Educated Guesswork

EG turns 5000

According to Sitemeter, for the first time ever this month EG got over 5000 "visits" (Whatever that means. Defining a visit isn't an exact science...) Good work, comrades, and keep clicking.

Tradition... it's what keeps us on the roof

It's pretty easy to write a story about people's response to contrary evidence:

• People have been doing X for years based on anecdotal evidence theoretical arguments about why X should work
• Someone does a controlled study and concludes that X probably doesn't work.
• Practitioners say "we think it works anyway".

This AP article about stretching and fitness provides a pretty good example of the form. Basically, some people at CDC did a review of the literature and concluded that the evidence didn't support stretching for injury prevention. The article concludes with:

Two other researchers said, however, that there may still be value in the stretches that coaches require, and athletes do.

Lynn Millar, a professor of physical therapy at Andrews University in Berrien Springs, Mich., said her experience in treating people with injuries tells her that those who don't stretch may find they can't move their arms and legs as far as they used to, and this could set them up for injury.

"Unfortunately, a lot of us don't have a normal range of motion," Millar said.

Stephen Rice, director of the sports medicine center at Jersey Shore University Medical Center in Neptune, N.J., said he values the experience of trainers and athletes.

Flexibility is an element of fitness, and stretching ought to make a person more flexible, Rice said. "I would say the conventional wisdom has a certain amount of wisdom to it," he added.

This phenomenon isn't unique to medicine. The response to Gilovich and Tversky's work demonstrating the non-existence of the Hot Hand in basketball (here is a particularly choice piece) was almost exactly identical. (See here for a nice web page on the topic). Humans just have a terrible time distinguishing random from non-random behavior, perhaps because our internal pattern-detecting machinery is too good. And of course, once you think you've detected a pattern--and spent years acting on it--commitment and consistency make it very hard to give up your beliefs.

Thanks to Kevin Dick for pointing me at the SF Gate article and suggesting the generalization of the observation.

Yet more on paternalism in medicine

DB follows up:

Let me try again. Many patients make their own decisions regardless of our recommendations (and remember, we prescribe we do not force feed medications). I guess a well educated patient might be able to figure out a complex medication regimen. But it really is unlikely. I guess I could treat myself - but we do have a saying about that - "The doctor who treats himself has a fool for patient".

So I must endorse this form of paternalism. Physicians have the training and experience to juggle the multiple conditions and disease manifestations. We should include the patient in our decision making - but we should recommend and recommend strongly a treatment course that best fits the available evidence. For that I do not apologize!

Medpundit expresses similar sentiments:

I can't say I agree with all of his points. There are some drugs, like prescription allergy medication, and ulcer medication which are fairly harmless and don't really need monitoring or the help of a doctor to decide whether or not they're needed. But there are others - heart medications, cancer drugs, blood pressure drugs, etc. that either need the expertise of a physician to make the correct diagnosis for their appropriate use or that need to monitored closely for potential side effects. Even drugs as seemingly benign as blood pressure drugs need to be monitored periodically to make sure they aren't having adverse effects on the kidneys or, in some cases, the heart or the balance of the body's electrolytes. That isn't being paternalistic, just responsible.

Both of these responses seem to me to miss the point. Sure, one should generally have a professional diagnose one's medical problems and control one's drugs. But one would also probably be better off if one let a professional work on your car transmission, do your taxes, o, to draw an example closer to my heart, hiring a professional to design your computer security system rather than trying to do it oneself. Certainly 99% of the time the professional would do a better job, but only the customer can decide whether that justifies the inconvenience and expense of seeking a professional.

What's paternalistic is that in the medical field--as opposed to computer security or auto repair, the professionals have managed to lobby to make it illegal for people to serve themselves. There are lots of fields that are so complicated that one could argue that consumers would be better off to hire a professional--in fact this is the standard argument that guilds have used to justify legislated monopolies for centuries. Neither DB nor Medpundit seems to me to have made a particularly good argument for why they should be able to use the force of law to maintain that monopoly.

When is paternalism justified?

DB from DB's Medrants responds to McBride's article on prescriptions and paternalism:

Trent hypothesizes that making patients come to the doctor for prescriptions represents the ultimate form of paternalism. I will disagree to some extent on his proposed solutions.

Yes, prescribing medications is paternalistic. But then I do not assume that all medical paternalism is bad.

