eriksank

Bank accounts, How not to do it

If someone wants to attack you, he will need to find the information first, of where exactly to find you or to find your assets, so that he lay his hands on them. Therefore, this blog post is only the first half of a complete defense strategy.

The other half is about the tracking device in your pocket: “Mobile phones, How not to do it”.

Do not receive third-party payments into a bank account, ever.

If any third party needs to pay me, they will have to do so in bitcoin or in cash. There is no way that I will provide them with a bank account to wire to. If this third party does not want that, they will have to trade with someone else. Does it happen that people refuse to trade because they would have to pay with bitcoin?

Yes, and that is a good thing ™. People capable of paying with bitcoins are more sophisticated than the mainstream. They are good clients or employers to have. Sophisticated people generally make more money and therefore they are often able to pay more money. It is a fantastic selection filter to decide who to trade with.

One additional remark. You may receive third-party payments under an employment contract.

There is a third caveat about employment contracts, in the context of especially government agencies.

They want to lift money out of your pocket even before you have received it. I reject that very concept. If someone wants money, they will have to ask me and not ask a third party that I happen to be trading with. I will never allow anybody to lift money out of my pocket just by asking a third party to give my money to them instead.

Why? Just because I say so. I will tell you a bit more on why governments do not matter in that respect, in a next blog post.

The policy of NOT receiving third-party payments into a bank account, prevents your money from accumulating there. That is a good thing ™. It means that nobody will waste their time trying to take away from you such accumulated funds. Nobody would know anyway, where exactly to do a thing like that, because the funds are not in a bank account.

You see, if you make it easy to attack you, that is exactly what they will be doing. What stops government agencies from trying to collect even more money from you? The banks communicate your bank account and its balance to them. These government agencies want that money, and all they need in order to grab it — simply by pressing the button — is a flimsy pretext. Do not make it easier for them to do that. Make it hard, and as as a result, they will less easily do it.

If I really have to, I will deposit limited amounts of cash into a bank account, in order to make small payments from my own bank account, usually, yet again to another bank account of mine.

This practice does not disclose to any third party what my bank accounts are. It stays within the family, so to say.

So, it is relatively ok for the short time that just some small funds stay in those bank accounts.

Furthermore, I always open these bank accounts in different countries, which adds another layer of inconvenience for anybody who would want to know too much, or who would want to attack my assets.

Microsoft running badly behind and trying to catch up on Docker

The saga started in 2006 when the Google Infrastructure Group discovered that a new abstraction, named process control group or simply container would solve an endless list of issues in their enormous computing cloud.

In accordance with the GPL and its spirit, Google contributed their work back to Linus. It took until 2013, however, before the Docker team managed to replicate the almost magical characteristics of Google’s cloud infrastructure.

Docker tremendously facilitates pipelining and chaining processes across different submachines (“containers”) even located on different physical devices that start in subsecond time frames.

Suddenly a new submachine appears on the network, spends milliseconds on processing things, and then disappears again. It is more than a process running a program, but not that much more, but it still looks like a complete networked device of its own with storage space included.

Of course, you will still need something like the Bash shell to do the control group pipelining and orchestrate the magic. Hence, Microsoft’s effort to urgently port Bash to Windows.

Microsoft has not managed to replicate the abstraction of process control group in the Windows kernel. Google do not have the source code access to do it for them, while the Microsoft kernel group is simply not capable of doing it. In other words, true cgroups in Windows will not be ready any time soon.

Therefore, Microsoft will be implementing a docker-like alternative based on Hyper-V. This will in fact not really be an alternative to Docker but to Oracle’s Virtualbox. It will still be touted as an alternative to Docker.

Therefore, if you consider using these new Microsoft Hyper-V containers for your own applications, make sure to compare them to for example, Oracle’s Virtualbox technology, and not to Docker.

Furthermore, you should not try to use them for control group process pipelining, because virtual machines are simply too slow for that purpose. Only containers are suitable for that.

