Security

Simplifying systems is the best security

All else being equal, the simpler solution is the most secure. Chad Perrin explains the tactics that can be employed to simplify systems.

All else being equal, the simpler solution is the most secure.


The more code we write for a given software system, the more opportunity there is for bugs to creep into the code. That opportunity for more bugs results, statistically, in a simple relationship between source lines of code and bug counts: more code, more bugs. Because many (if not all) bugs can be exploited as security vulnerabilities, the amount of code in a single software system can have a significant impact on the security of the system.

Adding features to a software system, regardless of the number of lines of code needed to implement those features, can also increase the opportunity for bugs to arise. This is because the interactions of different pieces of functionality in the system can sometimes have surprising effects, particularly when those features are heavily dependent upon each other. Such danger increases as the features become increasingly parallelized, because multiple features can be dependent upon the behavior of a single feature at the same time -- and can also influence the behavior of that single feature simultaneously, thus having unplanned influence on each other through that common dependency.

In addition to the strictly technical security consequences of complexity, there is also the problem of our ability to understand complex systems. The greater a system's complexity, the more difficult it is for a single individual to understand all the ways different parts of the system might interact with each other. When such interactions between the parts of a system are not fully understood, the people whose job it is to maintain the system will not be cognizant of the security implications of those interactions, and will thus be unable to properly address such issues.

Simplification, then, is an important security strategy. There are a number of different tactics that can be employed to help simplify systems:

  • Minimal Design: Resisting the urge to add features to a system can be difficult, but the rewards of such resistance can be measured in frustration and difficulty avoided. When considering whether to add additional capabilities to a system, consider whether they are actually needed or merely wish-list items that may never be truly useful.
  • Modularity: In cases where a single system might have a multitude of uses, and those uses may involve local implementation of the system, the ability to pick and choose which parts of the system to include in a local implementation can help keep that specific use of the system as simplified as possible. For this reason, breaking the system into "modules" that can be included or excluded as needed helps serve the needs of more users without as much of an increase in complexity in practice as one could expect from just including every possible piece of functionality in a single whole system such that they cannot be left out when they are not needed.
  • Separation of Concerns: Separating functionality into discrete parts that do not directly interact can help minimize the complexity of the system. This is often known as "separation of concerns". By increasing the independence of parts of a system, dealing with the management of each part becomes easier without accidentally exposing the system to unexpected security issues.

An essential statement of what is often called the Unix philosophy is "do one thing well". The idea is that each tool in the system should ideally be designed to do only one thing, and to do it well. When more than one thing at a time needs to be done, multiple tools can be used together to achieve the needed complexity, so that such complexity does not become a permanent part of the system itself. The design of Unix and Unix-like systems offers simple mechanisms for automation and creating ad-hoc, temporary connections between discrete tools, so that a policy of making single-purpose tools that can be flexibly made to work with other tools to accomplish more complex tasks is well supported and encouraged.

It may not be a silver bullet for security, but such an approach to keeping the system simple covers all three of the above bullet points for simplifying systems: minimal design, modularity, and separation of concerns. As such, the security benefits of the Unix philosophy, which exhorts us to make software tools that "do one thing well", should not be ignored.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

91 comments
emenau
emenau

Only an intelligent fool makes things more complicated.

AlexMotto
AlexMotto

Develop dynamic stream for 64 bits and more,acomplished to the XP OS,forget the more of 52M lines of code of Windows 7,debug,if possible,the original XP ... and accomodate it for your needs.... External(dynamic) memory management,"artificialy linked" to your open OS__ something to consider when new hardware possibilities arrive and quantum programming will be "the new standard" .... (AlexMotto)

bus66vw
bus66vw

would be a single speed pedal bike with a coaster brake system is simpler than a ten speed with cable brakes. The simplicity of of the single speed pedal bike, your argument, is very appealing until you need to go up hill or want to achieve greater speed. I think what you were trying to get at is "bells and whistles" just add weight and slow you down. However, the problem is more to the point of the market side of the issue. The issue being the more your app does (per the box, the more bells and whistles), the more likely it is to sell.

JCitizen
JCitizen

It would seem, with Win7, that Microsoft is slowly leaning toward this goal?! Not knowing the source code regardless. I fear application developers are hell bent to disregard this set of rules, for the assumption that today's powerful hardware will make up for poor coding. My new PC is the fastest one I have ever owned, but I have a feeling that will be negated soon, by application requirements. The only thing holding them back is the market reaction to poor security; they do seem to be listening. [Finally!!!!]

Ocie3
Ocie3

One of the fundamental rules of computer programming is the KISS Principle (Keep It Simple, Stupid!). It seems to have been forgotten by the committee that designed and implemented Thunderbird 3.0, though. Be that as it may, keeping it simple is not always so easy to do. Having many simple programs, each of which does one thing well, works for UNIX, but I'm not so sure how that would be applied, for example, to an avionics operations and control program. Some systems are not inherently simple, and are not readily broken-down into simple "modules". Consider climate modeling, for example, a natural system in which the attributes of every part influence every other part. Or creating a model of the US economy so that you can see what effects a change in taxation, safety regulations, technology, etc. will have.

Neon Samurai
Neon Samurai

"Things should be as simple as possible, but not more so." -- approximate quote It's amazing how much software manages to hit both these extremes though. Make the system far too complicated while oversimplifying the appearance of security for the user.

