Wednesday, 27 November 2002
are, inherently, a threat to democracy. The basic
premise of democracy is that well-informed citizens make better
decisions than dictators or elites; when we concentrate knowledge in the
hands of the few, we cheat democracy of its strength. Closed-door
decisions, whether on health care, energy policy or homeland
security, lead to public mistrust, lack of accountability, and
policies that are imposed on the people, instead of being
proposed and adopted by the people.
At the same time, government secrets are inherently useful in warfare,
diplomacy, law enforcement, intelligence gathering, and other areas
where the enemies of society operate. Public review might have improved
our battle plans for Operation Market-Garden,
say, but public debate would have informed the Nazis of our intentions,
and made the plans less than worthless. (Public review of our D-Day
invasion plans doesn't even bear thinking about.) When informing the
public risks informing the enemy, secrets can be justified in the name
of the common good.
And so we strike an awkward balance. We want to keep secrets from our
enemies, but we don't want secrets kept from us, and we
distrust the motives of those who do. We've had too many bad
experiences with people who claim secrecy for the public's benefit, but
then use it to advance a private agenda under
cover of darkness.
Case in point: Recently a blogger, whom I'll call "Pusher" (for reasons
that will make sense later), cited this
Reuters article about a North Carolina researcher who published his
findings on our vulnerability to biological warfare. Pusher cited this
as an example of when it's better to shut up and keep our
vulnerabilities a secret, and not risk revealing them to Al Qaeda.
"Security through obscurity" is the best option, he declared; better to
avoid alerting the enemy than to openly discuss our weak points. I (and
others) politely noted that the researcher in question was attending a
conference on biological warfare, that assessing risks and
vulnerabilities is a necessary step in prioritizing our defenses, and
that, given those circumstances, it would have been irresponsible
not to inform the other attendees of our vulnerabilities in this
In a followup article, Pusher then took his case for "security through
obscurity" to the extreme: He claimed he'd discovered the Terrible
Secret of Blog, a terrorist attack scenario which could be executed
by a small group of determined individuals (50 people), using commonly
available tools and equipment, that would cause crippling disruption to
the U.S. economy and cannot be defended against. He didn't say
secret attack was, naturally, but it was (of course) a
perfect example of when it's better to keep things secret than to
discuss them openly.
Pusher did agree to share the Terrible Secret with a second blogger,
whom I'll call "Shover," to
confirm that it was simple, devastating, and indefensible. Shover, upon
review, agreed that the attack was simple and devastating, but he had
some ideas on defenses; his ideas, to the extent that he's revealed them
so far, are effectively the position he was already advocating: Mass
distribution of firearms and training to the civilian populace, to
ensure that any terrorist attacks are met by a local, immediate armed
Pusher subsequently removed the Terrible Secret from his
blog, and Shover censored his own blog to hide Pusher's identity, on the
fear that Al Qaeda might surf the web, discover the Terrible Secret, and
then attempt to kidnap Pusher and torture him into revealing it. (I
have to admit that this part of the story has my kook-o-meter pinging
wildly: I'm just as paranoid as the next guy, but if tantalizing blog
postings can lure Al Qaeda operatives into the open, then I think we've
found a new defense strategy. I've discovered a major, major
vulnerability that terrorists would just love to know about, la
la la, let me just finish setting these punji traps....)
Delusions of grandeur aside, this story illustrates many reasons why
secrets are dangerous, and a few reasons why secrets are necessary.
There is, most assuredly, no shortage of ways that our national
infrastructure could be crippled by several small teams of terrorists
acting in concert. The September 11th attacks were more political
theater than military strategy, as Pusher notes elsewhere; if the
terrorists had really wanted to damage our infrastructure that day, they
flew past a far more obvious target on their way to the World Trade
"Security through obscurity" isn't an option for protecting the Brooklyn
Bridge, though, because the target isn't obscure. If Al Qaeda can
identify the vulnerability just as easily as you can, then "security
through obscurity" is a costly delusion; you give up the exchange of
ideas and the collective actions that might lead to improved defenses,
and get only the illusion of security in return. By declaring that he's
found a hidden vulnerability in our infrastructure, which the common
good demands that he keep to himself, Pusher presumes that he's more
clever than the terrorists (who would never have thought up this idea on
their own) and more clever than the rest of us (who would never have
come up with a good defense).
