Educated Guesswork

Commercialization of universities

I just heard Derek Bok on Fresh Air talking (or rather complaining) about how universities are getting more commercialized. His proposed nightmare scenario was Coke paying Princeton $25 million (Terry Gross said $25 million, Bok said $5 million) to inscribe "Things Go Better With Coke" above the entrance to one of their buildings. I don't see what's wrong with this. After all, universities put stuff above the entrances of their buildings all the time. Go check out the Stanford CS building and tada, it's "Gates Hall". But I'm sure that Stanford just named it that out of their deep respect for Microsoft software and not because Bill gave them $38 million.

Or maybe Bok's just saying that the offered price is too low.

The money train

I just noticed that I own a Henry Rollins album which was put out by Dreamworks. Ordinarily I wouldn't care, but this particular album contains a lot of complaining about the "LA Money Train". I can't decide if this is hypocrisy, the label selling the rope with which to hang itself, or the genius of capitalism.

Why are CDs almost as expensive as DVDs?

So, check out your average CD store. You'll notice that prices hover around $12-18. Now, check out the DVDs. Prices hover between $14 and $25. Now, movies are a lot more expensive to make than albums, so how come CDs are very nearly expensive as DVDs? Puzzling, huh?

Non-economist's answer
You can only watch a DVD a few times before it's boring, but you can listen to a CD a lot of times, so it's worth more.

Objection to the non-economist's answer
In a competitive market, prices get driven down to the marginal cost of production, not to their value to people. So, how many times you can enjoy it is irrelevant.

Introductory econ answer:
The question is totally misguided, because the manufacturer is extracting monopoly rents. Although there's an open market in CDs and DVDs, the market for any particular kind of disk is a monopoly. Thus, the price is set not by the cost of production, but by what the market will bear.

Objection to introductory econ answer:
While it's true that there's a monopoly on any given artist/movie, clearly there are close substitutes. There is only one Britney Spears, but there's some blonde who's almost as good. Following Anton Sherwood's suggestion on the armchair economists' list, let's call her Normandie Shields. Why doesn't Normandie enter the market and compete with Britney?

Advanced micro-econ answer
Music and movies are "winner-take-all" markets (see Rosen's The Economics of Superstars). In such a market, a very small number of people service the entire market and get all the money. Thus, we're back to a monopoly (or at least partial monopoly) situation and we get the "market will bear" price.

Objection to sophisticated economics answer
There are two problems here. First,in Rosen's analysis, although the superstar makes vastly more money than anyone else, it's primarily because they're selling a lot more units, not because they're charging more per unit. Competition still keeps the overal price in check. Second, it's not clear that Britney Spears really is any better than Normandie Shields. She's just the person who happened to get picked up by the labels.

Sophisticated econ answer
It's all about cost of information. It's true that Britney isn't any better than Normandie, but she's almost certainly better than some randomly chosen person you've never heard of. Naturally, you don't want to waste your valuable time listening to crappy music, so you're willing to pay a price premium to get someone who's been vetted by the music industry (and who's music they've heard for free on the radio) and therefore is probably OK, if not great.

[There's an interesting experiment here: Do blind trials to see if people really prefer music they've never heard from established artists to music from randomly selected unestablished artists. Then look at what sort of attrition factor is required to get to the point where people are equally happy. Does the risk premium extracted by content producers match the informational advantage they provide?]

So, why does this mean there's less pricing pressure? Basically, information about music is bimodal. Either the song played on the radio and you've heard it or you didn't. If you did, then it's a known quantity. If you didn't, then it's basically random. Only known quantities can compete with known quantities and since there's a limited amount of attention span to go around, then market entry is restricted and there's a minimal amount of pricing pressure. So, we're back to the price the market will bear.

Objection to sophisticated econ answer
There are lots of music producing companies. Why don't they compete between each other to drive the price down? Certainly Britney and Christina Aguilera are close substitutes even if Britney and the unsigned Normandie aren't.

Response to objection
It's a cartel.

Response to response
What a cop-out.

As you can see, I'm not totally satisfied with any of these explanations. Other explanations solicited. And for bonus credit: why are paperback books so much cheaper than either DVDs or CDs?

Cost/benefit implications of the traffic-law enforcement study

The authors of the Canadian traffic enforcement study suggest that it implies that increased traffic enforcement is a good idea.

Our data suggest that about one death is prevented for every 80 000 convictions, one emergency department visit for every 1300 convictions (assuming the benefits apply to crashes of all severity), and $1000 in societal costs for every 13 convictions (including property damage and lost time). The observed 35% relative risk reduction in death is greater in magnitude than the roughly 20% relative risk reduction from all mandatory vehicle improvements of the past 50 years, yet enforcement effects are transient.3,30 Policies of more frequent enforcement could yield more net savings and could also be revenue neutral if designed efficiently. A small relative risk reduction could immediately prevent a large amount of death, disability, and health-care demands.

That's not really that obvious from the data. Let's take their numbers seriously. Assign the usual $10 million value for lives and arbitrarily guesttimate $100 thousand as the cost for emergency room visits. Thus each conviction has a benefit of roughly (10000000/80000 + 100000/1300 + 1000/13)=$278. Thus, if it costs more than $278/conviction, increasing enforcement is a bad cost/benefit decision given these numbers.

And one more thing. The authors indicate that there's no real difference in deterrence between various kinds of convictions. The only relevant factor seems to be how much people are punished:

In the subgroups of convictions, speeding convictions in which the driver received penalty points were associated with a larger relative risk reduction than speeding convictions with no penalty points (51 vs 0%, p=0·011). Convictions related to administrative errors, careless driving, seatbelt failure, and disobeying of a traffic signal were all associated with similar relative risk reductions (range 31-57%).

If we do decide we want increased enforcement, we might just want to pick drivers out at random and impose some penalty on them. It's not clear this would have any less of a deterrent effect, and would almost certainly be cheaper.

So, this means we should arrest everyone?

This weeks's Lancet carries an study reporting that traffic enforcement decreases the risk of fatal crashes in the month or so following a traffic conviction. Although this study looks more well done than average there are a couple of things that make me worry:

• A statistically significant protective effect is only observed for convictions which carry 3 demerit points. In particular, no effect is observed when 4 points or greater were applied (see Figure 3) Now, it's certainly possible that there just weren't enough drivers to get tight confidence bounds for anything other than 3 points. Note that the 3 point confidence bound is tighter, so maybe 3 points is the standard penalty. Still, it would be nice to see the authors address that point.
• The authors don't seem to have made any attempt to determine whether traffic convictions had an effect on how much people drove. Perhaps people aren't more careful but just drove less. That wouldn't be much of a win--at least not any more than just randomly stopping people from driving.

This kind of study is notoriously difficult to get right. I'll be interested to see how it holds up to future analysis.

Diagnostic criteria for flesh-gouging zombies

After having seen 28 Days Later, Terence Spies and I are prepared to offer you the following helpful guide to zombie detection. Symptoms of zombiism include:

1. Unaturally red eyes.
2. Marked stiffness in the limbs, especially the shoulders and knees.
3. Limited vocabulary, consisting mostly of "rahrnrr!"
4. Tattered rags for clothes.
5. Vomiting blood.
6. Attempting to rip your face off.

Any subject exhibiting three or more of these symptoms is most likely a zombie.

The math of affirmative action

So, I've been trying to understand the latest Supreme Court affirmative action decisions. Let me see if I've got this right:

• Reserving a specific number of slots for minorities: Not OK.
• A mathematical admission system where you give people a certain number of points for being a minority: Not OK.
• A system that uses race as one factor in a "each applicant is evaluated as an individual and not in a way that makes an applicant's race or ethnicity the defining feature of his or her application.": OK.

Does this make sense to anyone but lawyers? Like Michael Kinsley I don't see any real difference between these three.

A simple model
Let's start with a simple abstract model of the admissions process. Each applicant has some abstract score A which is how good the applicant actually is. The university can admit a total of n people. So, they attempt to estimate A. They rank order people by A scores and then then admit the top n. Now, in practice, this ranking is messy, and the university can't actually measure A but can only get an estimate A*. Now, even if the system itself is totally deterministic, there's a bunch of randomness in the inputs, so if we imagine re-running the entire admissions process a number of times, the scores given to people will be some different. This will be even more the case when the admissions officers have some discretion, since they introduce their own randomness.

If we imagine running the process a large number of times, then the mean of the A* estimates will start to approach A. The more randomness there is, the worse that estimate is. However, we can always get an estimate that's arbitrarily good by using enough trials.

Two different systems
So, imagine that we have two systems: a "race-blind" system, B and an affirmative action system, A1. System B behaves exactly as specified above. System A behaves the same way except for some small detail: if an applicant is from a minority group, we take A* and add some value E. This moves the applicant up somewhat in the ranking.

This system is more or less the one that the Supremes ruled unconstitutional. It has the interesting feature that you can figure out what the admissions would have been under B if you know the A* estimates and E. Thus, it's possible to identify precisely the individuals harmed by the substitution of A1 for B.

The system that's constitutional
So, what's the big difference between system A1 and the system that the Supremes ruled constitutional (which we'll call A2). The difference is that A2 is a black box. Under B, some fraction Mb of the admitted class were minorities. Under A2, as under A1, some higher fraction Ma of minorities are admitted. In both cases, Ma-Mb non-minority people get hosed.

As far as I can tell, what's supposed to be better about A1 is that you can't tell who exactly got screwed and so any individual can't object. But that's hiding your head in the sand, since you know that someone did. Just because you don't know his name doesn't make him any less real.

The really scary part
Now, you're probably thinking I'm pulling a fast one on you. What makes us think that Ma==Mb? The answer, of course, is that it's supposed to be. The whole point of the exercise is to get an explicit racial balance and so you keep juggling your formulas (or your holistic judging process) until they're what you want.

In other words, the system is more or less exactly the same as the racial quotas that the court rejected in Bakke. In fact, it's pretty easy to see that under steady state conditions where the applicant pool changes relatively slowly, more or less the same applicants will get in no matter what procedure you use. The only thing that stops this from being the case is the sloppiness of the admissions officers' estimates of applicant quality. How exactly is this better?

Weren't computers supposed to make my life easier?

So, I'm trying to book my tickets for IETF in Vienna in mid-July. The question I want to ask is: what's the cheapest flight leaving and returning within 3-day windows and from any of 3 airports. However, none of the main sites seem to let you ask that question and they all give radically different prices. Of course, calling the real live American Express travel agent didn't give me a very useful answer either. they were more expensive than the web sites. Unbelievable.

And yes, I know about Sidestep... that is a little better but still not perfect. anyone know a better solution?

The Times doesn't pull its punches

The headline on the Times's obituary of Strom Thurmond is "Strom Thurmond, Foe of Integration, Dies at 100". Exactly.

The RIAA strikes back.

The RIAA announced yesterday that they're going to start suing individuals who offer copyrighted material over peer-to-peer networks. Obviously, they can hurt some number of people, but will it work to curb file sharing? Despite the fact that so far they haven't been that successful at stopping swapping so far, I think the answer is yes.

The incentive effects of suing offerors
First, suppose that a given file sharing network has 10 million users and the RIAA randomly sues 1000 (.01%) of them for $10,000 each. The expectation value of this loss for any individual user is $1, which seems like a relatively minor. However, that's not how people's value curves actually work--people are actually quite risk averse. They also tend to overestimate the probability of rare events occuring. It's not clear exactly how much this effect is worth, but we should expect it to be considerably more than $1 of deterrence.

Second, it's well known that a very large fraction of P2P users are free riders, who take files off the network but don't share files themselves. Back in the old days we used to call such people leeches. This is of course perfectly rational behavior. In fact, it's somewhat surprising that anyone contributes at all. This fact has two consequences: First, it means that there are a relatively small number of people that RIAA will have to deter. Second, because they have no real incentive to offer files in the first place, they are likely to be quite easy to deter. (The authors of the paper I'm citing above make the first point but not the second).

The professionalization of file swapping
It's commonly objected that this sort of legal action only works against people in the United States. This is of course true and it's quite likely that the people offering files will quickly move offshore. However, remember that members of P2P networks currently have little incentive to offer files. Kevin Dick pointed out to me today that such offshore providers are more likely to be professionals and somehow charge for their services. The RIAA, by suing amateur pirates, will have fulfilled their own prophecy and created a class of professional pirates. This result, of course, will make it much easier for the RIAA to claim that file sharing is stealing and get more laws to crack down on it.

Is this inevitable? Not necessarily, but I think it's one likely outcome.