Ocie3
Ocie3

Quote: [i]".... However, the problem is more to the point of the market side of the issue. The issue being the more your app does (per the box, the more bells and whistles), the more likely it is to sell."[/i] In other words, the more features, the more likely that more people will find the software likely to be useful for them. We encountered the same problem with in-house development, where the people we were expected to please were the ones whose ideas we ordinarily solicited, and seriously considered, while creating the specifications that the application(s) would meet. Even if the program(s) had all of the features, fully implemented, that their users wanted, just using the new program(s) would give them new ideas as to what could be done, and as to what they would like to be done "in the future" ([i]i.e.[/i], right away). Of course, the first revision was usually almost all "bug fixes". But version 2.0 would contain new features, most of which were not even conceived during the original specification and development process. Additional elaborations and variations on one or more original features were also common, [i]e.g.[/i], saving the output in more than one file format. Soon, the program(s) became increasingly complex. More time and effort became devoted to making them work right [i]after[/i] the introduction of new features, than was spent to develop the additional features. There was almost always at least one important aspect of the program(s), and/or of the context in which they were executed and/or in which they were used, that was initially overlooked. As one of my instructors put it, "A clean compile is only the start of your problems!"

bboyd
bboyd

Each gear of a ten speed is a module. Each is visible when a tooth breaks and can operate potentially in isolation. The brakes are modules also. I can remove the brakes if I so wish. Same with most any component on a bike Each is simple and does its own job. I can replace each with alternates for special uses or just for style. yes a good road bike needs most. However if weld each thing in place and include three special horns, a side car, a spare tire and a redundant brake system. none of which have obvious removal methods you will not win any races.

apotheon
apotheon

Having many simple programs, each of which does one thing well, works for UNIX, but I'm not so sure how that would be applied, for example, to an avionics operations and control program. Nor am I. Then again, I don't know much about avionics operations and control software, so of course I wouldn't know how this principle would be applied there. Consider climate modeling, for example, a natural system in which the attributes of every part influence every other part. Or creating a model of the US economy so that you can see what effects a change in taxation, safety regulations, technology, etc. will have. We're no longer speaking of merely complex systems at this point, and have started discussing Complex Systems, an area of some interest to me (I capitalized in the latter case to differentiate the formal usage of the term from the colloquial usage). Of course, there are theories of complex systems that hold that such systems are complex not in their definition, but merely due to the interactions of the simple parts that make up the whole. A praxeological approach to economics, for instance, decomposes the complex system of an economy into fundamental principles that can then be used to produce the same emergent properties of the natural complex system through analysis. The difficulty is not in correctly modeling the system (given enough processing power), but in correctly identifying the principles that give rise to the system as it is generally perceived in practice. Of course, praxeology (primarily represented by the Austrian School) is regarded as a heterodox theory of economics, whereas the orthodox approach is largely divided between the Chicago and Keynesian Schools of economics, so you'll probably find many who disagree vehemently with the notion that economics as a complex system can (even in theory) be deconstructed to identify principles that could then be used to predict emergent properties of the system when it is reconstructed, given a particular set of conditions. Interestingly, the difference between praxeological and neoclassical + Keyensian economic theories appears to me to be roughly analogous to the difference between a belief that motivation and reason are important in psychology and a behaviorist approach in the Skinnerian vein. Considering Skinner was, in my estimation, basically doing his best to justify authoritarian Evil with a capital E, I bet you can guess where my sympathies lie.

AnsuGisalas
AnsuGisalas

Have you noticed how the involvement of complex entities (ie. lots of near-similar people) always trips up intent to KISS? KISS seems to be only suited for a single-user domain (autocratic, monarchic, papal, tyrannical...), but could it be reconceived for a multi-user domain (like, society, the world, anything beyond an old dude whittling idly in his back yard shed)? It would probably need to iteratively parse everything to translate "too complex" into "not-too-simple". Ultimately however, as a lawyer can tell you, the rules of society defy most simplification. The rules have to be precise, but still understandable, so it turns into a sematics vs. linguistic processing optimization. And that's difficult, you can verify that with any browser-based translation engine...

santeewelding
santeewelding

The scientific study, parameters all in a row, that reveals a whole world of results that blow the initial parameters all to hell. Back to the drawing board. Is that what you are trying to say?

bus66vw
bus66vw

Normal end users can't remove code or disable application code, no welder I'm I. You seem to be finding the trees but not the forest. If it won't sell than there is no point to it.

Neon Samurai
Neon Samurai

Your breakdown of the analogy is dead on. With modular component parts, I can assemble my bike for bush riding with breaks, suspension, extra parts and other heavy addons. I can also assemble my bike for velodrome riding; no brakes, only required parts for steering and drive, selection of each part based on specialty need (light strong frame, minimal pedal surface area, minimal spokes... (with the number of working bikes I've assembled from multiple older non-working bikes.. I'm surprised that this analogy hasn't come up before)

pgit
pgit

[I] disagree vehemently with the notion that economics as a complex system can (even in theory) be deconstructed to identify principles that could then be used to predict emergent properties of the system... not ;) In addition to the "Austrian" line of thought, I found the works of Merrill Jenkins to be a worthy foundation upon which to totally alienate myself from the vast bulk of my society...

apotheon
apotheon

If you keep your perspective, you can see the parts that make up the whole -- and recognize that the complex whole is just the result of the interaction of the parts. "Society", as the key example, is made up of individuals. People who think only about the complex system (society), have lost sight of the most important factor -- the individual people. Anyway, it's not about simplifying things until they're too simple. As Einstein put it, make everything as simple as possible, and no simpler.

Ocie3
Ocie3

large societies today are composed of a wide array of [i]disparate[/i] "entities", whether individuals, families, clans, associations and other organizations, etc. Such complex societies only exist because these entities are willing to ignore some of their unique needs, desires, hopes and plans in order to fulfill other needs, desires, hopes and plans by cooperation with other entities who/which are willing to also make similar sacrifices for the same goal. "Too complex" implies that we have not learned enough to understand that to which the adjectival phrase applies, which may be something that is our own creation. With regard to computer software -- we should include hardware design, too! -- KISS does seem to work very well with the "structured programming paradigm". I don't have experience with the "object-oriented paradigm" so I don't know whether KISS is readily applicable, although from my conversations with OOP programmers, I suspect that it is. What the KISS Principle really means is "Do not make a computer program any more complicated than it needs to be." For example, it shouldn't require six months and 10,000 lines of code to sort a deck of 52 cards into four suits, each with 13 cards ranked by numeric value with the King, Queen and Jack at the head of each list. Although that depends on the instruction set of the "programming language" that you are using -- maybe you need a better tool, and a better machine, to perform the task more effectively. What I've read about "quantum computers" has been rather interesting. Somehow, it does not seem to me that they will be anything like our Turing machines.

