segunda-feira, setembro 18, 2017

Shitty Philosophy and Physics : “Time Reborn - From the Crisis in Physics to the Future of the Universe” by Lee Smolin


“I propose that time and its passage are fundamental and real and the hopes and beliefs about timeless truths and timeless realms are mythology.”


In “Time Reborn - From the Crisis in Physics to the Future of the Universe” by Lee Smolin


Impermanence, Buddhist style?

Buddhism seems to acknowledge the play of opposites I've referred to elsewhere.
Recognising the yin-yang nature of the universe, in order to claim there is constant 'flux' (fluidity, rather than change; a subtle difference) - or for argument's sake, change - Buddhists balance that by asserting a 'greater' reality - the one, eternal, stable, whole (a supposed 'deeper' reality).

Contradiction and paradox is near the heart of evidenced, reasoned contemplation?

As for Aristotle:
time is a measurement of change is a measurement of time.
Change makes time possible, and vice-versa.
In principle, it seems that time persists, even in conditions of perfect stillness.
Yet any attempt to conceive a temporal progression, absent all change, seems to lead us into perplexing self-contradictions: any attempt to imagine how such unchanging time-flow could be measured, requires changing. It seems that time must be more than change; yet remove change, and time vanishes!  But if time is just a means to measure change, then in principle, it should permit the possibility of a world where change is cyclical. Yet our understanding seems to limit time to a linear, one way progression.

Or does it?

Would a world where each day began the same as the previous one be conceivable? A world where, during 24 hours, everything that ever happens and could happen takes place? Alternatively, could a world be conceived of, in which everything changes every moment? Where NOTHING is the same from one moment to the next? How could time possibly apply to a world where there was nothing stable to measure change by?

Smolin talks of life lived in the moment: of time being a succession of moments.

But who, seriously, experiences life like that? To me, here, typing away, the present seems to persist. There's a smoothness, a constancy, and an openness about it. Smolin also claims that we must reconcile relativity theory and quantum mechanics - the micro and the macro - into one unifying theory.  But, when asked why - perhaps we must live with fact that they are, and always will be, irreconcilable? - he flounders. It seems this is simply a matter of faith for him! Yet, he also claims that the world physics says is 'real', is merely a mathematically modelled one. And that these models, rather than existing in some sense 'outside' our spatiotemporal world of experience actually emerges from it; We should realise that, attempting to apply (as, he claims, physicists do) abstract mathematical models - designed to describe local, experimentally conditioned phenomena - to reality as a whole, is erroneous. Cosmology needs different concepts than quantum physics uses on the micro, mathematically modelled scale.

Everywhere and anywhere, our existence always pre-supposes our existence.
To assert it in the sense you do is, as I've said elsewhere, an obvious (sic) truism.
When lots of things are happening, and we are fully engaged, time may seem to 'fly by'.
When bugger all things are happening, and we are disengaged, time may seem to drag.
When young and active, time seems to pass so slowly.
When old and inactive, time seems to pass so quickly
As Einstein showed, time is relative - to an observer; to speed; to distance. The effects of change may seem temporal, insofar as we see them in a linear sense, from our past to our future.
Yet, what is the present?
On reflection, it seems that there's only the past - which, as past, no longer exists; and the future, which is yet to exist.
The present, where things supposedly 'exist', are 'real', right now.
Is illusion.
If time must exist, then how can there ever be a present?
And, if there's no present, how can anything, let alone time, exist?

In spatiotemporal terms, if Smolin's take on the 'metaphysics' or 'cosmology' of current physics is reasonably accurate, it's more like a link - or a line - between (point) A and (point) B. (Insofar as we conceive it as a 'journey', that's down to our woefully limited intellectual/instinctive/sensible abilities: we are stuck as things within space-time, rather than observers outside it, able to see the greater reality: what's real (sic). What you imagine to be the signs of a journey through time, taking its toll (e.g. ageing) are 'really' more like signposts on a route. Or the sights along the way, when you go from Cornwall to London, say.

