Michael Eriksson's Blog

A Swede in Germany

Archive for the ‘Uncategorized’ Category

My mother’s last funeral / Gunilla Wilhelmsdotter 1949-2017

leave a comment »

Today is the day of my mother’s last funeral.

While a funeral is how we all end, this feels very weird and somehow wrong. Not because she died or because she was my mother, but because officiating at funerals is one of the two things I associate most strongly with my mother (the other being “bringing flowers to old people”): She spent several decades as a priest* in the Church of Sweden, and in her small rural town, with its aging population, funerals outnumbered weddings and baptisms considerably.

*There was a lot more to the job than flowers and funerals, but some things simply come across in a more obvious manner to others, children in particular. Funerals also likely took more preparation than, say, baptisms, for the simple reason that is so much more important to say the right things and not say the wrong things. Much of this preparation was done at home.

It has been a long time since I had any major contact with her, mostly because my recollections of my childhood, school years, and family life in Kopparberg (for reasons that she could not control) were mostly negative, sometimes horrible. For my own peace of mind, I had an absolute need to distance myself from that world for a number of years and to build my own life, away from the past. A few attempts to re-connect per letter or email with my mother failed on our having too different interests, personalities, and opinions of how, to the point that contacts always felt like a chore to me, something more done out of duty than out of actual interest. On the rare occasion, we have likely all met someone who is a perfectly fine person, possibly someone loved by most others, but who just happens to be so incompatible with ourselves that interactions are hard or even annoying. In my case, very unfortunately, my mother was one of these rare people.*

*As with several points below, the details do not belong here. However, much of it was directly or indirectly caused by a clash between her extreme extroversion and my extreme introversion. Note that this is not to be confused with the “my parents are annoying/embarrassing/…” that most teenagers go through for a few years.

Still, this is one of the few things in my life that I have a bad conscience about and in which I have been far from a model son. In part out of necessity, true, but also in part because it was so much easier to keep certain chapters closed than to re-open them. I am well aware that my mother put in a larger effort and sacrificed more than most other parents do and that her life was harder than that of most modern Westerners.

Let me talk a little of what she did do (apart from delivering flowers and holding funerals) and what happened in her life:

When I was born, she was twenty-five years old and she and my father were both officers in the Salvation Army. My sister followed two and a half years later. Life in the Salvation Army was frugal*, the budget often tight, and I remember how my mother actually sew clothes for the family to save money. By the time I was four, we had moved twice**, which was an added stress and implied a removal from local friends and co-workers for both my parents, my mother in particular. Friends were very important to my mother and she kept in close contact with some particular friends (like Ruth, who was her assistant for a few years, a long, long time ago) over decades, even after all geographical and workplace connections were long gone.

*The Salvation Army is based on dedication to a higher cause, which includes getting by with less so that the needy can get by at all.

**The Salvation Army shares many aspects with some “ordinary” armies, e.g. in that its personnel is often ordered to re-locate every few years based on what happens to suit the army.

By the time I was five or six, my parents divorced and from here on the problems really started. The divorce was very amicable and little blame can be attached, seeing that my father was gay and eventually had understood that this was not a condition that marriage could cure.*

*I am, admittedly, not certain whether my mother ever knew this. My father only told me two decades later.

However, even an amicable divorce turns the world on its head and causes immense stress—even under normal circumstances. Here the circumstances were not normal: The Salvation Army disapproves of divorce and my parents had to leave their jobs and the apartment the Salvation Army had provided. This caused a further lack of money and yet another up-rooting, with mother and children moving back to my mother’s childhood town of Kopparberg, and my father to Stockholm. To boot, being an officer in the Salvation Army is normally a life-time career, making this worse than losing a regular job; and it requires a multi-year education that brings very little “market value” outside of the Salvation Army, giving my parents a worse starting point than if they had earned the equivalent of a regular Bachelor’s degree.

Once in Kopparberg, things were not easy:

  1. Employment was scarce and for several years my mother went through a mixture of unemployment and low-paying, temporary jobs. This included a stretch as leader of after-school activities, which lead her to a pun in which she took great delight: Legitimerad lekare.*

    *Unfortunately untranslatable, but it is a play on “legitimerad läkare” (roughly, “licensed physician”) and “lek” (“child’s play”, in the literal sense). A Bond fan might similarly have punned on being “licensed to kid”.

    I was too young to have very clear recollections or knowledge of our economy, but for quite some time second-hand and hand-me-downs dominated.* The help of her parents (i.e. my grand-parents) and, to a lesser degree, brother, who all had remained in Kopparberg, was certainly essential during the first few years, on both the material and the emotional side.

    *However, this was something that we children took in stride and considered perfectly normal, not something that we suffered from—the point is rather the compromises and extra effort my mother had to go through, compared with most other families. I even remember objecting strongly when my mother handed down one of my jackets to my sister: It was my jacket and it should, in due time, be handed down to my children—not to my sister. Today I hear people debating the dangers of childhood “poverty” and how it prevents children from wearing the brand clothes their class-mates wear or how they cannot afford to join a trip abroad with the other children… Go back just another generation or two, or look at some other countries in today’s world, and even what I had might be considered luxury in comparison.

  2. A further major personal blow fell within just a year or two after the divorce, when her father died very pre-maturely. The emotional distress was, of course, coupled with the removal of one of her two main support pillars. I was too young to know their relationship first hand, but from what I have gathered later I believe that she had an unusually strong connection to him, shown e.g. by her changing her last name to Wilhelmsdotter (“daughter of Wilhelm”) in his honor.

    Not long after that, the family dog, which had been with my mother longer than I had, likely since before she married, grew ill and had to be put down.

  3. Something went very wrong with both my sister and me during these first years, likely largely as a consequence of the many central people disappearing from our lives, in combination with a considerable friction between the two of us. I even had a recurring nightmare of being with my family and again and again, every time I looked away, have one of them disappear until I was all alone—and knowing that whatever had taken them would come for me next. The worst nightmare I have ever had…

    Thinking back, we were so horrible that I wonder how my mother could take it. In fact, one of the reasons why I have never founded a family of my own is the fear of ending up as a parent to that type of children. While the money issues eventually passed, these conflicts and problems endured for a very long time. (Including contributing to issues like my distancing myself from my “old” life, as already described, and my sister’s dropping out of high-school and only getting a job and moving away from our mother’s in her late twenties.)

