TITLE: Computing and Modern Culture
AUTHOR: Eugene Wallingford
DATE: July 22, 2008  8:50 PM
DESC: 
-----
BODY:
The
<A HREF="http://www.mcclatchydc.com/227/story/42980.html">
   recent rescue of hostages in Colombia</A>
relied on a strategy familiar to people interested in computer
network security: a
<A HREF="http://en.wikipedia.org/wiki/Man-in-the-middle_attack">
   man-in-the-middle attack</A>.

<BLOCKQUOTE><EM>
... for months, in an operation one army officer likened to
a "broken telephone," military intelligence had been able to
convince Ms. Betancourt's captor, Gerardo Aguilar, a guerrilla
known as "Cesar," that he was communicating with his top
bosses in the guerrillas' seven-man secretariat.  Army
intelligence convinced top guerrilla leaders that they were
talking to Cesar.  In reality, both were talking to army
intelligence.
</EM></BLOCKQUOTE>

As Bruce Schneier reports
<A HREF="http://www.wired.com/politics/security/commentary/securitymatters/2008/07/securitymatters_0710">
   in <EM>Wired</EM> magazine</A>,
this strategy is well-known on the internet, both to would-be
system crackers and to security experts.  The risk of
man-in-the-middle attacks is heightened on-line because the
primary safeguard against them -- shared social context -- is
so often lacking.  Schneier describes some of the technical
methods available for reducing the risk of such attacks, but
his tone is subdued...  Even when people have a protection
mechanism available, as they do in SSL, they usually don't
take advantage of it.  Why?  Using the mechanism requires
work, and most of us are just too lazy.

Then again, the probability of being victimized by a
man-in-the-middle attack may be small enough that many of us
can rationalize that the cost is greater than the benefit.
That is a convenient thought, until we are victimized!

The problem feature that makes man-in-the-middle attacks
possible is <STRONG>unjustified trust</STRONG>.  This is not
a feature of particular technical systems, but of any social
system that relies on mediated communication.  One of the neat
things about the Colombian hostage story it that shows that
some of the problems we study in computer science are relevant
in a wider context, and that some of our technical solutions
can be relevant, too.  A little computer science can amplify
the problem solving of almost anyone who deals with "systems",
whatever their components.

This story shows a potential influence from computing on the
wider world.  Just so that you know the relationship runs both
ways, I point you to Joshua Kerievsky's announcement of
"Programming with the Stars", one of the events on the
<A HREF="http://www.agile2008.org/stage-developers.html">
   Developer Jam stage</A>
at the upcoming Agile 2008 conference.  Programming with the
Stars adapts the successful formula of
<A HREF="http://abc.go.com/primetime/dancingwiththestars/index?pn=index">
   Dancing with the Stars</A>,
a hit television show, to the world of programming.  On
the TV show, non-dancers of renown from other popular
disciplines pair with professional dancers for a weekly
dance competitions.  Programming with the Stars will work
similarly, only with (pair) programming plugged in for
dancing.  Rather than competitions involving samba or tango,
the competitions will be in categories such as test-driven
development of new code and refactoring a code base.

As in the show, each pair will include an expert and a
non-expert, and there will be a panel of three judges:
<UL>
<LI> <A HREF="http://www.agilexp.com/rachel.php">
        Rachel Davies</A> </LI>
<LI> <A HREF="http://www.objectmentor.com/omTeam/martin_r.html">
        Uncle Bob Martin</A> </LI>
<LI> <A HREF="http://www.industriallogic.com/company/coaches/">
        Crazy Mike Hill</A> </LI>
</UL>

I've already
<A HREF="http://www.cs.uni.edu/~wallingf/blog/archives/monthly/2006-10.html#e2006-10-23T23_51_47.htm">
   mentioned Uncle Bob in this blog</A>,
even in a humorous vein, and I envision him playing the
role of Simon Cowell from "American Idol".  How Davies
and Hill compare to Paula Abdul and Randy Jackson, I
don't know.  But I expect plenty of sarcasm, gushing
praise, and hip lingo from the panel, dog.

Computer scientists and software developers can draw
<A HREF="http://www.cs.uni.edu/~wallingf/blog/archives/monthly/2004-09.html#e2004-09-20T08_29_38.htm">
   inspiration from pop culture</A>
and have a little fun along the way.  Just don't forget
that the ideas we play with are real and serious.  Ask
those rescued hostages.
-----