DNS over HTTPS, why it represents everything wrong in the IT industry today.
So a couple of weeks ago I read this article and wanted to comment on it, but was taken ill preventing me commenting at that time. Since then I have had plenty of time to think, and the subject of that article has been on my mind more than I expected it to be. The post I was going to make at the time was how I felt it was the wrong solution to the problem it purports to solve, but upon reflection I have come to the conclusion that it is worse than that, it is not only the wrong solution, but it is also a demonstration of everything wrong with the IT industry today.
Lets talk about Social Justice Warriors
So lets start off by saying I am a white, heterosexual, middle class, male. I have seen lots of comments on the internet about Social Justice Warriors (SJWs for short), and I gather that, based upon what I have seen, I should be worried for my very existence, as these SJWs are apparently out to rid the world of my kind, that is to say white middle class cis gendered (yes I know that "cis gendered" is a label for non trans gendered people, and some see it as an insult, but I am what I am, and I have no better label to use) heterosexual able bodied men. But I have very few examples I can point to of any of these SJWs that really concern me, or indeed that I disagree with in any significant way.
Before we go any further I should probably explain what triggered this particular rant. Recently a person at Google has been sacked for breach of Google's internal policies, a situation that has come to light because the breach was an article they authored about how diversity polices may be harmful, and then circulated within Google, and which promptly leaked. Now I have seen a version of this article, and I shall discuss my thoughts on it later, but what worries me now is the "debate" about the actions taken by Google, and I have already seen some very negative comments. There appear to be two basic sides to this debate, those who say the article was damaging, and wrong, and so Google did the right thing, and those that say Google has damaged itself by shutting down dissenting internal opinions (something the article points out is a risk of Google's current internal culture) and has also trampled this person's free speech rights. My concern is that these are the voices that are going to be screaming about SJWs in the not to distant future. So I thought I'd have a rant about the stupidity of this position from the viewpoint of a SJWs typical "victim".
The death of a smartphone, and the liberation it brings.
I knew I relied heavily on the access that I get by carrying around a smart phone, I read my emails, send and receive text messages, look things up on the internet, etc. It is a very useful tool, but I didn't realise how much of an impact it has on my life until it died. So I immediately ordered a replacement, but that took two whole days to arrive. The fix for my old phone was outside my ability level, and I couldn't find anyone who could fix it in a hurry, so I elected to spend two days without it, or any other phone. And it has been two of the least stressful days I have had in a very long time. Disconnected from the world, I didn't need to worry about things I could do nothing about, or keep abreast of the latest goings on on twitter. I almost regret getting a new phone, the old one is off for repair, and will be back in two to four weeks. I can hardly imagine spending that much time without a smartphone. Before the old one broke it was because I thought I would become overly stressed, and fail to cope, but having spent two days with only having the internet when tethered to a desk I can't imagine how relaxed I may get without a smartphone. Maybe in future I shall turn the phone off for periods of time. Maybe too much connectivity is a bad thing?
3 years on
So I started this blog just about 3 years ago now, and despite my intent to use it to encourage me to do something with electronics, and to show case my progress, I have done nothing much since I bought a Raspberry Pi and got it running. Indeed it is still sat in a box waiting for me to motivate myself to get back at it. I have used this blog to rant about politics far more than I have done any electronics. It doesn't help that I have hardly been out on my bike once since I started this blog, so the project I intended to build I have had no need for. So based upon my initial intentions I must count this blog as an abject failure. However, as I pointed out at the time I started this blog I have attempted to do so before, and those prior attempts always ended empty, and pathetic, killed off due to a lack of content. I have at least managed to create content sporadically for this blog. The difference this time around? I am no longer trying to post stuff that I think other people will find interesting, so I am no longer holding back when I just want a rant, or to post about an "oh shit" moment. Granted I don't have the broadest readership in the world, but that doesn't really matter, I have an outlet, and if people read it, and find it interesting, great, if not then at least I still said what I wanted to. So this time around I'm not going to delete this blog, just yet, I'll give it another few years, and see how it goes. Who knows, maybe I'll start cycling regularly again and actually do something about that cycle computer (probably not though).
