and software as writing (created systematically and expressively by its author, like a book) lead one to different sorts of thoughts.

When something belongs to someone else, the everyday law-abiding person sees it as out-of-bounds. We don't mess around with other people's things without their permission! If something about your computer belongs to Microsoft, but you're not sure what that something is, then the computer itself becomes a doubtful and border territory.

This has ill effects for personal computing. A borderland, where the line of demarcation is unclear, is a space from which the meeker and more certainty-seeking neighbor shies back, and into which the more powerful and aggressive neighbor advances. Thus, Microsoft has in many ways taken greater control over the user's computer and left less ownership and control to the user and to other stakeholders such as third-party developers.

At the same time, a borderland is a space where the respective neighbors can foist off assertions of fault onto the other. Flaws in Windows, which Microsoft created, are treated as the user's responsibility to patch rather than as Microsoft's liability for making in the first place. Again, the user, being the less powerful neighbor in the "software as property" metaphor, loses.

In contrast, when we recognize something as a writing, we understand many facts which apply usefully to personal computing:

• The writing could have been written differently. The way it is, is not the only way it could have been. The wording of the text is the author's choice. It is the reader's responsibility to understand the text; but this does not absolve the author of responsibility for what the text says.
• The writing could contain mistakes. The author is not the final authority on its disposition or correctness; the real world is. If the writing presents itself as practical, but contains errors which lead to those who depend upon it coming to harm, the author and publisher are liable (at least in part) for that harm.
• The text before us is not the same as its subject matter. We could read some other author's words on the same subject, and learn many of the same things. Another writing might be more accurate, more accessible, and more worthwhile. Many authors can write on the same subject without wronging one another in so doing.
• Some texts are collaborative; they belong jointly to all of their authors.
• Some texts are written clearly, so it is evident what the author means and whether his claims are correct. Others are written obscurely, in a way which is hard to understand, much harder to to verify. For practical purposes such as the conduct of business, clear and verifiable writing is often more valuable than elaborate or pretty writing.
• It isn't right to take someone else's writing and claim it's our own. That would be plagiarism -- not the same thing as theft of ordinary property, but still wrong. Plagiarism is chiefly a problem that concerns other authors, not readers; reading or referring to an article that was plagiarized is not itself plagiarism.

Software as property; software as writing -- these are two different metaphors. Software itself is neither property in the same sense that a lawn mower is property, nor is it writing in the same sense that Homer's Odyssey is writing. It is something different from either of these.

However, we may ask: Which of these metaphors gives us a better grip on the subject? Which leads to greater practical understanding? Moreover, society's view of software is still nebulous, since the ordinary person has no good idea of what it is. As a result, we may ask further: Which is the way we want software to be?

The Luser, on the FS/OSS Community:
"Since I got this program for free, I should demand that I be personally trained on it for free, too. My predecessors who taught themselves have an unnatural advantage over me; therefore, they owe me. Rather than being inspired by their example to enter into the struggle of learning, I should instead demand that they cater to me."

The Luser, on Intuitive Design:
"If I do not understand something, this proves that it is either: (a) useless, (b) made deliberately complex so that nerds can lord it over non-nerds like myself, or (c) made deliberately incompatible with my Windows preconceptions out of malice towards Microsoft.

"There is no legitimate reason that anyone would create anything beyond my present ability or willingness to understand; therefore everything not obvious to me is the product of hostile action."

The Luser, on Design Goals:
"Every program aspires towards being a sleek, shrink-wrapped product feeaturing a holographic license card, an obtrusive pseudo-AI 'office assistant', and a user interface that carefully hides from me any setting which would require that I know any fact about my computer or network.

"Any deviation from this goal is a failure on the part of the programmer -- probably due to a character flaw on his part -- and it is my place to point out this failure."

The Luser, on Documentation and User Interface:
"The ultimate form of program documentation, and of user interface, is the 'wizard', which leads me through my entire use of a program with a minimum of explanation on its part or choices on mine. Though once I typed in commands, and after that I clicked on pictographic icons and widgets, today the only direction my computer should require of me is as follows: 'Okay', 'I Accept', 'Okay', 'Okay', 'Finish'.

"Any interface which demands that I read for comprehension, or that I make choices which (a) depend upon specific knowledge or (b) have real consequences, is incomplete and inadequate."

The Luser, on Scripting:
"God forbid that I ever have to write a script for any purpose. However, should that onerous task befall me, there is no reason for me to understand anything before I begin stringing software components together. I do not need to know the format of my input, the nature of components available to me, nor the desired format of my output.

