Bread and Circuses

I never really understood the appeal of Universal Basic Income, but after reading the European parliament’s proposal for Robotic Civil Rights I think I finally get it.

See, Europe wants to give robots a form of electronic personhood. Robots will have basic legal rights, provided that “robots are and will remain in the service of humans.” (Is the 13th Amendment a basic legal right in Europe, or is that just an American thing?)

The report also proposes a universal basic income for humans, under the assumption that vassal robots will take all the jobs.

These are the same policies that were enacted in Ancient Rome! The Roman Republic had the exact same problem where robots took all the jobs and left unemployed masses in their wake. Roman robots weren’t like the robots we know and love today, but “machines of flesh and blood”, as Aristotle would say. Except that Aristotle was Greek. Instrumentum vocale, as Cicero would say. Talking tools.

Ancient Roman robot

Rome engaged in lots of warfare where they conquered new territory and took the inhabitants as slaves. By the time the Republic turned into an Empire, slaves made up 40% of Italy’s population and held all the farming and service jobs. Large numbers of landless proletarii had no jobs and no source of income. They were too poor to even serve in the military (early soldiers had to bring their own armor).

Being an agrarian society, Roman wealth came in the form of land ownership. Political populares suggested putting limits on land holdings and redistributing some property to the poor, but the ruling class opposed that idea. Nobody likes to share ownership of the means of production. The nobilis preferred to keep wealth out of the plebs’ control, and provide them with guaranteed grain rations instead. Later on, it was upped to free bread, free olive oil, free salt, pork, and wine.

There was just one problem with this scenario. The last thing the ruling class wants is a bunch of well-fed poor people lollygagging about. Idle poor tend to do unpleasant things like Storm the Bastille, or Occupy Wall Street, or start a revolution, or whatever.

Hence the Roman emperors established a policy of Bread and Circuses to provide the masses with both sustenance and entertainment so they could have nothing to complain about. The circuses held chariot races, gladiator fights, and wild beast hunts. Sometimes they were filled with water to reenact naval battles.

Mostly it worked, and the unemployed were successfully distracted from the massive wealth inequality. Eventually it was not the proletariat who revolted against the upper class, but the slaves who didn’t get any bread or circuses. The rebel slaves were annihilated in each of three separate wars, but after the third one the Romans figured that they should probably give slaves some basic legal rights.

I’m Spartacus, and so’s my wife! The third slave rebellion was led by escaped gladiators.

The European Parliament recognizes the same danger of robots mounting a populist uprising, which is why it’s important to establish basic robot rights now. Also the draft bill mandates kill switches — that’s an idea the Romans would have appreciated. The underclass is less worrisome because they can be placated with basic income and circuses. Sadly, last week Ringling Bros. and Barnum & Bailey announced that they were shutting down. Say what you will about animal cruelty; that circus was the Greatest Show on Earth for people who can’t afford Cirque du Soleil.

We don’t have to have real circuses. Technology has the potential to be just as good a pacifier. Twitter is already a great lobotomy box, and when we get tired of that there’s always video games and porn. If VR improves, we can all live like the people in Wall-E and no one will give a damn where the wealth is.

When the robots finally do come for our jobs, mine will be one of the first to go. I sure hope the circuses are good.

How the Twitter App Bypasses Paywalls

by Isoroku Yamamoto

Wall Street Journal ended its practice of allowing special access for search engines. This means that a human visitor can no longer bypass the paywall by spoofing Google’s HTTP request headers.

However, subscription-based publications face a problem when users click on a link through Twitter or Facebook on a mobile device. Social media apps implement their own in-app browser, which generally do not retain cookies. Websites that require a user login must request the login every time the app is reopened.

This makes for a cumbersome user experience. Thus, publications like the Wall Street Journal disable login checks when a page request appears to come from Twitter.

It does this by inspecting HTTP request headers. The important headers are Referer and User-Agent.

