Safe Computing: Another Case of Too Many Moving Parts

May 15, 2012

So, one of this month’s Windows XP updates, KB2686509, has a problem.  Long story short, in order to fix a security problem, Microsoft had to make the rules more strict for software that installs custom keyboard layouts.  If I’ve understood correctly, most software already does it the recommended way, but if you have software installed that is incompatible with the new rules the update will refuse to install.  You may be able to fix the problem yourself, or you may have to contact your software vendor.

That isn’t actually the interesting part.  The update will also refuse to install if you’ve remapped a key, for reasons that aren’t entirely clear.

Thought for today: If God wanted us to remap keys, he’d have given us a control panel.

Nah, too easy an answer.  People have reasons for wanting to remap keys, and the process is, or at least was, documented.  If Microsoft are going to make it that easy, of course people are going to do it, and it shouldn’t cause strange problems years later.

No, this is another case of too many moving parts.  We need to be able to configure this sort of thing, sure, but it needs to be done in a controlled way, so that issues can be avoided, or at least properly identified.  Of course, none of the suggestions in my previous post would have addressed this issue, so the question becomes: what should the ideal operating system do to deal with this sort of situation?

I think the solution [1] is to associate changes to the registry (or rather, its equivalent) with the application (or component) that made those changes.  This would probably be implemented by keeping a collection of registry settings for each application; a query for a particular setting would return the default value only if no application had made any changes.  As a bonus, you’d know when two applications or components were in conflict, although to be honest I’m not sure what you’d do about it.

(This doesn’t mean that you couldn’t make ad-hoc changes; in this context, an “application” could be a single text file, not much different from a Windows .reg file except that it would have to include a name to go in the list of installed software.  The registry editor could build these for you.)

Anyway, if Windows worked like that, KB2686509 wouldn’t have had to, metaphorically speaking, shrug its shoulders at you.  It would know which application had configured the setting it was upset about and could say something like, “I can’t install because I am an incompatible with the installed program, Freddy’s Keyboard Mapper.  Please contact the vendor for an upgrade, or uninstall that program and try again.”

I think that would have upset fewer people.

Harry.

[1] By solution, I mean a way for a hypothetical new operating system to avoid running into this sort of trouble.  It would not be feasible to modify Windows to work in this way.

Political Slogans

November 16, 2011

Some context for overseas readers: the Green Party has suffered some embarrassment recently after it was revealed that Green Party members, including the partner of the co-leaders executive assistant, were involved in vandalizing around 700 National Party billboards by adding satirical “slogans” such as “because the rich deserve more” and “drill it! mine it! sell it!”

Both childish and unethical, of course, but I thought the “slogans” themselves were kind of amusing.  So, along the same lines…

VOTE FOR THE GREENS because …

… trees are people too

… the economy isn’t going to ruin itself!

… you hated your science teacher, right?

VOTE FOR LABOUR because …

… New Zealand needs more debt

… we did OK last time, right?  Right?

VOTE FOR MANA because …

… Pakeha should just bugger off

… there are too many white <expletive deleted> in Parliament

… the Greens aren’t crazy enough

VOTE FOR ACT because …

… Maori should just bugger off

… National isn’t crazy enough

VOTE FOR NEW ZEALAND FIRST because …

… we made MMP what it is today!

VOTE FOR THE PIRATE PARTY because …

… have we got the coolest name, or what?

 

The United Nations and Palestine – A Missed Opportunity?

November 9, 2011

I’m sure everyone is aware that Palestine has applied for full member status in the United Nations.  At present, to the best of my understanding, this seems unlikely to happen.  Under current circumstances, it probably wouldn’t be helpful if it did.  But I can’t help wonder whether the UN is missing an opportunity here.

What if they were to offer full membership subject to the condition that the Palestinians accept a UN-negotiated treaty with Israel?  Negotiations between Israel and the Palestinians have been unproductive, but negotiations between the UN and Israel need not be.  (Of course, the UN would first have to accept that the Green Line is not a particularly useful starting point, which might be politically unpalatable to many member nations.)