"My goal is to transform ill-understood input into text which, to a cursory glance, resembles the desired output. Complaints from my coworkers -- including complaints about delimiters, spacing, dropped or shifted columns, folded or mangled Unicode, or the inability of other (and thus lesser) software to read my script's output -- are signs that my coworkers have unresolved personal problems."

(The first three sections above were written in response to a Usenet poster who whined particularly indignantly about being expected to read the manual to a piece of complex Unix software before deploying it. I didn't post it there, out of concern that another reader might misinterpret it as being about them.)

In the past few weeks, we have seen two high-profile cases where distributed denial-of-service (DDoS) has been used to obstruct controversial speech and punish the speakers. This is a growing threat to the freedom of the Internet, as people cannot feel free to speak their minds online when the threat of network destruction hangs over them.

In the first case, the litigious SCO has apparently been targeted for DDoS by someone (or, more likely, several) who thinks they're doing good for the open-source world. I personally believe that SCO is guilty of libel and other crimes. However, mob justice is no justice at all -- and as has been pointed out by wiser heads than mine own, cannot benefit the open-source community. SCO is crooked, but the way to handle a crooked company is with due process in the courts, not pitchforks and torches.

In the second case, the engineering firm Osirusoft has been attacked -- probably by spammers -- for its hosting of a number of DNSBLs, including one based on the SPEWS lists. (Contrary to urban legend, Osirusoft did not maintain SPEWS. Rather, it translated the SPEWS data set into a DNSBL and made it queriable on a nameserver. There are other SPEWS-based DNSBLs.) SPEWS is controversial because of three facts: it is anonymous; it has a policy of predictively listing network blocks of ISPs that fail to terminate spammers; and it has been for a time increasingly effective and widely used.

Some people (erroneously, in my opinion) believe that SPEWS practices censorship. Some people (correctly, in my opinion) believe that SCO practices libel and the perversion of justice. Yet the rise of denial-of-service as a means of speech suppression is both censorious and unjust. It is a tool by which anyone offended by a speaker can (with a modicum of technical knowledge) stifle that speaker and inflict upon him or her substantial costs. It is destructive both of property and of discourse.

My worry is that many have cheered these attacks, as a way of getting revenge upon unpopular targets. This trend of rising mob violence -- and violence it is, even if only against property and not persons -- threatens to destroy everyone's freedom to speak on the Net. Freedom is the freedom to be both unpopular and safe -- and it is as surely threatened by the lynch mob as it is by the government censor; nay, more so -- for the mob are more numerous and observant of that which offends them.

I ask those who have cheered these attacks -- is this the kind of Internet polity you want to have? Do you want criminal gangs of script-kiddies and spammers deciding what online speech is to be punished? For if you do not want this perpetrated against you, you are obligated not to countenance it when it is committed against others.

For some reason people missed the importance of a recent article about a supercomputer made from Playstation 2 consoles. This isn't simply a geek toy, it's a dirty secret that people will want to keep hidden. Remember that game consoles have fairly powerful processors, but individually they are pretty unimpressive. But also remember that all console hardware is sold for a loss -- the real money is in the games. So while one Playstation 2 is a mere toy, one-hundred of them are nothing short of a supercomputer and Sony is paying for part of every single processor you buy. While the power may not be there it's not a bad way to get a huge deal on off-the-shelf components...

Title: Stupid White Men
Author: Michael Moore
Genre: Political satire
Difficulty: Light read
Published 2002
Rating: Liked it

Sometimes this book reads like a nostalic grandfather's memories of things "back in my day..." Michael jumps all over the map complaining about the 2000 presidential election, the education system, racial equity, women's rights, and more. The only glue to hold things together is the supposition that the world is ruled by stupid white men. (I'm with ya so far...)

While the book isn't as focused as it probably should be and reads like a liberal wish-list, Michael makes some very good points and has the decency to provide references. (Who reads references, though. Maybe he invented them all.) Throw in a smattering of humour and altogether it's a fun way to spend some time and while it won't arm you to win any political debates, it sure beats the boob tube.

