sexta-feira, setembro 22, 2017

Book Launch: Antologia de Poesia Contemporânea "Entre o Sono e o Sonho", Vol. VIII by Gonçalo Martins

For the first time, I see one of my poems chosen and published in the VIII Anthology of Contemporary Portuguese Poetry "Between Sleep and Dream". The anthology is a book that comes out every year and aims at having a representation of Portuguese Contemporary Poets (yep, that's me...). An evaluation of all the authors' submissions is made by a commission.

And this time I received the email from Chiado Editora saying my poem had been accepted (last year I also sent something, but it didn't make the final cut).

The anthology will be launched this September the 30th in a ceremony that marks the Portuguese literary reentry.

Due to extraordinary circumstances, I won't be able to attend, but feel free to attend the book launch and buy the two volumes... There's something of mine inside. Maybe you'll like it. If you don't, ask the Chiado Editora Publishing House for a refund...

Book launch's teaser:

NB: Available here.

segunda-feira, setembro 18, 2017

Shitty Philosophy and Physics : “Time Reborn - From the Crisis in Physics to the Future of the Universe” by Lee Smolin

“I propose that time and its passage are fundamental and real and the hopes and beliefs about timeless truths and timeless realms are mythology.”

In “Time Reborn - From the Crisis in Physics to the Future of the Universe” by Lee Smolin

Impermanence, Buddhist style?

Buddhism seems to acknowledge the play of opposites I've referred to elsewhere.
Recognising the yin-yang nature of the universe, in order to claim there is constant 'flux' (fluidity, rather than change; a subtle difference) - or for argument's sake, change - Buddhists balance that by asserting a 'greater' reality - the one, eternal, stable, whole (a supposed 'deeper' reality).

Contradiction and paradox is near the heart of evidenced, reasoned contemplation?

As for Aristotle:
time is a measurement of change is a measurement of time.
Change makes time possible, and vice-versa.
In principle, it seems that time persists, even in conditions of perfect stillness.
Yet any attempt to conceive a temporal progression, absent all change, seems to lead us into perplexing self-contradictions: any attempt to imagine how such unchanging time-flow could be measured, requires changing. It seems that time must be more than change; yet remove change, and time vanishes!  But if time is just a means to measure change, then in principle, it should permit the possibility of a world where change is cyclical. Yet our understanding seems to limit time to a linear, one way progression.

Or does it?

Would a world where each day began the same as the previous one be conceivable? A world where, during 24 hours, everything that ever happens and could happen takes place? Alternatively, could a world be conceived of, in which everything changes every moment? Where NOTHING is the same from one moment to the next? How could time possibly apply to a world where there was nothing stable to measure change by?

Smolin talks of life lived in the moment: of time being a succession of moments.

But who, seriously, experiences life like that? To me, here, typing away, the present seems to persist. There's a smoothness, a constancy, and an openness about it. Smolin also claims that we must reconcile relativity theory and quantum mechanics - the micro and the macro - into one unifying theory.  But, when asked why - perhaps we must live with fact that they are, and always will be, irreconcilable? - he flounders. It seems this is simply a matter of faith for him! Yet, he also claims that the world physics says is 'real', is merely a mathematically modelled one. And that these models, rather than existing in some sense 'outside' our spatiotemporal world of experience actually emerges from it; We should realise that, attempting to apply (as, he claims, physicists do) abstract mathematical models - designed to describe local, experimentally conditioned phenomena - to reality as a whole, is erroneous. Cosmology needs different concepts than quantum physics uses on the micro, mathematically modelled scale.

Everywhere and anywhere, our existence always pre-supposes our existence.
To assert it in the sense you do is, as I've said elsewhere, an obvious (sic) truism.
When lots of things are happening, and we are fully engaged, time may seem to 'fly by'.
When bugger all things are happening, and we are disengaged, time may seem to drag.
When young and active, time seems to pass so slowly.
When old and inactive, time seems to pass so quickly
As Einstein showed, time is relative - to an observer; to speed; to distance. The effects of change may seem temporal, insofar as we see them in a linear sense, from our past to our future.
Yet, what is the present?
On reflection, it seems that there's only the past - which, as past, no longer exists; and the future, which is yet to exist.
The present, where things supposedly 'exist', are 'real', right now.
Is illusion.
If time must exist, then how can there ever be a present?
And, if there's no present, how can anything, let alone time, exist?

In spatiotemporal terms, if Smolin's take on the 'metaphysics' or 'cosmology' of current physics is reasonably accurate, it's more like a link - or a line - between (point) A and (point) B. (Insofar as we conceive it as a 'journey', that's down to our woefully limited intellectual/instinctive/sensible abilities: we are stuck as things within space-time, rather than observers outside it, able to see the greater reality: what's real (sic). What you imagine to be the signs of a journey through time, taking its toll (e.g. ageing) are 'really' more like signposts on a route. Or the sights along the way, when you go from Cornwall to London, say.

To us spacetime trapped beings, it’s a one-way journey. But from 'outside' spacetime, that temporal transformation is neither back or forward. It just IS. Fully formed. Mapped out. 'Change' is a concept arising out of our limited conceptual capacity to comprehend the 'big picture'. We put our faith in seemingly obvious, common sense views; yet so often, over time, science has exposed their erroneousness (It seemed so obvious that a smaller, lighter object would fall slower than a big heavy one; yet science proved this wrong).

Kant realised time was imposed on experience by minds; physics has seemingly 'proven' this (Einstein onward) through evidenced reasoning. (Though, of course, a comparatively few theoretical physicists - like Smolin - resist this 'consensus'). Of course, what you think physicists mean when they deny time, and what they really (sic) mean, may well differ.

It may be useful to substitute (best) "explain" for "exist".