It's possible, of course, that both these presumptions are correct;
maybe Pusher has knowledge of (say) our national power grid that only a
handful of industry experts would have, and thus can identify
vulnerabilities that are truly obscure and esoteric. Maybe he's correct
in his assessment that there is no other defense, and the best we can do
is to keep quiet about this particular issue and hope Al Qaeda never
learns about it.
But it's also possible that Pusher is wrong. (In his original article
Pusher considered whether there was any chance he'd overlooked
something... unsurprisingly, he concluded that he hadn't.) If Pusher is
wrong about the obscurity of his idea, then his actions may assist the
terrorists: By failing to alert the public, he ensures that only he and
Al Qaeda know about it. If Pusher is wrong about the feasibility of
defense, then his actions may harm the public: By denying us the
opportunity to act, or even to assess the possibility of defense, he
becomes accountable for the lack of defensive options.
And, of course, it's also possible that Pusher is using secrecy to push
a private agenda, namely that his critics shut up and stop disagreeing
with him. ("I'm right about this, and I can prove it, but I can't tell
you the proof for reasons of national security. You'll just have to
trust me and shut up now.") If it
works for Dubya, why not for warbloggers? At the same time, Shover
is well-known for his strong Second
Amendment views; in theory, he could use the Terrible Secret to
stealthily advance his pro-gun agenda. (Not that I object to a pro-gun
agenda per se, or that I believe Eric would actually do
this—I simply point out the possibility, and that Secret Reasons
of National Security have often been used to advance personal agendas.)
In any event, I hope Pusher and Shover can protect us from the Terrible
Secret of Blog, given that they've made it impossible for me to assess
what measures are appropriate—since all the information is secret
and private, I can't tell whether this is a serious threat or a
practical joke. I guess I'll just go over here and stand by the stairs.
I should note that the government has one other
legitimate purpose for keeping information secret, which is only
tangential to this discussion: When the government comes into
possession of private information, it can (and should) respect the
owner's privacy. Examples would be medical records, tax statements,
secret ballots, and so on. Pusher apparently wants to keep his identity
out of this discussion, so I've respected that here.
- Posted by Scott Forbes at 9:59 pm. comments.
Monday, 18 November 2002
I was walking down a street here
when I saw a store flying the American flag out front. It's always a
thrill to see Old Glory when you're overseas, unless of course they're
burning it right outside your office building. (Now there's a
memory of New Zealand I won't soon forget. Our offices were in the
Mobil Oil building, which meant the anti-globalization / "no blood for
oil" protesters were drawn to the place like a magnet: From twelve
stories up, I had the displeasure of watching a flag-burner do his
worst. All hail freedom of speech.)
Anyhow, I went to see what store was proudly flying our flag in the
middle of Australia. Sometimes you'll see national flags outside
restaurants, travel agencies, etc., so I was curious to find out what
kind of establishment it was.
It was a military surplus store.
To be fair to New Zealand, I also
remember the week after September 11th, when the Kiwis took their own
national flag off the poles and flew the Stars and Stripes at half-mast.
It was a spontaneous, moving, and much-appreciated gesture.
- Posted by Scott Forbes at 5:34 am. comments.
Saturday, 16 November 2002
For the sake of argument,
let's say that you're a farmer. You look at
the other farmers nearby and 90% of them are planting cotton; the others
are mostly growing peanuts. What should you do?
- Plant cotton. It's the biggest crop with the largest market.
- Plant peanuts. There's less competition, and they taste great!
I don't know what you'd decide, but Steven Den Beste is growing cotton.
Never mind about supply and demand, competition, advertising costs, the
robber baron who dominates the cotton exchange—none of those
things matter. Cotton is king!
Or, at least, that's what I gather from Steven's latest essay on Macs, PCs and viruses. Sometimes I think Steven is trolling
whenever he writes about Macs; other times I think his finely tuned
engineer's mind simply doesn't understand why Macs don't disappear
in a puff of logic.
Steven takes issue with the opening statement from a NewsFactor
article on Macintosh viruses: "Historically,
Mac OS users have had little to fear from the scourge of viruses
plaguing their Windows counterparts. The operating system's "Classic"
incarnation was practically impervious, Macworld editor Jason Snell told
NewsFactor." Steven considers this to be utter nonsense, and
says so in about as many words; MacOS 9, he proclaims, is actually
more vulnerable to viruses and trojans than Windows NT and its
offspring, and the reason Macs don't have any cool, fast-spreading
viruses like Klez is that Macs are too small of a niche market for virus
authors to bother with.
