Educated Guesswork

And thus begins the rainy seasosn

Woke up this morning to the sound of raindrops on my skylight, signalling the beginning of the California rainy season, something that in retrospect I should have predicted when it suddenly turned cold yesterday. I just started riding my bike seriously again two weeks ago, so I think I'm going to have to skip today. I'm just not ready to go out and get soaked. Before people write in--yes, I do have rain gear. No, it doesn't really keep you dry, just less wet.

An experiment in backward compatibility

You've probably noticed the new $20 bills. After all, the Treasury has been running a some very silly ads telling you about it. Unfortunately, the message doesn't seem to have gotten out to all the grocery stores of the world [*]. AP is reporting that a bunch of the automatic payment machines are rejecting the new bills.

There's an important lesson here for protocol designers: if your system is successful (meaning in this case that people want to use your currency) then there's going to be a lot of installed base. If you change anything, compatibility with that installed base is going to be a problem. this is a particular problem with security systems, where the imperative to reject anything unusual clashes with the flexibility needed to handle new situations. You can always offer upgrades but that doesn't mean that people will take them.

To their credit, the operators of the affected machines seem to be handling the situation in stride. They're advising people to trade in their new $20s for old $20s before using the payment machines. It would be nice if networking protocols handled upgrade as well. For years after the deployment of SSL version 3 (in 1995!), there were web servers that could only handle SSL version 2. Only recently has it become mostly safe (in terms of probability of being compatible) to go around with a browser that only speaks version 3.

The truth is out there

I've always suspected that science was somehow responsible for the problem of flesh gouging zombies. Despite my suspicions, I've never had any proof. That is, until now.

Now that explains things...

Perhaps you've noticed that Easterbrook, though otherwise apparently an intelligent, seems completely unable to understand science. Carl Zimmer delivers the key piece of evidence to explaining this via Kieran Healy. Apparently Easterbrook thinks that Intelligent Design theory (warmed over creationism) is a good idea. [*]. I won't address Easterbrook's arguments in the article here except to say that I-D is ludicrous [*]. However, I think there is a pretty clear pattern emerging, which is that Easterbrook's religion is interfering badly with his ability to actually assess the scientific evidence. Not that that's rare of course; it's just rare to see someone do it in the fairly secular national press.

Gregg Easterbrook says string theory is stupid

Gregg Easterbrook is doing his patented "I don't understand it so it must be nonsense" schtick again again [*] Today, his target is string theory [*]:

But the article left out the really interesting part, which is what the question of other dimensions says about the spiritual debate. At Yale, Princeton, Stanford, and other top schools, researchers discuss ten unobservable dimensions, or an infinite number of imperceptible universes, without batting an eye. Scientists banter offhandedly about invisible realities that might incorporate trillions of billions of galaxies, and suppose such things are real in spite of there being no physical evidence whatsoever to support such speculation. No one considers discussion of other dimensions to be peculiar. Ten unobservable dimensions, an infinite number of invisible parallel universes--hey, why not?

Yet if at Yale, Princeton, Stanford, or top schools, you proposed that there exists just one unobservable dimension--the plane of the spirit--and that it is real despite our inability to sense it directly, you'd be laughed out of the room. Or conversation would grind to a halt to avoid offending your irrational religious superstitions.

Unfortunately, yet again Easterbrook is having some trouble with how science works. Although his writeup doesn't make it clear, there are actually two things being discussed here, string theory and the many worlds interpretation. String theory first.

String Theory

Let's start with his apparent confusion between "dimensions" and the many-worlds interpretation. Despite what you may have gathered from The Adventures of Buckaroo Banzai Acroos the 8th Dimension, when scientists talk about other dimensions they're not talking about parallel worlds. In order to talk about one's position in space-time, we're used to thinking of needing 4 coordinates (3 for x,y, and z, and one for time). Those are the four dimensions. But it's possible that there are actually, more dimensions on which it's possible to have a position, except that in ordinary life one's position doesn't vary along them, at least not much.

The common analogy here is to a garden hose [*]

An analogy with a garden hose can be helpful. From a distance, a garden hose looks like a long one dimensional object. From a closer vantage point (or from a long distance using a visual aid) an additional dimension --- the circular dimension winding around the hose --- becomes evident. Thus, depending on the scale of sensitivity of the observer, the hose will either appear as one or two dimensional.

Which brings us to Easterbook's claim that there's no evidence for these other dimensions. Well, it depends exactly what you mean by evidence. The basic problem we're facing is this: the current accepted physical theories (relativity and quantum mechanics) don't really work correctly at the margins. So, a lot of the work in theoretical physics has been to try to construct a theory that would work better. The challenge here is to design a theory that's both consistent with the known results and doesn't predict ridiculous stuff. That turns out to be a lot harder than it sounds and one of the few strategies that seems to work is assuming that there are a lot more dimensions.

What's particularly misleading about Easterbrook's claim that these dimensions are "unobservable" is that they're only unobservable in the sense that we don't have good enough instruments to observe them now. But they're predicted by our best theories and we're currently looking for them. This is actually a familiar situation with physics. For instance, at one point positrons and black holes were both things we'd never observed but that were predicted by theory. That's how science works.

Many worlds interpretation and parallel universes

The question of multiple parallel universes is a little more problematic. It's like this: quantum mechanics has some built-in randomness. In particular, it's possible to have a situation where you don't know what measurements you will get until you make them. You just know they'll be randomly selected from some set. [*]

The problem here is that the math just predicts what measurements you'll make and doesn't tell you how to interpret it. The conventional interpretation is what's called the Copenhagen interpretation, which roughly says that the possible states of the world all exist together (it's called a superimposed wave function) and that when we measure it we "collapse" the state into a single wave function. The special status of measurement is disturbing to a lot of people, and in 1957 Everett suggested a different interpretation, which came to be called "many worlds" which is that each time there are multiple possibilities the universe branches. The reason that you only observe one outcome is that you're only in one of those parallel universes. [*]. This, of course, is disturbing in other ways.

Thus, the situation with the many worlds interpretation is much like that with strings and parallel dimensions. There are valid theoretical reasons for thinking it might be right (though less good than with string theory) but at the moment verify can't verify whether it's true or not (it's not in principle impossible to verify many worlds but we're not entirely sure how).

The bottom line

Let's go back to Easterbrook's comparison between religion and physics:

Yet if at Yale, Princeton, Stanford, or top schools, you proposed that there exists just one unobservable dimension--the plane of the spirit--and that it is real despite our inability to sense it directly, you'd be laughed out of the room. Or conversation would grind to a halt to avoid offending your irrational religious superstitions.

It's now apparent that this argument is silly. First, this suggestion wouldn't be laughed at. On the contrary top schools are filled with religious believers. When I was at Yale, I saw a number of serious discussions about religion, in auditoriums filled with people who obviously believed. Heck, Yale even has a divinity school.

Where Easterbrook's suggestion would be laughed at, and with good reason, is in scientific discussions. As we've seen, there are good theoretical reasons for thinking that these currently unobservable physical constructs might exist. Thomist arguments aside, people who don't believe in "the plane of the spirit" generally don't think that there are good theoretical reasons for such a construct. I suspect that if Easterbrook could present such arguments and describe some experiments to test it, they would be willing to listen. If he can't do so, then it's not a scientific hypothesis and he shouldn't expect it to be treated as if it were.

On the other hand...

Actually, now that I think about it, there is one respect in which router-based broadcast flag enforcement could be said to work. The increased cost of routing hardware and the damage done by inspection will probably destroy the Internet, thus making it unusable for piracy--a result which I suspect would be totally acceptable to the MPAA.

TTLs and DRM (was: The stupidest DRM idea ever)

WARNING:
I wrote the post following the horizontal line before I'd read Seth Shoen's explanation of what's going on Ed Felten's Freedom To Tinker [*].

This is probably supposed to be a reference to the decision by the DTLA to allow DTCP over IP. One of the things that DTLA licensees are supposed to do when sending DTCP over IP is to set the IP TTL to 3, in the name of preventing DTCP data from being sent more than 3 hops over the Internet. (Obviously, this is very easy to get around using VPNs and the like.)

