Justin Spencer: 2017

20171231

Low Tech Hacking by Jack Wiles

Today we find ourselves in a position where our outdated defense regularly fall prey to the simplest "Low Tech" hacking techniques.
Social engineering is what I believe could be the most effective and dangerous outsider-insider threat to any security plan.
A social engineer will continuously learn more clever ways to take advantage of how our minds work in order to perform the illusion or deception.
Any one of us, at any time, could easily become the victim of some form of social engineering. I personally believe that it is not possible to completely eliminate the risk.
Our minds work in very trusting and predictable ways, and that means that exaggerated deviations from the norm might not ever be considered.
I learned over the years that social engineering attacks work best when they were two-part attacks.
You will probably hear me say this many times throughout this book, but I continued to be amazed at how many great social engineering tools are available at your yard sales, flea markets, pawnshops, and thrift stores.
The only countermeasure for threats like social engineering is always being just a little bit more suspicious.
As an absolute minimum, it is very important for every employee to have some sort of chain of command for reporting potential security threats.
By far, the most effective keystroke loggers that we have used are the KeyGhost hardware loggers being sold as security devices.
Keep in mind that the key logger is only detecting keystrokes. It doesn't detect anything that was pointed to and clicked on with the mouse.
There couldn't be any better example of low tech hacking than simply sitting in a crowded restaurant on a typical day, in a typical city, and listening.
We are so dependent on telecommunications today that service technicians carrying tools and replacement equipment are as common as express delivery drivers. We are conditioned not to challenge these people especially if they are in a rush.
It's usually not a good idea to approach strangers first before knowing what they are up to.
If the information [login and password] isn't written on the admin terminal, it's more than likely under the keyboard or in a drawer close by.
There are lists of default passwords and user names delivered with new PBX and VOIP phone systems on a number of hacker sites. Many customers never change these defaults even though every manufacturer strongly recommends an immediate change.
The use of VOIP systems is growing; however, the majority of phone systems in use today rely on technology basically unchanged over the past 20 years.
The mining of data from social web sites like Facebook has become the number one tool in the arsenal of the bad guys.
All of our efforts are at the gateway and seem to involve preventing malware from being delivered in to our environments. [...] We need a game changer and I believe that the most viable game changer is to quit worrying about the delivery mechanisms of malware and apply or focus on not allowing any entrusted code to ever, under any circumstances, execute within our environments.
Who cares how they deliver their malicious code? If it cannot execute it simply no longer matters.
If you cannot control known good traffic you stand no change at all of controlling any bad/malicious traffic.
The number one countermeasure for the threat of social engineering is to be just a little more suspicious than we normally are as good, friendly, trusting citizens.
It is truly amazing how our minds work and sometimes don't work the way that they should.
While things are constantly changing in the technical security world, in the physical security world, things don't seem to change quite as quickly.
We all need to at least be familiar with and understand our risks at home and at work.
It's always a good idea for the management team responsible for computer and information security to work closely with the management team responsible for overall building security.
On every one of my team's penetration tests, we found at least one lock (either interior or exterior) in the building that wasn't functioning properly. This provided us with easy access to buildings and rooms that we shouldn't have been able to get into so easily.
Slightly misaligned strikes on the door frames are the most common problem that we find. This is a serious problem, in that it defeats the purpose of the dead bolt feature of the lock.
I know these can be faked, but I still think it is much better to have some form of visible identification worn by every employee at all times.
Employees can be somewhat trained to even detect fake ID badges.
Awareness training works.
I believe that it is a good policy to shred everything that comes to your home with any family members name on it.
When conducting a physical penetration test, the company's phone books were the first things that we went for. Once we got our hands on a corporate directory, the social engineering began. Most corporate phone books are laid out in a way that conveniently shows the entire corporate structure as well as chain of command, building addresses, and department titles.
Employee awareness of the importance of a corporate directory will help ensure employees know how to safeguard this valuable corporate property.
Everything that you do to make it a little harder for the bad guys will make you a less likely target--they're looking for an easy mark.
Unsecured areas are targets for tailgating. This was one of our most successful entry techniques regardless of the security procedures at the building.
We found that many corporations had good security at their main entrance points but were lacking at other entry and exit points.
Tailgating, frequently called piggybacking, is simply following someone into a building after they open the door with an access card or by entering a door code.
By far, the least expensive and most effective countermeasure for the overall security of any organization is the employees of that organization.
I can't emphasize enough the need to train all of your second and third shift employees, and especially your janitorial services people, about the threats of social engineering.
The more difficult you make it for people who don't have a need to know about these critical rooms, the more secure you will be.
If you are going to have high-security locks on any doors in your building, then dedicated computer rooms and phone closets would be first on my list of rooms needing the most secure locking mechanisms.
That entire expensive surveillance system is worthless if whatever is captured on tape isn't ever seen by a human who can do something about it.
While most companies don't own the manhole covers (and what's under them) surrounding their building, it's still a good idea to check on their security.
The extent of the infrastructure that exists below the streets of most cities is incredible.
Old disk drives will be an area of concern for years to come.
Be certain to remove all disk drives from computers that you plan to donate, give away, or simply throw away.
I recommend that all companies have their building security maintenance teams perform a spot check above all suspended ceilings at least twice a year.
Security will always be a long-term team effort.
The biggest potential problem with technical security is a lack of proper physical security.
As with anything else in life, practice, practice, practice is the only way to stay good at just about anything.
Pin tumbler locks are also the most common type of lock that we see in homes and office buildings on doors. These locks can be picked with a little practice.
Mushroom pins are shaped somewhat like an hourglass. This shape can cause the pins to bind as someone attempts to pick them.
Very powerful battery-operated drills are now available everywhere. If i can get to that key-way and begin to drill out those pins, thereby creating what is known as a shear line, I will be able to retract that bolt and remove the lock.
Unless someone was caught inside your building, you may not know they were ever there.
What allows the door to open is the retraction of the bolt.
Just about all of our homes and most businesses still use pin tumbler locks for their primary perimeter defense.
It is very seldom a good idea to have one key that opens everything in the building.
Highly pick-resistant Medeco locks are some of the most effective.
The main reason we always tried to befriend the people on the janitorial team is that they usually had those important keys that we were trying to get our hands on.
If your lock looks different from everybody else's, and functions somewhat differently from everybody else's, you will automatically become a tougher target.
Being a little bit more difficult to compromise than the next guy, is really the name of the game with security.
Always be careful who has access to your keys.
Throughout my years working in various aspects of technology and security, I've come to realize one simple concept; out of sight is out of mind. Organizations habitually overlook security of wireless communications because they can't see it.
The simplest and most fun thing you can do to disrupt a wireless system is much around with the antennas.
Even the slightest changes in a directional antenna can wreak havoc on the wireless system.
Organizations with external APs or antennas should carefully select their mounting locations and ensure there's appropriate physical security protection for the devices.
Aside from tampering with the antennas, forced reflection is probably the simplest and most effective wireless disturbance.
Unlicensed wireless will draw attention from the FCC if it's operating in the wrong band or is too high powered.
Jammers can be easily built from homemade electronic components or by re-purposing another device that's designed to transmit on the frequency you're attacking.
More often than not, rogue devices are introduced into a network by authorized users such as employees and contractors.
A rogue device is any device--client or infrastructure--that attaches to your infrastructure without knowledge or consent by the organization. Rouge devices are a huge security risk in an enterprise.
Regardless of the specific vulnerability, nine times out of ten, there's some way to access the management interface of a switch or access point.
Good 'ol fashioned MAC spoofing is a great way to get around a variety of security controls in place. MAC (media access control) addresses are unique identifiers for each network interface on a device.
Although the MAC address is coded on the machine, it can be changed in the software, making it possible for a user to change a MAC address on his device.
If someone is going to surveile you, the most obvious and easiest place to start is with your name.
The truth is, you really cannot get any of your information actually removed from the internet. [...] Just be warned that, once it is out there, it will live and it can be found.
The first place to start collecting information on the patterns of your behavior is to target social media and social networking sites.
Always remember, nothing really disappears or can be deleted from the internet.
Personal bank account amounts and line items are very difficult to attain online, unless you, the bank, or a third party has somehow exposed otherwise secure information.
It does not take a lot of hacking technical skill to spoof an email address and make it appear that the email is coming from a legitimate source.
Many people don't secure their wireless networks.
One of the most important aspects of targeting and surveillance is to put all of the collected intelligence together. This is perhaps the more artful step in the process.
But at the end of the day, a quote from Jane Austen made over 200 years ago still stands the test of time, "Every man is surrounded by a neighborhood of voluntary spies."
Penetration testers tend to agree that the end user is the weakest link in any information security chain.
Humans are social animals, and we've trained ourselves over the generations to help people and to trust people. It's always been a mechanism for the survival of our race. Most individuals prefer to believe the best in others and their intentions. At the very least, we don't want to be the person who slows down the organization or stops progress altogether. But that aspect of being human also makes our employees vulnerable to compromise by creative and enterprising attackers.
A great penetration tester can achieve high success rates by introducing slight variations in a target's environment without arousing suspicion.
In reality, selective attention is a great way to engineer people's reactions and motivations.
If I can draw your attention to one thing, it means you're not paying attention to something else. This can be referred to as distraction.
One of the core concepts of magic is to distract your audience so you can do something else while they're not paying attention.
Mr. Cialdini states, "Six basic tendencies of human behavior come into play in generating a positive response: reciprocation, consistency, social validation, liking, authority, and scarcity." So, from our perspective, in order to best penetrate an organization, we'll want to utilize these human tendencies when interacting with the employees of an organization in way's they'll understand instinctually.
Our goal is to keep this process as simple as possible and use suitable tactics for the job.
Another consideration for your penetration team is the culture of the target organization.
People naturally want and need to trust other individuals. All you have to do is fit into the confines of their expectations.
The right clothing and accessories can create a sense of trust within your target because you blend in with their expectations.
Users tend to be more relaxed and less on their guard when they're off-site than when they're at work. [...] So the best location to target users will normally be outside their normal working environment.
The strategy is our game plan. It's how we'll approach the users, gain their trust, and get our software installed on their computers. The strategy has to take the location and the mood of the users into account.
The strategy we choose needs to fit with the location, target audience, time, and wariness of our targets.
Since our penetration projects will be different, each of our approaches will be customized to the organization we're targeting. Your team will need to be flexible and creative. Consider all possible alternatives, because you can be fairly certain the target organization hasn't.
It's incredibly important to be relaxed in your interactions. Most people haven't studied body language, but they do have instincts that react to body language and can alert them to situations that could be dangerous or misleading.
A wrapper is used by many hackers to obfuscate the code signature of a piece of malware so that it won't be detected by anti virus software once it's been installed on a user's computer.
Conducting penetration tests doesn't always have to rely on a great deal of technology.
Off-the-shelf software products, including some highly regarded free products, can often provide all the tools you need (along with your imagination) to do some low tech penetration testing.
Skillful communication most often results in gaining pieces of information that are key to success in whatever line of business or social environment that we humans engage in. So it comes as no surprise that skilled criminals use these same skills of social engineering to advance their schemes.
The strength of any network, including our social networks, is only as strong as the weakest lock.
Malicious executable attachments to email continue to be the most prevalent low tech hacking threat.
Generally speaking, the individual user is the most vulnerable and most targeted for compromise by the low tech hacker.
The world has become so reliant on the internet that it has become it's own worst nightmare.
If your program is going to be successful, you will need the support of the CEO.
I think the most important thing about an information security awareness program is that people know how to contact information security when they have a question or concern