Brexit, democracy, and priorities
So, I once again find myself in despair at what is being said by people on the side of the brexit debate that I occupy. It turns out that when a Lib-Dem MP stands in a by-election, on a campaign about objecting to brexit, in a constituency that largely voted remain, against an independent, who was pro-brexit and taking a single issue stance, that the Lib-Dem candidate also held, the Lib-Dem candidate might win. Now this is being touted as a major upset, as it was a Conservative strong hold before, and the independent candidate held that seat as a conservative, but in respect of his position (or more likely because they couldn't find a suitable replacement in time) the conservatives did not field a candidate against him. What annoys me isn't the crowing from those who are holding this as a major victory for remain (it isn't) but the response I am seeing along the lines of "you lost, so put up with the result and shut up" coming from the pro-brexit side of things. Yes the campaign to leave the EU won the referendum, but, by a rather small margin, and the leave side isn't a single group with one single goal, so to say "We won" rather misses a very important point, which is whatever "We" you may belong too may not be bigger than the "they" you want to shut up. And democracy has never been about "majority rule above all else" (we wouldn't have first past the post as our electoral system if it was) it is a compromise, we all have ideas and thoughts on where we want to go, and we must as a society move in the direction that is closest to the greatest number of people's desires. The most vocal that I am seeing in this debate from Brexit are calling for the extreme option for brexit, and the 48% of people who voted remain are rightly pissed off by this, telling them to "get over it" is neither helpful or much of a compromise. Personally I voted leave, I still believe that the EU is not what we need from a combined European Government, and I still cannot see the incentives to reform it to what I believe would work being there for those who run the show. I therefore still think we should Leave the EU, and from their maybe we can start to build a new European Government that is better suited to the needs of the European people, and is better equipped to represent their needs, and change with them as they change. So I am galled at the arguments that "Leave the EU" (which was what we were asked if we wanted) is being used to leave not only the EU, but the EEA (a common interest in trade being the best way to unite countries) the ECHR (which the UK was instrumental in forming, and is one of the best things about Europe in terms of doing what is right for the people in my opinion) and just about everything else Europe has to offer (some times I think the nutters crying "We won! respect us" want to stick a massive out-board motor on dover and sail us into the atlantic ocean). As someone who voted Leave I feel I have far more in common with those now shouting to remain than those trying to shut them up, so as a negotiating stance the Leave camp are only weakening their stance by not listening to the complaints of those who wish to remain. Also I fear we have got more important things to deal with in the UK than if we should remain a member of the EU or not, like getting rid of the tory government.
Oh Shit, perhaps I should change career?
So the government have passed the Investigatory Powers Act, which is pretty terrible, but it turns out it is worse than I realised! So perhaps it is not a good time to work in IT in the UK?
PlusNet and email security whilst out and about.
So, I use PlusNet as my ISP. I have an email address with them where they send updates about my account. It's also been used in the past to sign up to various things that I haven't bothered to update to a new email address. PlusNet's email servers do not require authentication to send email from my home connection, which is fair enough really. But they also don't support SSL for authentication from my connection. So my username and password (which is unique to this account) has to be sent in plain text, now as this is to my ISP over my ISP connection (and I trust my own network) it's not the end of the world. However, I also have a shiny smart phone, and that allows me to connect to my own email server, over SSL (that until recently wasn't as secure as it should be) as it should be when connecting over the internet, from untrusted, or unknown networks. It also allows me to use multiple different email inboxes at once. So I could add my PlusNet email address. They even have a handy guide on setting up email on android phones. And that's where the problems start. That guide sets up email without SSL, or TLS, but it requires username and password authentication. So I'd only be able to use it on my home network. What happens if I forget to turn email sync off? My details would be put at risk!
So what should a good sysadmin do? Should I leave the ISP email only on my home PC? Should I take the risk and add the email to my phone anyway?
Well as a paranoid sysadmin I wasn't willing to take the risk. And that was that. But frankly that was annoying me, so I decided to set up an SSL terminator for my ISP email using my own SSL cert. So I can get my email, from my ISP confident in the knowledge that only my ISP can intercept the username and password pair that I use with my ISP. I use non-standard ports for the ISP connections, and listen using stunnel. This would be a problem if I was supporting users as it would add a level of complexity to the instructions I'd have to give them, but as I only have to support myself I can cope.
The Price You Pay
So a number of concepts and ideas and comments have been floating around my head of late, and none of them have been significant enough, or have I formulated my thoughts enough, to want to pass comment on them on my blog. But it has occurred to me that they have a common thread, and that is that there is a price to pay, and we, as a society, must choose the price we are willing to pay!
Some thoughts on Religion
So an old friend of mine has started to look into religion. She is a person who I consider rational and intelligent. So why should I care about this? Well I care because I fear they may find religion, and this will shake my view of them as rational, and in turn my view of the world around me. It is an entirely selfish fear, but alas not one I think is entirely irrational.
