
Absolute Scale Corrupts Absolutely - dankohn1
https://apenwarr.ca/log/20190819
======
cbanek
> "What is corruption? On the Internet, it's botnets and DDoS attacks."

While I don't disagree these are problems, it seems like the real corruption
is misinformation. To follow the flow of the article, the cheaper and faster
information flows, the more likely it is to be wrong. Think of how major news
networks having "breaking news" that ends up being flawed or wrong. (I'm
struggling to find it, but someone watched "breaking news" a couple of weeks
after it broke, and tried to figure out how accurate news reporting was. Huge
eye-opener for me). It used to be a small number of people knew how to make
web pages and host them. Now anyone can comment on any number of social media
platforms with maybe even more than one account.

To quote Dogbert: "Do you know how hard it was to spread rumors before the
internet?"

And it's the people that are spreading the information, although some botnets
seed it. People are very diverse, and are a great transmission mechanism,
since they change it in any number of ways.

Also, I remember DDoS attacks and botnets were around and thriving long before
most people knew what they were. Anyone remember WinNuke? This isn't some
magical new problem, it's just that more people are affected, and therefore
more people have heard of it.

I think the real problem with the internet isn't that it's too big, or has too
many people, but now it basically mirrors the real world. Many people and
companies are on the internet, trying to do what they were in the real world
on the internet. That invites criminals and troublemakers to also do what they
do on the internet.

The real problem is human nature, and that system is definitely large enough
to be corrupted. And it has been, for a long time.

~~~
JulianMorrison
The point being made is that it's some mathematical thing, more fundamental
than human nature, things that aren't human mediated behave this way too.

Think of the transmission of a disease as the percentage of the population
immune to it decreases. Island infections isolated by being unable to reach
new susceptible victims fizzle out. But above a certain susceptible
percentage, the infection can leap from group to group along the edges where
they touch, and it becomes a pandemic.

It's no just that the internet mirrors the real world, although it does. It's
that it breaks down isolation barriers in the real world which used to
passively defend against the spread of all sorts of unrelated corruption,
everything from Nigerian prince scams to bitcoin wallet stealing to nation
state disinformation.

~~~
spinningslate
>It's that it breaks down isolation barriers in the real world which used to
passively defend against the spread of all sorts of unrelated corruption

You've just put into words the loosely formed thought that's been trying to
escape my brain. Nature has a mechanism for limiting the positive feedback
effect of new corruption forces: geographic isolation. It's as fundamental to
diversity as evolution. Think e.g. the species that survive on the Galapagos
islands that would otherwise have been wiped out.

The internet has no circuit breaker; no way to attenuate positive feedback
cycles amplifying a signal (whatever that signal might be).

I'm no economist, but it seems to me that free market economics has the same
weakness: unfettered amplification without counterbalancing isolation removes
diversity. And leads to the small number of dominant monopolies in given
industry sectors. FANMAG[0] in the tech sector being just the latest example.

That's probably also why we shouldn't be hopeful about the author's proposal
as it's likely to end in one of two results:

1\. A failure 2\. A new monopoly

The idea of a "network of networks" is intuitively appealing at first sight,
but it's difficult to see how that serves society well if one company runs
them all. Another reason, perhaps, to treat the underlying network as a
utility.

[0] Facebook, Apple, Netflix, Microsoft, Amazon, Google.

------
abjKT26nO8
_> Wouldn't it be nice though? If you could have servers, like you did in the
1990s, with the same simple architectures as you used in the 1990s, and the
same sloppy security policies developer freedom as you had in the 1990s, but
somehow reach them from anywhere? Like... a network, but not the Internet. One
that isn't reachable from the Internet, or even addressable on the Internet.
One that uses the Internet as a substrate, but not as a banana.

> That's what we're working on._

So... They are working on a VPN then...?

~~~
yjftsjthsd-h
Sounds like an overlay network like zerotier to me.

~~~
floatboth
Which is.. a network.. that is virtual.. and private :D

------
danfang
The title is pretty click-baity and I don't necessarily agree with the
conclusion. The author raises a lot of good points about large systems being
subject to corruption.

However, I think the internet is self-regulating. Eventually, users will
choose new products, companies, and services that align with their values.

I think we're at the tail end of the first phase of internet mega-
corporations. In the past 15 years we've learned a lot about how people
interact on the internet, and how it's rife for abuse and misinformation.
We've created systems that negatively influence the quality of our lives and
relationships.

I don't believe that this is necessarily the status quo. There's certainly
momentum and money on the side of existing incumbents, but I think the public
is slowly catching on to their negative effects on society.