    Regrettably, the stress on my mother was something I was too young to understand back then, making the task even harder for her.

    (I similar failed to understand the situation of my sister, who was even younger and probably hit even worse by the family losses, especially since I got to spend a lot more time with our father than she did. With hindsight, much of what I saw as pure malice back then might have been nothing more than little girl acting out her distress, possibly even just trying to get attention and interaction.)

Attempting to get back to steady employment and reasonable earnings, my mother took up studies of Theology aiming at priesthood: Four years of studies and long travels, with the university being hours away, while being a single mother—a task that most people would not even attempt.

However, having a good head for studies was one of my mother’s particular prides and failure was not an option: She bit down and got the job done, even when the odds were against her. (As when she had to squeeze in the mandatory class in Classic Greek in half the allotted time—something she liked to brag that her professor had considered impossible.) She traveled, she studied, she graduated. For reasons of geography, she did have to delegate a part of the child rearing to her mother, who stepped in and took care of us for several days a week.

Post-ordination, things improved: The earnings were better; the job was secure; a house was bought (courtesy of the dwindling local population and equally dwindling real-estate prices) as a replacement for the too small, rented apartment; and she found a new husband—-an old friend from the Salvation Army who had been kicked out after his divorce and who had taken up studies for priesthood… (A match made in heaven?)

During the next few years, she grew to be one of the most popular people of the community, smiling, bringing flowers to old people, and gaining friends even when she was holding funerals. She worked hard for the benefit of others as a priest, just as she had as mother. Even with the problematic children and the hard work, this was likely one of the happiest times of her adult life, with exactly the effect on others and the type of recognition that she wanted.

Unfortunately, the rest of her life saw many medical problems that got in the way, starting with a car crash* that broke her leg and might have had a negative effect on her back. Irrespective of the reason, she did develop severe back problems that lead to major surgery, which prevented her from sitting for many months and hampered her ability to work for even longer. Naturally, not being able to sit made car travel hard or, for longer distances, impossible—and for someone living in a rural area of Sweden, travel by car is a necessity for many things. I remember being home from college, likely over Christmas, and finding the living room rearranged to include a hospital bed, allowing my mother to join in the interactions.

*Probably traveling on duty between Kopparberg and Hörken, where she had her main responsibilities, but I could misremember.

She bit down and got through this too, still working hard, but in her early sixties (late fifties?) developed Spinal Stenosis, which is particularly bad in a job that involves a lot of standing and walking. From here on, she was forced to cut back on work considerably, working on a part-time or free-lance basis.

Then came ALS

ALS patients usually die within just a few years. My mother, unfortunately, was no exception, seeing her life cut short at 67.

And that brings us my mother’s last funeral.

Written by michaeleriksson

March 17, 2017 at 2:20 pm

Suggestions for a new press ethics / the indirect effects of fake news

leave a comment »

It is no secret that I am deeply troubled by the incompetence, irrationality, and partiality of journalists*. For some years, the short-comings of journalism have seen a partial cure through independent, Internet-based, sources of news and opinions. True, the average blogger is worse than the average journalist, but there are very many bloggers who make journalists look clueless.** True, many of the independent news sites are even more partial than traditional news papers, but they are partial in different directions and help to give readers a different perspective and to overcome the censorship*** and partisan angling that is common in journalism.

*For the sake of simplicity, I will mostly speak of “journalist”, “news paper”, and similar. This should not be taken to exclude e.g. TV news, TV reporters, and the like. The problem is a general one with traditional news media.

**And, frankly, when I hear journalists speak derisively about bloggers, or complain about bloggers not treating “real journalists” with sufficient respect, I marvel at their conceit and lack of self-insight.

***Usually driven by a fear that the readers will come to the “wrong” conclusion (i.e. another conclusion than journalist has) if exposed to the uninterpreted and unfiltered facts.

The new phenomenon of “fake news” threatens to end this cure: Firstly, the presence of “fake news” makes alternative sources of news less likely to be trusted to begin with. Secondly, traditional media and their allies are campaigning massively for more censorship against “fake news”. If that happens, even those alternative sources that engage in honest reporting could end up suffering severely, (E.g. because platforms like Facebook could choose to censor on the mere suspicion or because of uninformed or malicious complaints directed at actual news. This problem is worsened by the simultaneous increase in complaints against “hate-speech”—which, sadly and real occurrences of hate-speech notwithstanding, quite often amounts to nothing more than disagreeing with the politically correct “truth”) Considering how these things tend to run, it would also not be unsurprising if the bars were pushed higher and higher over time, giving traditional news sources their monopoly back. The meaning of “fake news” could very soon turn from actual fakes (“Trump is an alien”) to that which violates the world-view of the journalists or the politically correct (in Sweden, possibly, a study indicating differences between men and women that are in-born and not caused by societal brain-washing).

Depending on developments, “fake news” per se could prove to be a smaller problem than these side-effects…

Given this situation I have to call for another cure through a new type of press ethics based on strict adherence to principles like:

  1. To always report the facts in a manner that allows the readers to form their own opinions—even if they happen to deviate from the journalist’s. This includes not selectively filtering facts that that are unpleasant or incongruent with the journalist’s world view, and not presuming to be an arbiter of what is relevant and what not. (Except to the degree that space constraints prevent a listing of all details that e.g. Sherlock Holmes might have liked to hear.)
  2. Never to assume that journalists are more clever, better informed, better at critical thinking, …, than their readers. Quite often, the assumption is faulty even for the average reader—and it will virtually never be true for a significant part of the readership.
  3. Never to mix news and opinion. Opinion belongs in opinion pieces. If a journalist wants to express a certain opinion, he should keep the news clean and write a separate opinion piece, clearly marked as such. More often than not opinion pieces will be irrelevant; when they are relevant contrasting opinions should be allowed a say.

