About a year ago, I left One Laptop per Child and decided to find a new adventure. Last August, I was admitted to the graduate program at MIT, and while I was fantastically excited to study with an extraordinary advisor, life had other plans. I did not enroll. But I’m still receiving quite a bit of e-mail asking what I’m up to these days, so perhaps a short update is in order.

I spent much of the last year devoted to my own research. I spun down various commitments, and took up a few others: I joined the advisory board for the Anti-Malware Testing Standards Organization, became a member of the technical working group for Harvard Berkman’s StopBadware, and joined the Security Response Team for Python, my programming language of choice.

Earlier this year I reprised my role chairing the Program Committee for the 2009 PyCon. I also added a small sideshow to the conference: a summit for dynamic language implementers, with participants from 12 different language groups. All my involvement with the Python community continues to be both humbling and inspiring; I have yet to find such a compelling mix of intelligence, humor and interpersonal warmth in another technical crowd.

But perhaps most importantly, I have — at long last — found my new adventure. After a great deal of deliberation, I moved to California and joined the local fruit vendor.

Today was my first day on the job, and I couldn’t be more thrilled.

Neuroenhancers are perfectly suited for the anxiety of white-collar competition in a floundering economy. And they have a synergistic relationship with our multiplying digital technologies: the more gadgets we own, the more distracted we become, and the more we need help in order to focus. The experience that neuroenhancement offers is not, for the most part, about opening the doors of perception, or about breaking the bonds of the self, or about experiencing a surge of genius. It’s about squeezing out an extra few hours to finish those sales figures when you’d really rather collapse into bed; getting a B instead of a B-minus on the final exam in a lecture class where you spent half your time texting; cramming for the G.R.E.s at night, because the information-industry job you got after college turned out to be deadening. Neuroenhancers don’t offer freedom. Rather, they facilitate a pinched, unromantic, grindingly efficient form of productivity.

The article is a good read covering a fascinating subject, and I’m only going to add two pieces of supplemental reading. If, like me, you found Talbot’s article overly anecdotal and painfully short on the science, you need to read Botox for the brain: enhancement of cognition, mood, and pro-social behavior and blunting of unwanted memories appearing in Neuroscience and Behavioral Reviews 32 (2008) 760-776. Due to the epic pain in the ass that is closed-access academia, you or your academic institution need to pay a boatload of money to Elsevier to read the paper, so I’m sticking it right here (PDF) until I’m asked to take it down.

And if the specific phrase Talbot uses at one point in the article — “mind hacking” — made you pause and reflect on just how fascinating a concept that is, my second link for you is a story. Cory Doctorow explores mind/body hacks in 0wnz0red, and it’s convincingly one of my all-time favorite pieces of short science fiction.

Ten days ago, comrade Nils e-mailed to let me know he was going to be at the conference. I couldn’t make it myself, being stuck in Europe for the moment, but ever since that e-mail, I’ve been giggling like a schoolgirl about what I expected Nils would do at Pwn2Own.

What he wound up doing far exceeded my expectations. First, Nils scored against Safari on OS X. Then he scored again, hitting Internet Explorer 8 on Windows 7 (despite ASLR, DEP, and friends), snapping everyone’s head to attention. I was anticipating this might take place; the hardcore Sotirov/Dowd paper set the stage for it last year and Nils is smart enough to do it, yet the fact he pulled it off is still indisputably impressive. But the part no one saw coming: he asked for a third slot and scored against Firefox 3 on OS X, leaving Chrome the only browser to escape unscarred.

One man, two operating systems, three fallen browsers? I have no choice but to officially award comrade Nils the Ivan Krstić Seal of Mad Fucking Props.

And we now return to your regularly scheduled programming.

(Update, March 23rd: I originally believed he scored against Firefox on Windows, which turned out not to be the case. It was on OS X.)

