All posts by esr

Grasping Bloomberg’s nettle

Post Syndicated from esr original

Michel Bloomberg, the former Mayor of New York perhaps best known for taking fizzy drinks, and now a Democratic presidential aspirant, has just caused a bit of a kerfuffle by suggesting that minorities be disarmed to keep them alive.

I think the real problem with Bloomberg’s remark is not that it reads as shockingly racist, it’s that reading it that way leaves us unable to deal with the truth he is telling. Because he’s right; close to 95% of all murders are committed by minority males between 15 and 25, and most of the victims are minorities themselves. That is a fact. What should we do with it?

It’s the 21st century and pretty much everybody outside of a handful of sociopaths and Affirmative Action fans has a moral sense that it’s wrong to make laws that discriminate on the basis of skin color. On the other hand, Bloomberg is broadly correct about the effect of disarming minorities, if it could actually be accomplished. (He might be optimistic by 5% or so, according to my knowledge of the relevant facts, and disarming minorities is effectively impossible, but neither of these objections are relevant to where I’m going with this.)

I think it is quite unlikely that Bloomberg has classically racist intentions in what he said. Sure, it’s fun in an Alinskyite sort of make-them-live-up-to-their-own-rules way to pillory a lefty like Bloomberg over this sort of remark, but let’s get real. This is not a man with a particular desire to oppress black or brown people. What’s obnoxious about Nanny Bloomberg is that he thinks he has the moral standing to oppress anybody in the name of whatever cause du jour currently exercises him.

So once we’ve stopped flogging the (rather risible) idea that Bloomberg is a racist, where are we? How do we use the statistical truth he pointed out without being racist ourselves?

There’s nothing magic about the amount of melanin in somebody’s skin that makes them so much more more likely to be a violent criminal that Bloomberg’s 95% figure is almost true. Dark skin can’t be the problem here; it has to be something else that is correlated with dark skin, predicted by it, but not it.

I don’t think there’s any mystery about what that is. Criminals are, by and large, stupid. American blacks have an average IQ of 85. Hispanics average 88. People with low IQs are bad at forward planning; this makes them impulsive and difficult to defer with negative consequences. It’s a safe bet that black and Hispanic criminals are, like white criminals, largely drawn from the subnormal end of their populations’ IQ bell curves.

If Bloomberg had said “We ought to disarm everyone with an IQ of 85 or below”, he would actually be more statistically correct than he was. That would still be pretty near impossible. But it wouldn’t be racist.

The dream is real

Post Syndicated from esr original

So, I just listened to an elaborate economic and engineering rationale for why Elon Musk’s new Starship is not the tall skinny pressurized-aluminum cylinder we’re used to thinking of a real rocket, but a fat cigar-shaped thing made of stainless steel, with tail fins.

And I don’t believe a word of it.

It had to be that way because Elon Musk grew up on the same Golden Age science fiction magazine cover illustrations I did, and it looks exactly like those.

Has tailfins. Freaking tailfins. And lands on a pillar of fire just like God and Robert Heinlein (PBUH) intended.

The dream is real.

Gratitude for Beto

Post Syndicated from esr original

Beto O’Rourke is a pretty risible character even among the clown show that is the 2020 cycle’s Democratic candidate-aspirants. A faux-populist with a history of burglary and DUI, he married the heiress of a billionaire and money-bombed his way to a seat in the House of Representatives, only to fail when he ran for the Senate six years later because Texas had had enough of his bullshit. Beneath the boyish good looks on which he trades so heavily, his track record reveals him to be a rather dimwitted and ineffectual manchild with a severe case of Dunning-Kruger effect.

Beto’s Presidential aspirations are doomed, though he and the uncontacted aborigines of the Andaman Islands are possibly the only inhabitants of planet Earth who do not yet grasp this. Before flaming out of the 2020 race to a life of well-deserved obscurity, however, Beto has done the American polity one great service for which I must express my most sincere and enduring gratitude.

In September 12th, 2019, at third televised debate among the Democratic aspirants, Beto O.Rourke said “Hell, yes, we’re going to take your AR-15”. And nobody on stage demurred, then or afterwards. And the audience applauded thunderously.

At a stroke, Beto irrecoverably destroyed a critical part of the smokescreen gun-control advocates have been laying over their intentions since the 1960s. He put gun confiscation with the threat of door-to-door enforcement by violence on the table, and nobody in the Democratic Party there backed away.

It’s that last clause that is really telling. Beto’s own intentions will soon cease to be of interest to anyone but specialist historians. What matters is how he has made “Nobody is coming to take your guns” a disclaimer that no Democrat – and, extension, any advocate of soi-disant “common-sense” firearms restrictions – can ever hide behind again.

