Or maybe Bok's just saying that the offered price is too low.
Non-economist's answer
You can only watch a DVD a few times before it's boring, but you
can listen to a CD a lot of times, so it's worth more.
Objection to the non-economist's answer
In a competitive market, prices get driven down to the marginal
cost of production, not to their value to people. So, how
many times you can enjoy it is irrelevant.
Introductory econ answer:
The question is totally misguided, because the manufacturer
is extracting monopoly rents.
Although there's an open market in CDs and DVDs, the market
for any particular kind of disk is a monopoly. Thus, the price
is set not by the cost of production, but by what the market
will bear.
Objection to introductory econ answer:
While it's true that there's a monopoly on any given artist/movie,
clearly there are close substitutes. There is only one Britney Spears,
but there's some blonde who's almost as good. Following Anton
Sherwood's
suggestion on the armchair economists' list, let's call her Normandie
Shields. Why doesn't Normandie enter the market and compete with
Britney?
Advanced micro-econ answer
Music and movies are "winner-take-all" markets (see Rosen's
The Economics of Superstars). In such a market, a very small number of
people service the entire market and get all the money. Thus,
we're back to a monopoly (or at least partial monopoly) situation
and we get the "market will bear" price.
Objection to sophisticated economics answer
There are two problems here. First,in Rosen's analysis, although
the superstar makes vastly more money than anyone else, it's
primarily because they're selling a lot more units, not because they're
charging more per unit. Competition still keeps the overal price
in check. Second, it's not clear that Britney Spears really
is any better than Normandie Shields. She's just the
person who happened to get picked up by the labels.
Sophisticated econ answer
It's all about cost of information. It's true that Britney
isn't any better than Normandie, but she's almost certainly
better than some randomly chosen person you've never heard
of. Naturally, you don't want to waste your valuable time
listening to crappy music, so you're willing to pay a price
premium to get someone who's been vetted by the music industry
(and who's music they've heard for free on the radio)
and therefore is probably OK, if not great.
[There's an interesting experiment here: Do blind trials to see if people really prefer music they've never heard from established artists to music from randomly selected unestablished artists. Then look at what sort of attrition factor is required to get to the point where people are equally happy. Does the risk premium extracted by content producers match the informational advantage they provide?]
So, why does this mean there's less pricing pressure? Basically, information about music is bimodal. Either the song played on the radio and you've heard it or you didn't. If you did, then it's a known quantity. If you didn't, then it's basically random. Only known quantities can compete with known quantities and since there's a limited amount of attention span to go around, then market entry is restricted and there's a minimal amount of pricing pressure. So, we're back to the price the market will bear.
Objection to sophisticated econ answer
There are lots of music producing companies. Why don't
they compete between each other to drive the price down?
Certainly Britney and Christina Aguilera are close substitutes
even if Britney and the unsigned Normandie aren't.
Response to objection
It's a cartel.
Response to response
What a cop-out.
As you can see, I'm not totally satisfied with any of these explanations. Other explanations solicited. And for bonus credit: why are paperback books so much cheaper than either DVDs or CDs?
Our data suggest that about one death is prevented for every 80 000 convictions, one emergency department visit for every 1300 convictions (assuming the benefits apply to crashes of all severity), and $1000 in societal costs for every 13 convictions (including property damage and lost time). The observed 35% relative risk reduction in death is greater in magnitude than the roughly 20% relative risk reduction from all mandatory vehicle improvements of the past 50 years, yet enforcement effects are transient.3,30 Policies of more frequent enforcement could yield more net savings and could also be revenue neutral if designed efficiently. A small relative risk reduction could immediately prevent a large amount of death, disability, and health-care demands.
That's not really that obvious from the data. Let's take their numbers seriously. Assign the usual $10 million value for lives and arbitrarily guesttimate $100 thousand as the cost for emergency room visits. Thus each conviction has a benefit of roughly (10000000/80000 + 100000/1300 + 1000/13)=$278. Thus, if it costs more than $278/conviction, increasing enforcement is a bad cost/benefit decision given these numbers.
And one more thing. The authors indicate that there's no real difference in deterrence between various kinds of convictions. The only relevant factor seems to be how much people are punished:
In the subgroups of convictions, speeding convictions in which the driver received penalty points were associated with a larger relative risk reduction than speeding convictions with no penalty points (51 vs 0%, p=0·011). Convictions related to administrative errors, careless driving, seatbelt failure, and disobeying of a traffic signal were all associated with similar relative risk reductions (range 31-57%).
If we do decide we want increased enforcement, we might just want to pick drivers out at random and impose some penalty on them. It's not clear this would have any less of a deterrent effect, and would almost certainly be cheaper.
This kind of study is notoriously difficult to get right. I'll be interested to see how it holds up to future analysis.