Presumably the connection between this and the broadcast flag got garbled somewhere along the chain. If the FCC adopts a rule permitting ATSC receivers to output to DTCP, the manufacturers can, under the DTLA license, then output these broadcasts over TCP/IP networks provided they set the TTL to 3. That doesn't mean that the broadcast flag itself is doing this (it's government regulation, not the flag!) or that the messages are really "self-destructing" (they're just expiring using the normal IP TTL decrement mechanism).

What's being described here is still stupid, but less stupid than what I thought was intended. It's trivial to circumvent--for instance, just route your mail through a mail relay--but at least it won't totally destroy the Internet.

I'm leaving the original post on EG, since I don't want to rewrite history (even to hide the fact that my knee did jerk a little bit, well, a lot...) and anyway I think it's interesting to understand why router-based content filtering won't work. Just remember that it probably doesn't apply to the actual FCC proposal. On the other hand, one does periodically see other schemes for router-based content filtering, so it is applicable to those.

---

Steve Bellovin pointed me to this New York Times article on the "broadcast flag", intended to stop people from retransmitting HDTV programming over the Internet. I've been working on a post on the broadcast flag which goes into more detail about it, but I just want to address one point here, which is the apparent total incomprehension inside the FCC of how the Internet works.

An F.C.C. official said, for instance, that the broadcast flag could contain software code that was recognized by computer routers in a way that the program would self-destruct after passing through three routers while being e-mailed by a user.

It's hard to even know where to start explaining why this won't work, but I'll give it a shot. Let's imagine the best case scenario in which every file that's protected starts with some fixed string, like say "PROTECTED" and then a counter and noone makes any effort to hide this string. So, routers could look for this string at the start of files and decrement the counter. When the counter reaches zero they break the connection.

This is a lot harder than it sounds. The Internet is a packet switching network. That means that the data gets broken up into small chunks (order 1 kilobyte) called packets and each packet is independently routed through the network. When a router gets a packet, all it looks at is the header, which contains the destination address to which it needs to route the packet. In order to make the scheme being described work, the router would have to look into the contents of the packet, which is something it's not designed to do. This isn't just a matter of a little reprogramming. High speed routers do their switching in expensive custom hardware.

But say you've got a router without this expensive hardware and you're willing to do some programming to inspect the packets. You've still got a big problem because the data could be anywhere in the packet. You see, when you send a file to someone in e-mail, the file doesn't travel by itself. Instead, it's got a bunch of enveloping information. So, the data being transmitted on the network might look something like this:

From: ekr@rtfm.com
To: recipient@example.com
Subject: Here's a file
Content-Type: multipart/mixed; boundary="abcdegh1919181818887"

--abcdegh1919181818887
Content-Type: text/plain

Hey Joe. Here's that copy of the Matrix I promised.

--abcdegh1919181818887
Content-Type: application/mpeg

PROTECTED005
[Rest of file here...]

--abcdegh1919181818887--

When this message is broken up into packets, the packet boundaries can be more or less anywhere depending on the packet size and the amount of data in the headers and the initial text message. So, it's not a simple matter of looking at the beginning of some packet. The router has to grovel through a substantial fraction of the packets (potentially each and every one) looking for the "PROTECTED" string. All of this inspection substantially increases processing time. The best string searching algorithms take time proportional to the length of the data being searched [0]. This is vastly worse than the ordinary packet switching algorithms, which can be done in more or less constant time.

To make matters worse, there's no guarantee that the packet boundary won't occur in the middle of the string. Routers typically don't have enough memory to keep packet state, but they'll have to in order to reassemble the stream from these two packets.

If that weren't enough for you, remember that we've assumed that the transmitter isn't doing anything to protect himself. In reality, this sort of inspection is incredibly easy to defeat. Just change the first byte of the file from "PROTECTED" to "NOTTECTED" and the router can't detect it. Then the recipient can change it back. Of course, you can imagine making routers smarter about this kind of thing, but it's always easy to up the ante well past the routers' ability to compensate. For instance, you might encrypt it under one of some small number of fixed keys. The cost to the recipient to check which key you've used is very small, but the cost to the router is very large since it has to iterate over all the keys for each packet (the alternative is to remember the encryption key for each stream, but this requires keeping way too much state). [1]

The bottom line, then, is that the routers just don't have the kind of context about the data or CPU horsepower to do this sort of enforcement. Any attempt to add broadcast flag enforcement in routers will massively increase the load on the Internet infrastructure--probably enough to cause collapse--and will still be easy to defeat.

At this point, you're probably thinking that no sane person could be considering this, but Steve's message suggests otherwise...

I asked Mike Godwin, a technically-savvy lawyer who's been fighting this issue, if they were referring to IP routers. His response was "I believe that is what they are talking about, and I believe one's mind should indeed boggle."

Is it really too much to ask that the FCC actually understands the Internet before it tries to regulate it?

 

[0] Technically it's N+M where N is the length of the data being searched and M is the length of the search string, but since our data is much larger than the search string, the length of the search string washes out.

[1] In fact, e-mail is already encoded for transmission using a simple encoding scheme called base64. Base64 maps 3 binary characters into 4 ASCII characters. The possibility that some 4-character group will be broken over a packet boundary is very high, which makes the router's inspection job much harder.

Google isn't the only cache

Mark A.R. Kleiman points to Jesse Barney's post that attempts to explain why the White House web server would remove robots.txt files. His argument is that it's intended to stop Google from caching things:

One of the reasons some alert readers noticed the change -- and were able to prove it -- was that Google had archived the pages before the change occurred. Now that all of the White House pages about Iraq are no longer archived by Google, such historical revisionism will be harder to catch.

If that's the intention, it's pretty silly. It's true that robots.txt tells search engines not to search (or cache) a directory, but it doesn't actually stop from doing so. A search engine is free to ignore it. I wouldn't imagine it will take long for someone to set up a mirror of the White House web site. It's not like there's not already software to do this job.

Boo for code reuse!

There's nothing like installing software to teach you about the ugliness of code reuse. I need an issue tracker for a development project I'm working on. The one I've used for years, Gnats, is kind of feeling its age--it was never really designed for the Web and doesn't work well with it, so I thought I'd go with something new. The canonical choices seem to be Bugzilla and RT. I've used Bugzilla before and I hate it so I thought that this time I'd go with RT. Here's where it gets ugly.

Downloaded the RT distribution no problem. It's a measly 950 k. However, to make the thing work, you need:

• Apache (2.4 MB)
• Perl 5.8 (only 5.005 comes with FreeBSD) (11 MB)
• mod_perl (370 kB)
• MySQL (12 MB)

So, the expansion ratio here is like 25:1. Now, I know you need the Web server, but I sure don't need a database here. If things go really wrong, we might have 1000 bugs. I don't need a databae to store that stuff. Now, I know that there are installations that need a database, but even they could get along with something a lot simpler than MySQL.

And it's not just the size of the code base, because I've got to install all this crap. FreeBSD will help me with some of this because you can use the ports system to do some of the installs and their dependencies automatically. But I still have to configure MySQL and Apache, and worse yet RT doesn't want you to install mod_perl as a dynamic module and I want to use mod_ssl as well and it doesn't look like FreeBSD is set up to do that for you.

This state of affairs is pretty much an inevitable consequence of the logic of code reuse. Say you're writing a web server. Now, one of the 5000 things that a web server does is frob widgets. Now, you could write a widget frobber yourself in a day or two, in 500 lines of code, but that's more work. So, you do a little searching and lo and behold, someone has already written libwidget Now, of course the guy who wrote libwidget did his PhD thesis on Widgetology and so libwidget and has spent the past 5 years developing it, so that it's 100,000 lines of C code and not only frobs widgets but also, glorks, firks, zarks, zinks, and munges them. Still, that's better than writing the code yourself, so you just tell your users to get libwidget. This pattern repeats itself until your users have to get 100 MB of software in order to run your web server. It's true that you've saved some programming time but at the expense of torturing all of your users. As a developer I think it's worth it. As a user I'm not so sure.