I'm actively working on what I think is the "second-generation" of social
networking and I hope users will eventually vote with their dollars and time.

~~~
yuvadam
Claiming the internet will self-regulate is no less of an empty claim as
assuming any other industry is capable of regulating itself.

~~~
iddan
More like assuming society is capable of regulating itself

~~~
TheSpiceIsLife
Well, we do tend to set a bad example for the kids.

------
ken
> For computer viruses, maybe we can have 10 operating systems, but you still
> don't want to be the unlucky one, and you also don't want to be stuck with
> the 10th best operating system or the 10th best browser. Diversity is how
> nature defends against corruption, but not how human engineers do.

Hold up. I'm not sure what "the 10th best browser" even means. There isn't
some absolute scale of browser quality. The web browser that more than half
the world uses is kind of lousy in my eyes. That's why these alternatives
exist.

Even if there were a single "best", you'd be much less likely to "be the
unlucky one", because if everyone is using a system with tiny market share,
you're each much less appealing to attackers. And the distribution falls off
really fast.

What's the 10th most popular OS today? NetBSD, maybe. I searched the CVE list
for "Microsoft Windows", and see 61 issues in 2019. "macOS" has 44 this year,
and NetBSD hasn't had any since 2017. The NetBSD developers are smart and
careful, I'm sure, but at least part of that has got to be because they've got
<0.1% market share. Nobody wants to spend time attacking NetBSD because then
you've got the problem of _finding_ a NetBSD system to actually attack! I
wouldn't use obscurity as my only security, but I'm not going to discount its
value, either.

> In fact, a major goal of modern engineering is to destroy diversity. As
> Deming would say, reduce variation. Find the "best" solution, then deploy it
> consistently everywhere, and keep improving it.

I disagree. Software engineering (real engineering, not "I built a webpage
over the weekend") does indeed use diversity as a tactic. Avionics famously
has multiple independent implementations, and checks results between the
units.

"Find the best solution" is great for general problem solving strategies, but
not good for sourcing implementations. When I'm building something, I don't
want to use a hardware component that was only available from one supplier.
Standardize the interfaces and requirements, but then make sure you can meet
those in more than one way.

~~~
sroussey
> Avionics famously has multiple independent implementations, and checks
> results between the units.

We studied this at university and it turns out even independent
implementations tended to have the same errors. So it’s even more work than
expected, and non-intuitively, they should be slightly less independent for
that reason.

~~~
FigmentEngine
source?

~~~
nickpsecurity
It was Nancy Levison with this article having a few links:

[https://leepike.wordpress.com/2009/04/27/n-version-
programmi...](https://leepike.wordpress.com/2009/04/27/n-version-programming-
for-the-nth-time/)

Levison's a brilliant, influential person in software safety:

[https://en.wikipedia.org/wiki/Nancy_Leveson](https://en.wikipedia.org/wiki/Nancy_Leveson)

------
gringler
People intuitively know this. That's why they invented gates and exclusivity.
Take e.g. rich people who want to have their own exclusive areas or ultra high
cost metropoles. These act as natural gatekeepers for outsiders to keep the
corruption away. At least that's what they hope for.

------
euske
This is an old argument. In the engineering world, it's been long known as
SPOF (single point of failure). SPOF exists in many forms. It can be a
physical part but can be protocols or people's beliefs. Google is kind of a
SPOF for many people as well as your ISP. A media is a SPOF in many political
systems. Some countries have only one national assembly, which is a SPOF too.
I would call Euro (currency) a kind of SPOF, but people might disagree, etc.
etc.

It's an engineer's job to reduce SPOFs when it comes to engineering, but
people in other fields are doing it too. It's just not called SPOF but
crafting those systems should be equally respected as engineering.

------
pacala
> most interactions should not be Internet scale

Metcalfe law's shadow: the risks in a network are proportional to the square
number of people connected to the network.

~~~
dredmorbius
Is this a thing, or just something you're suggesting here?

I think I like it.

------
Dylan16807
> A Fire Upon the Deep by Vernor Vinge, where some parts of the universe have
> much better connectivity than others and it doesn't go well at all.

That's not a particularly accurate description.

The problem was the level of technology, and accepting intelligent data
packets from infected sources. The suggested way to prevent infection was to
convert through a less-powerful intermediate format, still preserving the
meaning and amount of messages.

------
christopoulos
Isn’t there a similar, sort of inverse pattern with laws and enforcement?

The name escapes me, but it’s about the fact that once, even though laws were
passed, it required personnel to enforce it, so there was a sort of a natural
equilibrium between government and citizens. But now that we have all this
technology, law enforcement can enforce even the pettiest of laws...?

~~~
cbanek
To quote the Tao Te Ching:

The more laws and restrictions there are,

The poorer people become.