If you have congestive heart failure, I have a complex drug regimen to prescribe. Adjusting these medications requires repeated visits. I must understand the side-effects of each medicine, alone and in combination. I must consider your renal function, and your electrolytes. Finally, I must prescribe the medications with an understanding of your other medical problems (and few patients have CHF alone).

So to provide the highest quality care, I believe that I must be paternalistic. In that sense paternalism is not a bad attribute.

I think DB is missing something important here. Sure, if you want high quality medical care and you're not medically sophisticated you want to be under the supervision of a doctor. The problem is that it's legally mandated. There's no law against me working on my own car, but when I have a transmission problem, I don't drop the tranny in my garage--I take it to a mechanic. (To tell the truth, I take it to a mechanic to have the wiper blades changed). So, I think if you want to have mandatory paternalism, you really have to explain why people aren't able to decide for themselves whether they want close monitoring. In my view, DB doesn't do that satisfactorily.

Paternalism, medicine, and prescriptions

There's an interesting article by Trent McBride arguing that the requirement that patients obtain a prescription in order to get most drugs is a bad thing.

McBride doesn't use the term "rent-seeking" but nevertheless describes the phenomenon pretty clearly:

That's a pretty raw deal. But if patients lose, who gains? The benefits have to accrue somewhere. And they accrue right into the lap of physicians. Under the pretenses of patient safety, we have supported a system that restricts access to drugs so that patients will be more reliant on our care. By placing ourselves at the top of the drug information hierarchy, with the government's blessing, we have created a system that artificially increases demand for our services (thus increasing fees), stresses the service capability of the health care system, and very possibly causes harm to patients.

I generally agree with this line of argument, but there's one part of the article that doesn't make much sense:

To switch gears, let's look at two recent examples of drugs that switched to OTC status to much fanfare. In 2003, the heartburn medication Prilosec was granted OTC status. Its price quickly fell from $4 to $1 per pill. In 2002 the allergy medication Claritin underwent the same transformation with a similar fall in price. It amazes me that I have actually heard some physicians say they didn't understand why. When the gatekeeper was removed, supply was no longer artificially restricted and the price was bound to fall. (Claritin was complicated by the fact its patent was set to expire. However, its price fell independent of its patent expiration.)

(Sidebar: As an example of the perverse incentives of health insurance, while the price of the medicines fell, the price the patients had to pay out-of-pocket actually increased because OTC meds are not covered by health insurance plans or Medicare. So patients had the incentive to buy the more expensive medicines, increasing the costs for everyone.)

Let's take a step back here: it's true that overall cost to the consumer should drop when the supply is unrestricted, but that doesn't mean that the street price should go down, as a large part of the overall cost is rents collected by physicians. The Claritin issue is complicated by patent expiry, but I suspect that in the case of Prilosec, what happened was that there were a lot of people to whom Prilosec wasn't worth $4/pill but it was worth $1/pill. In fact, many of them were probably being prescribed Prilosec but their insurance was paying for it! When it went OTC, they had to bear the full burdened cost (often because their insurance company stopped paying, which is oftem from whence the pressure to go OTC comes) and so the company had to drop the price in order to sell. The other likely effect is that Astra-Zeneca is trying to get enough Prilosec brand recognition to avoid getting completely hammered when generic Prilosec OTC comes out.

MB>Note: Fixed "restricted" -> "unrestricted". Error pointed out by Christian Murphy

Do doctors wash their hands enough?

Atul Gawande has an interesting perspective in the latest NEJM. Basically, doctors don't wash hands that well between patients. Doing a proper job takes a minute or so, which can seriously cut into patient care time:

Even with the right soap, however, proper hand washing requires a strict procedure. First, you must remove your watch, rings, and other jewelry (which are notorious for trapping bacteria). Next, you wet your hands in warm tap water. Dispense the soap and lather all surfaces, including the lower one third of the arms, for the full duration recommended by the manufacturer (usually 15 to 30 seconds). Rinse off for 30 full seconds. Dry completely with a clean, disposable towel. Then use the towel to turn the tap off. Repeat after contact with the patient.

Almost no one, of course, adheres to this procedure. It seems impossible. On morning rounds, our surgery residents may visit 20 patients in an hour. The nurses in our intensive care unit typically have a similar number of contacts with patients requiring hand washing in between. Even if you get the whole cleansing process down to a minute per patient, that's still a third of staff time spent just washing hands. Such frequent hand washing can also irritate the skin, which can produce a dermatitis, which itself increases bacterial counts.