Any subject exhibiting three or more of these symptoms is most likely a zombie.
Does this make sense to anyone but lawyers? Like Michael Kinsley I don't see any real difference between these three.
A simple model
Let's start with a simple abstract model of the admissions process.
Each applicant has some abstract score A which is how good
the applicant actually is.
The university can admit a total of n people. So, they
attempt to estimate A. They rank order people by A scores
and then then admit the top n.
Now, in practice, this ranking is messy, and the university can't
actually measure A but can only get an estimate A*.
Now, even if the system itself is totally deterministic,
there's a bunch of randomness in the inputs, so if we
imagine re-running the entire admissions process a number
of times, the scores given to people will be some different.
This will be even more the case when the admissions
officers have some discretion, since they introduce their
own randomness.
If we imagine running the process a large number of times, then the mean of the A* estimates will start to approach A. The more randomness there is, the worse that estimate is. However, we can always get an estimate that's arbitrarily good by using enough trials.
Two different systems
So, imagine that we have two systems: a "race-blind" system,
B and an affirmative action system, A1. System B behaves
exactly as specified above. System A behaves the same
way except for some small detail: if an applicant is
from a minority group, we take A* and add some
value E. This moves the applicant up somewhat
in the ranking.
This system is more or less the one that the Supremes ruled unconstitutional. It has the interesting feature that you can figure out what the admissions would have been under B if you know the A* estimates and E. Thus, it's possible to identify precisely the individuals harmed by the substitution of A1 for B.
The system that's constitutional
So, what's the big difference between system A1 and the system
that the Supremes ruled constitutional (which we'll call A2).
The difference is that A2 is a black box. Under B, some fraction
Mb of the admitted class were minorities. Under A2, as
under A1, some higher fraction Ma of minorities
are admitted. In both cases, Ma-Mb non-minority
people get hosed.
As far as I can tell, what's supposed to be better about A1 is that you can't tell who exactly got screwed and so any individual can't object. But that's hiding your head in the sand, since you know that someone did. Just because you don't know his name doesn't make him any less real.
The really scary part
Now, you're probably thinking I'm pulling a fast one on you.
What makes us think that Ma==Mb? The answer, of course,
is that it's supposed to be. The whole point of
the exercise is to get an explicit racial balance and so
you keep juggling your formulas (or your holistic judging
process) until they're what you want.
In other words, the system is more or less exactly the same as the racial quotas that the court rejected in Bakke. In fact, it's pretty easy to see that under steady state conditions where the applicant pool changes relatively slowly, more or less the same applicants will get in no matter what procedure you use. The only thing that stops this from being the case is the sloppiness of the admissions officers' estimates of applicant quality. How exactly is this better?
And yes, I know about Sidestep... that is a little better but still not perfect. anyone know a better solution?
The incentive effects of suing offerors
First, suppose that a given file sharing network has 10 million users
and the RIAA randomly sues 1000 (.01%) of them for $10,000 each.
The expectation value of this loss for any individual user is
$1, which seems like a relatively minor. However, that's not how people's value
curves actually work--people are actually quite risk averse.
They also tend to overestimate the probability of rare events occuring.
It's not clear exactly how much this effect is worth, but
we should expect it to be considerably more than $1 of deterrence.
Second, it's well known that a very large fraction of P2P users are free riders, who take files off the network but don't share files themselves. Back in the old days we used to call such people leeches. This is of course perfectly rational behavior. In fact, it's somewhat surprising that anyone contributes at all. This fact has two consequences: First, it means that there are a relatively small number of people that RIAA will have to deter. Second, because they have no real incentive to offer files in the first place, they are likely to be quite easy to deter. (The authors of the paper I'm citing above make the first point but not the second).
The professionalization of file swapping
It's commonly objected that this sort of legal action only works
against people in the United States. This is of course true and
it's quite likely that the people offering files will quickly
move offshore. However, remember that members of P2P networks
currently have little incentive to offer files. Kevin Dick
pointed out to me today that such offshore providers are more
likely to be professionals and
somehow charge for their services. The RIAA, by suing amateur
pirates, will have fulfilled their own prophecy and created
a class of professional pirates. This result, of course, will
make it much easier for the RIAA to claim that file sharing is
stealing and get more laws to crack down on it.
Is this inevitable? Not necessarily, but I think it's one likely outcome.
Some people accuse me of lacking vision. I prefer to think of my strategy as starting close to home until the voters have had time to communicate their needs to me, preferably in written form, such as in a note along with cash in an unmarked envelope.
