My 2018 Berkeley I School Commencement Address


I was honored to give the 2018 commencement address at the UC Berkeley School of Information -- my alma mater -- ten years after I graduated with my PhD. The department has grown substantially, and in addition to the MIMS and PhD degree programs, it now includes a very cool data science program that attracts smart folks ? for example, the data science capstone project award went to a team that used natural language processing to enter doctor's notes into the correct part of an electronic health record, saving the physician time and allowing them to better focus on the patient. Getting a data science degree is like renovating a kitchen or bathroom; it's never not a bad choice in terms of marketability and gaining the skills needed to really kick the shit out of data in various ways.

Here are the remarks I delivered:

Thank you Dean Saxenian, members of the I School faculty, the I School class of 2018 and our guests. I'm honored to be speaking to you all today, and so happy to see my alma mater as such a rich and vibrant school of information. All of you graduating today have just completed degree programs that you should be very proud of. Take a moment to reflect on the things you know that you did not before, the relationships you have that you didn't before, and yes this dang piece of paper we're about to confer on you. I know it can seem like a slog, and to those of you in the audience that aren't done yet: stick in there, like any long journey, it gets better.

I'm going to start with a quick apology: many of our guests in the audience ? family and friends ? will have a hard time understanding some of what I talk about over the next few minutes. This is a problem you all face quite often: it's so easy for those of us steeped in information science and technology studies to breathlessly geek out... So much so that those around us may think we're speaking in code or a foreign language. For example, don't get mad if we say something like: "You'd better HTTPS that thing lest adversarial ML inputs corrupt your Blockchain commits and fundamentally undermine your UX way before we all have to worry about post-quantum resistance of assymetric crypto primitives or even a sudden cryptapocalypse." So please accept my apologies for geeking out for a bit; come find us later and we'd be happy to explain.

I graduated ten years ago, almost exactly to the day... Actually, one week shy of ten years ago, on May 17, 2008. (I actually got my lollipop later that summer.) My thesis involved hacking voting machines, more about that later.

So much has happened in the last ten years! The United States went into and emerged from a recession and housing crisis. We elected our first black president... and we elected our first orange president.

On a personal note, something that shaped me, quite literally, is that I've been hit by cars twice in the past ten years. I don't recommend that at all. There are other ways to learn that US health insurance is awful and that physical therapists and nurses are angels. You may look pretty cool in all black, but ask yourself how many people show up to the afterlife decked out in reflective gear? So, maybe stay away from involuntary body modification.

After I graduated in 2008, I did a postdoc jointly with Deirdre and Ed Felten at Berkeley and Princeton, and then Helen Nissenbaum at NYU. But, I became frustrated by the academic job market; I wanted to help people, plain and simple. I enjoy research and especially teaching, and I hope to get back to that some day. But, it made much more sense for me to to join civil society ? rather than industry or academia ? and try and affect the world through tech policy.

This is all to say, that somewhere in this process I found my calling, my avocation, so to speak, something that drives you beyond a mere career or occupation. I urge each of you to keep your eyes peeled and ears open for when this might happen to you. It can be as subtle as (figuratively) being hit in the face with a hammer, as it was in my case, but we become remarkably short-sighted as we grow old an get stuck in our ways.

To put it simply, I love translation, writ large. I enjoy facilitating understanding, taking something that is mysterious or magical ? in the Sagan sense ? and making it tractable for people regardless of their background. I mean really, compared to things like General Relativity, none of this tech crap is particularly complicated, and my own life goal is to build what I call "a tiny technologist" within as many people I can. That tiny technologist may grow in time such that we're all a bit more comfortable around evolving technical systems. And technical literacy will increasingly differentiate those that can do things well and quickly from those that end up spinning their wheels.