AnsuGisalas
AnsuGisalas

When he started work, they used mechanical calculators. That blows my mind: Just fifty years ago mechanical calculators fundamentally like the ones of Newton, Leibniz and Babbage were the fastest way to do information processing, with punch-cards and all that. The abacus and counting-stick haven't been collecting dust very long. And now everything's different... at least until we run out of power plant fuel :p

Ocie3
Ocie3

computer-to-computer communications and networks were just beginning to be adopted, and "computer scientists" were researching network models, client/server among them. I did not become involved in "systems" development, neither with regard to hardware nor with regard to software ([i]e.g.[/i], operating systems), because I was not an engineer and "computer science" was in the process of being invented by academics of different backgrounds. The latest Winchester (disk) drives held 1 MB of data and cost more than $35,000 each. The typical mainframe had at most 1 MB of RAM. (There was no such thing as a microcomputer, AKA "PC".) My education and training were characterized as "electronic data processing" (EDP). So, my work was simply developing applications, [i]i.e.[/i] actually using a computer system to produce information for use in the conduct of the enterprise and its management. Ordinarily the input began with data-entry clerks transferring data from source documents ([i]e.g.[/i], an application for a loan) to Hollerith cards (produced by key-punch machines), which were "read" by a machine that stored the data on tape. When an application ran to process the data, the mainframe running the program read the data from the tape, of course, and the program's output was usually both to yet another tape and to large, chained sheets of printed text called a "printout", usually in the form of a "report" or maybe a "log" of transactions. For one of my employers, there was an application which a couple of colleagues and I modified to run on a mainframe with [i]real-time input[/i] to the program [i]via[/i] a network of "terminals". One of them was a "systems programming" engineer who served as liason with the folks who administered and operated the overall "computer system" [i]per se[/i]. Our design and implementation was a novel approach to using a computer system(!). The cost to keep the program and equipment running 24/7 was in$ane but it was nonetheless cost-effective with a decent ROI. Actually, at the beginning, all applications were "simple", compared to the complexity of a program such as Excel, Word, or Adobe Acrobat. By default, we adopted the idea of having a program "do one thing well", but perceptions differ as to what comprises "one thing" (not to mention "well"). For example, for Financial Accounting, there were dozens of applications: Cash Journal, Inventory Management, Accounts Receivable, Accounts Payable, Payroll, etc. The challenge was keeping them all "on the same page" to form a coherent and internally-consistent [i][b]accounting system[/b][/i] that satisfied financial accounting standards and various laws and regulations. (Don't get me started!) With respect to Payroll as an example, the first version just calculated how much each employee would be paid after deductions from their gross wages or salary. Some employees were paid bi-weekly, others monthly. The stub for the paycheck would also report some or all of the data that was used to calculate the net payment, such as how many hours or days were worked, the wage or salary rate for the pay period, deductions for FICA, Income Tax withholding, medical insurance premium co-payments, etc. (There were many more calculations and data items than those even back then!) Payroll version 2 produced quarterly reports for each employee that repeated such data in a "report" format, with totals for each column, and an annual report that did the same thing, but for the whole year. It could have been written as a separate application, and if memory serves, eventually it was removed from the Payroll program and combined with another application to form a "reporting" application. (I don't know what version 3 had, because I worked on other applications for other departments when it was developed.) Before I left to work for another firm, I had already completed the design for a separate "managerial accounting" application which, among other things, projected personnel increases in each of the firm's departments, increases in wages and salaries, and, of course, the projected totals. A subordinate was coding it when I left. At that time, most of the "features" in your "for instance" simply did not exist and were not on the drawing boards. EDP was a novelty, and both managers and those whom they managed were still getting used to the idea of how to apply it (some did not want to use it at all!) to what they did to manage and to conduct the work of the enterprise. At that point in time, the array of applications that are commonly used in businesses today were generally neither forseen nor forseeable. For example, individual employees never had "access" to any payroll data, unless that was required to do their job in the Accounting Department Payroll Office. The person(s) who possessed the printouts on which the data was reported had "access" to it. No one had access to the data on the tapes, only the programs which produced the printouts. The advent of microcomputers basically made the mainframe obsolete, although we still have "supercomputers" which are primarily used by scientists and engineers. I've heard that some have been used to run complex financial and economic modeling software, too. Regardless, the use of "PCs", especially in LANs with the client/server model, radically altered "EDP", not always for the better. But that is a subject for some other discussion.

apotheon
apotheon

A question you may want to ask yourself as you find yourself incorporating ever-greater piles of features into an application is whether what you're creating should actually be all one application or not. Should it, perhaps, actually be two or three different applications? Should it perhaps take on a client/server architecture, where a back end manages all the behind-the-scenes stuff and a couple of applications provide user-facing functionality for different workflows? For instance . . . if you find you have a tremendously complex payroll application because you need to be able to provide people with personalized payroll histories, payment modeling based on potential benefit deduction and tax withholding choices, and a good authentication system to ensure that people only have access to their own data, plus data aggregation and analysis, budget reconciliation, and expenditure analysis for each department head, you should consider breaking out those first three features into a payee application and the last three into an accounting application, both of which act as clients to a back end server application.

santeewelding
santeewelding

Yes. I have developed a payroll program, in the old-fashioned way, aware all the time that it was subject to programming. Old man: you have nothing on me. Quit the facade.

Ocie3
Ocie3

You can Keep It Simple (Sometimes) in the beginning, but the users will not let it remain simple because at least some of them will [i]want[/i] you to keep adding new features as "improvements". Then there is the challenge of keeping the program "up to date" with changes in business practices and policies, laws & regulations, etc. Just develop a payroll program, and it won't be long before it will all become clear to you. :-) At some point, perhaps you can go back to the drawing board, but remember a Greek philosopher's admonition, "You cannot step into the same river twice."