Less irritating than soap, alcohol rinses and gels have been in use in Europe for more than a decade but for some reason are only now catching on in the United States. They take far less time to use -- only about 15 seconds or so to rub a gel over the hands and fingers and let it air-dry. Dispensers can be put at the bedside more easily than a sink. And at alcohol concentrations of 50 to 95 percent, they are more effective at killing organisms, too. (Interestingly, pure alcohol is not as effective -- at least some water is required to denature microbial proteins.)

Still, it took Yokoe more than a year to get our staff to accept the 60 percent alcohol gel we have recently adopted. Its introduction was first blocked because of the staff's fears that it would produce noxious building air. (It didn't.) Next came worries that, despite evidence to the contrary, it would be more irritating to the skin. So a product with aloe was brought in. People complained about the smell. So the aloe was taken out. Then some of the staff refused to use the gel after rumors spread that it would reduce fertility. The rumors died only after the infection-control unit circulated evidence that the alcohol is not systemically absorbed and a hospital fertility specialist endorsed the use of the gel.

I can empathize with this. Like a lot of triathletes, for whom getting sick means two weeks of lost training, I'm hypercareful about washing my hands before eating. Even that is a major pain in the ass. I can't imagine what it must be like to have to wash your hands 20 times an hour. That said, the resistance from the hospital staff to the alcohol gels is kind of depressing. The science showing they're better has been out there for a while.

That said, it's not clear what the payoff is:

With the gel finally in wide use, the compliance rates for proper hand hygiene improved substantially: from around 40 percent to 70 percent. But -- and this is the troubling finding -- hospital infection rates did not drop one iota. Indeed, the MRSA and VRE infection rates have continued to rise. As of the day I write this, 63 of our nearly 700 hospital patients have become colonized or infected with MRSA, and another 22 have acquired VRE -- unfortunately, typical numbers for an academic hospital.

So, the obvious question at this point is: would better compliance actually help? Maybe we're at the point where anything short of completely sterile procedure just doesn't make that much difference. Or maybe other kinds of washing, like cleaning surfaces more often, would produce more bang for the buck. I haven't read any studies on the cost/benefit ratio in this region, but it would be good to see some.

A fine line...

I figure the line between brilliant but insane and insane but brilliant is drawn just between Noam Chomsky and Julian Jaynes.

When can I get my home AIDS test?

The FDA just approved a 20 minute HIV test that works from a saliva sample instead of a blood draw [*].

The new test uses the same technology and works as quickly, but with saliva, which is hundreds of times less infectious, and therefore less dangerous to the tester.

It uses a plastic stick with a pad that is rubbed against the gums and put in a vial of reagent solution. Within 20 minutes, if the result is positive, two reddish-purple lines appear on a window on the handle.

The company says the new test can detect H.I.V. antibodies as soon after infection as earlier tests can roughly six weeks, though the time for each person varies.

For now, it can be used only in certified laboratories, but Dr. Lester M. Crawford, the acting commissioner of food and drugs, "strongly urged" the company yesterday to apply for a waiver that would let the test be used in simpler settings, like neighborhood clinics.

With such a waiver, Mr. Gausling said, "anyone with a seventh-grade education can administer the test if they can read instructions."

Dr. Fauci said he thought it was "almost certain" a waiver would be granted.

This kind of test would be ideal for home usage. You can already get home HIV tests, but they're not self-contained. You have to send your sample into a lab for testing. This test sounds like it's completely self-contained, like a home pregnancy test. When can I expect to see it being sold over the counter?

Witty worm...

Colleen Shannon and David Moore at CAIDA have published an analysis of the spread of the Witty worm. Here are some high points (from the front of the report):

• Witty was the first widely propagated Internet worm to carry a destructive payload.
• Witty was started in an organized manner with an order of magnitude more ground-zero hosts than any previous worm.
• Witty represents the shortest known interval between vulnerability disclosure and worm release -- it began to spread the day after the ISS vulnerability was publicized.
• Witty spread through a host population in which every compromised host was doing something proactive to secure their computers and networks.
• Witty spread through a population almost an order of magnitude smaller than that of previous worms, demonstrating the viability of worms as an automated mechanism to rapidly compromise machines on the Internet, even in niches without a software monopoly.