Assuming 'time' fails to explain what common-sense assumes it does about reality, as far as physics is concerned. So, physics, post-Einstein, replaced it with 'space-time'. Time, like length, width and depth, is an idealised, mathematical dimension; something we conceptually construct to measure stuff. Of course, I'm playing devil’s advocate above; assuming for sake of argument that Smolin is correct, and that most theoretical physicists have rejected time's 'existence'.

Hence, everything is true and false; real and unreal.
Which lead me to a choice: if everything is isn't; and vice versa.
Then attempting to think anything is impossible; as one must always be looking to negate anything Smolin asserted.
And, if you manage to do that, then you have then to try to re-assert it.
Anyway, I saw relativity (or relativeness) as a possible way out of this.
'Everything that is true is false' smacks of absolutism.

But if all is true and all is false, perhaps that can be seen as:
Everything is partially true and partially false; to varying, and probably changing, degrees.
What we are doing, for the most part, may be distinguishing what seems (relatively) more true from what seems (relatively) more false.
IE: what we say is true, is really more true than false.
Relatively speaking. (Absolutely speaking, it's still as false as it is true).
But, 'cos I'm still a sucker for this philosophy shit, I thought it might be interesting to try to see everything in positive terms.
After all, when we deny something, we say sod-all about what is.
'He's not guilty. your honour."
"So who is? Somebody did it!"
If 'time' is not 'real'; what is it? What does it refer to?

As long as any word has any meaning; as long as it's utterance makes some sense to someone, then it exists as something more than merely an empty word.
I'd like answers.
But I've been compelled to ask questions from an early age.
"That kid won't let up. He's always asking why!"
Somewhere along the line, that seemed to change from "why" to "what".
What is?
Sod all, really.
But, 'unreally', everything imaginable, and more.
Seeing the world as made up by minds; as the work of imaginations; It sure helps trying to understand how so many people seem to believe such silly stuff.
From astrology, thru theologies, UFOs, conspiracy theories, ad infinitum.
Everything is made up; but some of it makes more (evidenced reasoned) sense than others.
What alternative to science does Smolin offer?
Merely an alternative scientism.

Theoretical physicists, in the absence of experimental support for their theories, have understandably come to increasingly rely on mathematical models, on which to base their speculation on the possible nature of the universe. Smolin's response is an appeal to 'everyday intuition'; but that 'intuition', in his hands, maybe more akin to an earlier, pre-post (or even simply) modern, metaphysical ideology. He says he seeks to re-align physics with making falsifiable hypotheses; yet how is what he seems to offer any more open to such testability?
"Is time emergent or fundamental?"
That's more akin to "the disagreement" that "could hardly be more fundamental".
And what about space?
Smolin seems to accept that space is "unreal" (is emergent).
If given a choice between space or time, people would be more likely to 'intuitively' assume space existed, than time.
Smolin, in the simplified, distorted sense in which his speculation about a fundamental conception of time is presented here, would be proposing a pretty bog-standard and old-hat metaphysical realism (the universal 'time' has objective/absolute 'existence').
Dressing this up as "everyday intuition' hardly does him any favours; it's more-like a kiss of death. (Science typically progresses by defying intuition).
Check yourself before you wet yourself!

If it's 'outside' time (actually, that's 'outside' spacetime), it can hardly precede or succeed), can it?!
Such a theory, should it ever emerge, would unite quantum field theory with general relativity. Insofar as 'time' is 'unreal', how could it concern itself with a 'history', when history presupposes time?
Smoliin claims to have captured something of the essence of physics; minus the maths. If this is any indication, then it's also minus any sense, common or otherwise.  If Smolin is right - if he's being read right - then physics' study of the natural (material) world has lead it to largely posit ideal objects - mathematical models and speculative concepts derived from them - as if they are the constituents at that make up the material world's essence? Black holes, dark matter, electromagnetic fields, etc. are theoretical constructs - ideas - that are inferred and imagined, based on understandings of observed 'material' phenomena.

How is it inconsistently to be skeptical of something unless and until there is some necessary data? Necessary and sufficient would be nice but I'm enough of a realist and a seasoned experimentalist to know that is asking a lot. Just some at least indicative data. All I've had thrown at me is 'Theory' meaning hypotheses. A theory without data is just waffle. Darwin knew that, which is why “On The Origin of Species” is packed with data. He also spent years doing scientific grunt work to establish himself. His systematics of the barnacles is still the seminal work on the subject. Added to, amended by genetics but still sound, referred to science. He was the first to demonstrate what good worms did to soil. Some people think all he did was think up a nice theory then sit back. Darwin was a data man. Evolution came upon him in contact with the data just as it did with Wallace in the Indies. The Wallace line denoting the divide between Asian animals and plants and Australian animals and plants still exists, still carries his name.


Bottom-LineSadly, drink is consuming me - even now, I'm pissing blood, I should be drinking water, and here I am with a glass of booze. Like the smoker, putting a cig into a hole in his throat, as he approaches lung-cancer death? Nietzsche helped me 'realise' that everything true is false; Derrida, that everything false is (therefore) true.

NB: After the wonderful “The Trouble with Physics”, Smolin fell on his face with this one…

domingo, setembro 17, 2017

Programming is Like Music: "Python - Become A Master In Python" by Richard Dorsey

Just what is the fascination with spreadsheets? I played with them on my Spectrum in the 80s, but it wasn't very useful. I used a spreadsheet on a Psion handheld in the 90s to keep track of some data. And nowadays I have a spreadsheet in LibreOffice to keep track of my expenses and work out my tax (estimate, since obviously, you need to use a proper package to get it right). I've worked in places in the meantime where bosses think that Excel is a suitable tool for project planning. It isn't. But if you only give people a hammer, everything looks like a nail to them. As a programmer, myself, I'm finding this whole thing fascinating. The quality of the kid's programming output (and yes, it is programming, not 'coding') is going to be directly proportional to the teacher's ability who's teaching them. I have a big worry that this will go the way of foreign language learning in school though, even without this concern over the quality of teaching. It's a subject that needs self-determination and a lot of time spent outside of the class room to truly get to grips with. Without these two things pupils, will probably grow to despise the subject - and we may even start to put off future would be programmers. Children as young as four have been learning programming skills in the classroom for many years with programmable toys: Big Trak, Roamers and BeBots are some examples which have been whirring around on the floor. Disguise a robot as a sheep and get it to run away from the farmer or program a lifeboat to reach a sinking ship etc.