    As a notable special case, issues of ethics, “right and wrong”, …, are always (?) a matter of opinion, and, if ever, such opinions should only be applied when they are supported by a virtual consensus of the population. In many cases, a better solution is to contrast something against a specific set of rules. (E.g. by preferring “X’s article violates several rules of press ethics suggested by Michael Eriksson” rather than “X’s article is unethical”.)

  4. Ditto news and analysis, with the addendum that analysis is usually better left to an independent expert on the matter at hand than to a journalist (and that analysis might be relevant far more often than opinion). A good analysis, of course, will give all sides of the issue a fair hearing and will not be limited to using one particular approach. (Unless using the approach is uncontroversial: Solving a mathematical equation usually leads to the same result irrespective of which (sound) approach is used; however, a fiscal measure can lead to very different expected results when analyzed with different models.)

    I point especially to the many, many instances of journalists encountering a scientific study and jumping to a conclusion that is premature, only one of several possible, or simply nonsensical. Even something so trivial is often not understood as that “the study failed to show X” does not automatically imply “the study showed not-X”.

  5. To understand that the “common wisdom” among journalists, politicians, and the average citizen is often very far from what science actually says and to give preference to scientific opinion over personal opinion when reporting.
  6. To, as a counter-point, understand that not everyone who claims to be an expert actually is, that scientists often differ in opinion, and that the softer sciences are often fraught with ideological concerns.

    Experts tied to political or ideological movements are particularly likely (deliberately or through a biased world-view) to make flawed claims. To boot, the risk of encountering “experts” who simple lack the intelligence, tools, and/or depth and breadth of knowledge is considerably higher when talking with a member of a movement than with, say, a university professor.

  7. To always respect and convey any uncertainty present, especially in a legal context. For instance, someone suspected or accused of murder should always be referred to as “murder suspect” (and so on). In fact, considering how many miscarriages of justice take place, it is better to speak in terms of “convict”, “convicted”, and similar, even after a suspect has been found guilty—and to speak in terms “found guilty” rather than “guilty”. (In the U.S. system of bartering confessions for less punishment, not even a confession can be seen as conclusive proof of guilt.)
  8. To always give both parties in a controversy an equal say (or at least the opportunity for it) and to never side with either one in a news item. (That a journalist will side with one or the other in private is often unavoidable.) Siding within an opinion piece or analysis might or might not be justifiable depending on the circumstances, but it is clear that the siding should be based in reason and not emotions or prejudices about the parties involved.
  9. To never distort or exaggerate someones opinions or statements, including making assumptions about intent, motivation, inner state, unstated opinions, etc. A particular problematic case (that I have often complained about) is distortions like someone protesting against (militant) Islamism but being categorized as anti-Islam or even anti-Muslim. Another is the common assumption or claim that someone is racist or sexist based even on a factual, scientifically uncontroversial claim that does not fit the own world-view.

I stress that this list is by no means complete. There are likely many items of a similar type that can be added, with an even greater number coming from other areas, at least some of which are present in many current attempts at similar lists*. I could probably write several blog entries alone on journalists’ use of language… Admittedly, these several blog entries would be on the wrong abstraction level for a discussion of press ethics, but the point is that there other problem areas.

*While much of the above goes contrary to what many journalists appear to consider their role and would imply a major change of course.

I further stress that this list is intended for journalists and their like. Some of it can be taken to apply to e.g. bloggers or commenters too, especially where issues like representation of others’ opinions and other matters of “intellectual honesty” are concerned; however, much of it is simply irrelevant, redundant, or impractical when we move away from traditional journalism. (Starting with something as simple readers’ expectations: Blog–personal opinion. News paper–facts.)

As an aside: It is almost funny that the “fake news” debate has started in the wake of increased criticism of the press (at least in Germany). Even the phrase it self is close to the “Lügenpresse” (“lie press”, “liar press”) used by some German groups to belittle the press. While “Lügenpresse” has caused an outrage among journalists, I can only see it as unfair on two counts: Being too much of a blanket claim, seeing that some areas are worse than others, and ascribing a deliberate intent to the reality distortion that is often going on. More often than not, I suspect, it is just incompetence, in particular lack of critical thinking, that causes the distortion.

Written by michaeleriksson

February 25, 2017 at 12:07 am

PC annoyances

leave a comment »

One of the great annoyances and proofs of human stupidity is the many, many, many news items where poor reasoning or ignorance is used to support a politically correct agenda (be it by the journalist or the politicians, whatnot, reported on). I regularly find myself keeping a browser tab open, because I want to write something about a particularly idiotic item—but before I get around to it a week has passed and I have ten open tabs. (At which point I usually resign myself and just close them.)

Particularly common problems include:

  1. Variations of the 77-cents-on-the-dollar myth, which has been debunked for years*. Recently, e.g., the video-text of the German ARD reported that Germany is about to introduce transparency rules implying that women should have a (presumably asymmetric) right to find out what men in similar positions in their companies earn.

    *Cf. e.g. several earlier posts.

    A major problem with this is that just having the same (let alone a “similar”) position is not that strong an indication of what someone earns or should earn. Other criteria include actual performance, experience, education, how long the position has been held, and (very notably) negotiating* skill and tactic.

    *It could be argued that this is a bad thing, but as is it is a fact of life. I also suspect that it would be hard to abolish without risking a system where everyone is payed based on purely formal criteria, e.g. years in the company.

    The last item is particularly interesting, because men* tend to be more aggressive negotiators and are relatively more likely to turn down offers based on money—while increasing the risk of periods of unemployment and rejections. We can now have scenarios where four out of four women are hired at X (in some currency, for some time interval), while out of four more aggressively negotiating men three are hired at 1.1X and the fourth goes unemployed. The women find out that the three men earn more (while being ignorant of or disregarding the fourth), demand a raise with charges of sexual discrimination, and we end up with four women and three men earning 1.1X and one unemployed man… One group takes the high risk road for a higher reward and the other group receives the same reward without taking the risks… (With many variations, e.g., that is possible that everyone would have gotten 1.1X at a given company—but that only the men asked for it. Negotiations are there because the employers want to pay the least amount they can get away with—not because they want to systematically give women less money. I have even been asked outright what the smallest offer was that I would accept…)

    *Here and elsewhere I take is as granted that we speak of group differences, relative probabilities, and so on. That individual variations exists is a given and will not be spelled out.