Any such treaty would be significantly more favorable to Israel than the Palestinian negotiators have ever been willing to consider.  They probably wouldn’t get East Jerusalem, and Israel wouldn’t be accepting the return of any refugees.  Even so, it would be a difficult offer to turn down when the prize is United Nations recognition of a Palestinian State.

Would this have worked?  Maybe not – but I don’t suppose we’ll ever know for sure.  I think it would have been worth a try.

Stallman on Jobs

October 11, 2011

I’ve just read this article about a blog entry Richard Stallman recently posted on the subject of Steve Jobs’ sad death.  Leaving aside Mr. Stallman’s social gaffe, I just have one thing to add, on the subject of Mr. Jobs’ so-called “malign influence” on computing:

Pot.  Kettle.  Black.

Preventing executables from requiring UAC elevation

September 23, 2011

I’ve just found this great tip over at Stack Overflow.

In Windows Vista and later, an application can be coded to require UAC elevation.  If you try to run it as a non-administrator, you get asked for an administrator username and password, and if you don’t provide them the application doesn’t start.  That’s all very well, but some developers set this flag when it isn’t really needed (I’m looking at you, beepa) which locks out all non-administrators.

This isn’t usually a big problem on a home machine, because you probably have an administrator account even if you don’t use it for everyday activities.  In a teaching lab, however, as in many other contexts, it’s fatal; the students don’t know the administrator password (or at least I devoutly hope they don’t!) and obviously we’re not going to tell them what it is.

It turns out that this is as simple as setting an environment variable.  Set __compat_layer to RunAsInvoker, and Windows will ignore the application manifest.  You could set this globally via group policy, or write a simple wrapper program around specific applications that need it.  (Of course, if an application really does require administrator privilege it may fail in strange and unexpected ways, so take care.)

Hope this helps – and Norbert, if you’re reading this, thank you.  Knowing about this is going to come in very handy.

United Airlines replaces flight manuals with iPads

August 25, 2011

See this article from the New Zealand Herald.

Flight manual on an iPad

(Original picture courtesy Evan-Amos, Wikimedia Commons.)

Freedom Software

August 19, 2011

OK, now that I’ve outed myself as anti-GPL, I guess I may as well go ahead and publish my rant on the phrase “free software”. I guess I’ve got no more credibility to lose as far as the FSF goes anyway.

The phrase “free software” has exactly one correct grammatical meaning, and guess what, it isn’t the one the Free Software Foundation keeps on pushing.

Software can of course be free as in “costing nothing”.  [All definitions are from NZ Pocket OED, 1988.]

Can it be free as in “power of acting without constraint of necessity or fate”?  No.  [1]

Can it be free as in “not a slave”?  Well, only in the trivial sense [1] that no software is a slave, since the word only applies to people.

Can it be free as in “not under the control of another [other than the software itself]”?  Again, no. [1]

Well, I don’t want to go through the entire list of definitions (it takes up an entire column) but you get the idea.  Some of the definitions can be applied to software, such as “available to all” but they don’t match the meaning of “free software” as defined by the FSF either.

And of course using the phrase “free software” with the FSF’s meaning causes endless confusion with the (more correct) meaning of the word “free”.

So, what should we call GPL and other similarly licensed software?  My vote (so to speak) is for “freedom software”.  This isn’t exactly euphonious, but at least it isn’t confusing and it means what it says – software that supports freedom.  (Even if it seems to me to be an odd kind of freedom for people to worry about.)

The upshot is that I’ve decided to start using “freedom software” instead of “free software”.  I’m hoping it won’t be necessary to explain myself too often.  I invite you to join me. 🙂

Harry.

[1] Except for an AI, I suppose, but that’s not really the point.

Well And Truly Told Off

August 19, 2011

See this comment by the moderator and founder of Groklaw.  Ouch.  The original post I was commenting on is here.

