While I’ve amused myself by taking potshots at popular visions for space cities including domes, modular space stations, and O’Neill cylinders, I realized embarrassingly recently that I’d missed yet another terrific example! Tunnels! And secret underground lairs of all kinds.
Of course, the usual disclaimers still apply. I’m a housebound socially isolated COVID-fearing glorified recovering physicist who claims to be able to write software, inelegantly chuntering opinions into the internet’s screaming maelstrom. Isn’t there something more useful I could be doing with my time?
More seriously, my purpose here is not to criticize but to illuminate. To ask interesting questions, as a way of motivating collective inquiry into topics of mutual interest. We are all wrong, to varying degrees. The only useful meta question is how may we go about becoming less wrong?
Tunnels are a staple of both science fiction and popular journalism regarding human habitations on the Moon, Mars, or other rocky places. They’re fun to write about and interesting to put on screen. I’ve lost count of the times I’ve seen beautifully illustrated Mars city maps featuring a hexagonal grid of domes connected by tunnels. On a visual level, it certainly ticks all the right boxes.
And yet, while I’ve wasted years of my life on real estate websites I’ve never seen a subterranean house on the market. They do exist, if you want a converted ICBM bunker or limestone cave, but they’re a definite rarity.
The simplest explanation is that digging holes, particularly really deep ones, is very energetically intensive and expensive. The cost of building a road tunnel works out to be about $100,000 per meter, or equivalent to a stack of Hamiltons of the same length! For comparison, $100,000 will buy materials and labor on a respectable manufactured home, or substantial renovations.
Indeed, on Earth, underground construction is basically unknown except for nuclear bunkers. These have two powerful reasons to accept the cost and inconvenience: unlimited sweet DoD money, and surviving really big explosions.
Why build underground in space? The usual explanation is to provide shielding against galactic cosmic rays, or micrometeorites.
It is true that tunnels deep underground are relatively safe from both, and also well thermally insulated. But as I discussed in the blog on space radiation, relatively little shielding is necessary in areas that people spend a lot of time time, such as sleeping areas. And even if that works out to be a meter or two of rock, it’s orders of magnitude less effort to drop sandbags on the roof of some structure constructed on the surface, than to dig a hole of the necessary size deep underground.
Micrometeorites are not a concern on Mars, which has a thin atmosphere, and can be well shielded on the Moon with a thin blanket of loose rubble.
If there’s a central point to my blogs on space architecture, it’s that our cities and houses on Mars will look and feel a lot more like regular houses on Earth, and for the same reasons. It may not be very exciting, but the most important consideration for design and construction, on Earth or in space, is expedience. Given the relative scarcity of human labor in space cities, structures will have to maximize usable area and minimize effort even more than on Earth. Instead of tunnels, think warehouses and aircraft hangars! At least they can have natural light.
With the advent of COVID-19 we’re all having to do the unthinkable, which for an instructor like me means moving hands-on, practical coding workshops online. In this post, I’ll outline a few key things you can do as a learner to have what is hopefully the best possible experience attending synchronous online training.
1. Follow your instructor’s instructions Install all the things - and test them First and foremost, triple-check that you have installed everything your instructor has suggested, and tested - as much as you know how to - that it works.
With the advent of COVID-19 we’re all having to do the unthinkable, which for an instructor like me means moving hands-on, practical coding workshops online. In this post, I’ll provide a map that helped me formalise how I broke down our workshops into components, and tried to map each of them to an online tool, platform or approach. I’ve used Zoom for most of the examples below, since that’s what I’ve used for teaching, but I’m sure that most of this functionality is well supported by other online meeting tools.
I started this blog expecting to write about tech companies and productivity growth. My theory has been that there are some firms that have taken full advantage of information technology, and others that haven’t. I was planning to write about the best ways to quickly turn “old economy” 20th century businesses into big, sparkling, high-productivity tech firms, using financial tools like M&A and private equity.
The coronavirus crisis has accelerated this transformation from a 10-year-timeframe “nice to have” to a 3-or—maybe-less-year-timeframe “holy shit” urgency. Thousands of businesses are being destroyed overnight, and unemployment shows signs of reaching levels not seen since the Great Depression. Economic transformation now needs to happen in a timeframe of months nor years, not least to avoid the crisis spiralling out of control into something even worse.
There are a few ways we can divide up what is happening. There are short, medium and long term effects. There will be firms that will thrive, firms that will restructure, firms that will be bought and turned into something else, and firms that will fail outright. Some firms will expand, others contract. And all of this chaos is likely to cause a lot of economic pain, that can perhaps be mitigated if approached correctly.
How so? Most obviously, the variety of available goods has sharply fallen. Roughly half the products I normally buy are no longer on the shelves. I’m hardly starving, but I’ve had to fill my shopping basket with a lot of goods I would not buy under ordinary conditions. After many years of claiming that product variety is a great unmeasured gift, consistency compels me to admit that the loss of product variety is a great unmeasured shock in the other direction.