    The first item (performance) is also of of extreme importance: In software development, my own field of practice, the difference in output and quality can be so large that it would often be easily justifiable to pay the one developer twice as much as the other. (Unfortunately, the decision makers are usually under the very unfortunate misconception that software developers are fungible and differences of that size are far rarer than they should be. Still, that someone earns 10, 20, 0r 30 % more is not automatically a sign of discrimination, skill at negotiation, or any non-performance factor—quite often it is a result of better performance.)

  2. Variations of women-are-not-successful-in-technology-due-to-discrimination.

    The truth is simply this: Men and women have different aptitudes and interests. Men more often end up as e.g. software developers and women as e.g. kindergarten teachers because that matches their natural preferences. Too boot, the women I have encountered so far in software development have only very rarely broken into the top half of the pack; off the top of my head, I recall no single woman who broke into the top quarter. (But I stress that my sample is too small to make statements about the overall population of female developers with certainty.)

    A particularly idiotic example is reporting on Facebook’s diversity program (which I originally encountered in a German news source which just parrots the original without any critical thinking).

    Facebook wants to diversify, but this “has been hampered by a multi-layered hiring process that gives a small committee of high-ranking engineers veto power over promising candidates”. Of course those pesky white men are at it again: “The engineering leaders making the ultimate choices, almost all white or Asian men, often assessed candidates on traditional metrics like where they attended college, whether they had worked at a top tech firm, or whether current Facebook employees could vouch for them”.

    What makes this particularly outrageous is the mention of “white or Asian men” in manner that very obviously is intended to imply that “white or Asian men” is the actual problem. It is not: The criteria used by these “white or Asian men” are sound and justified. The problem here is not the decision making process—it is the lack of suitable candidates. If (!) there is a problem here it is not with Facebook but with earlier stages: Facebook cannot be faulted if too few members of minority groups have gone to Stanford and MIT. This article* makes creating diversity a higher priority than finding the right person for the job at hand—an absurd attempt to create equality of outcome through destroying equality of opportunity. Notably, there is not one shred of proof presented that the decision makers would discriminate based on e.g. ethnicity—but if the lead of the article was followed, they would be forced to do so!

    *There are a number of problems with the article that I will not analyze in detail, but most of them boil down to observing result X and concluding Y without regard for other alternatives. For instance, it is true that using school as a criterion at the last stage of the process, rather than the first stage, is a bad idea—but if school has not been considered appropriately in the earlier stages and the sensible people only have a say in the last stage, well, better late than never. For instance, the claim that promising candidates, cf. above, are filtered out, is unsubstantiated and an explanation of “promising” is not given. For all we know, “promising” could here mean nothing but “is Hispanic, has a bachelor, wants to work here”—which is a long way from “is Hispanic, has a master from MIT with a great GPA, and has ten years of relevant experience”.

    (Not to forget: There is nothing remarkable with these decision makers being “white or Asian men”. Almost certainly this also reflects the suitable candidates in an earlier generation.)

    What has happened here is easy to understand: Facebook started to search for more diversified candidates, put them into the process, and found them being filtered out again, because they were not satisfactory. By analogy, if a fisherman casts his net wider, he will still not get the fish that is small enough to slip through the net.

  3. “Mäns våld mot kvinnor” (“mens’ violence against women”) is a Swedish specialty, but has similar variations in e.g. the U.S. (notably the misconception that domestic violence is committed predominantly by men onto women, which is very far from true).

    Using this specific phrase, feminists has spent decades running a grossly sexist campaign that paints men as serial abusers and women as innocent victims. Violence in the other direction and any other form of violence is strictly ignored. Violence simply is not a problem for these people—except when the perpetrator is a man and the victim a woman. To boot, “Mäns våld mot kvinnor” is painted as gigantic problem, while it in reality is a marginal issue: The vast majority of men do not in any way, shape, or form abuse their women.

    Unfortunately, feminist populism has become such a staple in Swedish mainstream political rhetoric that this type of hate speech and sexist rhetoric is regularly uttered even by high level politicians.

Written by michaeleriksson

January 13, 2017 at 6:11 am

Horrible customer experiences in Germany: Postbank

leave a comment »

Over the years, I have encountered a disturbing number of truly depressing behaviors from various German companies, both privately and in my professional and business life, be it stemming from incompetence, from blatant disregard for the customer’s rights, or from an inability to understand that both parties have to keep up their end of the bargain. I intend to discuss some of them over time, starting with the events around the business account I until very recently held with the Postbank (a banking subsidiary of Deutsche Post, the German “Post Office”). I recommend all readers to without exception have no dealings whatsoever with this grossly incompetent and customer hostile institution.

In an incomplete account:

  1. The account was supposed to come with a credit card, barring a vague disclaimer about credit worthiness. This disclaimer is fairly standard in Germany and something someone in good standing should be able to ignore—and I* earned well, had a bit of money put aside, and had never failed to pay a correct and undisputed bill. Still, I was refused a credit card, with the claim that these were not available to businesses* younger than, in my recollection, two years—something not mentioned with one word in advance.

    *Note that I work in a legal form that does not require the explicit founding of a company, implying that my credit worthiness as a business entity is (or at least should be) the same as my credit worthiness as a private person. This also makes the time limit applied harder to defend.

    No alternatives were presented (e.g. a debit or pre-paid card or a deposit).

    My request, about a year later, to look at the amount* of money in the account instead of the age of my business went without a reaction.

    *I will not discuss details of that kind here, for reasons of privacy. However, it was considerably more than I could realistically spend with the types of limits that apply to most German credit cards—and it had a history of rapid growth over the year that had passed.

    As a result, I was forced to use my private* credit card for e.g. booking and paying hotels, resulting in an unfortunate mixing of private and business funds/transactions, probably formally violating the terms of use for my private account, and removing many of the benefits with having a business account. Certainly, had I been told in advance about the business-age limit, I would absolutely not have opened my business account with the Postbank.

    *This credit card, as well as my private bank account, are with another bank.