Yes, the world's changed quite a bit since the Spring of 2008. To put it in perspective, the iPhone had come out just one year before. It didn't have copy and paste! It didn't have GPS... It was still 2G. I had to jailbreak my first iPhone in order to take research video of election recounts in the field. The latest iPhone, in contrast ? the iPhone X ? is quite different, with a front-facing IR camera and IR emitter that paints a matrix of 30,000 dots on your face to both model and verify your facial shape. Moreover, where Apple is the shining example of a platform competing on privacy, a 3,000-dot subset of that facial data can be shared with advertisers and app developers... Why? So they can wrap your face around avatars in ads and customer interactions, and so video game characters can look like you, facial tics and all. People, deep fakes are going to be big. Really big, and not just for sexy stuff.

This is just to remind you that the technologies taking baby steps today will be way beyond what we can imagine in ten years. When one of you are up here speaking to the class of 2028, this is going to look like the stone age. Technologies that we'll marvel at in terms of how far they have come will include: autonomous vehicles, drone-based services, molecular printing, CRISPR gene-editing, artificial intelligence of all flavors, cryptocurrencies and anonymous transactions, brain-computer interfaces, and forms of what I call private computation (including differential privacy, homomorphic encryption, and secure multiparty computation).

Just think about brain-computing interfaces for a second; under what circumstances should a government be able to get access to data structures in your brain? Some of these innovations will protect us, and some may increasingly expose us, and I really hope reality isn't defined so much by who is first to market as it has been in the past... The worrying that start-ups do about shrinking runway is fundamentally about cutting corners, in my opinion. Many of you will make direct contributions to these developments.

What I want to end with is a discussion about black boxes. My PhD work was all about black boxes. As I mentioned earlier, my PhD involved hacking voting machines. You may have heard that's kind of a thing lately. Actually, that's not true, it wasn't about hacking voting equipment; it's just easier to say that rather than say that I studied mechanisms for imposing transparency on black box systems used for government functions. And these days I can point to the Volkswagen emissions scandal as a direct analogy. Recall Volkswagen vehicles were found to emit less under testing conditions, using what is called a defeat device, essentially a subsystem designed to allow the car to perform well and pollute more under normal driving conditions, but to reduce performance and emissions when it thought it was under an emissions test. Think about it: a company that claimed for many years to have remarkably low emissions was actually cooking the books! Why? because it's trivial for a vehicle to know when it's under testing conditions and emit less pollution, and that translates in to mucho dinero. It's hard to believe they didn't think they would get caught; after all, while those vehicles were good at cheating at emissions tests, it's also not hard to do performance evaluation, by strapping on exhaust sensors and driving around normally. But it's just an innovation away, so to speak, to add the cheating back. It's not hard to imagine a tail pipe sensor that modifies engine performance if it detects something clamped to the tail pipe or even slightly obstructing exhaust flow.

So I'll end with a plea: using black box systems to deceive, to hide important interactions, or to obfuscate I would argue is a poor use of the education you just worked so hard for! We spend so much effort making things seemlessly easy to use and abstracting away complexity, that we forget that the interaction with an interface or system is itself an opportunity to educate, inform, and enfranchise. In this 150th Anniversary year of UC Berkeley, please keep in mind the simple but powerful motto of the UC system, fiat lux, "let there be light" which is the exact opposite of black box thinking. Thank you for listening, and don't forget the School of Information in future giving and estate planning!

Some Thoughts on Demanding Passwords at Borders


A simple thought experiment exposes how unimaginably dumb a proposal to demand traveler/visitor social media usernames and passwords is: imagine if a country demanded President Trump's Twitter password as a condition of his crossing their border. It's ludicrous... there are few things more invasive then demanding control of another's identity.

This is completely outrageous, I didn't believe it when a reporter brought it to my attention, it's such a boneheaded idea; it will significantly undermine the safety and security of all social media users. Social media and tech companies would be apoplectic. Asking people that cross the border for their social media identifiers is one thing, and it's plenty invasive enough (CDT and many others argue this threatens privacy and free speech.)

Asking for passwords and other credentials is beyond the pale, akin to asking for a traveler's most intimate thoughts as a condition of travel (or they can opt not to use these services, which is increasingly not an option, especially for business employees who may maintain social media accounts that are not personal accounts).