His talk of “military weapons” was, of course, obfuscatory bullshit. The AR-15 is a civilianized rifle the lacks exactly the capability to fire full auto or bursts that is essential for a battlefield weapon. Over ten million AR-15-pattern variants are in civilian hands; it’s the single most popular sport and hunting rifle in the U.S. or for that matter the entire world.

Every single AR-15 owner is on notice. The Democratic presidential candidates and their audience are down with the concept of LEOs raiding your home and forcibly confiscating your guns, even if you’re a model citizen with no criminal record or red flags. They don’t care if you, your family, or your pets get shot dead through malice or incompetence. Got to break a few eggs to make that omelette, comrade!

Hell, if you happen to be white or male today’s Democrats might consider it – what’s the currently fashionable phrase? – “redistributive justice”. No worries though; there are statistical reasons to expect that blacks and Hispanics will be over-represented in the actual body count.

This is horrible – it’s a nightmare and a bad sign for our republic that advocating police-state behavior like this doesn’t get politicians driven from public life – but it’s also very clarifying.

Consider registration and licensing laws, background checks, and other requirements that allow the government to identify and target gun owners. Our civil-rights advocates have been saying for decades that these were intolerable because they have the corrupt purpose of enabling future confiscations. In response, we’ve been treated to endless condescending repetitions of “Nobody is coming to take your guns”.

We knew that was a lie, that forcible confiscation was always the endgame once lesser restrictions had shifted the Overton Window far enough, but way too many people outside the gun culture were fooled. The great service Beto O’Rourke has done is that the pretense will now be very much more difficult, and perhaps entirely impossible.

Thank you, Robert Francis “Beto” O’Rourke. You did not intend it, but you have done your nation a signal service for which everyone who takes the Second Amendment seriously should be grateful.

EDIT: Now lightly altered to reflect that at least one Democratic legislator has demurred. Senator Chris Coons said he disagreed with Beto: “We need to focus on what we can get done.” This of course is code for “You idiot! You let the mask slip! We need to continue with the slow strangulation!”

Be the America Hong Kong thinks you are

Post Syndicated from esr original

I think this is my favorite Internet meme ever.

Yeah, Hong Kong, we actually have a problem with Communist oppression here, too. Notably in our universities, but metastatizing through pop culture and social media censorship too. They haven’t totally captured the machinery of state yet, but they’re working on that Long March all too effectively.

And you are absolutely right when you say you need a Second-Amendment-equivalent civil rights guarantee. Our Communists hate that liberty as much as yours do – actually, noticing who is gung-ho for gun confiscation is one of the more reliable ways to unmask Communist tools.

We need to be the America you think we are, too. Some of us are still trying.

The Order of Defenders

Post Syndicated from esr original

Officiant: “One comes before us today who wishes to become a Sworn Brother. Let him approach.”

Officiant: “Are there two Brothers present who will affirm that the candidate is of sound mind and good character, being aware that the penalty for error in this judgment is expulsion and disgrace?”

Upon hearing affirmations, the officiant continues:

“Very well. Aspirant. Take your firearm in your dominant hand. Raise it in the posture I now demonstrate, and repeat after me. After each line, the assembled Brothers will affirm with one voice.”

My gun protects the weak.


My gun speaks for liberty.


My gun defends myself, my neighbors and my nation.


My gun guards civilization.


With this oath I become a Sworn Brother of the Order of Defenders.


I will defend, and teach others to defend themselves.


I will shoot neither in anger nor haste nor from any sort of intoxication, but in grave knowledge of the consequences.


When a Sworn Brother calls for aid in defending, I will answer.


These things I swear by all I hold sacred.


Following the initiation, all repair to a shooting range for convivial practice.

I wrote the above after thinking about Rudyard Kipling’s Ritual of the Iron Ring for newly-graduated engineers.

Rituals like this exist to express and formalize what is best in us.

The Order of Defenders does not exist. Perhaps it should.

How the D candidates would introduce themselves at the next debate if they were honest

Post Syndicated from esr original

Hi, I’m Joe Biden. I’m the perfect apparatchik – nor principles, no convictions, and no plan. I’m senile, and I have a problem with groping children. But vote for me anyway because orange man bad.

Hi, I’m Kamala Harris. My white ancestors owned slaves, but I use the melanin I got from my Indian ancestors to pretend to be black. My own father has publicly rebuked me for the pandering lies I tell. I fellated my way into politics; put me into the White house so I can suck even more!

Hi, I’m Elizabeth Warren. Even though I’m as white as library paste, I pretended to be an American Indian to get preferment. My research on medical bankruptcies was as fraudulent as the way I gamed the racial spoils system. So you should totally trust me when I say I’m “capitalist to my bones”!