  2. The account was supposed to come with a fully functioning Internet banking (and is anything else even conceivable in the years 2015 and 2016?!?). This did not turn out to be the case: In order to take actions within the online banking, including executing money transfers, I needed mTans*. In a first step, this required entry of a cell-phone number, to which a text message would be sent as verification, after which everything would work. However, despite several attempts on several days and despite a fully functioning cell phone**, I never received this text message.

    *I.e. Tans sent to a mobile phone. Frankly, the technical problems aside, it is very weak of a bank to force some specific technology on the users in that manner. What if someone does not have a cell phone?

    **Including the ability to receive text messages, something I verified carefully through copy-and-pasting the phone number from the online-banking page to an SMS-sending tool.

    My requests that the Postbank fix the problem went unheeded. Alternative means to activate mTans or do online banking were not provided.

    With this, the remaining benefits of a business account were gone and, again, I would certainly never have opened the account, had I expected such problems.

  3. As time went by, money accumulated on my business account from bills paid by my customers while my private account grew thinner and thinner, seeing that I had to pay all my costs, private and business, from my private account.

    I now wanted to transfer money to my private account and used one of the provided (paper) forms for an inconvenient and fee requiring* transfer. This transfer was never executed and I never received any notification as to the the “that” and “why”.

    *Whereas transfers through online banking, had they been possible, were free of charge.

  4. A little later, I finally bought a suitable apartment (cf. earlier posts) and needed to pay the seller. This time I went directly to the bank/post office, bringing a number of documents, including identification papers, with me, so that this could be done directly in the office, with no possibility of a hick-up. At the same time I wanted to transfer the lion’s part of the remainder to my private account.

    What happens? The clerk hands me several forms and asks me to complete them—apparently unable to do anything of what I had expected. Well, if filling in forms was the only thing available, I could have saved myself the walk and the almost half-hour (!) long wait in the queue, and just done this at home with the forms I already had.

    I filled in the forms, double-checked them, had the clerk double-check them (comparing against the known amounts and papers with printed versions of the relevant account numbers). This while explicitly mentioning the earlier unexecuted transfer and having emphasized how important it was that nothing went wrong. The clerk had no objections whatsoever to the form contents and claimed that the money would be transferred in no more than three* days.

    *Considerably slower than with online banking. (But in all fairness, I likely would not have been able to transfer so large a sum in one sitting per online banking anyway. The transfers to my private account are different, because I could easily just have made a monthly transfer for a smaller amount.)

    I waited four (!) days and still found no trace of a transfer.

  5. Come the next banking day, I went to another office, further away from my living quarters, where I expected a more bank- and less post-centric support from the external presentation, in order to terminate my account, ensure that the apartment seller received his money, and that every last cent of the remainder were transferred to my private account.

    Despite the exterior giving a “banky” impression, including having signs advertising various bank services, this office turned out to know nothing about banking, being virtually dedicated to postal matters. Not only that, the clerk I talked to this time was extremely rude and aggressive, from the first word on, apparently considering me an idiot for coming to them for a bank matter—never mind their own signs… In the end I was sent to a central office several kilometers away, where I eventual managed to find someone who was a dedicated bank employee.

  6. This visit took half-an eternity, with time spent waiting for service, with explanations, research of what had happened to the earlier transfers, the filling out and signing of form after form, …

    As it turns out, the first transfer had been rejected due to deviations in the signature. That might have been acceptable (I certainly do not want others transferring my money) had I been informed—but I was not. (As an aside, pen-and-paper signatures are an idiocy, being far to easy to forge, and suffering from considerable variations when written by the same person on different occasions. However, that is not a problem with the Postbank but with the overall system.)

    The other two had been filtered out because the scanner had been uncertain about the amounts. This sound more like an excuse than a reason, but is not entirely implausible, with standard German and Swedish digits being somewhat different. However, what followed later is under no circumstances acceptable: Firstly, such ambiguity should have been easily handled by a human reader (remember that the original clerk had verified the correctness and, by implication, readability)—and they had explicitly mentioned the amounts involved during the phone call, without prompting, which proves that they had no problems reading the numbers. Secondly, again they had failed to notify me.

    For the money transfer to the apartment seller, the situation was now urgent, and the clerk recommended an “express transfer”—for which I would have to pay another 15 Euro. This despite the only reason the express transfer was needed was the incompetence of the Postbank… Having no other choice, not wanting to risk the seller backing out, I consented, but clearly stated that I would demand these 15 Euros back. As promised, the money was transferred the same day.

    However, the money transfer for the remainder was not executed at all. This despite there being no room for error, the forms having been filled out by the clerk this time, and again without my receiving any type of notification as to the “that” and the “why”.

    Instead, the amount from the second of my earlier transfers to the private account suddenly turned up a few days after this visit. In combination, this is an obvious, obviously deliberate, and gross violation of my expressed will.

    To boot, despite my account being unambiguously terminated, with the additional unambiguous demand that any remainders of my money be transferred to my private account, this remainder has still not been transferred—almost two weeks after the visit. (And despite the clerk’s claim that money from an account termination should be available within roughly one week, even when not otherwise transferred.)

    As a result, the Postbank is currently sitting on a significant amount of money that they have no right whatsoever to sit on, while I find myself short the same amount of money.

    I have no idea whether they intend to return it, let alone when—but I do know that I will file criminal charges, contact the German Bank Inspection (Bafin) with a detailed complaint, and instruct a lawyer to take steps to retrieve my money against any and all further obstructions by the Postbank.

As an excursion, I originally picked the Postbank for my business account due to the, so it was presented, large net of bank offices, virtually every post office also being a bank office. In reality, as I have come to understand over the last few weeks, most of the post offices are useless when it comes to banking matters—even when their signs claim otherwise. In reality, the number of offices to take seriously is quite limited and the service network is far weaker, not stronger, than that of the main competitors (e.g. Commerzbank, Deutsche Bank, and, locally, various Sparkassen). Mostly, everything that can be done is to fill out a form that is then mailed to a more central office.