I’ve received this question with some frequency, and even gave a brief talk about it last year. The subject matter is rather nuanced, and providing an explanation that does it justice would take a lot of effort, so it’s been sitting on my “to properly write about when I have some time” pile for quite a while now. Unfortunately, it recently became clear to me that The Pile is mostly a black hole. Not wishing to sorely disappoint Greg the Grad Student, I sent him the following sketch of an answer.

If I had to grossly overgeneralize, I’d say people looking at language security fall in roughly three schools of thought:

1. The “My name is Correctness, king of kings” people say that security problems are merely one manifestation of incorrectness, which is dissonance between what the program is supposed to do and what its implementation actually does. This tends to be the group led by mathematicians, and you can recognize them because their solutions revolve around proofs and the writing and (automatic) verification thereof.
2. The “If you don’t use a bazooka, you can’t blow things up” people say that security problems are a byproduct of exposing insufficiently intelligent or well-trained programmers to dangerous language features that don’t come with a safety interlock. You can identify these guys because they tend to make new languages that no one uses, and frequently describe them as “like popular language X but safer”.
3. The “We need to change how we fundamentally build software” people say that security problems are the result of having insufficiently fine-grained methods for delegating individual bits of authority to individual parts of a running program, which traditionally results in all parts of a program having all the authority, which means the attack surface becomes a Cartesian product of every part of the program and every bit of authority which the program uses. You can spot these guys because they tend to throw around the phrase “object-capability model”.

Now, while I’m already grossly overgeneralizing, I think the first group is almost useless, the second group is almost irrelevant, and the third group is absolutely horrible at explaining what the hell they’re talking about.

(If I was trying to be less overly general, I’d mention that in some instances the groups overlap substantially, and some subsets of these groups, such as the subset of group 2 that’s working on SFI and sandboxing, are relevant and occasionally produce good work.)

In terms of a very incomplete reading list for getting to know more about the subject, I recommend starting with Mark Miller’s PhD thesis, then looking at his work on Caja (paper, website) which aims to provide a way to securely write JavaScript without changing the language spec or the existing runtimes, and in the end having a glance at David Wagner’s work on Joe-E. All of those links fall into the “let’s change programming” group 3.

For a bunch of papers in the “mathematicians do it provably correctly” group 1 (though most not focused on security), see the publications section of the Alloy website.

Finally, for the “practice safe hex” group 2, take a look at Cyclone (paper, website), NaCl (paper, website) and Vx32 (paper, website).

Combined, these will give you enough references to chase the subject matter as far down the rabbit hole as you dare descend. Good luck, and may the gods have mercy on your soul.

While I hope to offer some insights that the technologists in the audience haven’t heard before, this is also my first security talk in a few years that doesn’t require much of a security background. Which is to say, the only prerequisite is a bit of curiosity. The talk is open to the public — hope to see you there!

When: This Thursday, March 5th, 7PM
Where: Harvard Science Center, room 112, 1 Oxford Street, Cambridge, MA (Map)
What: The Bitter Tale of Desktop Security: Our 35-year War
Abstract: It’s 2009. About 75% of all corporate machines are infected with at least one piece of malicious code. We’re seeing the emergence of weapons-grade botnets, designer trojans, and smart mobile malware. The black hat community is graduating from a ragtag army of rebels without a cause to a group of well-paid professionals engaging in research-quality work to rake in profits and evade detection. The entrenched players in the security industry have been predictably slow to respond. Now, seemingly bewildered by the new security landscape, they are increasingly claiming that salvation lies in restrictive new systems which threaten to transform your computer into little more than a glorified abacus. There must be a better way.

This session doesn’t require a security background: we will turn to history to try and explain why none of our machines are secure. We’ll then look at the problems of legacy and authority and explain why the road to a secure desktop is fraught with such toil and peril.

An article last Sunday about Rahm Emanuel, the White House chief of staff, misspelled the surname of the then-governor of Illinois who talked with Mr. Emanuel about the vacant Senate seat in his state. He is Rod R. Blagojevich, not Blogojevich.

