[Email sent to the ACM Digital Library team]

Dear Digital Library team,

ACM is my preferred publisher and I love the digital library, it has been the best resource for computer science papers.

I am deeply distressed and offended to find that the ACM Digital Library is now going to provide AI generated summaries of papers I have written. This is not something to which I have, or would consent. This adds no value to articles which already have abstracts, written by real humans who understood the paper. The use of Generative AI in general is deeply problematic in a huge variety of ways, and in this instance I consider that it would be immoral for me to consent to this. Implying that using generative AI is somehow OK or normative where my students would see it is deeply problematic as it is already destroying their ability to learn anything.

My view is that the ACM should focus on getting the fundamentals right, rather than expensive gimmicks like this. For example, the advanced search tool only lets you filter by journals, not conference proceedings on the initial search page, though you can filter by them on the search results page. So there are clearly basic, useful, and uncontroversial features left to implement

Please roll back this feature immediately, or at least make it opt-in if you must do it.

Thank you & best wishes,

Daniel

My first interaction with Ross was through his work. In my second year at university a PhD student (David Simner) suggested that reading Ross’ textbook “Security Engineering” was good preparation, and so over the course of a few weeks that autumn I read it cover to cover. Now I am a Senior Lecturer in cybersecurity, and one of the places that began was there. I still recommend that anyone involved in security read the latest edition of that book, because of the way it so clearly and accessibly explains and systematises such a huge breadth of important topics in cybersecurity.

Later Ross was my lecturer, explaining so much, so clearly and engagingly. In those days I still found Ross a little intimidating, but as I got to know him better I discovered how warm, friendly, and caring he was. He became my great grand PhD supervisor (Alastair Beresford <- Frank Stajano <- Ross Anderson), my co-lecturer, my PI, my co-author, my co-conspirator, and my friend.

So many people owe so much to Ross. His broad understanding of cybersecurity that proactively drew in other disciplines and created fields like security economics. His commitment to civil society through the cryptowars, patient privacy, government IT, and civil liberties. His commitment to his family and friends, and his support for disadvantaged people. While much of what he did was very public, some of the most important things were only visible if you got close to him.

He made a huge difference to the careers of many people (including my own), with many of his PhD students and postdocs going on to obtain faculty positions internationally, or other senior roles where they have in turn had a huge impact. He supported a diversity of thought and brought people into the department from a range of disciplines, helping to redefine what computer science is.

He had a huge impact on the University of Cambridge (once named the “most powerful person”) through a range of campaigns and several terms on the University Council. He was ever a critical friend of the Vice Chancellor and played an important role in uncovering various kinds of corruption, mismanagement and discrimination. I learnt a lot from him through that. For a while he chaired the Cycling and Walking Sub Group of the Transport Working Group of which I was secretary. I think our first formal joint work was our proposed policy on cycling and walking, which was completely ignored by the University. He fought with me for the rights of postdocs to continue to be allowed to vote in University democracy (we lost). He was always someone you wanted by your side in a fight.

Ever one to have a memorable turn of phrase, one of the things he achieved in his battles with the central administrators was to plant a little ghost of himself in their heads so that every time they thought of doing something silly (e.g. on IP) the ghost would remind them of what response that would get and so put them off. This saved him a lot of time.

Another memorable description was of the zombie government policies on cryptography, or ID cards, or NHS IT. Ross and others would keep killing these policies off, carrying them away with great fanfare and burying them deep under the ground. Only for the policies to claw their way back out again after the next election.

One of our many great losses is that we will no longer have Ross in our ranks as we fight these good fights. However, many of us carry the memory of Ross, and a model of what he might do. Not that we should necessarily do the same thing, but it is often a helpful starting point.

One of his last battles with the central administrators was over Cambridge’s mandatory retirement age. He didn’t want to retire as he had so much left to do. While he was forced to partially retire in 2023 he had not given up on returning to full time pay (he was still doing full time work). That injustice remains for others to right.