Written by michaeleriksson

December 17, 2016 at 7:52 pm

The declining security of Linux (and sudo considered harmful)

leave a comment »

Naive approaches to computer security have long been a thorn in my side, starting with the long lasting Windows assumption of a single user and user account on a system. (Originally explicit in that no second user account or user control was available; in the last ten-or-so-years in the form that the standard case is one user and one user only—who if at all possible should only ever work with one account.)

Unfortunately, Linux has also taken a turn for the worse over the years, often taken extremely naive approaches, prioritizing the convenience of the inexperienced user over security*, and opening holes that even a highly proficient user is often unaware of—and with more and more holes as time goes by.

*With the dual effect that those who want security have to put in a load of work (and likely still fail) and that many users are not aware of how poor their security is. Notably, the naive users might be pleased about the convenience—but they too are victims of the poor security. I would even argue that because they are naive, there is a greater obligation to protect them through implementing strong default security.

A prime example is the default file permissions (umask), which on most modern systems are set so that anyone can read the files of everyone else… This is so obviously wrong and idiotic that whoever is responsible should be taken out and shot. The obvious correct default behavior, and what matches the reasonable intent on almost all systems, are permissions where either only the owner is allowed to read a file or only the owner and the members of the files “group”*. One of the first things I do with a new installation is to restrict the default file permissions to owner only—if something else is needed for a specific file, I override the default.

*The standard file permissions on Unix-like systems divide the world into the owner, the group, and everyone else. By assigning users to a group, they can be given different access to certain files than “everyone else”, without being the owner.

This misconfiguration is particularly dangerous because it is unexpected, it is often only discovered when it is (potentially) to late, and it requires an over-average amount of knowledge to correct*.

*It is not enough to simply change the default setting: Each and every file that has already been created with that setting must have its individual setting corrected.

Another particularly annoying and dangerous problem is demonstrated by utterly conceptually flawed tools like sudo, pkexec, and polkit: Much like the execution controls in Windows, they assume that a user has a varying amount of rights to do things depending on how he does them. (E.g. through calling a command with or without sudo, or through giving or not giving a password to polkit.) While these tools are intended to increase security, they instead open up ridiculous security holes, and increase the likelihood both of users being given rights that the admins never intended them to have and of hostiles being able to achieve “privilege escalation”*.

*Roughly, an attacker starting with a certain set of rights that do not pose a danger and tricking the system into giving him more rights until he does pose a danger. This is a central part of cracking a computer system.

Consider sudo: The intention of sudo is that when a user executes the command X as “sudo X” (instead of just “X”), it is as if root (the main admin user) executed the same command. Now, what commands are allowed to “sudo” for a certain user is configurable, but this configuration can be a bitch. Take something as harmless as an editor: If the user can “sudo” the editor, he can now change system files, manipulate the password storage, read documents that should be secret, … The system is effectively an open book that a skilled cracker can exploit and infiltrate as he sees fit. OK, so we do not allow editors (and a number of more obvious things like command shells, commands to delete files, and the like). Now what about all the other applications that are not editors but still have the ability to execute editors or have the ability to even just save a file? What about those that can execute commands (e.g. through a “shell escape”—a very common mechanism on Unix-like systems)? They too must be ruled out. Etc. But here is the real devilry: How do we find out what commands have what abilities? This is a virtually impossible task, with many nasty surprises—e.g. that the standard pager (“less”; seemingly only intended to view files) has the ability to launch an editor… The only chance is to reduce the “sudoable” commands to an absolute minimum, carefully verify that minimum, and (more likely than not) conclude that the users now do not receive the convenience that sudo was intended to give them.

The task of configuring sudo is made the harder because most Linux distributions appear to work on the assumption that any system is a single user system (as with Windows above)—and cram down whatever gives the user convenience in the corresponding configuration. Looking at the configuration file /etc/sudoers on my current system*, I find e.g.

*No worries: While the configuration file is still there, the actual sudo program has been removed.

# Allow members of group sudo to execute any command

%sudo ALL=(ALL:ALL) ALL

The comment line says it all.

Now, a good admin would not assigns the group “sudo” to just anyone and would use far more granular settings to give individual users what they need. However, not all admins* are good and this approach practically invites the admin to be lazy and assign rights carelessly. To boot, this makes it ease for the Linux distribution to screw up, because the consequences of a change become hard to predict, e.g. when default group assignments or default configuration entries are altered. In one horrendous case I heard of some months ago, the default configuration actually gave everyone, irrespective of group, the right to “sudo” anything, resulting in a system with no actual security anymore…

*Note that the admin is often quite, quite poor as an admin: Admins are not just found in big enterprises—the family member who takes care of the family’s computers is also an admin.

Others do truly stupid things, like https://help.ubuntu.com/community/Sudoers which gives an example of how to add an editor (!) to the configuration—and this in a section titled “Common Tasks”…

myuser ALL = (root) NOPASSWD:NOEXEC: /usr/bin/vim

This example lets the user “myuser” run as root the “vim” binary without a password, and without letting vim shell out (the :shell command).

Well, preventing “shell out” (more properly “shell escape”, one of the issues I mention above) is good, but obviously the idiot who wrote this has failed to understand that an editor is lethally dangerous too (cf. above). For instance, “sudo vim /etc/shadow” gives a malicious user the possibility to change the root password, after which he can trivially gain a root shell—without needing a “shell out”.

In contrast, the earlier approach was very sound: Either a user account had the right to do something or it did not—end of story. Usually, “did not” applied, when not dealing with the users own files. When more rights were needed to do a task the physical user had to log in with a new user account with more rights in the relevant area (and typically less in other areas!)—if he was trusted with such an account*. Yes, sudo can be more convenient, but that convenience is bought with a horrendous drop in security.

*If he was not trusted, then he correctly had no opportunity to do whatever he wanted to do.

The one saving grace of sudo is that it makes live a little safer for those who would otherwise take even greater risks in the name of convenience, through giving themselves dangerous rights all the time. This, however, is not a valid reason to make life that much less secure for the users who actually try to be secure and know how to handle themselves. This is like noting that condoms reduce pleasure and replacing condoms with some other mechanism which gives more pleasure—but does so at the price of not actually preventing pregnancy and disease transmission…

As a rule of thumb: If someone recommends that you use sudo, discount anything he says on security issues. This tool is simply one of the worst security ideas in the history of Linux.

