The Joke: staying sane in the IT realm

Have you ever read Milan Kundera about the communist time in his place?

I love the bitter sweet fate of his protagonists.

How does the heroes of Kundera end up in troubles? They laugh. It ends bad, but they laughed... at the beginning. The Joke (1969)

In a world of lies, at one point your mind can't help but notice more and more the distance between the facts and the propaganda. And IT nowadays is all about plain propaganda. And when educated, sometimes you make fun of it.

You'd think that humour is universal and that it would solve problems, but is not, it seems to infuriate more the people around me. I have never seen as many conspiracy theory lovers in this field of activity, and as much blind adherence with the belief in a "shared common sense" of actual technological wisdom.

Well, I feel like you should really read Kundera, else you will not understand :)


I could begin with "hello world" which is the biggest lie of all time: It is simple to have a string displaying "hello" printed on a screen. But, this already requires to much common sense unsharable with the muggles that are not in IT.

Today I booted my computer. 

I had to wait for gibberish on a screen, press DEL, wait 4 seconds, press F7; F8 then down 3 times, and then ENTER.

Faulty hardware?

No, I just have installed 3 operating system, and a 5 stages booting using up to 3 distincts CPU in the computer and 4 operating systems (I count "BIOS" as an OS) later is required to boot.

I used to have multiboot with DEC alpha, Sparc 32/64, x86. I never had to go that far in complexity.

Do you know that in the past electronic engineers would proud themselves of entering the magical assembly language to enter the boot sequence with just one key?
Considering that they entered series of 512 1 or 0 (up/down) and that my keyboard is 105 keys I dare say that my boot sequence might be shorter, but virtually way more complex especially if you cannot see the screen and you have to have the timing right.

Progress for me is simplicity. It is when a scientist says let's skip thousands of line of calculus and do only one. But I must be wrong.

You know since when I am able to wake up on time every morning, my eggs are boiled correctly, and I listen to the music I like in the transportation ?

I lost my smartphone, and I am poor.

So instead of buying a new phone I got an old nokia. You think; it charges once every week; and the connector are strong, thus it is now never discharged in the morning and now phones always ring. True. That helps from time to time.

But nop. The alarm interface maybe good enough for one time, but is sux. It sucked so much I went buying a clock with needle and 2 buttons one for the light, the other one for setting the alarm. Since then, I don't suffer the morning panic attack of "did my phone rang?". My alarm clock rox. 2 buttons interface, idiot proof (you sometimes go to bed wasted) is a plus.

My old style nokia is also a plain USB drive where I can drag and drop my music without caring I if use windows XP, BSD, linux Mac OSX, Solaris... Now, picking up and choosing music is easy.

Yeah. I seems to walk backward the stream of progress, and it seems to bring me a better experience. Shouldn't it be called progress?


I also execute arbitrary code everyday by doing wget | bash every single day, and I follow the best practices. It is supposed to be the most insecure stuff to do and that should get me fired.

Don't get me wrong, I don't actually type wget url |bash. I am not a noob.

I have a lot of software like pip, apt-get, pkg, firefox to do it for me. I do it on instruction of my superiors.

My preferred one if installing putty.

I go on an HTTP website, I click on a link, I may use clamav to scan it, and or check the signature given on an HTTP web page that could be compromised (stop the joke: only 1 per thousands of actual computer engineer take the time to check the signature), and then I use the sofware.

It is the slow way of doing it. I could also use apt-get to install chrome or firefox, that would load without my consent new code to execute at startup. At least, I did my best :)

I could sacrifice a chicken to be honest. It is as safe as using openSSL0.9.8.

Let's try the I could do it right.

If only it was PGP signed. But, PGP is probably the best software for cryptography but it has discouraged so much seasoned developer I can totally make a point it is one of the worst software for the users.

UI is all? How can I trust something that is hard to get right? 

But can we do "safe crypto at all" like Snowdens thinks it is possible?

Just look at the installed base of PGP key users after 15 years of advocacy versus the base of SSH users. And are  crypto stuff using an "out of bound" channel of internet? ...No.

Okay, let's put it simply: if you knew your mother was listening on (all) the phone lines when you were a teen; how could you make it so that she does not know you are planing mischief without her knowing?
You could try secret code. But a good mother would automatically pin you down as soon as you would use a heavy secret code. Mothers are more dangerous than NSA when it comes to protecting their kids.

Basically, using strong cryptography is so flashy that it makes you beam like a class A quasar on the internet saying "I have something to hide, look here!".

PGP ring of trust is requiring so much dedication of the users that your "secret" relationships are scarces. You even outline very nicely with PGP who are your dedicated conspiracy friends.

With the best crypto software no one knows what you say, but we know with whom you share. 