More policy proposals for California

When I am Governor, I will also introduce legislation to:

• Require every cable provider to show the Hawaii Ironman live. Phil Liggett will announce: "Yes, he's still riding, Bob. It sure looks hot out there."
• Bike lanes everywhere!
• Ban that guy at Fry's who asks for your receipt. Failing that, require Fry's to put up a large sign that reads "You do not have to show this guy your receipt."

Some people accuse me of lacking vision. I prefer to think of my strategy as starting close to home until the voters have had time to communicate their needs to me, preferably in written form, such as in a note along with cash in an unmarked envelope.

Now that's efficiency

So, less than a week after the release of the Harry Potter book, it's available on the net. Apparently, someone or someones scanned it in, OCRed it, and posted it to the net. One of my associates informs me that SOP is to saw off the binding and then feed the pages into the sheet feeder on the scanner.

Well, that didn't take long

I just got my first piece of Iraqi Nigerian spam

Dear Friend I was a member of the contract award committee of the republican ministry of petroleum and resources of iraq under the regime of sadam hussein. I am in search of an agent to assist us in transfer of twenthyseven million five hundred thousand united state dollars($27,500.000.00) and subsequent investment in properties in your country, you will be required to

(1) Assist in the transfer of the said sum
(2) Advise on lucrative area for investment
(3) Assist us in purchase of properties.

If you decide to render your service to us in this regard, 20% of the total sum of the above will be for you, and 10% for any expenses incured during the process. Please if you are interested kindly sent an email to me so that i can give you the modalities.Please note this transaction should be at utmost secrecy for the safety of this transaction. For further details in this transaction you can email me at (isamoshoud@rediffmail.com)and i await your immediate response as soon as possible.
Yours sincerely,
ISA MOSHOUD.

Let me just go get those account numbers...

The honeymoon ends at Albertsons

I wrote a while back that despite the fact that Albertsons has a "savings card" plan the employees were giving out discounts even if you didn't have a card. That seems to have stopped. I went by today and they didn't give me the discount. The employee said he'd been told not to. I didn't find out if the previous behavior had been policy or omission. Have to remember to ask next time I go in.

The first plank of my campaign platform

When I am elected Governor of California, one of my first acts will build freeway connector between 101 and 280, right through Palo Alto, thus solving an important problem. Do you realize that it takes like 10 minutes to get from my house (at 101) to Stanford??? Also, my freeway plan would entirely eliminate the need for traffic calming in Palo Alto. Let noone say that Governer EKR isn't responsive to the will of the people.

EKR for governor!

According Russel Korobkin over at the Volokh Conspiracy, the California recall election will have some insaneinteresting features. Chief among them are these:

• Voters must vote whether or not to recall Davis and vote for a replacement (contingent on the recall passing) on the very same ballot.
• If Davis is recalled, the replacement candidate who garners the most votes will be governor. No majority needed; no runoffs. (If I understand the rules correctly).

I think there's a good chance Davis will actually be recalled, so it seems to me that this provides a unique opportunity--the only time that I'll be able to run for Governor without getting all of those annoying signatures. True, it would cost me $3500, but I expect to recoup that by soliciting campaign donations for people who think it would be smart to be on my good side when I hold absolute power.

Check out this guy

So, this guy who's wife was arrested for driving while breastfeeding is challenging the arrest on the grounds that his religion says he's the head of the household and is the only one who can be punished. Of course, our hero also has some other charming views:

Barnhill said his faith is rooted in The First Christian Fellowship for Eternal Sovereignty, an organization founded in the late 1990s, according to information on its Web site. The founder was a man named Christopher Hansen.

The Web site, which bears the heading Patriot Saints for the Kingdom of God on Earth, says the fellowship's headquarters is in Henderson, Nev.

Hansen says on the Web site that the fellowship's main objectiveis to convert and educate sovereign Americans ``to demand and defend their God given rights and fulfill their duties as freedom loving Christians against the encroachment of the Beast and his agents.''

Hansen identifies the Beast as the federal government and some of its agents as the IRS, Social Security Administration, Environmental Protection Agency and the Drug Enforcement Administration

Of course, he also says he's going to take his case to the Supreme Court on First Amendment grounds. I guess he's not averse to using the Beast to override the laws of his State.

Illegal lighters, threat or menace?

Canoe has an important message on a dire health threat: illegal cigarette lighters. Check out the list of hazards:

They have been known to explode or leak gas when dropped or exposed to heat, continue to burn after the trigger is released, and have excessive flame heights.

Heck, when I was in high school we used to pay good money for lighters that could be modified to have excessive flame heights.

Daily use of Prilosec

There's something fishy about the story on Prilosec.

Pepcid, marketed by Johnson & Johnson and Merck, is likely to promote its ability to be taken every day versus Prilosec where consumers are advised not to take a 14-day course more often than every four months for frequent heartburn unless directed by a doctor.

This is completely screwy, since there are lots of people who take Prilosec every day. That's basically what it's for. BAsed on the article, it seems like what happened is that the FDA was worried that people would keep themselves on Prilosec indefinitely and not see a doctor, and so added a bunch of labelling telling people to stop after 14 days. As far as I know, there's no reason that Pepcid would be any better to use for the long-term than Prilosec--except maybe that it works better and so people might be less likely to be dissatisfied and go see a doctor.

Prilosec pricing

Astra-Zeneca just got FDA approval to sell Prilosec over the counter. There's a lot of talk about how this is hard on people who are used to getting it via prescription and only paying a copay. If you're used to paying only $20 a month and now you have to pay $1 pill, that could be a bit more expensive, especially as it's pretty common for patients to take the 40 mg prescription dose of Prilosec whereas the OTC version will only be 20 mg, so they would have to take twice as much. On the other hand, the patent on Prilosec has expired so I would expect generic OTC versions prety soon.

Update 22:21:
Edited the above a little bit. Originally I'd said the 40mg dose was standard but apparently the 20mg prescription dose is more common. However, I know a lot of people use 40mg as well.

What is a WMD?

Kieran Healy quite correctly points out that the term Weapons of Mass Destruction (WMD) is a silly term:

Not much, but it's a start. As I've argued before, Weapons of Mass Destruction is a gerrymandered category. Although it lends itself to a snappy acronym, its elements do not belong together. In reality, there are only (a) Very nasty chemical and biological weapons that, on a good day, can kill about as many people as and cause more panic than regular bombs; and (b) Thermonuclear weapons, a different proposition altogether. Pre-war arguments about the imminent threat Iraq posed to the United States should be evaluated with this in mind.

The old term, of course, used to be NBC, for "Nuclear, Biological, and Chemical" weapons [0]. While this still had the same bogus classification, at least it had the advantage of clarity as to what was being referred to.

That said, I think Josh Marshall's distinction is a lot closer to correct than Healy's. I've got two problems with Healy'ss classification.

Not all nuclear weapons are thermonuclear
Roughly speaking, there are two kinds of nuclear weapons:

• Fission: which operate by the fission of Uranium or Plutonium. These are the easiest to build and pretty much the first kind of nuke that any country makes. Uranium nukes are fantastically easy to build if (a big if) you can get your hands on the weapons grade Uranium, which is a big project. Plutonium is easier to produce (provided you have the right kind of nuclear reactor) but the actual weapons require a fair bit more engineering. However, pretty much all the information you need to do it has been published. The Hiroshima bomb (Little Boy) was a Uranium-based device. The Nagasaki bomb was a Plutonium-based device. It's possible to build fission bombs up to about a few hundred kilotons (the Hiroshima bomb was about 15 kt) but after that the dynamics of the explosion tend to restrict the yield.
• Fusion (aka thermonuclear): Fusion weapons are based on the fusion of hydrogen (typically the heavy isotopes, deuterium and tritium). The reason they're called thermonuclear is that you have to heat the hydrogen to a very high temperature to get it to fuse. In current devices, this is done by using a small fission weapon. The chief advantage of a fusion weapon is that it can be made essentially arbitrarily large. The first American fusion device had a yield of 10 megatons). The engineering for a fusion weapon is much more complicated than that for a fission weapon.

Fission weapons are already pretty fantastically destructive, so I don't think that drawing the line at thermonuclear versus everything else makes that much sense. I suspect Healy was just speaking loosely here, but I think it's worth being precise about it here. [1]

Biological weapons could be really bad
There are two kinds of biological weapons: non-communicable and communicable. Non-communicable biological weapons like anthrax just kill the people who are exposed to them. However, the people who are sick aren't themselves dangerous to others. By contrast, victims of communicable biological weapons like smallpox, plague, are themselves contagious. Thus, if you could somehow infect a modest number of people with smallpox you could kill a lot of people.

Given the way diseases spread now, it seems pretty unlikely that a communicable bioweapon wouldn't eventually get back to your country. This means that they're only useful if you have the means to protect your own people or as a last ditch "doomsday machine". Still, doomsday machines turn out to be a pretty rational strategic posture, so it's not at all unthinkable that some country would want them.

Where I'd draw the line
So, I think the right line here is "strategic" versus "tactical". If a weapon can be used to kill large numbers of American civilians, then we should be very concerned about its existence. If it's just usable in battlefield conditions, we should still take it seriously, but it doesn't seem to me that it's a matter of overriding concern.

 

[0] Also, ABC, for "Atomic, Biological, and Chemical". Does CBS feel left out?

[1] It's also possible to build low-yield tactical nukes, but this is somewhat harder than building medium-yield nukes, so it's not clear why you would do it unless you were planning to use them in large quantity in a battlefield situation as opposed to as a deterrent. And certainly, any country which has tactical nukes is very likely to have strategic nukes as well.

Fired for smoking tobacco?

points to this article about a police officer filed for smoking but focuses on what he thinks is unfair procedure and misses the (I think) most important point:

The Legislature passed the law to accompany legislation that enables public safety officials to receive special disability benefits easier than the average worker. Without the law, proponents argue, doctors are unable to determine if a heart or lung illness is work related.

Under the law, all new public safety hires must sign a contract, as Jeffrey did, pledging not to smoke tobacco products.

What we've got here is a beautiful example of the interaction of mandatory public-funded insurance and moral hazard and the results aren't pretty. Since the State is responsible for your disability if you smoke, you must be stopped from smoking. The problem, of course, is that there's nothing really unique about smoking. The same reasoning can be applied for just about any identifiable risky activity.

In the private insurance market, this is handled by requiring people who engage in really risky activities to pay an extra premium or accept reduced benefits. However, this sort of thing undermines publicly funded insurance because there's an inevitable temptation to keep adding more and more restrictions in order to reduce the cost of providing insurance, which of course is paid for by the taxpayers. I don't know of any country where this has actually happened, but it's certainly been discussed in the UK and as money gets increasingly tight all over, this sort of restriction starts to look more attractive.

I'm all in favor of people being required to bear the externalized cost of their behavior--but I suspect that in many cases people would in fact be willing to do so. I'm also very much in favor of a system that allows them to in preference to simply restricting their behavior. If you're going to propose a system of health care that doesn't have this feature, I think that really needs some justification.

What's so bad about 12%?

Business 2.0 has an article about how the money from online music sales gets divvied up. About 12% goes to the artist, though there's also an 8% payment to the music publisher and 50% or more of that makes its way back to the songwriter. So, an artist which writes their own music is going to get about 16-20% royalties. Apparently this is pretty standard for CDs as well.

The article implies that this is a lousy cut, but I'm having a lot of trouble being that sympathetic. Technical paper book royalties are something like 4-15% of the wholesale price of the book--not the retail price. So, a book might sell retail for $40, wholesale for $20, of which the author (if he's doing well) sees $2-3. I've heard claims that e-publishing pulls in royalty rates of 30% or so, but then e-books really don't sell the way that online music clearly is.

Don't get me wrong, I wish both author and musicians got a better royalty rate, particularly because I am one. I just don't think that musicians are getting hosed particularly badly.

My indifference point for CDs

Banner event here at EG: I bought some CDs. I'm not boycotting the CD manufacturers like some people are, but the maximum amount of money I'm willing to pay for a CD seems to be about $14.00. Every time I've gone to Tower over the past 6 months or so, I've seen CDs I wanted but they were too expensive. Anyway, today I was at Frys and they had a bunch of CDs I wanted for under $14, so I shelled out.

Total score:
Rollins Band "Come in and Burn": $9.99 Murder City Devils: "In Name and Blood" $12.99 Ice Cube: "The Predator": $13.99

I'm feeling pretty good about this, especially I've listened to Terence's copy of "The Predator" about a zillion times and so I'm pretty happy to throw Ice Cube a bit of my spare change. Listening to the Rollins now and while it's not as good as Weight, it still seems pretty promising. Murder City Devils was bought on spec, so no real opinions on that yet.