Dear Friend I was a member of the contract award committee of the republican ministry of petroleum and resources of iraq under the regime of sadam hussein. I am in search of an agent to assist us in transfer of twenthyseven million five hundred thousand united state dollars($27,500.000.00) and subsequent investment in properties in your country, you will be required toLet me just go get those account numbers...(1) Assist in the transfer of the said sum
(2) Advise on lucrative area for investment
(3) Assist us in purchase of properties.If you decide to render your service to us in this regard, 20% of the total sum of the above will be for you, and 10% for any expenses incured during the process. Please if you are interested kindly sent an email to me so that i can give you the modalities.Please note this transaction should be at utmost secrecy for the safety of this transaction. For further details in this transaction you can email me at (isamoshoud@rediffmail.com)and i await your immediate response as soon as possible.
Yours sincerely,
ISA MOSHOUD.
- Voters must vote whether or not to recall Davis and vote for a replacement (contingent on the recall passing) on the very same ballot.
- If Davis is recalled, the replacement candidate who garners the most votes will be governor. No majority needed; no runoffs. (If I understand the rules correctly).
I think there's a good chance Davis will actually be recalled, so it seems to me that this provides a unique opportunity--the only time that I'll be able to run for Governor without getting all of those annoying signatures. True, it would cost me $3500, but I expect to recoup that by soliciting campaign donations for people who think it would be smart to be on my good side when I hold absolute power.
Barnhill said his faith is rooted in The First Christian Fellowship for Eternal Sovereignty, an organization founded in the late 1990s, according to information on its Web site. The founder was a man named Christopher Hansen.The Web site, which bears the heading Patriot Saints for the Kingdom of God on Earth, says the fellowship's headquarters is in Henderson, Nev.
Hansen says on the Web site that the fellowship's main objectiveis to convert and educate sovereign Americans ``to demand and defend their God given rights and fulfill their duties as freedom loving Christians against the encroachment of the Beast and his agents.''
Hansen identifies the Beast as the federal government and some of its agents as the IRS, Social Security Administration, Environmental Protection Agency and the Drug Enforcement Administration
Of course, he also says he's going to take his case to the Supreme Court on First Amendment grounds. I guess he's not averse to using the Beast to override the laws of his State.
They have been known to explode or leak gas when dropped or exposed to heat, continue to burn after the trigger is released, and have excessive flame heights.
Heck, when I was in high school we used to pay good money for lighters that could be modified to have excessive flame heights.
Pepcid, marketed by Johnson & Johnson and Merck, is likely to promote its ability to be taken every day versus Prilosec where consumers are advised not to take a 14-day course more often than every four months for frequent heartburn unless directed by a doctor.
This is completely screwy, since there are lots of people who take Prilosec every day. That's basically what it's for. BAsed on the article, it seems like what happened is that the FDA was worried that people would keep themselves on Prilosec indefinitely and not see a doctor, and so added a bunch of labelling telling people to stop after 14 days. As far as I know, there's no reason that Pepcid would be any better to use for the long-term than Prilosec--except maybe that it works better and so people might be less likely to be dissatisfied and go see a doctor.
Update 22:21:
Edited the above a little bit. Originally I'd said the 40mg dose was
standard but apparently the 20mg prescription dose
is more common. However, I know a lot of people use 40mg as well.
Not much, but it's a start. As I've argued before, Weapons of Mass Destruction is a gerrymandered category. Although it lends itself to a snappy acronym, its elements do not belong together. In reality, there are only (a) Very nasty chemical and biological weapons that, on a good day, can kill about as many people as and cause more panic than regular bombs; and (b) Thermonuclear weapons, a different proposition altogether. Pre-war arguments about the imminent threat Iraq posed to the United States should be evaluated with this in mind.
The old term, of course, used to be NBC, for "Nuclear, Biological, and Chemical" weapons [0]. While this still had the same bogus classification, at least it had the advantage of clarity as to what was being referred to.
That said, I think Josh Marshall's distinction is a lot closer to correct than Healy's. I've got two problems with Healy'ss classification.
Not all nuclear weapons are thermonuclear
Roughly speaking, there are two kinds of nuclear weapons:
Fission weapons are already pretty fantastically destructive, so I don't think that drawing the line at thermonuclear versus everything else makes that much sense. I suspect Healy was just speaking loosely here, but I think it's worth being precise about it here. [1]
Biological weapons could be really bad
There are two kinds of biological weapons: non-communicable and
communicable. Non-communicable biological weapons like anthrax just
kill the people who are exposed to them. However, the people who are
sick aren't themselves dangerous to others. By contrast, victims of
communicable biological weapons like smallpox, plague, are themselves
contagious. Thus, if you could somehow infect a modest number of
people with smallpox you could kill a lot of people.
Given the way diseases spread now, it seems pretty unlikely that a communicable bioweapon wouldn't eventually get back to your country. This means that they're only useful if you have the means to protect your own people or as a last ditch "doomsday machine". Still, doomsday machines turn out to be a pretty rational strategic posture, so it's not at all unthinkable that some country would want them.