The purpose of virtual machines, aka virtualization, is to isolate different tenants of a physical device from each other. It is essentially a hosting technology.

The purpose of a control group, aka container, is to swiftly resuscitate and then possibly shut down the precise context in which you want to run one (or more) programs. A running program is indeed called: a process.

You can perfectly well run a container inside a virtual machine, if you happen to be one of the tenants of the physical device on which you to want to run your programs.

It does not make sense to update or upgrade a container. You just create a slightly different one, from a given base image.

You can run a container for as long as you want, even years in a row, but you don’t have to.

By default, containers are well isolated from each other, but isolation is not their primary purpose. Multiple tenants should rather be isolated by virtual machines and not by containers.

Virtual machines want to look as much as they possibly can as real physical devices. Containers don’t. They just want to look exactly like the environment that one (or more) programs need and expect to be around when they start running.

In order to unleash the magic of control groups, you will need to master the shell, aka the commandline and have a good understanding of process primitives such as environment variables, arguments, stdin, stdout, stderr, result code, signals, stream redirection, and forking child processes. In other words, it can simply not be done by clicking buttons in Visual Studio.

HSBC: The bank and the incarna-self

I used to bank with HSBC in London. I still have a dormant account with them, I think, but I mostly use bitcoin nowadays.

One day, they called me concerning a bank wire that I had made from my HSBC account with them, to one of my other accounts with another bank.

— INTERROGATION —

HSBC asked me: What is the relationship between you and the recipient of the wire, your namesake?
So, HSBC continued: Why are you wiring money to this person?
I answered: Because everything goes in cycles of birth and rebirth. Ultimately, money will always flow back to where it came from. I have known Mr. Incarna-self for as long as I remember. Believe me that the money is in good hands. Chances are that he could just be another incarnation of myself, in this life, but probably not in a previous one.
So, HSBC asked me: Do you vouch for Mr. Incarnaself to really be who you think he is?
I replied: Yes, I certainly do. I know him better than myself. I can easily predict what he will be doing. He is so transparent to me.
So, HSBC continued: What did he need the money for? For what purpose or reason?
I said: His ways are mysterious, but still comprehensible. I know for a fact that he will just spend the money. That is what he always does. I just gave it to him, because he needed it. Seriously, that is the elusive reason “why”.
HSBC then said: Ok, we will store this information about the relationship between you and Mr. Incarnaself in our computers. We are very satisfied, because we have done our jobs. Goodbye for now.

Russell’s paradox implemented in php

In the fifth century BC, the four-corner theory, the Catuskoti, started emerging in India. The theory insists that there are four possibilities regarding any statement: it might be true (and true only), false (and false only), both true and false, or neither true nor false.

This view was long dismissed by Aristotelian traditions, which insist that there is only true and false, aka, the law of the excluded middle.

Aristotle is a grandee in his own right, but he does use simplifications that are possibly only circumstantially correct; even though it is also true that you can get surprisingly far already, just with those.

Cracks started showing up the Aristotelian 2-valued logic wall when in 1901 Bertrand Russell commenced his lengthy tribulations with what is now famously referred to as Russell’s paradox:

Does the set of all sets that do not contain themselves, contain itself?

Here you can find an implementation of the paradox in php:

https://github.com/eriksank/math-php/tree/master/russell-paradox-php

paradox

In Aristotelian logic, every answer is wrong.

Of course, after Russell’s famous breakthrough, the situation became worse for 2-valued naivism.

The idea of summarily dismissing the real solution, i.e. multi-valued logic, completely came to a grinding halt after Alan Turing and Alonzo Church proved in 1936 that there is no valid yes-or-no answer possible to David Hilbert’s Entscheidungsproblem.

The only valid answer is the Catuskoti on steroids, which also implies that the vast majority of thinkable questions are indeed thinkable but undecidable.