But programming is hard; very hard. Heartbleed and the concurrent Apple invalidation of security certificates in their software demonstrate how bloody hard it is. Teaching children to code is analogous to teaching them to make nuclear bombs. Though I think it’s not so much like teaching them to make nuclear bombs; it’s more like doing physical education with the goal of teaching them all to be fast bowlers. Or music with the idea of trying to make them all composers of classical sonatas.

Python is the right choice, and it really is easy as languages go. But for most people even learning Python is going to be frustrating to the point of impossibility. You could try LiveCode - also open source. A bit like the old Hypercard. Or you could try learning the Bash shell or Awk - both restricted purpose non-GUI languages which may be more accessible because they have very clearly defined purposes and limits. Or you could try the Gnome package Zenity. Python is very general and it has the complexity of having lots of IDEs...The problem most people have is conceptual. Their minds simply do not work like that. There is no particular reason why they should. Most people will not be able to be good fast bowlers either. They are perfectly fit, healthy and intelligent people. Inability to programme is no bar to learning or achievement of all sorts. It is much more important to know how to set up an OS, how to set up a network, to understand something about security and servers, permissions, users, all that stuff. Python really is simple when you compare it to a language like C. For example, to create an array with even integers from 1 to 100 in just one line in Python, you can do list comprehensions:

myArray = [x for x in range(1, 101) if x % 2 == 0]
Try doing that in C, you'll end up with something like this:
main() {
int myArray[100], i, index;
index = 0;
for (i = 0; i < 101; i++) {
if (i % 2 == 0){
myArray[index] = i;
index ++;

Wait! Why would I want that in an array I have no idea...

This looks much better:

for (i = 0; i < 51, i++) array[i] = i*2

In any case, what does the length of the code matter?

What matters is the readability and clarity of the code and how fast the programs runs.

Having learned both basic, Z80 machine code and assembler in the early 1980s I would say that the revised mental processing I needed to master to be able to create programmed solutions to problems using any of these coding methods has proven very useful in all manner of situations requiring clear thinking since that time. The big problem with learning this stuff is getting over the jargon and meeting the standard of prior assumed knowledge. They will also need to teach kids quite detailed machine architecture otherwise this scheme will fail.

Programming is like music or creative mathematics. Only 10 or 15 percent of the population are going to be able to do it. An even smaller percentage of current teachers is going to be able either to do it, or still less teach it. The idea that we take a year, teach all teachers to be programmers, and then have them teach all children to programme? It’s simply mad. Not only is it impossible, it is squeezing out from the curriculum the teaching of something that is much more useful and which is possible to teach everyone. That is systems management. Setting up computers and networks, trouble shooting, installing operating systems, servers and the like. Files and file management. The command line. Elementary scripting to the extent necessary to use the command line properly. In short, how to manage computers and networks. Not how to write programmes in two languages. Teach this, and you will be giving a valuable general purpose skill children will use in employment and private lives. And it is possible to teach it to almost everyone.

We don't try to give all teachers a knowledge of music composition next year, and have them then teach it to all children the following year. This is as crazy an idea as that would be. The only result is that we will prove once and for all by a wonderful national experiment that programming is a very specific and comparatively rare ability. And in the process, we will make a lot of perfectly intelligent and able people feel totally stupid and frustrated, when we could have given them useful and enjoyable instruction in things they could learn and would use.

Having this stuff ingrained young means it’s part of the way you think for life, and it’s hard for today's adults to estimate how much of this knowledge is going to be needed in the future just to be able to have access to decent jobs. Almost in the same way that typing was appropriate in the age before computerisation so that people could get higher paid clerical, administrative, and executive roles.

School should be as much about teaching kids to learn as it is teaching them what to know. The distinction is subtle but important.

Bottom-line: Will Dorsey’s book help on this road to computer literacy? Nope. Too short and without the stuff one needs to learn how to program in Python, but I’m not even sure that was the author’s intention. I don’t really know what kind of rationale these type of programming books fulfill, to be honest. How can anyone become a master at Python programming without the use of classes (strangely absent in the book)? Mind-boggling to say the least…

sábado, setembro 16, 2017

All Much Ado about Nothing: “The Trouble with Physics” by Lee Smolin

“The Weinberg-Salam model requires that the Higgs field exist and that it manifest itself as the new elementary particle called the Higgs boson, which carries the force associated with the Higgs field. Of all the predictions required by the unification of the electromagnetic and weak forces, only this one has not yet been verified.”

In “The Trouble with Physics” by Lee Smolin

Hello physicists and Lee Smolin in particular,

I can't say I agree with such a hard stance against string theory personally like Smolin does, but I’m what’s known as a stupid person, so it doesn’t really matter what I think. However, I do feel it is healthy for science to have people that challenge ideas from all sides. All this will do is galvanise people to work harder to provide evidence to prove or disprove any theory that tries to describe reality. Science thrives in areas of confliction.