Where I'd draw the line
So, I think the right line here is "strategic" versus "tactical".
If a weapon can be used to kill large numbers of American civilians,
then we should be very concerned about its existence. If it's
just usable in battlefield conditions, we should still take
it seriously, but it doesn't seem to me that it's a matter
of overriding concern.
[0] Also, ABC, for "Atomic, Biological, and Chemical". Does CBS feel left out?
[1] It's also possible to build low-yield tactical nukes, but this is somewhat harder than building medium-yield nukes, so it's not clear why you would do it unless you were planning to use them in large quantity in a battlefield situation as opposed to as a deterrent. And certainly, any country which has tactical nukes is very likely to have strategic nukes as well.
The Legislature passed the law to accompany legislation that enables public safety officials to receive special disability benefits easier than the average worker. Without the law, proponents argue, doctors are unable to determine if a heart or lung illness is work related.Under the law, all new public safety hires must sign a contract, as Jeffrey did, pledging not to smoke tobacco products.
What we've got here is a beautiful example of the interaction of mandatory public-funded insurance and moral hazard and the results aren't pretty. Since the State is responsible for your disability if you smoke, you must be stopped from smoking. The problem, of course, is that there's nothing really unique about smoking. The same reasoning can be applied for just about any identifiable risky activity.
In the private insurance market, this is handled by requiring people who engage in really risky activities to pay an extra premium or accept reduced benefits. However, this sort of thing undermines publicly funded insurance because there's an inevitable temptation to keep adding more and more restrictions in order to reduce the cost of providing insurance, which of course is paid for by the taxpayers. I don't know of any country where this has actually happened, but it's certainly been discussed in the UK and as money gets increasingly tight all over, this sort of restriction starts to look more attractive.
I'm all in favor of people being required to bear the externalized cost of their behavior--but I suspect that in many cases people would in fact be willing to do so. I'm also very much in favor of a system that allows them to in preference to simply restricting their behavior. If you're going to propose a system of health care that doesn't have this feature, I think that really needs some justification.
The article implies that this is a lousy cut, but I'm having a lot of trouble being that sympathetic. Technical paper book royalties are something like 4-15% of the wholesale price of the book--not the retail price. So, a book might sell retail for $40, wholesale for $20, of which the author (if he's doing well) sees $2-3. I've heard claims that e-publishing pulls in royalty rates of 30% or so, but then e-books really don't sell the way that online music clearly is.
Don't get me wrong, I wish both author and musicians got a better royalty rate, particularly because I am one. I just don't think that musicians are getting hosed particularly badly.
Total score:
Rollins Band "Come in and Burn": $9.99
Murder City Devils: "In Name and Blood" $12.99
Ice Cube: "The Predator": $13.99
I'm feeling pretty good about this, especially I've listened to Terence's copy of "The Predator" about a zillion times and so I'm pretty happy to throw Ice Cube a bit of my spare change. Listening to the Rollins now and while it's not as good as Weight, it still seems pretty promising. Murder City Devils was bought on spec, so no real opinions on that yet.
It's pretty unclear how this stuff works. The researchers working in the field talk about it being the same mechanism as autistic savants, but it sounds to me like they're just poking around. Still, in theory this kind of technology sounds pretty useful. I can imagine a bunch of brain state enhancements that would be pretty useful: eidetic imagery and improved concentration to name just a few.
``The crux of the legal battle is, at what point do the directors have an obligation to drop'' their opposition ``and allow the shareholders to take the premium offer by Oracle?'' said Richard Vernon Smith, an attorney with Orrick, Herrington & Sutcliffe in San Francisco.Oracle's increased offer, up from the initial $16 a share to $19.50, is probably not high enough to cause PeopleSoft's board to ``cave in,'' as one analyst put it. And PeopleSoft is hoping to complete its friendly deal to acquire J.D. Edwards, which may alter Oracle's appetite for PeopleSoft.
Patrick McGurn, of Institutional Shareholder Services, a Maryland company that advises institutional investors on corporate governance, said ``potential liability'' is probably uppermost in board members' minds.
``They are asking themselves, `What is the magic number? At what point can't we turn it down?' ''
As I said previously, this isn't really the way the board should be thinking.
Look at it this way: the current price of PeopleSoft is about 18. When you account for uncertainty about the deal, there's some minimum price M that Oracle has to offer to make the deal a good one for PeopleSoft shareholders. Now, there's also some maximum amount O that Oracle is willing to pay. If O>M then a deal is in the best interests of both Oracle and PeopleSoft's shareholders at any price P that lies between O and M. The difference between O and M is called surplus. The job of PeopleSoft's board is to extract as much of the surplus as possible.