An understandable mistake.

While the laborious minutiæ of my imminent move to the West Coast successfully sapped my desire (and the time) to write, there are a handful of top-notch articles that I’ve read recently and thought I ought to share.

Chief among them is Donald MacKenzie’s piece on hedge funds in the London Review of Books, a long — but not too long — explanation of just what it is that hedge funds do. MacKenzie’s writing is dense at times, but this is still the single best piece I’ve seen on the subject, and it goes into certain details of the Porsche/Volkswagen maneuver that I chose to leave out of my own article for simplicity’s sake.

Veteran New York Times reporter Joe Nocera’s piece, Risk Mismanagement: What Led to the Financial Meltdown, is a detailed answer to the key question I’ve had about the financial crisis. Where the hell was the math? Short answer: executives don’t understand that confidence intervals based on relatively short spans of historical data — by definition! — aren’t the right tool to predict rare radical outliers. Long answer: read Nocera’s article.

Finally, Michael Lewis and David Einhorn have a substantial, two-part Times op-ed, titled The End of the Financial World as We Know It and How to Repair a Broken Financial World which answers the other pressing question about the crisis: where the hell were the regulators, and why weren’t they paying attention?

Put together, these articles are some of the very best coverage of what’s been going on. They’re well worth a proper read.

Adolf Merckle, one of the world’s richest men, committed suicide yesterday by throwing himself under a train, Bloomberg reports. Financial difficulties, and particularly great losses he suffered on Volkswagen stock, are being cited as the key reason he ended his life:

[Merckle's company] VEM was caught in a so-called short squeeze after betting Wolfsburg, Germany-based Volkswagen’s stock would fall. Merckle lost at least 500 million euros on the bets on VW stock, people familiar said on Nov. 18. VEM lost “low three-digit million euros” on VW stock, the company said in November.

A “short squeeze” sounds inconspicuous enough; you wouldn’t tell it by Bloomberg’s language, but Merckle’s Volkswagen bet lost out to one of the most masterful hacks of the financial system in history.

For those of us who don’t live and breathe finance, this is that story.

In 1931, Austro-Hungarian engineer Ferdinand Porsche started a German company in his own name. It offered car design consulting services, and was not a car manufacturer itself until it produced the Type 64 in 1939. But things got interesting for Porsche long before then.

In 1933, he was approached by none other than Adolf Hitler, who commissioned a car designed for the German masses. Porsche accepted, and the result was the iconic Beetle, manufactured under the Volkswagen (lit. “people’s car”) brand. Today, Porsche’s company is one of the world’s premier luxury car brands, while Volkswagen (VW) is itself the world’s third-largest auto maker after General Motors and Toyota.

Three years ago, Volkswagen found itself fearing a foreign takeover. Porsche, the company, decided to step in and start buying VW stock ostensibly to protect the landmark brand, widely fueling market expectations that it would eventually buy Volkswagen outright. Of course, this isn’t quite what came to pass.

For three years, Porsche kept accumulating VW stock without telling anyone how much it owned. Every time it purchased more, the amount of free-floating VW stock would decrease, driving the stock price up slightly; your basic supply and demand at work. Eventually the share price became high enough that, to outside observers, it wouldn’t have made any sense for Porsche to buy Volkswagen. It would simply have cost too much.

To explain what happened next, I’m going to first tell you about a financial maneuver called shorting.

At any given point, only a certain amount of a publicly traded company’s stock is floating freely in the market. The rest is held in various portfolios, funds, and investment vehicles. Now, everyone’s familiar with the basic idea behind the stock market: you buy stock when it costs little, and you sell it when it costs a lot, profiting on the difference.

But that assumes a company’s value is going to increase. What if, instead of betting a company will go up, you want to make money betting the company will go down? You can — by selling stock you don’t own.