When a link is shared on Twitter, the url is shortened to something like “https://t.co/9Mk58nL3xJ.” This goes to a Twitter server, which redirects the browser to the intended destination. Websites determine whether Twitter initiated the redirect by checking that the HTTP Referer string begins with “https://t.co/.” The rest of the string is ignored.

A web request from Twitter further identifies itself through the User-Agent header, which might look something like “Mobile/14C92 Twitter for iPhone.”

By submitting this information in request headers, any web browser can appear to be the Twitter app. It is easy to do this using a Chrome extension.

The following builds on top of last year’s tutorial for mimicking Google’s web crawler.

1. Use the same manifest.json file as before. Take care to list both http:// and https:// versions of the sites you are interested in, as many publishers now use ssl.

2. Modify the background.js file. The modified version should look like the one below. It is worth noting that all cookies have been blocked.

var VIA_TWITTER = ["wsj.com"]

function changeRefer(details) {

  foundReferer = false;
  foundUA = false;

  var useTwitter = VIA_TWITTER.map(function(url) {
    if (details.url.includes(url)) {
      return true;
    }
    return false;
  })
  .reduce(function(a, b) { return a || b}, false);

  var reqHeaders = details.requestHeaders.filter(function(header) {

    // block cookies by default
    if (header.name !== "Cookie") {
      return header;
    } 

  }).map(function(header) {
    
    if (header.name === "Referer") {
      header.value = setRefer(useTwitter);
      foundReferer = true;
    }
    if (header.name === "User-Agent") {
      header.value = setUserAgent(useTwitter);
      foundUA = true;
    }
    return header;
  })
  
  // append referer
  if (!foundReferer) {
    reqHeaders.push({
      "name": "Referer",
      "value": setRefer(useTwitter)
    })
  }
  if (!foundUA) {
    reqHeaders.push({
      "name": "User-Agent",
      "value": setUserAgent(useTwitter)
    })
  }
  return {requestHeaders: reqHeaders};
}

function blockCookies(details) {
  for (var i = 0; i < details.responseHeaders.length; ++i) {
    if (details.responseHeaders[i].name === "Set-Cookie") {
      details.responseHeaders.splice(i, 1);
    }
  }
  return {responseHeaders: details.responseHeaders};
}

function setRefer(useTwitter) {
  if (useTwitter) return "https://t.co/T1323aaaa"; 
  else return "https://www.google.com/";
}

function setUserAgent(useTwitter) {
  if (useTwitter) return "Mozilla/5.0 (iPhone; CPU iPhone OS 10_2 like Mac OS X) AppleWebKit/602.1.32 (KHTML, like Gecko) Mobile/14C92 Twitter for iPhone";
  else return "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)";
}

chrome.webRequest.onBeforeSendHeaders.addListener(changeRefer, {
  urls: ["<all_urls>"],
  types: ["main_frame"],
}, ["requestHeaders", "blocking"]);

chrome.webRequest.onHeadersReceived.addListener(blockCookies, {
  urls: ["<all_urls>"],
  types: ["main_frame"],
}, ["responseHeaders", "blocking"]);

Save both files in the same directory. The updated source code can also be downloaded here.

Now type chrome://extensions/ in the browser address bar.

Reload the old extension, or Load it as an unpacked extension if you have not previously done so. Enable the chrome extension and visit wsj.com.

There is always a tradeoff between security and usability. The fastest way to compromise a computer system is to accommodate lazy users. Or worse yet, accommodate lazy programmers.

The Role of Mathematics in Hacking

My undergraduate university had a graduation requirement of 45 units of analytical math, which I greatly resented because that was time better spent getting high. I already knew that I was either going to spend my life building computers or redeeming aluminum cans for nickels, and partial differential equations really weren’t a prerequisite for either.

THINK AGAIN.

Some time after graduation, I visited a classmate who recently completed his PhD in math and asked him what it is math people do for a PhD.

    “We choose some unproven theorem, and then figure out how to prove it.”

