Educated Guesswork

Don't fear the Green Russian

So, it's three in the morning and you want something to drink--but here in California the bars and liquor stores close at 2. There's only one thing to do, head over to the drugstore and buy some mouthwash. You see, mouthwash is 15-25% alcohol, but it's cheap and is sold 24 hours a day, making it a good choice for poor alcoholics [*].

Your best choice here is probably Scope (or better yet, one of the cheap Scope clones). (MSDS here). It's got less alcohol than Listerine (MSDS here), but Listerine has some other stuff in it (thymol, menthol, eucalyptol) that might be a bit irritating to your stomach.) Scope is basically a minty flavored alcohol/water mix. It's true that they're denatured, but the denaturant is just denatonium benzoate, which is really bitter tasting but only toxic at incredibly high doses (MSDS here).

Now, seeing as Mouthwash is pretty foul tasting, you probably want to mix it like you would any other hard liquor. As a public service, Hovav, Terence, and I provide the following recipes which may make it easier to drink yourself into a minty fresh stupor ¹

Drink	Recipe
Scopetini	8 parts Scope, 1 part vermouth
Scope and tonic	4 oz. Scope, tonic water, lime wedge
Scopedriver	3 oz. Scope, 4 oz. orange juice
Minty Mary	4 oz. Scope, 4-6 oz. tomato juice, 1 tsp lemon juice, 1/4 tsp. Worcestershire sauce, Tabasco, white pepper, celery salt
Spicy Mary	4 oz. cinnamon Scope, 4-6 oz. tomato juice, 1 tsp lemon juice, 1/4 tsp. Worcestershire sauce, Tabasco, white pepper, celery salt
Double mint julep	6 small mint leaves, 4 oz. Scope, 1 oz. lemon juice, 1 oz. sugar syrup, ice, mint sprig
Green Russian	3 oz Scope, 1 oz. white creme de cacao, 3/4 oz heavy cream, 1 scoop crushed ice

Cheers!

1. These recipes were derived from those in the Complete Book of Mixed Drinks. Scope is about 30 proof so I doubled all of those quantities to get closer to the 60-80 proof more common for hard liquor. Your mileage may vary. Beware the Smooth Mint, which is a measly 8.4% alcohol.

The synoptic gospels

As we all know, Mel Gibson's The Passion of the Christ is based on the first four books of the New Testament, The Gospels of Matthew, Mark, Luke, and John. The Gospels all tell more or less the same basic story, but Matthew, Mark and Luke are strikingly similar, much more so than you would expect from three authors who had happened to witness the same events. For instance, here's the Cleansing of the Leper:

Matthew 8.1-4	Mark 1.40-45	Luke 5.12-16
When he came down from the mountain, great crowds followed him; and behold, a leper came to him and knelt before him, saying "Lord, if you will, you can make me clean." And he stretched out his heand and touched him, saying "I will; be clean." And immediately his leprosy was cleansed. And Jesus said to him, "See that you say nothing to any one; but go, show yourself to the priest, and offer the gift that Moses commanded, for the proof to the people	And a leper came to him beseeching him, and kneeling said to him, "If you will, you can make me clean." Moved with pity, he stretched out his hand and touched him and said to him "I will; be clean." And immediately the leprosy left him, and he was clean. And he sternly charged him, and sent him away at once, and said to him "See that you say nothing to any one; but go, show yourself to the priest, and offer your cleansing what Moses commanded, for a proof to the people." But he went out and began to talk freely about it, and to spread the news, so that Jesus could no longer openly enter a town, but was out in the country; and people came to him from every quarter.	While he was in one of the cities, there came a man full of leprosy; and when he saw Jesus, he fell on his face and besought him, "Lord, if you will, you can make me clean." And he stretched out his hand and touched him, saying "I will; be clean." And immediately the leprosy left him. And he charged him to tell no one; but "go and show yourself to the priest and make an offering for your cleansing, as Moses commanded, for a proof to the people." But so much the more the report went abroad concerning him; and great multitudes gathered to hear and to be healed of their infirmities. But he withdrew to the wilderness and prayed.

This event doesn't appear in John at all.

Obviously, these texts are extraordinarily similar and some of the wording is precisely the same, even in the sections that aren't direct quotes. It's pretty much what you'd expect if they weren't entirely independently written.

There's substantial parallelism all throughout Matt., Mark, and Luke. They're often called the "synoptic" gospels (from the Greek syn (together) and opsis (view) [*]) because they can be read together (as in the table above, also called a synopsis). If we apply our normal analysis techniques, we quickly come to the conclusion that the texts are somehow genetically related. The exact relationship between these is called the Synoptic Problem and is one of the major questions in New Testament studies.

The leading theory is what's called the Two-Source Hypothesis (2SH). 2SH states that Mark came first and that Matthew and Luke created their gospels based on Mark and another source called Q, from quelle, the German word for "source". (Much of this work was done in 19th century Germany). Q would have been a "sayings source"--basically just a list of sayings with no real narrative. Depending on how you glue Q and Mark together, you would get either Matthew or Luke, at least mostly. Note that John is pretty clearly mostly independent.

2SH isn't the only possible genealogy for the Synoptic Gospels. You can find a lot more information at Steven Carlson's nice Synoptic Problem Home Page. If you're interested in just seeing how the gospels line up, check out the really fantastic Synopsis of the Four Gospels, edited by Kurt Aland. Here's a sample page. The synopsis above is taken from the Aland synopsis.

UPDATE: Fixed the "I will; be clean" passage in Matt. and Mark. Cypherpunk pointed out this error.

Missing the point

Caught tonight's Friday Forum program on electronic voting listen here. The guests were:

• Sharon Harrington, supervisor of elections for Lee County, Florida
• Barbara Simons, past president of the Association for Computing Machinery
• Tadayoshi Kohno, security expert at UC San Diego
• Harris Miller, president of the Information Technology Association of America

Harrington's respone to the topic of paper receipts was amazing. She kept saying that they were unnecessary because the machines could print out a record of all ballots at any time. Despite Simon's repeated attempts to explain, she couldn't seem to understand that this wasn't the same thing at all.

The problem here is that the software may have bugs that cause the display on the screen not to match the vote that's being recorded. When you print out the ballot record, you're just dumping what was recorded. If the recording function is broken, just printing out the results won't help you detect it. The purpose of a paper ballot receipt is to have an independent record of the voter's intent. With a paper record, what the voter verifies is what is counted. This allows you to do a recount that is independent of bugs in the software (of course, all this depends on the voter actually checking the paper receipts, which they probably don't). Even so, it's a totally different level of assurance than provided by a simple printout of the recorded votes. The fact that election officials can't--or won't--understand that out isn't reassuring.

Speaking of which...