To us spacetime trapped beings, it’s a one-way journey. But from 'outside' spacetime, that temporal transformation is neither back or forward. It just IS. Fully formed. Mapped out. 'Change' is a concept arising out of our limited conceptual capacity to comprehend the 'big picture'. We put our faith in seemingly obvious, common sense views; yet so often, over time, science has exposed their erroneousness (It seemed so obvious that a smaller, lighter object would fall slower than a big heavy one; yet science proved this wrong).

Kant realised time was imposed on experience by minds; physics has seemingly 'proven' this (Einstein onward) through evidenced reasoning. (Though, of course, a comparatively few theoretical physicists - like Smolin - resist this 'consensus'). Of course, what you think physicists mean when they deny time, and what they really (sic) mean, may well differ.

It may be useful to substitute (best) "explain" for "exist".

Assuming 'time' fails to explain what common-sense assumes it does about reality, as far as physics is concerned. So, physics, post-Einstein, replaced it with 'space-time'. Time, like length, width and depth, is an idealised, mathematical dimension; something we conceptually construct to measure stuff. Of course, I'm playing devil’s advocate above; assuming for sake of argument that Smolin is correct, and that most theoretical physicists have rejected time's 'existence'.

Hence, everything is true and false; real and unreal.
Which lead me to a choice: if everything is isn't; and vice versa.
Then attempting to think anything is impossible; as one must always be looking to negate anything Smolin asserted.
And, if you manage to do that, then you have then to try to re-assert it.
Anyway, I saw relativity (or relativeness) as a possible way out of this.
'Everything that is true is false' smacks of absolutism.

But if all is true and all is false, perhaps that can be seen as:
Everything is partially true and partially false; to varying, and probably changing, degrees.
What we are doing, for the most part, may be distinguishing what seems (relatively) more true from what seems (relatively) more false.
IE: what we say is true, is really more true than false.
Relatively speaking. (Absolutely speaking, it's still as false as it is true).
But, 'cos I'm still a sucker for this philosophy shit, I thought it might be interesting to try to see everything in positive terms.
After all, when we deny something, we say sod-all about what is.
'He's not guilty. your honour."
"So who is? Somebody did it!"
If 'time' is not 'real'; what is it? What does it refer to?

As long as any word has any meaning; as long as it's utterance makes some sense to someone, then it exists as something more than merely an empty word.
I'd like answers.
But I've been compelled to ask questions from an early age.
"That kid won't let up. He's always asking why!"
Somewhere along the line, that seemed to change from "why" to "what".
What is?
Sod all, really.
But, 'unreally', everything imaginable, and more.
Seeing the world as made up by minds; as the work of imaginations; It sure helps trying to understand how so many people seem to believe such silly stuff.
From astrology, thru theologies, UFOs, conspiracy theories, ad infinitum.
Everything is made up; but some of it makes more (evidenced reasoned) sense than others.
What alternative to science does Smolin offer?
None!
Merely an alternative scientism.

Theoretical physicists, in the absence of experimental support for their theories, have understandably come to increasingly rely on mathematical models, on which to base their speculation on the possible nature of the universe. Smolin's response is an appeal to 'everyday intuition'; but that 'intuition', in his hands, maybe more akin to an earlier, pre-post (or even simply) modern, metaphysical ideology. He says he seeks to re-align physics with making falsifiable hypotheses; yet how is what he seems to offer any more open to such testability?
"Is time emergent or fundamental?"
That's more akin to "the disagreement" that "could hardly be more fundamental".
And what about space?
Smolin seems to accept that space is "unreal" (is emergent).
If given a choice between space or time, people would be more likely to 'intuitively' assume space existed, than time.
Smolin, in the simplified, distorted sense in which his speculation about a fundamental conception of time is presented here, would be proposing a pretty bog-standard and old-hat metaphysical realism (the universal 'time' has objective/absolute 'existence').
Dressing this up as "everyday intuition' hardly does him any favours; it's more-like a kiss of death. (Science typically progresses by defying intuition).
Check yourself before you wet yourself!