Hi, I’m Bernie Sanders. I honeymooned in the Soviet Union. I’m an unreconstructed, hammer-and-sickle-worshiping Communist.

Hi, I’m Kirsten Gillibrand. I used to be what passes for a moderate among Democrats – I even supported gun rights. Now I’ve swung hard left, and will let you just guess whether I ever had any issue convictions or it was just pandering all the way down. Tee-hee!

Hi, I’m Amy Klobuchar, and I’ve demonstrated my grasp on the leadership skills necessarily for the leader of the Free World by being notoriously abusive towards my staff.

Hi, I’m Robert Francis O’Rourke. It’s not actually true that my friends call me Beto, that was fiction invented by a campaign consultant as a play for the Hispanic vote. I’m occupying the “imitate the Kennedy” lane in this race, and my credentials for it include DUI and fleeing an accident scene. The rumors that I’m a furry are false; the rumors that I’m a dimwitted child of privilege are true. But vote for me anyway, crucial white-suburban-female demographic, because I have such a nice smile!

Hi, I’m Pete Buttigieg. I was such a failure as the mayor of South Bend that my own constituents criticize me for having entered this race, but the Acela Corridor press loves me because I’m fashionably gay. And how right they are; any candidate you choose is going to bugger you up the ass eventually, but I’ll do it like an expert!

Hi, I’m Bill de Blasio. I’m as Communist as Bernie, but I hide it better. And if Pete thinks his constituents don’t want him in this race? Hold…my…beer!

Hi, I’m Cory Booker, and I’m totally not gay. OK, maybe I’m just a little gay. My city was a shithole when I was elected and I’ve done nothing to change that; I’m really just an empty suit with a plausible line of patter, especially the “I am Spartacus” part. But you should totally vote for me because I’m…what was the phrase? Oh, yeah. “Clean and articulate.”

Hi, I’m Marianne Williamson. If elected, I will redecorate the White House so it has proper feng shui. I am the sanest and least pretentious person on this stage.

Contra Gelernter on Darwin

Post Syndicated from esr original

David Gelernter recently wrote an essay on Giving Up Darwin that is not obviously stupid. Dr. Gelernter, in many ways an astute thinker, does not commit obvious stupidities – but I have had to call him out before for allowing himself to be blinded by a hunger for epistemic gaps that fit the shape of religion. Apparently it is, alas, time to do that again.

The central argument of Gelernter’s essay is that random chance is not good enough, even at geologic timescales, to produce the ratchet of escalating complexity we see when we look at living organisms and the fossil record. Most mutations are deleterious and degrade the functioning of the organism; few are useful enough to build on. There hasn’t been enough time for the results we see.

Before getting to that one I want to deal with a subsidiary argument in the essay, that Darwinism is somehow falsified because we don’t observe the the slow and uniform evolution that Darwin posited. But we have actually observed evolution (all the way up to speciation) in bacteria and other organisms with rapid lifespans, and we know the answer to this one.

The rate of evolutionary change varies; it increases when environmental changes increase selective pressures on a species and decreases when their environment is stable. You can watch this happen in a Petri dish, even trigger episodes of rapid evolution in bacteria by introducing novel environmental stressors.

Rate of evolution can also increase when a species enters a new, unexploited environment and promptly radiates into subspecies all expressing slightly different modes of exploitation. Darwin himself spotted this happening among Galapagos finches. An excellent recent book, The 10,000 Year Explosion, observes the same acceleration in humans since the invention of agriculture.

Thus, when we observe punctuated equilibrium (long stretches of stable morphology in species punctuated by rapid changes that are hard to spot in the fossil record) we shouldn’t see this as the kind of ineffable mystery that Gelernter and other opponents of Darwinism want to make of it. Rather, it is a signal about the shape of variability in the adaptive environment – also punctuated.

Even huge punctuation marks like the Cambrian explosion, which Gelernter spends a lot of rhetorical energy trying to make into an insuperable puzzle, fall to this analysis. The fossil record is telling us that something happened at the dawn of the Cambrian that let loose a huge fan of possibilities; adaptive radiation, a period of rapid evolution, promptly followed just as it did for the Galapagos finches.

We don’t know what happened, exactly. It could have been something as simple as the oxygen level in seawater going up. Or maybe there was some key biological invention – better structural material for forming hard body parts with would be one obvious one. Both these things, or several other things, might have happened near enough together in time that the effects can’t be disentangled in the fossil record.

