15 May 2014 § Leave a Comment
I am no longer on the faculty of the college at which I taught for almost a decade, or on any college or university faculty, which makes me an “independent scholar.” Well, I’m not independent, in the sense of unaffiliated, because I have several affiliations that have always been far more important, and longer-lasting, than my association with my former place of employment. I am still just as much a part of a broad set of research communities: historian-philosophers of science and the burgeoning digital HPS community; librarians; philosophers of science; scientists at AMNH and elsewhere; the cadre of professional philosophers taken as a whole. Free Open Source Software developers. The diversity of these affiliations reflects the state of the art in the humanities and sciences: hybrid vigor.
For many people, as it was for me, teaching at the college level is a form of intellectual enslavement. The 4-4 load is the most persistent and debilitating shackle. The provost grants especially well-liked junior faculty a one-course reduction, for one semester, once only. Maybe the deans owe the department chair a favor. Asking for more than this is a form of insubordination. Lack of office space and money for research multiply the detrimental effects of the 4-4 load. Senior faculty positions are sinecures. Most senior faculty settled into their jobs years before I went to graduate school, and books like The Structure of Scientific Revolutions or Wittgenstein on Rules and Private Language are known by myth or rumor. These same faculty are leaders of tenure and promotion committees. No one should be surprised to learn that despite a deep field of candidates across all the areas of specialization, new hires are mediocre. The deans and provosts are drawn more and more from a class of career administrators, having less and less experience teaching and little or no commitment to the values informed by the liberal arts. The Athletic Department is pleased to receive special treatment. When an athlete on a team especially important to the school cheats or plagiarizes, the coaches step in, and the dean suggests a “compromise.” It’s agreed that the student did something wrong; some mitigating circumstance is invented. For instance, it’s found that there is some ambiguity about whether the student’s activities fall far enough outside the norms of academic integrity to constitute much more than a misunderstanding on the student’s part, or there is some vagueness in the assignment’s instructions, and it is deemed that the student might have reasonably believed him- or herself permitted to cut and paste a Wikipedia article into his or her essay. The paper or exam is to be “re-graded,” the ill-gotten portions understood as integral to the student’s work. Indeed, this special treatment can be extended to any student who complains loudly enough. Stating such facts as those I have reviewed in this paragraph is usually attributed to sour grapes. No one wants to hear someone complain, and no one likes a sore loser. Notwithstanding being a sore loser or motivated by sour grapes, all I have done is state facts that apply generally, and they seem to me to be relevant. I take this as a corollary to “just because you’re paranoid doesn’t mean they’re not out to get you.”
Apparently there is the need to have little boxes for one another: adjunct, full-time faculty, associate professor, “independent scholar.” When I register with the APA, or subscribe to a journal, there is a box for “institutional affiliation.” David Chalmers sent a letter to everyone on the PhilPapers mailing list suggesting that each of us urge our institutions to pay the subscription fee. Apparently studying philosophy is only done in colleges and universities. I have the impression that the institution one is associated with, if there is one at all, is used to assess the quality and relevance of a person’s work. That’s the worst kind of ad hominem assessment. I was sometimes asked, while I was finishing my PhD, what I was up to, besides writing; if I responded with “teaching,” the response to this was often something like, “but not full-time, right?” or “it’s an adjunct position, right?” as if a course taught by an adjunct is less worthwhile than the same course taught by an assistant professor, or as a way of condescending to me—surely I cannot have found a tenure-track position! The narrative takes the shape of a Thomas Hardy novel. The fellowship graduate student from a well-known institution who ends up driving a taxi. He had so much promise! What happened? The landed gentry have tenure-track jobs at Ivy League schools, Big 10 schools, or other prestigious institutions; faculty in the rest of academia are serfs. People qualified enough for a faculty position, but who end up in administration, directing an honors program or advising undergraduates, are negligible. Serfs need servants too. They are certainly not faculty, as genuine faculty and PhD students will readily acknowledge, and I can’t see how such positions advance anyone’s interests in scholarship. Do they come with the library privileges granted to faculty? Access to the same computing resources? Is research taken into account in re-hiring or advancement decisions? Teaching is sometimes included in the job, but this is never a central purpose. The view that a librarian is a “failed academic” is frequently voiced by faculty members, most never having thought of systems for organizing information as anything more than what results when people who don’t understand alphabetical order are given the job.