Even if lockdowns are over by the summer, over the medium term spending habits will likely shift towards investment and redundancy, over choice and consumption. Unfortunately, small-batch artisanal food businesses are not as resilient to shocks as Wal-mart. Consumer choice is a luxury that comes at the expense of redundancy, and nobody wants to be caught unprepared during an ongoing crisis. People will allocate more of their budget to sure things like household appliances, and less to tourism and experiences. This uncertainty will last at least 12 months, until the vaccine is found, and probably longer, given the instability caused by the knock-on effects of the virus.
Even 12 months is too long for varied “just-in-time consumption” to be propped up by loans. Small businesses can’t spend on capital investment, leases etc as well as the extra investment in redundancy all businesses now need. Long-standing popular establishments like restaurants and bars may rebound after the short term, but guinea pig-themed cafes probably will not. Sharing economy services like Uber will contract, and so will niche services like yoga studios. Services that can obviously be replaced with a more reliable, online-first alternative will probably disappear entirely - what’s the case for renewing a lease for a movie theatre in 2020?
For businesses, the trends in spending the same. Nobody wants the innovative but fragile cross-border supply chain, or conferences and meetings that are going to be stopped by air travel restrictions. For high-productivity tech firms with a lot of spare cash, now is the time to invest heavily in redundancy and backup plans, which means things like buying up spare computing equipment, medical masks and installing security solutions.
Firms that thrive or survive
The NASDAQ is down, but it isn’t doing too badly relative to the rest of the stock market. Telecommuting tools, even those with major security flaws like Zoom, are actually doing much better during the crisis. On the other side of the spectrum, it’s unclear if casual airlines will ever recover, given the political pressure to meet climate emission goals.
Instead of categorizing firms by sector, we can sort them on two axes - tech-driven productivity before the crisis, and how they fare under long-term effects on demand post-crisis.
I would guess there is some correlation between high-productivity firms, and those that are seeing increased demand post-covid. Most high-productivity firms make heavy use of the internet, and whatever is online and ephemeral is relatively immune to the effects of the virus. The virus adds huge amounts of risk to the physical world, and high-productivity tech companies can get around this by using cash earned in the digital world to invest in physical redundancy.
What needs to be accelerated
The economic transformation that needs to happen as quickly and painlessly as possible is
repurposing falling-demand, low-productivity firms - e.g. movie theatres
repurposing falling-demand, high-productivity firms - e.g. ridesharing
scaling up & upgrading rising-demand, low-productivity firms - e.g. appliance manufacturing
scaling up rising-demand, high-productivity firms - e.g. logistics, biotech
This means expanding firms existing business lines so they can serve more customers. It may also mean investing in redundancy as described above. An example might be Amazon expanding delivery services - expanded demand means their constraints are now less about extra skills or expertise, and more about raw capital. Investors will likely start investing large amounts of capital in these firms, and these existing forms of financing will work fine as these firms have relatively reliable profit projections.
For businesses that are low-productivity but facing a rise in demand things are slightly more complex. They need to do accelerated digital transformation, so the business can do more with less, cope with the increased demand and (therefore) also be more resilient to shocks. They may need to buy enterprise software or merge with software companies in order to quickly raise their productivity to stay afloat. An example might be Porsche accelerating its planned overhaul. A larger share of the businesses that need to be repurposed are the more resilient “goods-producing” firms, in sectors like manufacturing or construction.
Novel forms of financing might help in this situation, as there may be some risk involved in the digital transformation, even if increased future profits are fairly likely. This is also probably fertile ground for tech companies, as they can use next-gen AI and computer vision to automate and upgrade factories and supply chains.
Businesses that will “just about” survive, like popular restaurants, also need to invest in upgrading, but in a slightly different sense. They will need to upgrade for resilience, cutting debt, investing in redundancy, and eliminating unnecessary complexity and product lines. Technology could help them widen their profit margins a little. That probably means e.g. cutting the menu to fewer items, and switching partially to takeaway.
This is for businesses that have to contract due to falling demand. The ur-example is the movie theatre where consumers can just stream movies instead. For these firms, the goal is to change the customers but also preserve as much of the structure of the business and relationships as possible. After the lockdown ends their productive capacity will be mostly intact, but demand will be permanently reduced.
Could the movie theatre be converted into a takeaway restaurant or UberEats kitchen, whilst laying off as few people as possible? Are there intermediate steps in the transformation that could make the transition less painful? These businesses need to quickly find new sources of demand for a closely related service. This might come in the form of M&A and consolidation - the movie theatre above could sell to UberEats, who could invest in repurposing the business to meet their customers needs.