I have seen some truly absurd cases, e.g. one nitwit who adamantly insisted that logging in as root on a terminal was very dangerous, but still threw sudos around willy-nilly. (While logging in as root is never entirely without danger, a terminal is the least dangerous place to do so, seeing that this reduces the risk of a snooper catching the password, removes the temptation of starting various GUI programs, and drastically reduces the risk of forgetting that one is using the root account and mistakenly doing something stupid.)

Excursion for the pros:

Those who know a little more about Unix security might see a major advantage of sudo in the reduced need for suid-ing programs. This might or might not have been an advantage at some point of time, but I have worked for years without using sudo and I have never needed to change anything in this regard. I conclude that what should work works, be it through appropriate group settings, daemons, or suid programs that are there irrespective of the presence of sudo. In addition, I am not convinced that suid programs, the potential dangers notwithstanding, are a greater evil than sudo, at least not after considering the relative likelihood of an admin doing some stupid—it is not just a question of what approach is the safer technically, but also of what approach gives us the better protection from human errors.

Written by michaeleriksson

December 6, 2016 at 11:07 pm

A modest proposal

leave a comment »

Earlier today, I received a most disturbing communication from my good friend Jonatan Schnell. He has got his hands on a number of secret documents from various government agencies, and has asked me to publish the following excerpt:

This noble organization has been entrusted with two central tasks:

  1. Ensuring sufficient surveillance that unwanted transgressions of any kind are detected in a timely manner, ideally including the expression and formation of unsound opinions.
  2. Ensuring swift, accurate, and unavoidable corrective measures for such transgressions.

The last decades have seen many technological advancements and developments that raised our hopes of finally reaching success. Unfortunately, despite many partial successes, they have all eventually proved insufficient. I hardly need reminding you of how physical inspection of hard-drives has proved to be very fruitful, yet has far too often failed in the more important cases, through the use of high-grade encryption, often in conjuncture with the transgressor’s claim of “having forgotten” the passwords. Encryption in general, of course, has been a major obstacle, including not only hard-drives but also email communications and alternate networks like i2p and tor. Even HTTPS, although easy to circumvent, has caused considerable over-head, delays, and missed opportunities. Or take the unfortunate case of the aforementioned alternate networks: Left alone they risk nullifying our communication surveillance and de-anonymizing of Internet communication. (I stress again how important it is to continue our infiltration campaigns.)

The reason for failure is almost always that we are too far away from the immediate interaction, either in time or geographically. The best, but invariably most and often impracticability expensive, results are reached when we can apply direct surveillance, e.g. through camera and microphone monitoring or the installation of software directly on the computer of the transgressor. It is to be feared that even the most promising in-roads available, including the intended use of service providers such as Google, Facebook, and CloudFlare, will never suffice to meat our requirements, especially with the more surveillance-hostile elements.

The logical conclusion is to take this one step further, in a manner that ensures that all potential transgressors can be surveilled at a moments notice at no additional cost (after, admittedly, a high initial investment):

The enhancement of our citizens through physical implants to monitor their audio-visual input, including, indirectly, what they do, say, write, etc. In addition a GPS module might be added, allowing us to pin-point the location of any and all citizens at any given moment, as well as allowing us to track their movements and physical meetings over time. (Of course, some of the same benefits can be reached through tracking cell-phones. These have the weakness that they can be left at home, run out of batteries, or be temporarily shielded.) Long term additional surveillance of brain patterns, heart beat, and other biological signs can prove a valuable addition. For instance, if someone reacts negatively to a government message, we would immediately know that there is need for more dedicated surveillance; if someone reacts with arousal to another party of the wrong gender or below the age of eighteen, this can be registered and the corresponding warnings be issued to neighboring residents; and so on. The addition of the possibility to produce auditory or visual stimuli is particularly interesting. For instance, when a transgression is detected in flagrante the transgressor can be given immediate notification and instructions from law officers to stand down and await arrest.

To avoid removal or more temporary manipulations, these enhancements would regularly and automatically be in communication with a central controller (e.g. by radio or the cell-phone network). Any time an enhancement misses a check-in, this if filed as a violation and an APB is put out. After the transgressor has been apprehended, the enhancements are checked and/or replaced (at the transgressors cost) and corrective action is taken when appropriate. It would of course be made illegal to provide or use any structure or equipment that blocks the needed signals.

In the long term, the enhancements can be provided with the ability to directly incite an algesic response when the check-ins fail, as well as during any detected attempt at removal. This can be extended to a greater range of transgressions, like trying to enter or leave the country without using the official border crossings. Additional possibilities for aversion therapy are open: The wrong reactions to certain stimuli, the expression of unsound opinions, and other correctable transgressions of a similar nature can be swiftly and automatically handled by the enhancements themselves, causing the transgressors to associate such deviations with the algesic response.

Following this trail to its end (but here I fear that the political climate is not yet sufficiently matured) enhancements can be used for more conclusive corrective actions. Consider replacing the lengthy and costly procedures around e.g. a lethal injection by reaching the same result with a minor trauma in a suitable brain region. Or permanently incapacitating a hostage taker remotely, with the push of a button, through the same mechanism. Or removing a threat from a greater group (e.g. the Irish) of potential transgressors in one single action, including cases where large-scale incarceration or deportation would be the alternative.

A few practical details: Normally the enhancements would be added shortly after birth, ensuring that everyone is included from an early age (and as a positive side-effect reaps the benefits from the appropriate feedback to reactions and behavior even during childhood). Unfortunately, it would take several decades to reach a reasonable coverage in the adult population in this manner; while a single mass-enhancement in the entire adult population would be entirely impractical. A reasonable middle road is a two-pronged approach where high risk groups, notably convicts and those potentially engaged in subversive activities (including critics of our operations), are targeted with a mass-enhancement and the remainder of the population is enhanced at certain occasions where the necessary equipment can always be reliably made available, e.g. a driver’s license renewal or when first entering the country. This has the added advantage that enforcement can be kept high and voluntary through making the enhancement a mandatory condition for the government granting a driver’s license, letting someone into the country, and so on. Ideally, we will even be able to pass on the cost of the enhancement to the respective citizen.