Even so, these positions are generally viewed favorably relative to jobs outside of the college and university, the domain of the independent scholar, a classless individual, pitiable, fortunate enough to be granted admission to conferences or have their work published. These people have failed. I have absorbed the values at large in academia, and it’s hard for me not see it that way. Even at unremarkable colleges at which excellence is not valued, tenured and tenure-track faculty strut around as though they deserve recognition of a special distinction, just for having a faculty position. After all, academia is of special importance, because a college degree still carries social prestige, and is still viewed as a ticket to the white-collar work force; and academia is the sector of society responsible for generating knowledge and protecting the knowledge we have from bias and perversion. The latter opinion is probably a creation of the faculty themselves. Even though it’s not so unreasonable, if a little narrow, faculty people are generally more motivated to believe it by an independent sense of their own importance than by a genuine understanding of how or why they serve this purpose. This explains why so many faculty people insist on talking about politics as though from a position of objectivity, as opposed to talking about the subject in which they were trained, and which, presumably, they really can speak about with authority. Part-time faculty and full-time faculty not on the tenure track provide a service to the college, teaching, but that is all. It is a mercenary service. It’s uncomfortable to be around them because, not having been admitted to the Ivory Tower, but not having disassociated themselves from it, one senses desperation. The pay is so low, it’s for dilettantes who don’t require an income, such as women who don’t need to work because their husbands make enough money for the family, or else adjuncts who won’t give up on finding a tenure track job, and who make ends meet by living with their parents, building up credit card debt, or maintaining a standard of living they would have laughed at as college students. Some of them remain, holding out for a full-time position in the department. Department chairs are happy to allow adjuncts to persist in the belief that a position will open up, and that the department would want him or her for the job. Like all other non-tenure track faculty, as do those denied tenure, they eventually leave. Fortunately, there is no need to worry about them once they’re gone. “Oh, you say he took up investment banking or went to law school? Probably a better choice for him anyhow.” Feigning knowledge of these worldly professions is evidence to a professor of his or her own sense that he or she is not cut off from the life of those “outside the academy,” while at the same time retrenching the secure privilege believed to be accorded only to those inside it. The ethos is precisely contrary to what is expressed by soldiers by “leave no one behind.”
Almost everyone I know who has left academia, whether as a graduate student or faculty member, tenure-track or not—tenured or not—is happier, indeed, genuinely happy. This should not come as a surprise, given even the weakest views about rationality and a person’s capacity for action. If staying in academia would have made them happy, they would have stayed; and in many cases, those who stay do so because it makes them happier. It’s an obvious consequence of a policy of maximizing one’s marginal utility. I find the utility function for people who stay in academia eminently curious. There are so many drawbacks to the job that I can’t help but think that it’s the special feeling of distinction they prize the most. I wonder if my problem is that I was not motivated strongly enough by a prior sense of entitlement and distinction that, on finding out that this is the central payoff of the job, it ceased to appeal to me. I learned the hard way what is more important to me: independence.
21 April 2014 § Leave a Comment
In the previous post, I described some of the barriers to using FileVault 2 to protect data on a laptop hard drive. I have since made some discoveries that shine a light in what looks like a pretty dark corner of OS X. In the previous post I conclude that FileVault 2 offers no protection against data snoops because OS X unlocks the disk when an administrator logs in. The security afforded by an administrator account can be circumvented in a matter of minutes. Under 10.7, a user could not access the system login screen until entering in the disk password. It appears that Mavericks can be made to work this way. The older behavior occurs if the disk is encrypted using the “encrypt” item from the contextual menu that appears when ctrl- or right-clicking on the disk icon on the desktop. The insecure behavior occurs if the disk is encrypted using the FileVault 2 system preferences pane. I take it that the password is required to access the disk even if the machine is booted from an external disk. The machine cannot be booted into single user mode until the disk access password is entered, which defeats one of the ways most likely to be used to take control from an administrator.
I conclude that the combination of a good disk access password and a good administrator password offer effective data security against data snoops, unless they have access to a quantum computer.
I wonder if storing sensitive files on an encrypted disk image would provide still increased security, beyond what is afforded by requiring the user to enter an additional password.