The sharper men’s weapons,

The more trouble in the land.

The more ingenious and clever men are,

The more strange things happen.

The more rules and regulations,

The more thieves and robbers.

~~~
dahart
I feel like the history of the United States is a fairly stark counter-example
to this thought. The chances of dying or getting robbed in the 1800s Wild West
were much higher than they are today. The standard of living and safety has
improved more or less monotonically since then, mostly due to more laws and
regulations. Even recent history in the last 50 years has seen violence and
crime decrease while laws grow.

~~~
cbanek
While crime rates have certainly changed, I'm not sure you can easily say that
it's because we have more laws. If anything, it seems like a lot of laws are
enforced with huge bias to race/class/wealth.

If it was proven that more laws = less crime, then I don't think we would have
seen the expanse of crime in the 80's and 90's. Think of the war on drugs, the
3 strikes laws, etc. If anything, I think getting more people out of poverty
reduces the crime rate (and also adds safety).

The Wild West I don't think so much was a lack of laws, but the lack of law
enforcement.

~~~
dahart
You're right, I can't say more laws are causing less crime. But I can say more
laws and less crime are correllated in the US, which is still a counter-
example to your Tao Te Ching quote, that claims more laws cause more crime. We
know that's not true.

The quote might be true in ancient or modern China, where the laws and
restrictions are being made in a dictatorial regime to censor the populace.
But that would mean this isn't a quote about the nature of laws, it's a quote
about the nature of China in a specific context, and can't really be applied
to situations outside that context.

In the U.S., despite the temporary uptick in property crimes in the 80s, it
went away again, and on the whole, on average, violent crimes have been in
decline for 300 years while the number of laws and restrictions has gone up.

I wouldn't call the war on drugs or 3 strikes to be examples of crime
expanding, those are both examples of government campaigns to fight crime.
They are both controversial, with a loud and large contingent of citizens who
believe those campaigns exaggerated the problems and are wasting vast amounts
of tax money without reducing crime rates.

> I think getting more people out of poverty reduces the crime rate (and also
> adds safety).

Totally agree with you there. Side note, some people believe the "war on
drugs" actually perpetuates poverty:
[https://en.wikipedia.org/wiki/War_on_drugs#Creation_of_a_per...](https://en.wikipedia.org/wiki/War_on_drugs#Creation_of_a_permanent_underclass)

~~~
cbanek
Violent crime isn't all crime, and I think the counterexample to what you're
talking about is the number of non-violent laws we make:

[https://www.amazon.com/Three-Felonies-Day-Target-
Innocent/dp...](https://www.amazon.com/Three-Felonies-Day-Target-
Innocent/dp/1594035229)

We have so many laws that basically the legal system can find something wrong
you've done, which makes everyone criminals. It's only a question of if they
will charge you with it. You can't have a crime without a law, because a crime
is when you break a law.

The war on drugs I would definitely say is crime expanding, as we are taking
things that was legal, or more legal (even while dangerous or stupid) and are
making them illegal. Now a substance abuse problem is also a criminal problem.

Same for three strikes, because many times you're taking a simple crime and
over penalizing it. If the US's crime rate has been dropping so quickly, why
do we have such a high prison population?

[https://en.wikipedia.org/wiki/Crime_in_the_United_States#/me...](https://en.wikipedia.org/wiki/Crime_in_the_United_States#/media/File:US_incarceration_timeline-
clean.svg)

I also am not sure we're making that many new laws for violent crime. I think
that is more or less well described.

And just because it's my favorite saying, "correlation is not causation!"

------
aniijbod
Scale reduces diversity which increases vulnerability. Darwin would
interrogate this potentiality in the following way(essentially articulating
the characteristics and benefits conferred by his evolutionary model) :
reproduction can essentially be viewed as scale in this kind of context: a
turtle's reproduction produces lots of turtles, rather than a random
assortment of lifeforms such as snails and rabbits, etc. In this sense,
biological reproduction results in the 'scale' of some particular thing, i.e.,
'more of the same', rather than 'different every time', i.e., differentiation,
or diversity. The vulnerability produced by scale in this context is that some
peril resulting from a change could render all instances of the scaled thing
extict. Nature produces the differentiation required to increase survival
chances in such circumstances by mutation taking place in the course of
reproduction. What the OP's concern seems to introduce, at least from my
perspective, is an argument for exploring the options and practicalities for
considering the possibility of somehow contriving something akin to a
'mutation imperative' into the design policy leading up to the development of
scaling processes, in order to introduce at least some potential for the level
of differentiation to constitute a potential for adaptation and thereby confer
a potential for survival in the face of what might otherwise be an extinction
level event. It's kind of like advocating applying some kind of 'resilience
theory' to 'scalable innovations', no? I don't know if anyone has already
proposed or even implemented this approach elsewhere.