"But wait", I hear the reuse gurus cry. It's true that the first time the users have to install all this crap, but other programs will need to zark widgets and so once users have installed libwidget, they'll be set for life. In theory, yes, but in practice you've written your web server to use libwidget 1.2.5 (stable) and the next piece of software the user installs will depend on some feature only available in libwidget 2.0 alpha, so the user has to install that anyway. To make matters worse, libwidget 2.0 alpha has a different API from libwidget 1.2.5 (stable) and so the user has to keep both versions around if he wants all his software to work. Net savings from common code usage--zippo.

UPDATE: So, apparently, installing mod_perl with mod_ssl is an understood problem [*]. Unfortunately, the mod_ssl distribution out of the box doesn't seem to know how to find FreeBSD's OpenSSL, so I also had to download a new OpenSSL distro (2.8 MB).

Remote traffic light control

This is just great. Public safety vehicles like fire trucks often have infrared transmitters mounted on them that tell traffic signals to change from red to green so that they can get through. Unfortunately, now someone is selling a $300 consumer version called a MIRT that can be used to trigger light changes. [*]. Apparently there's some way to lock out the MIRTs, but not all the receivers can be configured that way and it's not clear if the lockout can be circumvented.

I don't know about you, but I'm not that thrilled with random citizens being able to control traffic signals. It's not the makers of the MIRT that I blame, though--someone would have eventually done this. Rather, it's the people who manufactured the system (3M, for one) in the first place. They should have expected that something like this would happen and designed a system that actually had some security and couldn't be spoofed by consumers. There are well known cryptographic techniques that would have done the job. They should have used them.

Islamic finance

The Economist has an interesting article about moneylending in Islamic societies. [*]. There's a lot of money floating around the Muslim countries and the Western investment banks are really interested in getting a piece of the action, but sharia law prohibits some practices that are pretty important in Western finance:

• Involvement with "immoral" practices such as gambling, drinking, and pig meat.
• Lending money at interest.
• Excessive risk taking.

Of course, financial types are clever and so there's an active market in organizational structures that are technically legal but more or less equivalent to conventional financial constructs. The basic hack for commercial moneylending seems to be that the lender becomes a partner in the business they're lending money to, kind of like a stock transaction. The article is a little less clear on how consumer moneylending works, but it appears that the lender buys the product for the consumer and then "rents" it to them at rates that conveniently correspond to what interest rates would be.

What this reminds me most of is the kind of bizarre transaction structures that companies like Enron used to try to to avoid paying income taxes, which I find kind of amusing. It's one thing to get off on a technicality when you're dealing with the IRS, but something entirely different when the rules you're trying to avoid were supposedly made by Allah.

How to defend yourself from zombies

Regular EG readers know that I'm quite concerned about the threat presented by the living dead. Conveniently, just in time for Halloween, come two important guides for defending yourself when the apocalypse comes: Zombie combat techniques and the Zombie Survival Guide (I've leafed through it this second one in the bookstore, but don't own it). Still, it seems like it's important to be prepared for when the living dead attack.

Some random thoughts on tipping

I. When you look at them from an economic perspective, tipping practices in the United States start to get pretty confusing. When asked, people often say that tipping is an incentive for good service, but since you're paying after the service has been rendered, it's easy for you to defect by tipping badly. From that perspective, tipping only makes sense if it's an iterated game--if you expect to encounter the same person again.

• Tipping in bars is easy to understand--you'll probably be buying a lot of drinks and the bartender has a lot of discretion as to what order he serves people in, so it's basically an outright bribe for good service the next time.
• Tipping in restaurants makes less sense, unless you go to the same restaurant a lot and you expect to see the same waiter repeatedly.
• Tipping people in hotels is even harder to understand, unless you're really a regular.
• Tipping taxi drivers is pretty much completely inexplicable from this perspective.

I generally think of tipping service personnel you're not going to see again as an expression of your opinion, like saying "thank you", not an incentive. That's difficult to understand from an economic perspective, though.

II. There's no right normative level of tipping. Wage levels should adjust to whatever local tipping conventions are. Thus, you shouldn't listen to people to tell you what level of tipping is "appropriate". What matters is what's normal wherever you are.

UPDATE:
Just to be clear "should adjust" in the last paragraph isn't a normative statement but rather a predictive one. What I mean here is that in an efficient market, prices will adjust to accomodate the tipping level.

Not for the only slightly fat

I just saw a truly brilliant television commercial, for a diet drug called Leptoprin. The whole selling proposition is "this is too powerful and expensive for the casual dieter"...

Leptoprin^(TM) is an extremely powerful anorectic agent and is not intended for use by the casual dieter who is merely attempting to shed five or ten "vanity" p ounds. However, if substantial, excess body fat is adversely affecting your heal th and self-esteem, then it's time for you to discover Leptoprin^(TM) -- the fir st comprehensive weight-loss compound designed specifically to overcome your gen etic predisposition.

Can you imagine a more powerful selling proposition than "this stuff is too powerful for you?" If it's too powerful for ordinary people it must really work!

Google to IPO---fairly?

News.com is reporting that Google is considering an initial public offering (IPO) in early 2004. [*]. What's interesting is that they're considering using an auction instead of standard underwriting. This is a welcome sign, as the current underwriting system s generally pretty broken.

In a standard IPO, the company and underwriter (an investment bank) agree on a price for the shares. The underwriter's job is then to sell the shares to investors at that price. In order to ensure that all the sales clear--because that's part of their commitment to the company--the underwriter typically prices them below what they believe the real market value is and markets them to institutional investors that they're friendly with. Since the shares are generally underpriced at IPO (that's the intention), the institutional investors often make money as soon as the shares start actually trading, when the price goes up from the initial price.

During the tech boom, the differential between the offering price and the first day closing price was often very substantial, leading to suspicions that the underwriters were intentionally underpricing the shares in order to make money for their favored investors. If this is so, it's bad for the current stockholders, since the company isn't making as much money, which, after all, is the point of the IPO. Rather, the money is going to the institutional investors.

It's always been a mystery to me why the boards of such companies let this happen, when there was always a simple solution: sell the shares directly at auction. If the IPO is done as an auction, then the price the company gets for the shares is the market price, which is generally going to be more than the price in a standard IPO. It's good to see that Google is considering doing the right thing.

We had to destroy the antibiotic in order to save it

Antibiotics can really mess you up. It turns out that your body is full of benign bacteria, especially in your gut, mouth, etc. Your body has adapted to have those bacteria in place and if you kill off those bacteria, this throws off the balance, giving you side effects ranging from diarrhea to vaginal yeast infections. Some researchers in Finland have come up with a clever fix for part of this problem. The idea is to give you an antibiotic-deactivating enzyme, but it's encapsulated in a delayed-release capsule that breaks down only in the lower gut. Thus, the antibiotics can get absorbed in the upper gut but get broken down more quickly in the lower gut, potentially reducing the negative gastrointestinal side effects.

Designing a non-broken boarding pass protocol

How would we design a non-broken protocol for checking people's IDs at the airport? There are a number of approaches but they all depend on ensuring that the name you show ID for is the same as the name that gets looked up in the computer. For instance, the gate agent could insist on seeing your ID and verify that that ID matches what's on the boarding pass you show. This is actually trickier than it sounds because there are two identifiers on that boarding pass: the bar code and the printed name. The printed name is worthless since you can change that yourself. The gate agent has to make sure that your ID matches the bar code.

There are (at least) three ways to build such a bar code system, only two of which work. The simple and obvious one is that the bar code is just a machine readable version of your ticket, containing your name, flight number, seat assignment, etc. The problem with this is that there's nothing stopping you from changing the bar code just like you could have done with your ticket. So, you would buy a ticket with the name "Babe Ruth" but then present a bar code that said "Guy Lafleur" and show your Guy Lafleur ID and noone would be the wiser. Remember, it's the name you use to make your reservation, not the name on your paper, that gets checked.

The obvious fix for this attack is to check the airline reservation database at the time of ticket presentation. So, the gate agent would scan the bar code. The computer would look up the bar code in the reservation database and get your name (which is what was checked against the blacklist) and then display it for the gate agent, who could check your ID. In this model, the bar code doesn't need to have much information. It can just be a record locator like a ticket number. The drawback for this design is that it absolutely requires that the reservation computer be up--or that you have a local copy--or you can't verify anyone's identity.