The real point here is that there is nothing special about the Cambrian explosion that demands mechanisms we haven’t observed (not just theorized about, but observed) on much faster timescales. It takes an ignotum per æque ignotum kind of mistake to erect a mystery here, and it’s difficult to imagine a thinker as bright as Dr. Gelernter falling into such a trap…unless he wants to.

But Dr. Gelernter makes an even more basic error when he says “The engine that powers Neo-Darwinian evolution is pure chance and lots of time.” That is wrong, or at any rate leaves out an important co-factor and leads to badly wrong intuitions about the scope of the problem. Down that road one ends up doing silly thought experiments like “How often would a hurricane assemble a 747 from a pile of parts?”

To get a better handle on the problem, it helps to ask the kind of question D’Arcy Thompson did in his monumental 1917 book “On Growth and Form”: why is a hen’s egg round?

The shape of an egg can be neatly described by a parametric equation in three variables, but neither that formula nor those parameters are encoded in the chicken genome. The chicken genome describes a relative simple production rule about the timed release of various egg-component chemicals; that rule doesn’t know anything about the spatial organization of the result.

What happens instead is a dance between the construction steps and the diffusion physics of the chemicals. The egg shape is supplied by the principle of least action. The chicken genome’s recipe captures – incorporates – this physics without actually coding it.

Thus, if you derange the egg-formation recipe with point mutations, the outcomes are limited by the physics. You may abort egg formation entirely, or you may get ellipsoids with differing sizes or shapes. What you won’t get is cubes or Klein bottles. Random variation in the egg-production genome doesn’t produce random variation in the shapes of eggs – it produces sharply constrained variation. The design space that mutations of the recipe are exploring is many orders of magnitude smaller and more continuous than you’d expect from a “pure chance” account.

Gelernter makes a similar mistake when he asks “Starting with 150 links of gibberish, what are the chances that we can mutate our way to a useful new shape of protein?” But this is never a question evolution has to answer. The nearest correct question would be “Starting from 150 links of a protein we know is already selected for usefulness because it’s already expressed in an organism, what are the chances we can mutate to something else useful?”

Again…the physics of van der Waals forces mean that a small change in coding for a protein is likely to produce a small change in its folding. As with eggs, point mutations are highly unlikely to jump a large distance in expressed phenotypic design. And – this is the point – they are thus unlikely to jump far away from a design that is productive for something.

The question Gelernter actually asked is a silly straw man that depends for its apparent force on the reader having no intuitions about the effects of a history of successful adaptation – or of the constraining role of extragenetic natural laws – at all.

Gelernter himself is definitely not stupid or ignorant enough to fall into this kind of error when he’s thinking clearly. From which we can only conclude that, on this subject, he refuses to think clearly.

The Rectification of Names

Post Syndicated from esr original

The sage Confucius was once asked what he would do if he was a governor. He said he would “rectify the names” to make words correspond to reality. He understood what General Semantics teaches; if your linguistic map is sufficiently confused, you will misunderstand the territory. And be readily outmaneuvered by those who are less confused.

And that brings us to the Jeffrey Epstein scandal. In particular, the widespread tagging of Epstein as a pedophile.

No, Richard Epstein is not a pedophile. This is important. If conservatives keep misidentifying him as one, I fear some unfortunate consequences.

Pedophiles desire pre-pubertal children. This is not Epstein’s kink; he quite obviously likes his girls to be as young as possible but fully nubile. The correct term for this is “ephebophile”, and being clear about the distinction matters. I’ll explain why.

The Left has a long history of triggering conservatives into self-discrediting moral panics (“Rock and roll is the devil’s music”). It also has a strong internal contingent that would like to normalize pedophilia. I mean the real thing, not Epstein’s creepy ephebophilia.

Homosexual pedophiles have been biding their time in order to get adult-on-adult homosexuality fully normalized as battlespace prep, but you see a few trial balloons go up occasionally in places like Salon. The last round of this was interrupted by the need to take down Milo Yiannopolous, but the internal logic of left-wing sexual liberationism always demands new ways to freak out the normals, and the pedophiles are more than willing to be next up in satisfying that perpetual demand.

Liberals have proven themselves utterly useless at resisting the liberationist ratchet, so I’m not even bothering to address them. Conservatives, if you want to prevent the next turn, don’t give the pedophilia-normalizers maneuvering room. Rectify the names; make the distinctions that matter.

Epstein’s behavior is repulsive because we judge young postpubertal humans to be too psychologically immature to give adult consent, but it’s nowhere near the evil that is the sexual abuse of prepubertal children.

Part of the problem here is that our terminology for some of the distinctions is multivalent. Sometimes “child” refers to a legal status, sometimes to the developmental stage before sexual maturity, and sometimes to a less well defined stage of psychological development, with further confusion because these don’t happen on the same calendar-year schedule for all individuals.