Life is the memory of what happened before you died, i.e. we cannot extricate ourselves from the universe in any way shape or form, including our "objective," apparently repeatable theoretical notions. By definition, there is only one UNI-verse. If you want to call it a universe of multiverses or a multiverse of universes, or balls of string with no limits, no problem, but there is only one of everything that is and isn't. This assemblage of atoms, no different from any other atoms, called the human body, has a life and death, as do the stars; it also has an internal resonance we like to call the consciousness of self-awareness of existence. We all too often, de facto, accept that there is a universe outside our "selfs", our bodies, i.e. it’s just me, my-self, and I, and the universe that surrounds my body, as if there were a molecular separation of some sort. This starting point for science, i.e., this assumed separation from a universe that surrounds our (apparent) bodies is the first thing that has to go. By definition there is only one UNI-verse that includes Heisenberg, I, the photos and videos of flying objects that make apparently perfect right angle turns at thousands of miles per hour, which we casual observers are not able to identify, black holes, white holes, pink holes, blue holes, our memories, our records, not to mention everything else. It's all much ado about nothing. As someone else used to say, "This IS the cosmic drama," we are living at the interface of the Sun's outgoing light and the apparent incoming light from the universe that appears to surround the Sun. Ah, but, what if we live in a black hole and don't realize it? That would mean the night sky, which most of us consider to exist outside the sun would actually be all the light of the sun after doing a 180, except, and here's the kicker, daylight, i.e., the light of the sun that we experience as sunshine. Maybe we need to revise the old coin that says yin and yang, black holes and white holes, matter and anti-matter, light energy and dark energy, night and day, black and white, etc. ad nauseum, are two APPARENT sides of the same coin as perceived by bunches of atoms they (we) are observing other atoms in a universe that is completely outside their (our) own "personal universe" as defined by their (our) sensory input. In other words, the interface between black and white colors our apparent existence. That sophistry and $2.25 will get you a ride on the tube.

I am not a string theorist but back in the day I considered myself a physicist who knew a few physicists doing physics for a living. Something that might surprise people to hear is that many (perhaps the majority?) of string theorists did not spend any time thinking of ways the idea could make observable predictions. The reason for this was that the typical energy scale of string theory is much higher than even scales we try to probe in the early universe in cosmology. They argue that getting string theory to say something specific about physics 'beyond the standard model' would be like trying to describe friction of a carpet in terms of quarks and leptons i.e. theoretically conceivable but practically impossible. Seen in these terms though, string theory itself is a generalization of the 'theory of carpets' i.e., it is built as an extension of ideas we know are very successful at familiar energy scales: quantum mechanics and relativity.  Indeed, the reason the 'typical' energy scales of stringy stuff are thought to be so "unreachably" high is due to an extrapolation about the strength of gravity based on the value of Newton's gravitational constant you can measure on a table-top on earth.

In my opinion this huge extrapolation is a dangerous one as there are reasons to believe that they are things going on in physics before this high-energy scale which may change our understanding of things very much (e.g. the observed value of the 'cosmological constant'). These things could render any of the assumptions about string theory invalid. This represents a rather peculiar situation. Due to their assumptions, the string theory community is likely incapable of making any predictions about anything in our universe. Progress regarding the 'truth' of string theory therefore will not come from string theorists doing string theory calculations but from other physicists experimentally probing the assumptions that string theory relies on.

The question remains whether string theory has advanced understanding of the physical world. They had like one vague prediction for the LHC and when it didn't come true there were all like "ah, it only emerges at much higher energies!". LMAO! String theory is religion at this point. On the other hand, I side with Smolin when he says he’s interested in a testable theory. It just so goes that Smolin's ideas are not fatalist, which turns many militant atheist types off because it means life is not an accident; what that says about God, his position is completely agnostic. Considering the symbiosis we find in nature, his views make a lot of sense and unify well with a lot of biology and ecology.

I'm told string theory is great mathematics though, so great one String Theorist ended up winning the highest price in mathematics, the Fields Medal. I’m talking about Edward Witten who has also lots of references in Smolin’s book.

Between 2006 (when this book came out; see quote above regarding the yet still to be discovered Higgs’ particle), 2012 (when the Higgs boson was “discovered”), and 2017 (when I’m writing this review), what have we to show for String Theory? Not much. And since physicists have spent a lifetime ignoring observational data, they don't feel in the least bit accountable for (1) the plain truth (2) being wrong or (3) all the lives that they destroyed along the way when they mocked the people who were trying to tell them that they were wrong. Over the next few years you will see them lay claim to a beautiful theory of Quantum Gravity, even capable of making contact with experiment. They will even tell themselves that they were really working on this theory of Quantum Gravity all along.

Well, bottom-line: I hope someone kills String Theory, it's getting to the stage where physics is starting to resemble pseudoscience, and lots of pretty and convoluted theories that are essentially untestable.

NB: I don’t care about String Theory; what I really want is FTL travel. I want what the Tomorrow’s People had: flicking long distances in time and space in the blink of an eye; I want the Star Trek replicator that makes my dinner when I want it and how I like it; I want my phaser at stun; I want all of this. If the String Theory gets me there asap then spend, spend, spend...

sexta-feira, setembro 15, 2017

The Ballet Dancer: "The Late Show" by Michael Connelly

“It’s like the laws of physics—for every action, there is an opposite and equal reaction. If you go into darkness, the darkness goes into you. You then have to decide what to do with it. How to keep yourself safe from it. How to keep it from hollowing you out.”

In "The Late Show" by Michael Connelly

It isn't polite to look in through other people’s windows. I knew this but still I would do it. It isn't an obsession, it isn't voyeuristic. No. But sometimes things would catch my eye as I walked past. A nice vase, a sleeping cat, a glimpse of a print on a wall, random "stuff" that makes a home a home. I liked to imagine who would surround themselves with these things, what do they look like? How do they live? In one window, I know is a tiny figurine of a young ballet dancer - cheap, pastel, glazed. Nondescript. Given a place of prominence through love.
I once saw the woman who owned that dancer.
It was her feet, the size of her feet. Sitting on the bus, I was just mesmerized by her feet. Spilling over her cheap plastic slip-on shoes. Feet that looked bulbous and par boiled like a body rising from a too hot bath. Veins cracking and breaking under the strain of their burden. Sad, shuffling feet trudging homeward, kicking carrier bags straining under the weight of their contents.
I followed the feet really, not the woman. I honestly don't recall what she looked like. Large I suppose, judging by her feet. Those feet. And, as I passed the door she had disappeared through, I took a glance to the side - there was this little dancer. More delicate in that moment than anything I had seen before.

