general

Corrente has a YouTube (and link to a text file transcript) of a talk by Dan Geer, who I guess we'll call a cybersecurity expert. In a world where increasingly everything is online he takes a big picture view, based on his years chasing down malevolent hacker types, and concludes it's time to head for the exits.

I have long preferred to hire security people who are, more than anything else, sadder but wiser. They, and only they, know that most of what commercially succeeds [as a security product] succeeds only so long as attackers do not give it their attention while what commercially fails fails not because it didn't work but because it wasn't cheap or easy or sexy enough to try. Their glasses are not rose-colored; they are spattered with Realpolitik. Sadder but wiser hires, however, come only from people who have experienced private tragedies, not global ones. There are no people sadder but wiser about the scale and scope of the attack surface you get when you connect everything to everything and give up your prior ability to do without. Until such people are available, I will busy myself with reducing my dependence on, and thus my risk exposure to, the digital world even though that will be mistaken for curmudgeonly nostalgia. Call that misrepresentation, if you like.

By "misrepresentation" he is talking about the freedom to create multiple identities on and offline:

Privacy used to be proportional to that which it is impossible to observe or that which can be observed but not identified. No more -- what is today observable and identifiable kills both privacy as impossible-to-observe and privacy as impossible-to-identify, so what might be an alternative? If you are an optimist or an apparatchik, then your answer will tend toward rules of data procedure administered by a government you trust or control. If you are a pessimist or a hacker/maker, then your answer will tend towards the operational, and your definition of a state of privacy will be my definition: the effective capacity to misrepresent yourself.

Misrepresentation is using disinformation to frustrate data fusion on the part of whomever it is that is watching you. Some of it can be low-tech, such as misrepresentation by paying your therapist in cash under an assumed name. Misrepresentation means arming yourself not at Walmart but in living rooms. Misrepresentation means swapping affinity cards at random with like-minded folks. Misrepresentation means keeping an inventory of misconfigured webservers to proxy through. Misrepresentation means putting a motor-generator between you and the Smart Grid. Misrepresentation means using Tor for no reason at all. Misrepresentation means hiding in plain sight when there is nowhere else to hide. Misrepresentation means having not one digital identity that you cherish, burnish, and protect, but having as many as you can. Your fused identity is not a question unless you work to make it be. Lest you think that this is a problem statement for the random paranoid individual alone, let me tell you that in the big-I Intelligence trade, crafting good cover is getting harder and harder and for the exact same reasons: misrepresentation is getting harder and harder.

The reason that issues from Dan Geer's field (cybersecurity) spill over into everything else is what he's calling convergence:

Let me ask you a question: Are the physical and digital worlds one world or two? Are cyberspace and meatspace converging or diverging over time? I conclude that they are converging, but if they are converging, then is cyberspace looking more and more like meatspace or is meatspace looking more and more like cyberspace? That is not so clear.

Possibility #1 is that cyberspace becomes more and more like meatspace, ergo the re-creation of borders and jurisdictional boundaries is what happens next. Possibility #2 is that meatspace
becomes more and more like cyberspace, ergo jurisdictional boundaries grow increasingly irrelevant and something akin to one-world technocratic government more or less follows. The former is
heterogeneous, the latter is the monoculture of a single nation-state. As we all know, resiliency and freedom obtain solely from heterogeneity, so converging meatspace to cyberspace is the unfavorable outcome, but what can be done about it?

Convergence is happening because increasingly there are no alternatives to going online:

It seems to me that the leverage here favors cyberspace whenever and wherever we give cyberspace a monopoly position, which we are doing that blindly and often. In the last couple of years, I've found that institutions that I more or less must use -- my 401(k) custodian, the Government Accounting Office's accounts payable department, the payroll service my employer outsources to, etc. -- no longer accept paper letter instructions, they each only accept digital delivery of such instructions. This means that each of them has created a critical dependence on an Internet swarming with men in the middle and, which is more, they have doubtlessly given up their own ability to fall back to what worked for a century before.

It is that giving up of alternative means that really defines what convergence is and does. It is said that all civil wars are about on whose terms re-unification will occur. I would argue that we are in, to coin a phrase, a Cold Civil War to determine on whose terms convergence occurs. Everything in meatspace we give over to cyberspace replaces dependencies that are local and manageable with dependencies that are certainly not local and I would argue much less manageable because they are much less secure. I say that because the root cause of risk is dependence, and most especially dependence on expectations of system state. I say "much less secure" because one is secure, that is to say that one is in a state of security, if and only if there can be no unmitigatable surprises. The more we put on the Internet, the broader and unmitigatable any surprises become.

