Back to mountain country

I haven’t checked in for quite a while now. A lot of it has to do with my focus on finding a new job (within my company) to follow on after my project, and handling the move which would be required. I didn’t really have the option of localizing to an American contract*, so ruminating about whether or not that would have been an attractive proposition is fruitless. At any rate, back to Switzerland I went, in the heart of what a Mr. Rumsfeld called “old Europe”.

*) Illinois is an “at will” state, so the locals there have no contracts. The rough equivalent there is a so-called offer letter which lays out the terms and conditions of employment without being binding for any length of time.

Daily grind


  1. Send a customer a description of the scope of your project, the methods to be employed and why they were chosen, the prerequisites for applying those methods, and an estimate of the time and effort required.
  2. Customer tells you your document is too “technical”, their management needs an “executive summary”
  3. Hint at some interesting aspects of your project in “bullet points” on three powerpoint slides
  4. Customer calls the slides “too granular” and is “concerned” about some obvious features which aren’t in the bullet points (but are, needless to say, in the 92-page scope document)
  5. Smile and ask the engineers to turn their attention to more slides, which they enjoy much more than engineering anyway
  6. (this is much less common, thank Zeus) Have the same calibre of discussion internally between different teams of developers while partitioning the work

It would save endless time and money if everyone just turned off their phones for three or four hours, sat down on a comfy sofa with a coffee and took the time to read and understand even a few of the details of whatever it was they were supposed to make a decision on.

Echo cancellation in Linux

Jitsi is a fantastic open-source VoIP sound and video application, with desktop sharing and XMPP instant messaging thrown in too. It’s free and secure.

Under Linux I had some echo problems. It turns out there are several ways to handle echos, and several points along the chain of communications where it can be done. If you’re using a server-in-the-middle messenger, it’s quite possible that echo cancellation is provided as a service on the server, which by the way precludes end-to-end encryption.

Otherwise you can handle echo cancellation at one or more end devices. Linux’s PulseAudio sound system offers echo cancellation at the system level, but you have to turn it on.

To do so, run the following command before starting your VoIP application:

export PULSE_PROP=”filter.want=echo-cancel media.role=phone”

Be aware that using different echo cancellation techniques at different points in the audio chain simultaneously will worsen the sound considerably, and it should be avoided.

Colleen Graffy: How to Lose Friends, Citizens and Influence

A very interesting read, even though it’s in the Wall Street Journal. She’s only told about half the story, too: I’ve heard they’re passing some sort of retroactive law aimed at people like Tina Turner who have already renounced their citizenship.
Just the notion is outrageous. It’s not that they will be retroactively disputing Mrs Turner’s change of citizenship. They will simply be extorting money from a foreign national. Just imagine if China did that to the many Chinese nationals who have settled down in the US and taken on US nationality, giving up their Chinese passports in the process.

A pig through the python

I just remembered a famous decision by Scott McNealy, the former head of Sun Microsystems, to ban PowerPoint from the Sun campus. I looked for an article to verify, and found one.

Apparently he trumpeted the productivity-enhancing effects of his Powerpoint ban. Sadly, whatever effect it had on their productivity or their creativity didn’t last, because as we all know they went down the tubes and had to be saved by Oracle of all things.

Kathleen Belleville, who worked at Powerpoint, argued: “now we’ve got highly paid people spending hours formatting slides because it’s more fun to do that than concentrate on what you’re going to say.” I find that convincing. The glitz and glamour of a presentation still has a disproportionate impact on the audience, and people know that, so they end up spending a lot of time messing with the formatting.

But I think the effect Powerpoint has had on its target audience is much worse: members of senior management are now so accustomed to bite-sized chunks of pre-digested “insight” that they have become addicted, and unable to digest facts on their own. I think that is dangerous.

A related and quite famous argument was made by Edward Tufte, who discovered that a NASA briefing which used PowerPoint as its presentation medium had led to a bad decision which doomed a space shuttle and its crew. However he criticizes the people creating the presentations and blames the bullet-point style of communication for leading to something like cognitive “rounding errors”.