If it's 'outside' time (actually, that's 'outside' spacetime), it can hardly precede or succeed), can it?!
Such a theory, should it ever emerge, would unite quantum field theory with general relativity. Insofar as 'time' is 'unreal', how could it concern itself with a 'history', when history presupposes time?
Smoliin claims to have captured something of the essence of physics; minus the maths. If this is any indication, then it's also minus any sense, common or otherwise.  If Smolin is right - if he's being read right - then physics' study of the natural (material) world has lead it to largely posit ideal objects - mathematical models and speculative concepts derived from them - as if they are the constituents at that make up the material world's essence? Black holes, dark matter, electromagnetic fields, etc. are theoretical constructs - ideas - that are inferred and imagined, based on understandings of observed 'material' phenomena.

How is it inconsistently to be skeptical of something unless and until there is some necessary data? Necessary and sufficient would be nice but I'm enough of a realist and a seasoned experimentalist to know that is asking a lot. Just some at least indicative data. All I've had thrown at me is 'Theory' meaning hypotheses. A theory without data is just waffle. Darwin knew that, which is why “On The Origin of Species” is packed with data. He also spent years doing scientific grunt work to establish himself. His systematics of the barnacles is still the seminal work on the subject. Added to, amended by genetics but still sound, referred to science. He was the first to demonstrate what good worms did to soil. Some people think all he did was think up a nice theory then sit back. Darwin was a data man. Evolution came upon him in contact with the data just as it did with Wallace in the Indies. The Wallace line denoting the divide between Asian animals and plants and Australian animals and plants still exists, still carries his name.

AS HEINLEIN WOULD SAY. AGAIN, SHOW ME THE DATA!

Bottom-LineSadly, drink is consuming me - even now, I'm pissing blood, I should be drinking water, and here I am with a glass of booze. Like the smoker, putting a cig into a hole in his throat, as he approaches lung-cancer death? Nietzsche helped me 'realise' that everything true is false; Derrida, that everything false is (therefore) true.

NB: After the wonderful “The Trouble with Physics”, Smolin fell on his face with this one…


domingo, setembro 17, 2017

Programming is Like Music: "Python - Become A Master In Python" by Richard Dorsey


Just what is the fascination with spreadsheets? I played with them on my Spectrum in the 80s, but it wasn't very useful. I used a spreadsheet on a Psion handheld in the 90s to keep track of some data. And nowadays I have a spreadsheet in LibreOffice to keep track of my expenses and work out my tax (estimate, since obviously, you need to use a proper package to get it right). I've worked in places in the meantime where bosses think that Excel is a suitable tool for project planning. It isn't. But if you only give people a hammer, everything looks like a nail to them. As a programmer, myself, I'm finding this whole thing fascinating. The quality of the kid's programming output (and yes, it is programming, not 'coding') is going to be directly proportional to the teacher's ability who's teaching them. I have a big worry that this will go the way of foreign language learning in school though, even without this concern over the quality of teaching. It's a subject that needs self-determination and a lot of time spent outside of the class room to truly get to grips with. Without these two things pupils, will probably grow to despise the subject - and we may even start to put off future would be programmers. Children as young as four have been learning programming skills in the classroom for many years with programmable toys: Big Trak, Roamers and BeBots are some examples which have been whirring around on the floor. Disguise a robot as a sheep and get it to run away from the farmer or program a lifeboat to reach a sinking ship etc.

But programming is hard; very hard. Heartbleed and the concurrent Apple invalidation of security certificates in their software demonstrate how bloody hard it is. Teaching children to code is analogous to teaching them to make nuclear bombs. Though I think it’s not so much like teaching them to make nuclear bombs; it’s more like doing physical education with the goal of teaching them all to be fast bowlers. Or music with the idea of trying to make them all composers of classical sonatas.