I really don’t think I was being silly.  I’m perhaps not incredibly well informed on the subject matter, but well enough (I’d have thought) to have a valid viewpoint.  I certainly wasn’t trolling – I hope those on the other sites/newsgroups I frequent would agree that while I may occasionally be lighthearted, I never argue dishonestly.

My feelings are hurt, to be honest.

I’ve suggested that my comments be removed, so I’m going to put them all here instead.  If anyone can explain to me how I might have presented my opinions less offensively, please feel free to comment.  These are not chronological but in thread order.

GPL Feature Creep
Authored by: Anonymous on Monday, August 15 2011 @ 07:03 PM EDT
FWIW, GPL “feature creep” is a genuine concern for some of us.

… first they came for the kernel plugins, and I didn’t speak out because I don’t write kernel plugins. Then they came for the WordPress extensions, and I didn’t speak out because I don’t write WordPress extensions. Then they came for the apps and there was noone left to speak out for me … 🙂

Explaining the analogy
Authored by: Anonymous on Tuesday, August 16 2011 @ 09:17 PM EDT
“Surely we all agree an app developer for Linux is _not_ bound to distribute under the GPL”

Maybe, but once upon a time is was widely agreed that a kernel plugin developer wasn’t bound to distribute under the GPL either. If the freedom software community has changed their minds about that, what will they change their minds about next year?

Another example is the way changes made in GPLv3 impacted TiVo. RMS wasn’t shy about admitting that this was deliberate. TiVo was following the license, but it got screwed over anyway. Personally if I was selling something based on open source software from a third party, I’d feel a lot safer with a BSD license.

Explaining the analogy
Authored by: Anonymous on Tuesday, August 16 2011 @ 09:54 PM EDT
Oh, by the way, I don’t *really* think anyone is ever going to claim that you’re not allowed to run non-GPL-compatible apps on a GPL operating system. I’m just exaggerating for effect. (On the other hand, if RMS could find a way to make that illegal, I’m sure he’d be keen to do so.)
Explaining the analogy
Authored by: Anonymous on Thursday, August 18 2011 @ 08:32 PM EDT
“And if I remember correctly from all the talking at the time, TiVo did something he *thought* the GPL already stopped them doing […]”

That’s fair enough from the FSF perspective, but from TiVo’s perspective, what they were doing was perfectly reasonable. Then the rules got changed from underneath them.

“[…] he’s not willing to compromise with people who start with unreasonable positions […]”

Ummm … thing is, from my POV, he’s the one taking an unreasonable (and irrational) position. And somehow (again from my POV) “infecting” lots and lots of other programmers with it … perhaps I’m wrong, and they’d have come up with the same idea themselves, but it smells to me of a cult of personality.

Anyway, we’re getting off topic. If you want to continue the discussion, feel free to visit my blog post on the same subject.

Tivo problem real, RMS strawman argument not so much
Authored by: Anonymous on Thursday, August 18 2011 @ 08:46 PM EDT
“I appreciate your explanation of the analogy, assuming the same Anonymous is involved on all posts.”

Yes, I just haven’t gotten around to creating an account. I can be found here.

“However I can’t understand what excuse you feel this gives for gratuitously bashing RMS,” […]

I didn’t think I was. His position seems clear enough: non-open-source software (and also Tivo-ized software) is evil and should be eliminated. If this seems like an exaggeration, I apologise, but that’s my best understanding of his beliefs.

“Tivo suffered no retroactive penalty, as you seem to complain.”

They’re no longer able to use the latest versions of any software that has migrated to GPLv3, including security updates. The impact of this is mitigated by the fact Linux itself hasn’t done so, although there remains the risk that it might do so in future. IIRC, TiVo was obliged to formally warn investors that GPLv3 presented a risk to their business, although I don’t know whether there was any actual loss to stock value.

“You are free to use (or license) BSD software as you wish.”

And I would encourage businesses to do so. That’s all I’m saying.

“clever minds keeping the letter and not the spirit of the GPL.”