Amazingly, I’ve heard colleagues interpret this same case as an example of the adverse effect of “overcomplicated” presentations with “busy” slides. Personally, I interpret it as a failure of management to fully parse the presented facts. I think a verbose report would have forced the readers to put some effort into comprehending the available data and understanding the situation.

A feeling for data volume

Conference room at Stasi headquarters in Berlin
Conference room at Stasi headquarters in Berlin

Today’s “Süddeutsche Zeitungpublished an interactive infographic produced by OpenDataCity. It was created in response to a statement by the German president, Joachim Gauck, who rejected comparisons between the Stasi and the NSA, asserting that the NSA is certainly not compiling thick binders in which it files away our conversations, like the Stasi did.

Comparing the digitized Stasi archives with the estimated capacity of the NSA (e.g. in its new yottabyte-capacity, 65-MW-burning data center in Bluffdale, Utah), OpenDataCity came up with the following comparison: if you stored the NSA’s data in the same density as the Stasi had available (in paper files), it would not fit into Berlin. Or Europe, for that matter.

Image #1: area of the Stasi archives. It’s the square on the left, superimposed over a map of central Berlin (though they didn’t put it over the actual “Stasi Zentrale”)

The size of the Stasi archives, based on paper files
Left square: the size of the Stasi archives, based on storage of paper files

Image #2: the Stasi archives, expanded to house the NSA’s estimated data volume in paper form – superimposed over Europe and parts of Northern Africa

Area required to store the NSA's data volume, if stored in paper files like the Stasi
Right square: the area required to store the NSA’s data, if stored as paper files like the Stasi

The vast amount of data that can be processed and stored nowadays is not clear to most people, especially those who haven’t grown up with computers. MB, GB, TB are abstract concepts, so I think it helps to visualize the data volume in this way.

Interfering with mass surveillance

When IT security professionals talk about methods to tap someone’s communications, they use the term “(attack) vector”. Strong encryption is by definition not breakable, so the only available points of attack lie before encryption is applied, or after the cypherdata has been decrypted. There’s no use “tapping the wire” (like Tempora). You’ll typically want to tap the applications at either end which provide the encryption.

The German “BKA Bundestrojaner” proposed to do this in a way similar to the CDC’s good old BackOrifice, which basically hooked into your webcam, sound card and keyboard as well as providing FTP-style access to storage devices. However getting that software onto the target computer is a challenge. You need to break in, or trick the target user to download and install your software. It requires a targeted effort.

Mass surveillance of encrypted communication requires a massive number of computer systems to be compromised. Take Skype, for example. Let’s assume that its protocol is unbreakable, and Microsoft refuses to allow direct access (as they claim). That leaves two vectors: either a generalized trojan like the Bundestrojaner that is tricky to get onto target computers. Or a modified version of the Skype software, disguised as an update. At its core, it’s the ideal trojan. It’s been done before, e.g. Hushmail served modified updates to some of their clients at the request of Canadian authorities. But let’s assume Microsoft doesn’t cooperate by allowing their Skype updates to be “spiked”. Their cooperation isn’t required if you have the cooperation of internet providers, because you can simply re-route requests for updates from Microsoft servers so that the bugged update is downloaded from a malware server instead, without the target knowing. This can be done for a massive number of users, and it’s not just theory. It’s been common practice in China and the countries of Northern Africa, where governments have served up “localized” versions of communications software like Skype to all users in those countries’ networks.

That’s where Tor and VPNs come in. They can’t prevent this from happening, but they do provide an extra layer of distance between yourself and your internet provider. If all communications leaving your wall socket are encrypted and anonymized, there’s not much they can do. They’d have to infiltrate your VPN end point, or a significant number of the Tor exit servers. While that is possible, it seems more like a theoretical possibility.

Use a VPN, or use Tor all the time if possible. It’s not paranoia: providers like Comcast have in the past swapped out web content, replacing it with their own notifications and advertisements. Mobile data providers do a lot of meddling to police the applications that are being used; it’s not beyond them to substitute data you’ve requested.