JCitizen
JCitizen

If I were just not such a poor salesman, I could get them on FOSS. For the very few that have, they never call me anymore, and I'm glad! Only problem is, they know more about FOSS than I do, because I'm too busy fixing Windows problems. I must admit, though, I rarely visit a Vistax64 client twice. I figure Win7x64 should be even less. I can find plenty of projects I'd sooner do than fixing Windows; although I do like helping people.

Neon Samurai
Neon Samurai

I'd say that if it where not for Microsoft, we would not have such a bustling Windows related security industry and such high billable return visits to customers. I'd happily take a cut in the job market and security related visits in exchange for improvements which benefit the users and focusing my skill on new system setups instead of cashing in on return visits for the same old five tasks.

bus66vw
bus66vw

let alone open an app as an Administrator to get those options they wanted changed to stick. IMHO, most "normal users" are afraid to change the defaults no matter what you call it. Once a "normal user" gets over the fear and makes option/configuration changes, they do an update and find the default settings have returned (example HP printer software update) or they just re-boot their computer and find that the default settings have returned (example Norton 360). Have you ever tried to talk a client through the Adobe Flash Player Setting Manger? Back to the original article, even with the options changed the code with the hole in it still remains. If any event triggers the option/configuration changes back, than the hole returns. But back to my point, the more your app does (per the box, the more bells and whistles), the more likely it is to sell. If it won't sell than there is no point to it. This is why Microsoft, the camp of all hole-ly apps is so profitable/marketable. Nobody is perfect like Microsoft. If it weren't for Microsoft, IBM, GE, and Ma Bell there would be no need for IT services.

Ocie3
Ocie3

can enable or disable options for using a computer program(s), just don't use the word "configuration" or they are likely to become afraid to change the defaults.

JCitizen
JCitizen

I feel better then! Thanks Neon! :D

Neon Samurai
Neon Samurai

As a seriously contrasted bike assembly compared to the velodrome racer or general use bike in the first comment; I'd say it's not that far off topic though it joins a thread that may be close. ;)

JCitizen
JCitizen

700lbs capacity, heavy gauge spokes and wheels and four of them, keep it at 55psi each. 36 speed with positrack rear end. MAN am I OFF TOPIC or what!! The rocks really fly when I peel out!

apotheon
apotheon

See them as individuals working together -- not as some kind of group entity. That is, in fact, how decentralized terrorist organizations do so much better against larger, more powerful organizations; they exploit the tendency of those larger organizations to think of the terrorist organization as monolithic, rather than as a collection of individuals.

apotheon
apotheon

There is no silver bullet -- so I can't give a blanket solution for all simplified design problems.

AnsuGisalas
AnsuGisalas

I'd say that initial design is one thing, but in a long lived system, even one that starts simple gums up when it tries to cope with change without a total rewrite once in a while. That was sort of the point in the dynamic self-applying KISS post above... how to keep it working without building new crap on top of old crap in complex ways. So, still wondering how your implementation would work, do you suggest compartmentalization? External modules for specialized tasks?

AnsuGisalas
AnsuGisalas

All I'm saying is that it's different to realize that there's an organized search party on your heels than a similar amount of individuals each working alone. It's relevant to see them as a group, because they can do things as a group that they could not do as uncoordinated individuals. It's tactically always an advantage to reduce the enemy to individuals, that's what so called decapitation operations are all about, as well as attacking comms. At least with regular forces. Al Qaida shows a degree of disorganization and compartmentalization that makes them difficult to take on with regular means, but that's just a question of finding the right spoon for the job.

apotheon
apotheon

A well-designed system should generally be composed of a simple, elegant set of components that account for the complexity of what it models by virtue of the emergent properties of the system when its components interact. This works because the naturally arising complex systems these artificial systems are meant to model are "complex" only in the interactions between their components, and the design of the artificial system should therefore mirror that complex interaction between components. It should not try to embody the complexity of interaction in the static design of the system in the first place. A component for every possible interaction is not only bad design, but effectively impossible to design into a system. It is, however, exactly how far too many man-made systems are approached in the design phase.

apotheon
apotheon

Individuals that sign over their self-determination to others do in fact become less significant, just as the recipient becomes more significant... at least until you can free their minds They do not become less significant. It is only their wills that become less significant when they shackle their minds to another's will. Individuals still make individual errors, both in judgment and in execution, for instance. Individuals are also still individuated in their competence. Individuals also continue to exist within individual contexts, serve individual roles, enjoy individual lucky breaks, and suffer individual ill fortune. Perhaps most importantly, they also have their own individual limits to how much of their individual wills they are willing to sign over to others, and sometimes those limits might be exceeded by commanders of their army. A general who does not take note of the fact he commands a collection of individuals runs the risk of mutinous resistance from within his army's ranks due to that oversight. No matter how much you might find it convenient to think of an army as having no individuality amongst its component soldiers, that individuality still exists, and has a very real effect on how effective that army can be in practice, depending on how its commanders direct it. I've been in an army. I'm quite familiar with what it's like to be an individual soldier in such an organization.

AnsuGisalas
AnsuGisalas

So, if there is an army of terrorists hiding in the mountains, is their coordination and collaboration irrelevant? They are after all individuals. I just think you underestimate the relevance of metastructures and macrostructures. An army is relevant as being an army, because it modifies the significance of the individuals capable of directing that army. Individuals that sign over their self-determination to others do in fact become less significant, just as the recipient becomes more significant... at least until you can free their minds

AnsuGisalas
AnsuGisalas

That the system should be simple, but allow for complexities? That's hardly new, they mostly start out that way. How to stop the system from gumming up, that's the problem.

pgit
pgit

well, one black eye on Rod Stewart... too bad it's like one of 3 songs the masses ever hear of the guy. Talk about wrong impressions. Anyhoo, staying 'young' in mind and spirit is the natural order of things. Contrary to what you expect in your youth, your mindset and outlook on things doesn't change in any significant way except to the degree it's shaped by experience. The mistake people make is looking at someone who is "old" today and assuming you will "become like that," but that person was born in a different time, with different prejudices and lived under a different bombardment of "culture," so no; you will not become like them. There are facets of your personality that are vastly more responsible for any changes you undergo than the simple passage of time. If you are closed-minded you only APPEAR to change from the outside perspective of the constantly shifting sands of culture.