The alternative design is to have the bar code be cryptographically authenticated. So, the airline could have a private key that it used to sign the bar codes. The gate computer could then verify the bar code, and, as before, display the verified identity. This design has the advantage that it works even if the central computer is offline. However, it has the disadvantages that there needs to be a lot if information in the bar code (probably around a kilobyte) and that you need to have cryptographic software all over the place.

The key thing to remember here is that you absolutely have to make sure that the ID that the user presents matches that which was used to check the blacklist, no matter what is actually printed on the ticket. If you don't do that, then you're vulnerable to people bypassing the blacklist.

Airport ID checks: a broken protocol

If you fly much, you'll have noticed that the airlines have introduced a new convenience feature: print your own boarding pass at home. You log into the airline web site, enter your name and flight information, and get back a web page with a printable boarding pass. This boarding pass can be used both to clear security and to board the plane. Unfortunately, printable boarding passes allow you to completely bypass airline identification requirements.

Let's say that you're a dangerous Canadian terrorist, bearing the clearly suspicious name "Guy Lafleur". Now, the American government is aware of your activities and puts you on the CAPPS blacklist to stop you from boarding the plane. Further, let's assume that you're too incompetent to get a fake ID. This is rather silly assumption, since getting fake IDs is easy, but if you can do that, the whole ID requirement becomes pointless, so let's go with it. It's still trivial to bypass the blacklist.

You have someone who's not on the blacklist buy you a ticket under an innocuous assumed name, say "Babe Ruth". This is perfectly legitimate and quite easy to do. I buy tickets for my girlfriend all the time. Then, the day before the flight you go onto the web and get your boarding pass. You print out two copies, one with your real name and one with the innocuous fake name. Remember, it's just a web page, so it's easy to modify When you go to the airport, you show the security agent your "Guy Lafleur" boarding pass and your real ID. He verifies that they match but doesn't check the watchlist, because his only job is to verify that you have a valid-looking boarding pass and that it matches your ID. Then, when you go to board the plane, you give the gate agent your real boarding pass. Since they don't check ID, you can just walk onboard.

What's happened is that whoever designed this system violated a basic security principle that's one of the first things protocol designers learn: information you're using to make a decision has to be the information you verify. Unfortunately, that's not the case here. The identity that's being verified is what's written on a piece of paper and the identity that's being used to check the watchlist is in some computer database which isn't tied to the paper in any way other than your computer and printer, which are easy to subvert.

Street terms for drugs

Continuing EG's drug-related coverage, here's the ONDCP's list of street drug terms. This way when your kids don't listen to you and go out on the street searching for drugs they'll be sure to get the right stuff.

On my magazine shelf

I just realized that I subscribe to a rather eclectic selection of magazines.

• Science
• New England Journal of Medicine
• Full Contact Fighter
• Modern Drunkard

Hmm....

Modern Drunkard

I got the first copy of my subscription to Modern Drunkard magazine. It's pretty clever in the usual late 20th century, snarky hipster kind of way. Check out the 86 Rules of Boozing.

Try pot, get busted

Have you noticed this anti-marijuana spot that's been playing on TV lately. It's called "The Enforcer" and appears to be targeted towards encouraging parents towards getting tough with their kids about marijuana. In the spot, this kid has been grounded for smoking weed and we keep seeing him doing various things (talking to his friends on the phone, watching TV, playing video games) and then his mother comes in and stops him because he's grounded. At the end of the spot, the kid's friends offer him marijuana, but he turns it down because he doesn't want to get busted again.

What's really striking about this commercial is that there's no suggestion that parents should explain to their children why they don't want them smoking marijuana. It's a simple matter of threatening them. Is this really the message that the Office of National Drug Control Policy (who sponsored the ad) wants to send--that children should be threatened instead of taught? Maybe the problem here is that the ONDCP can't make a coherent argument against marijuana...

Why should I care about affordable housing?

Yesterday afternoon a neighborhood activist came by to enlist me against rezoning for a proposed housing development. [*]. I'm not sure that I buy any of the arguments against this project, but there's one that I know I consider bogus: that the project won't have enough affordable housing:

We agree Palo Alto needs housing for its teachers and public workforce. Yet the vast majority (51) of 800 High's units are expensive market-rate condominiums. The remaining 10 Below Market Rate (BMR) units are priced for household incomes far above the income of most teachers whose starting salary is $44,000. To qualify for purchase, one person must earn at least $59,000 for the smallest BMR unit; a household must earn at least $105,000 for the largest BMR unit.

In exchange for giving windfall profits to the developer, Palo Alto gets heavier traffic, higher rents, an exodus of small retailers, loss of an historic landmark and an increased need for costly public services. Plus we get only the minimum number of required BMR units, few of which are actually affordable to our public workforce.

800 High is a bad deal for Palo Alto. Join local businesses and neighborhood leaders.

The argument that we need "affordable housing" to encourage public servants to live in the area is a fairly common one in zoning debates, but I don't think it makes much sense. I'm willing to concede that it's desirable for teachers, police officers, etc. to live in the community--though I don't think it's exactly a slam dunk--but it's not efficient to pick out some specific units as "affordable". What if they want to live somewhere else? Just pay your public servants more and let them buy housing on the open market like everyone else. This also has the advantage that the money comes out of taxes, which are presumably allocated in some manner that's thought to be "fair".

Winners in the murder olympics

There's an interesting article in the Atlantic this month (unfortunately not on the Web) on Rudolph Rummel's work on democide (state-sponsored killing). Rummel estimates that 170 million people have died as a result of democide, which far outstrips the 34 million or so battlefield deaths. Unsurprisingly, the USSR, Nazi Germany, and Communist China are the total volume leaders, but the figures for deaths as a percentage of population are kind of interesting:

Country	Deaths as percentage of population
Iraq (1979-2003)	1
China (1959-1963)	2
Bosnia (1992-1995)	5
Nazi-occupied Europe (1935-1945)	6
USSR (1929-1931) [0]	7
Turkey (1909-1918)	9
Rwanda (1994)	14
Cambodia (1975-1979)	31

31% of the population of Cambodia killed in 5 years. Cheery, huh?

[0] I'm guessing the Russia figures actually cover more than the period 1929-1931, since that's just Collectivization and the Ukrainian Famine, not the Terror.

Uh... Isn't Quicksilver really boring?

Like everyone else, I've got a copy of Neal Stephenson's Quicksilver, but to tell you the truth, I was only get through about 100 pages before I put it down in complete boredom. My friend Kevin made it to about page 150 before he did the same. Now don't get me wrong, I used to like Stephenson. I though Snow Crash was excellent and I really enjoyed his collaborations as Stephen Bury, Interface and The Cobweb, but it seems like Stephenson's enormous success has allowed him to indulge his worst instincts as a writer, with the result that Quicksilver is plotless, pedantic and, frankly, bloated, with a lot less of the clever writing that characterized Stephenson's early work. Or, as Kevin phrased it, "all the fat and none of the taste".

King Peter and Queen Lori

Peter Reid just won the Hawaii Ironman. His wife, Lori Bowden just won the women's race. Amazingly, out of the top 5 men and 5 women, 4 are Canadian! I don't get it. What's their edge. Kona is famous for its hot conditions, and unless I've missed something, it's generally cold up there in the Great White North.

How can anyone live in DC?

I'm at the NDSS Program Committee meeting, which is being held at the University of Maryland. For various airline related reasons I flew into Dulles, which is about 30 miles away from the conference site. This entailed spending about 2 hours on the beltway, in what was probably the worst traffic I've ever seen, and I live in the SF Bay Area and have spent time in Seattle. I was, however, informed by the driver, that this was about average. Unbelievable.

Is there a stapler that doesn't suck?

What is it with staplers? I've stapled lots of documents over the years (mostly the Swingline type or Bostitch type), and they work fine for up to about 12 pages, but after that they mostly can't penetrate the pages and your stack starts falling apart. It's incredibly frustrating. How is it that such a standard piece of office equipment can work so badly.

I could buy a heavy duty stapler, of course, but in my experience, those don't work so well with stacks this small: the sharp ends of the staple poke back through the front of the paper. I'd gladly pay more for a stapler that actually stapled reliably. The Swingline 2-60 looks like it might be what I need. Maybe I'll have to head over to Office Depot and check it out.