Two-valued logical systems are inherently naive, simplistic, and often unusable. That is obviously one reason why we rather use Stephen Kleene’s 3-valued strong logic of indeterminacy in the SQL language: true, false, and null.

We are slowly but surely adopting more powerful instruments in software.

At best, it still takes decades to roll out a thing like 3-valued logic, and many programmers — undoubtedly including myself — are still not using the value null entirely correctly.

In our field, there is new hype that comes out every day — reactJS anybody? However, you can safely ignore all of it, unless it represents solutions that are deeply rooted in the real problems governing and limiting our computational axiomatizations.

Starting up your docker php microservices

Final tests prior to deployment are a good time to blog.

You may not expect that much to go wrong during the hour-long build, but if it does, you still want to pay attention, as to fix issues, and then resume from there, or start the build process again.

When you build your php server platform in terms of docker microservices, you will find that php adapts itself surprisingly well to a microservice architecture. Php really hits the ground running.

Only linux supports the control group primitive mechanism needed for this, the kernel logic for which was originally contributed by the Google Infrastructure Group.

Microservices are now emerging as the winning successor to existing server-side approaches. A “No microservices” architecture is increasingly acquiring the meaning of “questionable, outdated, and insecure server architecture”. Google is certainly right in that respect.

In theory, the idea is to run just one service process inside a container, aka linux control group, but in practice things vary. Therefore, you may at some point have to deal with the equivalent of systemd for your container service script initialization.

In the face of fiery and vocal opposition — “the sky is falling” — debian migrated in its latest version (version 8) from traditional system-v to systemd. I never gave it a second thought, because systemd actually has acceptable support for traditional system-v init scripts too. Therefore, I did not really have to migrate anything at all.

However, now we also have the core docker team up in arms against systemd, suggesting that the thing will never work properly inside a control group container.

All attempts at rescuing systemd, and make it adapt to the new situation have failed, and have certainly wasted precious time in the docker team. Jessie Frazelle even wore a badge during the dockercon conference in November, in Barcelona last year, saying: “I say no to systemd specific pull requests”:

My own solution is to circumvent the problem, and let whatever subsystem that manages the startup process, start supervisord, which in turn will start my own service initialization scripts.

Supervisord does pretty much the same as systemd in this context, without causing angry mobs to draw their daggers and start clamouring for Louis XVI’s head to roll from the guillotine.

Therefore supervisord is mostly just a way of keeping my own server applications safe and out of the ongoing “system init” skirmishes!

A beautiful mind implemented in php

If anybody saw the film A beautiful mind he may wonder what exactly makes John Forbes Nash so special?

A_Beautiful_Mind_Poster

In 1994, he received the Nobel Prize for around 25 lines that he had written in pretty much plain English in 1950:

EQUILIBRIUM POINTS IN N-PERSON GAMES

They did not give Nash the Nobel prize for mathematics, because there is no Nobel prize for mathematics (only a “Fields medal”). Therefore, they reassigned his theorem to the field of economics, even though it is equally much used in biology or physics. In reality, it is a mathematical theorem, pretty much unrelated to economics.

His original explanation re-invents the entire field of game theory. There is before, and there is after Nash.

How does it work?

There are n=2,3,4,5, … players, who are supposed to decide what move they will make next. They can choose amongst different moves. We could simplify – but this is not required – and say that players can choose from m=1,2,3,4,5, … the same choices.

The strategy-product space, consists of every possible combination of moves that the players can make. In the simplified case, the strategy-product space would consist of m^n n-tuples.

As an example, if we have 5 players and 7 choices, we would have a total of 7^5=16807 different 5-tuples. So, one of these 5-tuples would be (4,2,5,5,7), meaning that player1 chooses move4, player2 chooses move2, player3 chooses move5, player4 chooses move5, and player5 chooses move7.

The Nash theorem is a statement about the complete set of these n-tuples.

Imagine that we have a payoff function, that says how much each player gets paid in a particular n-tuple. For example, in the 5-tuple (4,2,5,5,7) the payoff tuple could be (123,12,99,45,1).