Say you borrow a certain amount of stock from someone who already owns it. You pay a fixed fee for borrowing the stock, and you sign a contract saying you will return exactly the same amount of stock you took after some amount of time. So, you might borrow a thousand shares of Apple stock from me (I don’t actually own any, but play along), pay me $100 for the privilege, and sign an obligation to return my stock in 3 months. At the time, Apple stock is worth $10 per share.

After you borrow the stock, you immediately sell it. At $10 a share, you get $10,000. Two and a half months later, another rumor about Steve Jobs’ health sends AAPL crashing to only $6 per share for a few hours, so you buy a thousand shares, costing you $6,000. You give me back those shares. Because you successfully bet the company would go down in value, you earned $4,000 minus the borrowing fee. This is called short-selling or shorting the stock, and the downside is obvious: if your bet was wrong, you would have lost money buying back the shares that you have to return to your lender.

Now things get kinky.

When Volkswagen’s share price exceeded the point where it made sense for Porsche to buy the company, a number of hedge funds realized that Volkswagen shares have nowhere to go but down. With Porsche out of the picture, there was simply no reason for VW to keep going up, and the funds were willing to bet on it. So they shorted huge amounts of VW stock, borrowing it from existing owners and selling it into circulation, waiting for the price drop they considered inevitable.

Porsche anticipated exactly this situation and promptly bought up much of these borrowed VW shares that the funds were selling. Do you see where this is going? Analysts did. According to The Economist, Adam Jonas from Morgan Stanley warned clients not to play “billionaire’s poker” against Porsche. Porsche denied any foul play, saying it wasn’t doing anything unusual.

But then, last October 26th, they stepped forward and bared their portfolio: through a combination of stock and options, they owned 75% of Volkswagen, which is almost all the company’s circulating stock. (The remainder is tied up in funds that cannot easily release it.)

To put it mildly, the numbers scared the living hell out of the hedge funds: if they didn’t immediately buy back the Volkswagen stock they were shorting, there might not be any left to buy later, and it isn’t their stock — they have to return it to someone. If their only option is thus to buy the VW stock from Porsche, then the miracle of supply and demand will hit again, and Porsche can ask for whatever price it wants per VW share — twenty times their value, a hundred times their value — because there’s no other place to buy. They’re the only game in town.

And that, my friends, is called a short squeeze.

Porsche’s ownership disclosure sent the hedge funds on such a flurry of purchases for any Volkswagen stock still in circulation that the VW share price jumped from below €200 to over €1000 at one point on October 28th, making Volkswagen for a brief time the world’s most valuable company by market cap.

On paper, Porsche made between €30-40 billion in the affair. Once all is said and done, the actual profit is closer to some €6-12 billion. To put those numbers in perspective, Porsche’s revenue for the whole year of 2006 was a bit over €7 billion.

Porsche’s move took three years of careful maneuvering. It was darkly brilliant, a wealth transfer ingeniously conceived like few we’ve ever seen. Betting the right way, Porsche roiled the financial markets and took the hedge funds for a fortune.

Betting the wrong way, Adolf Merckle took his life.

You’ve no doubt heard of Gottfried Wilhelm Leibniz, the 17th century German philosopher and mathematician who invented calculus, and whose mathematical notation we still use today. But you probably haven’t heard of his friend and contemporary Denis Papin, the French physicist who invented the steam digester, a crude predecessor to the steam engine. In 1705, at year’s end, Papin wrote to Leibniz to tell him of his plan: he would use steam to run a boat. And true to his word, a year and a half later, he had built the world’s first steamboat, a paddled side-wheeler, in the city of Kassel, Germany.

His plan was to sail from Kassel, which lies on the river Fulda, into the Weser river via the city of Münden, then to Bremen, from where the steamboat engine could be transshipped via the North Sea and finally to London, for a triumphant demonstration of his invention on the Thames. The trouble was, the boatmen’s guild in Münden had a monopoly on moving ships from the Fulda into the Weser — a monopoly enacted to protect their business interests with regard to freight ships. Papin’s ship carried no freight, of course. It was a technological proof of concept. But the distinction, alas, proved irrelevant.