The issue is bigger than just a virus here or malware there. It's about control of the online monoculture. Geer admits at the beginning of the talk that no one person can see the whole picture, which may be why a slightly panicky exit is the best course for the individual.

Google is practicing social engineering by denigrating "non-secure" sites in search results, according to ars technica:

Sites that properly implement the transport layer security (TLS) protocol may be ranked higher in search results than those that transmit in plaintext, company officials said in a blog post published Wednesday. The move is designed to motivate sites to use HTTPS protections across a wider swath of pages rather than only on login pages or not at all. Sites that continue to deliver pages over unprotected HTTP could see their search ranking usurped by competitors that offer HTTPS.

So, as a genetically modified guinea pig I now have a "secure" version of this blog: https://tommoody.us. Bots, do your thing. Except, well, http://tommoody.us still exists and doesn't redirect anyone to the secure page(s).
It's like I now have a "secure" mirror site -- but it's a mix of http and https URLs.
For example, this post is "secure" (meaning the content is encrypted from the page to your browser and Malcolm in the Middle can't read along with you), but only because I manually changed the image URL of my "logo" to https in my Word Press theme editor. Whereas this post is not "fully secure" because it still has http in the image tag in the post.

Am bleakly curious how the googlebot is going to handle this -- will it index my site twice? Will the http version of the same site be demoted in search results? Guess I need to do some reading (now that I've already taken this step.) I'm sure the geniuses at Google won't make a mess of their altruistic behaviorism.

Update: Google wants you to treat the https site as a new site and redirect all your http URLs to it. That's more work than any mom and pop website that's built a smidgeon of web credibility should have to do just to be on the good side of Google's search bot. The political dimension of this is what's been predicted (and happening) for years -- the gradual downgrading of independent users in favor of larger corporate entities with full-time security staffs. One smug commenter on the ars technica post internalizes this as snobbish complaining about the http users stinking up his internet neighborhood: "I don't want you operating a fly-by-night dynamic web site with no security in the neighborhood my nephews do homework on." But what if a site doesn't use "dynamic" features such as online purchase forms? As I understand it, Google still plans to penalize it for not having https.

Update 2: With a bit of hassle and about an hour of down time I was able to redirect the http pages to the new https site, which you should now be seeing.

1. Thanks to Daniel DeLuna for the post of some of my works on paper. To clarify somewhat the accompanying quote he uses, my point wasn't that those tech-website commenters were saying that you had to be high tech. It was that they were making a false analogy between "writing your own code" and "grinding your own pigments." The latter has been a dead issue in the art world since before the 1960s. It's OK if you want to be a purist about writing code for digital-based artworks, just don't use that analogy to make the point.

2. On (Anti)Disambiguation, by Mikhel Proulx (which appears to be a pseudonym) in the journal Doubting (2012). Wow, an essay that mentions Internet Surfing Clubs in the context of the Habermasian public sphere that doesn't make you want to pull your hair out. This is a good, detached summation of that scene, and it's mostly still relevant, two years after its publication, to a kind of "authorless" art still happening online. A quick recap of Proulx's thesis: the trend of dominant culture is to "disambiguate" (for example, Wikipedia's lists of different possible meanings for the same word), while artists "anti-disambiguate" through remixes, mashups, crowdsourcing, etc. Finding a place for this to happen has become more of a problem in the last couple of years (since Proulx's article), with social media hosts insisting on a "unitary identity" and killing the remix vibe by continually tinkering with their platforms -- as was seen by the recent artist embrace and rapid disillusionment with Google Plus. Also, at the time of Nasty Nets, et al, artists didn't have to care about whether all their efforts were making David Karp a very rich man and leaving them in the cyber-slums (i.e., mom's basement). Many don't care now -- but they should, maybe.

3. David Szafranski has some articles up that I wrote about his work -- before I moved back to NY in '95, so we were still in the print era. This one from the Dallas Morning News (1990) came at the tail-end of the "NEA flap," also known as the Culture Wars. This was sort of a proto-Boris Groys argument for the need for institutional empowerment -- so we find out what we actually care about. At the time a friend asked me, "what are you actually saying here?" I think it was an art review disguised as a contrarian political argument.