Title: Atlas Shrugged
Author: Ayn Rand
Genre: Fiction
Difficulty: Hefty
Published 1953-ish
Rating: Liked it

Atlas Shrugged follows Dagny Taggart, the beautiful, successful, industrial mind behind the Taggart Transcontinental railroad. However Dagny has noticed a disturbing trend of late: the great minds and men of action of the world are slowly vanishing into thin air, never to be heard from again. They are being seized by John Galt, the man who has vowed to stop the motor of the world: it's minds. Dagny vows to fight to keep what is hers as she watches the world around her rapidly recede and decay. Who is the Destroyer?

Atlas Shrugged can be preachy at the best of times and nothing short of a political manifesto at the worst of them, so don't bother reading it if you don't want to hear someone recite their personal philosophy. While Rand's suppositions may have holes in them, she develops an interesting theory that offers food for thought. Can a man consume more than he produces? (Hint: according to her, no.) She also backs this up with a talent for fiction, so even if you don't subscribe to the views, the writing still offers some decent scenery to enjoy along the way.

Title: Idoru
Author: William Gibson
Genre: Science fiction
Difficulty: Light read
Published 1996
Rating: Liked it

Idoru follows the crash course of three characters in post-earthquake Japan, in a world where the lines between the physical and digital worlds are becoming increasingly blurred. Laney is a "jacker", a searcher for information. Chia is a 14-year-old member of the fan club of the music idol Rez, who has been rumoured to have recently become engaged to a virtual-reality AI. Rei Toei is the idoru, a virtual media star who exists in cyberspace and can only project an image of herself into the physical.

As with all Gibson novels the pace is fast and the language is succinct, almost Spartan. The book tries to cross the bridges between the digital world and the physical; in virtual reality all physical beings are nothing but a digital projection, and for digital beings in a physical world, the same. What happens when they collide?

It seems that Dell has found one solution to the problem of people writing down their passwords on sticky notes and sticking them around their monitors. They have made the cases of their current UltraSharp LCD monitors out of a plastic that sticky notes will not adhere to.

One feature of many forms of political and social power is to require subjects of that power to make gestures or proclamations of their submission. Those who refuse to perform these rituals of subjection are frequently persecuted.

In the time of the Maccabean revolt in ancient Judea, for instance, the Greek king Antiochus demanded of his subjects that they sacrifice to him as a god. The Jews were persecuted for their refusal: though they would willingly obey the king's civil laws and pay his taxes, they would not commit idolatry.

It is said that many could not understand why religious Jews would refuse something so simple as making a small sacrifice in the name of the king. It was only expected once per year, and would signify that they were ordinary, normal, law-abiding subjects just like their Greek neighbors. They could go on worshipping their own god on the other 364 days of the year. Why resist -- why be a freak? Come on, it's only one little chicken on the altar. It's not like we're asking you to go to the emperor's orgies every week, too.

In the Roman Empire in the early years of the common era, the same persecution came to Christians, who would not make sacrifices nor acknowledge Zeus nor the emperor as divine. As commanded by Jesus, they would "render unto Caesar what is Caesar's, but render only to God that which is God's." Again came the persecution, with whips and with lions.

When rituals of loyalty came to the American school classroom, it was the Jehovah's Witnesses who refused to comply. (Contrary to what you heard on Limbaugh or Bill O'Reilly, it wasn't the atheists or the Communists.) The Witnesses' faith teaches not to pledge allegiance to any power but the divine, so their schoolchildren would not pledge allegiance to the flag. It's only one minute out of the day -- why put up such a fight? Just say the words like you were a normal American. No lions this time, but many kids did get beaten up and a few thrown out of school for their beliefs -- even after the Supreme Court ruled that the schools couldn't require a loyalty pledge that went against some students' beliefs.

What is the function of rituals of allegiance? Perhaps it is that they show unity in subjection -- everyone pledging is equally submitted to the same authority, equally a subject and worshipper of the god-king. They constitute acceptance of the symbol of authority as part of the daily social order. However, they also draw the line between the willing, truly accepting subject, and those whose hearts and minds are fixed on some other star. They define by exclusion those groups who maintain reservations in their loyalty -- those who will render unto Caesar their tax, but will not render unto god-king nor flag their consciences.

It might be something to think about, the next time you click "I Accept".

Okay, so I got the headphones, and I wasn't all that impressed with the range, and the full ear covers bothered me after eight hours. So I went and moved up a notch and ordered a Jensen transmitter system.

I'm simply stunned by the range on these things. I use them at work, and where the big clunky set wouldn't send a signal to the next cubicle, the Jensen set will send a signal downstairs and down the hall into the bathroom (yes, I don't bother taking them off). I was even able to pick up a signal most of the way to the next building where I work. Very very nifty system.