The other day EG's home page went entirely blank. No errors, no warnings, nothing. After a fair amount of debugging and upgrading MovableType, I finally figured out what was up: I'd exceeded my disk quota and so was being left with just empty files. My guess based on a cursory reading of the source code is that MT isn't checking the return value of write() (well, Perl print) and so doesn't notice the write failing due to quota failure. It's a pretty common programming tactic to assume that this kind of call can't fail. Unfortunately, it can.

Open Source UI

It's good to see Eric Raymond say what many of us have known for years: the usability of Open Source softward is appalling. If what you're trying to do isn't exactly what the designers of the software envisioned, you basically have to be a programmer to get things to work.

Now, it's true that all software has this effect (a co-worker of mine used to call it "going off the fairway"), but Open Source is worse in two respects, one positive and one negative. On the positive side, you can go as deep as you want to debug it. I can't tell you the number of times I've been glad that I could whip out tcpdump or run some program under the debugger. You can't even do that with Windows (though you can at least use tcpdump with OS X). On the bad side, I had to use the debugger, and I've had to quite often. I'm almost at that point in trying to figure out why FreeBSD doesn't recognize my USB hard drive--something that just works in Windows or OS X. I'm not looking forward to it.

Eric exhorts Open Source developers to do a better job, and he's right, but I'm afraid that it's an inevitable result of the way that Open Source software is developed. Because Open Source is volunteer, people work on what they want to, and that's generally not testing, documentation, or UI. Those jobs aren't prestige jobs at almost any software company and so it's not surprising that Open Source programmers want to work on them. The only organizational structure that I know of that really succeeds in getting this kind of unpleasant job done is to somehow compensate the people doing it. What MS and Apple do, of course, is pay them. If Open Source is to solve its UI problem, it will need some kind of equivalent.

More on MDMA toxicity

Mark Kleiman has a very informative post about the Ricaurte MDMA toxicity scandal. You should read Mark's post, but here's a summary of the situation as I understand it:

• There's no real evidence that MDMA damages the dopamine system.
• The evidence that MDMA damages the serotonin system irreversibly, which came in part from Ricaurte's work, is starting to look fairly shaky.

What's especially silly about all this is that observationally the short-term toxicity of MDMA is fairly low, so people should have been skeptical of the dramatic damage being reported by Ricaurte. That's not to say that MDMA doesn't damage your brain (though we don't know that it does) but the kind of common, immediate, serious damage that Ricaurte was claiming should have produced a lot more deaths in humans. Maybe in the future people will exercise a little more skepticism towards reports of extreme drug toxicity.

Not a political issue?!?!

The Washington Post is reporting that Denny Hastert is refusing to extend the May deadline for the 9/11 commission report.

"He still doesn't feel the commission needs any extra time" and he believes that the panel "should complete its report as soon as possible," Feehery said, adding that a later deadline would make the commission "a political issue" during the presidential campaign.

Ignore for the moment the quite reasonable suspicion expressed by &c that Hastert is doing the White House's bidding on this one.

What I find ridiculous about this is the suggestion that the output of the 9/11 commission shouldn't be a political issue come election time. The whole point of a democracy is to give the voters an opportunity to express their opinion about their representatives. Doesn't it seem reasonable that they would want to express their opinion about an event that killed around 3000 of their fellow citizens?

Easterbrook misses the point again

In a blog post about the zoo, Gregg Easterbrook writes:

Wednesday's release of this report from the National Academy of Sciences that says the health of creatures at the National Zoo is declining because they are not receiving "annual exams, vaccinations and infectious-disease testing." Oh, so the animals are being treated like the 41 million Americans who don't have health insurance! "

I'm sure Easterbrook just thinks this is a clever throwaway line but it actually reveals a deep confusion about health insurance. Remember that the purpose of insurance is to hedge risk. Routine procedures like annual exams and vaccination are precisely the kind of care that shouldn't be paid for by insurance. It would be more efficient for those 41 million people--and the rest of us--to pay for such procedures out of their own pockets than first funnelling them through an insurance company.

Now, no doubt what Easterbrook really means is that there should be a program where the rest of us subsidize health care for the poor. But that's not fundamentally an issue of insurance but rather of wanting more transfer payments from the rich to the poor in the form of health care. Calling it insurance just confuses the issue.

The new Leathermen

Kevin Dick pointed me to Leatherman's 2004 product line (scroll to bottom of page). There's also a good article about them on Equipped to Survive (you need to scroll down).

The big news is the new Charge Ti and Charge XTi, which have a titanium casing as well as bit holders instead of normal screwdrivers. The main knife blades will also be a better steel. Also, there will be a pocket clip, which is nice for those of us who don't wear belts. At $125 the Charge is pretty pricy, but if you use your mulitool a lot (I do) then it's probably worth it. I wonder when these will be available...

The ethics of Nader

I'm amused to see all the discussion about whether Ralph Nader should run and whether people should vote for him. See, for instance, at Chun the Unavoidable..

The rap against Nader (and by extension, Nader voters) is simple. Nader has no chance of winning and he takes away votes from more liberal candidates who might win, in particular Gore in 2000 and the potential Democrat in 2004. Nader supporters practice defense in depth, arguing that:

1. Nader didn't take votes away from Gore.
2. Even if Nader did take votes away from Gore, it's Gore's fault that he lost for runing such a lousy campaign. If he had run well, he would have won comfortably.
3. Even if Nader did cause Gore to lose, Gore is no better than Bush so what's the big deal?
4. Even if one would prefer Gore in a Bush/Gore race, Nader's existence exerts leverage on the Democrats, thus eventually pushing the country to the left.
5. Even if there's no strategic benefit one should vote one's conscience.
6. It's the fault of the US voting system for being {winner take all, first past the post, two party, ...}.

#1 is a question of fact. I've had people who I generally trust tell me it's not true, but I've never investigated it myself. #2, like #5 and #6 are pretty much irrelevant if you're any kind of consequentialist. So what if Gore ran a lousy campaign? Do you want to be in a world where the Democrats win or not? Imagine you're standing there in the voting booth and it's your vote that separates Bush from Gore. How does the fact that Gore should have run a better campaign absolve you from responsibility for the fact that you're about to put Bush in office by voting for Nader [0]? As Mr. Pink says you didn't create the situation, you're just dealing with it. Of course, if you're not a consequentialist, your mileage may vary.

#3 strikes me as deeply silly. Sure, Gore was a corporate shill (can you be a politician without being one?) but can you seriously believe that he wouldn't have behaved differently in office than Bush? This argument should ring especially hollow for Greens after 9/11. I know some Democrats were glad Bush was in office because they thought Gore's response to 9/11 wouldn't have been firm or not, but if you're a Green, presumably that's what you'd want!