apotheon
apotheon

I hope to never lose the flexibility of youth, despite my growing curmudgeonly patina of age. An old soul with a young heart; that's pretty much where I'd like to be. I think I'm doing much better at the former than the latter, in recent years.

santeewelding
santeewelding

We are at one in this. I said elsewhere, he is competently clerical, but not much else. Perhaps, he is young, as are you.

apotheon
apotheon

The fact people support current systems in no way suggests that the systems are good or simple. There were some relatively simple concepts on which much of the US government's structure was initially built, but it quickly got out of control as people started layering unnecessary complexity on top of that basic structure. By the way, systemic flexibility is a feature of elegance -- which is, itself, related to simplicity, to a significant degree. When you add complexity, what you get is brittleness.

apotheon
apotheon

The clan structures in Iraqi and Afghani society aren't more important than individuals, because it is the way individuals assign importance to clans that makes for any importance of clans at all. In short, even when you're taking account of clan relations, you're really just laying an abstraction over the motives and behaviors of individuals who are influenced by cultural indoctrination that tells them clans are important.

AnsuGisalas
AnsuGisalas

If family actions are a force that needs to be taken into account then families need to be taken into account. That doesn't mean that individuals can't also be taken into account, but take a look at how messed up Iraq got when Saddam got toppled; US-administrators failed to realize, that while clan infrastructure was (in their opinion at least) obsolete and to be discouraged, the clans did hold real power and should have been de facto have been taken into account, if progress was to be made (same goes for afghanistan BTW). If it needs to be taken into account, take it into account. Individuals are always relevant, but sometimes other kinds of structures can be (in some areas of public space at least) as important or more (in some cases open "democratic" voting for example follows pretty strict family guidance, not out of coercion, simply because "the head of the family knows best"). Try building a luxury hotel in sicily without taking the mafia into account for example. Individuals sometimes wholesale sign over ther individual rights to be administrated by others in a predictable way, when that happens it has to be taken into account by all those interacting with those people in a way to which said rights are relevant. Unwritten rules bite, but especially if you try to ignore them.

AnsuGisalas
AnsuGisalas

Ok. I see where the misunderstanding arose. Of course it's helpful not to make false assumptions about people. The systems usually do not, since they tend to keel over if they do. I just haven't seen what you suggest be done differently. Like I said, it's easy to say, but what is your implementation? More on topic BTW, take a look at the "features" of the US congress and it's subsystems... where's the simplicity in filibusters? Or in the arcane elector systems? And yet, not many americans seem wanting to change those, except when said systems are being used against their own "side" of political conflicts. So simplicity isn't apparently as important as allowing flexibility... even at the cost of dependable functionality.

apotheon
apotheon

You seem to be missing my point, which I thought I had already made clear. I'm not saying, as you put it, "the individual needs of individuals need to be taken into account". I'm saying "The simple fact that individuals are fairly certain to have individual needs that differ from those of other individuals, by simple virtue of the fact that they are individuals. It is almost tautological. We should account for that fact." See that? Account for the fact of differing preferences and so on, not for the vast sea of differing preferences, each of them individually. It's the difference between: 1. asking each of five people what their favorite colors are, and getting the answers red, green, yellow, orange, and green (again), then ensuring that there are two green t-shirts, one red, one yellow, and one orange, so everyone gets a shirt in his or her favorite color 2. assuming that people might have differing color preferences, and getting five white t-shirts and a magical instant-dying wand that can do any color you choose (Let's just assume the magic wand is at least almost as easy to get as the pre-dyed t-shirts, for the sake of argument.) One tries to take all individual preferences into account. The other just assumes that preferences might differ, and plans a generalized approach that can satisfy all of them without having to have a list of all preferences in advance. As for the notion that an individual is an abstraction, I'm going on the assumption of an empirical, non-solipsistic universe, because if we step outside that set of assumptions we're now talking about philosophical concepts that are so far off the topic of this discussion that we might as well just abandon all pretense of trying to address the original topic. edit: Santeewelding . . . you never complained before about the fact I talked to you as if you weren't a troll. Why would you suddenly object to me doing the same for someone else? Do I smell a double standard?

AnsuGisalas
AnsuGisalas

The concept "individual" is an abstraction, like all concepts are. There are ontological entities, or at least we can choose to trust our senses (in spite of the Cogito ergo sum -argument's caveat) that there are. In saying "This ontological entity is an individual" we are performing an abstraction of the form "x belongs to set [A]". Edit: I figured out a better way to explain my point: Let's examine the function of the word "individual" in its noun form: You can say of a person "He/She is an individual", and that's a true statement, no problems so far. However, when you say "An individual has needs" you have to observe a crucial semantic fact of this noun; it refers to a member of a distributive plural set! The noun "individual" in a preposition, even when singular, denotes a plural sense, specifically something that pertains to each member of the set of individuals. Distributives are problematic, because you can't make loose generalizations across distributive fields: if you say "an individual has needs" then it correctly translates into "all individuals have individual needs" or "each individual has individual needs" i.e. you run into my objection about representing anything at all with the noun "individual", since the members of the set have few truly shared needs relevant to a political discussion, you're actually risking making exactly the kind of stupid mistakes the soviets did; the shared needs are exactly those the stalinists claimed to be the only relevant ones, food, breathable air (if barely), communist propaganda, gulags and mind control. So much for "x is an individual" and "an individual has property y" types of statements. Your real problems begin when you say "the individual", do you see it? The big problem here is, that you are recoding a distributive variable into a gestalt entity; you no longer speak of entities belonging to a set (unproblematic) or make statements about members of that set (somewhat problematic), you are instead introducing a new entity that is equal to the distributive plural set, and that's way off, to say the least! On the bright side; I am not arguing that singular human beings with their diverse and distributive needs are not relevant to the big picture. That would be insane. I'm just saying, that the ways people try to fathom this vast sea of humanity are severely flawed, and give rise to flawed implementations. Basically, if your idea is that the individual needs of individuals need to be taken into account, that's fine. I'm just rude enough to say that that's easier said than done, and I'd like to see your implementation before I laud your thinking. @santeewelding: Go ahead and unhinge my argument, hinges are for Windows.