Epstein recruited girls as young as 14. Yes, really icky and I think it is quite right he was prosecuted for statutory rape. But women that age who are not only nubile but psychologically adult do exist, even if they’re very very rare – in 60 years I think I’ve met exactly one. Alas, women a few years over the nominal age of consent who are still immature enough that they are not really competent to make sexual decisions are rather more common.

Until we have a rectification of names in this area, great care is warranted about who we call a “child”, and where we draw the line between creepily asymmetrical relationships and outright perversion. And this matters above the personal level.

There are real rings of pedophile monsters out there, notably in Hollywood where sexual abuse of child actors has a long and sordid history that has recently begun to resurface. Dammit, conservatives, don’t spend your credibility in an overheated fling at Epstein lest you find you’re out of rhetorical ammunition and allies when the real monsters need to be taken down.

Loadsharers has a logo

Post Syndicated from esr original

Nobody stepped up to design a Loadsharers logo, so I did it myself. Here it is:

Loadsharers logo

Yeah, I’m not much of a graphic artist, but I can do a semi-competent job of whacking together a simple logo when I need to. If you’re an actual pro and think you can fix this or do better, have at it. The XCF I made this from is in the Loadshaers repository at

The only fly in the ointment is that I’m not entirely sure who owns the clipart image of Atlas that I’m using. I found it on some random sludgy “free” clipart website, in two versions: one with a copyright asserted by Can Stock, another inviting download from a site called Dreamlines. But I couldn’t find it by search and eyeball on either site. Email to Can Stock got no response.

I fear the only way I’m going to find out is if I get a Cease and Desist letter. At which point I’ll reply by saying “I tried…and have you got a vector graphics version I can buy the rights to?”

If you are a Loadsharer, feel free to display this proudly on your website, with a link to Someday there might be T-shirts.

A libertarian rethinks immigration

Post Syndicated from esr original

Instapundit recently linked to an article at the libertarian Reason magazine with a premise I found – considering the authors and the magazine – surprisingly dimwitted. No, a border wall is not necessarily morally equivalent to the Berlin Wall, or anywhere near it. Consider Hadrian’s Wall, or the Great Wall of China. Sometimes there are actual barbarians on the other side of it.

But this does motivate me to try to clarify my own thoughts about libertarianism and immigration. Is there, in fact, any libertarian defense of border and immigration controls?

Let’s dispose of a red herring first. The fact that immigration controls are enforced by a government is not dispositive for at least two reasons. One is that one may be a minarchist libertarian, holding that governments have a legitimate but small and rigidly constrained set of duties including national defense; to the extent that border and immigration controls are construed as national defense, there’s no problem in principle with them. That’s the easy case, which I’m going to ignore for the rest of this essay except to note that I think this is how the founders of the U.S. would have conceived the matter.

Even for anarcho-capitalists like myself, government enforcement of law may be regarded as a historical accident that in itself doesn’t tell us much about which laws arise from the natural rights of individuals. The question to be addressed here is whether any system of law founded on those natural rights could include border controls on a defined territory.

The first question on the way to answering that is what “natural right” could border controls possibly be a defense of? The obvious one is that they might be justified as a form of collective self-defense. If you’ve got a peaceful, prosperous libertopia going, you’d really prefer not to have a bunch of people who haven’t signed on to your social contract walking in. Because you’re likely to have to kill or expel a lot of them in self-defense, and who wants that aggravation? Better to keep them out in the first place, allowing in only those who are willing to contract. Or who are sponsored by a citizen who is willing to post a bond against their behavior for the first N years.

(I’m being vague about how the process of binding oneself to the libertopian social contract works because there are a couple of different theories about that. None of the differences among these theories is relevant to the present essay. I will note that under any of them, “libertopia enforces the law” would cash out to “insurance companies pay security agencies to do it because the alternative is profiting less on those crime-insurance premiums”.)

Generally speaking libertarians don’t have a problem with border controls when the people trying to cross them are organized invaders, or individual criminals. The problem case, related to why immigration has become a hot-button issue in today’s politics, is whether border controls that keep out peaceful immigrants protect any natural right of the libertopians.

Libertarians like to avoid making nebulous ethical claims about groups, so let’s reframe this. J. Random Foreigner shows up at the border of libertopia, claiming he wants to become a member in good standing. What policy should the insurance companies tell their security contractors to have in order to optimize the expected change in payout on their crime-insurance policies?

Notice how this helpfully concretizes the problem. Instead of having abstract arguments about rights, defense of the rights of libertopians is priced into the insurance company’s decisions by people with skin in the game. Notice also that this gives the insurance companies an incentive not only to keep out bad actors, but to let in good ones. Criminals are loss generators; people who genuinely want to join the libertopian social contract, and are capable of doing so, are profit generators.