Dr. Easterbrook says cryogenics is stupid

Gregg Easterbrook has a long rant on his blog about how worthless he thinks cryogenics is. Here's the key paragraph:

Popular-press depictions of the cryogenic freezing racket, which is a complete and utter swindle, often suggest that in some advanced future, thawed forms of today's dead could be revived. You can't be revived when you are dead. It doesn't matter if a body is elaborately frozen; thaw the body and it will still be dead. Suppose a person were suffering from a terminal disease today, and died in a hospital. Five minutes later a scientist rushes into the room crying, "Eureka! I've found the cure!" This would do no good to the person lying on the hospital bed, because that person would already be dead. Even if some super-ultra-advanced future technology allows a corpse to be caused to breathe again, within a few minutes of death all brain-wave function ceases. Personality, memories, and, we may hope, soul will have long since departed the body before freezing.

It's pretty amazing that Easterbrook thinks that noone's thought of this little problem. I'm not personally a cryogenics enthusiast, but I know some and they're not stupid, and this problem has certainly been considered.

Easterbrook's argument depends on a specific model of memory--that it's like computer DRAM in that when the electrical current stops all the state is lost. But the truth is that noone really understands how human memory works. There are lots of data storage systems that retain memory after their power runs out--hard drives and nonvolatile RAM for example. It's possible, and indeed likely, that some of your memory is stored chemically or in your brain structure and therefore survices past the point where there's no measurable brain activity. It's generally though that that's how long term memory works.

In fact, Alcor, one of the main cryogenics companies, answers this in their FAQ

Q: Won't memories be lost if brain electrical activity stops?

A: Short-term memory depends on electrical activity. However long-term memory is based on durable molecular and structural changes within the brain. Quoting from the Textbook of Medical Physiology by Arthur C. Guyton (W.B. Saunders Company, Philadelphia, 1986):

We know that secondary memory does not depend on continued activity of the nervous system, because the brain can be TOTALLY INACTIVATED (emphasis added) by cooling, by general anesthesia, by hypoxia, by ischemia, or by any method, and yet secondary memories that have been previously stored are still retained when the brain becomes active once again.

This is known from direct clinical experience with surgical deep hypothermia, for which complete shutdown of brain electrical activity (electrocortical silence) is not only permissible, but desirable for good neurological outcome.

Now, the Alcor people could be wrong, of course, but it's not anything like the clear impossibility that Easterbrook suggests.

Don't get me wrong: reviving people who are cryogenically frozen, whether they were dead or not before they were frozen, isn't going to be easy, and may well not be possible. We certainly don't know how to do it with available technology. It's generally thought that it's going to require some pretty heavy duty science (read: nanotechnology). I'm not saying that cryogenics will work, just that Easterbrook's blithe dismissal of the possibility comes off more as ignorant than convincing.

Spam suppression sort of working

Well, bogofilter isn't a total success, since I'm still getting spam, but it's a lot better. It looks like it filtered about 80% of my spam out this morning. That's good enough to make it worthwhile. I'm still training it, too.

Wait, so now the Atkins diet does work?

One of the big controversial issues for low-carb diets (after whether they work at all) has been whether people who lose weight on them are eating less or if there's something else going on. A while back, a Stanford meta-analyis of a bunch of studies indicated that it was caloric intake that counted and not macronutrient composition [*].

This week, a study by the Harvard School of Public Health appeared to show [*] the contrary:

The study, directed by Penelope Greene of the Harvard School of Public Health and presented at a meeting here this week of the American Association for the Study of Obesity, found that people eating an extra 300 calories a day on a very low-carb regimen lost just as much during a 12-week study as those on a standard lowfat diet.

Over the course of the study, they consumed an extra 25,000 calories. That should have added up to about seven pounds. But for some reason, it did not.

The experiment was kind of nice. They made people get all their meals at the same Italian restaurant, but some were low carb and some were low fat. Mean weight loss was:

Meal type	Weight Loss
Low carb (2100 cal)	20 pounds
Low carb (1800 cal)	23 pounds
Low fat (1800 cal)	17 pounds

Unfortunately, I haven't been able to get my hands on the study, so it's a little hard to draw firm conclusions. Based on the AP writup there are a number of possible sources of error:

• The study size was very small, only 7 people per group. I don't know what the weight loss variance was, but these differences are very small. I'd need to see the statistical workup to know if these differences are significant.
• It's not entirely clear if they controlled for snacking or failure to finish the assigned meals.

Even if these sources of error were controlled properly (I'll know if I can get my hands on the paper), I think I'd want to see more work on this topic before reaching a firm conclusion, particularly in view of the other data that indicates that low carb doesn't work any better over the long term.

Death to all spammers!

Checked my mail this morning only to find roughly 50 messages, all but one of which were spam! This is after SpamAssassin had done its thing and pruned out a bunch of spam. Now, I'm running a fairly downrev version of SpamAssassin--last time I tried to upgrade it ate all my CPU.

My cursory reading of various networking/spam related mailing lists suggests that the state of the art is Bayesian spam filtering, so I semi-randomly picked out bogofilter. The big drawback of all of these filters is that you need a big corpus of spam and non-spam to train the filter. Accordingly, I spent 2 hours this morning categorizing 2000 messages into spam and non-spam. I'm currently running in test mode, meaning that bogofilter tags the messages but I don't filter on its opinion. So far about 90% of the spam that gets past SpamAssassin is being caught by bogofilter, so this looks like it will be an improvement, especially after a little more training.

I'm starting to get pretty annoyed by this whole thing, though. I don't know if anti-spam legislation will actually work to reduce spam, but there would be something satisfying about any legislation that made spammers suffer, irregardless of whether it actually reduced the amount of spam.

Mommy, can I be a pimp for Halloween?

Believe it or not, you can purchase four different kinds of Pimp Suit for your child to wear for Halloween.

A technical fix for rape prosecutions?

Gregg Easterbrook [*] and Dahlia Lithwick [*] are busy debating the topic of "no means no". Eugene Volokh [*] quite correctly points out that the problem is that things are much more murky:

None of this will solve the problems at the heart of rape prosecutions. Whether it's "no" or "hell, no" or "this is rape" or "yes, yes" eventually followed by a false claim of rape, the trouble is that short of mandatory audio- and videotaping of all sexual behavior there will be tremendously difficult problems of proof in such cases. I have absolutely no solution to that problem; I'd like some miracle that will cause all rapists to be punished with extreme severity, and all nonrapists to be promptly acquitted (or, better yet, not even charged), but when I last checked that didn't qualify as a solution.

This reminded me of an idea I had a while back. Digital voice recorders have gotten incredibly cheap and compact. It would be easy to embed one in a watch, piece of jewelry, compact, PDA, etc. The recorder could be made tamper-evident and have a timestamp so that it produced a technically unimpeachable recording of what happened. This recording could then be used to settle questions of consent.

The issue of when the recording would start is a little tricky, but I don't think overly so. You could have it buffer the past hour or so (like a TiVo), and whenever it hears a specific voice command it goes into archival/evidentiary mode and starts making a permanent recording. I would think that such a recording would create a pretty strong piece of evidence either way in a rape prosecution.

The obvious problem with this scheme, of course, is that it encourages rapists to be more aggressive, since they would want to find and destroy the recorder to avoid producing an evidentiary trail. However, as I understand it, non-acquaintance rapists are often pretty careless about leaving physical DNA-type evidence on scene, so it's not clear they would actually act to destroy this evidence trail. Moreover, in line with Easterbrook's suggestion of yelling "this is rape", I tend to think that acquaintance rapists--who probably didn't think of themselves as real rapists--would feel pretty funny about deactivating the recorder, since that's basically admitting that they are rapists and don't want to leave an evidentiary trail, so it might actually act as a deterrent.

Another problem with this scheme is privacy: I'm not sure that I would want all my sexual encounters recorded for later playback. However, I've got a fix for this problem as well. The recording is encrypted under some public key that is held by the authorities and a court order is required to use that key to decrypt that recording. Thus, the recording would only usable for legal evidentiary purposes, not for future playback and enjoyment.