    “What if you choose something ridiculous, like Fermat’s Last Theorem? You could be stuck in grad school for centuries!”

    “Right, hopefully your graduate advisor tells you not to choose Fermat’s Theorem.”

Fermat’s Theorem.

Andrew Wiles actually proved Fermat’s Theorem in 1993, but it took 358 years of mathematical effort.

It started in 1637, when Pierre de Fermat wrote the following equation in the margin of a text, and stated that no three positive integers a, b, and c satisfy the following equation for n greater than 2.

a^n + b^n = c^n

For hundreds of years, mathematicians made unsuccessful attempts at a proof. In 1984, Gerhard Frey observed that if Fermat’s Theorem has a solution, then it can be shown that the following elliptic curve is not modular:

y^2 = x(x - a^p)(x + b^p)

Elliptic curves are important tools because the solution set forms an Abelian group, where you can add two points on the curve and get another point on the curve. This fact makes them useful for defining groups with particular properties, like secp256k1 for the digital signature algorithm used in Bitcoin.

ECDSA used in Bitcoin

By proving that the subset of elliptic curves that includes Frey’s equation must be modular, Wiles proved Fermat’s Theorem.

Proving a mathematical theorem, or constructing non-obvious examples, involves taking some set of underlying knowledge and putting it together in a new way. If you get stuck, it’s either because you were not aware of enough pieces, or you had all the pieces but couldn’t figure out how to fit things together. Determining which problem you have is the process of hacking a system.

In The Mathematical Hacker, Evan Miller brings up the example of a Fibonacci calculator.

Write a function that generates the nth number of the Fibonacci sequence (1,1,2,3,5,8...).

Here’s a solution that uses recursion:

def Fib(n):
    if n <= 1:
        return n
    else:
        return Fib(n-1) + Fib(n-2)

Neat. Now pretend you’re an HFT programmer and you need that function to calculate Fibonacci ratios. The code above would totally get you fired because it has to generate every single number up to n, and by the time it’s finished ten nanoseconds have elapsed and some guy in Weehawken just ate your lunch.

This is an imaginary scenario because algo traders probably hard code their Fibonacci ratios if they use them at all, but the point is that it’s possible to perform the calculation in logarithmic time:

def Fib(n):
    return (math.pow(0.5 + 0.5 * math.sqrt(5.0), n) – math.pow(0.5 - 0.5 * math.sqrt(5.0), n)) / math.sqrt(5.0)

In other words:

F_n = \frac{(1 + \sqrt{5})^n - (1 - \sqrt{5})^n}{2^n \sqrt{5}}

Wanna know why?

Did the Fibonacci function actually need recursion, or were we simply not aware of the closed-form solution? The trend in computer languages and tools is to create an environment where programmers never have to think about questions like that. That’s a fine strategy for enterprise software development, but it fails when it comes to problems with actual resource constraints.

The smartest math majors I knew in college are now employed as quants and algo traders on Wall Street. I guess that’s a good sign for our capital markets, or maybe possibly not.

Where Have all the Real Programmers Gone?

In a 1982 tongue-in-cheek diatribe titled “Real Programmers Don’t Use Pascal”, Ed Post laments the softening of computer programmers. Personal computers and user-friendly tools were breeding novices who could ostensibly write a program but not actually understand how it worked.

Real Programmers, he insists, do everything in Fortran. If Fortran isn’t available, they use assembly. If assembly isn’t available, they punch the hex codes directly into the front panel.

The article proved prescient. For decades, American universities dominated the ACM International Collegiate Programming Contest, the world’s largest and oldest programing competition. After 1989, it appears our country’s programmers fell off a cliff. The last 17 years’ winners have alternated between China and Russia, with two cameos from the University of Warsaw in Poland. Our last win was in 1997.

American inferiority isn’t just at the elite level; HackerRank compiled the results of 1.4 million coding challenges done by 300,000 programmers and ranked the United States at a dismal 28th. The top two countries were China and Russia. Geez, no wonder we keep getting hacked.