11 April 2014 § Leave a Comment
If Mavericks’s implementation of Filevault 2 has any use, I can’t see it. Before I had installed Mavericks, I had used FileVault 2 to encrypt my laptp’s hard drive, and I recently decided to start using it again. I chose a suitably long and obscure password that I could easily remember and enter and pushed “encrypt.” Great, right? Feeling a little safer, I happily coded away (with a good bit of web surfing, to be sure).
Leaving the back doors unlocked, on purpose
On the next restart, the password entry screen for FileVault 2 didn’t appear. Formerly, a blue-grey screen would appear with a text entry field, which could only be bypassed with the FileVault 2 password. I checked everywhere I could think of for an option to require the Filevault 2 password on boot. I’ll save everyone the trouble of looking. Mavericks prevents this. I haven’t been able to find a way to change this behavior. This renders FileVault 2 of little use. There are well-known ways of resetting or by bypassing passwords for administrator users; since Mavericks allows administrators to bypass the FileVault 2 password field, this means that it provides no real protection. I can’t think of a scenario in which FileVault 2 can provide any meaningful protection for any disk that can be booted. I haven’t experimented yet with a disk used purely for data storage. Based on my recollection of the old FileVault 2, I would expect that the disk wouldn’t mount without the FileVault 2 password. I am pretty sure even a root user cannot mount a FileVault-2-encrypted disk without the password.
Defeating the exploits
There is a way to defeat one of the exploits that allows bypassing the login screen. Booting in single user mode gives immediate access to terminal prompt—as root. I can’t think of a more foolish idea. This is unfathomable. Clearly this open back door is intended as a mechanism for IT support, the Genius Bar, for instance, to perform heroic recovery efforts in case a user has forgotten his or her passowrd or damaged the OS so that it can’t get past even the earliest stages of the boot procedure. To defeat this, the boot procedure can be configured to require a password for root access. This isn’t especially difficult, or, if done conscientiously, risky.
Defeating the other exploit, which uses Apple utilities to reset administrator users’ passwords or bypass them entirely, requires extreme measures: so far as I can tell, it requires that a hardware-level PRAM password be set. Mistakes setting the hardware-level password can be fatal, requiring the machine to be sent back to Apple. Forgetting the password will have similar consequences.
If you want to scare yourself silly, you can read about these exploits, which are well-documented.
Conclusions about FileVault 2
I conclude that FileVault 2 encryption only makes sense for a boot disk in Mavericks if the PRAM password is set and the boot process is configured so that root access requires a password. The root-access password is needed in case someone who knows the PRAM password attempts to start the machine in single-user mode.
How good is it?
If these measures are taken, what level of security is acheived? The disk will be safe from people like students who want to access their grades on a professor’s laptop; thieves who lift the mac and want to access personal data before selling the machine; or someone who finds a misplaced laptop with patient data or other confidential documents.
from the moment the first quantum computer is turned on, all messages previously encoded with RSA will be readable. Any secrets that need to remain so after that moment, whether it comes in 10 years or next week, should not trust RSA now.
This permits access for university researchers, well-funded intelligence services such as everyone’s favorite, the NSA, and major multinational corporations. Quantum computing is expensive and requires rare expertise! If the US government wanted access to a machine protected in the manner I am suggesting, it would be simpler than using a quantum computer to compel Apple to access the PRAM password. I doubt that this is illegal under laws like the USA Patriot Act. No doubt the user him- or herself would be interrogated—low tech and probably effective!
The picture is a little rosier if the would-be snoops do not have access to quantum computing. Even top-grade decryption algorithms running on a cluster would probably still take a days or weeks to crack a good password. If the disk is removed and accessed on a machine booted from a different disk, if FileVault 2 behaves as it did in its pre-Mavericks state , the Filevault 2 password is needed.
What’s the use of a password anyhow?
The reason to use a password is to restrict access to the email account, system user, confidential information, etc. Making it available to people that can’t be trusted defeats this purpose entirely. Almost every password-accessible user account online has a “forgot password” utility which provides the user and the user alone with the ability to reset his or her password. Even the system administrator is not permitted access.
Don’t forget the password. Write it down and put it in a safety deposit box. Make it memorable. Don’t share it. Otherwise, don’t bother using one in the first place. And by all means, and now I am talking to you, Apple, don’t make an OS that renders passwords useless!