Now, obviously, the PeopleSoft board doesn't know what O is, but they can guess, and if Oracle ever offers O (provided it's greater than M) they should take it. However, this is a different price from the price at which they "can't turn the deal down". That price is set by what other people think O is. Basically, that price is whatever most reasonable people think that the maximum Oracle would pay is--because that's the price above which it looks pretty obvious that PeopleSoft's board isn't interested in selling at all.
Now, unless PeopleSoft's board has some private information about Oracle or is unusually optimistic, their estimate will likely fall towards the middle of people's estimates of O. In other words, PeopleSoft should be willing to accept a price rather lower than the "can't turn the deal down" price. If they're holding out for the offer they can't refuse, they're likely looking after management's interests, not those of the shareholders.
"Oracle's offer undervalues the company and is not in the best interest of PeopleSoft stockholders," said PeopleSoft President and CEO Craig Conway, in the statement. "It is highly conditional, faces significant regulatory delays and uncertainty, and threatens serious damage to our business."
So, if it's a matter of undervaluing the company, then there's some price premium they would be willing to take, right?
Of course, this could just be the PeopleSoft board pretending they are negotiating when they have no intention of doing so. However, even mentioning price moves the ball forward a little bit, since it suggests that there's some price that's high enough.
Sounds like it will be a controversial case, right? After all, the case involves a citizen, secret detentions, and (probably) surveillance authorized by the Patriot Act. Well, maybe not. It turns out that Faris has pleaded guilty to being an Al-Qaeda member who helped to plan serious terrorist attacks against the United States. (Read the actual plea agreement here , and the MSNBC story here .) Thanks to Instapundit for the link.
I have no opinion on whether or not Rauf is guilty, but Kerr's argument strikes me as rather surprising. Surely, part of the point of not having secret detention is to make it more difficult for the authorities to pressure innocent people into confessing. Thus, the fact that Faris has pleaded guilty doesn't seem to me to be particularly dispositive. In order to draw conclusions we'd need to know what kind of treatment Faris had. After all, lots of people arrested in Stalinist Russia made full confessions despite being innocent.
Update 7:38
Based on the Newsweek article, it does sound like Faris had a lawyer and
was being treated reasonably. However, I don't think this really
affects my point, which was about Kerr's argument, not this
specific case.
Of course, these two rules of thumb don't give us the complete picture. The Net is more complicated, and sometimes a deeper understanding is needed to evaluate a policy proposal. For example, a few widespread and helpful practices such as Network Address Translation violate both the end-to-end principle and layering; and so a ban on address translation would be consistent with end-to-end and layering, but inconsistent with the actual Internet.
As it turns out, in the Networking community, these are fighting words. In the Internet Engineering Task Force (IETF) calling Network Address Translation "helpful" is like walking into some diner in East Texas and yelling "Allah Akhbar".
So, what's all the fuss about?
Motivations for NAT
The first thing you have to understand is what NAT is. The
way that the Internet was originally designed to work was
that every computer would have its own IP address (just a
32-bit number). When you wanted to send information to computer
X, you'd find out its IP address and send it there.
In order for this scheme to work properly, these addresses
all had to be unique, since if two people shared an
address they would effectively be the same computer as far
as the net was concerned.
Two things conspired to destroy this little nascent utopia, both having to do with resource allocation. The first was that the procedure for getting IP addresses was initially a little fuzzy and hard to navigate. If you wanted to connect to the Internet you didn't have a choice but to navigate it, though. However, as the TCP/IP protocol suite got more popular, it became worthwhile running TCP/IP networks even if you didn't connect to the Internet. This would work fine no matter what IP address block you chose and so companies who didn't plan to connect to the network just started picking arbitrary addresses for their computers. When those people eventually wanted to connect to the Internet--as they often did--they had a big problem: their addresses collided with other people and they had to get a new address block and renumber. This was incredibly painful.
The second problem was the big address crunch. IP version 4 (the current version of IP) has 32-bit addresses. That means that even in theory no more than about 4 billion people can be connected to the Internet. However, it's actually worse than that. For routing reasons, addresses are assigned in contiguous blocks. For instance, the computers on my network have the addresses 198.144.203.240-198.144.203.255. This block structure meant that the number of available addresses was rather smaller, since a lot of them go unused (though we're getting better.
This shortage meant that the people giving out addresses had to be pretty stingy with them. Since renumbering is a pain, when you're getting your address block from whoever you get it from, you want it to be as big as possible--in case you eventually need more addresses. However, the people giving out addresses would often refuse big allocations or try to push you down to a smaller one.
What NAT Is
Circa 1993, Francis and Eng came up with an approach that claimed to solve
all these problems--NAT. The idea was simple: We'll put a box
at the edge of the network that translates your addresses to
those of the public Internet.
It's easy to see how this solved
the problem of connecting your private network to the Internet.
