Outfoxed and trust networks, revisted

I think everyone should revisit Outfoxed, if you’re interested in a truly interesting new approach to bookmarking and web browsing that actually takes advantage of all this “Web 2.0” hype and nonsense.

I just mentioned this to Free Coders on the mailing list yesterday.

The application of “trust-based networks” is very wide. I think it’s the “trust” factor that makes eBay successful (perhaps even viable!). New services like Pandora and Last.fm recommend music by trusting that users who rate music are being honest. eBay users buy from trusted sellers by assuming that those who rate the sellers are honest. These assumptions may be fallible, but they’re better than nothing. And it’s only natural that this trend would spread to web browsing.

I think trust networks should be applied to political organizing, both to reduce risk of people showing up just to start trouble, and also to enhance the perceived value of a meeting based on the combined trust of its attendees. I’m going to think about this a bit more in the next few days.

(Meanwhile, I got in touch with Runar from the Google talk with Alex Martelli, who is working on an awesome library for Python called sqlstring. Check it out. I’ve also been thinking about expanding on my earlier ideas on Python inferred types; we’ll see if I find the time.)

Found out how I got hacked originally

I run a tool on my server which creates charts based on basic server vitals, like free disk space and CPU load averages.

It’s called cacti, and it’s great.

Except, apparently this security hole allowed the hacker who originally broke into my server to get in. He was able to execute arbitrary commands via the good old URL string hack. (He did the same thing as is described in there: wget’ed his own script which added a new user for himself and added him to sudoers, and then connected via ssh).

In my latest upgrades, I saw that this cacti bug’s been fixed.

Scary stuff. Computer security, these days. How does a php script have code which can run an arbitrary command? My Java Servlets never have a way to run command line apps by way of specific arguments in the URL string. Sigh. In *nix we may have [basically] all-or-nothing security (that is, if you discount ACL support)–but knowing this, please prefer “nothing” to “all”, for crying out loud!

Corporate obligation to shareholders

Here are some interesting viewpoints on corporate obligation to shareholders. One comes from Jeff Darcy and the other two from Mark R. Kleiman.

Before reading this, you should introduce yourself to the nice debate going on in the blogosphere right now on corporate responsibility, sparked by this post.

Here is Jeff’s response.

His [Mark’s] approach is reductio ad absurdum, but I think there’s an even more important flaw in Friedman’s reasoning. This flaw is the all too common assumption that “money is everything” and therefore any value not represented in monetary form is irrelevant. In this case, this leads to believing that people invest only based on (direct, short-term) monetary return, but that’s simply not true. When people buy stock, they do so based on a certain assumptions. They assume that certain legal and moral restrictions are applicable to what the company does, and they invest based on that assumption. This is particularly true of “green” or socially-conscious investors, who might be making decisions based as much on a company’s image or reputation for ethical behavior as on their purely financial performance. In a sense one might say that such investors have monetized their morals by making such investments, but that doesn’t mean they’ve given up those morals forever in return for profit. Presenting such an image and then acting in a wholly different manner is a form of fraud, and unconscionable. The same principle applies to every company and investor, though usually to a lesser degree. If the moral justification for what companies do is fulfillment of shareholder expectations, then expectations other than profit must be considered.

There’s an even more fundamental problem that shareholders do not adequately represent the interests of all who are affected by a company’s actions, and that those others deserve consideration too, but that’s probably best left for a future article.

I think what Jeff has to realize, however, is that the issue here is the morality of proximity. People feel moral obligations to things that are close to them, either physically or sentimentally. I feel moral obligations to homeless people I see on the street in front of me, but don’t feel as much of an obligation toward, say, sweatshop workers in Malaysia who are abused by their managers. Despite any of my moral principles, despite what I think and know to be right, I still end up buying clothes and things made by those sweatshop laborers, or I continue to buy products whose production destroys the environment.

Even if I had all the information in the world, say I knew Gap abuses its workers, and so I knew if I bought a Gap shirt I would be supporting a business that abuses workers. But then things get complicated. The shirt is already made. The abuse was already done. My buying the shirt doesn’t actually abuse workers. I am just buying a shirt. I need a shirt, its price is right, I’m buying it.

