Tuesday, December 21, 2010

who knows what the future may bring?

who knows what the future may bring? well lots of people seem to think they do, and bruce schneier even goes so far as to predict what security will look like 10 years from now. much like long term weather forecasts, he is almost certainly wrong - at least i hope he is, because the picture he paints is distinctly dystopian.

no, that's not just an interpretation - a future where we the users are viewed as parasites living off the life-blood of corporations is not a happy shiny place to live. i can certainly see where he's coming from, though, as the beginnings of that are already visible with such schools of thought as the one that refers to users as product (i.e. we aren't facebook's customers, we're they're product). we are being increasingly objectified and devalued by corporate interests. the entertainment industry (and let's not forget their associated lobby, as the group is now as much a political force as they are a corporate one) is certainly leading the anti-consumer charge in the quest to justify their sense of corporate entitlement - but unlike bruce (who is himself part of the corporate machine) i have faith that society will eventually tip the scales back towards our favour.

we've already seen a time when businesses had all the power and the little guy was at their mercy. it happened during the industrial revolution. we fought back. we won. we outnumber them and they can't exist without us (while human history proves we can exist without them). to call us, rather than blood-sucking corporations, the parasites is to ignore nature in favour of business. that kind of backwards world view was not then and is not now a natural one and nature is something you cannot beat.

but beyond my faith in humanity, i also think schneier is wrong because he's misunderstanding the signs he's reading. for example, referring to iphones as special purpose computers instead of general purpose ones and citing them as evidence of the demise of the general purpose computer demonstrates that bruce hasn't the foggiest notion of what the distinction between a special purpose and general purpose computer really is. what we may well be witnessing is the end of the personal computer in favour of the mobile computing device, but that is an entirely different matter with entirely different repercussions. for one thing, a world without general purpose computers is a world without the world wide web. it is a world without iphone apps, a world without game consoles, a world without software. the iphone may exist in apple's walled garden, but i can (and do) get the same limitations on my PC using application whitelisting. that doesn't turn my PC into a special purpose computer any more than it does the iphone - it just makes it locked down.

so long as the computer is technically capable of running arbitrary code (which is exactly what happens when you install an iphone app or visit a website that has javascript or flash or any of the other wonderful interactive technologies out there) it is a general purpose computer (it satisfies what fred cohen referred to as the generality of interpretation). a world without general purpose computers is very, very hard to imagine. bruce, thinking the difference between special and general purpose computing can be illustrated as the difference between an iphone and a PC, sees a world that technically isn't much different from our own. but the difference between special and general purpose computers is more accurately illustrated as the difference between a cheap simple hand-held calculator and the fancier more expensive programmable variety. a world where computing devices are as inflexible as cheap hand-held calculators is a strange world indeed. you might think that there must be some sort of middle ground between the two that would allow for something more (and then surely the iphone inhabits that middle ground) but ed felton covered the fallacy of the almost general purpose computer a long time ago.

without the elimination of general purpose computing you cannot eliminate user choice. you cannot eliminate the emergence of technologies that empower us to throw off the yolk of corporate interests. the linuxes and firefoxes of the world will continue into the future, and the more anti-consumer that corporations become, the more consumers will choose those alternatives. we are not and never will be the parasites in the relationship with business. we are not facebook's product, we are their patrons. the advertisers are not their customers, they're more like the hotdog vendors at a stadium; they only make money so long as we show up and buy something and eventually we will stop showing up at the facebook stadium (just as we stopped showing up to friendster and myspace) and they'll have to chase us to our new favourite spot like the parasites they are.


Anonymous said...

First, a nitpick: iPhones don't do Flash. Haven't you listened to Steve Jobs' rant against Adobe on the subject? :-)

But, generally, I think that Bruce is right on all accounts. It can be argued whether the iPhone is a specialized computer or a general one. Your digital camera can run only its own firmware, developed by the producer (or whoever they have contracted) and, I hope, you won't argue that it's a specialized computer. Well, similarly, the iPhone can run only software approved by Apple (even if developed by someone else). If you really want to run anything of your choosing on an iPhone, you have to jailbrak it.

But this is just a technicality; the broder between "specialized" and "general" computers is a pretty fuzzy one. The main point is that Bruce is right about his vision of the future. And if you find that dystopian, please consider that he's talking about IT security only. If you consider for a moment what physical security is likely to become, you'll get kittens. Here's a taste: how the Israelis imagine the future of airport security - using hardware and software that is already available:


Fancy undergoing a polygraph test the next time you want to fly?

As for "we fought and won" - society doesn't develop in a straight line. We gought and won back then. We will have to fight again in the (not so far) future. Will we win with all the new technological developments used against us is anyone's guess...

BTW, just out of curiosity - what kind of whitelisting software do you use? I use the program whitelisting capabilities of the personal firewall I use - but I'm not happy with it.

kurt wismer said...

first your nitpick: i didn't actually say iphones would do flash. the reference to flash had to do with the implication that without general purpose computers the web as we know it would cease to exist.

is a digital camera a special purpose computer? i suppose that depends on the camera. firmware is suggestive of that supposed middle ground i said didn't exist. i'm probably going to have to call it a general purpose computer that lacks the facilities to easily use it as a general purpose computer (if i take away from a PC the vectors through which new code can be introduced, that doesn't change the processor architecture, it doesn't make the machine any less capable of running arbitrary code, just of encountering that code).

i don't find the distinction between special and general all that fuzzy myself. i think the idea of fixed first order functionality, for example, seems very well defined and unambiguous.

considering the alternatives when flying, a polygraph might not be so bad. i've already had a pat down on the front of my trousers and by all accounts it's gotten worse since i last flew.

i also acknowledge what you're saying about the fact that we will have to fight again. i absolutely agree that this will happen, i just think it will happen before we get to schneier's dystopian future. there is already considerable backlash against airport security procedures. there are already people choosing droids over iphones. there are already examples of people not being cattle in every example of customer objectification out there and it promises to worsen as the objectification does.

the parable of the frog in the pot of water not noticing the water being brought to a boil only includes 1 frog. if it were instead a million frogs it wouldn't work nearly as well because different ones have different tolerances. the same is true for society and anti-consumer practices - different people have different tolerances and the worse things get the more people will get hopping mad about it.

bruce's dystopian future assumes a society of cattle, however. we can't get to where he's suggesting unless people lay down and let it happen and there are already people unwilling to do that right now. and while i may envision us changing course through non-violent exercising of choice, you can bet there are those envisioning bloody revolution instead.

as for whitelisting - i believe i've read about your practice and if i'm not mistaken we use the same tool (in fact i recall being surprised we were on the same page when i read about it). i'm reasonably satisfied with it's operation when it works properly, however i occasionally encounter difficulties with it misidentifying the process involved. that i find troubling. there are, of course, many other alternatives, but it's nice to have two things in one package (whitelist and personal firewall). i wonder how it changing corporate hands yet again will affect the product.