So to start with, before I explain why I fear my friend will become religious I should explain some background. As I have said I credit them with intelligence, and rationality, religion is inherently not rational, it is founded in faith. Also it is worth noting that I myself have looked into religion in the past, and I have not found religion in the process. They, like I, are atheist (believe that their is no god). So what is the problem?
Well to start, they are atheist, but it is not the same passionate, burning atheism that I am afflicted with (and it is an affliction), they are more agnostic than that, whereas you would be no more able to convince me that God exists than you would be able to convince me that I am a fish. It is this atheism, founded in hatred, that has prevented me from becoming religious, not my rationality. My friend is far more rational than me on this, and so a good argument could sway her. Indeed the whole reason I ever started to investigate religion was so I could tear it apart wherever I saw it (I have since mellowed, but I have not changed my beliefs), my friend is looking into it out of curiosity. Then there is religion itself, belief is an essential part of life, you must believe in something to be able to go about your daily life, even if that belief is as simple as "my experiences are an accurate reflection of my life". Religion uses this, and seductively has answers for some of the harder questions in life "why are we here?" "what is it all for?" "what is right and wrong?". These are not easy questions to answer to an atheist, but religion answers them, and does so comprehensively (although I would argue not necessarily correctly). As I have said we need belief, so why not extend that belief to include answers to the hard questions? Especially when you consider what else religion offers, hope, that there is meaning to your suffering (whatever form that may take), hope that loved ones we have lost have found happiness, and hope that death is not the final meaningless end to life for us. All of this offers a great deal to anyone who will just believe. My life is good, I have troubles, but nothing I can't deal with, my friend suffers from mental health problems, and is far from wealthy, so religion offers far more to her than it could to me.
So why does this bother me? Well for the same reason I never became religious, even when I was at my most vulnerable to the hope and answers religion offered. I have a deep seated, and irrational, hatred of religion, I recognise it now, and it is a weakness, but one that informs my view of religion and the religious. I see religion as irrational, foolish, stupid even. If my friend became religious, I would struggle to reconcile my view of them with my view of the religious, doing so would require me to question my beliefs, such that they are, and this is a problem. We all need faith to function, faith in something that allows us to get on with our lives, how can we cope without that faith? How will I cope without mine?
Controversial topics of discussion
So, Richard Dawkins has courted controversy on twitter, this tweet
Should I have used the sensitive subject of rape to illustrate a logical point? My answer is here http://t.co/tSPlTEbXwB
— Richard Dawkins (@RichardDawkins) July 30, 2014
links to a blog of his about the controversy, and this post is an attempt by me to respond.
First off, Richard Dawkins, in his blog discusses the idea that all topics, no matter how sensitive, or controversial, should be open to rational, dispassionate, debate. Now on this point I agree, rational debate is important, and on particularly emotional subjects the only way to have meaningful debate is to do so dispassionately. However, that said, the thing about sensitive topics is that they are, well, sensitive and that means they need to be handled sensitively. That is where me and Richard Dawkins appear to differ. The tweets that started this controversy are discussed in the blog linked above (you really should read what he's done in his own words to understand the point I am trying to make) but they were about one evil being worse than a different, but related, evil. That is not the issue, the problem is that Richard Dawkins is a prominent man, who attracts a lot of media attention, went onto a very open, and public forum and raised the subject of rape, in an insensitive manner without (or possibly worse, with) considering the impact it would have on those who have suffered, and been traumatised by, rape. Now if I were to go into a busy town centre and yell "Date rape is bad. Stranger rape at knifepoint is worse. If you think
that’s an endorsement of date rape, go away and learn how to think." (a direct quote from the blog) what do you think would be my fate? I would probably be arrested for causing a breach of the peace, and possibly confronted violently by people upset by my choice of topic, and choice of method of airing that topic (hopefully I would be arrested before suffering serious harm). And this is the point I want to make. Open, rational, dispassionate, debate of sensitive topics needs to be done in a way that allows those who would be traumatised by the subject to refrain from taking part. Yelling about it in a crowded space is just wrong, getting upset with people made angry by your forcing them to face an emotionally loaded, potentially traumatic, subject is just silly, and Richard Dawkins, in posting that on twitter has essentially done the internet equivalent of walking into a crowded space and yelled at the top of his lungs about a massively emotional subject. Being a renowned evolutionary biologist, and self appointed spokesman for atheism, does not entitle you to be a massive dick!