Let’s start with some obvious extreme cases. The guy has MS-13 tattoos? Nope, nope, nope. Obvious high risk. The guy is wearing Amish plain clothing and has a Pennsylvania Dutch accent? Let him in – those people are famously law-abiding and we can always use good farmers. In both cases one could in the extreme be wrong; Amish guy could be a sociopath and MS-13 guy could have given up gang life. But no rational person would bet on this and the insurance company won’t if it wants to maximize its profits.

Let’s continue by disposing of some obvious objections. Will the insurance companies exclude black- or brown-skinned people? I don’t think so. And if you think so, you’re probably a racist I want nothing to do with.

Why do I say that? Remember, the insurance companies are trying to optimize the effect of immigration on their profits. If you believe that having a black or brown skin is a sufficiently reliable predictor of being a loss generator for the insurance companies to use it, there are only two possibilities. Either you are wrong, in which case you have an irrational fixation about race and should be deeply ashamed of yourself. Or you are right, in which case the entire objection to “racism” as a belief system pretty much vanishes. I think the former is much more likely.

On the other hand, screening for a minimum IQ threshold would make a lot of sense from what we know about the correlation between IQ, time preference, and criminality. Set at any reasonable level, almost all Ashkenazic Jews will pass that screen, while many Australian aborigines and sub-Saharan Africans will fail it. This looks like racism, but isn’t; the only ethical question here is how predictive your tests are of the qualities required for an individual to function as a libertopian.

(Which also disposes of the usual nonsense about cultural bias in IQ tests. Cultural bias is actually part of the point here; you want immigrants who can function, speak your language or at least learn it rapidly, assimilate. A bit of cultural bias in the tests might be a good thing, though I’d myself be inclined to try to tune it out.)

Since you probably don’t want a repeat of the Rotherham/Cologne/Malmo rape-gang atrocities, there are some combinations of age, religion and country of origin that should be a crash landing. Anyone you have good reason to suspect of believing infidel girls are fair game to be “taken with the right hand” (as the Koran puts it) should be turned away. Worst case there’ll be a rape or murder victim, best case somebody will have to shoot him.

The predicate for this isn’t as simple as “Muslim” or even “Muslim male”. The university-educated 40-something Persian engineer I used to have as a downstairs neighbor would have been a good bet; anyone aged 13 to 35 from the back county of Afghanistan or the Tribal Areas of Pakistan, on the other hand…

Now let’s talk about the subtler aspect of the screening problem, which our hypothetical tribesman is a good lead-in to. This is the part I didn’t understand until recently, and why I’m more sympathetic to immigration restrictionists than I used to be.

Libertopia has both tangible and intangible assets. The intangible ones include, for example, the intelligence and pro-social traits of its people. Another is its voluntary consensus about how things ought to be done – and (which is not quite the same thing) the social contract itself. If I am a member of the contract network of security professionals and arbitrators that enforce libertopia’s norms, I’m not going to think my job ends with defending the tangible assets of libertopians. In fact, I’d consider identifying and defending the intangible assets more important, because they’re more fragile.

Again, let’s concretize this. One of the intangible assets I benefit from as an American – and which I would expect libertopia to have – is that in my society, I can usually make handshake deals with strangers and expect them to be honored. I live in a context of what people who study this sort of thing call “high social trust”. (In part because I avoid the places in the U.S. where social trust levels are low.)

This is more important than anyone who has never lived outside a high-trust society really understands. In low-trust societies, you can’t count on anyone outside your family or tribe not to betray an agreement for short-term advantage. Large-scale cooperation is difficult. Rates of crime and violence are high, the law is unreliable, and at the extreme blood feuds are a common way of pursuing disputes.

The sociologist Robert Putnam is now (in)famous for noticing that diversity – whether it’s linguistic, ethno-racial, or religious – erodes social trust. This is why in “diverse” societies people tend to self-segregate into groups of like kind; they want to deal with neighbors whose behavior they can predict. But what Putnam found is that diversity does not merely erode trust across groups; it erodes trust within them as well.

If I’m a citizen of libertopia, one of the things I want defended with my crime-insurance premiums is the high trust level of my society.

This is why my position about immigration policy in the real world is different than it used to be. I started with the usual libertarian disposition in favor of open borders. I also started with – I’m now ashamed to admit – the usual Blue-Tribe presumption that opposition to unrestricted immigration is at best vulgar and plebeian, at worst narrow-minded if not actually racist.