santeewelding
santeewelding

News to me. Means you discuss reasonably the unreason of a madman, making of you the same.

apotheon
apotheon

My purpose is to make my point clearly, and to discuss reasonably. I don't get involved in such discussions for the sole purpose of destroying people's arguments.

santeewelding
santeewelding

Tch. Can't you see -- after all your travail with me -- the one place in [b]ansugeisler's[/b] argument where it can be fatally unhinged?

apotheon
apotheon

"The individual" is an abstraction Seriously? I don't know about you, but I certainly am not an abstraction. The other problem, also very real, is that when the level of examination entails the actions of millions of people, then actually taking into account individual actions pushes the whole evaluation way into the space of quantum computers You misunderstand my point about taking the individual into account. Note that I said "taking the individual into account", and not "taking all individuals into account separately". The idea is to recognize that there are individuals, who have individual wants and needs and motives and whatnot, and to account for the fact that individuals vary quite a bit from one to the next, for they are all quite . . . individual. taking one individual into account doesn't mean taking all or even a representative amount of the individuals into account. Well, good -- because that's not what I said. You're reading into what I said, rather than just reading it. If you're unsure about something, try asking for clarification rather than just leaping to absurd conclusions. Emergent modeling is required, but the human mind already produces viable simplifications, we do really think of groups of people as gestalt individuals... Yes, we do -- and, as a result, we end up with horrorshows like the Soviet Union, which was really more of a meat grinder than a government. This is why it's so important to take the individual into account.

AnsuGisalas
AnsuGisalas

"The individual" is an abstraction, that was my earlier point, so your simplification has the weakness of representing the body of individuals very weakly, and in a non-transparent way. In a nutshell, it makes it too easy to fool one's self, saying I took the individual into account when actually one took into account only a generalized prejudiced representation of something one isn't really sure of what is. See? The other problem, also very real, is that when the level of examination entails the actions of millions of people, then actually taking into account individual actions pushes the whole evaluation way into the space of quantum computers... the amount of data involved in describing or documenting or representing the actions of even one specific individual is staggering, and people aren't the same, so taking one individual into account doesn't mean taking all or even a representative amount of the individuals into account. Emergent modeling is required, but the human mind already produces viable simplifications, we do really think of groups of people as gestalt individuals... understanding, and taking into account the weaknesses inherent in this natural generalisation is key to making it useful.

apotheon
apotheon

Taking the individual into consideration in the scope of the macrosocietal whole defies simplicity. How do you figure? The individual is the simplest meaningful component of the whole. How does it get any simpler than taking the individual into account? Did you not read the article about simplicity?

AnsuGisalas
AnsuGisalas

Taking the individual into consideration in the scope of the macrosocietal whole defies simplicity. I wasn't suggesting these abstractions as truth, simply suggesting that there are valid, tried-and-true ways of simplifying the complex. Every simplification is a filter, you highlight some features but you blank out some others. But with out filters you get snow-blind... the information overflow is impossible to overcome... But remember the forgotten rule of structuralism: Once you have analyzed a situation with the help of an abstraction, you must reverse the process, fitting the result of the analysis with the *unfiltered* reality. That way you don't just reiterate own prejudices... which happens to everyone if they're not careful.

pgit
pgit

http://www.batr.org/totalitariancollectivism/economy.html The author is an acquaintance I have done a little computer work for over the years. I also wrote for the blog in a prior iteration, a couple of times. Interesting is that he was recently in the center of the Eric Massa debacle, he had been a big supporter because Massa was looking into some serious graft/corruption regarding the finance of "wind farms." Call me Aaron Burr... my only regret is I was not there to duel Hamilton BEFORE the CONstitution got shoved down the people's throats... how's that for impertinent! ?

apotheon
apotheon

Interesting ideas, to be sure. It's all abstraction, though. Thinking of a family, or a community, or a province, or a complete nation-state, or the whole world, or a race of people, or an ethnic minority, or a religion, or whatever else, as a singular entity -- analogous to a linguistic sign -- is just an abstraction that is convenient for purposes of easing the process of making decisions about how to interact with the world around us. We think of our government or Wal-Mart or the Guardian Angels or whatever as a singular entity because it is convenient to do so. Such an approach to identifying abstract entities is a behavioral approach to dealing with the world, like a Skinner box is a behavioral approach to dealing with mice. The problem with such an approach is that, like Skinner, we very quickly end up treating human beings as chess pieces in a game of manipulating the world to our liking, as obstacles to be overcome and tools toward reaching our goals, merely as means to an end -- because they disappear into the background noise of these social institutions that we regard as abstract entities. We run the risk of thinking it is the institutions themselves that are the most important, as ends with their human members relegated to the roles of means toward those ends because of the seductive call of collective ethics ("the needs of the many outweigh the needs of the few" and all that crap), ignoring the fact that human beings are thinking, feeling, concrete entities themselves who, within the terms of Kant's categorical imperative, are ends in themselves. It's perfectly reasonable to think of social institutions -- which really only exist due to convention and cultural bias themselves -- as behaviorally significant, abstract entities when considering how to interact with the world. Abstraction is how we do heavy lifting. Give me a fulcrum, somewhere to stand, and a long enough lever, and like Archimedes I can move the world; abstraction is the lever of the intellect. We cannot forget the importance of the individual without running afoul of ethical missteps, however. Erase all our abstraction and cultural bias and long-ingrained convention, and all we have left is the concrete entities; the individuals. Everything else is just a tool of the intellect, and a tool of the intellect should never be valued above the individuals with whose well-being we should be concerned when plotting the course of our actions by way of those abstractions. What good is the abstraction as a tool of the intellect if we lose sight of the ends toward which those abstractions are our means? edit: . . . and, coming full circle, here we have the best argument yet for simplifying your system for dealing with some part of the world. Don't forget the importance of the individual part of a complex whole, because that's really where everything happens. What we see as the complex whole is really just an abstraction that is sometimes convenient to consider when trying to get things done quickly; the individual part of it is the workhorse of the system.