Python is the right choice, and it really is easy as languages go. But for most people even learning Python is going to be frustrating to the point of impossibility. You could try LiveCode - also open source. A bit like the old Hypercard. Or you could try learning the Bash shell or Awk - both restricted purpose non-GUI languages which may be more accessible because they have very clearly defined purposes and limits. Or you could try the Gnome package Zenity. Python is very general and it has the complexity of having lots of IDEs...The problem most people have is conceptual. Their minds simply do not work like that. There is no particular reason why they should. Most people will not be able to be good fast bowlers either. They are perfectly fit, healthy and intelligent people. Inability to programme is no bar to learning or achievement of all sorts. It is much more important to know how to set up an OS, how to set up a network, to understand something about security and servers, permissions, users, all that stuff. Python really is simple when you compare it to a language like C. For example, to create an array with even integers from 1 to 100 in just one line in Python, you can do list comprehensions:

myArray = [x for x in range(1, 101) if x % 2 == 0]
Try doing that in C, you'll end up with something like this:
main() {
int myArray[100], i, index;
index = 0;
for (i = 0; i < 101; i++) {
if (i % 2 == 0){
myArray[index] = i;
index ++;
}
}
}

Wait! Why would I want that in an array I have no idea...

This looks much better:

for (i = 0; i < 51, i++) array[i] = i*2

In any case, what does the length of the code matter?

What matters is the readability and clarity of the code and how fast the programs runs.

Having learned both basic, Z80 machine code and assembler in the early 1980s I would say that the revised mental processing I needed to master to be able to create programmed solutions to problems using any of these coding methods has proven very useful in all manner of situations requiring clear thinking since that time. The big problem with learning this stuff is getting over the jargon and meeting the standard of prior assumed knowledge. They will also need to teach kids quite detailed machine architecture otherwise this scheme will fail.

Programming is like music or creative mathematics. Only 10 or 15 percent of the population are going to be able to do it. An even smaller percentage of current teachers is going to be able either to do it, or still less teach it. The idea that we take a year, teach all teachers to be programmers, and then have them teach all children to programme? It’s simply mad. Not only is it impossible, it is squeezing out from the curriculum the teaching of something that is much more useful and which is possible to teach everyone. That is systems management. Setting up computers and networks, trouble shooting, installing operating systems, servers and the like. Files and file management. The command line. Elementary scripting to the extent necessary to use the command line properly. In short, how to manage computers and networks. Not how to write programmes in two languages. Teach this, and you will be giving a valuable general purpose skill children will use in employment and private lives. And it is possible to teach it to almost everyone.

We don't try to give all teachers a knowledge of music composition next year, and have them then teach it to all children the following year. This is as crazy an idea as that would be. The only result is that we will prove once and for all by a wonderful national experiment that programming is a very specific and comparatively rare ability. And in the process, we will make a lot of perfectly intelligent and able people feel totally stupid and frustrated, when we could have given them useful and enjoyable instruction in things they could learn and would use.

Having this stuff ingrained young means it’s part of the way you think for life, and it’s hard for today's adults to estimate how much of this knowledge is going to be needed in the future just to be able to have access to decent jobs. Almost in the same way that typing was appropriate in the age before computerisation so that people could get higher paid clerical, administrative, and executive roles.

School should be as much about teaching kids to learn as it is teaching them what to know. The distinction is subtle but important.


Bottom-line: Will Dorsey’s book help on this road to computer literacy? Nope. Too short and without the stuff one needs to learn how to program in Python, but I’m not even sure that was the author’s intention. I don’t really know what kind of rationale these type of programming books fulfill, to be honest. How can anyone become a master at Python programming without the use of classes (strangely absent in the book)? Mind-boggling to say the least…

sábado, setembro 16, 2017

All Much Ado about Nothing: “The Trouble with Physics” by Lee Smolin



“The Weinberg-Salam model requires that the Higgs field exist and that it manifest itself as the new elementary particle called the Higgs boson, which carries the force associated with the Higgs field. Of all the predictions required by the unification of the electromagnetic and weak forces, only this one has not yet been verified.”

In “The Trouble with Physics” by Lee Smolin


Hello physicists and Lee Smolin in particular,

I can't say I agree with such a hard stance against string theory personally like Smolin does, but I’m what’s known as a stupid person, so it doesn’t really matter what I think. However, I do feel it is healthy for science to have people that challenge ideas from all sides. All this will do is galvanise people to work harder to provide evidence to prove or disprove any theory that tries to describe reality. Science thrives in areas of confliction.