I should have listened more and reflected the class prejudices of my birth SES less. I now understand that the core complaint of the anti-immigration Trump voters isn’t even about illegals low-balling them out of jobs, although that’s certainly a factor. It’s “I want to keep the high level of social trust I grew up with, and I see mass immigration – especially mass illegal immigration – eroding that.” They think the political elites of both parties, and corporations profit-taking in the labor market, are throwing away that intangible asset to plump up a bit more power and profit.

I now think that is a serious – and justified – complaint.

In the short term, the willful denial of this problem by our soi-disant “elites” is probably Donald Trump’s best hope for reelection in 2020. And no, I’m not excluding the booming economy; I think this matters more to his base, even if they have trouble articulating it. And I don’t think that priority is wrong.

In the longer term, what is to be done about it?

I think I’ve already shown that the contingent fact that real-world border controls would have to be enforced by a government is not really a bar to designing them. Americans made choices over generations to build the asset called “high social trust”; the fact that they must now, practically speaking, use government to defend it is no more problematic than are government-enforced laws against theft, rape, and murder. How we transition from the current system to libertopia is an orthogonally different question.

To begin with, I’d have the Border Patrol and ICE do what libertopians would do. Screen by individual merit and by culture of origin, deliberately excluding people from barbaric low-trust milieux, people who don’t speak English, people with seriously subnormal IQs.

Because I think I know what policies are ethically proper for libertopians to do to defend themselves, I think I know what is ethically proper for Americans to do. And it all has to begin with the premise that coming to the U.S. is not a right, it is a privilege you earn from the expectation that adding you will be good for the health and future of America.

Segfaults and Twitter monkeys: a tale of pointlessness

Post Syndicated from esr original

For a few years in the 1990s, when PNG was just getting established as a Web image format, I was a developer on the libpng team.

One reason I got involved is that the compression patent on GIFs was a big deal at the time. I had been the maintainer of GIFLIB since 1989; it was on my watch that Marc Andreesen chose that code for use in the first graphics-capable browser in ’94. But I handed that library off to a hacker in Japan who I thought would be less exposed to the vagaries of U.S. IP law. (Years later, after the century had turned and the LZW patents expired, it came back to me.)

Then, sometime within a few years of 1996, I happened to read the PNG standard, and thought the design of the format was very elegant. So I started submitting patches to libpng and ended up writing the support for six of the minor chunk types, as well as implementing the high-level interface to the library that’s now in general use.

As part of my work on PNG, I volunteered to clean up some code that Greg Roelofs had been maintaining and package it for release. This was “gif2png” and it was more or less the project’s official GIF converter.

(Not to be confused, though, with the GIFLIB tools that convert to and from various other graphics formats, which I also maintain. Those had a different origin, and were like libgif itself rather better code.)

gif2pngs’s role then was more important than it later became. ImageMagick already existed, but not in anything like its current form; GIMP had barely launched, and the idea of a universal image converter hadn’t really taken hold yet. The utilities I ship with GIFLIB also had an importance then that they would later lose as ImageMagick’s “convert” became the tool everyone learned to reach for by reflex.

It has to be said that gif2png wasn’t very good code by today’s standards. It had started life in 1995 as a dorm-room project written in journeyman C, with a degree of carelessness about type discipline and bounds checking that was still normal in C code of the time. Neither Greg nor I gave it the thorough rewrite it perhaps should have gotten because, after all, it worked on every well-formed GIF we ever threw at it. And we had larger problems to tackle.

Still, having taken responsibility for it in ’99. I kept it maintained even as it was steadily decreasing in importance. ImageMagick convert(1) had taken over; I got zero bug reports or RFEs for six years between 2003 and 2009.

I did some minor updating in 2010, but more out of completism than anything else; I was convinced that the user constituency for the tool was gone. And that was fine with me – convert(1) had more eyes on it and was almost certainly better code. So gif2png fell to near the bottom of my priority list and stayed there.

A few years after that, fuzzer attacks on programs started to become a serious thing. I got one against GIFLIB, which was issued a CVE and I took very seriously – rogue code execution in a ubiquitous service library is baaaad. A couple of others in GIFLIB’s associated utility programs, which I took much less seriously as I wasn’t convinced anyone still used them at all. You’re going to exploit these…how?

And, recently, two segfaults in gif2png. Which was absolutely at the bottom of my list of security concerns. Standalone program, designed to be used in input files you trust to be reasonably close to well-formed GIFs (there was a ‘recover’ option that could salvage certain malformed ones if you were very lucky). Next to no userbase since around 2003. Again, you’re going to exploit this…how?