More proof that the DNS is not a directory

As we all know, there's a shortage of domain names, and as a consequence, you can't necessarily find company "foo" by going to "www.foo.com"--though it's generally a good bet. Sometimes, however, it goes rather wrong. This morning I was looking for the Open Source Initiative's web page and typed in http://www.osi.org/". Close, but not quite what I was looking for.

Terence Spies back on the air

You should check out Terence's post on the laws of BBQ over at PM Style. Terence is dating a woman from Texas, so he must know what he's talking about.

I've got to get me one of these

Today's New York Times has a fascinating article on transcraniam magnetic stimulation (TMS). The basic idea is that you use magnetic fields to influence certain parts of the brain. For some reason, you seem to be able to induce dramatic changes in subject's capabilities. In particular, stimulation of the correct part of the brain seems to dramatically improve some people's artistic abilities.

It's pretty unclear how this stuff works. The researchers working in the field talk about it being the same mechanism as autistic savants, but it sounds to me like they're just poking around. Still, in theory this kind of technology sounds pretty useful. I can imagine a bunch of brain state enhancements that would be pretty useful: eidetic imagery and improved concentration to name just a few.

Fiduciary responsibility and all that

It's worth reading this article in the San Jose Mercury News about the PeopleSoft/Oracle issue. A number of people they interview hint, but don't quite come out and say, that they think the PeopleSoft board isn't looking after the best interest of the shareholders:

``The crux of the legal battle is, at what point do the directors have an obligation to drop'' their opposition ``and allow the shareholders to take the premium offer by Oracle?'' said Richard Vernon Smith, an attorney with Orrick, Herrington & Sutcliffe in San Francisco.

Oracle's increased offer, up from the initial $16 a share to $19.50, is probably not high enough to cause PeopleSoft's board to ``cave in,'' as one analyst put it. And PeopleSoft is hoping to complete its friendly deal to acquire J.D. Edwards, which may alter Oracle's appetite for PeopleSoft.

Patrick McGurn, of Institutional Shareholder Services, a Maryland company that advises institutional investors on corporate governance, said ``potential liability'' is probably uppermost in board members' minds.

``They are asking themselves, `What is the magic number? At what point can't we turn it down?' ''

As I said previously, this isn't really the way the board should be thinking.

Look at it this way: the current price of PeopleSoft is about 18. When you account for uncertainty about the deal, there's some minimum price M that Oracle has to offer to make the deal a good one for PeopleSoft shareholders. Now, there's also some maximum amount O that Oracle is willing to pay. If O>M then a deal is in the best interests of both Oracle and PeopleSoft's shareholders at any price P that lies between O and M. The difference between O and M is called surplus. The job of PeopleSoft's board is to extract as much of the surplus as possible.

Now, obviously, the PeopleSoft board doesn't know what O is, but they can guess, and if Oracle ever offers O (provided it's greater than M) they should take it. However, this is a different price from the price at which they "can't turn the deal down". That price is set by what other people think O is. Basically, that price is whatever most reasonable people think that the maximum Oracle would pay is--because that's the price above which it looks pretty obvious that PeopleSoft's board isn't interested in selling at all.

Now, unless PeopleSoft's board has some private information about Oracle or is unusually optimistic, their estimate will likely fall towards the middle of people's estimates of O. In other words, PeopleSoft should be willing to accept a price rather lower than the "can't turn the deal down" price. If they're holding out for the offer they can't refuse, they're likely looking after management's interests, not those of the shareholders.

Ok, now we're just talking about price

On Wednesday, I argued that if the PeopleSoft management was just negotiating for a higher price rather than defending their own interests, they would have to signal that to Oracle at some point. It looks like they've just done that:

"Oracle's offer undervalues the company and is not in the best interest of PeopleSoft stockholders," said PeopleSoft President and CEO Craig Conway, in the statement. "It is highly conditional, faces significant regulatory delays and uncertainty, and threatens serious damage to our business."

So, if it's a matter of undervaluing the company, then there's some price premium they would be willing to take, right?

Of course, this could just be the PeopleSoft board pretending they are negotiating when they have no intention of doing so. However, even mentioning price moves the ball forward a little bit, since it suggests that there's some price that's high enough.

Confessing doesn't mean you're guilty

Orin Kerr points to this MSNBC article about a US citizen named Iyman Faris who has pleaded guilty to working for Al-Qaeda. Kerr writes:

Sounds like it will be a controversial case, right? After all, the case involves a citizen, secret detentions, and (probably) surveillance authorized by the Patriot Act. Well, maybe not. It turns out that Faris has pleaded guilty to being an Al-Qaeda member who helped to plan serious terrorist attacks against the United States. (Read the actual plea agreement here , and the MSNBC story here .) Thanks to Instapundit for the link.

I have no opinion on whether or not Rauf is guilty, but Kerr's argument strikes me as rather surprising. Surely, part of the point of not having secret detention is to make it more difficult for the authorities to pressure innocent people into confessing. Thus, the fact that Faris has pleaded guilty doesn't seem to me to be particularly dispositive. In order to draw conclusions we'd need to know what kind of treatment Faris had. After all, lots of people arrested in Stalinist Russia made full confessions despite being innocent.

Update 7:38
Based on the Newsweek article, it does sound like Faris had a lawyer and was being treated reasonably. However, I don't think this really affects my point, which was about Kerr's argument, not this specific case.

Oh no, Not NAT!

In a post about Solum and Chung's The Layers Principle: Internet Architecture and the Law Ed Felten observes that the Internet isn't really end-to-end. He writes:

Of course, these two rules of thumb don't give us the complete picture. The Net is more complicated, and sometimes a deeper understanding is needed to evaluate a policy proposal. For example, a few widespread and helpful practices such as Network Address Translation violate both the end-to-end principle and layering; and so a ban on address translation would be consistent with end-to-end and layering, but inconsistent with the actual Internet.

As it turns out, in the Networking community, these are fighting words. In the Internet Engineering Task Force (IETF) calling Network Address Translation "helpful" is like walking into some diner in East Texas and yelling "Allah Akhbar".

So, what's all the fuss about?

Motivations for NAT
The first thing you have to understand is what NAT is. The way that the Internet was originally designed to work was that every computer would have its own IP address (just a 32-bit number). When you wanted to send information to computer X, you'd find out its IP address and send it there. In order for this scheme to work properly, these addresses all had to be unique, since if two people shared an address they would effectively be the same computer as far as the net was concerned.

Two things conspired to destroy this little nascent utopia, both having to do with resource allocation. The first was that the procedure for getting IP addresses was initially a little fuzzy and hard to navigate. If you wanted to connect to the Internet you didn't have a choice but to navigate it, though. However, as the TCP/IP protocol suite got more popular, it became worthwhile running TCP/IP networks even if you didn't connect to the Internet. This would work fine no matter what IP address block you chose and so companies who didn't plan to connect to the network just started picking arbitrary addresses for their computers. When those people eventually wanted to connect to the Internet--as they often did--they had a big problem: their addresses collided with other people and they had to get a new address block and renumber. This was incredibly painful.

The second problem was the big address crunch. IP version 4 (the current version of IP) has 32-bit addresses. That means that even in theory no more than about 4 billion people can be connected to the Internet. However, it's actually worse than that. For routing reasons, addresses are assigned in contiguous blocks. For instance, the computers on my network have the addresses 198.144.203.240-198.144.203.255. This block structure meant that the number of available addresses was rather smaller, since a lot of them go unused (though we're getting better.

This shortage meant that the people giving out addresses had to be pretty stingy with them. Since renumbering is a pain, when you're getting your address block from whoever you get it from, you want it to be as big as possible--in case you eventually need more addresses. However, the people giving out addresses would often refuse big allocations or try to push you down to a smaller one.

What NAT Is
Circa 1993, Francis and Eng came up with an approach that claimed to solve all these problems--NAT. The idea was simple: We'll put a box at the edge of the network that translates your addresses to those of the public Internet. It's easy to see how this solved the problem of connecting your private network to the Internet. You just got a proper-sized network block and told the NAT box to map the internal addresses to the external addresses. No problem.

However, if you want to have more internal addresses than you can get external addresses, the problem gets more tricky. Essentially, what you do is that you map more than one internal machine onto the same external address. In theory this doesn't work, but in practice any given machine only talks to a few other machines so the packets have enough disambiguating marks so that you can keep things straight. I won't describe how here since it's not important.

What's the problem?
Now, from the perspective of the customer this is all sounding pretty convenient. It's particularly convenient for the home user. The ISP just drops a NAT box on his door and he can connect as many machines to his local network as he wants and it just works. So, why is it when you say something nice about NAT people look at you like you just announced you subscribe to Hustler?

Two reasons, actually. First, to make all of this stuff work you have to do some pretty ugly things. It turns out that a lot of Internet protocols carry arround IP addresses. The canonical example of this is FTP. The FTP client tells the FTP server what IP address to send the data inside the FTP control connection. Since the FTP client only sees his internal address and the server only sees the translated address, this isn't going to work. The NAT has to do some surgery on the FTP control connection to make it all work. A good fraction of protocols that work with NAT require this kind of ad-hockery. Protocol designers had ad-hockery.

The second reason is that machines behind a NAT don't really have any permanent address, because they share their external address with other machines. However, a lot of the protocols we'd like to design would work a lot better if machines had one. For instance, if I want to do an IP-based phone call I need to connect to your machine to initiate it. I can't do that if you're behind a NAT and I don't know what your address is. There are of course workarounds for this (the canonical one is to rendesvous at some server outside the NAT box) but they're all ad hoc and have to be done specifically for each new application, which of course doesn't make protocol designers happy.

IPv6 and Firewalls
The IETF did have a fix for these problems that didn't involve NAT: move to IPv6, which had 128-bit addresses. This would allow everyone on the planet to have 2^90 or so addresses, which should really be enough. Unfortunately, for reasons I won't go into in order to protect the guilty, IPv6 deployment has been incredibly slow. Outside the US it's better but the US Internet runs almost entirely on IPv4. In the meantime, NATs have spread like wildfire and are now well entrenched in the network architecture.

In roughly the same time period, people also started walling off their networks using "firewalls" (see Cheswisk, Bellovin, and Rubin's book on this topic). Firewalls block a lot of the same applications that NAT makes inconvenient, thus making the negative points of NAT less obvious.

So, where are we now?
For a long time the semi-official position of the IETF was that NAT was a Bad Thing. The assumption was that it was a bad patch for address depletion as well as a violation of the end-to-end principle and that IPv6 would render it obsolete. In addition, it was widely believed that IPsec-style end-to-end security would make NAT unworkable. In practice, the effect has been the opposite, with NAT and firewalls making the deployment of IPsec more difficult.

Ultimately, I don't think it really matters whether NAT is a good thing or not. Ed is quite right that it's part of the network infrastructure and it's here to stay. We just have to learn to live with it. Increasingly, I think, the IETF is coming to this point of view. However, there are still lots of people who are inalterably opposed to it.

Dentistry while you sleep

Here's an interesting innovation. This dentist offers what he calls sedation dentistry. Here's the description:

You are given a small pill to take an hour prior to your dental appointment. Your companion will accompany you to the office. By the time you arrive, you will be very drowsy.

They don't say what drug they're using, but based on the described effects (drowsiness, amnesia) I'm guessing it's one of the benzodiazepines, such as Halcion or Valium.

What an interesting idea. Lots of people (me among them) don't really enjoy having a dentist mucking around in their mouths, so sleeping through it is pretty attractive. On the other hand, the benzos tend to keep you out for quite some time, so I'm not sure I'd want to give up a day just to avoid the discomfort. Still, it's a pretty creative concept in any case.

Better offers and poison pills

Two interesting developments in the Oracle/PeopleSoft affair:

Oracle has raised their offer for PeopleSoft to $19.50/share.
• PeopleSoft has created a poison pill provison that guarantees customers double their money back if Oracle completes the acquisition.

It's hard to tell exactly what's going on here. Poison pills are often used by management to protect their own positions at the expense of the shareholders, but PeopleSoft's management could also be negotiating for more money. However, if that's what they're doing they'll have to signal at some point that they would take more money in order to avoid driving Oracle away entirely.

One member of the public responds to traffic calming

I guess I'm not the only person in Palo Alto who doesn't like traffic calming. Someone in Palo Alto has stolen the metal poles that block off some of the roads in Palo Alto. (No link since it was in the Palo Alto Daily News, which has an incomplete web site).