JCitizen
JCitizen

is an interesting study. However we tend to ride with the prejudice that brung us. And how we got treated is in the prejudice. I see it that the PRC intended to damage me; because of their attacks against my LAN perimeter, and our think tank. I'm not going to philosophize about the people of China, of whom I love. I'm only going to look at the political entity called the PRC. I'm allowed to hate a political entity. And I do. China's recent actions against Iran, have deflected a lot of my prejudice. The more the PRC cooperates with the world, to hem in these nuclear cowboys; the more I'm going to learn to love them. Now I think even the PRC should be rewarded for this; something like unlimited access to Iraq oil, which they probably already have, and unlimited access to US coal, for energy concerns, which they would understandably have. I'm not a complete maniac; I just like results.

AnsuGisalas
AnsuGisalas

There was this guy, Ferdinand de Saussure (he's dead), who introduced into linguistics the concept of the sign... now, the sign in itself is very interesting, but what I want to point out is how it stacks: In that theory, a language sound is a sign, and so is a set of language sounds forming a word (they're not a series of signs constituting a higher sign, they're just one sign), and so is a set of words forming a sentence, and so is a set of sentences forming, say, an argument (in either meaning). They don't stack, instead they conglomerate seamlessly, automatically like dew on a blade of grass. A person is an individual entity, but so is a family (to varying degrees, depending on cultural norms), and so is an institution (like a university), but so is also a part of that institution (say, the students of that university, no matter how disparate). Some of these individuals are very vague and undirected... but some of these are single humans, while some are conglomerate entities... and some are very distinct, consistent and directed, but these too include singular humans and conglomerate entities. All in all this whole mess can be described as a discourse... it's not a people or a demographic or anything like that, it's a vast matrix of communicative connections that defy all counting... and yet, we are able to sense it and even navigate in it... it is in a way, a reality.

pgit
pgit

I shall ponder.

AnsuGisalas
AnsuGisalas

We don't see what's really there, we just see what we expect to see. We don't see individuals, but exemplars of archetypes. Even close associates we package by their names; imagine if you take a picture of Bill Gates and write above it "Ceci n'est pas Bill" - this is not Bill. A representation is not an entity, but that's exactly what we try to make-believe for most of our waking moments.

JCitizen
JCitizen

The dems claim they closed that hole this week. divert to impert =D

pgit
pgit

I love it.., it's so... so PERTINENT! =D I have to hand it to Chad for trying, but you'll never alter anyone's opinion in a forum like this. I know it's hard to let someone's personal (borderline slanderous) attacks lie, but one day he'll realize his time could have been better spent on far more productive ventures... ...like trying to bounce an eraser off the desk into your coffee cup for example. So they were talking about China, eh? How's this for a taste of China in the good ol USA? http://rawstory.com/rs/2010/0326/newborn-denied-coverage-preexisting-condition/ Wait till the IRS starts poking into whether they approve of your coverage or not... divert!! divert!!!

JCitizen
JCitizen

That cracks me up!! Talk about a Macy's parade disaster! HA! :^0 Might as well divert this thread anyway! :D Better to divert than be impert- Eh pgit!?

pgit
pgit

OK, this thread has taken a bit of a turn down impertinence lane... Reminds me of one of my favorite cartoons, I saw it in a magazine back in the early 1980's. It was a single panel, showing a bunch of fat cat white guys chomping cigars around a board room table, and one fellow with a look of revelation in his eyes says: "Megadeath... wow! And to think we used to be a thimble manufacturer!!" Oh, the huge manatee!!!: http://thepeoplescube.com/red/richedit/upload/2k4a7a43d7f8.jpg

apotheon
apotheon

Does your cultural bias define reality? Nope. Of course, I'm not talking about my cultural biases. I'm talking about the composition of complex systems. What I wrote about the Chinese is from personal observation and experience as well as from sources who know, both Chinese and non-Chinese. That's irrelevant to my point. Yes, you're right -- that's the Chinese culture in a nutshell. My point still stands. Well, points, really. What you see as the individualism of the "Tank Man" is what you have been taught to see as an exception, although his behavior would also be an exception in our own society. I never said he wouldn't be an exception in US society. What makes you think I made an assumption he wouldn't? He would be an exception in a different manner, though. Do you think that he was a hero? I believe his action was quite thoroughly heroic in nature. I also believe that is totally irrelevant to my point -- which is that he was an exception to the cultural rule in China. Note that I also mentioned Mao Tse-Tung, whose exceptionality in Chinese culture is most emphatically not heroic by the lights of my own cultural biases. It is not whether someone is heroic or not (at least not that alone) that determines whether he or she is exceptional; it is, rather, whether he or she breaks free of the generalization you provided. Doing so by murdering millions is as valid an example of being exceptional as doing so by taking a stand as an individual against an overwhelmingly superior force the way Tank Man did. In China, the answer depends upon whether his family gained face or lost face because of his behavior. That's the traditional approach to determining the answer. It's an oversimplification of the reality, but I understand your point. On the other hand, as I pointed out above, whether he's a "hero" or not (and whether he's considered a hero or not, which is not necessarily the same as being a hero) is irrelevant to my point, which was that he was an exception to the general cultural rule. Even in our society, there are people who would say that he was a fool. Also irrelevant. See above. Substitute "fool" for "hero", and the explanation for why its irrelevant still basically holds. Families are not "made up of individuals, too" even in our own society. Families are made up of members. "Members" are "individuals". They are individuals who acquire an additional label by virtue of being part of something else. Are you not an individual because you've joined a damned club? Please stop playing games and understand that being a member of something doesn't mean you are no longer an individual sentient being. Well, I assume you're a sentient being. I guess I might be assuming too much from the text under your name on TR. Among the Chinese there is no significant concept of an "individual" other than someone being alone, isolated, deprived. There was no "significant concept" of a quark before the 20th Century, either, but they still existed. Clearly, your cultural bias neither allows you to perceive nor to conceive any other than the concepts of individualism from which your ideological view of society is derived. Clearly, you know nothing about me, but you'll make up stuff about me to help you defend your irrelevancies thrown in the path of what could otherwise be a reasonable discussion. My discussion of "individuals" in this context is not ideological in nature. There are individuals, period. Hell, I'm a philosophical Taoist myself -- I totally understand the metaphysical and cultural concept of interconnectedness, possibly with far greater depth than you (since you've given me no indications of similar philosophical leanings). That doesn't change the fact that when approaching the problem of understanding complex systems the recognition of the individual existence of components as part of the recognition of the characteristics of the whole is an important part of that process of comprehension. I'm talking about systems theory, and you're talking about cultural biases as if they define reality -- which means you're not even considering my points, because you're trying to fit them into a completely different subject discussion than their intended topic. So, you remain ignorant because you believe that what you "know" is not only true a priori but a universal "reality". Incorrect, but have fun with that. You may have whatever inaccurate beliefs you wish, I suppose. However, what you apparently know is a theory which cannot be empirically proven. You have said so yourself, if in different words. I don't recall saying so -- but it's more accurate to say it hasn't been empirically proven. Of course, if you're going to start talking about empirical proof, you're just abandoning the Chinese cultural biases toward interconnectedness and order (which, by the way, is only half the matter in Chinese culture; you focus on the cultural biases engendered by Confucianism and ignore those engendered by Taoism to begin with) in favor of orthodox occidental thought. Ironic.