With that kind of access, they can not only see what you've publicly posted, but things you haven't posted yet, private messages, private lists, they can impersonate you, even do these things on accident. This kind of access is profoundly invasive. We increasingly use social media identities for so much more than just sharing our thoughts; using federated authentication ("log in with your Facebook account!"), people may use their social media account to log into a health care portal, a financial or tax prep account, and many other services.

Moreover, most major social media services offer non-password methods of logging in, for example "two-factor authentication" where they send you a text message that you have to enter in addition to a password to login. What if you don't have access to that particular phone while traveling? If you do, do they get to search your phone to?

This is absolutely ridiculous... There's not even a 1:1 mapping of people to accounts! Many of us have quite a few accounts on the same service... Do I have to disclose them all? Just one? Which one?

There is no way this can stand.

Getting a Let's Encrypt certificate without root on a cPanel domain

system, hacks, open source, privacy

I'm a big fan of my friends and colleagues at Let's Encrypt, an effort to make it easier to encrypt the web by offering web encryption certificates for free, for ever.

At first, free Let's Encrypt (LE) certificates were not so easy to obtain... you had to be essentially a coder and administer your own server to get it all to work. Not so, anymore! Now the number of ACME clients (the underlying protocol that Let's Encrypt uses) has exploded.

So, while I am only a bit of a coder, I wanted to see if it could be possible for someone with minimal system administration skills to actually get an LE cert and install it. The answer is yes, it is relatively easy to do!

My task: I wanted to see if a non-root (non-adminstrative) owner of a website using the cPanel hosting software could get an LE cert. To follow this, you need to be reasonably familiar with the command-line, but not much else.

  1. You'll need to be able to login to the command line of your domain's server. Then, you'll want to make sure both openssl and python are installed (likely yes):

    % which openssl
    % openssl version
    OpenSSL 1.0.1e-fips 11 Feb 2013
    % which python
    % python --version
    Python 2.6.6

    (Pay attention to that Python version as it throws a wrinkle into this later.)

  2. We'll be using the acme-tiny python script from Daniel Roesler. You can follow those instructions, but I'll repeat them here. You'll need a private account key to identify yourself with LE (this generates a 4096-bit RSA key pair, account.key, that contains both the private and public keys). You'll also want a keypair for your domain (domain.key):

    openssl genrsa 4096 > account.key
    openssl genrsa 4096 > domain.key

    Be very careful with these files as they contain the private keys to the kindgom! You can extract the public key from the key pair by:

    openssl rsa -in account.key -pubout >

    While you can generate the keys on another system (like your laptop), you'll need to copy them over to your server and then run the rest of these commands on that server.

  3. You'll now need to create a certificate signing request (CSR) that asks LE to sign your public key.

    #for a single domain
    openssl req -new -sha256 -key domain.key -subj "/" > domain.csr
    #for multiple domains (use this one if you want both and
    openssl req -new -sha256 \
    -key domain.key \
    -subj "/" \
    -reqexts SAN \
    -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\,")) \
    > domain.csr

    (sorry, this gets cut off so copy and paste it into a text editor before doing anything with it.)

    And note that the line that reads cat /etc/ssl/openssl.cnf is specific to Debian flavors of linux. You'll need to change to something like the following depending on the system you're running:

    #change "/etc/ssl/openssl.cnf" as needed:
    #  Debian: /etc/ssl/openssl.cnf
    #  RHEL and CentOS: /etc/pki/tls/openssl.cnf
    #  Mac OSX: /System/Library/OpenSSL/openssl.cnf
  4. Now, you need to make a directory that your user account on the server can write to in a very specific place that ACME/LE expects it to be:

    mkdir -p /foo/www/.well-known/acme-challenge/

    Where /foo/www/ is the path on your server to your root web directory.