When Papin sailed his steamer into Münden, the boatmen’s guild asserted their privileges, and not only barred the boat from entering the Weser, but demanded that the local magistrates impound the ship and turn it over to the guild. This did not come to pass: in the space of hours, the boatmen realized the ship’s steam engine spelled ruin to their entire business model, and decided to put a quick end to the matter. They pulled the engine out of the boat and smashed it to pieces. Some accounts claim Papin barely made it out of the incident alive; what’s known with some certainty is that he never recovered from the loss financially, and died a few years later in London, poor, unknown, and buried in an unmarked grave.

Innovation and technology have been fueling social change for as long as we can remember, and they’ve had their detractors for just as long. But seldom is resistance to change as strong as when money is at stake: obsolete business models do not go quietly into that good night. They go to war.

I know a few people who work on technology just for technology’s sake. Yet the most passionate and competent hackers I know are attracted to computing because they are builders and tinkerers, people who understand technology as a powerful medium for driving social change. Change in how we learn, how we create, how we communicate — change that, if tended to carefully, can ultimately be for better rather than for worse. But here’s the thing about change: someone always gets left behind. And they don’t usually take to it kindly.

Three hundred years ago, when a business model found itself threatened by change, its keepers destroyed a steamboat. Today, a dying business model hires a few hundred lawyers and comes up with a terrible catchphrase.

In a charming historical coincidence, the Statute of Anne, the first ever serious piece of copyright law, was enacted only two years after Papin’s misadventure in Münden. This bears note because our modern computing revolution made it essentially free to copy bits, thus pegging the marginal cost of digital content at zero. Unsurprisingly, how stuff gets copied became one of the most prominent hot-button issues pitting technological innovation against existing business models, and ever since, an army of lawyers have been dragging copyright through the courts six ways to Sunday.

The further technology and innovation get in their efforts to create change, the more people they piss off, and the more existing business models they upset. And much as it warms my heart to think of former RIAA head Hilary Rosen breaking into a nautical museum and taking a crowbar to the engine of some unsuspecting paddlewheeler, in actuality she took out her frustration with Napster in court, seeing the DMCA passed, with a victory in MGM v. Grokster, and getting a handful of other legal acts and treaties passed strengthening legal protections favoring the music industry’s established business models.

Copyright is far from the only high-profile battle being fought, however. The FCC, for instance, has been deliberating for six years whether to allow unlicensed public use of the unused TV broadcast spectrum, with the National Association of Broadcasters rallying all their legal and lobbyist might behind making sure such liberty is not offered to the public. (That story has a happy ending: a month ago, FCC gave the go-ahead.)

There are countless examples everywhere you look.

There’s a wider point in all of this: if you’re a technologist that cares about the intersection of technology, innovation, and social change, you can no longer afford to focus on the technology alone. Innovation and the status quo each have armies, but the battlefield has become increasingly legal. The bodies are buried in the court of law.

I’m not a lawyer. I don’t want to be. But keeping up with major developments and leading thinkers in cyberlaw is something I now regard as a necessity, and there are three key people I follow: Larry Lessig (blog), Jonathan Zittrain (blog), and Yochai Benkler. They are, without a doubt, among the very finest minds studying the collision of law and technology today.

Technology is my passion, and this essay is ultimately a plea: too many of my friends, world-class hackers and tinkerers, do not understand the degree to which the legal arena impacts our field, the innovation within it, and the social change stemming from it. I’ve been for some time on a mission to convince them to pay attention, and I’m telling the same to you: take the time to learn about what the guys above are thinking. Subscribe to their blog feeds. Think carefully about what they have to say. For if you don’t, one day the magistrates may come knocking on your door, telling you your passion is against the law.

Merry Christmas, and don’t let the boatmen win.

Unfortunately, I am not making this up.