Let's say that you've planted your cotton, and a few months later the
boll weevils come. They eat your whole crop, and then infest all your
neighbors—except that one guy down the road a few miles, who's
growing peanuts. What do you conclude?
- If everyone grew peanuts, there'd be peanut weevils.
- Peanuts are more pest-resistant than cotton.
- Maybe we shouldn't all be growing the same crop.
Boll weevils decimated the Southern USA in the 1930s because cotton was
a monoculture there—almost every farmer who could grow
cotton was growing it, and the boll weevils looked at Texas through
Georgia as one enormous picnic grounds. They couldn't have asked for a
better environment in which to thrive and feast.
Steven's article on Mac viruses (and the lack thereof) is right on the
general points, but wrong on the conclusion: If we replaced an
all-Windows monoculture with an all-Mac monoculture, the virus authors
would surely switch and go
after the low-hanging fruit on the Mac platform. But the right solution
to this problem isn't to replace the Cotton King with the Peanut King;
it's to start growing soybeans and sorghum and rotating crops every now
The idea that we can only replace the Windows monopoly with another
monopoly is a trap that many people fall into: We've lived with tyranny
for so long that we can only think of change in terms of replacing one
tyrant with another. We think that Microsoft's monopoly is the natural
outcome of market forces, and—heaven help us—some of us
actually drink the Kool-Aid and believe that it's beneficial to
Microsoft's OS monopoly creates a uniform market for computer software,
the theory goes; by creating a large pool of identical consumers, it
lowers the barrier for writing applications, which fosters competition
and drives down prices. The corollary to this theory is that
Playstations, GameCubes and XBoxes are bad for consumers, because
they fragment the market, make console games more expensive to write,
and reduce the number of games available. (?) By further
extension, we can conclude that Ford, GM, Chrysler, Toyota, et al. are
bad for consumers, because they fragment the market for auto
parts—if the automakers would just converge on a standard and get
rid of all the incompatible mufflers, carburetors, etc. that plague the
industry, the world would be a much better place for parts
manufacturers, and thus better for consumers. (???)
Or not. Maybe what's good for Microsoft is bad for the consumer.
Maybe Microsoft's "standardization" efforts are self-serving,
anti-competitive, and give the consumer more security risks than
benefits. Maybe the consumer would be better served by a free and open
market, with a neutral referee who sets the standards and ensures
competition. Maybe the Klez virus and its brethren would find it harder
to propagate in an environment where not every machine had the same
e-mail client, the same address book, and the same scripting language
that allowed you to access them.
...which brings us back to the classic MacOS. Steven observes
(correctly) that no operating system can defend against social engineering
attacks, which Klez and other viruses rely upon to trick the user into
unwittingly lowering defenses and helping to spread the virus. Mac
users may be smarter and
more attractive than Windows users, but they're certainly not immune
to trickery. (Steven would probably claim that, if anything, MacOS
users are more gullible than the general population, because they
pay more money for less computer—but we've touched on this subject before.)
Where the classic MacOS had an advantage over Windows, though, is that
the MacOS of old did not have a single, dominating e-mail client
with an insecure scripting language and an easy-to-access address book.
A MacOS 9 virus that tries to do what Klez does will find it
bewilderingly difficult to predict the user's e-mail client, locate the
user's address book, or access a scripting language with convenient
"hooks" for propagating a virus: The vectors just aren't there. It
isn't "security through obscurity," as Steven describes it; it's
security through diversity, and it exists in everything from Space Shuttle
computers to our
So, to answer Steven's assertion: It is much easier for viruses to
spread within a monoculture than a diverse environment. Windows
NT/XP/ME and the associated family of Microsoft applications is a
monoculture. Classic MacOS is not a monoculture, and even if we boosted
its market share to 90%, its e-mail systems would still be more diverse
and harder to exploit than a same-sized group of Windows machines.
Microsoft's monoculture is not a natural state of affairs for the OS
industry, any more than it would be "natural" for Sony or General Motors
to have 90% market share in their industries. The ideal way to reduce
the vulnerability of our computing infrastructure would be to restore
competition to the operating systems market, not to replace one
monopolist with another—but since the DoJ just passed up yet
another opportunity to do exactly that, the odds of it happening anytime
soon are limited.