Let’s now look at what each player would do, if he knew upfront what the payoff tuple would be, and let only him make another choice. What would he do? Well, he would obviously try to change his choice in order to receive a higher payoff. This is called a countering n-tuple. With 5 players we have 5 countering 5-tuples.

For our example, for our 5-tuple (4,2,5,5,7), the set of countering 5-tuples could be {(6,2,5,5,7), (4,8,5,5,7), (4,2,1,5,7), (4,2,5,7,7), (4,2,5,5,2) }.

Now comes the surprising claim. Nash discovered that there must be an n-tuple for which the set of countering n-tuples contains that very n-tuple. This n-tuple is called the self-countering n-tuple.

This means that if you ask the players to make another choice, none of them will. They will just play exactly again what they would play without knowing what the other players would play. In other words, it does matter to them what the other players will play. If they know what the self-countering n-tuple is, they will jump into that position, assuming the other players will also do what is best for them, and also jump into that equilibrium.

This is the inevitable result of Kakutani’s fixed point theorem.

The strategy-product space is non-empty, compact, and convex, meaning that the number combinations of player choices is finite and that all possible combinations are allowed, while the computation of countering n-tuples itself is a mapping of this strategy-product space onto “combinations” of itself. Therefore, according to Kakutani, one such n-tuple will be projected onto itself.

The existence of such self-countering n-tuple is certainly one of the top five mathematical discoveries in the 20th century. It is a beautiful result in higher-order set theory.

I have written a PHP program to illustrate the Nash theorem.

There are other programs like Gambit who also allow for exploring a game’s strategy-product space and to hunt for the self-countering n-tuple.

Gambit may have two weaknesses. First, it does not allow to formally segment the strategy space into subdivisions that can be forked off to different computing cores. In other words, in Gambit you cannot enlist an armada of cloud-based devices to engage in larger-scale number crunching. It all needs to be solved by one CPU or at least by one computer.

Secondly, Gambit requires you to provide a payoff matrix, instead of allowing you to specify an arbitrary payoff function.

These weaknesses potentially impose severe limitations on Gambit’s usefulness. I have specifically paid attention to these issues in my own implementation.

Mandatory opinions-to-adopt about man-woman relationships

I am possibly also beginning to get enough of the politically-correct crowd and their “mandatory” opinions-to-adopt about man-woman relationships.

That is why I have begun to seek more often to surround myself, also online, with a rather more islamified crowd, who are known to incessantly quote from things like islamic law and scriptures, of which the usefulness is certainly not in doubt, and who also insist that they know everything better. Anyway, who doesn’t? It perfectly suits me fine!

As you know, people of all stripes are now rapidly learning why not to insult that particular religion. Even the Holy See is adamant about this.

Other circumlocution offices have also added several paragraphs about this topic to their How-not-to-do-it standards. Part of the politically-correct crowd now even seems to be living in fear. May it be a lesson to everybody.

I think that this strategy should help to further spare me from people insisting on politically-correct opinions in this realm. These people should not insist. They are supposed to live in fear instead.

True, php is not perfect

Everybody knows that php is not perfect. Other scripting engines (python, ruby, nodejs, perl …), however, bring their own brand of trouble.

Then, there is java, c#, go, and even c++ which are all based on grand ideas that are simply incorrect. The more they were going to save the world, the more they got it wrong. Php was not going to save the world (“my personal homepage”), and that is why it is still usable. Seriously, php only wins by default.

In php, people suspect that everything around them is wrong, and that is why things are actually not that wrong. If you visit another language community, you will usually find a congregation of heathens staunchly proclaiming their total faith in the one or the other false, pagan belief.

Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient. If you tell them that their lightweight and efficient model is a callback hell, they will angrily reproach to you: You are insulting our religion!