Destroy my computer???

The story that Orrin Hatch favors a bill enabling copyrightholders to destroy the computers of copyright infringers is making the rounds of the blogosphere. Here's the key graf:

The senator acknowledged Congress would have to enact an exemption for copyright owners from liability for damaging computers. He endorsed technology that would twice warn a computer user about illegal online behavior, "then destroy their computer."

"If we can find some way to do this without destroying their machines, we'd be interested in hearing about that," Hatch said. "If that's the only way, then I'm all for destroying their machines. If you have a few hundred thousand of those, I think people would realize" the seriousness of their actions, he said.

"There's no excuse for anyone violating copyright laws," Hatch said.

Let's ignore for a moment the general consensus that this suggestion is insane from a social perspective and just look at it from a technical perspective.

Is it possible to have software destroy someone's computer?
Back when I was a kid, they used to tell you that nothing you could type into a computer could damage it. This made me a lot more comfortable trying out stuff but it's not really true. It's often possible to overdrive some component of the computer (the monitor is a common choice) and actually cause some physical damage. Even easier is to flash the BIOS, which can be hard to repair.

However, all of these things require knowing something about the computer you're trying to destroy, so they're not really convenient to do in bulk. The easiest thing would be to just do a lot of damage to the data on the victim computer. This can range from straightforward deletion to randomly inserting subtle errors. In either case, once you have control of the computer, this kind of damage is extremely easy to cause. And since most people don't have good backup hygiene, they're basically hosed. The key sentence there is "once you have control of someone's computer". Doing any of this stuff requires that you first take control of someone's computer.

Is it possible to take control of someone's computer remotely?
Absolutely. Essentially every major operating system or piece of network software has had bugs that allow an attacker to compromise them. The manufacturers release patches for these bugs but people often don't install them. Surveys of people's computers often show that large fractions of computers are vulnerable to attack via old bugs.

What kind of tools would you need?
If you're going to destroy one person's computer you can do it by hand, but if you're going to destroy 200,000 you need automation. Conveniently, these kind of tools are quite common in the hacker community. None of them are integrated with file-sharing detection but there's nothing inherently complicated about this kind of detection. (Assuming, of course, that you can automatically determine whether infringement is going on, which isn't that clear).

However, the tools you need aren't going to be specific to attacking file-sharers machines. File sharing software, like all software, has bugs, but you probably can't count on them being serious enough to allow you to penetrate people's machines. In particular, if just that software is targeted, the authors will quickly figure out how to secure it (see below). So, we have to expect that these will be generalized system attack tools.

What's the likely defensive response?
I expect two defensive response. First, to harden the file sharing programs themselves. Second, to harden user's machines. Despite our general lack of success in writing secure software, hardening the file sharing programs isn't that hard: you rewrite them in a language that's less dangerous than C/C++. Java is the canonical example. That's not a total fix, but it will get you most of the way there. Most people's file sharing machines are plenty fast to take the modest performance hit imposed by Java.

Hardening the machines proper is more difficult, but it's mainly a matter of making sure things are up to date and locking off unnecessary ports. Users can of course do this themselves, but their file sharing software can also do it for them. Moreover, users would have a lot more incentive to actually behave securely if they knew people were attacking them.

Will this work?
I doubt it. Oh, I'm sure that the content companies will be able to damage some people's computers but I don't think this will really deter file sharing that much. After all, the satellite TV companies periodically try to damage pirate's systems and yet people still pirate. Rather, I expect a series of attacks and defenses.

Oh, and of course, counterattacks, as some people (whatever the law says) decide that this gives them a reason to really attack the content companies' servers. And of course, the same logic applies there. I wouldn't expect their uptime to be very good.

So, we're going to see a lot of people's computers damaged and a lot of money spent on attack and defense, with probably a relatively small impact on file sharing. And all of this damage is really in the service of imposing a transfer payment on music listeners to the content companies. Sounds like a pretty welfare destroying arrangement to me.

Amitai Etzioni back on the air

If, like me, you've been wondering what happened to Amitai Etzioni's blog, you'll be glad to know it's back on the the air. Here's Etzioni on what happened:

After a mini cyber-disaster and brief hiatus, Amitai Etzioni Notes is back up and running!

What's a subsidy?

It's pretty common to talk about American drug consumers subsidizing Canadian drug consumers. For instance, Derek Lowe writes.

And his take on differential pricing is correct, too, up to a point. The problem is, I think, that not everyone sees it that way. Most consumers in the US don't realize that they're subsidizing the lower prices for everyone else, whereas I think most high-fare airline passengers have internalized it. They at least wouldn't be as surprised by it if it were brought to their attention, and there's no move afoot to force the airlines to lower all seats to the price of a coach ticket.

I'm not sure that it makes sense to talk about subsidizing here. That suggests that we're sacrificing something for the benefit of the Canadians, which isn't really true. As I wrote previously, if the Canadians paid the same price as Americans the US price wouldn't change much, so it's not clear that this is really a subsidy. Let's try doing the math.

First, consider the simplest possible model where there's only one drug X made by one manufacturer and Americans are willing to pay $100/yr and Canadians $50. If the company can effectively segment the market then the price will be $100 in the US and $50 in Canada. If the size of the market is 10 million people in the US (not everybody needs X) and 2 million in Canada, then the drug company is making $1,100,000,000 a year.

Now, imagine that Canada freezes solid one winter and so the Canadians stop buying drugs. What happens to drug prices in the US? Answer: they stay the same. The drug company is already charging as much as the market will bear, so they can't raise prices. They could lower them, but that would just mean they made even less money. Bottom line, the drug company makes only $1,000,000,000 that year.

Now, consider a drug company's deciding whether to manufacture X in advance. If the drug can sold for 10 years then the total revenue will be $10 billion in the US and $1 billion in Canada. Now, imagine that X costs $10 billion to develop. This drug isn't economical to develop if you're selling only to the US market. It only makes sense if you can sell to the Canadian market as well! Now, of course, no specific drug has exactly the economics we're talking about here, but the point should be clear: selling into Canada, even at lower prices, means that the drug companies can afford to develop more drugs, which is good for Americans as well! (Obviously, the reverse is even more true--selling into the US means that Canadians get a lot more drugs).

So, while it's true that Americans are subsidizing Canadian's access to drugs, it's just as true that the Canadians are subsidizing ours.

Understanding gene insertion

The June 13th Science has an interesting article on gene insertion by retroviruses. Retroviruses are a class of virus that have an RNA genome rather than a DNA genome. When they infect a cell they copy their genome into the cell via a process called reverse transcription.

Until recently it wasn't known whether the virus genome got copied into random parts of the home genome or whether it was specific. Obviously, the virus would prefer to insert itself where it would be expressed, but it's possible that this too difficult and that random insertion is good enough. In 2002, it was shown that HIV insertion wasn't random but instead targeted sites where genes were expressed. In the accompanying paper to this article, Wu et al. show that different viruses have different insertion patterns. Murine Leukemia Virus (MLV) prefers to integrate around promoters--thereby stimulating growth and causing cancer.

This would all be academic except for the fact that retroviruses are one of the prime methods being pursued for gene therapy. Say you've got some patient with a defective copy of gene X. You load up a retrovirus with a good copy of X and infect the patient. Now, X gets inserted somewhere more or less random in the genome and hopefully expressed. Now the patient has the defective copy, which hopefully does nothing, and the good copy, which hopefully produces whatever protein was previously missing.

When you think about it that way, it's amazing that gene therapy works at all. If you tried to fix a piece of computer software this way, there is essentially no chance that it would do anything useful and very likely something bad would happen. Genes are just another kind of software and though they're less brittle than the kind we write, they're still pretty brittle when arbitrary changes are made. Thus, it's not surprising that out of the 11 children treated for an immunodeficiency disorder using an MLV-based vector, 2 have developed leukemia (which is still probably better than what they had, btw).

However, if we're really going to use gene therapy regularly, we're going to have to develop a much better insertion system. Just putting genes in arbitrary places isn't at all elegant and there are conditions that can't be solved this way because the defective gene does something bad. What we really want is an insertion system that lets you replace any arbitrary string of bases with any other string--sort of a genetic version of patch. I have no idea if this can be done or not, but we'll certainly need to understand a lot more about the molecular technology of gene insertion to do it.

What are those men at work working on?

Oh, one more thing? What the heck are those guys digging up the street doing? It looks kind of sewer or telco related, but it's happening all over. Do you think next time they're down in those manholes they could manage to install some more fiber or DSL repeaters or something so I could have decent Internet service instead of this stinking ISDN line?

Stop digging up the street

Did I mention that about half the time I see really bad traffic in Palo Alto (as opposed to the normally just bad traffic) it's because they're doing some kind of construction. The best thing that the Palo Alto traffic engineering guys could do for traffic might be to send a couple of guys with baseball bats over to the Sewer and Telco people and tell them to stop digging up the street!

Traffic is so calm it's stopped

Recently I was the proud recipient of a letter from the City of Palo Alto describing their Neighborhood Traffic Calming Program. Apparently, a lot of people living on the suburban streets in the Palo Alto area are complaining that there is too much traffic through their areas and so the city is trying to respond by instituting a "traffic calming" program. For those who aren't familiar with this term, it means putting up various kinds of obstacles (traffic circles, speed bumps, etc.) to slow down traffic on the affected roads.

The primary concern here seems to be shortcutting. Just check out this picture of the Palo Alto Street Network. For reference, 101 and 280 (the two big grey roads) are the main North and South routes between San Francisco and San Jose. Downtown Palo Alto is the complex of yellow roads at the left of the figure. You'll notice that the authorized ways to get there from 101 are the "residential arterials" University and Embarcadero. Now, those roads have 25 mph speed limits and can be entered from a large number of residential streets. As a consequence, they're generally very congested and many people in the know use one of the backups such as Channing or Hamilton instead.

So, what happens when you make shortcutting more difficult? people either take the arterial or they find other alternate routes. Palo Alto's traffic engineers talk a little bit about diversion but don't seem to really know what what the final impact would be. Since the arterials are pretty full and I know of other slightly less convenient alternate routes, I suspect that the diversion will mostly be to them, which isn't obviously much of an improvement.

What's really needed here is some way to make traffic flow better on Embarcadero and University. Palo Alto had some plan to do this by They're installing roundabouts on Embarcadero (to replace traffic signals). Unfortunately, they apper to have put it on hold in favor of retiming the lights to 25 mph and some of those cute little digital signs telling you that the speed limit is 25 mph. They also propose to do a new speed survey, but I don't expect the residents standing for a speed limit over 25. Timing isn't a bad idea, but I'm skeptical that these measures will improve throughput much without also limiting access to Embarcadero. And of course they're not doing anything about University.

So IBM's license is cancelled... now what?

So, unsurprisingly, SCO has "cancelled" IBM's license to sell AIX. Of course, IBM says that the license is still valid and SCO is trying to get an injunction to stop IBM from selling AIX. Strangely enough, they seem to be seeking a permanent rather than a preliminary injunction, as I'd suggested before, which as far as I can tell means that SCO would have to prevail in their main lawsuit first before they get the injunction.

This is actually kind of strange, since it doesn't seem to put any real pressure on IBM to settle. As I said before, if SCO can't find some way to pressure IBM, IBM can just wait them out.

Evidence-based medicine and alcohol

A few months ago, I had an interaction with my internist where we discussed my drinking habits. I'm not what you would call a heavy drinker. I do a lot of sports and get dehydrated pretty easily, so I tend to avoid diuretics, alcohol included. However, maybe once a week I'll have a beer or two and maybe once every couple of months I'll go to some party and have between 3 and 6 over the course of the evening. Upon being told of this, my doctor suggested that it would cause liver damage and I should stop. Sometime later in the visit, after I'd had time to think about it, we had this conversation (transcribed from memory so probably not 100% accurate).

Me: Uh, about that alcohol damage thing, do have some literature references for that?
Doc: You doubt me?
Me: I just like to read things for myself.
Doc: It's pretty commonly known.
Me: Well, I'd like to know the odds ratios.
Doc: I don't have those.

Regular EG readers won't be surprised that I wasn't exactly thrilled with this interchange. I spent this morning doing some research on PubMed, and as far as I can tell, it's not at all commonly known. In fact, the question hasn't seen that much study and even how alcohol causes liver damage in general isn't really that well understood. [0]

If any EG readers have specialized knowledge in this field, I'm of course more than willing to listen. In the meantime, I plan to continue my drinking habits and find a doctor who's more interested in letting me think for myself than in dispensing information from on high. I'm in the SF Bay Area, so any recommendations for a suitable doctor are welcome...