Real Programmers used to have a solid understanding of math. The questions used in programming competitions are really just mathematical logic problems with a coding element (here are some samples). The fact that American programmers are getting pwned at solving algorithms doesn’t mean we suck at computers, it means that our brightest programmers no longer focus on math.

According to Ed Post, here are some things that Real Programmers did for a living in 1982:

    o Real Programmers work for Los Alamos National Laboratory, writing
    atomic bomb simulations to run on Cray I supercomputers.

    o Real Programmers work for the National Security Agency, decoding
    Russian transmissions.

    o It was largely due to the efforts of thousands of Real Programmers
    working for NASA that our boys got to the moon and back before
    the Russkies.

These tasks don’t require programming skill so much as the ability to apply advanced mathematics. You can’t simulate bombs without integral calculus; You can’t put a man on the moon without understanding acceleration curves and differential calculus; You can’t decode ciphers without information theory and abstract mathematics.

Post warned that Real Programmers might compromise their principles to work at trivial but lucrative jobs, like building Atari games or writing code for LucasFilm. He was right. Three and a half decades later, the best programmers are working on better ways to show you ads.

The United States Information Agency, on Steroids

America is under attack. Cyber attack, that is. Throughout the past year, the Russians have spread wave after wave of fake news in an attempt to influence American voters.

National Intelligence Director James Clapper says the US needs to counter these attacks with our own propaganda. We need to bring back the US Information Agency, he says. Except this time, “on steroids”.

Now, I know the word “propaganda” carries a negative connotation, but don’t let that dissuade you. Former USIA head Ed Murrow said propaganda is fine, “so long as that propaganda is based on the truth.” And if there’s anyone we can trust to be a fair arbiter of the truth, it’s a government agency.

Let’s take a look at the US government’s long history of helping the public understand the truth.

Here’s a 1944 documentary about Japan and how Shintoism is a dangerous religion that drives the Japanese to become bloodthirsty imperialists hell-bent on world domination. Boo!!

It mostly features footage from old samurai movies and bad translations read in a Mickey Rooney accent. Americans didn’t know much about Japan in the 1940s and struggled to understand why the Japanese bombed Pearl Harbor. The fact that we cut off their oil supply might have had something to do with it. The film leaves that part out and blames it on Japan’s desire to conquer America.

This part talks about how Japanese people play a combative board game called Go, which teaches them military strategy. I wonder if we should be extra worried about evil AI now.

Plotting the invasion of China

The Defense Department also made a documentary about Germany. America had a large population of ethnic Germans so it was harder to completely make shit up. The film focuses on Prussia’s history of territorial expansion. Frederick the Great and Otto von Bismarck conquered neighboring states by force! Not like their neighbors in France and Britain, who settled colonies through kindness and generosity.

Germany’s warmongering culture meant that as soon as Allied forces withdrew after World War I, the Germans started remilitarizing and planning for world domination again. The biggest mistake of the Versailles Treaty was allowing these people to have their own country. 😠

Our Defense documentaries weren’t all negative. Here’s a 1943 film about our friends in Russia. It shows different ethnic groups dancing and playing musical instruments, and explains how people in Moscow, Ukraine, Moldova, Armenia, Georgia, Kazakh, Kirghiz, and Turkmen all share a common love of their Soviet Republic. Poland is conveniently never mentioned anywhere. Maybe they love the USSR a little bit less.

It’s because Russia is so rich in culture and natural resources that a long history of aggressors keep trying to conquer it. From the Teutonic Knights in the 13th century to the Swedes in the Great Northern War, Napoleon in 1812, and Kaiser Wilhelm in WWI, everyone keeps beating up on these innocent peasants. Now Hitler wants to take Moscow. We have to go stop him!! 🙁 🙁 🙁

Do we really need a new Information Agency? Can’t we just reuse the stuff our tax dollars paid for last time? It’s not like the truth ever changes, or anything.