This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

Nicole Perlroth (2021)

A hugely detailed and deeply researched history of the market for “zero-day: exploits, the faults and technologies underlying computer viruses and ransomware. It’s a hugely complicated and technical field which Perlroth does an amazing job of making accessible to a non-technical audience. (I should probably say here that I teach computer security.)

Most of the book is a real page-turner, deeply embedded with the government agencies, companies, and hackers who compose the zero-day market. It’s scathing of the US’ trying to play both sides of the street, developing and buying zero-days in order to collect intelligence while weakening the security of ordinary users in the process by not informing the software developers of the problems they’ve found. They clearly knew this was dangerous, and even developed a doctrine for us: “NOBUS”, bugs that “no-one but us” would be smart enough to find or develop. This idea goes wrong spectacularly, as other nations realise how cheaply they too can have cyberweapons programmes: ironically they’re encouraged by the deployment of the Stuxnet virus to damage the Iranian nuclear programme. The leaks of the NSA’s zero-day stockpile by the Shadow Brokers – an event that’s somewhat under-explored – and their later use in hacks against US elections, are payback for hubris.

Perlroth is scathing of the Trump presidency’s neglect of cybersecurity and unwillingness to sanction Russia for known attacks – in part because it might cast doubt on Trump’s legitimacy as an elected president, but also seemingly from willful blindness and a mistrust of the professionals (including the military) tasked with protecting US networks. She was writing during the pandemic and before Trump conceded the 2020 election (to the extent that he ever did), and so if anything she understated the impacts of disinformation spreading.

The conclusions are a little breathless, but well-intentioned and technically appropriate, if a little US-centric – and in fairness the US has at least attempted to set up a more transparent approach to managing cyberweapons, even though the approach is drastically compromised by the desire to keep intelligence-gathering capabilities. Cybersecurity is an area where offence and defence are closely intertwined, and there’s a strong argument that the costs to society of the former mandate a focus on the latter. We need to accept that many cyberweapons that are used (or leaked) can be reverse-engineered and re-used against their original developers with little real up-front financial investment.

There’s some editing. including a repeated mis-use of “affect” rather than “effect”, and a really disastrous throw-away reference to the book Dune, the description of which is almost entirely wrong: surely an editor should have picked that up?

4/5. Finished Sunday 21 January, 2024.

(Originally published on Goodreads.)

Edible Economics: A Hungry Economist Explains the World

Ha-Joon Chang (2022)

A book that combines food with economics? Not really.

I’m torn by this book. I enjoyed the food parts, especially the author’s anecdotes about his move to the UK from Korea, and how he’s observed the UK’s food scene change from incredibly insular and conservative to amazingly open and dynamic over the course of a couple of decades. It’s a change I also lived through and remember well.

I also enjoyed the economics. Chang is an eclectic collector of economic theories – all the more surprising because he’s an academic. He has an appropriate degree of scepticism for ideology and single explanation of complex questions, which is refreshing. He skewers some of the common myths, such as the “explanation” that poor countreis stay poor because their people don’t work hard enough, ingoring the massive structural factors in play. He’s equally scathing about the other “explanation” about the free-trade roots of the successes of the US and UK economies, given that they were actually massively protectionist during their main periods of growth. And he makes several policy suggestions for modern economies.

But…. as a book, I don’t think it works at all. The conceit of explaining economics through food remains just that: a conceit that’s not really threaded through the narrative in a meaningful way. The links are often just too tenuous. To give one example, a chapter that leads with anchovies ends up talking about natural-resource extraction economics using the example of bird guano – well, birds eat anchovies, so… Most of the chapters are basically diviided between food and economics with an often desperate attempt to tie them together. The economics is accessible, and a writer who can do that probably doesn’t need a gimmick to structure his work.

3/5. Finished Saturday 20 January, 2024.

(Originally published on Goodreads.)

TIL: The first scientist

TIL: The first scientist

Today I learned that the first person ever to be called a “scientist” was the Scottish … erm, scientist Mary Sommerville (1780–1872), who made discoveries across several fields of mathematics, physics, and astronomy, and was one of the first two women admitted to membership of the Royal Astronomical Society.

It was the fact that she was both a woman and a polymath that led to the need for a new word. She clearly wasn’t a “man of science”, as was the common description; nor did she fall into the accepted classes such as geologist or chemist, since she contributed to all these fields and more. So William Whewell, the Master of Trinity College, Cambridge, and the person who had introduced one of Sommerville’s books to the university’s maths curriculum, decided to unify all these specific classes into the new general category of scientist. (He also introduced the terms physicist and linguistics.)

TIL: The first ever .com domain

TIL: The first ever .com domain

Today I learned that the first .com internet domain registered on the internet was https://symbolics.com and belonged to Symbolics, a company that made Lisp machines.

It doesn’t relate to Lisp any more, of course. It’s been sold to someone who “helps entrepreneurs and investors acquire high-end domain names”, which seems about as meta as things can get: the first-ever .com domain name now points a company focused on acquiring domain names.

Symbolics itself has a storied history, spinning-out from the MIT AI lab to sell hardware dedicated to running Lisp: one of two such start-ups actually. The Wikipedia page is a good place to start.

Incidentally, the rest of the top-ten first .com domains can be found here.

Making small changes to lots of files

Making small changes to lots of files

I recently had to make tiny changes to a large number of files spread nested through a directory structure. This turns out to be a lot easier than I expected with Emacs.

My use case was actually this blog. It’s been on the go for a while in several different formats, and over the years I’ve used tags to drive different presentations – for example articles tagged ‘news’ ended up on the front page. I no longer do this, which meant a lot of redundant tags to be got rid of, mainly in Nikola’s .meta metadata files but also embedded into .md markdown and .rst restructured text..

My plan was to use Emacs’ rgrep command to recursively traverse the directory structure of posts to find the tags I wanted to remove. This would give me a grep-mode buffer that hyperlinks to the files (and lines) needing changing, which I could then click through to get to where each change needed to be made. Straightforward, but time-consuming and error-prone when there were about 150 files to be changed. Clearly a problem in need of a better solution.

I then discovered the wgrep (“writable grep) package. This makes the grep-mode buffer editable, with changes being written-back to the underlying files. Exactly what I needed.

Once I’d installed wgrep, the workflow is ridiculously easy:

  1. Using rgrep gets a grep-mode buffer
  2. C-c C-p makes the buffer editable
  3. Changing the lines. In my case I could use string-replace to remove the tags I wanted rid of. More complicated cases might need regexp-replace or even manual editing
  4. C-x C-s writes the changes back out

(There are several other keybindings that wgrep makes available, notably C-c C-k to discard all changes.)

That’s it! A job that I expected to take an hour took about 3 minutes.