I walked on and away. I have never been back to that street, but sometimes I think about that figurine and wonder if those feet might dream of dancing. I try not to look in windows any more.

quinta-feira, setembro 14, 2017

Non-Flash-in-the-Pan SF: “Counting Heads” by David Marusek

“I am not pouting, and I am certainly not indulging in self-pity, as Eleanor accuses me. In fact, I am brooding. It is what artists do, we brood. To other, more active people, we appear selfish, obsessive, even narcissistic, which is why we prefer to brood in private.”

In “Counting Heads” by David Marusek

SF stories often regurgitate medieval themes and settings, including wars, sword fighting, emperors, dukes, and so on. Star Wars and Dune do this, too. They would have us believe that people still fight with (light) sabres although they master FTL travel as well. Light sabres may be entertaining, but to me they are not serious SF. I prefer another kind of SF, the kind that shows NEW forms of human/alien behaviour induced by alien settings and new technology, NEW dilemmas and choices, and shows how current developments will play out in the not-too-distant future. In short, it kind of sheds light on the human condition as I’ve been writing “ad nauseam” on this blog. David's Marusek brilliant "Counting Heads" has no sword fighting, no laser guns. It does have court cases being pursued by Artificial Intelligence Assistance up to the Highest Court within milliseconds. People being "seared" - deprived of their online identity and thereby being unable to live a normal life. Societies with large numbers of clones such as "Maries" (that often marry Freds, who are fond of making lists for everything they do). Leftover Nano weapons from a past conflict still wreaking havoc. How drones will change the way life is lived. People choosing the age at which they remain living. A large queue forming outside the neighborhood 3D print shop because someone is printing a couch... Etcetera. And the book was written in 2005. This shows it’s not necessary to write 600-pages books to give us a fine SF novel. More words, not always give us a better book for sure; would a longer book serve to clarify, especially when the reader is forced to embrace and remember new names and terminologies at almost every paragraph? Do we really need to be spoon-fed? I much prefer my SF to be ultra-dense like Marusek's; he prefers to build the world through subtle hints for an attentive reader to pick up and put together. But we're geeks. We're smart guys. We wear hats. This is how we should want our books. We don't need our mommies to cut up our steak for us, so why do we need an author to spoon-feed us big chunks of exposition to explain every nuance? Were this another type of SF novel (meaning bigger), it’d degenerate to a sinkhole of flash-in-the-pan fantasy in the guise of science fiction.

My point: there is SF that retells old stories in new settings, and there is SF that throws most of the old out and replaces it with thought-provoking new stuff. The books from Philip K. Dick could only be made into movies at the end of his life, and decades thereafter, because that's when society had learned enough to understand his concepts. Maybe the same will happen to David Marusek.

SF = Speculative Fiction.

quarta-feira, setembro 13, 2017

733bi/fo@@h732=|$dGGGHHH&+~52: "Think Like a Hacker - A Sysadmin's Guide to Cybersecurity" by Michael J. Melone

“Thinking like a hacker means studying the tooling that hackers use, attending hacker conferences such as DEFCON [and C-Days in Portugal], and practicing hacking and exploitation in a lab environment.”

In “Think like a Hacker: A Sysadmin’s Guide to Cybersecurity” by Michael J. Melone

What happens in real life passwords-wise? (I know what I’m talking about; back in the day I was in the trenches doing this for a living…)

The passwords are usually stored in a database with the username, when you enter your username and password one is checked vs another. Obviously if the database was stored "in the clear" anyone who stole it or looked at it would know your password. This can't work for anywhere where the user accounts must be secure - even from employees, which is basically everywhere. So, what is done is that the password is "hashed" which means that it is encoded using a one-way conversion formula. If I have the formula and the password I can reproduce the hash result, that's a match! I can open your account! That's what a website does when you enter the right password. But if you just have the hash then if you give that to the website it will apply the formula and create a different result and the system will say "no dice". So having the hashes is no use to a hacker.

Unless the hacker guesses the formula. And this is where the billions of attempts come in. If an employee or hacker steals the list of hashes and usernames they will use them to guess the formula. The bigger the list the more chances of a password being repeated in it, if the hacker spies two hashes that are the same (or with modern functions, hashes that are related with a regularity that clever math can show) then that might mean that the passwords used to generate them are the same, and if the said password is 12345678 then it's very likely Mr. hacker will guess the formula required, and at that point off we go to the races. If the hacker has the database on his own computer (and one can rent very big, very fast computers now for very little $$$) many billions of guesses and tries and tests on the hash function can be done every second.

Good web sites do three things, firstly they "salt" their passwords with a random string which is kept separately like "733bi/fo@@h732=|$dGGGHHH&+~52-" which means that all passwords have that added to them before hashing. Secondly, they use strong hash functions like not SHA-1. The final thing that it is easy to do is to stop users using any password in the top 5000 passwords lists, stop them using any dictionary word and insist that the password contains numbers, capitals, lowercases and symbols.

Unfortunately, such is the sophistication of password cracking software these days that even a long password is no guarantee of security and hardware is getting faster all the time so just a long password is no cast iron guarantee of security. Use very different passwords on online services and be careful about the links between different apps; these days you can use your Facebook ID to login to a range of different sites for example; if you do this consider the implications of what could be accessed if say your Facebook ID is compromised and the data that is shared between the 2 sites.