You just got a proper-sized network block and told the NAT box
to map the internal addresses to the external addresses. No problem.
However, if you want to have more internal addresses than you can get external addresses, the problem gets more tricky. Essentially, what you do is that you map more than one internal machine onto the same external address. In theory this doesn't work, but in practice any given machine only talks to a few other machines so the packets have enough disambiguating marks so that you can keep things straight. I won't describe how here since it's not important.
What's the problem?
Now, from the perspective of the customer this is all sounding
pretty convenient. It's particularly convenient for the home
user. The ISP just drops a NAT box on his door and he can connect
as many machines to his local network as he wants and it just
works. So, why is it when you say something nice about NAT people
look at you like you just announced you subscribe to Hustler?
Two reasons, actually. First, to make all of this stuff work you have to do some pretty ugly things. It turns out that a lot of Internet protocols carry arround IP addresses. The canonical example of this is FTP. The FTP client tells the FTP server what IP address to send the data inside the FTP control connection. Since the FTP client only sees his internal address and the server only sees the translated address, this isn't going to work. The NAT has to do some surgery on the FTP control connection to make it all work. A good fraction of protocols that work with NAT require this kind of ad-hockery. Protocol designers had ad-hockery.
The second reason is that machines behind a NAT don't really have any permanent address, because they share their external address with other machines. However, a lot of the protocols we'd like to design would work a lot better if machines had one. For instance, if I want to do an IP-based phone call I need to connect to your machine to initiate it. I can't do that if you're behind a NAT and I don't know what your address is. There are of course workarounds for this (the canonical one is to rendesvous at some server outside the NAT box) but they're all ad hoc and have to be done specifically for each new application, which of course doesn't make protocol designers happy.
IPv6 and Firewalls
The IETF did have a fix for these problems that didn't involve
NAT: move to IPv6, which had 128-bit addresses. This would allow
everyone on the planet to have 2^90 or so addresses, which should
really be enough. Unfortunately, for reasons I won't go into
in order to protect the guilty, IPv6 deployment has been
incredibly slow. Outside the US it's better but the US Internet
runs almost entirely on IPv4.
In the meantime, NATs have spread like wildfire and are now
well entrenched in the network architecture.
In roughly the same time period, people also started walling off their networks using "firewalls" (see Cheswisk, Bellovin, and Rubin's book on this topic). Firewalls block a lot of the same applications that NAT makes inconvenient, thus making the negative points of NAT less obvious.
So, where are we now?
For a long time the semi-official position of the IETF was that NAT
was a Bad Thing. The assumption was that it was a bad patch for
address depletion as well as a violation of the end-to-end principle
and that IPv6 would render it obsolete.
In addition, it was widely believed that IPsec-style end-to-end
security would make NAT unworkable.
In practice, the effect has been the opposite, with
NAT and firewalls making the deployment of IPsec more difficult.
Ultimately, I don't think it really matters whether NAT is a good thing or not. Ed is quite right that it's part of the network infrastructure and it's here to stay. We just have to learn to live with it. Increasingly, I think, the IETF is coming to this point of view. However, there are still lots of people who are inalterably opposed to it.
You are given a small pill to take an hour prior to your dental appointment. Your companion will accompany you to the office. By the time you arrive, you will be very drowsy.
They don't say what drug they're using, but based on the described effects (drowsiness, amnesia) I'm guessing it's one of the benzodiazepines, such as Halcion or Valium.
What an interesting idea. Lots of people (me among them) don't really enjoy having a dentist mucking around in their mouths, so sleeping through it is pretty attractive. On the other hand, the benzos tend to keep you out for quite some time, so I'm not sure I'd want to give up a day just to avoid the discomfort. Still, it's a pretty creative concept in any case.
It's hard to tell exactly what's going on here. Poison pills are often used by management to protect their own positions at the expense of the shareholders, but PeopleSoft's management could also be negotiating for more money. However, if that's what they're doing they'll have to signal at some point that they would take more money in order to avoid driving Oracle away entirely.
The senator acknowledged Congress would have to enact an exemption for copyright owners from liability for damaging computers. He endorsed technology that would twice warn a computer user about illegal online behavior, "then destroy their computer.""If we can find some way to do this without destroying their machines, we'd be interested in hearing about that," Hatch said. "If that's the only way, then I'm all for destroying their machines. If you have a few hundred thousand of those, I think people would realize" the seriousness of their actions, he said.
"There's no excuse for anyone violating copyright laws," Hatch said.
Let's ignore for a moment the general consensus that this suggestion is insane from a social perspective and just look at it from a technical perspective.
Is it possible to have software destroy someone's computer?