------
_bxg1
Very good thoughts, although I feel a little weird about it subtly being a
plug.

Also, re: the plugged company, I don't really see how this product is
different from a VPN.

~~~
YawningAngel
It's different from a VPN because it includes a notion of identity (you don't
just know I'm on the corporate network, you know I'm asdfhero). It is very
similar to Google's BeyondCorp strategy though.

Given that the team are Xooglers, that's presumably not a coincidence.

~~~
jiveturkey
VPNs also have a notion of identity. You don't join the network just because
you know the IP address of the VPN server.

------
nickpsecurity
Great article. A few minor points:

“How did the Capital One + AWS hack happen”

They didn’t care enough to make it a policy to spend money on mitigations and
practices that consistently work across known classes of attacks. Aka they
didn’t care about it. They figured they’d litigate it, it wouldn’t cost much,
it would happen to the next CEO/CIO, etc.

“It shouldn’t, in short, be on the Internet. On the other hand, properly
authorized users, who are on the Internet, would like to be able to reach it
from anywhere. Because requiring all the employees to come to an office
location to do their jobs (“physical security”) seems kinda obsolete. That
leaves us with a conundrum, doesn’t it? Wouldn’t it be nice though? “

High-assurance guards [1] w/ VPN’s, link encryptors, and/or leased lines
running separation architectures using older nodes and designs for untrusted
interface to beat the hardware vulnerabilities. DiamondTek LAN built them into
PCI cards w/ Ethernet ports. Today, it could be an on-board chip connecting
the external interface. Such architectures been doing great in NSA and DOD
pentesting for decades. It’s what they use internally for TS/SCI at many
sensitive sites.

Alternatively, simple hardware running OpenBSD on embedded box in front of
(device/service here) mediating it according to (policy here) with mediation
done memory-safe w/ input validation and fuzzing. That’s the cheapest solution
that should stop most attackers. Also, throw them a donation if you do it.

[1]
[https://en.wikipedia.org/wiki/Guard_(information_security)](https://en.wikipedia.org/wiki/Guard_\(information_security\))

“ the horrors of IPv6, “

On Twitter, apenwarr also said:

“I had a connectivity problem, so I enabled IPv6. Now I have two connectivity
problems.”

Haha.

------
codeisawesome
I take some issue at calling natural predatory animals like Lions, Sharks etc.
a Cancer - ecosystems collapse without a predator.

~~~
tempWinHater
Yes, I also noticed that example as something not like the others.

------
denton-scratch
Galactic-scale corruption:
[https://en.wikipedia.org/wiki/A_Fire_Upon_the_Deep](https://en.wikipedia.org/wiki/A_Fire_Upon_the_Deep)
The story introduces The Net Of A Million Lies, but the large-scale corruption
I'm really thinking of is The Blight.

------
smitty1e
Frictionless systems run open-loop.

Lacking feedback, they go unstable.

Nothing about the Information Age makes it immune.

The sun also rises on the east.

------
buboard
I don't get the message. Is it "Problems scale up when something is growing"?
It's not new by any means. So do Solutions. Is there evidence that Problems
scale faster than Solutions?

~~~
hinkley
There are an astounding number of people who think that 'economies of scale'
applies to information technology.

Labor costs might not scale faster than customers, but everything else does.

------
brokenkebab
>It's also why you shouldn't allow foreigners to buy political ads in your
country.

Apparently, the author still needs to learn a thing, or two about the
internet.

------
hashkb
It's not fair to put predators (and diseases) in the same bucket as deliberate
abuse of a security vulnerability. Lions and plagues cannot be "good" or
"bad".

Only humans (and data) can be corrupt. Nature is the system operating at the
most massive scale and as far as we know nobody has breached gravity or
friction.

------
spidermango
[https://www.youtube.com/watch?v=V8GXw6IQJgY](https://www.youtube.com/watch?v=V8GXw6IQJgY)

------
sam_lowry_
Security by obscurity works.

~~~
OrgNet
if it didn't we wouldn't be using passwords ...

~~~
Retric
Passwords use secrecy not obscurity. The difference is obscurity is
discoverable via public information.

Think a captcha which is just “please type ‘5371’ in this box.”

Basically, benefiting from an unusual protocol not a hidden protocol.

------
sbhn
Wow, i never really thought of this before, it took me two seconds to
understand it.

------
jiveturkey
Reading the elevator pitch on the product website (tailscale.io), it's just an
undeveloped version of Cloudflare Access. (or, name your equivalent product)

It doesn't stand a chance.

Also, being the proxy between the user and internal applications isn't the
hard part of zero-trust.