Princeton's report on hiring women (III)

There was one passage in the Princeton report that I found particularly interesting:

Training graduate students is also a critical part of Princetons educational mission. The scarcity of successful women at Princeton provides a strong, negative message to female students about their chances for success upon graduation. Again, we found that in at least some departments, female faculty are particularly sought after as graduate student advisors: for example, in Molecular Biology, the mean cumulative number of graduate students from 1999-02 was 10.9 for female faculty advisors and 5.6 for male faculty advisors. The importance of role models noted by the undergraduates is surely just as important at the graduate level.

It would be interesting to know if this is just a sorting effect--women choosing female advisors--or if everyone would rather have a female advisor. There's not enough data in the report to tell for sure, though I've written off for the appendices, which may tell us.

Princeton's report on hiring women (II)

In general, it seems to me that this report is pretty straightforward about making a diversity rationale for increasing female representation on the faculty. However, it also seems to me that they ignore the fact that a number of their proposals will have a negative impact on men. In particular, unless the University increases head count to compensate--which seems unlikely--hiring more women pretty much inevitably means hiring fewer men. Thus, I found the following passage explaining why more women should be hired fairly disingenuous:

Because it's the right thing to do. A diverse faculty benefits everyone--male and female--students, faculty, and staff.

Everyone except the men who don't get hired because a woman was hired instead, you mean.

Again, I'm not saying that giving women hiring preference is necessarily a bad thing. However, I think it's important to face up to the fact that any given hiring policy is basically a Pareto Optimum and that changing that policy necessarily hurts some people even as it helps others.

Princeton's report on hiring women (I)

I just finished reading the report of Princeton's task force on women in the natual sciences and engineering. Press release here, full report here. It makes interesting reading for those of you who have been following the discussion over women's representation in science and engineering.

After extensive interviews, data collection, the authors of the report basically found no real evidence of actual discrimination against women. On the contrary, all the statistics suggest that things are basically fair.

• The fraction of women in the natural sciences and engineering has increased dramatically (from 8.4% to 13.9% over the past 10 years).
• There's no significant difference in the tenure rates of men and women. Actually, that's not true. The men's tenure rate is lower, but the report authors are quick to point out that that's because of the effect of men-heavy fields like math and physics.
• The ratio of female fraction between hires and new-minted PhDs (The utilization fraction) is extremely variable, exceeding 1 in some cases (Astrophysics, MechE, but much lower in some fields (CS, Chem). Unfortunately, we're not given an aggregate statistic and no error bounds are presented.
• It's not clear if there's a salary differential between men and women. If there is, the best guess is that it's about 3.5%. The issue here is that if you factor in rank, there is no significant difference, but one can't evaluate that independent of the question of whether there's promotion bias.

So, the authors didn't find much hard evidence. Rather, they found that women feel more disgruntled than men and that some of the obvious problems of academic employment fall harder on women than men:

• Women feel that hiring is biased towards men. Men feel that hiring is biased towards women.
• Women generally seem to feel that the work environment is more hostile than men do.
• Women feel that they get less startup resources (as new hires) than men do, but there's no statistical difference.
• The time when you're making your name coincides with one's child bearing years and women generally find that child bearing has more of an impact on their ability to work. (That's the understatement of the year).
• Women are more likely than men to have partners who work. Those partners often need jobs and so hiring such women is harder. (This is often called the "two body problem")

I don't want to make too much of the statistics here. It's pretty clear that this is a classic small data set problem, so you certainly couldn't conclude that there definitely wasn't any bias against women, but you can't really conclude that there is bias either.

If there's no bias--which is far from certain--then that has important policy implications. There are two basic rationales for preferentially hiring women in science and engineering (or in any field).

1. Fairness--there is bias in the process and we're reversing that bias.
2. Diversity--it's inherently better to have more women on the faculty.

If we can't find any bias, then the fairness argument loses a lot of force--though not all force unless it's demonstrable that there's no bias. The diversity argument doesn't lose force, but it also needs substantial justification (which the report's authors attempt to provide on page 8). The problem is that at its core the diversity argument says that we consider gender part of a professor's qualifications for a job and that in some cases we will hire female candidate A over male candidate B even if we would otherwise have hired B over A if they were the same gender. In my experience, academics--at least in the natural sciences--tend to think of their profession as rigidly meritocratic and aren't very comfortable with the idea that personal characteristics like gender are relevant to their qualifications. Maybe they should get past that--though I'm not so sure--but it seems to me that it's likely to be a pretty tough sell in the absence of evidence of bias.

Some other positions in the Schwarzenneger Administration

You may have noticed the online application for positions in the Schwarzenneger Administration. Like me, you were probably surprised that a few positions appeared to be missing. My sources inform me that certain positions are already filled:

Position	Appointee
Secretary of Fitness	4-Time World's Strongest Man Magnus Ver Magnusson
Undersecretary of Fitness for Pumpitude	Mr. Stack
Undersecretary of Fitness for Posing	Five Time Mr. Olympia Champion Ronnie Coleman
Undersecretary of Fitness for Girly Man Cardio Stuff	Six Time Ironman Champion Dave Scott
Undersecretary of Fitness for Sucking it Up	Tyler Hamilton
Undersecretary of Fitness for Kicking Ass	Frank Shamrock
Undersecretary of Youth Fitness	Cheryl Haworth
Undersecretary of Fitness for Senior Citizens	Bill Bell

I hear that there's still an opening for "Undersecretary of Fitness for Aerobics, Yoga, Dancing, Tae-Bo and other chick-type stuff"

Surprise! Noone wants e-books

Yahoo is reporting that enthusiasm for e-books is cooling off severely [*]. Apparently, Barnes and Noble has completely halted e-book sales.

This outcome is kind of disappointing, but it isn't surprising. The technology just wasn't there yet. Theoretically e-books were convenient, but the readers were larger than optimal and the resolution wasn't very good. It's really too bad, though. I do a lot of travelling and e-books would be really convenient if they were only about 50% better. Unfortunately, they're not.

Amazon prices me out of the market

So, I was planning to buy the latest Mary Lee's Corvette album. When I put it in my Amazon shopping cart, it was $14.99 (on sale from $16.98). I went to do some more shopping, and happened to notice that the price in my cart has changed back to $16.98, which is over my indifference point, so out of the cart it went.

Now, I have to admit, I'm vaguely annoyed by this. Obviously, Amazon has a right to change the price, and I don't expect them to honor the old price, but it would have been nice if they'd warned me. Amazon's customer service is so good otherwise, that I'm a little disappointed in them in this instance.

Why can't I have a Treo 600?

Ok, I'm now pretty bought into the Palm thing, and my cell phone is starting to die, so the [*] Treo 600 looks perfect. They've finally managed to cram a Palm and a phone into a package that looks like it's acceptably small to carry around like you would an ordinary cell phone.

The only problem here is that you can't get the Treo 600 for Verizon, which has been my cell provider for years. It's only available with GSM (T-Mobile, Cingular) and CDMA 1900 (Sprint), which, in my experience, have lousy coverage. At least if I decide to change I should be able to keep my cell phone number [*].

Making money

Just spent an hour reviewing my income taxes and mailing them (I filed for an extension). Due to a big overpayment, I'm getting a big refund. In fact, I estimate that when you do the math on the amount of time I spent prepping my taxes, I'm making about $1000/hr, which is by far the highest hourly rate I've ever made.

I'm not worried about WiFi

Apparently some parents in Illinois are suing a school district because they're using WiFi in the classroom [*].

According to the complaint, the district, its board and its superintendent have implemented Wi-Fi wireless networking technology in classrooms, ignoring evidence that electromagnetic radiation from Wi-Fi networks poses health risks, particularly to growing children.

"We've been trying to raise the issue with the school district for almost two years," said Ron Baiman, whose children are among the plaintiffs. "We aren't seeking any monetary awards; we're seeking a moratorium until use of the technology has been proven to be safe."

As far as I know, there's not much evidence that the level of RF energy emitted by WiFi devices causes any harm at all. There have been a few studies that suggest that cell phone radiation causes various kinds of problems, but it's tenuous at best and it's not clear that those results apply to WiFi, which is in a different frequency range from cellular. In any case, I suspect that in a few years wireless will be so ubiquitous that it won't make much difference whether kids are exposed in school anyway.

