BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Strange Loop 2016 Recap: Safeguards against Government Hacking, Plus Clojure and Java 9

Strange Loop 2016 Recap: Safeguards against Government Hacking, Plus Clojure and Java 9

This item in japanese

 

The 8th Annual Strange Loop returned to St Louis, Missouri, Thursday (September 16-17). The conference kicked off with an opening keynote from Amie Stepanoich. Stepanoich is a lawyer in Washington D.C. with Access Now. Access Now defends and extends digital rights of users at risk around the world.

Stepanoich walked the sellout crowd through the dangers and risks of uncontrolled governmental use of hacking. She grouped hacking into three broad categories: messaging control (hacking to control the message seen or heard, specifically to a particular target audience), causing damage (hacking to cause some degree of harm), and surveillance (hacking to compromise the target in order to get information, particularly on an on-going basis).

She discussed that while it may not be possible to completely stop all governmental hacking (as we might like in each of those three categories), she proposes we can do something about how governments perform surveillance operations.

Access Now proposes 10 safeguards that could be enacted to provide a greater degree of protection for human rights as related to governmental hacking. The safeguards start by establishing a law that provides clearly written rules and narrowly defines when hacking is authorized by government (Safeguard 1). With those laws in place, she argued the following steps should also be undertaken:

  • Safeguard 2: Governments should have to explain why it's necessary to use hacking.
  • Safeguard 3: Governments should be forced to identify which devices are being targeted (over what time) and not allowed to collect extra information unless specifically defined.
  • Safeguard 4: Judges should be provided with technical experts to better understand what is asked during hacking operations.
  • Safeguard 5: Transparency must be adopted where the government informs targets of potential surveillance.
  • Safeguard 6: Government should be forced to monitor the tools they deploy.
  • Safeguard 7: Government should never be allowed to compel private entities to modify or adopt software for the purpose of increasing their ability to break security.
  • Safeguard 8: Government must review information collected outside these rules and report on methods to prevent it from reoccurring in the future.
  • Safeguard 9: Extraterritorial government hacking should not occur absent authorization under principles of dual criminality.
  • Safeguard 10: Governments should not be allowed to stock vulnerabilities for future use, and governments should disclose all vulnerabilities discovered or purchased.

Stepanoich's group Access Now is working to raise the public awareness and force this conversation at all levels of the government. To learn more about Access Now and Amie Stepanoich's work, visit accessnow.org. You can also view the full presentation online at Strange Loop's Youtube channel.

Some of the other sessions found at Strange Loop 2016 included Stuart Halloway (@stuarthalloway), Julia Evans (@b0rk), and Simon Ritter (@speakjava).

"It's better to have a large number of functions that all work on a single datatype than to have a lot of disparate functions that work on specific datatypes."

Stuart Halloway (a Clojure committer, frequent conference speaker, and founder/president of Congitect, Inc.) spoke about Agility & Robustness: Clojure spec. Halloway's talk focused on how, as a developer, he wants code that is correct, agile, and robust.

Discussing the strengths of Clojure, Halloway paraphrased Alan Perlis by saying: “It's better to have a large number of functions that all work on a single datatype than to have a lot of disparate functions that work on specific datatypes.” He demonstrated how Clojure's use of pure functions, simplicity, immutable data, and systemic generality help him with his desire for correctness, agility, and robustness in software.

While praising the ability of Clojure to provide generality, he noted that as developers, we work with specificity (something people from statically typed languages often struggle with when first coming to Clojure). Developers have a need to reason about abstractions in the domain they are working in.

In response to this specificity need, the Clojure community created Clojure spec. Clojure spec is a way of embracing only the degree of specificity you need in your applications without giving up the generality Clojure offers you. “Clojure spec is a standard, expressive, powerful, integrated system for specification and testing.”

 

Halloway spent the remainder of the talk discussing how spec lines up with more traditional ways to gain correctness, agility, and robustness. He ended with a few code samples and explanations on how to apply Clojure spec to your use cases.

One technical session which was extremely well received at this year's Strange Loop was given by Julia Evans (@b0rk). Evans works on Machine Learning systems at Stripe and is particularly well-known for the zines she writes and publishes on Twitter.

Evans' talk dove into some of her favorite operating system tools to help developers understand what their programs are doing.

 

Tool illustrations from her zine can be found on her twitter feed and include topics focused around strace, wireshark, perf, ngrep, ps, and netstat.

In her presentation, Evans asked three simple questions then showed the audience how we could use some of these simple tools to find answers. She explored the use of each tool in a highly entertaining and extremely informative talk on core tools every developer should be familiar with.

The conference also featured Simon Ritter, Deputy CTO of Azul (@speakjava) discussing Jigsaw.

Jigsaw is the new Modularity feature of Java 9. Modularity promises the ability to create flexible runtimes for your applications without the need to include all 4,000 classes now part of the JDK. It's a promise to get back to lighter, more flexible, and faster executing code. In his talk, Ritter went through the motivations for modularity, how it will be accomplished, the dependency graphs, and showed samples of building your modules.

 

Additionally, in his talk Project Jigsaw in JDK 9: Modularity Comes to Java Ritter covered six incompatible changes that will be removed from the JDK9 to support modularization (these six changes to the SDK are needed to allow the SDK to be broken into related classes and grouped into modules), and how scoping will work in Java 9. Each of these two items has the potential to break your code if not correctly understood.

To learn more about Stuart Halloway's session on Agility & Robustness: Clojure spec, Julia Evan's Systems programming as a swiss army knife, Simon Ritter on Project Jigsaw in JDK 9: Modularity Comes To Java, or Amie Stepanoich's talk on Government Hacking and Human Rights: The Why and the How, make sure you visit Strange Loop's website or the conference youtube channel to watch each of these sessions. In addition to these sessions, you can find each of the over 60 sessions also online.

Rate this Article

Adoption
Style

BT