[0] See Ponnappa BC, Rubin E., "Modeling alcohol's effects on organs in animal models", Alcohol Res Health. 2000;24(2):93-104.

People may not want Linux, but they don't want Solaris either

Steve from PM Style points to this article. Key graf:

Why do we think enthusiasm for Linux exists in the first place?" said Robert Youngjohns, executive vice president for global sales operations for Sun, speaking at the Bear Stearns 14th Annual Technology Conference here on Tuesday. "The enthusiasm isn't about Linux, it's about access to Intel and the ability to run Unix on what seems to be a cheaper platform."

Now, this isn't completely insane. It's not like Linux is orders of magnitude better than Solaris or FreeBSD or ther other PC Unixes. However, the usual network effects mean that most of the new development for Unix is happening on Linux. Seeing as people have been generally pretty down on the Intel version of Solaris in any case, it's pretty hard to believe that Sun is going to somehow convince people that what they want is Solaris, not Linux.

Now, Sun did once have an operating system that people were fanatical about and would buy Sun machines in order to get. Cleverly, they threw it away and foisted Solaris on us instead.

Can I sue Larry Ellison too?

Ok, so now both PeopleSoft and J.D. Edwards are suing Oracle:

J.D. Edwards said it is also filing suit in California state court against Oracle and two of its executives. That suit charges the company, CEO Larry Ellison and Vice President Chuck Phillips with wrongful conduct and unfair business practices. The suit seeks an injunction to prevent Oracle from proceeding with its tender offer for PeopleSoft.

Maybe I'm missing something, but I'm hard pressed to see exactly what's wrong with making an offer for PeopleSoft. No doubt it's annoying to J.D. Edwards, but so what? I find Oracle's big round buildings on 101 annoying but I'm not suing Larry. Is there some lawyer reading that can enlighten me as to whether this is a legitimate cause of action?

SCO tries again to pressure IBM

As I argued previously, SCO has to find something to threaten IBM with now, rather than years in the future. What that appears to be is a request for a preliminary injunction to block IBM from selling AIX. Now, this is something that would actually hurt IBM now. If SCO gets one, IBM will then have an interest to settle, but it's not at all clear if they can.

The present value of future damnation

Say you're standing at the proverbial crossroads and Satan appears, and offers you the traditional deal: anything you want in this life, eternal torment in the next. Are there any circumstances under which you should take this deal?

Well, eternal torment sounds pretty bad, but of course just how bad it is depends on exactly what that torment is. According to the Inferno Test, as a heretic I'm destined for the City of Dis, the sixth level of Hell, which Dante describes as follows:

Their lids all hung suspended, and beneath From them forth issu'd lamentable moans, Such as the sad and tortur'd well might raise.

I thus: "Master! say who are these, interr'd Within these vaults, of whom distinct we hear The dolorous sighs?" He answer thus return'd:

"The arch-heretics are here, accompanied By every sect their followers; and much more, Than thou believest, tombs are freighted: like With like is buried; and the monuments Are different in degrees of heat.

So, apparently for me Hell is going to involve spending an eternity in a scorching hot, desolate wasteland. Sounds a lot like the Hawaii Ironman, actually. Now, I'm not saying that I'd choose Dis as a vacation site, but it doesn't sound totally unendurable either. I figure I'd be willing to spend a day in Dis for $10 million or so.

I know what you're thinking.. a day is one thing, but eternity's something else altogether. True enough, but if we know what one day is worth, it's quite straightforward to calculate what an eternity is worth. If I'm willing to spend a day in Dis for $10 million, then all I need is $10 million a day for eternity. So, $10 million times infinity = infinity, right? Wrong.

As we've just established, a year in Hell is worth $10 million * 365 = $3.65 billion. So, in order to make it worth my being in Hell, I need an income of $3.65 billion/year. The current yield on tax-free municipal bonds is about 5%. If I have $73 billion in tax-free municipal bonds, it will throw off $3.65 billion a year--forever. [0] So, if Satan's willing to write me a check for $73 billion, I might be willing to consider a deal.

Coincidentally, at its peak, Bill Gates's net worth was roughly $70 billion.

[0] A somewhat more standard (but rather more confusing to most people) way of saying this is that the marginal disutility of damnation is $3.65 billion/year and that we discount at 5%.

Uh, Larry, could we have more money?

So, unsurprisingly, Peoplesoft has rejected Oracle's bid to buy the company. As usual, we can ignore the rhetoric, or rather, make fun of it:

"Oracle's offer seeks to enrich Oracle at the expense of PeopleSoft's stockholders, customers and employees," PeopleSoft CEO Craig Conway said in a release. "We believe that Oracle's proposed acquisition of PeopleSoft would stifle competition and limit customer choice. PeopleSoft remains steadfastly focused on providing customers with superior products and services, and we will not let Oracle's tactics interfere with our business."

Yeah, whatever. It's not clear to me that giving the stockholders more than their stock is worth is exactly making money at their expense. (Granted, the fact that the stock appears to have gone up since does change the equation a bit).

As for the rest of it, making money at the expense of employees and customers is what corporations exist to do, though I'm not sure I'd put it in such a loaded way. And given that there's this big company called SAP in the game, I'm not sure how much competition is going to be stifled.

As I mentioned before, there are two ways to read this sort of response from an acquisition target:

• We, the managers of the company, are trying to preserve our entrenched position at the expense of the stockholders.
• This offer isn't large enough.

Don't know which one it is in this case.

David Ahenakew being charged with "spreading hate"

Saskatchewan has charged David Ahenakew with "spreading hatred" under Section 319(2) of the Canadian Criminal Code.

Speaking with a Saskatoon reporter at a conference, Ahenakew praised Hitler for trying to "clean up the world" when he "fried" six million Jews in the Holocaust.

He said Hitler's rise to power was a response to the "disease" of Jewish world domination.

According to Colby Cosh, Ahenakew could get up to 2 years. Remind me again what we call people who get put in prison for expressing their opinion. Oh, that's right: political prisoners.

Now, in all fairness, as Cosh points out, Ahenaker probably won't go to jail but just have to do some public penance of some kind or another. It's not clear to me that makes a difference in principle, though. The power of the state is being brought to bear to punish someone who is expressing an unpopular view. Paging Human Rights Watch!

More on doctors and patient's lifestyles

Old psychiatrist joke:

Question: How many psychiatrists does it take to change a lightbulb?
Answer: Just one, but the lightbulb has to really want to change.

I was reminded of this joke upon reading Chris Rangel's second and third round of comments on patients and obesity.

Chris's major point seems to be that it's very hard for people who are obese to lose weight. I know a lot of people who are overweight and this is clearly true. Chris's contention that these people need long-term support is also true. However, there's an important difference between two kinds of intervention:

1. Trying to get someone to decide to lose weight.
2. Supporting someone who has already decided to lose weight.

Let me give you a somewhat less ethically loaded example. Many athletes have training partners who they do a lot of their workouts with. It's quite common to have your training partner uh... encourage you strongly to do some workout that you don't want to do. Why is this acceptable? If you just started pestering your friends to go for 10 mile runs every time you saw them, people would start to think you were a real jerk. However, pressure is acceptable in this context since it's assumed that you've made a prior commitment and you just need a little support in order to keep to your goal.

Similarly, I think there are two relevant roles for doctors here:

1. Attempt to convince their patients that it would be in their best interest to lose weight.
2. Attempt to assist patients that have already decided to lose weight.

What I was attempting to argue originally is that doctors should be relatively sparing with the first kind of intervention. If the patient clearly understands the risks and would rather stay fat, then the doctor's role is finished. On the other hand, if a patient expresses the desire to lose weight, then things are very different and a much higher degree of intervention is called for.

Chris makes the explicit comparison to drug addiction and I don't think this is inappropos:

If obesity is so similar to substance addiction in treatment approaches then why is there this attitude that physicians should mention their patient's obesity problem once and not "harangue" their patients further? It is understood that most patients with substance abuse and addiction problems need to go through therapy (support group meetings, detox clinics, medication, and counseling) for months if not years! Why then do we consider the approach to morbid obesity in such a different light? Do we consider a single AA meeting to be enough for a recovering alcoholic?

Actually, my position is consistent between obesity and substance abuse. If people want to use and/or abuse drugs, then doctors should make them aware of the risks and leave them alone after that. On the other hand, clearly if they want to get off then the doctor should provide them the extensive assistance that would no doubt be required. The key point in both cases is that extensive long-term intervention starts when the patient decides they want to change. I don't see a role for long-term pressure on a patient who has already decided not to change.

To claim that there is one is essentially to say that the doctor knows better than the patient. Now, it's probably true that the doctor knows more of the scientific facts (though I've seen patients out-research their doctors before) but the patient knows more of their own preferences and that's at least as relevant in this case.

Didn't I say it was a bad move to sue Ken?

When we last left Barbra Streisand, she was suing Ken Adelman for posting an aerial photograph of her house (along with about a zillion other pictures of the California coastline) on his web site. Now People magazine has an article (sorry, no link) on the topic, complete with a picture. Congratulations, Barbra. The picture you wanted to suppress is now permanently printed on paper for zillions of people to see. Nice work!

At this point, Streisand's in pretty much a no-win situation. She can't suppress the picture because it's out there for good. At best, she'll collect some money from Ken, but she's already got lots of money and so does Ken, so the marginal cost to him and benefit to her is pretty low. At worst, Ken will find some new way to really torture her.

The bottom line here is that given the existence of the Internet, if something is of interest to any reasonably sized population, it's almost impossible to suppress. Trying to do it just ensures that everyone finds out about it and makes you look stupid in the bargain.

AIX Armageddon

Oh, this should be fun. SCO's going to revoke IBM's AIX license Friday at midnight. There's lots of posturing from McBride:

"We've basically mapped out what we will do. People will be running AIX without a valid license," said McBride, who offered no specific details on what action SCO would take.

It's not clear what this means, but the obvious implication is that SCO is going to start going after AIX customers. However, assuming that AIX's license contains the usual indemnification clauses, this should just mean more lawsuits coming IBM's way.

Unfortunately for SCO, IBM's response suggests that it's hard to scare someone who's not really paying attention. IBM's strategy seems to be, in the immortal words of Teddy KGB, "check, check, check, all night long".

"IBM believes that our contract with regard to AIX is irrevocable and perpetual and there is nothing further to discuss," said IBM spokeswoman Trink Guarino.

SCO's real problem here is that it needs to cause IBM as much pain as possible as soon as possible, in the hopes of making them negotiate. They really don't want to be in some protracted litigation with IBM where IBM's only real pain is having to pay the occasional lawyer bill. Hence all the "revoking AIX" noise. If SCO can't make IBM suffer now, I think they're going to have a lot of time outlasting them.

Not exactly a concentration camp

I've been meaning for a while to point out the ridiculousness of the George W. Bush/Hitler comparisons that seem to be de rigeur for the GWB-haters these days (see for instance, this article about Harold Pinter). I find the claim that Guantanomo Bay is a "concentration camp" particularly inapropos as I've recently been reading Anne Applebaum's fine Gulag. The differences between the Gulag, where one's rations were tied to productivity and Guantanamo, where the prisoners are actually gaining weight, seem pretty striking. Accordingly, I was glad to see Applebaum herself ridiculing this notion in this morning's Washington Post.

I'm not necessarily that happy with a number of things the administration has done, but I don't think they're more than a standard deviation or so more repressive than the mean for American government. In a world that contains leaders like Kim Jong Il, Robert Mugabe, and (probably) Mullah Omar talking about Bush as if he were the second coming of Hitler mostly makes you look like someone who's lost all perspective.

Time to pay up?

Lessig and Eldred's Public Domain Enhancement Act has caused me to do some more thinking about the economic logic of the copyright debate. Eldred and Lessig's position seems to be that they'd like to roll back the Copyright Term Extension Act (CTEA) (which retroactively extended copyright terms) but are willing to settle--at least as a first step--for the PDEA (which would merely free unwanted copyrights). However, from an economic perspective, the PDEA isn't just a compromise, but rather is qualitatively different from repealing the CTEA. I'm starting to worry that the possibility of repealing CTEA is going to seriously impede the effort to pass the PDEA.