Web Services Jeopardy

I just spent a couple days in a Web Services Security workshop. I don't think I've ever seen a field with more standards alphabet soup... WSDL, SAML, XACML, UDDI, WSSP, DSIG, XKMS, XENC, and that's just the beginning. Kevin and I have inisvented a new game: Web Services Jeopardy. Categories will include:

• Stereo model number or Web Services standard?
• Label that arrow
• Musical standards bodies
• Reinventing the wheel
• Namespace or nonsense?
• Stupid performance tricks
• Who needs that?

Fun for the whole family.

Don't ask the Catholic Church for anti-HIV advice

Apparently the Roman Catholic Church--or at least its representatives--is telling people that Condoms don't prevent AIDS. [*].

The Aids virus is roughly 450 times smaller than the spermatozoon," Cardinal Alfonso Lopez Trujillo, president of the Vatican's Pontifical Council for the Family, told the programme.

"The spermatozoon can easily pass through the 'net' that is formed by the condom."

Let's take step back here. Condoms are impermeable to HIV [*], just as they are impermeable to sperm. More importantly, since the virus is embedded in fluid, the relevant question is whether or not the fluid leaks out. Thus, even holes much larger than the virus will not necessarily result in virus passing through the condom. Condoms are impermeable to fluids--they are tested by a "water leak test".

This doesn't mean, however, that condoms are effective at preventing HIV. For instance, it could be that people use them badly or that HIV infection happens another way. The RC doesn't seem to be making this argument, but we should still consider it. However, this issue has been extensively studied vie epidemiological studies. Consistent condom use seems to reduce infection rates by about 85%.

Now, it's clearly true that condoms aren't a 100% guarantee that you won't get infected. However, it's also just as clear that they substantially reduce one's risk. To suggest, as one nun apparently did, [*]> that 'an HIV-infected choir master not to use condoms with his wife because "the virus can pass through"' is just absurd. If this isn't the party line, then the RC should publicly say so. I understand that they have a moral position that condom use to prevent pregnancy is bad, but I don't see how that translates into the idea that it's ok to make false statements to discourage people from using condoms.

VoIP telemarketing

So it looks like we're finally going to get a national Do-Not-Call list [*]. The /. consensus seems to be that that's a good thing [*]. At the same time, the consensus seems to be that regulating voice over IP (VoIP) is a bad idea [*]. Now, as it happens my gut kind of agrees with both positions. Is anyone else feeling a bit cognitive dissonance here? Should we require telemarketers to abide by the Do-Not-Call list if their calls are placed via VoIP?

Look up to order

I used to date a woman who classified all restaurants into "look up" (where you look up at a menu board on the wall) or "look down" (where you order at your table). I eat most of my meals out and so I was surprised and somewhat disturbed to realize the other day that I hadn't eaten at a restaurant with actual table service in weeks.

Now, this isn't as bad as it sounds. It's not just McDonalds. The Bay Area has lots of places that serve reasonably healthy food in a non-table service setting. Still, I wonder if this is a sign that things have gotten a bit too hectic.

Why doesn't CSI use Hiptops?

From: Danger Research Central
To: Danger Research Marketing
Subject: Product Placement

Guys,
Did you catch CSI last week? Did you notice that the guys at CSI central were text messaging Grissom on one of those Motorola V70s? What the heck is up with that?

Look, guys. You've done a great job convincing people that Gangsta rappers use Hiptops, but who's got money? That's right, nerds. And who's the biggest nerd role model on TV? That's right, Gil Grissom. And what's the best way for him to keep in touch with the lab? The Hiptop (TM).

Bottom line... I don't care who you have to kill. Next time I turn on the TV, I want to see nerds IMing away on hiptops. You can skip CSI: Miami, though. That David Caruso guy freaks me out.

-Upper Management

Why store botulism toxin, anyway?

Here's something else that baffles me about the whole botulism toxin in the refrigerator thing. The thing that kills you in botulism is the toxin secreted by the clostridium botulinum bacterium. But the toxin is just a poison--it's inert. And even though it's spectacularly lethal, if you want to kill people en masse you're going to need a lot of it. Having a vial in the fridge doesn't give you much of a head start on that project. What you want is a purified culture of c. botulinum. So, although the article says "toxin", I distrust reporters enough to wonder if it was actually such a culture. That would make a lot more sense if the reason you're keeping it around is so you can restart your bioweapons program.

UPDATE:
Looks like it actually is a culture [*] (via InstaPundit). According to David Kay:

Well, that's one of the most fascinating stories. An Iraqi scientist in 1993 hid in his own refrigerator reference strains for -- active strains, actually would've -- were still active when we found them -- Botulinum toxin, one of the most toxic elements known.

No WMDs but Saddam Hussein ready to open plastic surgery clinic

Via Talking Points Memo comes a pointer to this tidbit in Walter Pincus's article in the WP.

Kay's discovery of one vial of a reference strain of botulinum toxin that an Iraqi scientist had stored in his refrigerator in 1993 at his government's request was described by Bush on Friday as a piece of evidence that Iraq was prepared to have prohibited biological weapons.

Considering that clostridium botulinum is such a common environmental bacterium that it's a form of food poisoning, one vial of botulism toxin isn't exactly what I'd call an impressive biological weapons program.

Moreover, it's not like you have to be some sort of rogue state to get your hands on botulism toxin. It's used for cosmetic purposed [*] to paralyze the facial nerves, thus removing wrinkles. If your state prescribing license is up to date you can order pure botulism toxin for <$500 from your average medical supply catalog [*].

Discussing the governor's race

Eric: I'm kind of sorry that Arnold is running for governor, since all this stuff about groping is coming out. It's starting to look like he's a scumbag, which is too bad cause it makes it harder for me to enjoy his movies.

Lisa: So, you're ok with having a scumbag as governor, but not as a movie idol?

Eric: Isn't being a scumbag kind of a requirement for being governor?

Triathlon coverage sure is terrible

Just caught the coverage of the Escape from Alcatraz on TV. It was ghastly in the usual ways: ignorant, cliche-ridden commentary, coverage of slow age groupers with special stories (disabled, cancer survivor, etc.), filming that makes it impossible to really figure out what's going on... I understand that triathlon is inherently kind of boring, so the "special story" coverage is probably necessary to capture a broader audience. Still, couldn't they spring for a decent announcer so the other parts were good? Pretty much the only decent tri coverage I've ever seen is the sections of the Ironman with voiceover by Phil Liggett.

Warning, this drug will make your head explode

Riddle me this. When prescription drugs are advertised on TV, the advertisers have to list a bunch of side effects ("in studies the most common side effects were diarrhea, seizures, and spontaneous combustion"). But when those same drugs go over the counter, they advertisements don't have to carry any warnings.

This seems exactly backwards to me. After all, if a drug is prescription than surely your doctor can tell you about the side effects when he prescribes it. On the other hand, if it's OTC then you're on your own. So, shouldn't the OTC drugs be the ones with the list of warnings in the commercials?

Spam in the comments section

Ridiculous. I just got a spam in the comments section--an advertisement for life insurance. Jerks.

Arnold's new world order

Through dogged investigative reporting, Educated Guesswork has uncovered this memo from the Schwarzenneger campaign describing the candidate's position on physical fitness.

From: AS
To: Campaign Staff
Subject: Physical fitness plans

Friends,
As you know, I'm very interested in physical fitness. When I am governor, there will be some changes made to ensure the fitness of all Californians. All citizens will have a place in the new order. That place will be determined by their bench press max, according to the following table.

Performance Level		Category	Disposition
Men	Women
< 45 lbs (the bar)	< 25 lbs	Girly men	Summary execution
< body weight	< 60% of body weight	Unfit	Reeducation camp, mandatory steroid therapy
< 150% of body weight	< body weight	Wimps	Ankle bracelet enforcing daily training; mandatory steroid therapy
< 200% of body weight	< 150% of body weight	Acceptable	Guard/trainer for women's reeducation camp
> 200% of body weight	> 150% of body weight	Barbarians	Guard/trainer for men's reeducation camp

Citizens! Train! Be strong! It is time to get serious!