Nowadays, I first do a shell script in bash, of which some parts get moved over to php because these parts use data structures that bash cannot handle (“lists of lists of lists”). Of this php code, I may move over small parts to C — preferably written by someone else — in order to make some of the innermost loops run faster. Php is not and has never been a problem. Php will indeed not save the world, but it works fine.

Facebook versus Reddit

Facebook communities have moderators. That is not a good system. Give the wrong person only a little bit of power and he will abuse it. The existence of moderator jobs will end up attracting the wrong crowd.

Of course, some posts should be banned because they are really unacceptable. The users should be able to report a post, but only for very specific reasons. For example:

[x] pornography
[ ] slander; (real) name of the person being slandered: [ ]

If enough users confirm this report, for exactly the same reasons, the system should remove the post altogether.

But then again, there are not that many valid reasons to report a post. For example, off-topic posts should just be ignored.

A user should even be able to ignore all posts by a particular author, by clicking an “ignore” button behind his name. In order to save time, a user should also be able to automatically ignore the authors that another, chosen user also ignores. The user should also be able to un-ignore an author recommended by another user.

Facebook communities use real names. That is a bad idea. You may not be able to speak your mind or be critical, because that will attract the same, wrong “moderator” crowd. They will inevitably even try to moderate your Facebook comments in real life. You do not want communist party officials running after you in the forbidden city.

Reddit allows for down votes.

Imagine that you create a new product. Initially, 3 000 people like and buy it, while 97 000 people do not see the point in it. Your startup is doing perfectly fine, but Reddit says that you have 94 000 down votes.

For anything innovative, it usually takes a bit of time before it spreads from the early adopters to the mainstream. A system like Reddit will destroy the new product or new idea long before that.

If real life allowed for down votes, we would still be living in caves.

Reddit also allows for no proof-of-work up votes. People are not forced to put their money where their mouth is. That is also not how it works. We do not care that someone thinks that the new product is cool. We only care if that person actually buys it.

An up vote (“a like”) without even a micropayment, is just spam.

In my impression, the correct way to organize discussion communities is:

no moderators
no real names
“report this post” button, selecting a specific reason
“ignore this author” button
“ignore all authors” that a chosen other user also ignores
“un-ignore authors” who are favourites of another user
no down votes
mandatory micropayment for up votes (“likes”)

I personally think that Reddit shows the best potential. It has all the seeds for fundamentally working better than Facebook. However, the whole system gets ruined by their unproductive approach on voting.

Voting should not try to mimic political elections but customer product appreciations in the open market.

The proxy war between Apple and the FBI

Apple has created something that gives them quite a bit of power over the users of their iphones and ipads. Apple has manipulated the situation very well. They have gained the ability to update the software on these devices without permission or even knowledge of the user.

Of course, Apple just made a beginner’s mistake. They thought that they would be able to hang on to that power by themselves. That is not how it works. As it turned out, they just did free research for the three-letter agencies that represent the real power in society, and which ultimately have total control over the corporations.

Three-letter agencies dealing with foreigner and foreign countries have full extralegal status. The NSA and the CIA do not need to ask permission anywhere for anything. The formal procedure says that the NSA and the CIA just ask a FISA court to rubber stamp whatever they want to do. Then, they tell Apple to update someone’s phone. Next, they just use a gag order to forbid Apple from revealing anything to anyone.

The FBI are envious and jealous. They ordinarily do not deal with foreigners but with residents. They also want this power. Unfortunately, residents and nationals could complain. Therefore, the FBI see themselves systematically being reined it. Traditionally, if the FBI want to use extralegal methods, they must go and kiss arse at the NSA or the CIA. Otherwise, they are being told to bugger off. The FBI seriously hate this.

It is not Apple that are fighting the FBI, because Apple have no say whatsoever in any of this. Apple are being told and instructed by others to snub the FBI. The FBI have been told that they are uppity. They should know their place. We know exactly which cartel does not want to share their extralegal powers. It is their monopoly. The FBI are simply not going to get anything.