  5. Here's where the magic happens. You'll now want to use acme-tiny to send the CSR under your LE account key to the LE to do the challenge (prove that you're on the domain that you claim):

    #run the script on your server
    python --account-key ./account.key \
    --csr ./domain.csr \
    --acme-dir /foo/www/.well-known/acme-challenge/ \
    > ./signed.crt

    This will result in a file called signed.crt that is the LE-signed certificate for your domain!

    Note: if you are running Python earlier than 2.7 you don't have the argparse module. In that case, you'll want to add the directory you're in to the PYTHONPATH variable and then install argparse inside your account with:

    easy_install --install-dir=. argparse
  6. If you are running the nginx webserver, you'll need to add an intermediate certificate to your cert before you install it... but it doesn't hurt to just add the intermediate anyway:

    #NOTE: For nginx, you need to append the Let's Encrypt intermediate cert to your cert
    wget -O - > intermediate.pem
    cat signed.crt intermediate.pem > chained.pem

    Cool! The file chained.pem is the certificate you'll want to install in cPanel.

  7. Now you have an LE cert and a private key and you'll want to add both of these in cPanel and then install the certificate itself. To do this, log in to cPanel and navigate to the "Security" section and click "SSL/TLS". Click on "Private Keys" and then in "Upload a New Private Key" select the domain.key file you generated above and submit it. Return to SSL/TLS Manager.

  8. Now, click on "Certificates" and in the "Upload a New Certificate" section, select the chained.pem file you created above and submit it. Return to SSL/TLS manager.

  9. Finally, click on "Install and Manage SSL for your site (HTTPS)" and click "browse certificates" and install the one you just submitted above.

  10. You should be able to navigate to and click on the lock to verify that you are encrypted against an LE cert!

Is it hard to install PGP on a Mac?

hacks, open source, privacy, usability

So what if you don't want the NSA to see a particular file or email? If they're really wiretapping the whole goddamn internet, how can you keep secrets?

Well, you have to encrypt them. And the standard for strong encryption is PGP -- Pretty Good Privacy. PGP will lock up files and emails so that others cannot break into them.

I've heard people say recently that PGP is very hard to install, understand, and use ("Guardian reporter delayed e-mailing NSA source because crypto is a pain"). PGP -- or the open source equivalent GnuPG (Gnu Privacy Guard) -- is an encryption program, essentially like a mathematical lockbox for data and files... you can use it to encrypt files and emails in such a way that no one can get access to that information without compromising your laptop or desktop.

After hearing it was hard and having a bit of experience with it myself, I asked myself, "Just what does it take to install a working version of PGP from scratch and send email? How hard could it be?". I decided to try and see what the install process looks like installing from scratch.

(Now, of course, I'm on a Mac and will want to install a mac-specific version of it and I'll want it to work with Mac email programs like or Mozilla Thunderbird. (Sorry, Windows and Linux folks!))

It turns out it's pretty damn hard, in general... that is, if you want to do it right, in my opinion.

There are two options: a somewhat less difficult way and a hard way:

  • The more difficult way -- I describe below -- has the added benefit of being likely maintained indefinitely and being built (compiled) directly from the canonical (standard) source code for GPG.
  • The easier way uses -- what appears to be -- a very snazzy piece of software maintained by a small number of volunteers, GPG Tools. (I don't have anything against GPG Tools -- I use it myself for a number of things -- but I'm wary in crypto of using boutique tools not everyone else is using and relying on implementations that could disappear. I also prefer for this kind of security tool to build it from the source code that is being actively maintained and that everyone else is using.)

With that:

  1. If you don't share my concerns with the uniqueness and dependence of GPG Tools, I very much recommend you simply install it and follow their getting started guide. GPG Tools is open source and easily uninstalled, and I bet even PGP/GPG vets will find something to love with it's keychain manager and Services integration... and it even installs non-destructively over existing MacPorts and Fink GPG installs (more about what those are next).