Life is the memory of what happened before you died, i.e. we cannot extricate ourselves from the universe in any way shape or form, including our "objective," apparently repeatable theoretical notions. By definition, there is only one UNI-verse. If you want to call it a universe of multiverses or a multiverse of universes, or balls of string with no limits, no problem, but there is only one of everything that is and isn't. This assemblage of atoms, no different from any other atoms, called the human body, has a life and death, as do the stars; it also has an internal resonance we like to call the consciousness of self-awareness of existence. We all too often, de facto, accept that there is a universe outside our "selfs", our bodies, i.e. it’s just me, my-self, and I, and the universe that surrounds my body, as if there were a molecular separation of some sort. This starting point for science, i.e., this assumed separation from a universe that surrounds our (apparent) bodies is the first thing that has to go. By definition there is only one UNI-verse that includes Heisenberg, I, the photos and videos of flying objects that make apparently perfect right angle turns at thousands of miles per hour, which we casual observers are not able to identify, black holes, white holes, pink holes, blue holes, our memories, our records, not to mention everything else. It's all much ado about nothing. As someone else used to say, "This IS the cosmic drama," we are living at the interface of the Sun's outgoing light and the apparent incoming light from the universe that appears to surround the Sun. Ah, but, what if we live in a black hole and don't realize it? That would mean the night sky, which most of us consider to exist outside the sun would actually be all the light of the sun after doing a 180, except, and here's the kicker, daylight, i.e., the light of the sun that we experience as sunshine. Maybe we need to revise the old coin that says yin and yang, black holes and white holes, matter and anti-matter, light energy and dark energy, night and day, black and white, etc. ad nauseum, are two APPARENT sides of the same coin as perceived by bunches of atoms they (we) are observing other atoms in a universe that is completely outside their (our) own "personal universe" as defined by their (our) sensory input. In other words, the interface between black and white colors our apparent existence. That sophistry and $2.25 will get you a ride on the tube.

I am not a string theorist but back in the day I considered myself a physicist who knew a few physicists doing physics for a living. Something that might surprise people to hear is that many (perhaps the majority?) of string theorists did not spend any time thinking of ways the idea could make observable predictions. The reason for this was that the typical energy scale of string theory is much higher than even scales we try to probe in the early universe in cosmology. They argue that getting string theory to say something specific about physics 'beyond the standard model' would be like trying to describe friction of a carpet in terms of quarks and leptons i.e. theoretically conceivable but practically impossible. Seen in these terms though, string theory itself is a generalization of the 'theory of carpets' i.e., it is built as an extension of ideas we know are very successful at familiar energy scales: quantum mechanics and relativity.  Indeed, the reason the 'typical' energy scales of stringy stuff are thought to be so "unreachably" high is due to an extrapolation about the strength of gravity based on the value of Newton's gravitational constant you can measure on a table-top on earth.

In my opinion this huge extrapolation is a dangerous one as there are reasons to believe that they are things going on in physics before this high-energy scale which may change our understanding of things very much (e.g. the observed value of the 'cosmological constant'). These things could render any of the assumptions about string theory invalid. This represents a rather peculiar situation. Due to their assumptions, the string theory community is likely incapable of making any predictions about anything in our universe. Progress regarding the 'truth' of string theory therefore will not come from string theorists doing string theory calculations but from other physicists experimentally probing the assumptions that string theory relies on.

The question remains whether string theory has advanced understanding of the physical world. They had like one vague prediction for the LHC and when it didn't come true there were all like "ah, it only emerges at much higher energies!". LMAO! String theory is religion at this point. On the other hand, I side with Smolin when he says he’s interested in a testable theory. It just so goes that Smolin's ideas are not fatalist, which turns many militant atheist types off because it means life is not an accident; what that says about God, his position is completely agnostic. Considering the symbiosis we find in nature, his views make a lot of sense and unify well with a lot of biology and ecology.