Update: Mikhel Proulx's anti-disambiguation of his name by linking to "Mikhel Proulx" on Google Images (for his byline on the article "(Anti)Disambiguation") was so successful that I couldn't tell if he was a real person. He is, and also wrote this paper further developing themes in the article, including screenshots of a photoshop filter-ish riff Charles Westerman and I did on a stock photo company's aggressively watermarked image of a woman looking at a late Picabia painting at the Tate (on Nasty Nets).

The current CPOTI (creative person on the internet) operates in a shifting, amorphous zone between the two extremes of

1. Theatrically quitting the Net (and then returning with a self-hosted site -- the Kevin Bewersdorf model)

and

2. Surrendering your entire practice to Mark Zuckerberg's advertising honey trap-cum-government surveillance apparatus, as described, not in those terms of course, in this extended Facebook infomercial on the Hyperallergic website (hat tip bill)

John Seed, the writer of the infomercial, was evidently born very recently and thus has no deja vu sensation that this entire "have virtual friends in your studio, listening to you moan about your creative trials and giving you self-serving advice" model was done ten years ago in the so-called blogosphere, and without all the conflicted issues of being grist for someone else's ad machine. (Issues of which Seed seems unaware.)
In fact, some denizens of that era never moved to Facebook. Painter Dennis Hollingsworth, am happy to see, is still maintaining an open studio on his Movable Type blog. How he is able to do this with no verifiable friend count is hard to fathom -- he must be crushingly lonely. Almost like painters were before the internet.
To be fair, Hollingsworth doesn't moan -- his studio diary spares you maudlin, unprofessional entries such as this:

John Seed's article about the above painter uses two words that should cause shivers to anyone who has read a word or two about Facebook's celebrated collusion with government and advertisers: trust ("the sense of trust this [transparency] engenders" "his candor generates trust") and confessions ("Mark’s Facebook posts strike me as brave and honest confessions around the challenges faced by the painter on a daily basis" "Facebook offers a public forum where doubts and confessions can be offered up and support can be offered").
Its true that "talking about some of the melancholy [you] go through in the studio" isn't the same as admitting a crime or peccadillo that John Law or Jane Employer might find intriguing. But post-Snowden, et al, this is probably a better time to be putting on your game face than letting it all hang out. One should be wary of "confession creep." Hyperallergic won't do this -- its ongoing mission is to make Facebook cool for artists. But others might note the example of how not to be, on the internet, at this particular moment. Your vulnerabilities can and will be used against you.

From the calm, unconflicted perspective on this old school blog, we continue to watch in amazement as the world crawls up Mark Zuckerberg's bum. OK, well maybe not so calm.
Naked Capitalism linked today to a new "cool stuff" blog under the Nick Denton/Gawker/Gizmodo brand called "Sploid." Heavy on animated GIFs and meme-hopefuls, it's just one cool thing after another.
Each post has a "join us on Facebook" link. Curious what that offered, other than access for Sploid to the vaunted social graph (you know, kids), we went to the Sploid Facebook page, as it appears to non-Zucks. It's a shortened version of the Sploid blog, but looks worse because it has to conform to Facebook's design scheme, and with new teaser copy that some poor SOB has to write (and no animated GIFs -- apparently Sploid opted not to convert them to Facebook's fake GIF format). The top of each Sploid Facebook post says "SPLOID shared a link," as if Sploid was your friend and wanted you to know about some cool thing, when it fact it's just mirroring its own daily content. There doesn't appear to be a Twitter clone yet.
Of course Denton is horrible and kind of desperate, but I wonder how many other publications have decided their survival depends on having crappier versions of their product surrendered into a competitor's private servers. They would essentially be admitting their work isn't strong enough to lure readers back to the "commons," where they can be found through ordinary search and word of mouth. Does the commons even exist, or is it just spam and crappy old sites -- please don't answer that.
A small anecdote from recent experience. A younger musician, let's call him DankCats, said he would follow my blog more but he can't deal with getting an RSS reader. A mutual friend offered to create a Tumblr that mirrors tommoody.us posts so DankCats could read it. Our editorial board convened and considered a motion that, in order for tommoody.us (and the artist who produces it) to survive as a going concern in the modern world, it was going to need a "tumblr version," a "twitter version," and a "facebook version." The motion failed. There are many ways to look at failure.