    If you go this route, you'll still want to, at least, read the material I highlight in step 6 below; even with working encryption software, you will still need to know a bit about what encryption is and how to properly use it. Be sure to install it from the official location (check the SSL lock!) and check the SHA1 signature of the file (something like: shasum GPGTools-2013.5.20.dmg from the command-line).

  2. Ok, with that... if you want your own built-from-source version of GPG that can also be used to encrypt or sign email), here's how.

    First, I'm sorry to say but you'll need to become familiar with the basics of the Mac command-line used in This may sound onerous but it will only pay dividends in the future as you'll probably want to tinker more. Here is a good place to start: "An Intro to Mac OS X's Command Line Interface". Why do you need this familiarity? Because the open source, freely and generally available version of PGP -- GPG -- is best available to your system as a working command-line program, instead of the alternative of a more traditional Mac-like package (the approach of GPG Tools, discussed above).

  3. You'll need to install Xcode and the command line tools from Apple (The Command Line Tools can be downloaded from inside Xcode's Preferences or in a separate package). These tools provide all the computer programming tools a Mac developer needs to turn human-readable source code into executable computer programs.

  4. You should install a package manager like MacPorts or Fink. Both of these programs are sort of like "app stores" for uber-geeky programs: they allow you to download software -- such as GPG -- that you can install directly (or indirectly by compiling/building from source code). You interact with them via the command-line or via a GUI like Pallet (for MacPorts) or FinkCommander (for Fink). Most people I talk to seem to prefer MacPorts as it seems to be less complex but Fink is very well maintained and stable.

  5. After getting MacPorts or Fink installed and up and running, you should install gnupg. On MacPorts, you'd type the following at the command-line as an admin user:

    sudo port install gnupg

    with fink this is:

    sudo fink install gnupg

    It will do a bunch of downloading and then will either compile the software from source code or it will install a binary version of the software that someone else has already compiled.

  6. You now need to understand a bit of how encryption works. I'm not saying you'll need to understand the math, but you need to have a basic understanding of what a key is, what different types of keys are (symmetric/asymmetric), what signing is, how to verify a signature, how to share your key, how to protect your private key, and how to encrypt/decrypt files. I'd suggest you read, in this order, sections 1, 3, 4, and 5 of the GnuPG Mini-HOWTO manual.

  7. Now, you should be able to encrypt and decrypt files and text. To get encryption in your email program, get GPGMail for (it's installed with GPG Tools, so you may already have it!) or the Enigmail extension for the Mozilla Thunderbird mail client.

  8. Send me an encrypted, signed email:

Sorry, China!

system, blogging, hacks, wtf?

I have to apologize to China, although if you're Chinese proper, I doubt you'll see this apology unless you're on vacation somewhere else or using a proxy.

I've noticed a steady uptick in traffic to this site, notably this blog, over the past few months:

After some sleuthing, it seems I'm pushing 15-20 GB of traffic to China alone each month! With something like 564 million Chinese on the internet (42% penetration), I guess this shouldn't be surprising. And, yes, it was all legitimate HTTP/HTTPS traffic, mostly to this blog.

As I can't afford to pay for extra bandwith, my only option was to throttle traffic to China (e.g., using this very handy .htaccess method -- for Apache webservers -- and list of Chinese IP addresses).

That seems to have worked:

I feel bad that I have to use such a blunt tool as this blocking maneuver, but I'm not sure what else to do. Please let me know if, for some reason, this impacts you (I cannot imagine how it would).

Contact / Help. (cc) 2018 by Joseph Hall. blog software / hosting.
Design & icons by N.Design Studio. Skin by Tender Feelings / Evo Factory.
And a few words about the structure of the eye . Everyone " retina ". Especially often we hear it buy clomid online in the phrase " retinal detachment ." So what is the retina ? This - the front edge of the brain, the most distant from the brain part of the visual analyzer. The retina receives light first , processes and transforms light energy into irritation - a signal that encodes all the information about what the eye sees . The retina is very complex and in their structure and function . Its structure resembles the structure of the cerebral cortex. The shell of the retina is very thin - about 0.14 mm.