20171230

ZeroMQ The Guide by Pieter Hintjens

ZeroMQ - The Guide

ZeroMQ looks like an embeddable networking library but acts like a concurrency framework. It gives you sockets that carry atomic messages across various transports like in-process, inter-process, TCP, and multicast. You can connect sockets N-to-N with patterns like fan-out, pub-sub, task distribution, and request-reply.
ZeroMQ sockets are the world-saving superheros of the networking world.
More generally, "zero" refers to the culture of minimalism that permeates the project. We add power by removing complexity rather than by exposing new functionality.
We assume you care about scale, because ZeroMQ solves that problem above all others.
Programming is science dressed up as art because most of us don't understand the physics of software and it's rarely, if ever, taught. The physics of software is not algorithms, data structures, languages and abstractions. These are just tools we make, use, throw away. The real physics of software is the physics of people--specifically, our limitations when it comes to complexity, and our desire to work together to solve large problems in pieces.
This is the science of programming: make building blocks that people can understand and use easily, and people will work together to solve the very largest problems.
We live in a connected world, and modern software has to navigate this world. So the building blocks for tomorrow's very largest solutions are connected and massively parallel.
Even connecting a few programs across a few sockets is plan nasty when you start to handle real life situations.
Connecting computers is so difficult that software and services to do this is a multi-billion dollar business.
To fix the world, we needed to do two things. One, to solve the general problem of "how to connect any code to any code, anywhere". Two, to wrap that up in the simplest building blocks that people could understand and use easily.
ZeroMQ doesn't know anything about the data you send except its size in bytes. That means you are responsible for formatting it safely so that applications can read it back.
When you receive string data from ZeroMQ in C, you simply cannot trust that it's safely terminated. Every single time you read a string, you should allocate a new buffer with space for an extra byte, copy the string, and terminate it properly with a null.
ZeroMQ strings are length-specified and are sent on the wire without a trailing null.
There is one more important thing to know about PUB-SUB sockets: you do not know precisely when a subscriber starts to get messages.
Making a TCP connection involves to and from handshaking that takes several milliseconds depending on your network and the number of hops between peers.
The alternative to synchronization is to simply assume that the published data stream is infinite and has no start and no end.
Write nice code. Ugly code hides problems and makes it hard for others to help you. Use consistent indentation and clean layout. Write nice code and your world will be more comfortable.
Test what you make as you make it. When your program doesn't work, you should know what five lines are to blame.
When you find that things don't work as expected, break your code into pieces, test each one, see which one is not working.
Make abstractions (classes, methods, whatever) as you need them. If you copy/past a lot of code, you're going to copy/past errors, too.
Classy programmers share the same motto as classy hit men: always clean-up when you finish the job.
Memory leaks are one thing, but ZeroMQ is quite finicky about how you exit an application.
If you are opening and closing a lot of sockets, that's probably a sign that you need to redesign your application.
Do not try to use the same socket from multiple threads.
Blocking I/O creates architectures that do not scale well. But background I/O can be very hard to do right.
It is incredibly wasteful for teams to be building this particular [message passing] wheel over and over.
It turns out that building reusable messaging systems is really difficult, which is why few FOSS projects ever tried, and why commercial messaging products are complex, expensive, inflexible, and brittle.
This is ZeroMQ: an efficient, embeddable library that solves most of the problems an application needs to become nicely elastic across a network, without much cost.
Traditional network programming is built on the general assumption that one socket talks to one connection, one peer. There are multicast protocols, but these are exotic. When we assume "one socket = one connection", we scale our architectures in certain ways. We create threads of logic where each thread work with one socket, one peer. We place intelligence and state in thse threads.
In the ZeroMQ universe, sockets are doorways to fast little background communications engines that manage a whole set of connections auto-magically for you.
ZeroMQ sockets carry messages, like UDP, rather than a stream of bytes as TCP does. A ZeroMQ message is length-specified binary data.
ZeroMQ is not a neutral carrier: it imposes a framing on the transport protocols it uses. This framing is not compatible with existing protocols, which tend to use their own framing.
The built-in core ZeroMQ patterns are:

Request-reply, which connects a set of clients to a set of services. This is a remote procedure call and task distribution pattern.
Pub-sub, which connects a set of publishers to a set of subscribers. This is a data distribution pattern.
Pipeline, which connects nodes in a fan-out/fan-in pattern that can have multiple steps and loops. This is a parallel task distribution and collection pattern.
Exclusive pair, which connects two sockets exclusively. This is a pattern for connection two threads in a process, not to be confused with "normal" pairs of sockets.