I should also note that MacOS X does have a
dominant e-mail application and a consistent address book location, so
it is, in that regard, equally vulnerable to a Klez-style virus that
harvests e-mail addresses. Perhaps Apple agreed with Steven Den Beste's
contention, that you're not a major player in the computer industry
unless your OS has some really fast-spreading viruses?
- Posted by Scott Forbes at 12:14 am. comments.
Tuesday, 12 November 2002
Part of the challenge
of writing a pro-democracy article, as opposed to describing why I think
anarchy isn't a viable option, is overcoming the "duh"
factor. These days, proclaiming that democracy is a better system of
government is like declaring your belief that Hawaii has nicer beaches
than New Mexico.
This wasn't always so obvious. In the 1930s, much of the world thought
was the system of the future; while the democracies of the world were
mired in the Great Depression, the fascists appeared to be revitalizing
their nations. In the 1970s communism reached its zenith, and people
genuinely believed in the inevitable triumph of world socialism. It
took years, even decades, for the flaws in those systems to become
apparent; afterwards, of course, everyone proclaimed that they'd known
about the flaws all along, and congratulated themselves for their
But what was it that led democracy to eventually succeed where the other
systems failed? Why did the other systems appear to work better
than democracy in the short run, then eventually crash and burn?
One of the enduring myths about Benito Mussolini's Italy is that he made the
trains run on time—a myth that, like any good urban legend,
has a grain of truth in it. Compared to fascism, democracy is a slow,
frustrating, inefficient, bureaucratic mess of a system: It's a Gordian
knot of bickering factions, ad-hoc alliances, and temporary compromises
that leaves each participant feeling uniquely cheated of success.
Democracies react slowly to outside influcences or the changing will of
the populace, and have an in-built inertia that is difficult to
By comparison, dictatorships are a model of simplicity and efficiency:
One man makes all the decisions, and things get done. Why
doesn't the nice, clean, efficient system of government win out over the
slow, messy, and inordinately complex one?
The answer, I think, is that these other systems can
outperform democracy—in the short term. A truly
outstanding leader doesn't need a parliament to review and endorse his
decisions; in fact, the parliament may be an obstacle that prevents the
wise king from acting in the nation's best interest. Democracies are
riddled with compromises and half-measures that sometimes fail where
bold action would succeed, and the dictator has a free hand to pursue
those actions. There are situations where it appears that a
nation is best served by putting all power in the hands of one leader,
so that the leader can do what must be done, and in the short term this
Over time, though, the dictator turns out to be flawed like the rest of
us: He's a brilliant general but a rotten admiral, or a terrible
economist. His faults are not corrected, because no one has the power
to do so, and when his gambles fail spectacularly they take the entire
nation down with him. At best the emperor lives a long and
successful life, dies, and then the empire collapses into civil war as
his heirs duke it out for the sceptre.
In the long run, I think democracy succeeds because it makes bad
decisions—truly bad, irrevocable, land-war
-in-Asia decisions—less often than any other form of
government. Democracies are better at correcting their mistakes, better
at transitioning power from one leader to the next, and make better use
of their resources; it isn't the most efficient system for
decision-making, but over time it gets better results.
Just for my own peace of mind: Pure
democracy would mean a system where every person votes on every issue,
something that I consider desirable but currently impractical; the
ancient city-states of Greece did it, and there are some New England
communities that continue the practice, but it doesn't scale up well.
The American system of government is a democratic republic, where
we vote for the members of Congress and they vote on the actual issues.
I think we're slowly approaching the point where technology will make pure
democracy practical again, and I think that pure democracy will
eventually correct some areas where the American system has rigged
itself in favor of the incumbents.
- Posted by Scott Forbes at 12:42 am. comments.
Monday, 11 November 2002
will find a new project on my RB source code
page: It's a Window subclass that allows your application to e-mail bug
reports back to the developer. It's not a major breakthrough in the
world of software development or anything, but if you want this feature
in your application it'll save you about an hour or two of effort.
One of these weeks I'll tie all my
source code together and make a full-fledged application framework. Thomas Reed
is already several steps down that road, and his latest Doc App Template incorporates some Undo ideas that look vaguely
- Posted by Scott Forbes at 1:50 am. comments.
Tuesday, 05 November 2002
Today is the Melbourne Cup,
Australia's answer to the Kentucky Derby—if the Derby were a
national holiday and everyone stopped work to place their bets and
watch, that is.