The problem is that the “spirit of the GPL” isn’t terribly clear to many of us. I for one wouldn’t have been able to guess in advance that anyone would object to what TiVo was doing.

And that explains alot
Authored by: Anonymous on Tuesday, August 16 2011 @ 09:29 PM EDT
“It is very interesting that some people are so afraid of the GPL, and yet no one is forcing them to use it (or even to use software that is covered by the GPL).”

The point is that we have (I think) legitimate concerns. No, we aren’t forced to use it, and my advice is not to do so for anything important.

“Frankly, it is none of their business.”

If we need to decide whether to use GPL code in a particular context, it is certainly our business to be aware of any issues it might cause.

“Ergo, they must simply want to rip off someone else’s code without contributing back.”

Personally, I would want people to contribute code for the good of mankind, rather than in order to promote what seems to me a rather odd philosophical viewpoint. Nobody is going to force you to do so, but if you do, please don’t get defensive if some people don’t want to use your code as a result.

Odd philosophical viewpoint…
Authored by: Anonymous on Thursday, August 18 2011 @ 08:49 PM EDT
Not to the best of my knowledge. Have you ever heard of a scientist complaining that a company used the knowledge in a scientific paper to build a product but didn’t distribute a copy of the paper along with the product?

(I think I’m missing your point.)

Odd philosophical viewpoint…
Authored by: Anonymous on Thursday, August 18 2011 @ 11:49 PM EDT
Seriously, I don’t see any connection or analogy between the copyleft philosophy and the philosophy of science. I’m not trying to be difficult, I just don’t get it. – Harry
Re: I don’t understand
Authored by: Anonymous on Tuesday, August 16 2011 @ 09:51 PM EDT
“It is very simple to negotiate a GPL license. Read the license, do it like they say, and bingo. You are good to go.”

The problem is that what you are or are not allowed to do seems to keep slowly changing over time. TiVo obeyed the license, but they got screwed over anyway by the changes in GPLv3. The folks developing kernel plugins and WordPress extensions didn’t think the GPL would require them to release source, but, well, copyright law is stranger than you might expect, so they got screwed over too.

BSD licensing, in contrast, seems to be easily understood and stable.

“I think it would be *somewhat* harder if you wanted to use a piece of Microsoft or Oracle or Apple Code.”

Sure, but they have a sensible reason to protect their code. The GPL requirements, from my perspective, are just selfishness. (Not my original point, and not worth discussing IMO, but since you mention it.)

“All you Anti-GPL shills want is to be able to STEAL the code. Like with BSD.”

Others have already pointed out that STEAL is a silly word to use in this context. But, in any case, I’m not suggesting that anyone should use GPL code without following the license. I’m suggesting that (where possible) folk should avoid using GPL code, in favour of BSD or similar licenses.

Personally, I would prefer that people used the BSD license instead of GPL when releasing their own code to the public, but nobody is going to force you to do so. It’s your choice. But please don’t get rude about it (“shill”???) when, as a result, some of us recommend against using your code.

Re: I don’t understand
Authored by: Anonymous on Thursday, August 18 2011 @ 09:00 PM EDT
“TiVo *gamed* the licence. They did something they *knew* to be against the spirit of the licence, ”

I disagree. They didn’t *understand* the spirit of the license, which is a quite different thing.

I for one would not have guessed in advance that anyone would object to TiVo’s approach, and keep in mind that many GPL developers (such as Linus) don’t.

“Recommending BSD over GPL is, from my perspective, just selfishness.”

I accept this as a fact, but cannot comprehend the thought processes that lead you to feel this way. Is my opinion equally opaque to you? (I think it is very similar to most BSD-license developers; I disapprove of duplication of effort, and BSD is the best way to avoid that.)

I think we’re getting off topic. Please feel free to go to my blog post on the subject if you want to continue a discussion with me, although I’ll also be checking in here for a few more days.

Re: I don’t understand
Authored by: Anonymous on Thursday, August 18 2011 @ 11:56 PM EDT
It seems to me that it is a lawyer’s job to understand the letter of a contract, not the spirit of it.