Too many static pieces are like liquid concrete: knowledge is distributed and the more static pieces you have, the more effort it is to change the topology.
A bridge is a small application that speaks one protocol at one socket, and converts to/from a second protocol at another socket. A protocol interpreter, if you like.
Processes, we believe, should be as vulnerable as possible to internal errors, and as robust as possible against external attacks and errors. To give an analogy, a living cell with self-destruct if it detects a single internal error, yet it will resist attack from the outside by all means possible.
Assertions are absolutely vital to robust code; they just have to be on the right side of the cellular wall. And there should be such a wall. If it is unclear whether a fault is internal or external, that is a design flaw to be fixed.
Real code should do error handling on every single ZeroMQ call.
Any long-running application has to manage memory correctly, or eventually it'll use up all available memory and crash.
To make utterly perfect MT programs (and I mean that literally), we don't need mutexes, locks, or any other form or inter-thread communication except messages sent across ZeroMQ sockets.
If there's one lesson we've learned from 30+ years of concurrent programming, it is: just don't share state.
The list of weird problems that you need to fight as you write classic shared-state MT code would be hilarious if ti didn't translate directly into stress and risk, as code that seems to work suddenly fails under pressure.
Some widely used models, despite being the basis for entire industries, are fundamentally broken, and shared state concurrency is one of them.
This is a recurring theme with ZeroMQ: the world's problems are diverse and you can benefit from solving different problems each in the right way.
Getting applications to properly shut down when you send them Ctrl-C can be tricky.
Most people who speak of "reliability" don't really know what they mean. We can only define reliability in terms of failure. That is, if we can handle a certain set of well-defined and understood failures, then we are reliable with respect to those failures. No more, no less.
So to make things brutally simple, reliability is "keeping things working properly when code freezes or crashes", a situation we'll shorten to "dies".
Heartbeating solves the problem of knowing whether a peer is alive or dead.
The nice thing about progress is how fast it happens when lawyers and committees aren't involved.
This is how we should design complex architectures: start by writing down the contracts, and only then write software to implement them.
Theory is great in theory, but in practice, practice is better.
A good design principle that I use whenever possible is to not invent concepts that are not absolutely essential.
If you make a nontrivial protocol and you expect application to implement it properly, most developers will get it wrong most of the time.
There are three main open source patterns. The first is the large dumping code to break the market for others. This is the Apache Foundation model. The second is tiny teams or small firms building their dream. This is the most common open source model, which can be very successful commercially. The last is aggressive and diverse communities that swarm over a problem landscape. This is the Linux model, and the one to which we aspire with ZeroMQ.
It's hard to overemphasize the power and persistence of a working open source community. There really does not seem to be a better way of making software for the long term.
Software dies, but community survives.
My main takeaway from a long career of projects of every conceivable format is: if you want to build truly large-scale and long-lasting software, aim to build a free software community.
Architecture is the art and science of making large artificial structures for human use. If there is one thing I've learned and applied successfully in 30 years of making larger and larger software systems, it is this: software is about people. Large structures in themselves are meaningless. It's how they function for human use that matters. And in software, human use starts with the programmers who make the software itself.
The core problems in software architecture are driven by human psychology, not technology.
One of the tenets of Social Architecture is that how we organize is more significant than who we are. The same group, organized differently, can produce wholly different results.
Ordinary people, well connected, can far outperform a team of experts using poor patterns.
The two most important psychological elements are that we're really bad at understanding complexity and that we are so good at working together to divide and conquer large problems. We're highly social apes, and kind of smart, but only in the right kind of crowd.
Stupidity: our mental bandwidth is limited, so we're all stupid at some point. The architecture has to be simple to understand. This is the number one rule: simplicity beats functionality, every single time. If you can't understand an architecture on a cold gray Monday morning before coffee, it is too complex.
Selfishness: we act only out of self-interest, so the architecture must create space and opportunity for selfish acts that benefit the whole. Selfishness is often indirect and subtle.
Laziness: we make lots of assumptions, many of which are wrong. We are happiest when we can spend the least effort to get a result or to test an assumption quickly, so the architecture has to make this possible. Specifically, that means it must be simple.
Jealousy: we're jealous of others, which means we'll overcome our stupidity and laziness to prove others wrong and beat them in competition. The architecture thus has to create space for public competition based on fair rules that anyone can understand.
Fear: we're unwilling to take risks, especially if it makes us look stupid. Fear of failure is a major reason people conform and follow the group in mass stupidity. The architecture should make silent experimentation easy and cheap, giving people opportunity for success without punishing failure.
Reciprocity: we'll pay extra in terms of hard work, even money, to punish cheats and enforce fair rules. The architecture should be heavily rule-based, telling people how to work together, but not what to work on.
Conformity: we're happiest to conform, out of fear and laziness, which means if the patterns are good, clearly explained and documented, and fairly enforced, we'll naturally choose the right path every time.
Pride: we're intensely aware of our social status, and we'll work hard to avoid looking stupid or incompetent in public. The architecture has to make sure every piece we make has our name on it, so we'll have sleepless nights stressing about what others will say about our work.
Greed: we're ultimately economic animals, so the architecture has to give us economic incentive to invest in making it happen. Maybe it's polishing our reputation as experts, maybe it's literally making money from some skill or component. It doesn't matter what it is, but there must be economic incentive. Think of architecture as a market place, not an engineering design.
The truth about human nature is not that pretty. We're not really angels, nor devils, just self-interested winners descended from a billion-year unbroken line of winners. In business, marriage, and collective works, sooner or later, we either stop caring, or we fight and we argue.
Long-term survival means enduring the bad times, as well as enjoying the good ones.
The [software] license we choose modifies the economics of those who use our work.
Your goal as leader of a community is to motivate people to get out there and explore; to ensure they can do so safely and without disturbing others; to reward them when they make successful discoveries; and to ensure they share their knowledge with everyone else.
Plan your own retirement well before someone else decides you are their next problem.
You need a goal that's crazy and simple enough to get people out of bed in the morning. Your community has to attract the very best people and that demands something special.
Your work must be beautiful, immediately useful, and attractive. Your contributors are users who want to explore just a little beyond where they are now. Make it simple, elegant, and brutally clean. The experience when people run or use your work should be an emotional one. They should feel something, and if you accurately solved even just one big problem that until then they didn't quite realize they faced, you'll have a small part of their soul.
It [your project] must be easy to understand, use, and join. Too many projects have barriers to access.
A group of like-minded experts cannot explore the problem landscape well. They tend to make big mistakes. Diversity beats education any time.
Transparency is essential to get trust, which is essential to get scale. By forcing every single change through a single transparent process, you build real trust in the results.
Another cardinal sin that many open source developers make is to place themselves above others.
You job, as founder of a project, is not to impose your vision of the product over others, but to make sure the rules are good, honest, and enforced.
One of the saddest myths of the knowledge business is that ideas are a sensible form of property. It's medieval nonsense that should have been junked along with slavery, but sadly it's still making too many powerful people too much money.
Ideas are cheap.
What works today often won't work tomorrow, yet structures become more solid, not more flexible, over time.
We humans are really good at specialization. Asking us to be really good at two contradictory things reduces the number of candidates sharply, which is a bad thing for any project.
Going very fast in the wrong direction is not just useless, it's actively damaging.
Curious observation: people who thrive in complex situations like to create complexity because it keeps their value high.
Developers should not be made to feel stupid by their tools.
There are several reasons for not logging ideas, suggestions, or feature requests. In our experience, these just accumulate in the issue tracker until someone deletes them. But more profoundly, when we treat all changes as problem solutions, we can prioritize trivially.
Promoting the most active and consistent maintainers is good for everyone.
One of git's most popular features is its branches.
I'm a great believer in popular wisdom, but sometimes you have to recognize mass delusion for what it is.
Now, perhaps historians will feel robbed, but I honestly can't see that the historical minutiae of who changed what, when, including every branch and experiment, are worth any significant pain or friction.
My own opinion is that history will judge git branches and patterns like git-flow as a complex solution to imaginary problems inherited from the days of Subversion and monolithic repositories.
The simpler, the better.
Circumstantial evidence is thus that branches lead to more complexity than forks.
The smaller and more rapid the delivery, the better.
The smoother the learning curve, the better.
Evidence definitely shows that learning to use git branches is complex.
For most developers, every cycle spent learning git is a cycle lost on more productive things.
The lower the cost of failure, the better.
Branches demand more perfection from developers because mistakes potentially affect others. This raises the cost of failure. Forks make failure extremely cheap because literally nothing that happens in a fork can affect others not using that fork.
The less need for up-front coordination, the better.
The more you can scale a project, the better.
The less surprising, the better.
Sometimes better ways of working are surprising at first.
The more tangible the rewards, the better.
The more a model can survive conflict, the better.
Like it or not, people fight over ego, status, beliefs, and theories of the world. Challenge is a necessary part of science.
The stronger the isolation between production code and experiment, the better.
The more visible our work, the better.
Git is not an easy tool to master.
Innovation really just means solving problems more cheaply.
Software engineers don't like the notion that powerful, effective solutions can come into existence without an intelligent designer actively thinking things through.
In the dominant theory of innovation, brilliant individuals reflect on large problem sets and then carefully and precisely create a solution. [...] Look more closely, however, and you will see that the fact's don't match. History doesn't show lone inventors. It shows luck people who steal or claim ownership of ideas that are being worked on by many.
Here thus is an alternative theory of innovation:

There is an infinite problem/solution terrain.
This terrain changes over time according to external conditions.
We can only accurately perceive problems to which we are close.
We can rank the cost/benefit economics of problems using a market for solutions.
There is an optimal solution to any solvable problem.
We can approach this optimal solution heuristically, and mechanically.
Our intelligence can make this process faster, but does not replace it.