A password manager is a good way to go for remembering all these different passwords some of them will generate a random password of a specific length for you when you set up a new account and they are available as apps on smartphones, however choose a secure password to access it and ensure it is securely encrypted using something like AES and be careful where it's stored, remember the "Cloud" is just another computer hosted somewhere in the world, there is no guarantee cloud storage is secure; if you back up to these services then encrypt the backups (Companies like Apple offer this with just a check box and password field as an option in your back up settings).

I am extremely careful with LinkedIn these days, I once found all my information available online (legitimately) because they had changed their privacy options and data was open by default to certain LinkedIn partners who took it upon themselves to publish my CV publicly (thanks for the spam to the email accounts I used at that time guys!), they seem to have a very relaxed approach to privacy and peoples profiles often appear in straight Google searches, CV's by their nature tend to include a lot of personal information, and certainly a lot of contact info.

Most hacking attempts do not even use passwords; they exploit failings of the site's code itself. Meanwhile the 'password complexity' argument is based on being able to submit thousands of passwords a second to the same account. Any system which allows that is a dumb piece of design. The sensible answer is that you should not use a guessable password. The rest is basically a 'straw man' designed to shift attention away from the real security failings of the software industry.

Passwords are recognised as being extremely fallible and there is a big discussion going on as to how to replace them, biometrics are equally insecure and you can't change them if they are compromised, as for flaws in code allowing exploits, these will always exist, even the best programmers make mistakes and the sophistication of cracking tools is improving all the time. I view this as being a bit like home security, you can add all the window locks, security deadbolts and alarms that you like, it's never a guarantee that someone can't break in, and in the case of on-line data where government funded agencies are involved then all bets are off.

Personally, I try not to put anything important on the internet, my plans for world domination and my Mum's recipe for bread pudding I memorise, and keep in my head, they can't hack that......yet! :)

Bottom-line: Hackers don't try to guess passwords to get your account. They hack into the system, steal the encrypted data and then, outside of its secure ecosystem it is now vulnerable to brute force attacks. Once a reasonable number of passwords has been hacked, this can be sold onto the highest bidder who will then harvest your data. Often, they will use the same username-password combination on other common websites such as PayPal and Amazon where they can make online purchases or Facebook and Gmail/Hotmail where they will begin the process of identity theft or look through old messages for even more important passwords or bank account details. Remember that holiday you took with your mates and you instant messages them your bank details so they could pay you for the flights? Yep, that's still in your message box. So, change that Facebook password. Now!

terça-feira, setembro 12, 2017

Peter Hall, 1930-2017

(Judi Dench as Titania during the filming of "A Midsummer Night's Dream" by Peter Hall in 1968)

No, I'm not going to write about his Shakespeare productions. I'm going to write about his take on Wagner's Ring Cycle, with only some en passant comments about Shakespeare. With Peter Hall there was none of this "Macbeth" set in a bus shelter or "King Lear" set in McDonalds, or what have you. Contrary to much received luvvie "wisdom" I think it takes more understanding and scholarship to play a classical text "straight" than it does to pointlessly "update" it. An intelligent audience can draw its own conclusions. "Henry V" doesn't have to be played in modern day military camouflage to make the connection between 15th century and 21st century jingoism, as per Iraq war or whatever. I understand that, for its admirers, the greatness of Hall's Ring Cycle lay in its fidelity to the classical style of Wagner himself, and his eschewal of the 'concept' style of interpretation that you had with the previous Boulez Cycle from 1976 and that you were to have with productions after the Hall version closed. As I recall, Hall argued that the Ring was, first and foremost, a mythological narrative, a view that conformed exactly to Wagner's own arguments about the nature of opera and drama. The mythological style is bound up with the universality of theme and characterisation that Wagner associated with Greek tragedy. From what I have read about his Ring Cycle, Hall must have studied Wagner's writings, because, by all accounts, he had a very clear understanding of Wagner's intentions. What would I not give now to have been able to be in Bayreuth to see the Hall Ring in the 80s.

segunda-feira, setembro 11, 2017

Literature as a Strengthener of Character: "The Cambridge Introduction to Shakespeare" by Emma Smith

Cease to persuade, my loving Proteus!

The thing about drama is that everybody has to put effort in to learn their part, then they have to work together to make the play happen. Putting on a successful performance is very hard work but the buzz children get from the performance is huge and they learn that hard work is worthwhile. The play won't work without Titania, Bottom or Puck or all the more minor parts or the person who does the lighting, the scenery, the costumes. They compete for parts but work collaboratively to achieve a result and are proud of what they achieve. What better life lessons could children learn? There is bound to be a positive knock-on effect on other subjects.  Any good play, or musical, will do this but Shakespeare has huge scope and, generally, a large cast. This is a wonderful initiative. We owe it to our pupils to open up to their imaginations a world beyond our own shores and time. The 'Metamorphoses' speak to us about the fluidity of identity and have so much to offer to teenagers confronting this issue in their own lives. They can be read with Jeffrey Eugenides' 'Middlesex' as effectively as with Shakespeare. Emma Smith is right to point to the importance of the Philomela story for 'Titus Andronicus', but the many rape narratives in the 'Metamorphoses' present serious ethical challenges in the classroom. In teaching teenagers (and not only) respect for others, you are teaching them respect for themselves. That's the main point of school and home; in their rapidly-changing world (i.e. their intellect, their bodies) these are mainstays. These are what enable them to contextualise the attacks of commerce on their minds. And anybody who thinks that good literature and art aren't great strengtheners of character is missing the point; of course, they are, because they improve human intelligence.

Stage managed, manufactured vessels who are 'famous' for no reason other than having their pictures taken and heavily edited and being over-publicised by people you never see.

Why anybody thinks that this is in any way 'good' is beyond me, but young people see these people being rewarded and being rich and think that this is in some way a worthwhile pursuit, whilst people locked in a laboratory or grinding out groundbreaking research they don't know or care about.