I had hoped that the next government would live to regret appointing Ross to the House of Lords, he would have been good at that and caused some good trouble.

He was not perfect, like all of us he made mistakes, and sometimes enemies, but he was our friend and we loved him. We will miss him. He leaves both a void and a great many people who he trained to fill it.

There is much more I could say and much worth saying that I do not know. He did a lot. He was a giant and he helped us stand on his shoulders. He showed us that humans could be heroes.

I needed to transfer files between an old server and its replacement. rsync over ssh is the obvious tool to use but working out how to use it properly such that all file permissions are preserved under the restriction that it is not possible to ssh as root, and so sudo is required on both ends. Additionally rsync cannot be used to transfer files between two remote hosts, one end needs to be local to rsync. There is a further complication caused by the fact that we cannot type in the sudo password required by the sudo on the remote host end on the command line as rsync is already using that pipe for its own stuff so we need some X-forwarding to give us an independent channel for that and ssh-askpass to make use of it. The most useful advice came from a 2015 blog from dg12158 at Bristol but I had to add a few things for my use case.

## Preparation
# On source host
sudo apt install rsync # If not already installed

# On destination host
sudo apt install ssh-askpass rsync # If not already installed

## Transfer
# On local host
ssh -AX admin-user@source.host.example.com # To get to source host with ssh-agent and X forwarding
sudo --preserve-env=SSH_AUTH_SOCK rsync --delete --relative --acls --xattrs --atimes --crtimes --hard-links -ave 'ssh -X' --rsync-path='SUDO_ASKPASS=/usr/bin/ssh-askpass sudo -A rsync' /home/./user1/Maildir /home/./user2/Maildir /home/./user3/Maildir /home/./user4/ admin-user@destination.host.example.com:/home/
# --preserve-env so that the ssh-agent forwarding works inside sudo (using ssh agent forwarding is a security risk if source.host is compromised during the transfer)
# --delete because I expect to run this multiple times while making sure destination.host is ready before flipping over to the new host, and so also need to carry over file deletions
# --relative because I am copying directories from several different user accounts. The "/./" in the path truncates the relative path at that dot so that it all ends up in the right place in /home/ later.
# --acls --xattrs --atimes --crtimes --hard-links to make rsync be even more archivey than -a makes it
# -v for verbosity during testing
# -e to pass -X to the inner ssh used by rsync to continue the X-forwarding on to destination.host
# --rsync-path sets the SUDO_ASKPASS so that all that X-forwarding can be put to use, specifies sudo be used, and with -A so that ssh-askpass is used to ask for the password.
# Then the source folders to send over (using /./ as mentioned earlier, to avoid an extra cd command)
# Finally the destination host details and directory

What I decided against was echoing passwords around or putting them in environment variables (risk of them being logged or ending up in bash histories, and using sudo -v in advance (because that requires editing the sudo config into a less secure state not using tty_tickets).

Hopefully that will come in useful to someone else, if not, then probably future me.

Or: or why the drains are blocked:

Context: “Cookie licking is the act of claiming something as something only you can do, but without actually doing it. (Note: This is considered a bad thing.)“

Sometimes public authorities lack the resources to deliver their proper functions (austerity) but cannot admit to this (legal obligation) and so persist in holding responsibility for a task they will never deliver (regulatory inspections once every 200 years). This means that alternative delivery by community groups and individuals is also prevented as the public authority has ‘licked the cookie’ of the task.

This is worse than straightforward responsiblisation where a public authority makes individuals or groups responsible for something the authority should be doing, as in this ‘licked responsiblisation’ those responsiblised are denied even the acknowledgement of their unsought responsibility. Hence, they are stuck waiting for help that will never come, unable to make alternative plans. This is why the drains in Glasgow are blocked and the streets unswept.