Well, that's sure good news!

The "Pirate" bill...

Leahy and Hatch have proposed the Protecting Intellectual Rights Against Theft and Expropriation Act (PIRATE) (I hate these stupid names.) The intent is to have federal prosecutors file civil lawsuits against P2P file swappers. Check this part out:

"Copyright owners and the entertainment industry in particular have been frustrated that the [Justice Department] hasn't been willing to take this on," von Lohmann [from EFF -- EKR] said.

He said that the legislation is the latest in a string of industry-backed proposals to broaden the government's copyright enforcement power. "Every one of these proposals has been at the behest of the industry, not at the behest of the DOJ."

The Justice Department did not ask for the authority that the legislation provides, said Senate Judiciary Committee spokeswoman Tracy Schmaler.

Justice Department spokesman Charles Miller declined to comment.

If such a bill passed, the Justice Department could be forced to join the fray, von Lohmann predicted. "Once that power is there, the pressure on them to actually use it will become all the more intense. The drumbeat here is that the entertainment industry would really appreciate it if the DOJ would do their dirty work for them."

It's important to remember how all this works. The existence of music and videos with near-zero marginal cost of production creates a large amount of surplus (the difference between what the customers would pay and what the media could be produced for). Before the Internet, the media companies were extracting most of this surplus because they controlled the distribution channel. The Internet shifted the balance of power back.

Now, the record companies want the government to remove the Internet option, thus letting them extract more of the surplus. That's perfectly understandable, but it's not clear why taxpayers should pay a lot of money for tighter P2P enforcement, thus enabling us to pay more money for CDs and DVDs.

More forensics goodness

Check out this article in the New Scientist. Apparently one of the "diagnostic signs" for "shaken baby syndrome" isn't actually supported by any real empirical evidence (see the original British Medical Journal article and the accompanying editorial.) I sure hope people aren't being put in jail based on this kind of evidence alone.

MD5 is too secure already

/. has a note about the MD5CRK project. Somehow I missed this when it first came out a few months ago because otherwise I would have dumped on them then. The goal of the MD5CRK project is:

This project aims to find collisions in outputs of the MD5 hash algorithm using distributed computing (or a "Chinese Lottery", as mentioned in the previous story). The project will be considered successful if major crypto vendors - and developers in general - move away from the MD5 standard. MD5CRK is a unique distributed attack in that it attacks one of the most actively used crypto-related algorithm and will provide loads of data for crypto research. Other related projects only seek to decrypt a string of characters specifically encrypted to be attacked.

To understand why this is silly you'll need some background.

What a hash is?
A hash is a function that turns an arbitrary message into a fixed length string which is characteristic of the input message, as in:

H = Hash(M)

A cryptographic hash two desirable properties.

1. It should be difficult to go from H back to M (though it's easy to compute H given M. This property is called irreversibility
2. It should be difficult to find two messages M and M' that have the same hash value H. Such a pair is called a collision and this property is called collision resistance.

The security of MD5
With a perfect hash algorithm, the best attacks are by brute force. So, if you're given some hash value H the fastest way to find a message M that hashes to H is to generate a bunch of candidate messages and hash them until you find one that matches. This takes about as many trials as the number of possible hashes. For instance, if you have a 128-bit hash function like MD5 it takes an average of 2^127 hash operations to find a messages that hashes to a given value. 2^127 is an enormous number it's impractical to mount this kind of attack on MD5.

Now, here's the important part for the MD5CRK project: finding collisions is easier. On average, if it takes N operations to reverse a hash function, it takes square root of N operations to find a single collision. This fact is often known as the birthday paradox. 2^64 is a big number but it's not totally out of the range of possibility to do a distributed computation this size. It's long been known that MD5 was theoretically vulnerable to this kind of attack and what the MD5CRK project plans to do is demonstrate that it's feasible in practice.

So what if we find a collision in MD5?
So, say we demonstrate that MD5 can be attacked this way, what does it mean?

Hash algorithms are used for a bunch of purposes in cryptographic protocols:

1. Documents are hashed prior to being digitally signed.
2. As a primitive in the construction of symmetric Message Authentication Codes (MACs).
3. As a component in various kinds of pseudorandom number generators and pseudorandom functions.