Individual creativity matters less than process. Smarter people may work faster, but they may also work in the wrong direction. It's the collective vision of reality that keeps us honest and relevant.
We don't need road maps if we have a good process. Functionality will emerge and evolve over time as solutions compete for market share.
We don't invent solutions so much as discover them. All sympathies to the creative soul. It's just an information processing machine that likes to polish its own ego and collect karma.
Intelligence is a social effect, though it feels personal. A person cut off from others eventually stops thinking. We can neither collect problems nor measure solutions without other people.
The size and diversity of the community is a key factor. Large, more diverse communities collect more relevant problems, and solve them more accurately, and do this faster, than a small expert group.
So, when we trust the solitary experts, they make classic mistakes. They focus on ideas, not problems. They focus on the wrong problems. They make misjudgments about the value of solving problems. They don't use their own work.
Living products consist of long series of patches, applied one atop the other.
The most popular design process in large business seems to be Trash-Oriented Design, or TOD. TOD feeds off the belief that all we need to make money are great ideas.
Ideas are cheap. No exceptions. There are no brilliant ideas.
The starting point for a good design process is to collect real problems that confront real people. The second step is to evaluate these problems with the basic question, "How much is it worth to solve this problem?" Having done that, we can collect that set of problems that are worth solving.
Good solutions to real problems will succeed as products. Their success will depend on how good and cheap the solution is, and how important the problem is.
Complexity-Oriented Design is characterized by a team obsessively solving the wrong problems in a form of collective delusion. COD products tend to be large, ambitious, complex, and unpopular.
It is insanely hard for engineers to stop extending a design to cover more potential problems.
Making stuff that you don't immediately have a need for it pointless.
Problems are not equal. Some are simple, and some are complex. Ironically, solving the simpler problems often has more value to more people than solving the really hard ones. So if you allow engineers to just work on random things, they'll mostly focus on the most interesting but least worthwhile things.
Engineers and designers love to make stuff and decoration, and this inevitably leads to complexity. It is crucial to have a "stop mechanism", a way to set short, hard deadlines that force people to make smaller, simpler answers to just the most crucial problems.
This process [Simplicity-Oriented Design] starts with a realization: we do not know what we have to make until after we start making it. Coming up with ideas or large-scale designs isn't just wasteful, it's a direct hindrance to designing the truly accurate solutions.
You need to keep mobile, pack light, and move fast.
A perfect "patch" solves a problem with zero learning required by the user.
To get the most out of SOD the designer has to use the product continuously, from day one, and develop his or her ability to smell out problems such as inconsistency, surprising behavior, and other forms of friction.
Design is about removing friction in the use of a product.
In any project, we need some kind of reward to make it worth continuing each day.
It's a management truism: if someone in your organization is irreplaceable, get rid of him or her.
There is a simple cure for burnout that works in at least some cases: get paid decently for your work.
Never design anything that's not a precise minimal answer to a problem we can identify and have to solve.
The control of a large force is the same principle as the control of a few mean: it is merely a question of dividing up their numbers.
The Benevolent Tyrant divides large problems into smaller ones and throws them at groups to focus on. The Benevolent Tyrant constructs a supply chain that starts with problems, and results in usable solutions. She is ruthless about how the supply chain works, but does not tell people what to work on, nor how to do their work.
The ideal team consists of two sides: one writing code, and one providing feedback.
The accuracy of knowledge comes from diversity.
Perfection precludes participation.
Make no plans. Set goals, develop strategies and tactics.
If you know the enemy and know yourself, you need not fear the result of a hundred battles.
He will win whose army is animated by the same spirit throughout all its ranks.
After crossing a river, you should get far away from it.
Code, like all knowledge, works best as collective--not private--property.
Water shapes its course according to the nature of the ground over which it flows.
Physical closeness is essential for high-bandwidth communications.
Pain is not, generally, a good sign.
People should feel joy in their work.
Never interrupt others when they are making mistakes.
The Hangman knows that we learn only by making mistakes, and she gives others copious rope with which to learn. She only pulls the rope gently, when it's time. A little tug to remind the other of their precarious position. Allowing others to learn by failure gives the good reason to stay, and the bad excuse to leave. The Hangman is endlessly patient, because there is no shortcut to the learning process.
Keeping the public record may be tedious, but it's the only way to prevent collusion.
No one really reads the archives, but the simple possibility stop most abuses.
When a man knows he is to be hanged in a fortnight, it concentrates his mind wonderfully.
Deadlines bring people together and focus the collective mind.
An external enemy can move a passive team into action.
When people argue or complain, just write them a Sun Tzu quotation.
Mistakes in slow motion are often harder to see (or rather, easier to rationalize away).
A good software architecture depends on contracts, and the more explicit they are, the better things scale.
Start simple, and develop your specifications step-by-step. Don't solve problems you don't have in front of you.
Use very clear and consistent language.
Try to avoid inventing concepts.
Make nothing for which you cannot demonstrate an immediate need. Your specification solves problems; it does not provide features. Make the simplest plausible solution for each problem that you identify.
Implement your protocol as you build it, so that you are aware of the technical consequences of each choice.
Test your specification as you build it on other people. Your best feedback on a specification is when someone else tries to implement it without the assumptions and knowledge that you have in your head.
Only use constructs that are independent of programming language and operating system.
The point about a written specification is that no matter how weak it is, it can be systematically improved. By writing down a specification, you will also spot inconsistencies and gray areas that are impossible to see in code.
My advice when writing protocol specs is to learn and use a formal grammar. It's just less hassle than allowing others to interpret what you mean, and then recover from the inevitable false assumptions. The target of your grammar is other people, engineers, not compilers.
Protocol designers who don't separate control from data tend to make horrid protocols, because the trade-offs in the two cases are almost totally opposed.
Use a profiler. There's simply no way to know what your code is doing until you've profiled it for function counts and for CPU cost per function. When you find your hot spots, fix them.
Eliminate memory allocations. The heap is very fast on a modern Linux kernel, but it's still the bottleneck in most naive codecs. [...] Use local variables (the stack) instead of the heap where you can.
Know your data. The best compression techniques require knowing about the data.
Do not invent concepts. The job of a designer is to remove problems, not add features.
A protocol has at least two levels:

How we represent individual messages on the wire.
How messages flow between peers, and the significance of each message.

The future is clearly wireless, and while many big businesses live by concentrating data in their clouds, the future doesn't look quite so centralized. The devices at the edges of our networks get smarter every year, not dumber.
A truly wireless world would bypass all central censorship. It's how the internet was designed, and it's quite feasible, technically (which is the best kind of feasible).
To understand how WiFi performs technically, you need to understand a basic law of physics: the power required to connect two points increases according to the square of the distance.
Mesh [networking] removes the access point completely, at least in the imaginary future where it exists and is widely used. Devices talk to each other directly, and maintain little routing tables of neighbors that let them forward packets.
Mesh will emerge and I'd bet on 802.11s being widely available in consumer electronics by 2020 or so.
Network discovery is finding our what other peers are on the network. Service discovery is learning what those peers can do for us.
The star topology is slowing dying and being replaced by clouds of clouds.
In a world of trillions of nodes, the ones you talk to most are the ones closest to you. This is how it works in the real world and it's the sanest way of scaling large-scale architectures.
One nice things about software is to brute-force your way through the learning experience. As long as we're happy to throw away work, we can learn rapidly simply by trying things that may seem insane from the safety of the armchair.
The proper use of assertions is one of the hallmarks of a professional programmer.
Our confirmation bias as creators makes it hard to test our work properly. We tend to write tests to prove the code works, rather than trying to prove it doesn't
To accept that we're fallible, and then to learn how to turn that into profit rather than shame is one of the hardest intellectual exercises in any profession. We leverage our fallibility by working with others and by challenging our own work sooner, not later.
Assertions are not a form of error handling. They are executable theories of fact. The code asserts, "At this point, such and such must be true" and if the assertion fails, the code kills itself.
The faster you can prove code incorrect, the faster and more accurately you can fix it.
Being able to fully test the real behavior of individual components in the laboratory can make a 10x or 100x difference to the cost of your project. That confirmation bias engineers have to their own work makes up-front testing incredibly profitable, and late-stage testing incredibly expensive.
Lesson is, test upfront so that when you plug the thing in, you know precisely how it's going to behave. If you haven't tested it upfront, you're going to be spending weeks and months in the field ironing out problems that should never have been there.
Brutal is good because it forces the design to a "good" or "bad" decision rather than a fuzzy "should work but to be honest there are a lot of edge cases so let's worry about it later".