The only one of these arguments that works for me at all--or rather, would work for me if I agreed with Nader's political views--is the #4. It comes in two flavors, tactical and strategic. In the tactical version, Nader's existence in this race provides the Democrats with an incentive to move left now. In the strategic version, it's good for the Democrats to lose now, presumably due to some "heightening the contradictions" rationale. The problem with the tactical version is that there's a slippery slope to the strategic version. If you're a believer in tactical #4 then it starts to look like a good idea to support Nader but then actually vote for Gore if the vote is close. The problem with doing that is that the threat that you'll actually vote for Nader is all that allows him to pressure the Democrats. If his voters defect on election day then that deterrent is destroyed and future Democrats have less and less incentive to move leftward.

So, if you want to vote for Nader in 2004, I'm not going to tell you that shouldn't. On the other hand if Bush beats Kerry in 2004, Nader supporters should be honest enough to admit that it was a foreseeable consequence of their strategy.

[0] Obviously, in our system this isn't quite true because one vote can only turn a tie into a win or a loss into a tie, but imagine that you've been given two votes.

The downside of the Etymotics

The sound isolation is really outstanding. Yesterday, the FedEx guy came by and I never even heard him. Lisa came back and found the door tag. Apparently if you're going to use Etymotics and you want people to be able to reach you, you need to wire the phone and doorbell up to some visual indicator.

Volunteering is when you, you know, volunteer

Check out Josh Marshall: [*]

This morning Bush campaign chairman Marc Racicot was interviewed by Juan Williams on NPR. When asked about the president's Air National Guard service he said, the president's and John Kerry's service "compare very favorably... He (i.e. the president) signed up for dangerous duty. He volunteered to go to Vietnam. He wasn't selected to go, but nonetheless served his country very well ..."

He volunteered to go to Vietnam?

Marc, no he didn't.

Does he think no one is listening?

(For some reason Williams, made no effort to call him on it.)

Let's set aside the fact that pulling strings to get into the Air National Guard in 1968 is, on its face, quite the opposite of volunteering to go to Vietnam. When the president signed up for the National Guard there was a check box asking whether he wanted to volunteer for overseas service. And he checked off "do not volunteer."

I'm starting to think that lying may be an evolutionarily stable strategy for politics. Obviously it confers short term advantage, but you'd expect that getting caught would be a deterrent. However, if press and the population aren't interested in figuring out who's lying and who's not, eventually people just start figuring that all politicians are liars. At that point, there's no risk to lying and it becomes very hard to succeed without doing so constantly.

A dog's eye view of sex

Here's the opening of Jared Diamond's in Why is Sex Fun? The Evolution of Human Sexuality:

If your dog had your brain and could speak, and if you asked it what it thought of your sex life, you might be surprised by its response. It would be something like this:

Those disgusting humans have sex any day of the month! Barbara proposes sex even when she knows perfectly well that she isn't fertile--like just after her period. John is eager for sex all the time, without caring whether his efforts could result in a baby or not. But if you want to hear something really gross--Barbara and John kept on having sex while she was pregnant! That's as bad as all the times when John's parents come for a visit, and I can hear them having sex, although John's mother went through this thing they call menopause years ago. Now she can't have babies anymore, but she still wants sex, and John's father obliges her. What a waste of effort! Here's the weirdest thing of all: Barbara and John, and John's parents, close the bedroom door and have sex in private, instead of doing it in front of their friends like any self-respecting dog!

I just started reading this, but I'm generally a real sucker for books that help you attain the outsider's perspective on human behavior, just as you would when studying any other primate.

Discounts and preferences

Stanford students can buy iPods at a $30 discount, yielding the following price table:

Model	List Price	Discounted Price	Discount
15G	299	269	10%
20G	399	369	7.5%
40G	499	469	6%

A friend suggested to me that this makes the 20G iPod more attractive compared to the 40G others because it's been discounted more steeply, but that's not really so.

For simplicity, let's assume that there are only two models of iPod, the 20G and the 40G. If you value them at $410 and $510 respectively, then you're totally indifferent as to which model you purchase. Either leaves you with $11 worth of surplus. With the discount, the situation is unchanged: either leaves you with $41 worth of surplus. By contrast, if Alice values the 20G at $410 and the 40G at $505, then she is better off buying the 20G because it leaves her with $11 of surplus instead of $6. The preference ranking situation is unchanged with the discount. It's just a matter of $41 versus $36 instead of $11 versus $6. [0] That's not to say that the discount can't affect your behavior, of course. If Bob values the 20G at $395, then a $30 discount might cause you to buy it when otherwise he would not. However, it shouldn't cause someone to buy iPod A when without it he would buy iPod B.

By contrast, a fixed percentage discount can affect your behavior. Say, for instance, that students were offered a 10% discount, bringing the cost of the 20G and 40G to $369 and $449 respectively. Now, ordinarily Alice would buy the 20G since it would give her an $11 surplus instead of a $6 one. But with the discount, buying the 40G gives her a $56 whereas the 20G gives her only a $31 surplus. Alice to buy the 40G when she would ordinarily buy the 20G, since it would give her a surplus of $56 for the 40G as opposed to $31 with the 20G.

All that said, people aren't really that rational and so the Stanford discount may well cause people to buy the smaller iPod when they would otherwise have preferred the larger one. But that doesn't mean that it's rational...

[0] I should note that if you are very poor than $30 might change your perception of your net worth enough to affect which iPod you buy, but if you have that little money, buying an iPod probably isn't the greatest idea anyway.

UPDATE: Nagendra Modadugu pointed out that the models are actually 15,20, and 40G. Updated to reflect that.

Music to test with

When you're shopping for audio equipment, the only real way to test things out is to listen to music. If you're serious about it (and by the standards of lots of people I'm only modestly serious) you really need to bring your own music, for two reasons. First, you learn what it sounds like and so can quickly pick out whether it sounds right on the current system. Second, you want to test with the kind of music you like, right?

A while back I got tired of hauling a bunch of CDs to the store with me and just burned a CD-R with all the stuff I wanted to test with:

Artist	Track	Style	Notes
Stevie Ray Vaughan	Scuttlebuttin'	Blues guitar	All CDs should start this well
Man... or Astroman	Escape Velocity	surf rock	Any Man... or Astroman track will do
Flim and the BBs	Tricycle	Light jazz	Test for dynamic range in the opening passage
Rebecca Pidgeon	Spanish Harlem	Jazz	Reproduction of female vocals
Linton Kwesi Johnson		Dub	Bass and horn reproduction
Kate Price	Fhera Bhata	Celtic: vocals and hammer dulcimer	Reproduction of female vocal, precision of hammer dulcimer
Reverend Horton Heat	Wiggle Stick	Psychobilly	Does this song rock or what?
Stevie Ray Vaughan	Tin Pan Alley	Blues	Off couldn't stand the weather
Mark Knopfler	Storybook Love	???	Off the Princess Bride Soundtrack
Rolling Stones	Sister Morphine	Rock	Should be clearly able to hear that gravelly quality in Mick's voice. Reverb on guitar should be sharp and undistorted.