It's a big, big problem in the social media age but one that the people who could address it won't. Ms. Swift have one, possibly huge advantage over Shakespeare’s Cleopatra et al: they are real and they are still alive. But alive they may be, but to the audience who will never see them, except maybe on a well-guarded stage a long way away, arguably not real. So, a fictional character could perhaps serve as well as a role model as a media created celebrity. Whether a sixteenth century fictional character will serve is another question, but characters from “The Hunger Games” and “Game of Thrones” are equally distant in time and space, so it might work. The question we haven't dealt with is why Viola and Rosalind would be better role models. I think they would be but, why would they?

As for Cleopatra, she was selfish, manipulative and self-destructive. She blithely brought about the death of thousands of Roman and Egyptian troops (not to mention her lover) for no reason other than her own desire for power. She brought about the complete collapse of Egypt as an independent country, then she topped herself. Not a good example. Although many people seem to subscribe to the myth of Cleopatra as either some floozy of the ancient world, a brazen strumpet and home-wrecker who spent her time in the beds of the most powerful men of the Roman world, or of Cleopatra as the ultimate hopeless romantic and ill-fated lover who died by her own hand, supposedly by snakebite.

At any rate, Cleopatra is infinitely more worthy as a role model for women of all ages than the "famous for being famous" Lady Gaga. The historical as well as the Shakespeare’s fictional Cleopatra was a truly impressive personality: not only did she survive the murderous intrigues of the Ptolemaic court, she was also an enlightened and compassionate ruler. One of her most famous acts was - at a time of drought and famine - to issue an edict opening the Alexandrian granaries to feed the non-Macedonian population of that great metropolis as well as the rural poor, which - despite alienating the Macedonian aristocracy and elite -secured her popularity with all the peoples of the kingdom. Her respect for Egyptian cultural and religious traditions, led to her being crowned as Pharoah - the first Ptolemy in generations to rule as both King/Queen of Alexandria and Pharoah of Egypt as well as the first Ptolemy ever to speak Egyptian. Considering that she came to the throne while still a teenager, effectively ruling alone in a world dominated by men she did extremely well - and if one includes Marcus Antonius' excessively generous gifts of large chunks of the Roman Empire to her, she certainly expanded the Ptolemaic Kingdom to its greatest extent in centuries. Had Cleopatra and the Egyptian fleet only stayed to fight Agrippa and rescue Antonius' blockaded fleet at the strategic disaster that was the Battle of Actium, she would have dramatically changed the course of Roman, and probably world, history. Cleopatra was unquestionably a brilliant woman in her own right - as well as being a polymath and a polyglot fluent in all the languages and dialects of her own kingdom (including Hebrew) - she was a highly effective ruler of a notoriously volatile kingdom whose capital was not only one of the largest cities of the ancient world but also one of the most ethnically diverse, and her tolerance towards ethnic minorities - such as the sizeable Jewish community of Alexandria - is legendary. Intelligent, compassionate, tolerant and courageous, Cleopatra VII ought to be a role model already.

The best role models are people who worked hard and achieved something, and unfortunately, our society does not prize such people in the same way that we do women who have big bottoms or men who inherit lots of money and play businessmen on TV. And that's why these forced role models ultimately won't work. We see those people dwarfing the accomplishments of those who work hard and intelligently to achieve, because they start out from a position of privilege. If women aspire to marrying into money rather than making it themselves, can you really blame them? It's literally the main lesson that our culture teaches.

I was lucky in that I had an inspirational English Literature teacher (Vicki Hartnack) who made Shakespeare characters relevant and, where possible, fun. I still remember the enlightenment she brought with them. 

Still about Shakespeare, would it be possible, even at high school level, to combine the English department with the Drama department to show pupils a more rounded, less dry, view of his work? Acting out, and seeing acted, such complicated works may make them seem more relevant. After all the themes of love, vengeance, war, friendship, happiness, depression, destruction, comradeship, confusion etc. are still as relevant today, but merely reading them off a page as I did eons ago, doesn't bring the complicated plots to life, or explain them in terms of today's society. It seems to trap them in the past. Teachers like Emma Smith (and my own Vicki Hartnack), who try to bring Shakespeare to the fore, should be praised.

quinta-feira, setembro 07, 2017

ThisIsMyPasswordForNatWest: "KALI LINUX - How to crack passwords using Hashcat - The Visual Guide" by Taylor Cook

Yep, most of our supposedly easy-to-remember-hard-to-crack strategies fall pretty quickly when we're informed that there must be a symbol - but not that one, that one, that one, or that one - and there must be a capital letter and there must be a number, oh and sorry your password is now too long. So now we need to remember our standard phrase AND the fact that for THIS website we couldn't use that symbol so we had to put in another and we had to stop after 6, 8 or 10 characters which meant we had to move the number to the front...

Passwords should never be stored as plain-text, but as a big long hash. So 'ThisIsMyPasswordForNatWest' becomes 'a64b8d3190050e4600ed3352cb05e5fb9a54c6dc' under a hashing system called SHA1 for instance, and you can't take that hash and reverse it and get the password. A per-account string of random characters should be added to the user's password too - this alone makes it virtually impossible to crack a password. So long as no website stores your password as plain-text then you're in the clear.

The problem is that you can't trust websites to not store passwords as plain-text, and you have no idea if a website is there just to suck up people's passwords and password strategies. Or even if a company has a website and just one developer decides to make copies of submitted passwords or figure out people's password strategies.

Password strategies also rely on not being popular too - if enough people use the same prefix/suffix, or used the same 'Nellie, the elephant packed her trunk' passphrase but substitute a single word, then it just becomes another strategy that a hacker can add to their brute-force attack.

The Key is: Do not trust websites to store your passwords as hashes. Passwords should never be stored as plain-text, but as a big long hash. 