We can’t expect ethical principles to just come to us by people boycotting industries that subvert them. Imagine if the abolitionists, rather than forming a political party and trying to get slavery outlawed, simply said, “We will convince everyone not to invest in these companies, and to not buy these goods.” Do you think this kind of boycott would have really succeeded? Do you think without the understanding of basic human moral principles that went along with the abolitionist movement, we would have advanced past that dark part of our history?

Slavery exists today. People are indentured servants in other countries, working for outposts of American companies. I agree with both posters that laws cannot be made for every moral principle. But no one has mentioned that we aren’t asking for laws for every moral principle. We’re asking for laws for all the most basic ones that relate to labor, the environment, etc., such as not being abused in the workplace, and not polluting our precious ecosystems.

As a shareholder, I continue to invest in companies who may be doing morally bad things far away from me. Shareholders didn’t cash in their morality, they just don’t know the bad things companies are doing, or, if they do know, they are being done so far away that they simply don’t care.

If it were a company that abused American sweatshop labor, and polluted rivers in small-town USA, then [most] people probably wouldn’t want to support that company with their wallet. But when the labor is in Malaysia and the polluted rivers are in China, we do it because we simply don’t care about those other places as much.

An interesting piece of philosophy was written on this topic by Peter Unger. It’s entitled, “Living High and Letting Die.” Try to find it at your local library.

Mark also posted a response to the debate.

What the Friedman argument is missing, it seems to me, is a realistic idea of what shareholders want with regard to how their companies do their own business, and all sorts of good behavioral evidence shows that to be a lot more complicated than maximal money returns. Friedman is right that corporate leadership is obligated to advance the interests of shareholders, but it is also obligated to discern these interests and discover–I expect–that shareholders want to trade some possible returns for a clear conscience about environmental responsibility, decent treatment of workers, honesty in trade, and the like.

Yes, they would probably trade some of their returns for a clear conscious. But how about we get to the heart of the matter: shouldn’t American companies be held responsible for immoral actions they do outside of the United States? Don’t we need to come to a global understanding of the rights of workers to healthful working conditions, to a work/life balance, to less abuse? Don’t we have to come to a global understanding that harm done to the ecosystem in China does affect all of us, and shouldn’t we try to do something to stop these companies from ruining our Earth?

Shareholders are just in to make a buck off their investment. They’d prefer it be done in a way that leaves their conscious clear, sure. But we can’t expect shareholders to save the day when it comes to enforcing our society’s (that is, this one, global society’s) minimal moral standards. We need to use our power as a democracy to control these authoritarian structures, even as they hop around the globe trying to avoid any confrontation by going to places with the least restrictive set of laws.

False alarm

I thought my server was hacked this weekend, but I think in reality someone on Peer1’s network took my IP address by accident, caused an IP conflict, and because I detected ssh running on a non-standard port, I assumed I had been rooted. In fact, when I returned to my machine today, I found no such rooting, and chkrootkit reported nothing. What really freaked me out was that I found vsftpd running on port 21, but wouldn’t accept any of my usernames/passwords, so I really assumed I had been rooted. But here I am, and nothing has been changed.

Whew, I guess?

Talk on Outsourcing

I recently gave a talk on outsourcing for Computer Advocacy @ NYU, entitled:

“Offshore Outsourcing: Roots in Corporate Power.”

It was meant to be an introduction to the subject, to precede the film screening we had of Greg Spotts’ “American Jobs.” I’ve posted the talk’s slides to my web server in SXI (27K) and PDF (212K) formats.

In the talk, I tried to show how outsourcing can be seen as stemming from the gradual ascendancy of corporate power in the world, beginning with the first laws enabling corporate personhood to today, when corporations pit governments against one another for who can provide the least humane economic regulatory system (which are then spun as “pro-business”–think, for example, of China’s inexistent environmental legislation, and how many high-pollution businesses have moved their shops there).

When corporations first gained rights as legal persons, they began to win cases in which they secured their right not to be regulated, and then began to win ideologues with a vision of the corporation which freely moves around the world, hiring all the labor it can find. Key to this vision, however, is that governments are helpless and defenseless–that they should not have the power to regulate corporations, since any such regulation creates an unfair situation in the global neoliberal “free market.” I try to make it clear that the end goal of this experiment is a global corporate state, in which labor laws and life/work balance simply doesn’t exist, as we all strive to be “more competetive” for corporations whose urge to lower cost will never disappear.

p.s. check out the book mentioned in my talk, Gangs of America by Ted Nace.