Now, I’m no infosec specialist, but there is real-world evidence that I know how to get my priorities right. I’ve led the the NTPsec project for nearly five years now, reworking its code so thoroughly that its size has shrunk by a factor of 4. NTP implementations are a prime attack target because the pre-NTPsec reference version used to be so easy to subvert. And you know what the count of CVEs against our code (as opposed to what we inherited) is?

Zero. Zip. Zilch. Nobody has busted my code or my team’s. Despite half the world’s academics and security auditors running attacks on it. Furthermore, we have a record of generally having plugged about four out of five CVEs in the legacy code by the time they’re issued.

That’s how the security of my code looks when I think it’s worth the effort. For GIFLIB I’ll spend that effort willingly. For the GIFLIB tools, less willingly. But for gif2png, that seemed pointless. I was tired of spending effort to deal with the 47,000th CS student thinking “I know! I’ll run a fuzzer on !” and thinking a crash was a big deal when the program was a superannuated standalone GIF filter that hasn’t seen any serious use since J. Random Student was in diapers.

So two days ago I marked two crashes on malformed input in gif2png won’t-fix, put in in a segfault handler so it would die gracefully no matter what shit you shoved at it, and shipped it…

…only to hear a few ours later, from my friend Perry Metzger, that there was a shitstorm going down on Twitter about how shockingly incompetent this was.

Really? They really thought this program was an attack target, and that you could accomplish anything by running rogue code from inside it?

Narrator voice: No, they didn’t. There are some people for whom any excuse to howl and fling feces will do.

A similar bug in libgif or NTPsec would have been a serious matter. But I’m pretty good at not allowing serious bugs to happen in those. In a quarter century of writing critical service code my CVE count is, I think, two (one long ago in fetchmail) with zero exploits in the wild.

This? This ain’t nothin’. Perry did propose a wildly unlikely scenario in which the gif2png binary somehow got wedged in the middle of somebody’s web framework on a server and allowed to see ill-formed input, allowing a remote exploit, but I don’t believe it.

Alas, if I’ve learned anything about living on the modern Internet it’s that arguing that sort of point with the howler monkeys on Twitter is a waste of time. (Actually, arguing anything with the howler monkeys on Twitter is a waste of time.) Besides, the code may not be an actual security hazard, but it has been kind of embarrassing to drag around ever since I picked it up.

So, rather than patch the C and deal with yet another round of meaningless fuzzer bugs in the future, I’ve rewritten it in Go. Here it is, and now that it’s in a type-safe language with access bounds checking I don’t ever have to worry about that class of problem again.

One good thing may come of this episode (other than lifting code out of C, which is always a plus). I notice that the GIF and PNG libraries in Go are, while serviceable for basic tasks, rather limited. You can convert with them, but you can’t do lossless editing with them. Neither one deserializes the entire ontology of its file format.

As the maintainer of GIFLIB and a past libpng core developer, I don’t know where I’d find a better-qualified person to fix this than me. So now on my to-do list, though not at high priority: push some patches upstream to improve these libraries.

While I was making other plans, teil vier

Post Syndicated from esr original

I can walk again.

Wearing a joint-immobilizing boot brace, so I lurch around with a gait even more graceless than my usual palsied semi-stumble, but I can walk. And shower. And make my own breakfast. Hallelujah!

Better news: my prognosis is good. The joint had osteoarthritic damage that may be trouble down the road, but I’ve been osteoathritic in both feet for years now without symptoms. The big good news is that the joint cartilage wasn’t damaged, so I should get full use of the ankle back.

Boot brace for three weeks, physical therapy to strengthen the ankle after that. I won’t be back in kung-fu class for a while. Still, the medical level of this saga is going as well as could be expected.

The financial level, not so much, We got socked with a surgery bill of $2,238 today. Followup and PT…I don’t know what that will cost,but it won’t be cheap.

What’s worse, chose this perfect time to yank our ACA subsidy because we can’t document the regular income streams. Of course we can’t document them because we don’t have them. Which means we have to pay another $2000 to keep our existing coverage for just the next month, and the bureaucrats have told us to apply for Medicaid. Which we may not be able to get before open enrollment in January.

This means the amount of money I need to pull in without burning savings just went up by $2000 a month. Which is doing a good job of keeping me focused on getting Loadsharers off the ground. If it does well, I’ll do well, and have successfully attacked the larger problem of LBIP funding.

There’s going to be a Linux Journal article, and at least one technology-press interview. I’ve even (gasp!) tweeted about this, something that happens approximately once every other blue moon.

I have a list of 11 people who have taken the pledge. I think we need around 11,000 (mostly supporting LBIPs other than me) to make a real dent in the problem. So please, go out and prosyletize to your tech-industry friends, and ask them to spread the word. We need this to go viral.