This shouldn't be too bad for me. Through years of training, I've just barely snaked my way into ankle bracelet territory. On the other hand, Cruz Bustamante's only chance at continued life may be to win the election.

Why do we still have to fill out forms?

Today I served once again in my capacity as car-buying wingman, this time for Kevin. Kevin purchased the brand new Acura TL Here's the thing, though. From the time Kevin said he wanted the car to the time that we walked out the door with the papers signed was about 50 minutes. Of that time, about 25 minutes was spent filling out forms, dictating form information to sales guys, and waiting while they keyed in or otherwise processed our data. Wouldn't it be a lot easier to sit us down in front of a terminal and we could just key in the data? This is actually a general complaint of mine. My handwriting is terrible and so I hate filling out paper based forms.

Actually, as Kevin points out, in the case of car dealerships, t could be even simpler. The dealership could have a web form for this information. If you were thinking of buying a car you could fill the form out ahead of time and save yourself a bunch of trouble. This would have the advantage for dealers that the customers would feel a little more committed and for the customer that the form filling out process is minimized.

UPDATE: Oops. Kevin informs me that there is no TL type S this year. It's just the TL. Also removed the link.

VeriSign caves

Looks like VeriSign has caved in to ICANN. [*]. I'd be somewhat surprised if the service comes back again, at least in the current form.

ICANN gets serious with VeriSign

I've been avoiding posting on the VeriSign SiteFinder issue because I'm somewhat involved as a member of the Internet Architecture Board. However, this has gotten too too big to ignore.

Some background for people who haven't been following: When computers on the Internet talk to each other, they refer to each others by what's called IP address, numbers that look like "127.0.0.1". Obviously, noone wants to remember that kind of number, and when people talk about computers, they use names of the form "www.rtfm.com". These are called domain names. The way that you map domain names to IP address is using something called the Domain Name System (DNS). This process is called name resolution.

The DNS is kind of interesting. It's a hierarchical distributed database. Thus, in order to resolve a name like "www.rtfm.com" we do something like this [0]:

• Ask the server responsible for ".com" which server is responsible for "rtfm.com".
• Ask the server responsible for ".rtfm.com" which server is responsible for "www.rtfm.com"
• Ask the server responsible for "www.rtfm.com" what the IP address is for "www.rtfm.com"

Now, if you try to resolve a name that doesn't exist, say "www.namedoesnotexist.com" [1], you'll get a response that says it doesn't exist from the appropriate server responsible for it. In that case your browser (or mail program or whatever) will show some kind of error on your screen.

So, what has VeriSign done? Well, VeriSign is the company responsible for maintaining the section of the database for ".com" and ".net". They've arranged that when you type in a nonexistent name, instead of getting an error you get the address of some VeriSign server. If you're running a common protocol like Web or Email, you end up connecting the server that VeriSign runs at that address. In the case of Web, it tells you that you've mistyped and lets you search. In the case of Email it bounces your email. On the other hand, if you're using some exotic protocol, then you just get some incomprehensible application error (like "connection refused").

This has the potential to cause a lot of problems, which I won't go into because they're covered very extensively by the IAB document on this. [*]. Let me just give you one example from that document:

Web browsers all over the world stopped displaying "page not found" in the local language and character set of the users when given incorrect URLs rooted under these TLDs. Instead, these browsers now display an English language search page from a web server run by the zone operator.

...

In many situations, web browsers have been written to provide some assistance to the user, often based on local conventions, directories, and language, when a DNS lookup fails. All such systems are now disabled for URLs rooted under these TLDs, since DNS lookups no longer fail, even when the specified destination does not exist.

Anyway, this all happened about 3 weeks ago. IAB posted their analysis and ICANN (the oversight organization for the DNS as a whole) asked VeriSign to "voluntarily suspend the service" until ICANN could review it. VeriSign said no. Today, ICANN gave VeriSign a direct instruction to remove the service.

In addition, our review of the .com and .net registry agreements between ICANN and VeriSign leads us to the conclusion that VeriSign's unilateral and unannounced changes to the operation of the .com and .net Top Level Domains are not consistent with material provisions of both agreements. These inconsistencies include violation of the Code of Conduct and equal access provisions, failure to comply with the obligation to act as a neutral registry service provider, failure to comply with the Registry Registrar Protocol, failure to comply with domain registration provisions, and provision of an unauthorized Registry Service. These inconsistencies with VeriSign's obligations under the .com and .net registry agreements are additional reasons why the changes in question must be suspended pending further evaluation and discussion between ICANN and VeriSign.

Given these conclusions, please consider this a formal demand to return the operation of the .com and .net domains to their state before the 15 September changes, pending further technical, operational and legal evaluation. A failure to comply with this demand will require ICANN to take the steps necessary under those agreements to compel compliance with them.

As far as I know, this is the first time that ICANN has really publically tried to force an issue with VeriSign. It wil be interesting to see what happens next.

[0] This is just a sketch of how things work. In practice, things are a lot more complicated. In particular, quite often the server for "x.y.z" will also be the server for "y.z". Thus, one generally asks each server for the whole name and it gives you as much as it knows.

[1] Though, amusingly, "www.doesnotexist.com" does exist.

Who ratted me out to Yale?

About six months ago I started getting all sorts of letters from Yale, mostly soliciting me for donations of various kinds. Prior to that time, I'd been blissfully solicitation free, most likely since Yale didn't have my address--an address which I had deliberately not given them, by the way, since I pretty much hated my Yale experience and therefore had no desire to give them any money whatsoever. Unfortunately, now they've found me and I get about a letter every two weeks. What I don't know is how they got my address. Either they have drones scouring the net or someone finked on me. If you're the person who ratted me out, know this: Your dirty deed was to no avail and Yale's wasting their money on postage, cause they're not getting a dime out of me.

Do daughters cause divorce?

Steven Landsburg has an interesting article in the latest Slate on the surprising observation that the parents of girls are more likely to divorce than the parents of boys. Landsburg suggests a number of ways in which girls could increase the risk of divorse, but there's one possibility that he overlooks: girls don't cause divorce, divorce causes girls. It appears, you see, that really traumatic events increase your chance of having a girl [*]. So, what may be going on here is not that having a girl causes marriages to fail but rather that relationships that are already failing are more likely to result in girls being born. In that case, having a girl is a sort of marker for being in a bad relationship.

The fact that there appears to be a larger effect in some countries than others is an indicator that the "girls cause divorce" theory is right--though I can invent scenarios in which it's consistent with "divorce causes girls" as well. Neither possibility is a slam dunk, however, since the medical evidence on evidence that stress causes increased numbers of girls, at least in animals, seems pretty strong. [*, secondary source]. It's going to take a fair amount of research to figure out what's going on. The take home message here is that whenever you see a correlation, it's generally worth asking whether the variable that seems to be the dependent one is really the independent one.

Estimating numbers killed by global warming

The New Scientist has an article on some UK medical researchers who claim that global warming kills about 160,000 people a year.

Global warming kills about 160,000 people through its effects every year, scientists have warned. And the numbers dying from "side-effects" of climate change, such as malaria and malnutrition, could almost double by 2020, they say.

"We estimate that climate change may already be causing in the region of 160,000 deaths... a year," Andrew Haines of the UK's London School of Hygiene and Tropical Medicine (LSHTM) told a climate change conference in Moscow.

New Scientist doesn't point us to the actual paper, so it's hard to be sure, but I'm pretty suspicious of these numbers. There's a lot of controversy about the magnitude of global warming, even among people who think it's happening [I haven't studied the data at all, so I don't have any kind of informed opinion. The fact that most of the academic community seems to think it is happening makes me tend to believe it's real.], so I don't see how one could reasonably give a single figure for deaths. There's an enormous amount of year-to-year weather variation, so surely the number of deaths attributable to global warming varies dramatically as well. What does 160k represent? The mean? The median? What do the error bars on the estimate look like? Unfortunately, this article doesn't tell us.

Back on the bike!

Broke my bike out of storage over the weekend and went for my first real ride today (about an hour on and around Foothill road). It's amazing how specific your fitness is. I've been running regularly but biking is different enough that I found it surprisingly tiring.