20171229

THE MEDITATIONS OF MARCUS AURELIUS by Marcus Aurelius

To read carefully, and not to be satisfied with a superficial understanding of a book;
Begin the morning by saying to thyself, I shall meet with the busy-body, the ungrateful, arrogant, deceitful, envious, unsocial. All these things happen to them by reason of their ignorance of what is good and evil.
Every moment think steadily as a Roman and a man to do what thou hast in hand with perfect and simple dignity, and feeling of affection, and freedom, and justice; and to give thyself relief from all other thoughts.
Since it is possible that thou mayest depart from life this very moment, regulate every act and thought accordingly.
For the present is the only thing of which a man can be deprived, if it is true that this is the only thing which he has, and that a man cannot lose a thing if he has it not.
A man then must stand erect, not be kept erect by others.
Let no act be done without a purpose, nor otherwise than according to the perfect principles of art.
Do not act as if thou wert going to live ten thousand years. Death hangs over thee. While thou livest, while it is in thy power, be good.
For the greatest part of what we say and do being unnecessary, if a man takes this away, he will have more leisure and less uneasiness. Accordingly on every occasion a man should ask himself, Is this one of the unnecessary things? Now a man should take away not only unnecessary acts, but also, unnecessary thoughts, for thus superfluous acts will not follow after.
To conclude, always observe how ephemeral and worthless human things are, and what was yesterday a little mucus to-morrow will be a mummy or ashes. Pass then through this little space of time conformably to nature, and end thy journey in content, just as an olive falls off when it is ripe, blessing nature who produced it, and thanking the tree on which it grew.
Remember too on every occasion which leads thee to vexation to apply this principle: not that this is a misfortune, but that to bear it nobly is good fortune.
To seek what is impossible is madness: and it is impossible that the bad should not do something of this kind.
Often think of the rapidity with which things pass by and disappear, both the things which are and the things which are produced.
When thou hast been compelled by circumstances to be disturbed in a manner, quickly return to thyself and do not continue out of tune longer than the compulsion lasts; for thou wilt have more mastery over the harmony by continually recurring to it.
If a thing is difficult to be accomplished by thyself, do not think that it is impossible for man: but if anything is possible for man and conformable to his nature, think that this can be attained by thyself too.
All things are little, changeable, perishable.
He who loves fame considers another man’s activity to be his own good; and he who loves pleasure, his own sensations; but he who has understanding, considers his own acts to be his own good.
every man is worth just so much as the things are worth about which he busies himself.
Be not ashamed to be helped; for it is thy business to do thy duty like a soldier in the assault on a town. How then, if being lame thou canst not mount up on the battlements alone, but with the help of another it is possible?
Everything material soon disappears in the substance of the whole; and everything formal (causal) is very soon taken back into the universal reason; and the memory of everything is very soon overwhelmed in time.
Adorn thyself with simplicity and modesty and with indifference towards the things which lie between virtue and vice. Love mankind. Follow God. The poet says that Law rules all.—And it is enough to remember that Law rules all.
Everywhere and at all times it is in thy power piously to acquiesce in thy present condition, and to behave justly to those who are about thee, and to exert thy skill upon thy present thoughts, that nothing shall steal into them without being well examined.
Only attend to thyself, and resolve to be a good man in every act which thou doest: and remember. . . Look within. Within is the fountain of good, and it will ever bubble up, if thou wilt ever dig.
It is very possible to be a divine man and to be recognised as such by no one. Always bear this in mind; and another thing too, that very little indeed is necessary for living a happy life.
The perfection of moral character consists in this, in passing every day as the last, and in being neither violently excited nor torpid nor playing the hypocrite.
Attend to the matter which is before thee, whether it is an opinion or an act or a word.
Receive wealth or prosperity without arrogance; and be ready to let it go.
Neither in thy actions be sluggish nor in thy conversation without method, nor wandering in thy thoughts, nor let there be in thy soul inward contention nor external effusion, nor in life be so busy as to have no leisure.
Enter into every man’s ruling faculty; and also let every other man enter into thine.
Wipe out imagination: check desire: extinguish appetite: keep the ruling faculty in its own power.
Labour not as one who is wretched, nor yet as one who would be pitied or admired: but direct thy will to one thing only, to put thyself in motion and to check thyself, as the social reason requires.
All things are the same, familiar in experience, and ephemeral in time, and worthless in the matter. Everything now is just as it was in the time of those whom we have buried.
Loss is nothing else than change.
He who follows reason in all things is both tranquil and active at the same time, and also cheerful and collected.
When thou art offended at any man’s fault, forthwith turn to thyself and reflect in what like manner thou dost err thyself;
There is no man so fortunate that there shall not be by him when he is dying some who are pleased with what is going to happen.
If all things are not mere atoms, it is nature which orders all things: if this is so, the inferior things exist for the sake of the superior, and these for the sake of one another.
If it is not right, do not do it: if it is not true, do not say it.
First, do nothing inconsiderately, nor without a purpose. Second, make thy acts refer to nothing else than to a social end.