About half of these songs are tests for specific reproduction aspects and the other half are just general impression tests--stuff that I like that I want to make sure sounds good on whatever I buy. Typically Fhera Bhata is my front line test. If that doesn't sound good (clean and sharp) then I figure the overall sound reproduction is muddy and I don't bother with anything else. Speaker shopping a while back, Jennifer and I walked into a Cambridge Soundworks with that disk and played it for about 30 seconds. It sounded like garbage. We asked if that was their best sounding speaker. They said yes. We left.

Audio Nirvana?

My Etymotic ER-6s just arrived yesterday. They're really phenomenally better than the Sonys I was using before. So much better, unfortunately, that they're revealing some major limitations in the audio path I've been using to play music (computer sound card to cheapo Radio Shack amp). What I really need here is to get digital out to a decent external DAC, but the SPDIF part is looking a little nontrivial with FreeBSD.

The other option, of course, is to buy an iPod. gtkpod doesn't look entirely terrible, but doesn't seem to know how to tell the iPod to play through it's own jack. (Come to think of it, I don't know if this is even possible with iTunes), so it doesn't really let me bypass the computer's DAC.

Permacold

Kevin Dick pointed me to this article in the SJ Mercury about persistent colds. If you feel like you've had a cold for weeks, it may not just be you. Apparently one of the common cold viruses is respiratory syncytial virus (RSV) which is fairly persistent. Outstanding.

Remind me what's an academic subject again?

John Quiggen over at Crooked Timber raises the perennial issue of sports in universities, specifically US universities, with the background whether cheerleading should be an officially recognized sport (required viewing: Bring It On). The following exchange appeared in the comments section (excerpted heavily)

limberwulf:
"I doubt there would be so much fuss if the entertainment that brought in the big bucks were symphony or theatre."

Ophelia Benson:
Yes but that's because classical music and theatre/drama are academic subjects. Cheerleading and basketball aren't. So one has to decide how one is going to define 'entertainment' before drawing conclusions from that, it seems to me. Of course one can also discuss how to define 'academic'. Me, I think it ought not to include cheerleading. For the same kind of reason I would think it very odd (and then go away and never come back) if CT suddenly started talking exclusively about cheerleading. It's a different kind of subject - I think.

limberwulf:
Granted, general classifications of theatre do place it in the more "academic" category. However, a performance art, such as cheerleading, is not so far from performance art such as ballet. It is certainly closer than basketball. Its more of a crossover between the two, or at least, it could become that if it were made cometitive.

To go a step further, sports in general involve a great deal more than physical ability and excersize. To perform well at any sport requires intense mental training, and to perform well at a team sport requires that same mental training plus development of cooperation with other individuals working towards the same goal. In fact, one of the most used arguments against homeschooling is the concept of team sports and other social interactive and ccoperative activities. As a homeschooled person I do not buy into that entirely, but as an athlete, I recognize the academic benefits to mental training and to physical health.

Actually, I don't think limberwulf's argument here is strong enough. Obviously, there's some set of subjects that get traditional recognition as academic disciplines (the apparent implicit assumption that rock music doesn't count as an academic discipline is kind of interesting, no?), but why? Limburwulf focuses on the physical versus mental aspect, but I don't think that's it. Otherwise why isn't chess considered an academic subject?

One response, of course, is that it's purely traditional (and I'm sure that's part of it) but then it starts to look fairly arbitrary and can't really be used as the basis for a normative judgment about what's appropriate for colleges to engage in. So, let's assume that it's not completely arbitrary and try to survey the terrain:

Academic Subject	Not Academic Subject
Dance	Cheerleading
Sports medicine	Sports
Making chess computers	Chess
Linguistics	Scrabble

The pattern I see emerging here (and admittedly I've chosen my examples carefully) is that the difference between the academic subjects and their allegedly non-academic counterparts is that they're overtly competitive. Now, academic subjects are of course competitive (try talking to a scientist about the Nobel prize) but they don't generally have competitions with declared winners. Note also that you can generally turn a non-academic subject into an academic one by going meta and studying how to do it rather than doing it.

Obviously, this distinction can't account for all such pairs (dance is academic, dancing in strip clubs is not), but I don't think it's coincidence either.

You want to borrow what?

I just got this message via Orkut "friends of friends"

		Eric >[someone else]> [The offender]	2/18/2004
from:		[Name deleted to protect the guilty]
to:		friends of friends
subject:		does anyone (in MA) have a projection screen?
message:		I'm looking to borrow a portable projection screen.. does anyone in the MA area have one that I could borrow for the weekend?

Now, call me crazy, but I don't think that I'm going to lend my widescreen TV to someone who just happens to be a friend of one of my friends. There must be thousands of such people! It just shows how disinhibiting that the Orkut "spam friends of friends" feature is that someone would even ask.

UPDATE: A reader points out that I left the links to people's profiles in the original post. They're removed now.

More Easterbook weirdness

In an otherwise mostly reasonable article about how little income poor people in the US actually have ($18,850 a year for a family of poor is pretty low), these words pop out of his keyboard:

Delivery pizzas should cost a couple dollars more, groceries and paper towels and Old Navy pants and practically everything should cost slightly more so that the minimum wage could rise (there would be a ripple effect raising near-minimum wages as well) and poverty decline. It's a joke that the United States government, as of a few days ago, pretends a family of four earning $18,851 per year does not live in poverty. But it's a joke that the country's middle-class, middle-income majority has joined in.

Huh? What the heck is Easterbrook suggesting? Surely he doesn't think that we should have price controls on pizza and paper towels! I suspect that what Easterbrook really wants is to jack up the legally required minimum wage by quite a bit. But then why does he state it in this backward fashion? I hope he doesn't think that raising the price of pizza would somehow automatically increase the amount that pizza workers get paid.

Progress in AIDS treatment

Want to know how much better AIDS treatment has gotten? Check out this graph from the CDC web site showing survival probability by year of diagnosis:

Between 1994 and 2000, the 3 year survival probability went from about 55% to around 85%. This improvement is almost completely due to the introduction of the protease inhibitors as an anti-HIV treatment. More data can be found here.

Worse is better

If you want to understand the success of the Web, you have to read Richard P. Gabriel's Lisp: Good News, Bad News, How to Win Big, commonly known as "Worse is Better", after the famous phrase he used to describe the UNIX philosophy. Gabriel's essay talks about why C and UNIX have been an enormous success while the immensely more elegant Lisp systems that he had worked on were struggling. That was in 1991, when it was still possible to argue that Lisp had been misunderstood and would someday rise phoenix-like from the ashes. From the viewpoint of 2004 it should be pretty clear that that's not going to happen.