Let's take a look at how hashes are used in the common SSL protocol.

1. When the client connects to the server, the server provides its certificate. This certificate is signed by a certificate authority. The way that this works is that the Certificate Authority (CA) first hashes the certificate to reduce it to a fixed string and then signs the hash result.
2. The client generates a random key and encrypts it under the server's public key (this doesn't use hashes).
3. Once the client and server share a key, the client and server independently use hashes in a pseudorandom function to expand the shared key into a series of traffic keys used to protect future communication.
4. The client and server use MACs based on hashes to provide authentication and message integrity for their communications.

Now, the security of the key generation doesn't depend at all on collision-resistance, nor does the security of the MACs used to protect traffic.

The MD5CRK guys argue that collisions are a threat to the certificate infrastructure.

The problem of attacking MD5 is no longer a theoretical matter - it is a business proposition. We intend to find a collision and spend very little money doing it. The grand total thus far is $0.

However, if someone were to invest the $100,000USD required to build an MD5 machine they could forge digital signatures, circumvent password systems and tamper with sensitive, protected documents without detection.

To raise awareness we will find at least two strings of printable text that produce an identical MD5 hash. After each MD5 transform, the 128 bit (16 byte) hash is translated into a 32 character string. This 32 letter string becomes the input to the next MD5 transform and so on. To map the 16 byte digest into a 32 letter string we use the 16 most common letters used in the English language as our radix alphabet in the likely chance we get a true English word out of this process.

Unfortunately, it's much more complicated than that. Remember that we're finding collisions, not reversing the hash. So, you can't just construct any certificate you want. The way the attack would work is that you'd have to build two strings, one of which you could convince the CA to sign and one of which was the one you wanted. So, say you know that H("www.rtfm.com")=H("www.amazon.com") the idea would be to get the CA to sign a "www.rtfm.com" cert, and then you'd turn it into a "www.amazon.com" cert by changing the name. And since the hashes match, it would let you impersonate Amazon.

Unfortunately, finding pairs like that is a much harder problem than finding a simple collision. The way that the birthday attack works is that you generate a large number of candidate messages and look for a collision. Since the number of such candidate messages greatly exceeds the number of "interesting" domain names to attack, the probability that any collision you're going to find is going to be useful--in the sense that it lets you impersonate someone you'd want to impersonate--is very low.

Even if you were lucky enough to find such a collision, it wouldn't be very useful. Certificates contain more than just your domain name. And here's the interesting bit: they contain a serial number and a validity period, both of which are chosen by the CA. Whether something is a collision depends on the data that precedes it--you have two messages M and M' with the same hash doesn't mean that H(XM) = H(XM'). So, even if you had a useful collision, it wouldn't get you a useful certificate in someone else's name.

The MD5CRK guys don't really explain the other attacks they think collisions might enable, so I can't evaluate those claims for sur, but in most cases the security of hash-based systems, depends on irreversibility, not collision resistance.

Why should we care?
As you can no doubt tell, I'm having a hard time getting excited about this project. I don't see what the point is. First, MD5 is gradually being replaced, largely because there have been some attacks on MD5 that are more practical than brute force (though the details are still secret). This transition is happening gradually and there's no reason to panic. MD5 is perfectly safe for most of the applications in current use. That said, while I recommend SHA-1 (a stronger hash) for new systems, it's not clear why the MD5CRK guys think it's so important to replace MD5 right away and finding a single collision wouldn't tell us a single thing we don't already know about the security of MD5.

Thanks to Hovav Shacham for discussions about the security of MD5.

Oxycontin

There's a nice piece in today's Slate about the hysteria surrounding OxyContin:

In fact, the entire OxyContin "epidemic" is based on a false narrative that asserts that the majority of OxyContin addicts begin as drug-naive pain patients. The cop the Sentinel profiled was actually a typical Oxy addicta prior drug userbut his real story wasn't what they wanted. If Bloodsworth had been looking for that, she would have noted that government data shows that 90 percent of OxyContin abusers have also taken cocaine, psychedelics, and other prescription painkillers. Readers would have been informed that investigators specializing in prescription drug abuse say the typical OxyContin addict has a lengthy history of multiple-drug abuse.