I'm told string theory is great mathematics though, so great one String Theorist ended up winning the highest price in mathematics, the Fields Medal. I’m talking about Edward Witten who has also lots of references in Smolin’s book.

Between 2006 (when this book came out; see quote above regarding the yet still to be discovered Higgs’ particle), 2012 (when the Higgs boson was “discovered”), and 2017 (when I’m writing this review), what have we to show for String Theory? Not much. And since physicists have spent a lifetime ignoring observational data, they don't feel in the least bit accountable for (1) the plain truth (2) being wrong or (3) all the lives that they destroyed along the way when they mocked the people who were trying to tell them that they were wrong. Over the next few years you will see them lay claim to a beautiful theory of Quantum Gravity, even capable of making contact with experiment. They will even tell themselves that they were really working on this theory of Quantum Gravity all along.

Well, bottom-line: I hope someone kills String Theory, it's getting to the stage where physics is starting to resemble pseudoscience, and lots of pretty and convoluted theories that are essentially untestable.


NB: I don’t care about String Theory; what I really want is FTL travel. I want what the Tomorrow’s People had: flicking long distances in time and space in the blink of an eye; I want the Star Trek replicator that makes my dinner when I want it and how I like it; I want my phaser at stun; I want all of this. If the String Theory gets me there asap then spend, spend, spend...

sexta-feira, setembro 15, 2017

The Ballet Dancer: "The Late Show" by Michael Connelly


“It’s like the laws of physics—for every action, there is an opposite and equal reaction. If you go into darkness, the darkness goes into you. You then have to decide what to do with it. How to keep yourself safe from it. How to keep it from hollowing you out.”

In "The Late Show" by Michael Connelly


It isn't polite to look in through other people’s windows. I knew this but still I would do it. It isn't an obsession, it isn't voyeuristic. No. But sometimes things would catch my eye as I walked past. A nice vase, a sleeping cat, a glimpse of a print on a wall, random "stuff" that makes a home a home. I liked to imagine who would surround themselves with these things, what do they look like? How do they live? In one window, I know is a tiny figurine of a young ballet dancer - cheap, pastel, glazed. Nondescript. Given a place of prominence through love.
I once saw the woman who owned that dancer.
It was her feet, the size of her feet. Sitting on the bus, I was just mesmerized by her feet. Spilling over her cheap plastic slip-on shoes. Feet that looked bulbous and par boiled like a body rising from a too hot bath. Veins cracking and breaking under the strain of their burden. Sad, shuffling feet trudging homeward, kicking carrier bags straining under the weight of their contents.
I followed the feet really, not the woman. I honestly don't recall what she looked like. Large I suppose, judging by her feet. Those feet. And, as I passed the door she had disappeared through, I took a glance to the side - there was this little dancer. More delicate in that moment than anything I had seen before.

I walked on and away. I have never been back to that street, but sometimes I think about that figurine and wonder if those feet might dream of dancing. I try not to look in windows any more.

quinta-feira, setembro 14, 2017

Non-Flash-in-the-Pan SF: “Counting Heads” by David Marusek



“I am not pouting, and I am certainly not indulging in self-pity, as Eleanor accuses me. In fact, I am brooding. It is what artists do, we brood. To other, more active people, we appear selfish, obsessive, even narcissistic, which is why we prefer to brood in private.”

In “Counting Heads” by David Marusek


SF stories often regurgitate medieval themes and settings, including wars, sword fighting, emperors, dukes, and so on. Star Wars and Dune do this, too. They would have us believe that people still fight with (light) sabres although they master FTL travel as well. Light sabres may be entertaining, but to me they are not serious SF. I prefer another kind of SF, the kind that shows NEW forms of human/alien behaviour induced by alien settings and new technology, NEW dilemmas and choices, and shows how current developments will play out in the not-too-distant future. In short, it kind of sheds light on the human condition as I’ve been writing “ad nauseam” on this blog. David's Marusek brilliant "Counting Heads" has no sword fighting, no laser guns. It does have court cases being pursued by Artificial Intelligence Assistance up to the Highest Court within milliseconds. People being "seared" - deprived of their online identity and thereby being unable to live a normal life. Societies with large numbers of clones such as "Maries" (that often marry Freds, who are fond of making lists for everything they do). Leftover Nano weapons from a past conflict still wreaking havoc. How drones will change the way life is lived. People choosing the age at which they remain living. A large queue forming outside the neighborhood 3D print shop because someone is printing a couch... Etcetera. And the book was written in 2005. This shows it’s not necessary to write 600-pages books to give us a fine SF novel. More words, not always give us a better book for sure; would a longer book serve to clarify, especially when the reader is forced to embrace and remember new names and terminologies at almost every paragraph? Do we really need to be spoon-fed? I much prefer my SF to be ultra-dense like Marusek's; he prefers to build the world through subtle hints for an attentive reader to pick up and put together. But we're geeks. We're smart guys. We wear hats. This is how we should want our books. We don't need our mommies to cut up our steak for us, so why do we need an author to spoon-feed us big chunks of exposition to explain every nuance? Were this another type of SF novel (meaning bigger), it’d degenerate to a sinkhole of flash-in-the-pan fantasy in the guise of science fiction.


My point: there is SF that retells old stories in new settings, and there is SF that throws most of the old out and replaces it with thought-provoking new stuff. The books from Philip K. Dick could only be made into movies at the end of his life, and decades thereafter, because that's when society had learned enough to understand his concepts. Maybe the same will happen to David Marusek.


SF = Speculative Fiction.

quarta-feira, setembro 13, 2017

733bi/fo@@h732=|$dGGGHHH&+~52: "Think Like a Hacker - A Sysadmin's Guide to Cybersecurity" by Michael J. Melone



“Thinking like a hacker means studying the tooling that hackers use, attending hacker conferences such as DEFCON [and C-Days in Portugal], and practicing hacking and exploitation in a lab environment.”

In “Think like a Hacker: A Sysadmin’s Guide to Cybersecurity” by Michael J. Melone

What happens in real life passwords-wise? (I know what I’m talking about; back in the day I was in the trenches doing this for a living…)

The passwords are usually stored in a database with the username, when you enter your username and password one is checked vs another. Obviously if the database was stored "in the clear" anyone who stole it or looked at it would know your password. This can't work for anywhere where the user accounts must be secure - even from employees, which is basically everywhere. So, what is done is that the password is "hashed" which means that it is encoded using a one-way conversion formula. If I have the formula and the password I can reproduce the hash result, that's a match! I can open your account! That's what a website does when you enter the right password. But if you just have the hash then if you give that to the website it will apply the formula and create a different result and the system will say "no dice". So having the hashes is no use to a hacker.

Unless the hacker guesses the formula. And this is where the billions of attempts come in. If an employee or hacker steals the list of hashes and usernames they will use them to guess the formula. The bigger the list the more chances of a password being repeated in it, if the hacker spies two hashes that are the same (or with modern functions, hashes that are related with a regularity that clever math can show) then that might mean that the passwords used to generate them are the same, and if the said password is 12345678 then it's very likely Mr. hacker will guess the formula required, and at that point off we go to the races. If the hacker has the database on his own computer (and one can rent very big, very fast computers now for very little $$$) many billions of guesses and tries and tests on the hash function can be done every second.

Good web sites do three things, firstly they "salt" their passwords with a random string which is kept separately like "733bi/fo@@h732=|$dGGGHHH&+~52-" which means that all passwords have that added to them before hashing. Secondly, they use strong hash functions like not SHA-1. The final thing that it is easy to do is to stop users using any password in the top 5000 passwords lists, stop them using any dictionary word and insist that the password contains numbers, capitals, lowercases and symbols.

Unfortunately, such is the sophistication of password cracking software these days that even a long password is no guarantee of security and hardware is getting faster all the time so just a long password is no cast iron guarantee of security. Use very different passwords on online services and be careful about the links between different apps; these days you can use your Facebook ID to login to a range of different sites for example; if you do this consider the implications of what could be accessed if say your Facebook ID is compromised and the data that is shared between the 2 sites.