I'm troubleshooting a problem with Internet
Explorer 6 for Windows, which apparently crashes when reading web pages
that do certain things with Cascading Style Sheets (specifically, it
crashes when it encounters a
first-letter property). Let
me know if you're having problems, assuming of course that you can read
this at all.
- Posted by Scott Forbes at 5:10 pm. comments.
Saturday, 02 November 2002
I wrote a few paragraphs about anarchy, mainly as a rejoinder to
essay on why he prefers anarchy to democracy. As a form of
government, anarchy appeals to those who believe that individual liberty
is the cornerstone of civilization, and that, ultimately, each citizen
is responsible for securing and protecting his or her own rights. It's
a worldview reflected in the writings of Ayn Rand and Henry David Thoreau,
and summarized by the old saying "That government is
best which governs least." It's a world where there is no
government, because it isn't necessary to have one; it suggests that men
should be ruled by reason, and that our ultimate society is one where
My argument against anarchy is that it fails the practical test: In the
gap between what can be and what is, anarchy stumbles and
falls. No one in their right mind would propose that we topple Saddam
Hussein's government and replace it with anarchy, because we recognize
that anarchy is a fertile breeding ground for Al Qaeda—much more so than
Saddam's Iraq, in fact.
The anarchist utopia is one where men are ruled by reason, at all times,
and in all causes. There are no irrational actors, or they're in such
small number that they can be dispensed without trouble. There are no
issues and no causes that inspire their believers to a passionate fervor
which reason alone fails to justify: There is no zealotry, bigotry,
superstition, or irrational exuberance, and there certainly
aren't any True Believers who choose their actions in this life on the
premise of a reward in the next one.
I don't think we can get to the anarchist utopia from here. I think
that any proposal for how men should be governed (including "not at
all") should address how that system deals with irrational actors; at
best anarchy hand-waves them away, or confidently asserts that they're a
diminishing force over time. I'll agree that science and reason have
made great strides, but to believe that all human behavior will
eventually succumb to reason is folly. It's the same belief that
mathematicians had, until Gödel proved them
wrong; no matter how elaborate your system of logic is, there will
always be something beyond it.
Traditional left-wing thinking fails to address the problem of Al Qaeda,
because it asserts that all worldviews are equally rational and
sensible, that accepting a particular worldview is a question of
validating the viewer's perspective, and that it's elitist, imperialist
and wrong to invalidate someone else's perspective. It tries to solve Al
Qaeda by accepting Al Qaeda, which the right (and most of the
center) finds morally repugnant.
Traditional right-wing thinking fails to address the problem of Al
Qaeda, because it asserts that its worldview is the only rational way to
view the world, that all other views are misguided or insane, and that
eventually everyone else will come around to the right way of thinking.
It tries to solve Al Qaeda by treating it as an aberration, as a small
group of bandits and madmen that can be solved by hunting down the
individuals and reforming the ideology that produced them. That these
efforts may actually refresh Al Qaeda's pool of believers rather
than drain it is impossible, of course, because Al Qaeda is an isolated
group which sprang up fully formed from the sands of Arabia in late
2001, did not exist previously, and will cease to exist after we've drained
Traditional libertarian/anarchist thinking fails to address the problem
of Al Qaeda, because it asserts that everyone should find their own
worldview and not try to impose their views upon others—which, as
Eric Raymond puts it, petulantly ignores Al Qaeda. When the horde of
True Believers arrives at your doorstep and demands that you convert to
the One True Religion, I think most anarchists will suddenly rediscover
the value of government as a means of common defense. Maybe you can
defend yourself so well that a rational person wouldn't attack you, but
the True Believers aren't rational: To them, mutual death would
mean that you'll be their valet in the afterlife, so they're more than
prepared to die in droves if it means taking you down with them.
I'm using Al Qaeda in these examples because it's a particularly current
and relevant test; I could just as easily use Crusaders, McCarthyists,
the Salem Witch Trials or any other group of irrational actors. Anarchy
is doomed to failure when applied to the real world, because it requires
as a first postulate that humans are ruled by reason and will behave
rationally; practical experience suggests that this assertion is
(sigh) Once again I've set out to write the case
for democracy, and instead written several paragraphs making the case
against anarchy. It's so much easier to write about something you're
against, and poke holes in the other guy's argument, than to
write what you stand for and make an argument with no holes in
it. Next time I'll only make the case for democracy, and let someone
else poke the holes.
- Posted by Scott Forbes at 9:34 pm. comments.