The nice thing about the PDEA is that it's Pareto dominant. If copyright owners don't renew, it's assumed that they don't place any value on the copyright (their revealed preference is <$1, so this is a pretty good bet) and the work enters the public domain. Thus, the copyright owner isn't harmed (since they didn't value the copyright in the first place) and the public benefits. It's pretty hard to argue against a solution like this--though people will occasionally try.

The situation is totally different when we consider repealing the Copyright Term Extension Act (CTEA). The content companies stand to gain quite a bit by selling content that would otherwise have been in the public domain. If we repeal the Act, then the record companies will lose that money. In this particular case, it's almost certainly a good idea anyway. Retroactively extending copyright was a pure transfer payment to the content industry, with almost no incentive effect whatsoever. Repealing it would simply reverse the transfer payment. Thus, it would damage the content companies by some value X (the value of the transfer payment). However, it, it would increase the welfare of content consumers by some value X + Y, where Y is the deadweight loss incurred by pricing some people out of the content market. Thus, total societal welfare is increased by Y.

However, the fact that repealing the CTEA is good for society as a whole isn't really much consolation to the content owners who are hurt by the repeal. Accordingly, we should expect them to fight it tooth and nail, just as they engaged in extensive rent seeking to get it passed in the first place. Even worse, the fact that many of the prominent supporters of the PDEA clearly support repealing the CTEA is likely to lead the content owners to fight the PDEA to avoid giving the enemy a foot in the door. This may or may not be rational but it's pretty standard political behavior.

Can we get past this? I think so, but it's going to require some nose-holding, especially by the pro-repeal crowd. As I said, simple repeal damages the content companies but benefits society. However, there's a way to benefit everyone: pay off the content companies. [0] If we simply estimate the size of X and pay it to the content companies (I'm intentionally leaving fuzzy how we divide it up) then they're indifferent to the exchange and the rest of society has benefited to the tune of Y. As I said, this involves some nose-holding. If you view the gains that the content companies expect to realize from the CTEA as ill-gotten, then paying them off seems rather unfair. However, that's just your outrage talking. If it's the best deal we can get then we should be willing to take it. I'm certainly in favor of attempting to negotiate them down to some fraction of X, perhaps on the grounds that they won't have to spend a lot of money engaging in rent seeking, but the bottom line is that even paying off the full amount is in our interest and expressing a willingness to do so may be what it takes to get the content companies to the table.

[0] I'm engaging in some loose speaking here, since we'll have to collect some tax in order to pay off the record companies and some people will get less value from that tax than they get from the content, but if you squint a bit and view society and the content companies as two monolithic entities, then both benefit.

Update:
An alternative view of this argument is that (in line with Eugene Volokh's post here), repealing the CTEA is a taking of property and paying off the content companies is simply a matter of paying them the legally required compensation. However, as the original CTEA seems to me to have been a taking from all of us and we certainly weren't compensated, I'm not sure how convincing this argument is on its own. One difference, though. Volokh argues that the PDEA might require us to compensate copyright owners. Since their revealed preference is pretty clearly negligible, I'm not so sure this is actually necessary--or rather that the compensation should be zero.

Yahoo's liveness test

One of the techniques spammers sometimes use is to get accounts on free mail services like Yahoo and Hotmail. They'll use programs to automatically sign up for accounts, then send spam from them until they're cancelled. In order to prevent this, Yahoo has recently adopted liveness tests before they give you a Yahoo mail account. The way these liveness tests work is that Yahoo gives you a somewhat fuzzy image containing a word. You're then expected to type in the word, thus proving that a real human is signing up for the account. This sort of liveness test, originally proposed under the name CAPTCHA by von Ahn, Blum, Hopper, and Langford, is getting increasingly common as an anti-spam measure. What's unusual about Yahoo's system is that they're using it to prevent people sending spam from their system, rather than to challenge people trying to send mail to their users.

Acknowledgement:
Eu-Jin Goh pointed out this article to me and found me the CAPTCHA paper.

The end of helmet laws?

It happened while I wasn't paying attention... Pennsylvania has repealed it's motorcycle helmet law. In fact, 12 states have done so in the past year and only 20 states have such laws left. Why? Well, you amy recall that the feds blackmailed the states into passing the laws by threatening to withhold highway funds. That law was repealed in 1995 and presto...

There's the usual griping from the public health types:

"We're not hearing anyone out there clamoring to get rid of DUI laws that save lives," David Blunk, executive director of the Pennsylvania chapter of the American College of Emergency Physicians, told the AP. "We don't hear anyone clamoring to get rid of seat-belt laws that save lives."

I think this is an interesting point, though not the one that Blunk probably means to raise. It's pretty clear that DUI laws are somehow qualitatively different from helmet laws. Driving drunk is a danger to other people as well as yourself. But why is there such a strong movement to repeal helmet laws but not seatbelt laws? AFter all, they both pretty much affect only someone's individual health (and yes, the negative externality of their care if they're injured, but the point is that they're the same in this regard). And yet, motorcyclists were able to mount a really serious multiyear compaign to get rid of helmet laws these lines whereas drivers never did the same. So, why the difference?

I've got three theories:

• The experience of riding a motorcycle is really different with a helmet than without, whereas it's easy to forget you're wearing a seatbelt. Myself, I find going helmetless terrifying, but I know lots of people who think it's the essence of motorcycling. I can't see anyone saying the same thing about seatbelts.
• Motorcyclists--who already think of themselves an oppresses subculture--saw the helmet laws as part of a campaign being waged against motorcycles in general by drivers and insurance companies. Thus, even motorcyclists who would never think of not wearing a helmet backed the anti-helmet law campaign.
• (Speculation alert) It seems like it would be much easier to get busted for riding helmetless, since cops can see it as soon as they see you. You can not wear your seatbelt and probably get away with it unless you're actually pulled over or the cops are really cracking down. So, if you don't like seatbelts, you just don't wear your seatbelt, but if you don't like helmets, you're hosed.

Whatever the reason, I'm glad to see the helmet laws go. I won't be riding without my helment, but I have friends who will.

Take me to Cuba or I'll turn on this phone

The BBC is reporting on a British Civil Aviation Authority's study showing evidence of cell phone interference in airplane operations. Well, sort of:

• This is relatively old avionics, certified to the pre-1989 standard.
• It wasn't standard airline equipment, but rather general aviation stuff.
• It was on a test bench, not installed in a plane, although they obviously tried to make things similar.
• The field strengths used were enormous (>30 volts/m). This is the kind of power you would get with a 2 watt phone at 30 cm (1 foot).
• Modern cell phones have maximum powers more in the .5 watt range (modern CDMA phones are more in the .2 W range), so the level of interference should be correspondingly lower.

More to the point, if small consumer devices can put out enough interference to cause a safety hazard in an airplane, we've got a pretty serious problem. It's trivial to build a much more powerful RF emitter and at the moment we don't do anything to keep them off planes. If this is a safety hazard, it's probably time to start hardening our avionics before some terrorist decided to bring down a plane with a phone.

However, I doubt the situation is anything like that. Based on reading the report. It's more that cell phones can cause low-level interference which somewhat annoys the crew. But the way you find out whether that is serious is not by using the test bench, but rather by running controlled blinded trials with people inside the plane and measuring the amount of operational disruption. Compared to the amount of operational disruption one drunk guy or a two year old can cause, I bet cell phones are pretty minor.

Unisys says "you're welcome"

So, the patent that covers GIFs is expiring soon, causing a bit of consternation. A bit of background: when you send pictures over the Internet, you want to compress them. The standard way to compress non-photorealistic images is something called GIF (standing for Graphics Interchange Format). GIF was invented by CompuServe but makes use of Lempel-Ziv-Welch (LZW) compression (which you'll recall if you slogged through my article on data compression.

The thing is, LZW is patented and the patent is held by Unisys. Unisys didn't do much with it and GIFs got real popular on the web but then in 1994 Unisys started enforcing the patent. The commercial implementations just licensed, of course, but the Open Source guys didn't. Instead, they started adopting a new standard called PNG. Initially, PNG was basically GIF with the unpatented LZ77 algorithm replacing LZW. Over time, like most engineering artifacts, PNG accreted features and now does some stuff that GIF doesn't do. Still, the two are mostly substitutable and uptake of PNG hasn't been that great. IE, for instance, still doesn't support it completely.

There are two interesting things in this article: First, now that the GIF patent is expiring, it's not clear how much of a reason PNG has for existing. Sure, it's probably better, but is it enough better to substitute for something that's basically standard? I'm no expert on this topic, but from the CNET article, I get the idea that a lot of the enthusiasm for PNG is commitment to the idea of PNG and/or a desire to make a statement than anything else. If other EG readers think otherwise I'd be interested to hear their opinions.

Second, in a classic demonstration of chutzpah, Unisys tries to claim credit for PNG.

But Unisys credited its exertion of the LZW patent with the creation of the PNG format, and whatever improvements the newer technology brought to bear.

"We haven't evaluated the new recommendation for PNG, and it remains to be seen whether the new version will have an effect on the use of GIF images," said Unisys representative Kristine Grow. "If so, the patent situation will have achieved its purpose, which is to advance technological innovation. So we applaud that.

Yeah, right.

Dude, it's a search engine!

The basic facts of the case are these. Some student at Rensselaer Polytechnic set up a local network search engine. The RIAA found out, said he was facilitating piracy, and made him settle for $12,000. The news coverage here is really terrible: the student, Jesse Jordan, claims that the site in question, ChewPlastic, was just a generic search engine that happened to search out music as well. The RIAA hints differently but doesn't actually say so. It would be pretty easy for ABC to have worked out what was up, but apparently they didn't bother. I can't really tell, either from looking at the site or the coverage. If it is in fact a generic search engine, then the RIAA's position starts to look pretty silly. Do any EG readers know the whole story?

AOL's new encryption thingie

AIM's new beta of AOL Instant Messenger supposedly has an end-to-end encryption feature. Being the kind of guy I am, I had to check it out.

Yes, the new AIM seems to have end-to-end encryption. Based on DLL names, it appears to be S/MIME.

No, you can't use it. The way things work is that you have to acquire a certificate and that's not automatic. The new client absolutely has a button that lets you do this but it only works in an enterprise setting--i.e. if your company has signed up for it. There is some way to import a certificate from a PKCS-12 file, but it didn't immediately work with my Entrust certificate so we're talking a major hard-hat area here. I also have no idea how AOL intends for you to bind certificates to AIM handles.

Not ready for prime time.

Even more on Peoplesoft

Kevin Dick pointed out to me earlier that even though Oracle's proposed price for Peoplesoft stock is higher than market, it may still be rational for Peoplesoft to hold out for more. The current Peoplesoft has to compete with Oracle. One that didn't have to would likely be worth more. It would be reasonable to expect that Peoplesoft execs would want their stockholders to share in some of the surplus. However, the way to do that probably isn't to say "we won't sell at any price" but rather "we don't think Oracle is serious because the price they're offering is so low."

More on Peoplesoft

Another funny thing about the coverage is the suggestion that just having Oracle make the offer is somehow bad for Peoplesoft:

In a statement, PeopleSoft CEO Craig Conway said the offer amounted to "atrociously bad behavior from a company with a history of atrociously bad behavior. Obviously it is a transparent attempt to disrupt the acquisition of J.D. Edwards by PeopleSoft announced earlier this week."

and

Ted Kempf, an analyst with market researcher Gartner said Oracle's proposed deal could effectively freeze demand for PeopleSoft's products. "This (proposal) is not good for PeopleSoft in terms of their current pipeline (or for) anybody that's contemplating going with PeopleSoft in current purchases or new purchases. My recommendation to people would be to hold tight...I wouldn't make any massive purchases right now."

Of course, the market doesn't seem to think that it's bad for Peoplesoft, since the very next sentence tells you that Peoplesoft is up 18%.

One time when you really can't trust management

As you may have heard, Oracle has offered to buy Peoplesoft for $5.1 billion in cash. If you read the business press, there's a lot of talk about this being a "hostile" takeover bid and Peoplesoft's CEO, Craig Conway, sounds pretty unhappy here:

"I could imagine no price nor combination of price and other conditions to recommend accepting the offer to our shareholders," Conway said in an interview with Germany's Euro am Sonntag newspaper, published on the paper's website.

Of course, from an economist's perspective, this is all smoke. Remember that the purpose of a corporation is to generate value for its shareholders. If someone offers to buy your stock at 6% over it's current market price, that's great from the perspective of the shareholders! So, what's Conway's problem? Well, if Oracle buys Peoplesoft and integrates it into Oracle, he's probably out of a job, which can't make him very happy. But why exactly should I as a stockholder care about that?