The paper also would have highlighted that addiction is the exception, not the rule, among people exposed to opiates. Studies consistently show that pain patients taking opiates are no more likely to become addicts than people in the general population (i.e., exposure alone does not cause addiction). That is to say, only between 1 percent and 20 percent of people in the general population experience a period of addiction to some substance, depending primarily on characteristics such as age, stress, family history of addiction, and mental illnesses. (Depression, manic depression, and schizophrenia all dramatically affect one's risk of addiction.) If you rule out prior abusers, the rate settles at the low end, in single digits. (Rush Limbaugh may be one such example, though we still don't know anything about his possible prior drug use.) Even among people who try the most demonized opiate, heroin, for recreation or in a situation of extreme stress, only a minority will become addicted. While nearly half of U.S. soldiers in Vietnam tried heroin while abroad, only 20 percent of users became addicts. And only 12 percent remained junkieseven though 60 percent of those addicted while in Vietnam tried heroin at least one more time back home. Research by the National Institute on Drug Abuse finds that most people simply don't enjoy the opiate "high," let alone want it daily.

Yet reporters don't like this narrative, so they ignore it. This tired, predictable story line leaves reporters with unsympathetic protagonists: Who wants to read about scummy addicts scamming doctors? Grandma's back pain making her into a pharmacy robber is much more compelling; unfortunately, it almost never happens.

It's worth reading to get a sense of the hysteria surrounding OxyContin.

It's also worth mentioning that there's nothing particularly special or addictive about the opioid in OxyContin. OxyContin is just a time-release formulation of oxycodone, the same opioid stuff that's in Percocet or Percodan. There are two things that make OxyContin a good drug for recreational use:

1. OxyContin comes in very high doses. The standard dosage of Percocet contains 5 mg of oxycodone. OxyContin comes in dosages up to 160 mg.
2. It's pure oxycodone. Percocet is oxycodone plus acetaminophen (the stuff that's in tylenol) and Percodan is oxycodone plus acetylsalicylic acid (aspirin).

These two properties make OxyContin an attractive target for abuse. You can grind it up and get a very high dose of oxycodone. Even if you could get this many Percocet, you'd end up taking a large dose of acetaminophen--which can easily cause liver damage in doses this high. Percodan would be a little bit better but high doses of aspirin aren't that great for you either. You can get pure oxycodone, but Percocet and Percodan are more commonly prescribed. So, if you have really serious pain and need high doses of opiates, OxyContin is a pretty attractive choice, especially with the convenient twice-daily dosing. Unfortunately, these properties makes it an attractive choice for diversion and abuse as well.

Aligning your print heads

I recently got tired of having to leave the house whenever I wanted to photocopy something and so last night I invested in an HP 5510 multifunction fax/scanner/printer/copier. The installation includes one cute feature: like most inkjet printers you need to align the print heads. The way you do this on the 5510 is to print out the alignment page and then scan it into the scanner, which presumably figures out what the appropriate offsets are. Pretty clever...

Jack Balkin gets cynical

Here's Jack Balkin on Michael Newdow's pledge of allegiance case:

The Supreme Court heard arguments today in Elk Grove Unified School District v. Newdow, and it is very likely that Newdow will lose. The only question is whether the Court will reach the merits or will dismiss on standing grounds. That's not because the law is clearly against Newdow. Indeed, as William Safire puts it in his column, "The only thing this time-wasting pest Newdow has going for him is that he's right." Rather Newdow will lose because no matter what the existing doctrine says the Supreme Court is not going to hold that government officials' use of the phrase "under God" in the Pledge of Allegiance violates the Establishment Clause. The doctrine will simply be parsed or altered in such a way as to avoid this result.

Newdow's strongest argument is that under the Establishment Clause, government may not itself engage in religious activities or encourage citizens-- and particularly schoolchildren-- to affirm particular religious beliefs. When public school teachers lead their classes in the post 1954 version of the Pledge of Allegiance (which includes the words "under God") it is doing both of these things. Newdow can point to the fact that the Pledge was changed in 1954 due to a lobbying campaign by, among others the Knights of Columbus, to draw attention to the difference between God-fearing Americans and the godless Soviet Union.

And then proceeds to analyze how the Supremes might come to a result that would reject Newdow's case in spite of the fact that he's basically right. Now, no doubt Balkin is right. After all, the Supremes are human just like anyone else and it's very easy to convince yourself that the opinion you want to have is actually in line with the evidence--Though this kind of naked political analysis of the Supreme's motives is almost enough to make me agree with Dan Simon's attitude towards the Supremes.