Of course, I don’t work for TiVo. I’ve never even owned one. So I certainly don’t know whether they were acting in bad faith or not – but it seems to me that you are jumping to the conclusion that they were, with no particular evidence, and I don’t understand why. – Harry

The Doomsday Argument and Life Before Birth

August 19, 2011

Warning: naive philosophical logic-chopping ahead. – Harry

I first ran across the doomsday argument many years ago (under another name, if I remember correctly) in the novel Manifold: Time by Steven Baxter.  It’s one of those interesting ideas – it’s obviously nonsense, but it’s very hard to pin down exactly where the reasoning fails.  At the time I think I pretty much dismissed it, but it appeared again in an online article a year or two back and I’ve been musing about it on and off ever since.  It turns out to be even more interesting than I thought, because once you do pin down the logical flaw, you realize that it depends on a metaphysical assumption.  This means that, arguably, the Doomsday Argument is the first ever experimental test of a metaphysical idea, which I find fascinating.

For those unfamiliar with the Doomsday Argument, the short version is that, using Bayesian statistics, you can take the fact that you were born now (rather than, say, a thousand years into the future) and use it to predict that the human race is almost certain to become extinct in the near future.  For more information, I’d recommend this site by Professor Nick Bostrom of Oxford University.  There is also a Wikipedia entry but personally I found it disorganized and confusing.

So where do I think the flaw lies?  Well, the DA requires you to reason like this: if the human race is not about to become extinct, what was the probability of my being born now rather than at some point in the future?  The subjective nature of this question is essential to the argument – you can’t, for example, imagine being a visiting alien pointing to someone and saying “what was the probability of such-and-such a person [or people] being born now?”.  It just doesn’t work that way.

Now, that question sounds reasonable.  But consider this: is it really meaningful to ask whether you might have been born at a different time?  What, exactly, does the question actually mean?  If somebody were born in 3000AD with your exact genetic code, would that person be you?  I argue that (s)he would not, because your experiences and memories are at least as critical to your identity as your genetic code.  Even identical twins are not the same person.

It should also be kept in mind that the chances of a person being born with an identical genetic code to you at some point in the future are unaffected by whether or not you were in fact born now.  So if you would consider a person born with your genetic code in 3000AD instead of now to be yourself, you would have to also consider a person born with your genetic code in 3000AD as well as now as being yourself.  In which case there would have been two yous.  So to speak. [1]

At first glance, this would seem to handily refute the Doomsday Argument, but there’s a catch.  What about your soul?  If we suppose that people have souls, and that these souls already exist in some sense before a person is born, then suddenly the DA works again – you can ask “what were the odds that I [i.e., my soul] would be placed in the world at this time, rather than a thousand years in the future?” perfectly meaningfully.

It is, at this point, very tempting to assert that if humanity does not become extinct in the near future that would disprove the existence of the soul.  This would however be dishonest, for several reasons: for one, my reasoning only applies if souls are (so to speak) created ahead of time, which is not necessarily the case; for another, the DA might have one or more other flaws (I believe Professor Bostrom discusses some possibilities in detail, though I must admit I haven’t actually read the book); and finally and perhaps most fatally, the DA also requires you to suppose that your soul is placed in the world at random, which I think according to most religions is unlikely to be the case.

Despite these caveats, I personally find this situation fascinating … as I may have said before.  If you’ve gotten this far without giving up in dismay, bless you, and I hope I haven’t bored you completely to tears!  My next post should be back to normally scheduled programming. 🙂

Harry.

[1] English really isn’t a very suitable language for discussing this sort of hypothesis, is it?

GPL Considered Harmful

August 19, 2011

… first they came for the kernel plugins, and I didn’t speak out because I don’t write kernel plugins. Then they came for the WordPress extensions, and I didn’t speak out because I don’t write WordPress extensions. Then they came for the apps and there was noone left to speak out for me … 🙂