santeewelding
santeewelding

"IMHO". It cheapens your otherwise dedicated post.

Ocie3
Ocie3

[i]".... Cultural bias does not define reality."[/i] is something that you need to think about before you attempt to tell total strangers what their society is based upon. Does [b]your[/b] cultural bias define reality? What I wrote about the Chinese is from personal observation and experience as well as from sources who know, both Chinese and non-Chinese. What do you have? (1) What you see as the individualism of the "Tank Man" is what you have been taught to see as an exception, although his behavior would also be an exception in [i]our own[/i] society. Do you think that he was a hero? In China, the answer depends upon whether his family gained face or lost face because of his behavior. Even in our society, there are people who would say that he was a fool. (2) Families are not "made up of individuals, too" even in our own society. Families are made up of [b]members[/b]. The members of families support one another, and each member of a family supports the other members. Among the Chinese there is no significant concept of an "individual" other than someone being alone, isolated, deprived. Clearly, [i]your[/i] cultural bias neither allows you to perceive nor to conceive any other than the concepts of individualism from which your ideological view of society is derived. So, you remain ignorant because you believe that what you "know" is not only true [i]a priori[/i] but a universal "reality". However, what you apparently know is a theory which cannot be [i]empirically[/i] proven. You have said so yourself, if in different words.

santeewelding
santeewelding

Half-cocked accidental discharge with no muzzle awareness.

apotheon
apotheon

You're confusing the way the people in a society see themselves and their society with the true nature of the society: Chinese society is made up of families. 1. That's a generalization. Exceptions include the famous Tank Man of the Tienanmen Square Massacre and Mao Tse-Tung (each in a very different manner than the other). 2. Families are made up of individuals, too. Claiming Chinese society is made up of families is just losing sight of the individuals because of a layer of indirection between Society and Individual that happens to be more strongly defined in China than in the US, UK, Canada, Australia, et cetera. The fact many people in China have lost clear perspective sufficiently to forget that society is made up of individuals doesn't mean that society is not made up of individuals. Cultural bias does not define reality.

pgit
pgit

Works everywhere but one glaring exception: to defeat government lawyers you must take the simple truth and shave it further to what appears a gross over simplification. Just take that as gospel, been there/done that and happy crap...

santeewelding
santeewelding

You flood me with desiderata of which I am somewhat more than well-acquainted, and, of no direct functional significance. Since you ask, a measure of Penobscot.

Ocie3
Ocie3

from English immigrants who crossed the Atlantic Ocean on the first boat and married one of everybody who came after them. How about you? That said: One question(er) does not abolish a society. Nor does one question(er) change a society. Nor does one question(er) create a new society. The pace of change moves more slowly outside the boundaries of the United States, and we are not the epitome of all that is best in the World. ([b]Edit[/b]: replace original content with nonsense :-) )

santeewelding
santeewelding

One of them -- just one of them -- looks up and around, and, says, "Hey; wait just a damned minute!" Ocie: you freeze it in a moment of time, and, you progress from there. Where in just the hell do you think [i]we[/i] came from?

Ocie3
Ocie3

Quote: [i]".... 'Society', as the key example, is made up of individuals. People who think only about the complex system (society), have lost sight of the most important factor -- the individual people."[/i] There are many societies which are not made up of individuals (we prefer to think that they are made up of individuals because that is [i]our[/i] modern European bias). For example, Chinese society is made up of families. That is why the surname precedes the personal name in Chinese names. Any individual member of a family is "important" only among the members of that family, and any individual who acts in his or her own self-interest above the interests of their family is at risk of being disowned, which would result in personal suicide ([i]literally[/i]), [b]so that just does not happen[/b]. All relationships among the Chinese are expressed by interactions among families in every sphere of activity and organization. Anyone who does not recognize that and all of its ramifications will simply never understand the Chinese. There are also societies which are based upon [i]clans[/i] (http://en.wikipedia.org/wiki/Clan), especially in Africa and in some areas of Asia, among others. The clan affiliation(s) of each and every individual both proscribe and prescribe their behavior and beliefs in rather fundamental ways. These social entities tend to also comprise and act as economic and political entities as well, thus the terms "socioeconomic" and "sociopolitical".

Editor's Picks