Back when I was a kid, they used to tell you that nothing you
could type into a computer could damage it. This made me a lot
more comfortable trying out stuff but it's not really true. It's
often possible to overdrive some component of the computer
(the monitor is a common choice) and actually cause some physical
damage. Even easier is to flash the BIOS, which can be hard
to repair.
However, all of these things require knowing something about the computer you're trying to destroy, so they're not really convenient to do in bulk. The easiest thing would be to just do a lot of damage to the data on the victim computer. This can range from straightforward deletion to randomly inserting subtle errors. In either case, once you have control of the computer, this kind of damage is extremely easy to cause. And since most people don't have good backup hygiene, they're basically hosed. The key sentence there is "once you have control of someone's computer". Doing any of this stuff requires that you first take control of someone's computer.
Is it possible to take control of someone's computer remotely?
Absolutely. Essentially every major operating system or piece
of network software has had bugs that allow an attacker to compromise
them. The manufacturers release patches for these bugs but people
often don't install them. Surveys of people's computers often show
that large fractions of computers are vulnerable to attack
via old bugs.
What kind of tools would you need?
If you're going to destroy one person's computer you can do it by
hand, but if you're going to destroy 200,000 you need automation.
Conveniently, these kind of tools are quite common in the
hacker community. None of them are integrated with file-sharing
detection but there's nothing inherently complicated about this
kind of detection. (Assuming, of course, that you can automatically
determine whether infringement is going on, which isn't that
clear).
However, the tools you need aren't going to be specific to attacking file-sharers machines. File sharing software, like all software, has bugs, but you probably can't count on them being serious enough to allow you to penetrate people's machines. In particular, if just that software is targeted, the authors will quickly figure out how to secure it (see below). So, we have to expect that these will be generalized system attack tools.
What's the likely defensive response?
I expect two defensive response. First, to harden the file
sharing programs themselves. Second, to harden user's
machines. Despite our general lack of success in writing secure
software, hardening the file sharing programs isn't that hard: you
rewrite them in a language that's less dangerous than C/C++. Java
is the canonical example. That's not a total fix, but it will
get you most of the way there. Most people's file sharing machines
are plenty fast to take the modest performance hit imposed by Java.
Hardening the machines proper is more difficult, but it's mainly a matter of making sure things are up to date and locking off unnecessary ports. Users can of course do this themselves, but their file sharing software can also do it for them. Moreover, users would have a lot more incentive to actually behave securely if they knew people were attacking them.
Will this work?
I doubt it. Oh, I'm sure that the content companies will be able to
damage some people's computers but I don't think this will really
deter file sharing that much. After all, the satellite TV companies
periodically try to damage pirate's systems and yet people
still pirate. Rather, I expect a series of attacks and defenses.
Oh, and of course, counterattacks, as some people (whatever the law says) decide that this gives them a reason to really attack the content companies' servers. And of course, the same logic applies there. I wouldn't expect their uptime to be very good.
So, we're going to see a lot of people's computers damaged and a lot of money spent on attack and defense, with probably a relatively small impact on file sharing. And all of this damage is really in the service of imposing a transfer payment on music listeners to the content companies. Sounds like a pretty welfare destroying arrangement to me.
After a mini cyber-disaster and brief hiatus, Amitai Etzioni Notes is back up and running!
And his take on differential pricing is correct, too, up to a point. The problem is, I think, that not everyone sees it that way. Most consumers in the US don't realize that they're subsidizing the lower prices for everyone else, whereas I think most high-fare airline passengers have internalized it. They at least wouldn't be as surprised by it if it were brought to their attention, and there's no move afoot to force the airlines to lower all seats to the price of a coach ticket.
I'm not sure that it makes sense to talk about subsidizing here. That suggests that we're sacrificing something for the benefit of the Canadians, which isn't really true. As I wrote previously, if the Canadians paid the same price as Americans the US price wouldn't change much, so it's not clear that this is really a subsidy. Let's try doing the math.
First, consider the simplest possible model where there's only one drug X made by one manufacturer and Americans are willing to pay $100/yr and Canadians $50. If the company can effectively segment the market then the price will be $100 in the US and $50 in Canada. If the size of the market is 10 million people in the US (not everybody needs X) and 2 million in Canada, then the drug company is making $1,100,000,000 a year.
Now, imagine that Canada freezes solid one winter and so the Canadians stop buying drugs. What happens to drug prices in the US? Answer: they stay the same. The drug company is already charging as much as the market will bear, so they can't raise prices. They could lower them, but that would just mean they made even less money. Bottom line, the drug company makes only $1,000,000,000 that year.