EG readers won't be surprised to hear that I support Newdow's position. I remember being a middle school student and having everyone stand to say the Pledge and feeling that the "Under God" clause was an endorsement of a religion I didn't believe in. Now, it's true that I could have refused to say the entire pledge--though I don't think I knew this at the time. Certainly the school didn't make a point to tell us about West Virginia State Board of Education et al. v. Barnette et al.. I do remember simply not saying the words "under God" on more than one occasion, and feeling pretty self-conscious about it, though I doubt anyone else noticed. For the sake of that kid and others like him I'd very much like to see Newdow win. However, if we're going to lose I at least hope that the Supremes will reject Newdow's case on standing grounds, leaving us the chance of taking another run at the wall in 5 or 10 years.

A million here, a million there, and soon you're talking about real money

Here's something else interesting about the Procket story:

Procket has been one of the most closely watched start-ups in Silicon Valley, having raised more than $277 million in funding. It is currently working on another round of funding, which will be used to help build out the company's sales force and marketing efforts, said Hayward.

$277 million! Holy crap!

And what with Tony leaving and all, that $277 million isn't looking like that wonderful an investment. Is Allan Greenspan going to have to step in to save the tech economy in some Silicon Valley version of the Long-Term Capital Management bailout?

So much for Procket

News.com is carrying the not-totally-surprising news that Tony Li has left Procket [*].

Li, who helped found the company along with Bill Lynch and Sharad Mehrotra, had reportedly tried to quit several times in the past. According to several sources close to the company, Li did not get along with Randall Kruep, the former CEO of Procket, who resigned from his post in June 2003.

Li is viewed as a guru in the routing software industry, having helped create the software used to build Cisco's flagship GSR 12000 platform and Juniper's original core router, the M40. Li also reportedly quit his jobs at both Cisco and Juniper.

If you're not an industry insider, this last sentence is kind of puzzling. Of course Tony quit. How else do you leave a job besides being fired/laid off? Puzzling, that is, unless you've heard the stories about how Tony left Cisco. Here's one version, as told to me by an informant who wishes to remain nameless:

Tony Li posted to a public Cisco mailing list (I think it was stocks@cisco.com). Someone was asking about brokers or complaining about Smith Barney perhaps (the default Cisco broker for ESPP and Options). Tony posted something along the lines that brokers should or [sic.] offered to give good customers blow jobs.

HR called Tony's boss. Tony's boss Stuart [Stu Phillips] chastised Tony and asked him to publicly apologize. Tony doesn't normally suffer fools gladly, but was so pissed off that he went back to his desk, wrote his letter of resignation, and nailed it to Stuart's door with basically a railroad spike.

The "nail" had been around Tony's office for quite some time, because a customer gave it to him in appreciation for Tony's job at the time (fixing OSPF in IOS) which he described as nailing shut all the doors in the Winchester Mystery House.

In this case, I think "reportedly quit" may be code for "didn't leave under the best circumstances but we'd rather not claim that publically".

I think I've got one of those actuators in a box somewhere...

NASA has discovered that the gears on one of the actuators that drives the rudder were installed reversed [*] This doesn't really surprise me. The space shuttle is really complex and there are bound to be ways to screw up the assembly process that could cause catastrophic failure. Though it's certainly arguable that we might want to design a system that was less complex, that's pretty clearly not going to happen, any more than it has happened with software, which is very susceptible to the same kind of problem.

What's a little scary here is the fix:

Discovery's original actuators are being scrapped, because the course of corrosion is hard to predict, and a small chip falling off could jam a gear. The replacement actuators will be repaired and returned to Discovery.

There had been concern that actuators would not be available for Atlantis, which must be ready for a possible rescue mission when Discovery launches.

However, NASA has found two spare actuators, and has 94 per cent of the parts needed to build two more, Parsons said. He says the remaining parts could come from actuators being removed from the least-flown shuttle, Endeavour. That leaves Parsons "feeling pretty comfortable" about meeting the timetables needed for a return-to-flight launch of Discovery in March 2005.

Let me see if I have this right: NASA is so low on spare parts that they can't fly two shuttles at once without cannibalizing a third? What kind of operation is this? I understand that they can't drive down to Frys for a replacement actuator, but isn't that even more reason to keep all the parts you need on-hand?