20171228

THE HAPPINESS HYPOTHESIS by Jonathan Haidt

To summarize the idea that our emotions, our reactions to events, and some mental illnesses are caused by the mental filters through which we look at the world, I could not say it any more concisely than Shakespeare: “There is nothing either good or bad, but thinking makes it so.”
The mind is divided into parts that sometimes conflict. Like a rider on the back of an elephant, the conscious, reasoning part of the mind has only limited control of what the elephant does.
Reciprocity is the most important tool for getting along with people,
we are all, by nature, hypocrites, and this is why it is so hard for us to follow the Golden Rule faithfully.
Recent research shows that there are some things worth striving for; there are external conditions of life that can make you lastingly happier. One of these conditions is relatedness—the bonds we form, and need to form, with others.
Human thinking depends on metaphor. We understand new or complex things in relation to things we already know.
To understand most important ideas in psychology, you need to understand how the mind is divided into parts that sometimes conflict.
The brain started off with just three rooms, or clumps of neurons: a hindbrain (connected to the spinal column), a midbrain, and a forebrain (connected to the sensory organs at the front of the animal). Over time, as more complex bodies and behaviors evolved, the brain kept building out the front, away from the spinal column, expanding the forebrain more than any other part.
Controlled processing is limited—we can think consciously about one thing at a time only—but automatic processes run in parallel and can handle many tasks at once.
Controlled processing requires language. You can have bits and pieces of thought through images, but to plan something complex, to weigh the pros and cons of different paths, or to analyze the causes of past successes and failures, you need words.
One use of language is that it partially freed humans from “stimulus control.”
An emotionally intelligent person has a skilled rider who knows how to distract and coax the elephant without having to engage in a direct contest of wills.
Gut feelings, intuitions, and snap judgments happen constantly and automatically
Events in the world affect us only through our interpretations of them, so if we can control our interpretations, we can control our world.
When pop psychology programs are successful in helping people, which they sometimes are, they succeed not because of the initial moment of insight but because they find ways to alter people’s behavior over the following months.
The unsettling implication of Pelham’s work is that the three biggest decisions most of us make—what to do with our lives, where to live, and whom to marry—can all be influenced (even if only slightly) by something as trivial as the sound of a name.
For most people, the elephant sees too many things as bad and not enough as good.
Over and over again, psychologists find that the human mind reacts to bad things more quickly, strongly, and persistently than to equivalent good things.
We can’t just will ourselves to see everything as good because our minds are wired to find and react to threats, violations, and setbacks.
A person’s average or typical level of happiness is that person’s “affective style.” (“Affect” refers to the felt or experienced part of emotion.) Your affective style reflects the everyday balance of power between your approach system and your withdrawal system, and this balance can be read right from your forehead.
Suppose you read about a pill that you could take once a day to reduce anxiety and increase your contentment. Would you take it? Suppose further that the pill has a great variety of side effects, all of them good: increased self-esteem, empathy, and trust; it even improves memory. Suppose, finally, that the pill is all natural and costs nothing. Now would you take it? The pill exists. It is meditation.
There are many kinds of meditation, but they all have in common a conscious attempt to focus attention in a nonanalytical way.
Meditation done every day for several months can help you reduce substantially the frequency of fearful, negative, and grasping thoughts, thereby improving your affective style.
we often use reasoning not to find the truth but to invent arguments to support our deep and intuitive beliefs (residing in the elephant).
Depressed people are caught in a feedback loop in which distorted thoughts cause negative feelings, which then distort thinking further.
A big part of cognitive therapy is training clients to catch their thoughts, write them down, name the distortions, and then find alternative and more accurate ways of thinking.
Cognitive therapy works because it teaches the rider how to train the elephant rather than how to defeat it directly in an argument.
When cognitive therapy is done very well it is as effective as drugs such as Prozac for the treatment of depression,38 and its enormous advantage over Prozac is that when cognitive therapy stops, the benefits usually continue because the elephant has been retrained. Prozac, in contrast, works only for as long as you take it.
Our culture endorses both—relentless self-improvement as well as authenticity—but we often escape the contradiction by framing self-improvement as authenticity.
Once you know why change is so hard, you can drop the brute force method and take a more psychologically sophisticated approach to self-improvement.
Life itself is but what you deem it, and you can—through meditation, cognitive therapy, and Prozac—redeem yourself.
Reciprocity is a deep instinct; it is the basic currency of social life.
Tit for tat appears to be built into human nature as a set of moral emotions that make us want to return favor for favor, insult for insult, tooth for tooth, and eye for eye.
Gratitude and vengefulness are big steps on the road that led to human ultrasociality, and it’s important to realize that they are two sides of one coin. It would be hard to evolve one without the other. An individual who had gratitude without vengefulness would be an easy mark for exploitation, and a vengeful and ungrateful individual would quickly alienate all potential cooperative partners.
Robin Dunbar has demonstrated that within a given group of vertebrate species—primates, carnivores, ungulates, birds, reptiles, or fish—the logarithm of the brain size is almost perfectly proportional to the logarithm of the social group size. In other words, all over the animal kingdom, brains grow to manage larger and larger groups. Social animals are smart animals.
Human beings ought to live in groups of around 150 people, judging from the logarithm of our brain size; and sure enough, studies of hunter-gatherer groups, military units, and city dwellers’ address books suggest that 100 to 150 is the “natural” group size within which people can know just about everyone directly, by name and face, and know how each person is related to everybody else.
Language allows small groups of people to bond quickly and to learn from each other about the bonds of others.
Gossip elicits gossip, and it enables us to keep track of everyone’s reputation without having to witness their good and bad deeds personally. Gossip creates a non-zero-sum game because it costs us nothing to give each other information, yet we both benefit by receiving information.
When people pass along high-quality (“juicy”) gossip, they feel more powerful, they have a better shared sense of what is right and what’s wrong, and they feel more closely connected to their gossip partners.
Many species reciprocate, but only humans gossip, and much of what we gossip about is the value of other people as partners for reciprocal relationships.
People who want something from us try to give us something first,
Reciprocity works just as well for bargaining.
Concession leads to concession. In financial bargaining, too, people who stake out an extreme first position and then move toward the middle end up doing better than those who state a more reasonable first position and then hold fast.27 And the extreme offer followed by concession doesn’t just get you a better price, it gets you a happier partner (or victim): She is more likely to honor the agreement because she feels that she had more influence on the outcome. The very process of give and take creates a feeling of partnership, even in the person being taken.
relationships grow best by balanced give and take, especially of gifts, favors, attention, and self-disclosure.
Reciprocity is an all-purpose relationship tonic. Used properly, it strengthens, lengthens, and rejuvenates social ties.
Mimicry is a kind of social glue, a way of saying “We are one.” The unifying pleasures of mimicry are particularly clear in synchronized activities, such as line dances, group cheers, and some religious rituals, in which people try to do the same thing at the same time.
A theme of the rest of this book is that humans are partially hive creatures, like bees, yet in the modern world we spend nearly all our time outside of the hive.
Reciprocity, like love, reconnects us with others.
Scandal is great entertainment because it allows people to feel contempt, a moral emotion that gives feelings of moral superiority while asking nothing in return.
One of the most universal pieces of advice from across cultures and eras is that we are all hypocrites, and in our condemnation of others’ hypocrisy we only compound our own.
In real life, however, you don’t react to what someone did; you react only to what you think she did, and the gap between action and perception is bridged by the art of impression management.
Thus Niccolo Machiavelli, whose name has become synonymous with the cunning and amoral use of power, wrote five hundred years ago that “the great majority of mankind are satisfied with appearances, as though they were realities, and are often more influenced by the things that seem than by those that are.”
The simplest way to cultivate a reputation for being fair is to really be fair, but life and psychology experiments sometimes force us to choose between appearance and reality.
From the person who cuts you off on the highway all the way to the Nazis who ran the concentration camps, most people think they are good people and that their actions are motivated by good reasons.
To be a good lawyer, it often helps to be a good liar.
When people are given difficult questions to think about—for example, whether the minimum wage should be raised—they generally lean one way or the other right away, and then put a call in to reasoning to see whether support for that position is forthcoming.
Most people gave no real evidence for their positions, and most made no effort to look for evidence opposing their initial positions.
David Perkins, a Harvard psychologist who has devoted his career to improving reasoning, found the same thing. He says that thinking generally uses the “makessense” stopping rule. We take a position, look for evidence that supports it, and if we find some evidence—enough so that our position “makes sense”—we stop thinking.
Over and over again, studies show that people set out on a cognitive mission to bring back reasons to support their preferred belief or action. And because we are usually successful in this mission, we end up with the illusion of objectivity. We really believe that our position is rationally and objectively justified.
We judge others by their behavior, but we think we have special information about ourselves—we know what we are “really like” inside, so we can easily find ways to explain away our selfish acts and cling to the illusion that we are better than others.
For many traits, such as leadership, there are so many ways to define it that one is free to pick the criterion that will most flatter oneself.
Whenever people form cooperative groups, which are usually of mutual benefit, self-serving biases threaten to fill group members with mutual resentment.
Each of us thinks we see the world directly, as it really is. We further believe that the facts as we see them are there for all to see, therefore others should agree with us. If they don’t agree, it follows either that they have not yet been exposed to the relevant facts or else that they are blinded by their interests and ideologies.
It just seems plain as day, to the naive realist, that everyone is influenced by ideology and self-interest. Except for me. I see things as they are.
Good and evil do not exist outside of our beliefs about them.
When taking the perpetrator’s perspective, he found that people who do things we see as evil, from spousal abuse all the way to genocide, rarely think they are doing anything wrong. They almost always see themselves as responding to attacks and provocations in ways that are justified. They often think that they themselves are victims.
People usually have reasons for committing violence, and those reasons usually involve retaliation for a perceived injustice, or self-defense. This does not mean that both sides are equally to blame: Perpetrators often grossly overreact and misinterpret (using self-serving biases).
The myth of pure evil is the ultimate self-serving bias, the ultimate form of naive realism. And it is the ultimate cause of most long-running cycles of violence because both sides use it to lock themselves into a Manichaean struggle.
The two biggest causes of evil are two that we think are good, and that we try to encourage in our children: high self-esteem and moral idealism.
Having high self-esteem doesn’t directly cause violence, but when someone’s high esteem is unrealistic or narcissistic, it is easily threatened by reality; in reaction to those threats, people—particularly young men—often lash out violently.
Threatened self-esteem accounts for a large portion of violence at the individual level, but to really get a mass atrocity going you need idealism—the belief that your violence is a means to a moral end.