Now, consider a drug company's deciding whether to manufacture X in advance. If the drug can sold for 10 years then the total revenue will be $10 billion in the US and $1 billion in Canada. Now, imagine that X costs $10 billion to develop. This drug isn't economical to develop if you're selling only to the US market. It only makes sense if you can sell to the Canadian market as well! Now, of course, no specific drug has exactly the economics we're talking about here, but the point should be clear: selling into Canada, even at lower prices, means that the drug companies can afford to develop more drugs, which is good for Americans as well! (Obviously, the reverse is even more true--selling into the US means that Canadians get a lot more drugs).
So, while it's true that Americans are subsidizing Canadian's access to drugs, it's just as true that the Canadians are subsidizing ours.
Until recently it wasn't known whether the virus genome got copied into random parts of the home genome or whether it was specific. Obviously, the virus would prefer to insert itself where it would be expressed, but it's possible that this too difficult and that random insertion is good enough. In 2002, it was shown that HIV insertion wasn't random but instead targeted sites where genes were expressed. In the accompanying paper to this article, Wu et al. show that different viruses have different insertion patterns. Murine Leukemia Virus (MLV) prefers to integrate around promoters--thereby stimulating growth and causing cancer.
This would all be academic except for the fact that retroviruses are one of the prime methods being pursued for gene therapy. Say you've got some patient with a defective copy of gene X. You load up a retrovirus with a good copy of X and infect the patient. Now, X gets inserted somewhere more or less random in the genome and hopefully expressed. Now the patient has the defective copy, which hopefully does nothing, and the good copy, which hopefully produces whatever protein was previously missing.
When you think about it that way, it's amazing that gene therapy works at all. If you tried to fix a piece of computer software this way, there is essentially no chance that it would do anything useful and very likely something bad would happen. Genes are just another kind of software and though they're less brittle than the kind we write, they're still pretty brittle when arbitrary changes are made. Thus, it's not surprising that out of the 11 children treated for an immunodeficiency disorder using an MLV-based vector, 2 have developed leukemia (which is still probably better than what they had, btw).
However, if we're really going to use gene therapy regularly, we're going to have to develop a much better insertion system. Just putting genes in arbitrary places isn't at all elegant and there are conditions that can't be solved this way because the defective gene does something bad. What we really want is an insertion system that lets you replace any arbitrary string of bases with any other string--sort of a genetic version of patch. I have no idea if this can be done or not, but we'll certainly need to understand a lot more about the molecular technology of gene insertion to do it.
The primary concern here seems to be shortcutting. Just check out this picture of the Palo Alto Street Network. For reference, 101 and 280 (the two big grey roads) are the main North and South routes between San Francisco and San Jose. Downtown Palo Alto is the complex of yellow roads at the left of the figure. You'll notice that the authorized ways to get there from 101 are the "residential arterials" University and Embarcadero. Now, those roads have 25 mph speed limits and can be entered from a large number of residential streets. As a consequence, they're generally very congested and many people in the know use one of the backups such as Channing or Hamilton instead.
So, what happens when you make shortcutting more difficult? people either take the arterial or they find other alternate routes. Palo Alto's traffic engineers talk a little bit about diversion but don't seem to really know what what the final impact would be. Since the arterials are pretty full and I know of other slightly less convenient alternate routes, I suspect that the diversion will mostly be to them, which isn't obviously much of an improvement.
What's really needed here is some way to make traffic flow better on Embarcadero and University. Palo Alto had some plan to do this by They're installing roundabouts on Embarcadero (to replace traffic signals). Unfortunately, they apper to have put it on hold in favor of retiming the lights to 25 mph and some of those cute little digital signs telling you that the speed limit is 25 mph. They also propose to do a new speed survey, but I don't expect the residents standing for a speed limit over 25. Timing isn't a bad idea, but I'm skeptical that these measures will improve throughput much without also limiting access to Embarcadero. And of course they're not doing anything about University.
This is actually kind of strange, since it doesn't seem to put any real pressure on IBM to settle. As I said before, if SCO can't find some way to pressure IBM, IBM can just wait them out.
Me: Uh, about that alcohol damage thing, do have some literature
references for that?
Doc: You doubt me?
Me: I just like to read things for myself.
Doc: It's pretty commonly known.
Me: Well, I'd like to know the odds ratios.
Doc: I don't have those.
Regular EG readers won't be surprised that I wasn't exactly thrilled with this interchange. I spent this morning doing some research on PubMed, and as far as I can tell, it's not at all commonly known. In fact, the question hasn't seen that much study and even how alcohol causes liver damage in general isn't really that well understood. [0]
If any EG readers have specialized knowledge in this field, I'm of course more than willing to listen. In the meantime, I plan to continue my drinking habits and find a doctor who's more interested in letting me think for myself than in dispensing information from on high. I'm in the SF Bay Area, so any recommendations for a suitable doctor are welcome...
[0] See Ponnappa BC, Rubin E., "Modeling alcohol's effects on organs in animal models", Alcohol Res Health. 2000;24(2):93-104.