Pretty much the only reason that a rational stockholder would think that an acquisition over the current stock value was a bad idea was if he thought the market price badly underestimated the true comporate value. However, anyone who believed that should be immediately acting to lock up large amounts of stock at the current market price. Accordingly, I propose the following modest solution to this particular principal-agent problem. Whenever corporate management rejects a hostile takeover bid, they should individually be required to buy say 5% of their net worth in their company stock at the current price. If they think that their stock is undervalued, that's a fine deal. If not, maybe they need to think harder about what produces shareholder value.

What good is quantum crypto?

Here's a report that some guys from Toshiba have made quantum cryptography work over a range of 100 km. That's a pretty nice technical achievement, but what's the use case for this stuff again, given that it's vastly less convenient than conventional cryptography?

The usual argument you hear from the quantum crypto guys is something about how someday quantum computers will render all conventional crypto irrelevant and then we'll have to use quantum crypto. Well, quantum computing may someday work, though I'm a bit skeptical, but that really doesn't have any bearing on whether you'll be using quantum crypto or not. Remember that we haven't even gotten to the point where people have broadband Internet connections to their houses. The day when they have quantum crypto-capable optical links might as well be infinitely far in the future for all the difference it's going to make in your life.

I suppose it's possible that someday national security agencies will fall back on quantum crypto for incredibly high value traffic, but just as likely they'll fall back to one time pads. The article linked above claims that banks will be early customers, which I suspect is just wishful thinking. For years, banks used DES, which was known to be quite weak. I doubt they're going to move to quantum crypto any time soon.

They all look alike to me

I knew eyewitness reports of crimes were unreliable but I didn't realize just how bad they were. Today I came across Gary Wells's web site. Wells is a professor of psychology at Iowa State who has spent the past 20 years or so studying eyewitness testimony, and man is the situation depressing.

One of the main areas of research is identification from lineups. The standard procedure, as anyone who has watched Law and Order knows, is to take your suspect and a bunch of other people who look sort of like him (fillers) and show them all to the witness together. The witness is then asked if the perpetrator is in the lineup. This has a number of problems, the most serious of which is a lot of false identifications. It appears that the witness feels pressure to pick out someone and therefore picks out the subject who looks most like the perpetrator, whether it's actually him or not. Current studies suggest that simultaneous lineups have false alarm rates of up to 27%.

A better lineup would be:

• Sequential presentation rather than simultaneoue.
• Have the person running the line-up not know who the actual suspect is to avoid them cuing the witness.
• Tell the witness that the suspect may not be in the lineup to avoid their temptation to pick someone.

The sequential procedure isn't dominant since the total identification rate of actual culprits appears to be only 35% (as opposed to 50% for simultaneous lineups) but the error rate is much better (the false positive rate is only 9%). Since we're trying to convict guilty people, not innocent people, we should be using a test with a better signal/noise ratio.

Wells has been on a campaign to get police departments to change their procedures, with only limited success. Unfortunately, police have been pretty resistant to the new methods. It's not entirely clear why but one might suspect that they don't like the idea that they would get fewer total identifications and therefore lower rates of crimes "solved". Also, changing their procedures now might cast doubt on previous convictions achieved with other methods.

In any case, it seems like it's well past time for a change. We've learned a lot about how to elicit accurate testimony in the past 10-20 years and police should be using that to get the most accurate results possible.

Arnold Kling on health care

Arnold Kling makes the standard argument for how to pay for health care without getting the government involved (much). This isn't exactly the way I would have phrased things, but it's pretty close to it.

The one thing he doesn't talk about is how to deal with the usual insurance moral hazard and adverse selection problems. I think that does require a bit more attention than he gives it.

Doctor's relationship to patient lifestyles

Chris Rangel has a long meditation on how he should treat obese patients. Here's the key paragraph:

Emphatically I disagree with her. I don't think physicians are paying enough attention to obesity nor are they "pushing" their patients hard enough to loose weight. I don't think that a few horrific examples of physicians with less than perfect bed-side-manners means that we should as a profession start treating our obese patients with "kid-gloves". And sometimes it takes a hard line in order to get the point across to these patients. Many times you must be blunt whether the patient likes it or not. I once had a severely obese 40 year old patient with poorly controlled diabetes, high cholesterol (despite medical treatment), high blood pressure, who continued to smoke. After several visits over many months where she was not showing any signs of following any of my recommendations for a healthy lifestyle I had to take a hard line. I sat her down and basically told her that without significant changes in her diet, weight, activity levels, and continued smoking that in all likelihood she would not live beyond her 50s or early 60s. She didn't like this. She broke down in tears but was this a case of me not being compassionate? What is the definition of compassion for a physician? Should we approach obesity in a politically correct manner or treat it as the health problem that it is? Imagine if we had the same "it's OK" attitude towards substance abuse and smoking!

First, let me get my biases on the table: I don't care whether people are fat. Sure, it reduces their lifespan, but it's their life, not mine. So, if they've decided that they'd rather be fat than do whatever it would take to lose weight, then that's perfectly fine with me. I don't think it's some kind of moral failing, just a choice that people have made. It's not the choice that I would make, but then even though I wouldn't choose to learn to square dance or eat cauliflower either, I don't disapprove of people who do. Similarly, if someone wants to smoke or take up a dangerous sport, that's their business.

Given that, I think what's appropriate here is for the doctor to communicate to the patient "Your lifestyle is unhealthy. It will likely have the following negative consequences. Here is what you would have to do in order to mitigate those consequences." If the patient responds, great. If they don't, that's fine too. They've made their choice. But once it's clear the patient understands and has made a different choice, the doctor should accept that. I certainly wouldn't want to go to a doctor who kept bugging me about it after I'd made it clear that I understood the consequences of my behavior and I had no intention of changing. [0]

Just so it's clear, I can't tell from Chris's post exactly what his position on this matter is, so maybe we don't disagree. However, if he thinks that physicians should keep after people who don't want to change, I'd be interested in understanding why.

[0] I'm ignoring for the moment the effect of obesity-related disease on other people's health care costs. I wish our health payment system was designed so that that wasn't an issue. This is a classic moral hazard problem and it's not insoluble. In any case, I don't want my doctor being the enforcer of the public good. I want them to have my best interests at heart, and that means attempting to internalize my preferences even if they don't match their preferences.

The Public Domain Enhancement Act

Larry Lessig is pushing the Public Domain Enhancement Act. The idea is simple: there is lots of copyrighted material that has essentially defunct. There is no current owner who cares about it or is making money off it and yet the rest of us are prohibited from using it freely. The PDEA would require a re-registration (at a cost of $1) 50 years after the initial copyright. If the owner doesn't reregister, the work would pass into the public domain.

In my view, this is clearly a good idea. The nominal fee allows us to measure what economists would call "revealed preference". If people aren't willing to pay even $1 to maintain a copyright, they must value it at less than $1--in fact, probably not at all. Any measure which harms one person by <$1 and benefits the rest of us to any degree at all is about as close to Pareto-dominant as you can get in politics. If you agree, I urge you to sign their petition.

The last thing you need is a new TCP

Here's a good example of how the media can really botch a story. Now, check out this New Scientist article about Fast TCP. Now, upon reading this article, don't you get the impression that when Fast TCP is implemented you're going to suddenly get a massive speed boost? You're not. What's going on here is subtle and only really interesting for very high speed connections. To understand it, you have to understand something about how the Internet works. Hence the following explanation.

Packet Switching
The basic Internet protocol isn't TCP but rather is something called IP (Internet Protocol). IP is what's called an unreliable datagram protocol. What that means is that the only thing that IP can handle is single small messages (where small typically means around 1000-1500 bytes) called packets. In order to get from my Web server to your browser a packet traverses a large number of routers (computers which switch packets) physical network links (phone lines, Ethernet links, etc.) connecting them.

To make thing interesting, those messages may or may not get delivered. Any router along the way may decide to drop a packet for any reason whatsoever. And it won't tell you that it did or why. The packet is just gone. This may sound stupid, but it's actually quite clever, because it pushes all the intelligence into the edge of the network. Consider what happens if a link temporarily goes down. If the router had to hold all the packets destined for that link, it would quickly run out of memory. This way, the sending computer has to worry about it. Because there are a lot more sending computers than routers, this is a very efficient way to do things.

Sliding Windows and TCP
So, how do the end-systems make sure that data gets delivered. In the Internet, this job is primarily done by the Transmission Control Protocol (TCP). Let's take a quick look at how TCP works.

Say you have a large amount of data to transmit. The first thing you do is break up the data into a series of segments small enough so that each segment can fit in a packet. Once you've done that, you've got to arrange that the segments get delivered to the remote end and not lost on the way. The obvious way to do this is to send one segment at a time. When the receiver receives a packet, it sends you an acknowledgement (called an ACK). When you get the ACK you send the next segment. If you don't get it within some timeout period (say 500 milliseconds) you retransmit the segment. This is called a stop-and-wait protocol.

The basic problem with a stop-and-wait protocol is that it's not very efficient. It takes time for packets to get from point A to point B and the entire time that the ACK is in transit, there is no data flowing from the sender to the receiver. A better approach is to use what's called a sliding window protocol. Instead of sending just one segment at a time, the sender sends several, with the maximum number being defined by the window size. Thus, while the ACK for segment 1 is in flight, segment 2 or 3 can already be on its way to the receiver. This way, the channel stays more or less full. TCP is a sliding window protocol.

Congestion Control
The tricky part is deciding how big the window should be, since that's determining how fast I'm transmitting. Remember that data from me to the you goes through a bunch of different links. Just because the link to my house can handle 1.5 megabits per second doesn't mean that all of those links can. If I transmit at 1.5 Mbps, and one of those intermediate links can only handle 128 kb/s, then that link will get full and packets start getting dropped. This is called congestion.

In order to avoid creating congestion, TCP has congestion control algorithms designed to detect this situation and transmit slower (this is called backing off). In classic TCP, it was assumed that dropped packets always indicated congestion. So, if you had to do a retransmit, you also backed off on the transmission window. However, this strategy is both not aggressive enough and too aggressive. Fast TCP is concerned with how it's too aggressive but first I'll quickly discuss how it's not aggressive enough.

The problem with classic TCP is that once you start getting packet drops, you've already got congestion. So, you're not avoiding congestion, you're just controlling it once it happens. That's not terrible, but we could do better. There are two main approaches to making the algorithm more responsive, random early detection and Explicit Congestion Notification. In RED, the routers start dropping the occasional packet when they start to detect signs of congestion, thus signalling the sender to back off. In ECN, the routers actually tell the senders "I'm seeing some congestion" so that they know to back off. The idea behind ECN is to give more specific information, because packet drops can happen for other reasons besides congestion.

What is Fast TCP?
The fact that packets can get dropped for other reasons than congestion is the key to understanding why TCP's congestion control can be too aggressive. When you're moving a lot of data around on a fast network, occasionally packets get lost just due to random glitches, not due to real congestion. When TCP detects congestion, it backs off pretty hard, typically cutting the window size by a factor of 2 or so. On a very fast network, even a small amount of drops can mean that you never get to really fast transmission rates and so you can't use the network as efficiently as you would otherwise want to. Fast TCP is basically a slightly different set of congestion control algorithms that allows more efficient utilization on very high speed networks.

So, what's the impact for you? Zippo. TCP actually does a really good job at getting close to 100% utilization of ordinary network connections of the kind you probably have. Fast TCP is really only useful for gigabit-scale network links, and it's going to be a while before you have something like that going to your home. But you wouldn't know that from reading the media coverage.

Further reading:
Sally Floyd is probably the world's expert on TCP and congestion control, and her web page is a great place to start.

Is there a difference between software and media?

Naturally, Ed Felten covers the BSA claim that piracy is down. As I've mentioned I'm very skeptical of this claim. Even the alleged 49%-39% difference seems to me to be well within the possible margins of error of the BSA's methodology. The fact that BSA doesn't seem to have made any attempt to estimate the margin of error isn't encouraging.

Ed suggests that this is a lesson for the media industry:

These are interesting data for the debate about music and movie copyrights. For software at least, the infringement rate is going down, and the U.S. has the lowest infringement rate. The software industry must be doing something right.

I think there's some kind of lesson here, but I'm not sure what it is. A 39% infringement rate is pretty high. Even the 23% infringement rate quoted for the US is pretty high. The lesson to learn may be that an industry can still make a lot of money even if there's a lot of illicit copying going on and so the media guys shouldn't be so hysterical about it.

Martha Stewart, etc.