I can see two ‘solutions’ to this: The first is to adequately resource public authorities to deliver their statutory functions (unlikely in the UK with the government of the week). The second is for public authorities to admit failure (embarrassing) and enable individuals community groups to take full responsibility for parts of problems (to give them the cookie). For example, in Paris residents can formally take on responsibility for gardening small sections of public green space and do something more interesting with it than the local council could.

The ideal is probably to do both, to resource public authorities to fulfil their function, and for those authorities to have the flexibility to hand over responsibility for small bits of their work to community groups and individuals that demonstrate the ability to deliver something better than the public authority is required to.

The climate emergency requires rapid system change to enable widespread and speedy adoption of more efficient and better ways of doing things. Governments should get on and do that, individuals should prioritise making them do that. However, while most of the victim blaming of individuals “your fault for not doing enough” is micro-consumerist nonsense, there are some choices that those with sufficient means and desire can make. Before starting doing any of the things on this list, write to your elected representatives. This post is about those things that worked for me and a couple of things that did not work for me.

No car. While all the adults in my household have driving licenses, we have never owned a car and have repeatedly refused offers of “free car” from others. We could never have afforded our mortgages if we also had to pay the running cost of a car. Instead we have made use of car clubs, Zipcar, Enterprise, and now Co-wheels, which has the best coverage in Glasgow and is not blatantly out to get you like Enterprise is. We also hire cars when we need them for a week or so and this works out much cheaper than running a car and means we have one when we need one. Cycling is our main means of travel with bus and train doing most of the rest and we only need a car at all a handful of times a year. Choosing to live in an area with (relatively) good public transport helps as if I cannot cycle to work for some reason I have multiple public transport options.

Electric cargo bike. We have an electric cargo bike which removes the need for a car and has very low running costs, can move all sorts of things, and cope with Glasgow’s steep hills. These have started to take off in Glasgow with parents moving children and businesses delivering packages. In Scotland interest free loans are available from the Energy Saving Trust.

Hopefully no flying. I hope never to fly again and have not flown for several years. This can be a bit difficult as an academic and I may eventually be forced to fly somewhere, but the option of not doing so is becoming easier. Train and ferry to the European continent works pretty well and looks to be improving with more sleeper train provision. Further afield, well, I try to make choices that avoid that being necessary.

Local veg box delivery. We get most of our fruit and veg from Locavore and this was particularly great during lockdown as we knew they had a reliable supply of food (direct relationships with local suppliers) and so no issues with panic buying at supermarkets. They also handle all the complexities of making sure the food is environmentally friendly as possible so I can just trust them to handle all of that for me. Locavore also have a filling up shop which cuts down on packaging.

Reusable glass bottle milk delivery (including of oat milk). Another great help during lockdown and removes a huge amount of plastic waste. Oat milk tastes great and is my preference for most milk purposes and is also available in glass bottles.

Reduced meat and dairy. We are not quite vegan yet but have progressively cut down on meat and dairy and it really is not that hard. There are now substantially more appetising options and we have a wide range of tasty recipes to use. Locavore’s veg box means we keep experimenting and trying new things. Glasgow has some truly excellent food and that includes plenty of vegan options.

Bars of shampoo. Removing the shampoo plastic bottle waste by using bars of shampoo instead has worked just fine but some are rather better than others so don’t give up if the first one you try does not work well for you.

Reusable rub on deodorant. Replacing my previous aerosol can with Wild’s reusable applicator and compostable cardboard cartridges of deodorant has worked well and removed the use of both propellants and hard to recycle cans.

Second hand stuff. I have been particularly disappointed with the quality of clothes bought new recently from supposedly reputable shops, which fall apart before the older clothes they were supposed to replace. Pleased with some second hand purchases that seem like they will last longer than current products bought new. Why buy new when there is older stuff, which is better (and yet cheaper)?

Mending things and keeping things longer. We try to keep using things until either we do not need them (then give them/sell them to someone who can use them) or they break, at which point we try to mend them. I consequently have a box full of bits of electronics I need to get around to mending and regularly fix other kinds of item. I have been much more conscious about trying to buy things that will last and be repairable recently and am very pleased with my Fairphone 3+ in that respect.