The coronavirus has made the conversation about productivity growth even more urgent. There are many important long-term ideas to make economies more innovative and better at producing good ideas, but nature has forced us to focus on the short-term immediate need of upgrading and repurposing the economy we have.
The big unknown I see today is in large-scale financing - how can we quickly bring in the right skills and capital to upgrade these businesses in the right way? It may be that there doesn’t quite exist a financing method that works especially well right now, but it’s better to do this all inefficiently now to avoid a Great Depression, and pay off the debt later. I hope to explore these questions in future posts…
In my last blog post about
Zoom, I noted that the company says
“that critics have
how they do encryption.”
from Citizen Lab show that not only were the critics correct, Zoom's
design shows that they're completely ignorant about encryption.
When companies roll their own crypto, I expect it to have flaws. I don't
expect those flaws to be errors I'd find unacceptable in an
introductory undergraduate class, but that's what happened here.
Let's start with the egregious flaw. In this particular context, it's
probably not a real threat—I doubt if anyone but a major SIGINT
agency could exploit it—but it's just one of these things that
you should absolutely never do: use the
Electronic Code Book (ECB) mode
of encryption for
messages. Here's what I've
told my students
Direct use of a block cipher is inadvisable
Enemy can build up “code book” of plaintext/ciphertext equivalents
Direct use of the block cipher [is]
Used primarily to transmit encrypted keys
Very weak if used for general-purpose encryption; never use it for
a file or a message.
Attacker can build up codebook; no semantic security
Again, it would be hard to exploit here, but it suggests
that the encryption code was written by someone who
knew nothing whatsoever about the subject—and lays open the
suspicion that there are deeper, more subtle problems.
I mean, subtle problems are hard to avoid in cryptography even
when you know what you're doing.
The more important error isn't that egregious, but it does show a
fundamental misunderstanding of what “end-to-end encryption” means.
The definition from a recent
is a good one:
End-to-end (E2E) encryption is any form of encryption in
which only the sender and intended reipient hold the keys
to decrypt the message. The most important aspect of E2E
encryption is that no third party, even the party providing
the communication service, has knowledge of the encryption
As shown by Citizen Lab,
Zoom's code does not meet that definition:
By default, all participants’ audio and video in a Zoom
meeting appears to be encrypted and decrypted with a single
AES-128 key shared amongst the participants. The AES key
appears to be generated and distributed to the meeting’s
participants by Zoom servers.
Zoom has the key, and could in principle retain it and use it
to decrypt conversations. They say they do not do so, which is
good, but this clearly does not meet the definition
no third party, even the party providing
the communication service,
has knowledge of the encryption keys.”
Doing key management—that is, ensuring that the proper parties, and
only the proper parties know the key—is a hard problem, especially
in a multiparty conversation. At a minimum, you need assurance that
someone you're talking to is indeed the proper party, and not some
interloper or eavesdropper. That in turn requires that anyone who
is concerned about the security of the conversation has to have some
reason to believe in the other parties' identities, whether via direct
authentication or because some trusted party has vouched for them.
On today's Internet, when consumers log on to a remote site, they
typically supply a password or the like to authenticate themselves,
but the site's own identity is established via a trusted third party
known as a certificate authority.
Zoom can't quite do identification correctly. You can have
a login with Zoom, and meeting hosts generally do, but often, participants
do not. Again, this is less of an issue in an enterprise setting, where
most users could be registered, but that won't always be true for, say,
university or school classes. Without particpant identification and
authentication, it isn't possible for Zoom to set up a strongly
protected session, no matter how good their cryptography; you could end
up talking to
when you really wanted to talk confidentially to
You can associate a password or PIN with a meeting invitation, but
Zoom knows this value and uses it for access control, meaning that
it's not a good enough secret to use to set up a secure, private
Suppose, though, that all particpants are strongly authenticated and
have some cryptogrpahic credential they can use to authenticate
themselves. Can Zoom software then set up true end-to-end encryption?
Yes, it can, but it requires sophisticated cryptographic mechanisms.
Zoom manifestly does not have the
right expertise to set up something like that, or they wouldn't
use ECB mode or misunderstand what end-to-end encryption really is.
Suppose that Zoom wants to do everything right. Could they
retrofit true end-to-end encryption, done properly? The sticking point
is likely to be authenticating users. Zoom likes to outsource
authentication to its enterprise clients, which is great for their
intended market but says nothing about the existence of cryptographic
All that said, it might be possible to use a so-called
key exchange (PAKE) protocol
to let participants themselves agree on a secure, shared key.
(Disclaimer: many years ago, a colleague and I co-invented
the first such scheme.) But multiparty PAKEs are
rather rare. I don't know if there are any that are secure enough
and would scale to enough users.
So: Zoom is doing its cryptography very badly, and while some of
the errors can be fixed pretty easily, others are difficult
and will take time and expertise to solve.