Gabriel's answer was that Lisp and C/UNIX embodied two different philosophies, which he called The Right Thing and Worse is Better. Say you want a piece of software that does some job. the Right Thing philosophy says that you build a system that does the entire job and don't release it until you've got it right. The worse-is-better philosophy is to build something that does as much of the job as possible but primarily is simple. Because the last 20% of a project takes most of the work, getting an 80% solution is generally much easier (probably less than half the work) of doing the whole job. Gabriel's point was that the 80% (or even 50%) solution has a substantial evolutionary advantage over the full solution. The 80% solution is still useful for plenty of people and there's lots of opportunity to improve it later once people have been sucked in.

The parallels to the Web are striking. Like C and UNIX, Web software is easy to write. Servers are incredibly easy to write and CGI scripts, Web forms and client-side scripting make it easy for even people with limited programming skills to deploy simple applications. Unfortunately, when one wants to write more complex applications, HTML and JavaScript fight you every step of the way. Readers who have had the dubious pleasure of writing a GUI-based application in C might find this to be a familiar experience.

Actually, back in the early days of the Web, the pressure to roll something out fast was so intense that some vendors, Netscape in particular, seem to have decided to take worse-is-better to its logical conclusion by doing the absolute minimum required to solve whatever the immediate problem was, without any attempt to solve the more general problem (the blink tag comes to mind). At EIT, we called it Dare to be stupid.

Two way links?

Brad DeLong points out this post by tim Oren

As we all know, Ted Nelson meant hypertexts to have bidirectional links. But due to a laboratory accident in Switzerland, we ended up with this lame thing. Mechanisms such as Google link search and Technorati are just hacks, ways to leverage Moore's Law to ameliorate a fundamental flaw in our hypertext data architecture, crawling the Web faster and faster to aggregate all of our trackbacks.

Yesterday, David Sifry convinced me that's just wrong. What Nelson missed, with his focus on 'literary' architectures, is that networked hypertexts are inhabited by people. Links are not just citations. They are gestures in a social space, parts of conversations or other interactions. There's an inherent value in looking at the dynamics of the record as it is created.

Given you're never going to get a distributed, social system to agree to deposit all of its meta-data in one place, crawlers are an necessary part of supporting the conversation. Further, knowing that the data stream is produced by groups of people gives traction for analysis based on social network theories, to augment the traditional information retrieval and citation analysis that may have reached its limits in coping with the scale of the Web. Most likely (my inference) that same network theory will suggest more efficient ways to both crawl and index what is found.

Best pitch award for Tuesday: David Sifry of Technorati.

This may well be so, but there's an even simpler reason why Web-style one-way links were a Big Win over Xanadu: they were technically achievable. The big problem with Xanadu was that all the complicated features that it wanted to provide (principally the transclusion and copright settlement features) required an enormous technical infrastructure, quite possibly including micropayments, a problem we've never really solved adequately.

By contrast, any idiot who could write an Internet server could write a Web server. In fact, using inetd, any idiot who could write a UNIX program could write a Web server. A primitive web server is an incredibly simple beast. In its simplest form, it takes a single path (which can be mapped 1-1 with a directory name) and spits it out on the network. I've seen simple Web servers written in a page or so of Perl. And since the pages are just files on disk, they can be written with any text editor. In fact, it took quite a long time for people to figure out how to write decent tools for authoring Web pages (see here for an early attempt done by one of my colleagues at EIT.) A Web client is complicated, but it's just GUI, which it's well known how to write.

To get back to the topic of links... authoring a one-way link in a Web page is easy. You just type the URL into the document. But think about how two-way links would work. When you created a document, you would somehow have to notify the target of the link and they would have to somehow annotate their local files to record the reverse link.

Both of these steps are problematic. If the links are to be reliable they have to be automatic. Recall that Web pages are written with generic tools. Those tools don't even know that they're authoring Web pages, so they won't be able to automatically notify the other server. This means your server will have to scan all the files on its disk (parsing the HTML!) and then automatically contact the other servers. None of this is prohibitively difficult but it's a lot tougher than just writing the file out to the network.

Making the reverse link is even more difficult. When a server is notified that a link has been made to document X, it needs to somehow annotate the file with that link. Worse yet, links can be made to parts of documents. So if someone links to section 5 of X, you really want to hang the reverse link off of section 5. That means editing the document on disk, which requires knowing a lot about the document format, which, as I've said, servers of the time didn't (and to a great extent don't now). And of course the ability to induce changes on other people's servers creates security problems.

The Big Win of the Web was that like the proverbial half an eye it was useful even in a primitive form, which meant that it could see wide deployment and then be slowly improved. By contrast, Xanadu spent years shining their system but were never really able to get it off the ground.

UPDATE: Lisa Dusseault pointed out to me that another way to do two way links is to have some central registry. But that requires someone to be willing to operate it. One nice thing about the Web was that it had distributed operation. As long as the client and server could connect you didn't need anyone else. (except the DNS, of course, but then the entire network relies on that).

The greatest running movie ever

Everyone has seen Chariots of Fire but the greatest running movie ever is Endurance, a little known documentary about Haile Gebreselassie, the current holder of the 10,000 meter world record and probably the greatest distance runner of all time. Born into a family of dirt-poor farmers, Gebreselasie grew up to win two Olympic gold medals (the 10K in 1996 and 2000).

Endurance is part documentary and part reenactment, using Gebreselassie and members of his family as actors to portray the story of his life. The acting is incredibly stiff but somehow heartfelt and the matter of fact presentation of grinding poverty juxtaposed with the beautiful Ethiopian landscape brings home how most of the world lives better than 100 Save the Children commercials.

The movie culminates in the 1996 Olympic 10K race where Gebreselassie won his first gold medal intercut with scenes from his childhood--running to school, pushing a plow, his mother dying. It's an amazing race. At the time, with the exception of Gebreselassie, the Kenyans totally dominated the international distance running scene (they won 5 medals in 1996) and there are at least two in the race. Gebreselassie was the favorite going in and the Kenyans work as a team to try to break him down throughout the event, trying to put Paul Tergat in a position to win. Gebreselassie hangs with them but doesn't make his move until the very end. As the bell rings for the final lap, Tergat is obviously running all-out and Gebreselassie just seems to find a whole other gear. He puts on this incredible burst of speed, leaving Tergat in the dust by almost a full second.

I don't know if non-runners will enjoy this movie as much as I did, but if you're an endurance athlete, I strongly recommend you check it out.

Where do I get my gene modifications?

We're starting to get some major coverage of performance-enhancing gene therapies.

The researchers injected rats with a modified virus that transported a gene to their hind leg muscles. The gene triggered increased production of a growth hormone called IGF-I.

Combined with an intensive exercise regime of ladder climbing, this caused the rats' muscles become 15 to 30 percent stronger than would be expected with exercise alone. Even without exercise, the genetically modified rats' muscles grew by 15 to 20 per cent, Sweeney says.