Assuming it is constructed with alphanumeric characters accessible directly from the keyboard, your 15-character string has about 15^98 possibilities. There are around 400K words in the Portuguese language alone (I don’t know the number for the English Language). A properly constructed 4-word passphrase has a minimum 4^400K possibilities, and the points about sophisticated dictionary attacks and common phrases and other things one's read on Wikipedia (aka the internet's largest honeypot for armchair know-it-alls) count for nothing if the passphrase itself doesn't follow language syntax. Even if you knew the exact number of words and characters in the passphrase, it would still be quicker on average to alphanumeric brute force than it would to use a dictionary attack. I'll grant you that in the real-world people don't choose good passphrases. They choose easy to remember stuff that makes a logical statement or sentence, or some Shakespearean guff or a line from their favourite movie or song. In that sense your logic sort of works, i.e., if we're going to recommend any "system" to the masses, then yours might be the better one to recommend. (Even that is debatable, as the weak link is still the fact that you have people choosing for themselves. Even you with your vast knowledge went straight for some well-known footballing dirge as an example.) However, don't try to tell those of us who know better that the mere existence of obvious exceptions and shortcuts to cracking poorly chosen or common phrases makes a dictionary-based passphrase less secure than 15 characters chosen from a "dictionary" of 98.

Another piece of advice: Serious hackers don't attack login pages (which usually have some sort of login rate limiting in place), instead they use some sort of social engineering attack to get inside the company’s network and get hold of the user database. The passwords in these databases are stored in encrypted form, but now they can test passwords using their own hardware and without any rate limiting. Using cheap graphics cards and rainbow tables to attack the most common hashing algorithms, they can test billions of password combinations a second. It's only relevant to attacks where the attackers have direct access to the user/password database and the passwords have been safely stored. That said, there have been cases where a site has not been secured against brute forcing.
Corollary of this is, of course, that an attacker brute-forcing your password is often not a problem unless it is used elsewhere (or permits privilege escalation) because the ability to brute-force the password requires the attacker to have already breached the website that password is for.

Bottom-Line: password reuse is a bigger problem than individual password security. Use a password manager and you fix both.

terça-feira, setembro 05, 2017

The Emperor Had the Boy Locked Up: "Mastering Kali Linux for Web Penetration Testing” by Michael McPhee

“As applications have become more complex, and their importance has skyrocketed, bolt-on security approaches are no longer cutting it.”

In “Mastering Kali Linux for Web Penetration Testing” by Michael McPhee.

Hah... memories of a rather expensive inter-bank trading system we were offered one time to test. Examining the executable revealed a few plain text strings, one of which (the name of a biscuit in upper case) stood out as dubious, and turned out to be the encryption key for all communications (“super-duper unbreakable encryption" was one of their selling points) ... With that, and a little bit of poking around, we reached the stage where we could send a message to another counterpart offering them a product at a certain price, and then we could send a message that told the server they'd accepted it (forming a legally binding contract - notional values for these goods were of the order of millions and tens of millions of dollars). Being nice guys, we didn't do this for real (the above was done on the QA rig), but rejected the software. When we explained why, the vendors told us what we did would be "a breach of the license terms", and couldn't understand why we fell about laughing... especially after the way they "patched" the holes (obscured the encryption key with, I kid you not, ROT13.)

Names above withheld to protect the incompetent...

The thing you can usefully pick up in a day or two is more the mindset involved in trying to find and exploit a weakness rather than all the techniques involved (e.g., spend the day with a reformed burglar who can show you which properties and vulnerable where, ditto shoplifters etc.) - the tools and techniques change over time, but the attitude less so... We are cannibalizing our youngest and brightest citizens (worldwide). Aaron Schwartz, Manning and Snowden have all empowered themselves to listen to their consciences and act on information about security and safety breaches or unfair protocols, acts which are no mean feat given that the political noise and threats for being engaged and concerned have never been set at higher decibels. Even if your privacy has already been breached, notification still gives you the option to act: change your password, check your credit card purchases (or freeze them), etc. etc.

Or - where possible - take your business elsewhere, to somebody who protects their clients' data as they ought. It's like the US situation where restaurants that fail a health inspection are obliged to put a notice in their window for potential customers to see; the risk of having to do that gives them an incentive to keep the place clean.

It sounds like a real head-fuck, dealing with all the shit every single time one of the multiple companies that has any of your info has what may turn out to be a minor, insignificant breach. When nearly everyone has opted out or opted for the apparent safety of silence, a few continue to stand up and point out wrongdoing. That we are targeting them instead of the true threats is so insane it points to a societal death wish.

And in the real world someone said "The Emperor has no cloths". Hearing of this, the Emperor had the boy locked up.

domingo, setembro 03, 2017

A Society of Abatement: “Year of the Fat Knight - The Falstaff Diaries” by Antony Sher

“Sartre said that there’s a God-shaped hole in all of us. Greg fills his with Shakespeare; the other day he said, laughing, ‘I’m not the director of a company, I’m the priest of a religion!’ and me? I have Falstaff inside me now – I can say it confidently at last – and that great, greedy, glorious bastard leaves no room for anything else at all.”

In “Year of the Fat Knight - The Falstaff Diaries” by Antony Sher

Reading stuff like this, always awakens my creative streak. Here's a little something for your (and my own) enjoyment I've just written that I think aptly summarises Sher's book:

We really do need some protection
From the spread of the ‘rising enunciation’
Phrases go up? Just at the end?
Drives me completely ‘round the bend

Please don’t do it, it’s annoying?
So monotonous and cloying
Up-talk gives me indigestion
Everything becomes a question!

Form a Society of Abatement
Don’t Make A Question Out Of A Statement!!!
It doesn’t make a lot of sense,
And shows a lack of confidence

Who’re the culprits? Not Westphalians
Personally, I blame South Africans
How can something so iniquitous
Become so globally ubiquitous?
From Durban to Central Park
Hangs a giant question mark