Older blog entries for ib (starting at number 15)

The recent launch of Orkut.com, and the flurry of sign-ups, partially powered by its ``exclusive'' model of invitation based membership, has brought discussions about ``social networks'' and sites like Friendster, Tribe, and LinkedIn back into the spotlight of discussions.

Social networking isn't new. It is, in fact, as old as institutions and organizations are. Not just since the fundamental writings by Sociologists such as Coleman in 1964 have groups and circles attempted to harness the social capital inherent in structures, using tools to rate and evaluate individuals within a social grouping, and to facilitate communications amongst the members.

The oldest club in Europe, an exclusive French society of dove breeders, used social networking tools since the late 17th century to connect its members via a handwritten newsletter, circulating from member to member, and being amended along the way. A special trust metric had been established, which allowed each breeder to rate his peers, a process in which each vote carried weight based on the casters own ratings. In addition to the mailing, which took roughly one year to travel each of the members, shortcut routes were established, usually between counties, through which smaller groups could reach other groups. To create the shortcuts, each breeder was required to name at least two ``sponsors'' and four breeders he sponsored. Communications between unlinked individuals had to be established by finding a connection via ones own sponsor. Sponsors could, similarly, only communicate with their sponsors or sponsored individuals, making the initial contact a matter of knowing and being known. Once an initial contact was established, the following newsletter circulation was amended to reflect the newly linked breeders, who now were free to communicate and refer directly.

Acceptance of communications of bird purchases and sales based almost entirely on the ratings found inside the newsletter and contacts initiated by sponsors.

If this sounds even vaguely familiar, it does so, because it is reflected, in part, by today's ``social networking'' software.

It hasn't changed much. What did change, are the tools. And their names. And the hubris surrounding them. While most of the hurdles have fallen, including the sometimes mind-numbing wait for another circulation of the newsletter, and initiation has become much easier, the same basic ideas are still at work.

Even the pranksters, fakesters, and bogus friendship links aren't new. The Count of Villechy, in 1889, was expelled from the club for posing as two breeders in an attempt to boost his ranking. The attempt failed due to the elaborate trust metric (which is closely related to the metric used at Advogato [and was calculated by hand, no less]), and because of his estranged mistress' relationship to another, influential, club member.

Social networking is not "happening".

True, in a way, it is, and has been, ever since man decided that being in groups is a good idea. Social networking is shaping its forms and tools, based on the simple method of trial and error. If it works, it'll stick around, if it doesn't, it won't. It's just not "happening" in the "in" sense of the word.

The new meme on the block are social networks in software. Because 'networking' sounds so wonderfully technical, its original meaning (predating even the most rudimentary computers and data-networks by a few decades) has slowly given way to the new, leaving discussions about "social networking" with the task to untangle and uniquely address either one.

"Social capital accumulates through social networks and trust, and the norms of mutual reciprocity that these relationships foster." - Coleman, Puntnam 1988. → Today's "social networking" technology, the attempt to replicate and visualize social ties in HTML, XML, or graphical means, is a toy - at best. In its current application, it creates a user-base in which individuals are more interested in creating individual data, not social data. Once the emphasis is based on the size of a social interaction, not its quality, ties rot and become meaningless. Such a design also gives way to appeasement approaches (reciprocal linking, solicitation of links by way of creating meaningless ties, or linking individuals in an attempt to enter a specific social structure, not as a means to represent a preexisting relationship).

To reverse this - the infant social networking technology today is widely understood as a means to the end of creating social ties and thereby capital, not as a tool to effectively display such connections. This approach creates vast networks of faux relationships with little to no bearing in real life, interspersed with accurate or semi-accurate reflections of pre-existing fabrics. Unless the social networking tool provides ways to differentiate between either relationship, its usability is low.

"Trust", the basis of every social network, relies of effective control mechanism, be they employed through peer review or doctrine. Social capital becomes worthless, and in fact devalues the attached Human capital, if its origins are subject to doubt. → Current social network tools are vulnerable to attacks and easily infiltrated with faux or outdated information. An emphasis on "positive" relationships completely ignores the negative sides of interaction and leaves an interpretative void, unable to properly describe either function or conflict based interactions.

Social capital created and sustained by social networks has meaning only in its most extensive form. Only then, if the foundation and terminology of any valuation is know, and only if the source is identified and enjoys trust → Technology based social networking tools are "sound-bite" based ("In my bedroom, you will find..."). Unless additional steps are taken, usually outside the tools, one is left with imagination and reliance on unverified information to form a working impression of peers.

Social Networking software does not create anything "new". It is an attempt to express existing relationships. Expression is only as useful as its interpretive capabilities and accuracy. → Social structure descriptions such as FOAF, XFN, or the ones used by Friendster-type websites, are generic and unable to express an individual's standing within his or her own social circle. FOAF additionally suffers from technology-centric design, lack of interpreters, and useable levels of saturation. XFN does not claim to be an accurate reflection of social interaction, but has the potential to become one, which is why it has been listed here.

gilbou wrote me an email, telling me I'd shamefully neglected my Advogato diary, and he's right. I've moved most of my public online presence to my own website, which is less a reflection on Advogato's attraction (I still read it, I am subscribed to quite a few people's RSS feeds, and I draw information and food for thought from it on a mostly daily basis), but more on the fact, that I really like the possibility of desktop based microcontent publishing, which Kung-Log and family give me.

bjf: I don't necessarily agree with mglazer, but his entry's not a troll. Inappropriate for Advogato: yes, showing some obvious simple mindedness: yupp, racicst: not that I can see, but maybe I overlooked something; but not a troll.

I am supposed to write those new libraries we need to parse SNORT and NFR data into the XML backend we use, but am playing The Falafel Game instead. Some cow-orkers have threatened to shove the round speakers of my iMac up my rear end if I continue to play the music that comes with the game, but, hey, life of a coder is supposed to be dangerous, right? :)

mcg: You're looking at this from the wrong angle. Why is Windows so successful? It is, because its users are used to it. From home to work back home. Now, if Mac OS X, which is clearly positioned to become that "Digital Hub" thingie for home, makes it into more homes, so will those Open Sourtce apps you'd rather see confined to "Open Platforms".

And, guess what, at work, we'll have an easier time convincing them to use the same apps, because they know them from home. And, all of a sudden, it makes no difference if that's a Linux or a BSD or a Darwin they're working on. They know it.

MacOS X is the definitive way for a steath guerilla Unix infiltration. That's why I love it. And that's why Microsoft hates it.

With the AbiWord fund being on its way back to its rightful owner(s), a question is in order: how powerful is Open Source?

Obviously, some $500+ are by far not the biggest amount ever stolen from PayPal's customers and it's definitely not the only one this month.

On the other hand, we have a well known project, with thousands if not more active supporters, media attention and very powerful commincation outlets - ideal settings to force even the most customer-unfriendly, demeaning company to give in. For PayPal, the $600 are anything but a huge sum, the potential impact, both in loss of clientel and bad media coverage, however is huge.

Would Joe M. Shareware-Windows-Coder have the same impact? I don't believe so. Between its release and the forced removal, some 34.000 people downloaded my "PayPal Insecurities" white paper, but until today, the same holes I described in 2001 exist. In fact, I am almost convinced the AbiWord "heist" was done one of the ways I described back then. I've been called irresponsible for "disclosing" those holes, and still (as in this case) get the calls after each more-or-less public PayPal incident. Fact is, and I keep telling this, those "expolits" were known to thousands of script-kiddies long before I published them in my paper, and both, PayPal and law enforcement knew about the websites dedicated to this kind of fraud.

Now, with AbiWord being the victim, maybe the power of Open Source will make possible what I and hundreds of former victims could not achieve - maybe now they'll think about fixing what's been broken for way too long.

Thanks to ianmcd, I finally have Ruby on my Zaurus. Maybe I should have kept one Linux box around :)

jdub: That's (unfortunately) the way, open communities will always wind up. Unless there are hundreds of technical and social barriers, one will wind up with trolls, no matter where. Remember, there was a time, when Slashdot was readable :).

Now, Advogato has its mechanisms to maintain a high S/N ratio, the trust metric and diary rating are excellent tools - but either depend on a healthy base of contributors. And, like it or not (I don't :), there's more trolls and "I installed RedHat with Gnome, I am a l33t coder" users out there than even Advogato could survive, should they decide to flock over here.

On a work related note: I am still interviewing candidate after candidate though it's getting very frustrating. There's still plenty of resumes to go through, but I am slowly getting the impression that all good candidates are either outside of the SF Bay Area or already employed somewhere else.

jluster@clusterfsck.net, if you happen to know someone or are someone in the Silicon Valley with a good Unix background.

shlomif - welcome to the ODP. Understanding it all and getting "into" it, can be intimidating at first. Just don't be shy, only a few Eds bite :)

Recession? My behind! No matter where I go, I keep hearing about high levels of unemployment, people laid off from work and being unable to find a new job, employers who pay minimum wages for their top-Unix staff, etc. Yet, my company's been looking for some clueful Unix engineers and programmers, without any luck.

Yes, we have stacks of resumes, but only a few even survive the basic ego and resume deflating we use during the initial phone-screen and interview. It's ridiculous. Some of the gems I encountered in the past weeks include:

* The dude who claimed "Intimate Unix Knowledge", which - during the interview - translated into "Runs RedHat since 5.x and was not able to configure TCP/IP on a box without the help of RedHat's utilities, knows nothing about Unix kernel work, is unable to write even rudimentary scripts or programs and failed the "How many IPs are in a /25" test.

* The dude who'd "run FreeBSD and Linux since 1994", but had a hard time explaining the difference between Linux' and BSD's boot concept.

* The "security professional" who ran Windows exclusively.

* The "I was not promoted, because I am female" applicant who did not know what a man-page was and how to show interfaces on a Linux system.

Is it THAT hard to find someone clueful enough to stand his man or woman in an enviroment that does not believe in hand-holding and expects some level of familiarity with the basic concepts of networking and Unix OSes?

Take a look over at eWeek's "openhack" challenge. In its fourth incarnation, eWeek (which is heavily sponsored by Microsoft) tries once again to prove Microsoft and Oracle security.

The challenge includes an Oracle and Microsoft server, which must be owned or defaced in order to be considered "compromised".

A closer look at the infrastructure, however, reveals the truth:

Aside from the servers in question and some infrastructure (which itself is partially shielded and guarded), most servers are ... tada ... OpenBSD. Both, ns and mail are served by OpenBSD 3.2, firewalls are OBSDs pf, and the switch and routing fabric is Extreme Networks', which runs ... well, they won't tell, but everybody who ever looked at a Summit or Diamond knows...

In short, this is pathetic. The topology used is highly unlikely to be deployed in a working environment, critical infrastructure is based on Unix, not Windows (PDF file containing the topology, 127kb), and the rules exclude some of the more powerful attacks.

What will this challenge prove? For the successful attacker, it proves a modicum of knowledge, and for Microsoft or Oracle it proves nothing (other than the fact that there are things even eWeek won't run on Windows).