So, Martha Stewart has been indicted. Here's the funny thing, though. Although she's been indicted for securities fraud, it's not as a result of her behavior with respect to ImClone but rather that she allegedly made false statements about the ImClone matter in order to prevent damage to MSLO (her own company) shares. Something seems a little fishy about the fact that all of the counts of the indictment are of the "obstruction of justice" variety and not of the insider trading variety. Can't they prove the insider trading stuff? (Credit goes to EG reader Kevin Dick for pointing this out.)

More ranting about paying for health care

There seems to be something about health care policy that brings out the worst technocratic central planning instincts in people. Milton Weinstein's opinion piece in the Washington Post is a good example.

The first difficulty appears to be that Weinstein doesn't understand what the word "rationing" means:

Fact: There is no way for everyone to get every medical service that might do some good. It would cost billions more than employers and insurance companies and our economy could afford. So medical services have to be "rationed" -- parceled out to some and not others.

But that's not what rationing means. Rationing doesn't mean that some people don't have a commodity. Rather, it's a specific way of dividing up access. After all, there isn't enough beachfront property in Malibu to go around, so lots of people don't have it. Yet, we don't say that Malibu beachfront is rationed. There are four basic ways to limit access to some scarce commodity:

• Rationing--some central authority decides how much each person gets.
• Queuing--there's a waiting list for access and so people self-determine whether it's worth waiting in line.
• Lotteries.
• Markets

In this society, we divide up most scarce commodities with markets, not rationing. Ordinarily I wouldn't harp on this point quite so much, since it's just a terminological issue, but Weinstein uses it to transition to his main point, which is that he wants a centralized rationing system:

There is a better way to ration health services. It relies on an evidence-based analysis of the value we get from a specific medical treatment or service. We can use established scientific methods to measure how much health benefit each service could give to every patient, in terms of longer life and improved quality of life. We can value longer life in terms of added months or years of life expectancy, and we can value improved quality of life according to people's preferences -- how much weight they place on various health improvements. By combining these two measurements, we can quantify health value in units known as "quality-adjusted life years," or QALYs. Finally, we can calculate how much each service costs and how much of the cost will be offset by future savings through prevention.

With such information, we can then rank various services according to how much benefit they offer per dollar spent -- value for money. Within a health plan, services would be provided starting from the top of the list, down to the point where the insurance company's or Medicare's money runs out. The services that offer the most health value would get the highest priority for coverage, and physicians would be entrusted with judging that value based on the scientific evidence and their patients' preferences. It's still rationing, and some people don't like the very idea of it. But it's better than the arbitrary system we have. Doing it this way will improve health care, and the affordability of health care, for more people. This is rational rationing.

Ah... the return of central planning.

The problem with this sort of central planning, of course, is that it assumes that everyone in the same situation has the same set of preferences. In practice, this is not the case. Thus, some people really value their lives and are willing to spend a lot of money in order to preserve them. Some people do not. Weinstein's plan would deny the former care and provide unnecessary care to the latter. Neither outcome is efficient, but it's what you get with central planning.

Can we do better? Of course we can: we let the market do its thing. Not something of which Weinstein approves.

This kind of value analysis can go a long way toward controlling the spiraling cost of health care in America. It's certainly more rational than trying to control health care costs by making consumers decide what services to get based on price, or making things such a hassle that some people will go away and get nothing.

The basic problem here, actually, is thinking that the object is to control health care costs. It's not. Health care is a service just like any other. If people want to plonk down more of their money on health care, there's absolutely nothing wrong with that--even if they don't have the same set of preferences that you or I might have.

Now, the major obstacle here, of course, is that you're not paying directly for your health care. That means that you have to negotiate with the insurance company (in advance) for what services you want them to provide. But the idea that the only way this decision can be made is by some central authority based on quality adjusted life years as silly. Just as you can get different auto insurance policies (e.g. with or without the rental car option) so you should be able to get different health insurance policies with different services provided. The fact that you can't do this as much as one might like now (though you can to some extent) is mainly an artifact of the weird way that Americans get health care provided--through insurance even when the necessary services are thoroughly predictable. But that's a bug, not a feature.

Don't get me wrong here. I'm a big fan of evidence-based medicine. It's a critical tool for patients to decide what services they want to purchase. What I'm objecting to is some doctor somewhere deciding for everyone what procedures are and aren't worth doing.

Update 1127:
Kevin Dick points out in the comments section that QALYs or some similar metric do make a useful sized chunk to buy insurance in. That's perfectly cool. My problem is with some global effectiveness threshold.

Is 39% different from 40%?

Just read over the Business Software Alliance Global Software Piracy Study. This seems to be one of those cases where the spin is vastly overreaching the data. 2001's piracy rate was 40% and 2002's is 39% so their claim is that we're seeing a decline. Unfortunately, their methodology could best be characterized as handwaving. Essentially, they have a bunch of scaling factors to estimate total software market from legal software market. These factors seem pretty ad hoc. When you don't see error bars, that's not a good sign.

Mommy, Novell is being mean to me

When the going gets weird, the weird turn pro. Now, SCO is threatening to sue Novell.

A mileage tax?!?!

There must be something in the water up in Oregon. Wired reports that cars have gotten so efficient that Oregon is no longer collecting enough money from the gas tax. Their fix? Not raise the gas, tax. That would be too easy. Instead, they want to put GPS boxes or electronic odometers in cars to measure how far people actually drive. Their reasoning:

However, the tax rate hasn't changed since 1991, and the more fuel-efficient cars on the highways are sucking down far less fuel. The result, according to Whitty, is that tax income hasn't been able to keep pace with inflation, or with the need for additional road repairs due to increased traffic.

The traditional solution has simply been to raise the tax rate, but that approach is always unpopular with voters. Instead, the state created Whitty's task force in November 2001 with the mandate of studying a variety of alternative sources of income. The leading candidates use electronic boxes in cars to scrutinize driving habits.

Hello! The thing people don't like about the gas tax isn't that it's a gas tax, but that it's a tax! They don't like paying! If your mileage tax is going to collect more than the gas tax does money, they're going to be paying more. Why would you think they'd like that any better? People aren't that stupid.

Worse yet, it gives people the wrong incentives. Forget about the revenue raising aspects for a second and imagine that you made the tax revenue neutral. Now, to the extent to which it collects different amounts of money from people than it does now, then it encourages people to buy less efficient cars than they do now. Why is this a good thing?

The article closes with an even stupider quote from Mr. Whitty:

However, Whitty noted one perk that would accompany the elimination of the gas tax. "The price of gas will come down," he said.

Yeah, but the price of driving will stay the same or, more likely, go up. Where the heck did they find this guy?

Licensing for tour guides?

Here's an NPR story that sets my libertarian and scientific impulses at odds. It seems that Justin Ferate wants New York to have a stricter licensing standard for tour guides involving knowing more facts about New York City. Licensing for tour guides? What the hell is up with that? Is there any occupation that the government doesn't think it needs to regulate???

On the other hand, the opponents come off looking pretty stupid too:

But opponents of the test like Jane Marx, who's been leading tours of the city for 23 years, say no test -- especially one written by a single individual -- can measure a tour guide. A tour is more than facts or stories, she says.

"I want insight and humor, and I want something that makes me think about what I am looking at, or who I am, or why I chose to be here beyond the tour," Marx says.

This may be true, but just because there's more to being a doctor than knowing a bunch of facts about organs, that doesn't mean I don't to see some evidence my doctor knows anatomy. Just because you can't measure everything doesn't mean that it's not worth measuring something.

Amazingly, noone in this story seems to come up with what I consider the obvious objection: what business does the city have regulating tour guides in the first place? Does that just not occur to anybody over at NPR?

Update 1505:
Kevin Dick points out that the next to last paragraph is confusing. The point I was trying to make is that just because someone's performance can't be measured completely doesn't mean it's not worth trying to measure it at all. He's quite right that I'd be perfectly happy to have private licensing of doctors. However, if that were the case I would almost certainly choose one which actually had a high rating rather than one which did not. That was the point I was trying to make.

Barbra Streisand vs. Ken Adelman--bad move, Babs

So, Barbra Streisand is suing Ken Adelman because Ken's California Coastline survey shows her house. The background here is that Ken has taken a large number of aerial photographs of the California coast. One of these photos just happens to show Barbra's house.

I've got two comments here. First, this is a stupid lawsuit. There's no reason in the world, that Barbra should be able to restrict the distribution of this kind of photography. If you don't want your home photographed from the air, get yourself a bunker. Second, I know Ken Adelman and he's noone to trifle with. In my opinion, Barbra will be lucky if the worst thing that happens to her is that she loses this lawsuit quickly and cleanly and that Ken doesn't find some way to really punish her. For instance, Ken's publishing (and making fun of) all the people who write in to complain. One woman called him to complain and Ken looked up her Caller ID and then published her name and home address. If you don't want to be exposed to public humiliation, don't piss Ken off.

Severe and Acute

Christopher Hitchens complains in Slate about medical naming:

Who gets to decide about acronyms? There's been a qualitative decline lately. The most recent instance is that of SARS, or "severe acute respiratory syndrome." Severe and acute? The redundancy cries aloud. Was someone trying to avoid ARS? For a long time AIDS had no name, but then it was an immune deficiency syndrome. Not only that, but an immune deficiency syndrome that was "acquired." Well, obviously it had been acquired. Was someone trying to avoid IDS, with its Freudian sexual-pathology overtones?

I can't tell if Hitch is just being flip or really is as ignorant as this makes him look. In any case, neither acronym is redundant. In medical terminology, "acute" doesn't mean that something really bad but rather that it's a (hopefully) temporary condition rather than a chronic one. In this case, the Acute differentiates SARS from something like emphysema. Similarly, the "acquired" in AIDS is relevant because there are immune deficiencies that aren't acquired, but rather you're born with. There's certainly room to complain about medical terminology, but this target seems pretty ill-chosen.

Unknown error? Unknown error????

Oh, did I mention what the problem with Quickbooks was? It was trying to make an SSL connection to the payroll server but somehow my clock had gotten set to 2037 so the server's SSL certificate didn't work. Of course, neither Quickbooks nor Windows told me this. They just said "Unknown Error". Programmers who generate this kind of error should be shot. As a matter of good programming practice, all error messages should come with some kind of unique identifier so that you can tell where in the code the error was thrown from. This doesn't have to be easily available to the user, but tech support should be able to get at it.

Did I mention I hate technical support?

I've just spent about an hour on the phone with Intuit technical support trying to get my Quickbooks Payroll Service account working after I installed Quickbooks Pro 2003. We finally got it working, but I was reminded of why I hate tech support: their processes assume that the customer is an idiot. So, I was having a networking problem. That meant we had to go through the whole "networking problem" checklist, including rebooting multiple times, turning off my firewall, pinging other servers, etc. despite the fact that I could use my SSL traffic sniffer to see that the network was working perfectly. My repeated attempts to tell the tech support people this were simply ignored. I wish there were some certification you could get that would allow you to bypass first level technical support.

What's wrong with beer?

Was at the San Francisco Black and White Ball this weekend. Overall, it was a good time, but there's something that really annoyed me--the lack of beer. First, the only beer they were serving was Heineken (tolerable) and Amstel Light (barely acceptable). This would have been understandable as recently as 15 years ago, but the US has undergone a revolution in beer quality in the past 10-15 years and there are now lots of high quality craft brews that are much better than either of these. Red Hook, Sam Adams, and Sierra Nevada are pretty standard. And of course, there are the old standards like Bass and Guinness. But I don't like wine so I was willing to live with this. At least it wasn't Budweiser.

What wasn't acceptable was that halfway through the evening they just ran out of beer completely. I suffered for a while trying to drink other stuff but just couldn't. Finally, at 1 AM Terence and I walked through a rather unsavory part of San Francisco to the local convenience store and brought home a six-pack of Sierra Nevada (chosen because it's a good beer with twist-off caps so I didn't need an opener.)

But my question here is this: what's the problem? Can you imagine a party like this only serving white wine and then running out? Of course not. Everyone knows that there's both red and white wine. What maybe they don't know--but beer drinkers do--is that there's just as much variety in beer as there is in wine. So why is it acceptable to only serve low-end German lagers and then not even to have enough?

My first pass guess at the answer is that the organizers of the ball drink wine and think of beer as a lower class drink not drunk by "our kind of people". That's not true, though. There were lots of people at the ball standing around looking for beer and getting thirsty and grumpy when they couldn't find any, just like I was. Beer drinkers of the world unite!