A password manager is a good way to go for remembering all these different passwords some of them will generate a random password of a specific length for you when you set up a new account and they are available as apps on smartphones, however choose a secure password to access it and ensure it is securely encrypted using something like AES and be careful where it's stored, remember the "Cloud" is just another computer hosted somewhere in the world, there is no guarantee cloud storage is secure; if you back up to these services then encrypt the backups (Companies like Apple offer this with just a check box and password field as an option in your back up settings).

I am extremely careful with LinkedIn these days, I once found all my information available online (legitimately) because they had changed their privacy options and data was open by default to certain LinkedIn partners who took it upon themselves to publish my CV publicly (thanks for the spam to the email accounts I used at that time guys!), they seem to have a very relaxed approach to privacy and peoples profiles often appear in straight Google searches, CV's by their nature tend to include a lot of personal information, and certainly a lot of contact info.

Most hacking attempts do not even use passwords; they exploit failings of the site's code itself. Meanwhile the 'password complexity' argument is based on being able to submit thousands of passwords a second to the same account. Any system which allows that is a dumb piece of design. The sensible answer is that you should not use a guessable password. The rest is basically a 'straw man' designed to shift attention away from the real security failings of the software industry.

Passwords are recognised as being extremely fallible and there is a big discussion going on as to how to replace them, biometrics are equally insecure and you can't change them if they are compromised, as for flaws in code allowing exploits, these will always exist, even the best programmers make mistakes and the sophistication of cracking tools is improving all the time. I view this as being a bit like home security, you can add all the window locks, security deadbolts and alarms that you like, it's never a guarantee that someone can't break in, and in the case of on-line data where government funded agencies are involved then all bets are off.

Personally, I try not to put anything important on the internet, my plans for world domination and my Mum's recipe for bread pudding I memorise, and keep in my head, they can't hack that......yet! :)


Bottom-line: Hackers don't try to guess passwords to get your account. They hack into the system, steal the encrypted data and then, outside of its secure ecosystem it is now vulnerable to brute force attacks. Once a reasonable number of passwords has been hacked, this can be sold onto the highest bidder who will then harvest your data. Often, they will use the same username-password combination on other common websites such as PayPal and Amazon where they can make online purchases or Facebook and Gmail/Hotmail where they will begin the process of identity theft or look through old messages for even more important passwords or bank account details. Remember that holiday you took with your mates and you instant messages them your bank details so they could pay you for the flights? Yep, that's still in your message box. So, change that Facebook password. Now!

terça-feira, setembro 12, 2017

Peter Hall, 1930-2017

(Judi Dench as Titania during the filming of "A Midsummer Night's Dream" by Peter Hall in 1968)


No, I'm not going to write about his Shakespeare productions. I'm going to write about his take on Wagner's Ring Cycle, with only some en passant comments about Shakespeare. With Peter Hall there was none of this "Macbeth" set in a bus shelter or "King Lear" set in McDonalds, or what have you. Contrary to much received luvvie "wisdom" I think it takes more understanding and scholarship to play a classical text "straight" than it does to pointlessly "update" it. An intelligent audience can draw its own conclusions. "Henry V" doesn't have to be played in modern day military camouflage to make the connection between 15th century and 21st century jingoism, as per Iraq war or whatever. I understand that, for its admirers, the greatness of Hall's Ring Cycle lay in its fidelity to the classical style of Wagner himself, and his eschewal of the 'concept' style of interpretation that you had with the previous Boulez Cycle from 1976 and that you were to have with productions after the Hall version closed. As I recall, Hall argued that the Ring was, first and foremost, a mythological narrative, a view that conformed exactly to Wagner's own arguments about the nature of opera and drama. The mythological style is bound up with the universality of theme and characterisation that Wagner associated with Greek tragedy. From what I have read about his Ring Cycle, Hall must have studied Wagner's writings, because, by all accounts, he had a very clear understanding of Wagner's intentions. What would I not give now to have been able to be in Bayreuth to see the Hall Ring in the 80s.