Tor? Please, I would be the NSA I would already know that any peer to peer/anonymous technology is sensitive to a majority attack and I would use my budget to spin a thousands nodes to have a secure channel inside my nodes used for spying the "good guy". Yep, I would put a dark net in the dark net to spy the dark net. Plus there is no risks, since it is not regulated, thus spying cannot be condemned. I love stupid people. 

But, this is too high level. Let's go back to the scent of a 1960's Paillet's primary school.

You know, I am old. I used to be a volunteer during the election for counting and re-counting ballots by hands. What I liked is that from all the end of the process I could guarantee there was no cheating. I could embrace with my eyes sufficiently enough information to guarantee that in "bureau 15 de Marcouville" there never was cheating in my city and that the number were correctly reported in the town hall under my watch.

PGP, like pip, apt-get .... all relies on the screen and the lies of "hello world" is simple to interact.

I am not paranoid, since I have altered inputs and outputs of computers numerous time without altering computers. Computers even alters the data spontaneously. But who cares. I cannot trust a system I can make lie easily without resorting to high level technologies.


Even though I am a bit more educated than average I don't have the physical time on earth to audit any of the stuff I am using. This includes the checking that software are not lying, nor networks, nor hardware. I cannot embrace -at the opposite of real life manipulation- all the information required to audit the process in a single glance. I thus think that it is inconceivable to fully trust a computer.

Even the small CPU inside of my PC responsible for booting an OS on a JVM to do the crypto signature is alien to me. I have no idea if it works.

The fact that java has a wide spread bug due to the lie of "hello world" is simple make me think the security part responsible for secured booting that requires my magical boot is not safe.

It probably represents 10% of the cost of the CPU. A feature I don't wish, trust or like. It does not feel secure at all, it evens look like a security hole to me. But I have to howl with the pack if I want to be considered a serious IT worker. I have to buy this unsecure shit, else I cannot use any serious secured crypto features.

So, like every morning, since I look for a job, still I am gonna read the PRAVDAs of Information Technologies: ycombinator, reddit, slashdot.

I have to pretend unicode is a mutable format for a string without Chtulu waiting to be invocated through a mispelling of an arabian string with a BIDIR character and a politically correct emoji mixing the klingon from a private plan in the middle.

I will have to pretend dockers and containers are not the new "POSIX threads gone wrong".

I will have to pretend distributed system are stable systems easy to code.

I will have to pretend I don't see the cumulative costs growing while the margin are dropping when the number of users grow, thus dooming any logic of benefits of any startups.

I will have to pretend KSAT problems (dll hell) can now be solved in a polynomial time (with clear evidence of the opposite).

I will have to pretend I believe in the lie of not being able to deliver software on time because it is "based on creativity" and that creativity cannot be bounded to milestones (for christ's sake; I have been the groom opening on time thousands of spectacle who were involving more potentiality of failure than any single projects I have worked on: I do think that doing acrobacy  over a pyrotechnical stage is kind of way more hazardous than using a MVC with an SQL database.

But you know, I have a pride. I will still laugh. Because the same way a Kundera protagonist would stop caring about the communist regim around him by watching at trees blooming in spring and understanding it is not the world that is gone wrong: just our heads. And I can laugh with the whole of my slavian soul in the middle of the turmoil. Lewis Carrol, Gogol, Kundera, Kafka, Gombrowicz, Buckowsky all prepared me for this day.

And, even if my code from the 1996 made in physics lab does not seems sexy by 2015 standards, I am proud of it:
it is a C code piping into a Tcl/Tk interpreter (whose path is configured in a config file) that goes fast enough and that I can still read and maintain. It still does the job. I bet on the right technologies that would stand.

After 20 years of User Interface madness (async UI are bad (Java/tk) let's do async/sync UI (PHP), then let's add a stateful interface to a stateless interface (Oauth+xhtmlpartialrequest+webrtc+localdb+HTML5...)); my code still works. It does even do math correctly! Correct design stays correct. I do advocate Tk as a serious cross platform UI toolkit.

And you know, You should be glad the people like me exists. That there are people not believing in total automation: you prefer nuclear plant to be driven by human beings with valves and knowldeges and making drills from time to time, rather than a fully automated plant with no one able in a 3km radius when a fast growing incident that can blow the planet happens. You really wish a team of able workers to be 24/7 at the command of a nuclear plant that can deal with the unexpected.

You prefer this because renewable energy may deliver energy but not during the peak of power, and thus, whatever propaganda maybe put in your ears, since we are incrementing our peak consumptions notably because of computers  nuclear plants are bound to be constructed again.

You prefer people like me because howling with the pack is not the right way to build long lasting software and because I am funny.

You will want to laugh, because it is not only the IT that are going wrong; it is also the economy, the official science, politics, common wisdom.

You will want to join me in a sane laugh at the madness around us.

 

No comments: