Y Safle

Episode 65 of this podcast that seems to have run out of things to say, and this week we are delighted by Steve Gibson’s in depth analysis of what we mean by security:

“Security”, says Gibson, “is the total lack of insecurity”.

And that is it. The sum total of wisdom for the episode is summed up in this tautologous and rather vacuous statement. This is meant to explain to one and all why security is so difficult, and why total security cannot be achieved.

Clearly Steve Gibson is not a philosopher.

Other highlights of the podcast would perhaps be the moment when it is clear that Steve Gibson knows very little about Ada - and particularly what has happened to that language since the late 1980s.

Does anyone know of a really good security podcast?

Is this a security podcast or an advert for proprietry Windows only bug ridden beta software?

I think that Steve Gibson may have run out of things to say on security. Perhaps time to employ a different expert?

In last week’s Geek Counterpoint Episode, you can hear a summary of some of the latest research about why it is that political arguments get so heated. In essence, it seems that we are predisposed to overlook the weak thinking, assumptions and problems in a view with which we agree, whilst latching on to the same problems in the arguments of those with whom we disagree.

This was tested scientifically, but it is essentially just another demonstration of an effect that I think pervades human nature. We all have certain needs. We all look for security, and when we have that security, we look to fill our needs for significance and self worth.

Now where do we go to meet those needs? As a Christian, I believe these can be met in a relationship with God, but even if that is the case, it is clear that not all Christians successfully do so. So where else do we meet these needs?

Well the answer is: wherever we can. We are sociable beings, and we form relationships and communities, and we seek to fulfill those needs in those relationships and communities.

Those involved in politics at any level are invested in a political community. If I, at some point in my life, make a decision to support the “purple party”, then I will discuss purple politics with other purples, and become immersed in the purple ideas. The problem is that a closed feedback loop develops.

As I discuss purplism with my purple friends, I assimilate their world view and internalise their cultural assumptions, so that I am not particularly aware of the inconsistencies in purple thought. If challenged on these by a hostile “yellow”, then I take the query back to my purple community and am happy to accept their answer to the issue raised, because the yellow is hostile and the purple is my friend.

If I did the opposite - arguing against the purple viewpoint then I would be opposing my friends - the ones from whom I gain feelings of significance and self worth, and as I perceive my standing in the purple community diminish, I also feel my sense of significance and self worth diminish too.

So I am all too ready to accept the line I am given by my community - to challenge it would be a personal risk, for no gain.

Furthermore, as I don’t want to accept the yellow point of view on some issue, I will latch on to problems with their thinking, and dismiss their views based on these errors - even if the argument is ad hominem. I am happy thinking of all yellows as foolish, shallow thinking and rather stupid people. In that way I do not have to engage with the substance of their thought.

Dredge through this blog and you will find my argument on capital punishment. In the comments for that article, you will see a commentator opened his criticism of my argument with this:

But I believe you’re a Christian, ain’t cha? And that I’ll be saved if I accept Cheeses Christ but not saved if I don’t?

And this is a perfect example of someone who rejects my faith community, and because he preceives me as being in a “hostile” community to his own, he attacks the community rather than the argument. The argument is clearly ad hominem (whether you accept his view or mine on Capital punishment), but the question is: why does an intelligent person think that such ad hominems will do?

The answer is that his community sees mine as an outsider, and therefore members of that community may be attacked simply for being members of the community. In so doing we do not feel the need to actually consider arguments proposed on their merits?

How do we stop this?

Not easily is the answer. As the Geek Counterpoint article points out, we are naturally predisposed to this kind of thinking. But here are some possibilities:

1. For Christians at least, recognise that our security, significance and self worth are found only in Christ.

2. Whenever presented with an argument, consider: why are we predisposed to accept or reject it? Is it that we like the person presenting the argument? Imagine putting the argument in the mouth of someone you dislike (or vice versa).

3. Always be critical of any new idea. Especially among friends. Educate your friends to know that the fact you are being critical shows that you care about what they think..

4. Avoid ad hominem arguments. There is plenty of advice on this on the Internet. In short, if you attack the person or their community rather than the argument, your argument is ad hominem.

5. Whenever you hear an ad hominem argument, reject it and reconsider the issue for yourself.

6. Try to build questioning communities.

These are just some pointers. I would be grateful to commentators who can add some more.

Steve Gibson’s Security Now podcast majors on the story about the new network stack in Windows Vista. This is an interesting story, and an interesting podcast, but when Gibson describes what is meant by a network stack, be warned that he gets a bit muddled.

According to Gibson, the bottom of the TCP/IP stack is the “electrical link layer”. This is wrong. The bottom layer of the stack is the physical layer, and it is the physical layer that cares about the physical medium - the electrics if you like.

Of course it is not strictly true that one needs an electrical physical medium. There have been some novel media implemented in the past.

What has probably confused Gibson is that TCP/IP is not an exact fit for the OSI 7 layer model. Indeed, in an earlier podcast he wondered as to why we had jumped from IPv4 to IPv6, missing out IPv5. He seems unaware that IPv5 was an abortive attempt to rewrite the protocol to conform to the OSI 7 layer model - abandoned on grounds of the cost and difficulty of roll out

So the physical layer is not handled in the TCP/IP stack, but is hived of to the network interface card which also deals with the media access control (MAC) and other parts of the data link layer. The TCP/IP stack interfaces with the hardware through software drivers at the link layer.

The first layer that is wholly part of the TCP/IP network stack shipping with any of the current popular operating systems is the network layer (layer 3), what Stev Gibson calls the IP layer (not without justification. The network layer is the layer that abstracts out lower layers and deals with delivery of IP datagrams across networks).

Gibson calls layer 4 the “protocol layer”. By this he presumably means the layer that handles multiple transport protocols such as UDP, TCP and others. This layer is more usually called the transport layer, and that name will prevent confusion from the overloading of the term “protocol”.

So all in all, an interesting podcast, but don’t get confused by Gibson’s muddled description of the protocol stack

Oh and later in the podcast, Gibson says that Microsofts claim about Vista being the most secure OS yet is a non sequitur. Vista may be fundamentally flawed, but to be a non sequitur there would surely need to be an argument, whereas all Microsoft provide is a claim. But those big latin names for fallacies make it sound like we know what we are talking about don’t they!

IPv6 is an important topic, and Steve Gibson pretty much botches it in his Security Now! episode 25.

Now I should add a copule of quick disclaimers: for all the controversy around Steve Gibson (and this is not the Steve Gibson of Truth Driven Thinking incidentally), we should really cut him some slack on this podcast. What he is trying to do on this show is huge, and the breadth of reading he must undertake to understand the issues must not be underestimated. He is bound to make mistakes.

But maybe the problem is that he is trying to do too much himself. He is setting himself up as an expert in all things, but we know the Jack of all trades is the master of none. Certainly there are often large gaps in his knowledge that would be better filled by bringing in some other expert to discuss the issues of, say, NAT or CSMA/CD.

But on IPv6 Gibson’s gap of knowledge is so large that he fails to direct listeners adequately at all. He writes:

If it weren’t for NAT router technology that basically allows many machines to share a single public IP, we really would be in trouble already with IP space depletion. But NAT routers happened, and they’re just a good thing for everybody. Corporations are using them. There are even some ISPs that are using NAT routers and putting all their customers behind a big NAT router because it really works very well, not perfectly, but very well, as most home users know. And so the prevalence and birth of NAT routing technology has hugely reduced the pressure on the move to IPv6.

Steve Gibson is wrong as follows:

• NAT is not a good security solution. The part of NAT that is adding security is the same part that adds security in a non NAT perimeter firewall.
• The gains from NAT have largely been achieved with respect to address depletion. NAT extended IPv4 to give us time to migrate to IPv6, but the gains are not limitless. See the Internet Protocol Journal Volume 8, number 3 for more on this.
• NAT actually doesn’t work that well. We are just getting good at working around its limitations. This is why Gibson endlessly pushes the proprietry non-standard Hamachi solution for encrypted tunnels, and other mechanisms to make some kind of peer to peer work
• IP address depletion is more imminent than the Steve Gibsons of this world think. We are certainly in the last decade of IPv4, and we may see address depletion in as little as four or five years. Again see the Internet Protocol Journal at http://www.exio.com/web/about/ac123/ac147/archived_issues/ipj_8-3/from_the_editor.html

IPv6 has so much more to offer than Steve Gibson realises. Zero configuration, IP mobility, multiple addresses per interface, router discovery, link level encryption (he mentioned that one in passing), authentication… the list goes on.

He also says:

The problem is that it’s not easily compatible with IPv4. The problem that IPv6 is having is, you know, the manufacturers who are making the routers, I mean even, for example, the PC manufacturers are supporting Version 6, though no one’s using it yet. You know, Windows Server 2003 and XP can do IPv6. But you can’t get it anywhere. I mean, there’s nowhere to plug it in to get Version 6

Actually IPv6 does play very nicely with IPv4, and you can get it now. See for instance the BT Exact tunnel broker service.

The real worry here is that Gibson clearly does not understand the mechanism by which we must transition from IPv4 to IPv6. There is not going to be a single big switch over. We must create islands of IPv6 (falling back on IPv4 automatically when we must). We connect these islands by one of the many tunnelling protocols, and as the islands grow, the sea of IPv4 is slowly pushed back. Before you know it we are all using IPv6 - just in time to stave off address depletion.

But whilst the Gibsons of this world stick their head in the sand and pretend this is just not an issue, because we have NAT, we continue to drown in the IPv4 sea.

You want security now? Implement IPv6. Learn how to rewrite your firewalls for IPv6 (yes you need to do that). Learn about its encryption and authentication mechanisms. That is the way to secure networking (well more secure at least).

So in closing - Steve Gibson should keep up his podcast, but until he starts consulting with IT security and networking experts, the podcast will always dissapoint. A pity, as the idea is good.

But I wouldn’t want to do it on my own!

Well that’s a podcast to avoid.

Steve Gibson of Truth Driven Thinking once again shows that his own thinking is driven by anything but a thirst for truth when he interviews Tom Harpur, the author of a book that asserts that there was no historical figure of Jesus.

He says that he does not interview nuts and the like, and justifies his interview of Tom Harpur by reciting a long list of credentials for the man, to convince us that we should take him seriously. This appeal to authority is logically fallacious, and intended to bring about a positive emotional response. He needs the fallacy too, because Tom Harpur’s thesis is fundamentally flawed.

Mr Harpur summarises his thesis that Jesus is not a historical figure by saying that the only source of information about the historical Jesus comes from Josephus.

What utter tripe.

What on earth do we think the gospels are then?

Now let’s get this straight: You do not have to believe all the claims made for Jesus to believe he was a historical figure. You do not have to take every word of the gospel accounts literally to understand that they are talking about a historical figure.

Harpur dismisses all the gospel accounts as in some kind of known mythological tradition, and that it would be well known in the ancient world that the accounts were mythological. But this is not so, and he does not defend his view against the numerous refutations of the same viewpoint that have been occasionally asserted. It is quite clear to anyone who studies first century literature that when history was written as history it was believed to be historical.

We need go no further than the letters of Paul to verify this (and note, the verified certain and early letters of Paul - particularly 1 Corinthians, which we know comes from about 52 AD):

For what I received I passed on to you as of first importance: that Christ died for our sins according to the Scriptures, that he was buried, that he was raised on the third day according to the Scriptures, and that he appeared to Peter, and then to the Twelve. After that, he appeared to more than five hundred of the brothers at the same time, most of whom are still living, though some have fallen asleep. 1 Corinthians 15:3-6

What does this passage say? That Paul belives in the historical Christ and the historical ressurrection, and that he tells the Corinthian Christians that there were people still alive who would and did verify the historicity of Christ.

We should cite Luke too:

Many have undertaken to draw up an account of the things that have been fulfilled among us, just as they were handed down to us by those who from the first were eyewitnesses and servants of the word. Therefore, since I myself have carefully investigated everything from the beginning, it seemed good also to me to write an orderly account for you, most excellent Theophilus, so that you may know the certainty of the things you have been taught. Luke 1:1-4

This is not a mythological account that Luke writes. This is a history that Luke has carefully investigated. Harpur is talking utter tripe when he suggests that Josephus is the only account of the historical Jesus and this podcast is a joke. Steve Gibson seems to be interviewing only those who make the most outrageous claims, and thus he teaches us nothing. What a pity.

Harpur’s thesis is not new. Indeed it is now at least 200 years old. For an interesting take on this story, see James Kiefer’s article on Whately’s Essay: Historical Doubts Relative to Napoleon Buonaparte. Whately responded to a Tom Harpur of his day by using the writers own methodology to argue that there was no Napoleon (despite the fact that people of that time were presumably still alive who had known him).

The interesting thing is not only did people think Whately actually disbelieved the existence of Napoleon (rather than just providing a critique of another author), but they actually believed he had proven his case!

The Pagan Christ is a myth. Jesus Christ is not.

Steve Gibson of the Truth Driven Thinking podcast, website and book offers us a survey on which we can apparently analyse something about our critical thinking skills and what he calls “Emotion Driven Thinking”.

He is careful to claim the survey is unscientific, but having taken the survey, I think it is worse than unscientific - it is hopeless - an excellent example of what not to put in a web poll.

Let’s examine why it is so bad:

1. The first question asks us to rate our critical thinking skills. No problem here, except that some demographics might have been better to start with (age, sex, education etc.) However, what are we going to derive from this datum? The survey sample is self selecting (a problem with all web polls), so we might expect the respondents bothering to take the survey to already be interested in critical thinking.
2. We are next asked to state all beliefs that we have held at some point in our life (so that we can be asked what beliefs we no longer hold). This question fails because we cannot reasonably recount every belief we have at some point held. For instance, as a child I was interested in the story of the Loch Ness monster, but I cannot reasonably say now whether I ever really believed such a monster did or does exist.
3. Question 4 was the one that drove me to write this article though. It reads:

   At any point in your life have you believed that you “heard” a discernable message from an extra terrestrial being, directed to you (including hearing a voice, seeing a message, talking face to face, or any other bonafide communication to you)?

   My problem with this question is that “extra terrestrial” is a term used generally to describe non-earth born alien life forms (as in the filem/movie “E.T.”) It appears from this wording that Mr Gibson wants to use the term more freely - in the sense of any “out of this world” experience, including spiritual experiences. This is illegitimate because he introduces an emotional element (of the kind he claims we must exclude) in his terminology. It is also illegitimate, because a Christian would point out that a message from God is not a message from an extra terrestrial, because of the doctrine of God’s immanence. Christian doctrine places God in all creation. God is the only one for whom it is true that were he to leave a room, the room would cease to exist. Thus Steve Gibson’s question fails to capture what he thinks it captures, and nowhere does he ask whether people who think themselves good critical thinkers have had spiritual experiences that they once or still consider to be real.
4. Question 5 fails to take into account that people outside the U.S. might read his survey (or that there might be more to politics than vague notions of left and right).
5. Later he asks us whether our views would change, and if so in which way they would change. If we know our views will change in a certain direction then the views have in fact already changed.
6. Question 11 again asks for political leanings based on the U.S. system only. I wonder if it is because the U.S. only has two parties that they think that politics is a matter of two sides. Indeed, is there a really a difference between the two American parties?
7. Later we are asked if we believe those outside our faith group can get to heaven or the good afterlife. I’m not sure what Hindus or Buddhists would make of this question, but again Steve Gibson seems to misunderstand Christian theology when he assumes on his podcast that one can answer this question in the affirmative only in defiance of Christian teaching. Was Abraham a Christian? All Christians should answer this question affirmatively.

So here we have a survey that is supposed to tell us about critical thinking, but it actually shows a lack of well rounded thinking on the part of the survey author. This is why he can interview a republican party non scientist hack who suggests that global warming is not a problem and we need do nothing about it, without once really challenging the muddle headed thinking in his presentation.

If we are to learn critical thinking from Mr Gibson, it should be to look at his example and then not do it this way.

Well that is my opinion anyway.