What's really cool here is how much muscle growth they're seeing even without exercise. I know lots of people who like being in shape but don't enjoy exercising. Wouldn't it be great to be able to get the benefits of exercise without doing the work?

There are other benefits, of course. There's a lot of variation in how strong people are naturally. For instance, my friend Kevin is roughly the same height as me but is naturally much stronger than I am. I lift fairly hard, but I'm never going to build muscle as fast as he does, and all that lifting is quite hard on your joints. Having a jump-start would be enormously helpful.

Infringing mixes

So-Crates over at PM-Style posts on the Grey Album:

So, there's an interesting new album floating around the P2P nets, and I can't tell if it's the first really substantial example of art being supressed by overzealous copyright law, or the smartest marketing campaign ever. The album is a mix of the vocals from Jay-Z's "Black Album" with instrumental samples from the Beatle's "White Album", called, naturally, "The Grey Album". Of course, Danger Mouse can't get the rights from either record company, so the album can't be released. However, this album has now been glowingly reviewed by essentially every music blog I read, the Boston Globe, SPIN, and Rolling Stone.

Ok, so this kind of mix is clearly a copyright infringement, since the new album contains copies of the original albums. But that doesn't mean that creativity definitely needs to be stifled. This kind of copying, called "copy-by-value", isn't the only way to copy something. The other option is what's called "copy-by-reference". Instead of making a copy of an album I tell you "go there" to get one.

Now, suppose I wrote and distributed a computer program that transforms the "Black Album" and the "White Album" into the "Grey Album". Call that the "Grey Program". That's easy to do. It's a list of sample beginnings and endings, how long to play them, etc. In order to actually use the Grey Program, you'd have to have copies of both the "White Album" and the "Great Album" (presumably you'd rip them onto your hard drive). Now, I don't know if this is legal, since I'm not a copyright lawyer. But from an ethical perspective, I don't think there's any problem. After all, you need to have copies of both other albums in order to use it, so neither of the copyright holders really has status to complain--they're getting their money. From an economic perspective, this actually creates demand for their albums so they should be happy.

Of course, what I just described sounds clumsy, but it ought to be straightforward to design a generic format for describing re-mixed albums. You could then arrange that instead of burning complete CDs, the recording tools just output a mixing program instead (this could also include any original material you wanted to put down).

Semi-anonymous screening for Tay-Sachs

The New Scientist has an interesting interview with orthodox Jewish rabbi Josef Ekstein. He's a Tay-Sachs carrier and four of his children had Tay-Sachs--singularly bad luck, BTW. His community is faced with an interesting problem: abortion is forbidden so prenatal screening doesn't do any good. For reasons that aren't entirely clear, they didn't want to use conventional parent screening:

At first I wanted to encourage conventional testing, but rabbis and community leaders were sceptical. They feared that if we identified carriers we would do more harm than good, so we developed an alternative, confidential testing method. I had to learn about genetics the hard way, by teaching myself. It was difficult, but if there is a will, there is a way.

The way their system, called Dor Yeshorim, works is that you get confidentiality screened but they don't tell you the results. Instead, you're given a code number. When you want to get married you and your partner give your code numbers to the system and they're told if they're both carriers. If either one isn't a carrier (thus making it safe to breed) you're just told it's ok, even if one member of the couple is a carrier. According to the rabbi, this system has really worked. They've more or less wiped out Tay-Sachs in the Brooklyn orthodox community and they've expanded it to a bunch of other diseases as well.

This system isn't exactly optimal from my perspective, since two people who carry Tay-Sachs can breed safely as long as they're willing to abort any affected fetus (which I don't have an ethical problem with). With Dor Yeshorim, they basically have to give up on having kids--or find other partners. Still, it's an interesting workaround for a situation that was clearly fairly sensitive and difficult to navigate.

Curse you, pop-under windows!

So, I'm trying to view a paper on my Windows box using IE. It's in PDF, of course, and Acrobat seems to think it would be a fanstastic idea to pop up a dialog asking me if I'd like to upgrade. Cleverly, it pops it up under my IE window, thus ensuring that IE is stalled but I can't see the prompt. Last time this happened I waited like 15 minutes before I finally got fed up and killed enough windows to see the stupid pop-under. This time I was on a bit of a shorter fuse so I only wasted about 3 minutes this way.

Message to UI designers: pop-under windows and modal dialogs do not mix. Use one or the other or suffer my wrath!

HTTP decoding annoyances

How, here's an annoyance. I'm doing a network capture application that decodes HTTP traffic. I originally thought that you could treat the request and response streams as separate and just parse out the messages. Nope. The response stream isn't unambigous.

The problem is the HEAD request. It's defined to generate the same response header as the corresponding GET request. So, for instance, here's an HTTP HEAD to www.rtfm.com.

HTTP/1.1 200 OK
Date: Thu, 12 Feb 2004 20:55:16 GMT
Server: Apache/1.3.26 (Unix) mod_macro/1.1.1
Last-Modified: Tue, 30 Sep 2003 15:15:48 GMT
ETag: "1897d9-848-3f799e24"
Accept-Ranges: bytes
Content-Length: 2120
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

Note that this is exactly (required by RFC 2616 to be) the header that would have been on the corresponding GET. Except that there's no message body (which a GET would have) but the Content-Length is nonzero. The only way to parse this is to know that it came from a HEAD ignore the Content-Length headers. And because HTTP allows pipelined request/response pairs, this means keeping a linked list of requests. Fun, huh?

The Martian anthropologist goes to the movies

Lisa and I watched After the Thin Man last night. I recommend all of the Thin Man movies, but it really struck me how weird the acting looked. First, it was incredibly stagey. You could pretty much see people move to their marks, deliver their lines (snappily, of course), listen to the response line, and then move to the next mark. Second, the physical cues that people used to indicate emotion (gesturing, mugging for the camera, etc.) seemed incredibly gross.

Now, obviously these conventions are the result of the technical limitations of movies of the time, plus being holdovers from theater, but it got me thinking. Maybe our movies look just as fake to someone who didn't grow up on them--it's just that we're conditioned to understand to the conventions used to indicate emotional states in modern film. As an obvious example, consider the convention of a laugh track. It seems incredibly natural to us, but of course reality has no laugh track. There's an example of using technology to make things more fake.

Put yourself in the position of a martian anthropologist who's only ever watched surveillance videos of real humans, but has never seen any human-made theater or movies. Would he think that our movies were any more realistic than old movies?

To make things more complicated, there's feedback between what you see on film and how you behave (and vice versa). So, the question we actually need to ask is whether our current movies resemble our current behavior more or less than period movies resemble period behavior. I can't really answer that question because I'm too bound up in our own conventions. Where's the Martian anthropologist when you need him?