The major atrocities of the twentieth century were carried out largely either by men who thought they were creating a utopia or else by men who believed they were defending their homeland or tribe from attack.
Idealism easily becomes dangerous because it brings with it, almost inevitably, the belief that the ends justify the means.
If you are fighting for good or for God, what matters is the outcome, not the path.
People have little respect for rules; we respect the moral principles that underlie most rules. But when a moral mission and legal rules are incompatible, we usually care more about the mission.
That is, the world we live in is not really one made of rocks, trees, and physical objects; it is a world of insults, opportunities, status symbols, betrayals, saints, and sinners. All of these are human creations which, though real in their own way, are not real in the way that rocks and trees are real.
Judgmentalism is indeed a disease of the mind: it leads to anger, torment, and conflict. But it is also the mind’s normal condition—the elephant is always evaluating, always saying “Like it” or “Don’t like it.”
Meditation has been shown to make people calmer, less reactive to the ups and downs and petty provocations of life. Meditation is the Eastern way of training yourself to take things philosophically.
Finding fault with yourself is also the key to overcoming the hypocrisy and judgmentalism that damage so many valuable relationships. The instant you see some contribution you made to a conflict, your anger softens—maybe just a bit, but enough that you might be able to acknowledge some merit on the other side.
Happiness can only be found within, by breaking attachments to external things and cultivating an attitude of acceptance.
Some things are worth striving for, and happiness comes in part from outside of yourself, if you know where to look.
The pleasure of getting what you want is often fleeting.
People win at the game of life by achieving high status and a good reputation, cultivating friendships, finding the best mate(s), accumulating resources, and rearing their children to be successful at the same game.
Set for yourself any goal you want. Most of the pleasure will be had along the way, with every step that takes you closer. The final moment of success is often no more thrilling than the relief of taking off a heavy backpack at the end of a long hike.
Pleasure comes more from making progress toward goals than from achieving them.
Many people think they would rather be dead than paraplegic. But they are mistaken.
We are bad at “affective forecasting,” 5 that is, predicting how we’ll feel in the future. We grossly overestimate the intensity and the duration of our emotional reactions.
The human mind is extraordinarily sensitive to changes in conditions, but not so sensitive to absolute levels.
People’s judgments about their present state are based on whether it is better or worse than the state to which they have become accustomed.
Good fortune or bad, you will always return to your happiness setpoint—your brain’s default level of happiness—which was determined largely by your genes.
Always wanting more than we have, we run and run and run, like hamsters on a wheel.
The second biggest finding in happiness research, after the strong influence of genes upon a person’s average level of happiness, is that most environmental and demographic factors influence happiness very little.
A good marriage is one of the life-factors most strongly and consistently associated with happiness.
People who worry every day about paying for food and shelter report significantly less well-being than those who don’t. But once you are freed from basic needs and have entered the middle class, the relationship between wealth and happiness becomes smaller.
Wealth itself has only a small direct effect on happiness because it so effectively speeds up the hedonic treadmill.
Voluntary activities, therefore, offer much greater promise for increasing happiness while avoiding adaptation effects.
The level of happiness that you actually experience (H) is determined by your biological set point (S) plus the conditions of your life (C) plus the voluntary activities (V) you do.
It turns out that there really are some external conditions (C) that matter. There are some changes you can make in your life that are not fully subject to the adaptation principle, and that might make you lastingly happier. It may be worth striving to achieve them.
Noise, especially noise that is variable or intermittent, interferes with concentration and increases stress. It’s worth striving to remove sources of noise in your life.
It’s worth striving to improve your commute.
Overall, attractive people are not happier than unattractive ones. Yet, surprisingly, some improvements in a person’s appearance do lead to lasting increases in happiness.
The condition that is usually said to trump all others in importance is the strength and number of a person’s relationships.
Good relationships make people happy, and happy people enjoy more and better relationships than unhappy people.
You never adapt to interpersonal conflict; it damages every day, even days when you don’t see the other person but ruminate about the conflict nonetheless.
Chasing after wealth and prestige, for example, will usually backfire. People who report the greatest interest in attaining money, fame, or beauty are consistently found to be less happy, and even less healthy, than those who pursue less materialistic goals.
The keys to flow: There’s a clear challenge that fully engages your attention; you have the skills to meet the challenge; and you get immediate feedback about how you are doing at each step (the progress principle).
Pleasures should be both savored and varied.
Variety is the spice of life because it is the natural enemy of adaptation.
One reason for the widespread philosophical wariness of sensual pleasure is that it gives no lasting benefit. Pleasure feels good in the moment, but sensual memories fade quickly, and the person is no wiser or stronger afterwards. Even worse, pleasure beckons people back for more, away from activities that might be better for them in the long run.
Choose your own gratifying activities, do them regularly (but not to the point of tedium), and raise your overall level of happiness.
Americans in particular spend almost everything they have—and sometimes more—on goods for present consumption, often paying a large premium for designer names and superfluous features.
Conspicuous consumption refers to things that are visible to others and that are taken as markers of a person’s relative success. These goods are subject to a kind of arms race, where their value comes not so much from their objective properties as from the statement they make about their owner.
Conspicuous consumption is a zero-sum game: Each person’s move up devalues the possessions of others.
Inconspicuous consumption, on the other hand, refers to goods and activities that are valued for themselves, that are usually consumed more privately, and that are not bought for the purpose of achieving status.
Most activities that cost more than a hundred dollars are things we do with other people, but expensive material possessions are often purchased in part to impress other people. Activities connect us to others; objects often separate us.
Stop wasting your money on conspicuous consumption. As a first step, work less, earn less, accumulate less, and “consume” more family time, vacations, and other enjoyable activities.
The pursuit of luxury goods is a happiness trap; it is a dead end that people race toward in the mistaken belief that it will make them happy.
The more choices there are, the more you expect to find a perfect fit; yet, at the same time, the larger the array, the less likely it becomes that you picked the best item.
We value choice and put ourselves in situations of choice, even though choice often undercuts our happiness.
Maximizers end up making slightly better decisions than satisficers, on average (all that worry and information-gathering does help), but they are less happy with their decisions, and they are more inclined to depression and anxiety.
Paradoxically, maximizers get less pleasure per dollar they spend.
Modern life is full of traps. Some of these traps are set by marketers and advertisers who know just what the elephant wants—and it isn’t happiness.
People living in wealthy democracies can set long-term goals and expect to meet them. We are immunized against disease, sheltered from storms, and insured against fire, theft, and collision.
Yes, attachments bring pain, but they also bring our greatest joys, and there is value in the very variation that the philosophers are trying to avoid.
Happiness comes from within, and happiness comes from without.
When children are separated from their attachment figures for a long time, as in a hospital stay, they quickly descend into passivity and despair.
For adults, the biggest rush of oxytocin—other than giving birth and nursing—comes from sex.
Sexual activity, especially if it includes cuddling, extended touching, and orgasm, turns on many of the same circuits that are used to bond infants and parents.
Humans are the only creatures on Earth whose young are utterly helpless for years, and heavily dependent on adult care for more than a decade.
Passionate love is the love you fall into.
Companionate love grows slowly over the years as lovers apply their attachment and caregiving systems to each other, and as they begin to rely upon, care for, and trust each other.
Passionate love does not turn into companionate love. Passionate love and companionate love are two separate processes, and they have different time courses. Their diverging paths produce two danger points, two places where many people make grave mistakes.
Passionate love ignites, it burns, and it can reach its maximum temperature within days. During its weeks or months of madness, lovers can’t help but think about marriage, and often they talk about it, too.
Nobody can think straight when high on passionate love.
True love exists, I believe, but it is not—cannot be—passion that lasts forever. True love, the love that undergirds strong marriages, is simply strong companionate love, with some added passion, between two people who are firmly committed to each other.
The psychological origins of love are in attachment to parents and sexual partners. We do not attach to ourselves; we do not seek security and fulfillment in ourselves.
passionate love is notorious for making people illogical and irrational, and Western philosophers have long thought that morality is grounded in rationality.
Love is a kind of insanity, and many people have, while crazed with passion, ruined their lives and those of others.
Human beings all know that they are going to die, and so human cultures go to great lengths to construct systems of meaning that dignify life and convince people that their lives have more meaning than those of the animals that die all around them.
Having strong social relationships strengthens the immune system, extends life (more than does quitting smoking), speeds recovery from surgery, and reduces the risks of depression and anxiety disorders.
Most psychopaths are not violent (although most serial murderers and serial rapists are psychopaths). They are people, mostly men, who have no moral emotions, no attachment systems, and no concerns for others. Because they feel no shame, embarrassment, or guilt, they find it easy to manipulate people into giving them money, sex, and trust.
Researchers have studied how people cope with the loss of their strongest attachments: children, spouses or partners, and parents. This large body of research shows that although traumas, crises, and tragedies come in a thousand forms, people benefit from them in three primary ways—the same ones that Greg talked about.
The first benefit is that rising to a challenge reveals your hidden abilities, and seeing these abilities changes your self-concept. None of us knows what we are really capable of enduring.
The second class of benefit concerns relationships. Adversity is a filter.
But adversity doesn’t just separate the fair-weather friends from the true; it strengthens relationships and it opens people’s hearts to one another.
We often develop love for those we care for, and we usually feel love and gratitude toward those who cared for us in a time of need.
Trauma changes priorities and philosophies toward the present (“Live each day to the fullest”) and toward other people.
The adversity hypothesis has a weak and a strong version. In the weak version, adversity can lead to growth, strength, joy, and self-improvement, by the three mechanisms of posttraumatic growth described above.
The strong version of the hypothesis is more unsettling: It states that people must endure adversity to grow, and that the highest levels of growth and development are only open to those who have faced and overcome great adversity.
Human beings in every culture are fascinated by stories; we create them wherever we can.
Although the lowest level of personality is mostly about the elephant, the life story is written primarily by the rider. You create your story in consciousness as you interpret your own behavior, and as you listen to other people’s thoughts about you.
Although it is generally good for you to pursue goals, not all goals are equal.
Because human beings were shaped by evolutionary processes to pursue success, not happiness, people enthusiastically pursue goals that will help them win prestige in zero-sum competitions. Success in these competitions feels good but gives no lasting pleasure, and it raises the bar for future success.
Trauma often shatters belief systems and robs people of their sense of meaning.
When bad things happen to good people, we have a problem. We know consciously that life is unfair, but unconsciously we see the world through the lens of reciprocity.