While the costs of this might seem prohibitive in a first impression, there are considerable reason to believe that we can leverage these enhancements to not only cover the costs of the project but to allow additional financing of related projects, once a sufficient critical mass has been built. Our preliminary research indicates a great industry interest in access to selective gathered data for purposes such as targeted advertising and market research. Or consider allowing advertisers to send information directly to the ears and eyes of the subject, without having to use conventional devices that can be turned off or the advertising otherwise circumvented. The possibilities are endless.

Postscript: For those who have missed the allusions, the above is entirely fictional, specifically making a play on Jonathan Swift’s work by the same name, in which he suggests using Irish children as a food source. However, apart from the most extreme parts, the above is well in line with current developments with regards to e.g. governments cracking computers or smart-phones, engaging in unethical and often unlawful surveillance, etc. If the suggestions were viable today, at least some of them would be on the table with at least some politicians, law enforcers, and the like. This just looking at the modern West—in North Korea they would conceivably go all out.

Written by michaeleriksson

November 21, 2016 at 12:04 am

How to lose an election in a lost democracy

leave a comment »

In recent times, I have made several posts dealing with the themes like democracy and the U.S. presidential election—including How to win an election in a lost democracy, on how a truly disastrous candidate (like Hillary Clinton) could conceivably and hypothetically manage to win through placing a sufficiently bad candidate (like Trump) in the opposing camp.

While this was not a serious suggestion (at least not for the current election), I actually and honestly thought that the flaws of Trump would bring Hillary a victory—for the last week or two before the election, a sure-fire one, with not enough time left for a turn-around. This to the point that I actually failed to write the please-consider-what-you-are-doing post I had planned for last week, seeing it as a waste of time.

Election day came the miracle and one of the greatest reliefs I have ever experience—a major bullet was dodged.

Despite the title of this post, I will not try to analyze how this happened in-depth (I have not done the necessary leg-work). But: Trump likely managed to leverage his advantages among the uneducated/working-class/whatnot*, while likely sufficiently many in the rest of the population realized that Hillary was the greater evil, possibly aided by the email scandals that brought her long history of bad behavior to mind—as well as the many investigations that have all been prematurely interrupted. Trump was lucky (or campaigned well…) in that his distribution of votes gave him a majority of electors through winning most of the swing states, while having slightly fewer votes than Hillary overall. Voter turnout, how many of whose supporters actually voted, might have had a significant effect (often the case with upsets).

*Looking at statistics at e.g. https://en.wikipedia.org/wiki/United_States_presidential_election,_2016 it is clear that the candidates have very different impacts on different demographics, including using criteria like education. That I side with the candidate of the “uneducated” while most of the “educated” go against my recommendations is annoying, but I can understand how someone like Trumps rubs the educated the wrong way—I too see him merely as the lesser of two evils and would like have preferred e.g. Obama. At the same time, I re-iterate my observation that education is not automatically a sign of intelligence or good judgment: Many of the educated who voted for Hillary will have done so because she too is educated, because she has a more sophisticated image, because the educated in the U.S. are “supposed” to vote Democrat, or similar. With the Republicans and the Democrats in general, there is often the problem that those with some intelligence are bright enough to see the right-most wing of the Republicans, the Fundamentalist Christians, and so on, as problematic; however, not bright enough to see that the left-most Democrats, the politically correct, the gender-feminists, …, are just as uninformed, irrational, dangerous, and otherwise problematic.

Looking back at the posts I did write, I want to repeat that this is not an ideal situation: Disaster was averted, but chances are that Trump, as the lesser of two evils, will prove to be a genuinely bad President—it is just that the alternative would with a high degree of probability have been even worse.

On the down-side, looking at the problems with democracy and its current failure, the victory of Trump could actually be the stronger side of that failure, with his extremely populist take. On the other hand, it is a positive sign that someone in no way established as a politician, and certainly not a professional politician, could win.

As for those who wanted Hillary Clinton because she was a woman, because it would be high-time to have a female President, or similar (all idiotic reasons to elect someone), they should take comfort in it being far better to wait a while longer and then get a woman who is actually worthy of the job. Someone like Hillary could, in a worst-case-scenario, have set back the chances for other women by decades. As a Swede I can point to a number of absolutely disastrous women, far worse than Hillary, who have been brought to the fore despite their lack of competence and other suitability to provide the female candidates the feminists cry for—and who have done exactly such damage. The single best example is likely Mona Sahlin, who came very close to becoming the Swedish Premier, but who also was deeply, deeply stupid and has repeatedly been caught in various, if minor, corruption scandals. In contrast, those women who have made it to the top without a significant leg up or with being a woman as a major selling point, like Thatcher and Merkel*, have done women a favour through actually proving that there are women who can do the job as well as the typical male Prime Minister resp. Chancellor.

*Notwithstanding that my opinion of Merkel has dropped considerably over the last few years.

As a side-bar, it can be interesting to briefly compare Bill and Hillary, especially because part of my aversion to Hillary is Bill’s Presidency and a wish to keep the Clintons in general (but Hillary in particular) out of the White House: Bill was a lesser evil than Hillary for at least two reasons (if we otherwise consider them fungible, which is likely unfair to Bill) in that firstly he had considerable relevant practical experience from his time as Governor, while Hillary had a gifted Senatorship and otherwise was the Governor’s/President’s wife; secondly his Presidency interrupted a long period of Republican dominance*, while Hillary’s would have extended a Democrat reign.

*One of my main observations concerning democracy, and power in general, is that it is a bad thing for a specific individual, party, organization, … to have great power for too long. Reasons include a growing risk of corruption, people confusing who they are as persons with their official roles, lack of new ideas, and too much resistance to change. Correspondingly, it is good when another party wins an election every know and then, even when otherwise the worse choice. For Bill, the last Democrat was twelve years back and the Democrats had had four of the last twenty-four years. For Hillary, she would have extended a Democrat streak to at least twelve years and twenty out of the last twenty-eight.

Written by michaeleriksson

November 10, 2016 at 11:27 pm