You must be a kid, you have a certificate

Paul Hoffman over at LookIt alerted me to this story about VeriSign's plan to offer digital ID tokens to children:

The Net infrastructure and security company and partner i-Safe America, a group that educates children about online safety, will demonstrate the use of digital IDs at a Congressional Internet Caucus Advisory Committee luncheon and technology fair in Washington, D.C.

VeriSign and i-Safe are working together to bring digital ID tokens to children between 12 and 17 years old. Currently, more than 48 million American children aged 5 to 17 regularly use the Internet, according to the U.S. Department of Commerce. That figure is expected to swell to more than 77 million by next year.

"The idea is to give i-Safe digital credentials to children, so they can interact with anyone safely on the Internet, no matter where they are," said Teri Schroeder, chief executive of the nonprofit organization.

Under a pilot program scheduled for introduction during the summer, parents can sign up their children for digital credentials when enrolling them in school. VeriSign will issue the ID hardware and the schools will act as the registration authority. There will be no cost to the students or to the schools.

The token, which plugs into a computer's USB port, will allow children to encrypt e-mail, to access kid-safe sites and to purchase items that require a digital signature, said George Schu, a vice president at Mountain View, Calif.-based VeriSign.

He noted, however, that few public Web sites exist that require digital credentials for entry, which raises questions about whether children need the tokens.

Let's take a look at that value proposition again... "give i-Safe digital credentials to children, so they can interact with anyone safely on the Internet". Hmm... What we need to do here is look at the threat model. There are two main fears that people seem to have about letting children online:

1. Children will encounter (or seek out) inappropriate material.
2. Bad People will meet your children online and lure them into kidnapping, child molestation, or whatever.

Now, issuing kids digital IDs will do absolutely zero to stop problem 1. The problem there is that kids masquerade as adults, and if all you have to do to pretend to be an adult is not use your ID, that's not much of a challenge. What you need in order to keep kids from getting at inappropriate material is IDs that prove you're an adult, and more importantly, that all web sites that served Bad Material to refuse to serve it to people without that ID.

It looks to me like this program is directed towards the second problem, by allowing people to offer "kid-safe sites". I suppose the idea is that you would start a site that promised that only kids would be allowed on and verify that by using these digital IDs. That sounds like an OK idea until you consider that it relies upon it being very difficult for Bad People to get digital IDs that say "kid" on them. How hard is that really going to be? We're talking about a gizmo roughly the size of a keyring--in the hands of 5 year olds! How often did you lose your keys when you were a kid? How many IDs do you think you could pick up if you worked at Chuck-E-Cheese?

Worse yet, the security of the scheme relies upon the people who run it (school teachers and administrators!) actually keeping close control of who gets IDs. How likely does that seem to you, in a world where even VeriSign has been known to issue certificates to the wrong people [*]?

Ooh... multithreading...

There's a particularly entertaining passage in the NY Times Article on virus authors:

Benny -- that's his handle, not his real name -- is most famous for having written a virus that infected Windows 2000 two weeks before Windows 2000 was released. He'd met a Microsoft employee months earlier who boasted that the new operating system would be ''more secure than ever''; Benny wrote (but says he didn't release) the virus specifically to humiliate the company. ''Microsoft,'' he said with a laugh, ''wasn't enthusiastic.'' He also wrote Leviathan, the first virus to use ''multithreading,'' a technique that makes the computer execute several commands at once, like a juggler handling multiple balls. It greatly speeds up the pace at which viruses can spread. Benny published that invention in his group's zine, and now many of the most virulent bugs have adopted the technique, including last summer's infamous Sobig.F.

Of course, multithreading is a well known computer programming technique and has been around on Windows since at least 1993. Now, it could of course be the case that Leviathan was the first virus to use multithreading--frankly I doubt it since it appears that Code Red was multithreaded. However, it's a perfectly ordinary programming technique. In fact, it's pretty much the standard way to write code for Windows. I'm not sure what's supposed to be new here.

[0] The idea of multiprogramming is decades old, going back to the early days of timesharing.

UPDATE. Craig points out in the comments section:

Leviathan was a virus for the Amiga, back in 92/93 -- certainly well ahead of Code Red, though what the basis of the claim for "first multi-threaded virus" is, or why multi-threaded would do much for you as a virus author back in the days where infection spread through floppy disks, I'm not sure. Perhaps it was a "my penis is bigger" feature of the virus, since it was a boot-block virus and fitting a full-blown replicating virus (two replication methods too) which actually used multiple threads into 1024 bytes of 68000 boot sector code might be viewed as a challenge.

Ah. I just got confused by the juxtaposition of Leviathan and Windows. I agree that the advantage of multithreading seems fairly minor.

The ethics of writing malware

Cory Doctorow argues on BoingBoing that virus writing is a perfectly fine activity:

Clive touches on, and dismisses the free-speech arguments for publishing malware code (interestingly, he does so without any quotes from legal scholars and impact litigators who work on First Amendment issues, and so ends up eliding the nuance in the argument and presenting a somewhat blunted picture of the issue) and only lightly touches on the far more important notion of legitimate security research.

If, as Schneier says, "Any person can create a security system so clever s/he can't think of a way to defeat it," then the only experimental methodology for evaluating the relative security of a system is publishing its details and inviting proof of its flaws -- proof readily embodied in malware.

Codebreakers and worm-writers are the only mechanism we know about for reliably strengthening systems, and the idea that they should refrain from publishing their research in order to keep us safe is fundamentally flawed, since it depends on the idea that malicious people will never be clever enough to independently reproduce their techniques, and that the public is better served by remaining ignorant of the potential risks in the systems they've bought than by being exposed to the evidence of the rampant flaws in those systems.

This notion falls flat when considered in light of the real world. If a developer was building condos whose doors could all be unlocked with an unbent paper-clip, this line of reasoning demands that the person(s) who discover this should keep mum about it, in the hopes that no bad guy ever catches on. In the real world, the best answer is usually to scream about this to high heaven, so that the bad developer can't silence you and cover his ass, and so that his customers can get their locks fixed.

This is basically the classic argument for full disclosure taken to an extreme. EG readers won't be surprised to hear that I think this position is pretty much completely wrong. Let's try to unpack Doctorow's argument, which I read roughly as follows.

1. Software is riddled with vulnerabilities.
2. People need to have have accurate information about whether the software they might potentially purchase is secure.
3. The only way to get that information is to actually look for vulnerabilities.
4. Therefore breaking code and publishing malware is a good thing.

Now, I absolutely agree with (1), and let's stipulate (2) and (3) for the moment, though I don't think they're actually that obvious. The problem here is that Doctorow is conflating publication of vulnerabilities with the creation of malware that exploits those vulnerabilities. Now, I'm not so sure that publication of vulnerabilities is that great an idea (see here and here) but you don't need much data or complicated statistics to see that the argument for publishing malware is dramatically weaker.