Borrowing rather than buying. The Southside Tool Library means that there are a lot of tools that I don’t need to buy as I can just borrow them.

Swapping things with neighbours. Lockdown has been great for this with active local online communities of people to take away things you do not want and provide all sorts of useful things you do need, usually for free.

Less Christmas gifting. Getting a smaller number of nice things people actually want for a smaller number of people means less stress and less waste.

Shopping local. In a city like Glasgow there are loads of small local independent shops with great products within easy reach by walking or cycling and this reduces travel requirements and builds the local economy. Some local shops experimented with online stores during lockdown but this did not work that well.

Avoiding unnecessary packaging. This is often quite difficult (and requires proper government action) but filling up shops helps and more recently there are often much better options as companies realise it is something customers want.

Less chemical cleaning products. Mild eco friendly cleaning products or just a vinegar&water or bicarbonate of soda mix are often quite sufficient for cleaning.

Things that did not work so well

Green energy supply. It turned out that Bulb was not as green as it made itself out to be, which was very frustrating to discover. When choosing suppliers it was indistinguishable from Ecotricity on eco credentials but much cheaper in price. Turns out that was because Ecotricity was doing things properly. When the dust settles on the current energy crisis I will try again but no one wants new customers at the moment.

Eco toothpaste. Some eco toothpastes are rather less good as toothpastes than standard commercial options and if you do not realise they are missing vital ingredients (fluoride) then you may gain an additional visit to the dentist and so destroy any gains of not using toothpaste tubes. Will likely try again but burnt once.

Things currently under evaluation

Replacing shaving foam can with shaving cream and brush. Going OK so far.

Retrofitting home for improved insulation. Excited about Loco Home Retrofit‘s work in this space. Some success so far filling gaps with sheep wool insulation (so nice to work with) and replacing a broken blind with an energy saving one.

Sometimes people feel powerless, like their individual action does not matter. That is not true, it matters tremendously and it is enormously powerful, I am going to explain one of the reasons why.

When you make a decision it is not just you making that decision, it is also people like you making the same decision for similar reasons. No one exists in isolation or acts alone, every individual is part of many overlapping, interconnected, and interdependent groups, most of which they are not even aware of. When you make a decision you make it based on how you think and what you know (consciously or not). Other people like you will be in similar situations and make the same decision, you make it together.

This means that every action you take does matter because it is not just you, it is people like you doing the same thing. Your individual action might be tiny, but your collective action might be huge. If the only thing stopping you is that you do not think it will make a difference because it is just you, then do it, if you do it then other people will too, if you do not then they will not. You have the responsibility to make the decision and to do the thing, but in doing it, you will not be alone.

There are lots of reasons to vote and this is only one of them, but you should.

There is a dark side to the fact that you are not just yourself, you are a community, and that is that if others control the inputs to your community and target them carefully for every group, then you are not yourself, you are theirs.

Think carefully, think twice, install an ad-blocker and make your decision.

 

Now that sounds horribly patronising, which it is, and so this academic is going to get off his ivory tower with his simplistic notions and go and do some work.

The primary purpose of the EU is peace in Europe (particularly between EU members). War is expensive and so the secondary purpose of economic prosperity is well served by the primary purpose.

The pursuit of peace makes he EU act in strange and seemingly inefficient ways: Parliament gets on a train and travels to a different country. Development teams are split in half with hundreds of miles between them. Research funding is contingent on moving to a different country or collaborations between institutions in multiple countries. All of which seems rather inefficient due to the overheads of travel and communication, at least when considering only the immediate purpose of each activity.

However, considering the pursuit of peace it makes perfect sense and is much more ‘efficient’. By mixing people up and having them experience different countries, barriers are broken down. It is much harder to dehumanise and demonise people you know well and are your friends. The EU tries to tie people from all its nations so tightly together with bonds of love and friendship (and commerce and mutual dependence) that they might never again go to war.