Put some distance, a layer of anonymity between yourself and your internet provider.

A thought on the surveillance leaks

Did Eastern Germans protest and revolt against the leadership of the DDR because they were sick of the state’s total surveillance and control, or because they desired higher income and material consumption? Despite the popular narrative, I really do believe the latter is what motivated the masses. But that’s because I have a cynical outlook.

The narrative is probably right too. Average citizens would never have dared to protest without a solid number of idealists leading by example and providing moral justification.

For those idealists, the recent leaks regarding Western state security services’ mass monitoring capabilities must have had a particularly nasty taste. Imagine risking your life, throwing yourself into the arms of the Free West only to discover that the West does the surveillance thing too.

Total, cradle-to-grave state control? No. But total surveillance? Absolutely. At first glance that isn’t completely true: there are laws putting strict limits on the surveillance of conventional communications media like mail in envelopes and telephone calls. Unfettered surveillance is limited to newfangled network-based communications. But if you think about it, the new media provide much more complete, more unfiltered insight into people’s lives than phone calls or letters. People write letters expecting they’ll be read (if only by the intended recipient). They don’t have that on their mind when they enter search terms, and in fact I think people do have an expectation of privacy when they do their online research (“breast cancer”? “alcoholics anonymous”? “gambling support group”?). The same goes for documents or for calendar appointments stored on the web. All of this stuff is replacing the old, protected methods of communication.

Probably the main reason the Stasi went to the trouble to install bugs and wiretaps was to catch information their victim’s wouldn’t have put in a letter (even assuming it wouldn’t be opened). Tapping the cloud delivers an awful lot of that stuff, from many areas of life. So the type of unregulated access our security services have claimed for themselves in absence of existing regulation is actually pretty disturbing. I think it’s more problematic than a phone wiretap, and almost as intrusive as the surveillance of Eastern Germany.

Observation on language

I see a curious difference between the US and the UK (and their respective satellites) in the way their written language is viewed and treated. Just considering the e-mails of people I interact with at work, I could readily pull up a half-dozen examples showing a US-trained colleague using bad spelling and worse grammar, versus a Commonwealth-trained colleague vividly using a wide spectrum of vocabulary in complete sentences. It’s prejudice, but so far my experience confirms this black-and-white model.

American primary and secondary education aren’t bad, no matter what TV tries to make you believe. There may be differences in emphasis which explain the difference. Maybe one system emphasizes creative writing more than the other, which may have more of a focus on reading comprehension and analysis. Perhaps. It’s all good.

What was new to me in recent years, is a general hostility towards well-formed, “long-winded” writing. It manifests itself not just in work e-mails, and I think it’s at least partially responsible for people’s lack of love for their language. If you see language as a means towards an end, it’s no surprise you use the simplest, shortest words to get your point across to as wide an audience as you can.

There’s pressure everywhere to use words sparingly, and people are not ashamed to ask for bite-sized, pre-digested summaries like “executive summaries” and “elevator speeches” (how I hate that term). I think if an executive doesn’t take the time to understand a complex topic outside of the time he or she has allotted to riding the elevator, it’s probably better not to bother them with it at all.

Have you noticed the rise of the “quick start guide” as an abbreviated addendum to products’ user or installation manuals? What’s that all about? Can’t be bothered to take the five minutes to read the manual? Not that I mind quick-start guides, but I think they’re a symptom of laziness regarding language. Reading is seen as a chore. There are two ways to reduce that chore, and the authors of the user manuals have chosen to reduce the number of words. The better alternative is to improve the quality of writing – though I admit a user manual for a vacuum cleaner does pose a challenge.

At work, I find that people tend to keep their communication short to the point of mangling their language with bullet points and incomplete sentences, but they’re perfectly happy to write long reports. And those reports often do tend to be long-winded, with copy-paste liberally used to copy swathes of text from brochures or technical papers.

To sum it up, I think people here don’t mind reading and writing if it’s an explicit piece of work. A good indicator would probably be “is reading or writing this something that could potentially be billable time in a customer project”.

Such a utilitarian view of language is a bit sad.