I can even plug them in at home and pick up a decent signal anywhere in my yard, which was one of the reasons I wanted wireless in the first place. No more chintzy little 32 meg Rio for me while I'm doing yard work, now I get to listen to streaming J-pop while I work!

Oh, cheap plug time - I finally went and opened a premium store at CafePress, so stop by and have a look around. The major bonus to this is that I can have all my stores better organized, and I don't have to manually cross-link them all to each other.

I have no clue why I'm mentioning this here, but...

I'm getting a set of wireless headphones :)

For $10 + $7 shipping, I'm getting an RCA wireless set from an eBay power seller. I was looking at something from SpectraVox that's basically a converter kit - you plug whatever audio component you want into the belt-clippable receiver - for $50, just so I could use earbuds instead of the big over-the-head phones, but this was too good a deal to pass up.

If they work out well, I could get another pair for home and still pay less than for the other "converter" kit :) The idea for this first set is to use them at work, since I'm tired of being tethered to my iBook by a short leash to listen to my mp3s at the proper volume. Or, I could decide I don't like the big RCA set and get the Jensen set anyway; guess I'll have to see how it goes.

I should note that this purchase is being funded by my personal toy fund.

So we all know the keynote was Tuesday, and a pile of nifty Apple goodness spilled out into our laps. I'm liking the iLife integration thing, but there's just one problem:

I can't really use it all properly.

Right now, I'm typing on my work-provided iBook 600 (running OS X), while my feet are propped up on the desk that's holding my desktop G3/233 with a G4 / 400 upgrade (running OS 9). All the iLife stuff is OS X only, and my desktop machine simply refuses to accept an OS X install. I do iMovie (and Photoshop, and UT) on the desktop, because it runs stuff so much smoother than the iBook - better video, Altivec, etc. The problem is, Steve's left my desktop for dead, as have the developers. This leaves me with two options at the moment - well, three: do even more personal stuff on the company laptop, blow off the new iApps and make due with iMovie 2 and no functional iTunes on my personal machine, or hack the living bejeezus out of the G3G4 to try and get OS X running on it.

*sigh* The burdens of being a fiscally responsible father and husband... I *could* order a new G4 tower in a heartbeat - the credit cards could easily cover the expense - but then I'd get to deal with the wrath of the missuz for the next eleventeen years. If only some more people would be willing to hit my cafepress pages and buy something... I could start to sock away some money to put towards a new machine :)

Okay, maybe I'm getting into this slashdot thing too much, but I just discovered the depth of this whole friend / foe thing (I've got fans? l33t!), so I figured I might as well dump something into the journal space and really get into it. No witticisms, nothing profound, just a "Ooh, what does *this* button do?"

"Securing systems or programs is basically about closing the holes and weaknesses that let hackers in." Rather, security is about correctly modeling in software and hardware the trust relationships that people have regarding their computing resources and data. It is about making computer systems behave in the way that their operators want and trust them to behave, with respect to such things as authorized use and availability. It isn't about patches; it's about correctness.

"A firewall is essential to keeping a network secure by rejecting attacks." A firewall is nothing more or less than a network bridge or router that selectively drops packets. It does not "block attacks" or "forbid unauthorized access" -- it drops packets. Sometimes this is a useful thing to do on a network segment in order to provide assurance as to what sorts of activity won't come in over that segment. This can be useful in modeling trust: if you block port 23 with a firewall, you can guarantee that nobody outside can send port-23 packets through that segment. That's not the same as saying that nobody outside can do unencrypted login to any machine inside ...

"If a program crashes, that only means it's unreliable, not that it's insecure." In fact, many forms of attack against programs are first discovered as ways to make the program crash with a piece of malformed input. If your FTP server dumps core when I send it an excessively long username, that's probably because it's overflowing a buffer. Breaking in is just a matter of overflowing that same buffer with the right data.

"All software has bugs, and bugs lead to holes -- so from a security perspective it doesn't really matter what software I use, since I'll need to patch it anyway." The fact of the matter is that some software projects release programs that are consistently more reliable than others. Some projects release software that is easier to patch than others. Some projects release software that is better documented, and its behavior better understood, so that you can more set it up with more accurate trust relationships. In short, some software is more correct than other software, and you can reduce the amount of time you spend fixing broken software by choosing software that is less broken. Anyone who tells you that all software is buggy is a cynic; anyone who tells you that all software is equally buggy is trying to sell you IIS.