Let's say that you've discovered some previously undiscovered bug in Windows. You have three choices (actually there are a lot more, but these are typical).

1. Sit on it and don't tell anyone.
2. Publish it (perhaps telling MS first so that they can release a patch).
3. Write some malware that exploits it and release it.

Now, the argument for publication/disclosure is exactly the one that Doctorow made. Namely, that it allows people to fix their software (or buy stronger software). The price that we pay for that information is that it also allows attackers to start using the vulnerability to attack people, whether by targeted attacks or writing self-spreading malware such as viruses or worms. However, at least the attackers and the defenders get the information at the same time so people have some time to patch (and some even do, though not as many as one might like.) Releasing a worm as the first thing one does (a zero-day worm) totally eliminates that advantage, pretty much guaranteeing that more machines will be compromised, since noone will have time to patch. Why is this a good idea again? Of course, there's the intermediate point of writing the malware and not releasing it, but that just strikes me as a disingeuous version of (3). Once it's posted to the net, it's fairly likely someone will release it. Why not just post an advisory?

To make matters worse, malware generally isn't based on new vulnerabilities. All the major worms so far have used vulnerabilities that had been published quite some time ago, so the information that they provide you about the vulnerability is quite limited. I suppose you could argue that they tell you "there is now a virus for this vulnerability" but remember, the person who wrote the virus is the one who created that condition. It's like demonstrating that lots of people aren't immune to smallpox (duh!) by starting a smallpox epidemic.

In general, the mere fact that there is a vulnerability implies that a virus/worm is possible. Most of the machinery for a virus/worm doesn't depend on the exact technique used to effect entry to the computer and you can get malware skeletons on the net that just let you plug in the code to exploit the vulnerability (Google for "virus construction kit"). Moreover, it's well understood how to write a fast-spreading viruses and worms [*], so even if you write your own worm, you're probably not teaching people too much.

Can fingerprints be that bad?

This Boston Globe article on the credibility fingerprint evidence is pretty disturbing. I knew that standards varied a lot, but the author claims something even more disturbing:

In addition, we have no idea how often two individuals -- whose prints would indeed look different if we had access to a complete set of 10 undistorted prints -- might have partial fingerprints that resemble each other enough for an examiner reasonably to mistake them as coming from the same person, especially when the print lifted from the crime scene might be smudged and distorted.

...

Fingerprint evidence has enormous cultural power -- in Cowans's case, the prosecutor had said he was prepared to prosecute again, despite the exculpatory DNA findings, precisely because of that supposed fingerprint match. Although numerous defendants have challenged the use of fingerprint evidence in court in the past few years, judges for the most part have not taken these challenges as seriously as they should. Whatever happened in this case, it should be a wakeup call to experts, prosecutors, judges, and the public. Until the limits of fingerprint evidence are better understood, we must be wary.

This claim is really amazing, if true. It should be incredibly straightforward to design a double-blind trial to test the probability of false positives. Just collect a bunch of fingerprints under controlled degraded conditions and then have the examiners attempt to determine which sets match. If we haven't done that, it's pretty hard to justify using fingerprints as evidence. It's particularly disturbing that people are prepared to trust them over DNA evidence, for which we have a pretty good idea of the error rate.

Etymotic ER-6 or ER-4S?

I see that Etymotic has produced a low-cost version of their famous ER-4S. The ER-6 goes for about half the price of the ER-4S (129 vs. 249) at Headroom. The main difference seems to be slightly lower quality sound and less sound isolation (15-20 vs. 23 dB). Surely, the ER-6s are a lot better than the crappy Sony earbuds I use now, but I wonder if I should fork over for the ER-4S. Are there any EG readers who have tried both?

How to steal books from the library

Lately I've been using the Palo Alto library some more (I go through spells of heavy use until my pathological late book returning racks up some major fines and then I avoid the library till I feel ready to pay up). Anyway, the library has a checkout system which is integrated with their anti-theft system in an interesting way: Each book has what appears to be the standard anti-theft gizmo that is detected by those doorway pillars. A lot of these systems deactivate the in-book tag by applying a large magnetic field but in this system the anti-theft gizmo is apparently in the pocket where the "due date" cards go. As long as there is a due date card, the alarm doesn't go off. I don't know physically exactly how the system works but it looks like the cards themselves are somehow metallic.

Anyway, even without knowing exactly how it works, this system has two useful properties:

1. The cards aren't tied to any particular book.
2. You can carry a card into the library without setting off the alarm.

Pretty clearly, this allows you to steal a more or less unlimited number of books without triggering the system. Go to the library and take out a couple of books. Then take the tags into the library, put them into the books you want to steal and walk out. Repeat as desired. Not that I'd ever do this of course, but as a security guy, my instinct is to pretty much automatically try to figure out how to bypass any security system.

Curse you, virus spam filter!

I just found about 200 messages that I'd lost by misconfiguring my procmail virus filter. You see, due to the ongoing MyDoom threat, I keep getting all these notifications that messages that I "sent" (actually that someone else's MyDoom forged) contain viruses. I got tired of reading these so I modified my procmail filter to exclude them (a little more instant gratification than training my Bayesian filter, I figured), as follows:

:1
Subject:.*Norton AntiVirus detected and quarantined
junk/.

:1
Subject:.*BitDefender found an infected
junk/.
...

Unfortunately, I mistyped one of these and instead did:

:1
Subject:.*
BitDefender found an infected
junk/.

Which shoved pretty much any message into a folder called BitDefender. So, I've been missing pretty much all mail since Friday. I finally noticed that I was getting suspiciously few messages and looked into it. The good news, though, is that all the mail just ended up in the BitDefender folder and so I was able to just read that in.

So, it's totally my fault, but I wouldn't have made this mistake if it weren't for all the spam I get. I've never seen any good data on this, but I wonder how much of the cost of spam is due to various kinds of filter false positives.

Can't the CSI screenwriters use Google?

Exhibit A: the CSI rerun that was broadcast last night.

Sara Sidle (Jorja Fox): Thorazine? That's an animal tranquilizer. Zephyr didn't use any live animals in his acts.
Gil Grissom (William L. Petersen): Maybe he didn't use it on animals.

Thorazine (chlorpromazine), of course, was the first real antipsychotic drug. It's not the first choice for use on humans and it can be used on animals, of course, but it's still in the human formulary. I'd hardly describe it as an "animal tranquilizer".

Exhibit B: an episode of CSI: Miami I saw a while back where they tracked someone from an IP address, which was a dotted quintet (should be a quad), with components greater than 255 (the maximum for any section of an IP address).

Now, I don't ordinarily expect TV shows to be a major source for scientific information, but seeing as CSI is science porn for nerds, it's a little disappointing that they can't get things right.