Optimists are, for the most part, people who won the cortical lottery: They have a high happiness setpoint, they habitually look on the bright side, and they easily find silver linings.
When a crisis strikes, people cope in three primary ways: active coping (taking direct action to fix the problem), reappraisal (doing the work within—getting one’s own thoughts right and looking for silver linings), and avoidance coping (working to blunt one’s emotional reactions by denying or avoiding the events, or by drinking, drugs, and other distractions).
Major adversity is unlikely to have many—or perhaps any—beneficial effects for children.
Children should be protected, but not spoiled.
Events do not have meaning in themselves. Those meanings are derived from the interactions between people, groups, and the experience itself.
But a common piece of worldly wisdom is that life’s most important lessons cannot be taught directly.
Knowledge comes in two major forms: explicit and tacit.
Explicit knowledge is all the facts you know and can consciously report, independent of context.
But wisdom is based—according to Robert Sternberg, a leading wisdom researcher—on “tacit knowledge.” Tacit knowledge is procedural (it’s “knowing how” rather than “knowing that”), it is acquired without direct help from others, and it is related to goals that a person values.
wise people are able to balance their own needs, the needs of others, and the needs of people or things beyond the immediate interaction
Ignorant people see everything in black and white—they rely heavily on the myth of pure evil—and they are strongly influenced by their own self-interest.
The wise are able to see things from others’ points of view, appreciate shades of gray, and then choose or advise a course of action that works out best for everyone in the long run.
wise people are able to balance three responses to situations: adaptation (changing the self to fit the environment), shaping (changing the environment), and selection (choosing to move to a new environment).
Shelter your children when young, but if the sheltering goes on through the child’s teens and twenties, it may keep out wisdom and growth as well as pain.
Ideas have pedigrees, ideas have baggage.
Every culture is concerned about the moral development of its children, and in every culture that left us more than a few pages of writing, we find texts that reveal its approach to morality.
these ancient texts rely heavily on maxims and role models rather than proofs and logic. Maxims are carefully phrased to produce a flash of insight and approval. Role models are presented to elicit admiration and awe.
A third feature of many ancient texts is that they emphasize practice and habit rather than factual knowledge.
They all knew that training takes daily practice and a great deal of repetition.
Moral education must also impart tacit knowledge—skills of social perception and social emotion so finely tuned that one automatically feels the right thing in each situation, knows the right thing to do, and then wants to do it. Morality, for the ancients, was a kind of practical wisdom.
There is no morality in nature; there is only causality.
Trying to make children behave ethically by teaching them to reason well is like trying to make a dog happy by wagging its tail. It gets causality backwards.
Cultures that have shared values and rich traditions invariably generate a framework in which people can value and evaluate each other.
Most people believe their actions are morally justified.
Our life is the creation of our minds, and we do much of that creating with metaphor. We see new things in terms of things we already understand: Life is a journey, an argument is a war, the mind is a rider on an elephant. With the wrong metaphor we are deluded; with no metaphor we are blind.
In all human cultures, the social world has two clear dimensions: a horizontal dimension of closeness or liking, and a vertical one of hierarchy or status.
My claim is that the human mind perceives a third dimension, a specifically moral dimension that I will call “divinity.” In choosing the label “divinity,” I am not assuming that God exists and is there to be perceived. (I myself am a Jewish atheist.) Rather, my research on the moral emotions has led me to conclude that the human mind simply does perceive divinity and sacredness, whether or not God exists.
Disgust has its evolutionary origins in helping people decide what to eat.
The overwhelming evidence is that we are animals, and so a culture that rejects our animality must go to great lengths to hide the evidence.
Disgust is the guardian of the temple of the body.
If the human body is a temple that sometimes gets dirty, it makes sense that “cleanliness is next to Godliness.”
For many people, one of the pleasures of going to church is the experience of collective elevation.
Something about the vastness and beauty of nature makes the self feel small and insignificant, and anything that shrinks the self creates an opportunity for spiritual experience.
Drugs that create an altered mental state have an obvious usefulness in marking off sacred experiences from profane, and therefore many drugs, including alcohol and marijuana, play a role in religious rites in some cultures. But there is something special about the phenethylamines—the drug class that includes LSD and psilocybin. Drugs in this class, whether naturally occurring (as in psilocybin, mescaline, or yage) or synthesized by a chemist (LSD, ecstasy, DMT) are unmatched in their ability to induce massive alterations of perception and emotion that sometimes feel, even to secular users, like contact with divinity, and that cause people to feel afterwards that they’ve been transformed.
Awe is the emotion of self-transcendence.
Religious experiences are real and common, whether or not God exists, and these experiences often make people feel whole and at peace.
The self is one of the great paradoxes of human evolution. Like the fire stolen by Prometheus, it made us powerful but exacted a cost.
Only a few other primates (and perhaps dolphins) can even learn that the image in a mirror belongs to them.
Only a creature with language ability has the mental apparatus to focus attention on the self, to think about the self’s invisible attributes and long term goals, to create a narrative about that self, and then to react emotionally to thoughts about that narrative.
The self is the main obstacle to spiritual advancement, in three ways.
First, the constant stream of trivial concerns and egocentric thoughts keeps people locked in the material and profane world, unable to perceive sacredness and divinity.
Second, spiritual transformation is essentially the transformation of the self, weakening it, pruning it back—in some sense, killing it—and often the self objects.
And third, following a spiritual path is invariably hard work, requiring years of meditation, prayer, self-control, and sometimes self-denial. The self does not like to be denied, and it is adept at finding reasons to bend the rules or cheat.
Many of the key battles in the American culture war are essentially about whether some aspect of life should be structured by the ethic of autonomy or by the ethic of divinity.
Because the culture war is ideological, both sides use the myth of pure evil. To acknowledge that the other side might be right about anything is an act of treason.
Proverbs, sayings, and words of wisdom dignify events, so we often use them to mark important transitions in life.
But people are not computers, and they usually recover on their own from almost anything that happens to them. I think a better metaphor is that people are like plants.
No man, woman, or child is an island. We are ultrasocial creatures, and we can’t be happy without having friends and secure attachments to other people.
the overwhelming evidence that people and many other mammals have a basic drive to make things happen.
Effectance is almost as basic a need as food and water, yet it is not a deficit need, like hunger, that is satisfied and then disappears for a few hours.
The effectance motive helps explain the progress principle: We get more pleasure from making progress toward our goals than we do from achieving them because, as Shakespeare said, “Joy’s soul lies in the doing.”
More recent research finds that most people approach their work in one of three ways: as a job, a career, or a calling.
you see your work as a job, you do it only for the money, you look at the clock frequently while dreaming about the weekend ahead, and you probably pursue hobbies, which satisfy your effectance needs more thoroughly than does your work.
If you see your work as a career, you have larger goals of advancement, promotion, and prestige. The pursuit of these goals often energizes you, and you sometimes take work home with you because you want to get the job done properly. Yet, at times, you wonder why you work so hard. You might occasionally see your work as a rat race where people are competing for the sake of competing.
If you see your work as a calling, however, you find your work intrinsically fulfilling—you are not doing it to achieve something else. You see your work as contributing to the greater good or as playing a role in some larger enterprise the worth of which seems obvious to you. You have frequent experiences of flow during the work day, and you neither look forward to “quitting time” nor feel the desire to shout, “Thank God it’s Friday!” You would continue to work, perhaps even without pay, if you suddenly became very wealthy.
The optimistic conclusion coming out of research in positive psychology is that most people can get more satisfaction from their work. The first step is to know your strengths. Take the strengths test and then choose work that allows you to use your strengths every day, thereby giving yourself at least scattered moments of flow. If you are stuck in a job that doesn’t match your strengths, recast and reframe your job so that it does.
Work at its best, then, is about connection, engagement, and commitment. As the poet Kahlil Gibran said, “Work is love made visible.”
Love and work are crucial for human happiness because, when done well, they draw us out of ourselves and into connection with people and projects beyond ourselves. Happiness comes from getting these connections right.
Getting the right relationship between you and your work is not entirely up to you. Some occupations come ready-made for vital engagement; others make it difficult.
When doing good (doing high-quality work that produces something of use to others) matches up with doing well (achieving wealth and professional advancement), a field is healthy.
The word “coherence” literally means holding or sticking together, but it is usually used to refer to a system, an idea, or a worldview whose parts fit together in a consistent and efficient way. Coherent things work well: A coherent worldview can explain almost anything, while an incoherent worldview is hobbled by internal contradictions. A coherent profession, such as genetics, can get on with the business of genetics, while an incoherent profession, like journalism, spends a lot of time on self-analysis and self-criticism.
People are multilevel systems in another way: We are physical objects (bodies and brains) from which minds somehow emerge; and from our minds, somehow societies and cultures form. To understand ourselves fully we must study all three levels—physical, psychological, and sociocultural.
Here is one of the most profound ideas to come from the ongoing synthesis: People gain a sense of meaning when their lives cohere across the three levels of their existence.
Morality and religion both occur in some form in all human cultures and are almost always both intertwined with the values, identity, and daily life of the culture. Anyone who wants a full, cross-level account of human nature, and of how human beings find purpose and meaning in their lives, must make that account cohere with what is known about morality and religion.
All human beings today are the products of the co-evolution of a set of genes (which is almost identical across cultures) and a set of cultural elements (which is diverse across cultures, but still constrained by the capacities and predispositions of the human mind).
Human nature is a complex mix of preparations for extreme selfishness and extreme altruism. Which side of our nature we express depends on culture and context.
There is indeed something larger than the self, able to provide people with a sense of purpose they think worth dying for: the group. (Of course, one group’s noble purpose is sometimes another group’s pure evil.)
We were shaped by individual selection to be selfish creatures who struggle for resources, pleasure, and prestige, and we were shaped by group selection to be hive creatures who long to lose ourselves in something larger.
We are social creatures who need love and attachments, and we are industrious creatures with needs for effectance, able to enter a state of vital engagement with our work.
Happiness is not something that you can find, acquire, or achieve directly. You have to get the conditions right and then wait. Some of those conditions are within you, such as coherence among the parts and levels of your personality. Other conditions require relationships to things beyond you: Just as plants need sun, water, and good soil to thrive, people need love, work, and a connection to something larger.
The East stresses acceptance and collectivism; the West encourages striving and individualism. But as we’ve seen, both perspectives are valuable.
Happiness requires changing yourself and changing your world. It requires pursuing your own goals and fitting in with others. Different people at different times in their lives will benefit from drawing more heavily on one approach or the other.

Pages

20171231

Low Tech Hacking by Jack Wiles

20171230

ZeroMQ The Guide by Pieter Hintjens

20171229

THE MEDITATIONS OF MARCUS AURELIUS by Marcus Aurelius

20171228

THE HAPPINESS HYPOTHESIS by Jonathan Haidt