We could learn something from that within our own nation for addressing the deep divisions between our different regions and social groups.

We must also consider how we will actively and systematically pursue peace in Europe and the wider world from outside the EU.

A substantial factor in my feelings of despair at Brexit is guilt. I could have done more, and, given the result, should have done more. I voted, but more was required.

Anger with those who lied and misled, with those who failed to do enough. That leads however to being angry with myself.

Those who have made this mess have a duty to fix it, but that does not just mean Boris Johnson and Michael Gove. It also means each one of us. While those who behaved badly during the campaign should be held to account, the only people we individually need to hold to account are ourselves. For me at least that is painful.

You might say that no individual insignificant person like me could make a difference. However, in a democracy I am an instance of a group of people. There are other people like me and so we are both individually and collectively responsible for our actions. If I decide individually to act in one way then it is likely that, independently, other people like me will decide to act in the same way.

Hence, even though I voted to remain, I still have to bear some personal culpability for the overall leave vote.

The United Kingdom of England and Wales will not be great in power but it could yet be great in love.

It will not be able to lead as it formerly could when it was a great power, but it could enthusiastically follow when other countries or supranational organisations like the EU lead in good directions.

It will not have the military power to wage war but perhaps it might help maintain peace.

 

It will be a long road back from fear and division, from racism and xenophobia, to tolerance, peace and love. Let us begin.

I am leaving Google and similar companies cloud services and moving to my own infrastructure for my personal data. This process is going to take a while and I am going to document it here to make it easier for others. However the obvious question is why move from free cloud services which already exist and are easy to use to paying for my own infrastructure and configuring it myself? Well partly I do not want to be the product any more which is being sold, I want to be the customer not merely a user who is being sold to advertisers. Since there is no way to pay Google to stop selling me I have to go elsewhere. I could go to someone like MyKolab which claims to care about privacy and do things properly – and people who cannot roll their own probably should think about it – but I get better guarantees from rolling my own and it should be a good learning experience.

Also Snowden. My aim is to make it such that if anyone (including state actors) want my data, then the easiest way of gaining access to it is to come and ask me nicely, we can discuss it like civilised people over tea and cake and if you make a sensible argument then you can have it. If not come back with a warrant. I am not a criminal or a terrorist and I do not expect to be treated like one with all my communications being intercepted. My data includes other people’s personally identifying information (PII) and so can only be disclosed to people who they would expect it to be given to for the purpose for which it was provided. That does not include GCHQ etc. and so I am not following the spirit of the Data Protection Act (DPA) if I make it possible for other people to obtain it without asking.

Similarly some of my friends work for Christian, environmental, aid or democracy organisations, sometimes in countries where doing so is dangerous. Information which might compromise their security is carefully never committed to computer systems (such operational security has been common in Christian circles for 2000 years) but sometimes people make mistakes, particularly when communicating internally in ‘safe’ countries like the UK. However no countries have clean records on human rights etc. and data collected by the ‘five eyes’ is shared with others (e.g. unfiltered access is given to Israel) and there are countries who are our allies in the ‘war on terror’ but which also persecute (or have elements of their security forces who persecute) minorities or groups within their country. I might in some sense be willing to trust the NSA and GCHQ etc. (because they have no reason to be interested in me) but I cannot because that means trusting 800,000 people in the US alone, some of whom will be working for bad governments.

Similarly while our present government is mostly trying to be good if frequently foolish. It is very easy for that to change. So we need to ensure that the work required to go from where we are to a police state is huge so that we have enough time to realise and do something about it. Presently the distance to cover in terms of infrastructure is far too small, being almost negligible. It is our duty as citizens to grow that gap and to keep it wide.

So I am going to try and find solutions which follow best practises of current computer security, following the principle of least privilege and using compartmentalisation to limit the damage that the compromise of any one component can cause. I am going to document this so that you can point out the holes in it so that we can learn together how to do this properly.

Maybe some of this might even help towards my PhD…