The moon's resources

There's an interesting article in the March 12 Science (subscription required) about the resources on the moon. It seems to be pretty unclear how significant the alleged resources are.

Helium. Even more valuable in the long run may be a much rarer legacy of the solar wind, helium-3. Only Earth-bound humans would benefit, however, and even its enthusiasts acknowledge that it's a long shot.

Helium-3 is attractive because it can fuel an advanced fusion reactor. A helium-3 atom combined with a hydrogen-2 (deuterium) atom or with another helium-3 releases a great deal of energy with relatively little radioactive waste. "If we replaced all the electrical power plants in the United States with [helium-3/deuterium] reactors, you'd need only 40 metric tons to produce all the electricity needed in 2004," says Gerald Kulcinski, a physicist at the University of Wisconsin, Madison. Only a few hundred kilograms of helium-3 are accessible on Earth, he says, but the lunar regolith harbors millions of tons of it.

Several factors make mining helium-3 a dicey proposition. For one, most of the solar wind strikes the lunar farside, which faces the sun when the moon's orbit takes it upwind of Earth's magnetic shadow. But ilmenite, the only lunar mineral that traps helium-3 effectively, is more common on the moon's nearside. Wherever it crops up, even helium-3-rich lunar soil won't contain much of the gas. "It'll be a little better than 10 parts per billion by weight," says Timothy Swindle, a geochemist at the University of Arizona in Tucson. "To make a dent in the world's energy needs, you're going to have to mine a large fraction of the surface of the moon." Physicists will also have to create a working helium-3 reactor--no easy task, considering that decades of research have yet to produce a fusion power plant of any sort. And, of course, someone will have to ship all the helium back to Earth.

Doesn't sound incredibly promising...

Statistical quality control and you

As I mentioned below, when you make computer chips that differ only in clock speed, you often do so by by making a bunch of chips and then measuring the maximum speed attainable by each one. Of course, the distribution of chip speeds is then determined by the yield of the manufacturing process, and there's no guarantee that it matches the customer demand curve for chips of different speeds. You can adjust the manufacturing process somewhat, but mostly this amounts to making the quality control more or less tight. Often what happens is that the manufacturer finds themselves in a situation where they're making more fast chips than they can sell at the going price. One thing they could do is lower the price, but (depending on the exact shape of the demand curve) this might or might lead to them making more money. (Imagine that the demand curve for fast chips is very steeply downward sloping). Another option is to just label their fast chips as slow chips and sell them as-is.

This means that if you're a smart consumer and you get one of these downrated chips you can just up the clock speed (called overclocking) and you're good to go. Of course, you're taking a chance that you actually got a legitimately lower quality chip that matches it's labelling in which case it won't work, but that's what you get when you do your own quality control.

Manufacturing with less-than-ideal parts

In the modern era of computer-numerically-controlled (CNC) equipment, most people take for granted that we can produce parts with arbitrary degrees of precision. But in the 19th century the watch industry wasn't quite there yet. Up until 1850 or so, good watches were made in a two part process: the rough movement would be made in a mass production process but then the parts would be finished by hand and tuned for high precision. The finishing process is highly skilled so from the manufacturer's perspective it's very desirable to eliminate it. But what do you do if you're best manufacturing processes aren't precise enough? Here's Landes again:

There were, of course, some areas where human skill was indispensible. The fitting of balance wheel to hairspring, for example, required a fine hand, and in Europe the one was painstakingly adjusted to the other to ensure isochronous swings. The Americans had neither the time nor the skills. Instead, they made large numbers of balances and springs as close to standard as possible; then carefully sorted them by weight and force. It only remained to pair them by choosing from the right boxes or jars. The same technique was applied to the selection of jewels and pivots: instead of drilling jewels and then making pivots to fit, the Americans turned out an array of both, measured diameters to a ten thousandth or even twenty-thousandth of an inch, sorted the pieces accordingly, and matched them as needed. No need, then, for fine tuning: just choose a target and let statistical distribution take care of the rest.

Modern machining equipment is extraordinarily good and so for most applications we are able to build parts to specification and have them be completely interchangeable, especially as electronics replaces mechanisms for any kind of fine work. However, this kind of statistical quality control still exists in the semiconductor industry. Unlike machining, tuning the chemical processes used to make chips is still somewhat of a black art and there's a fair amount of variation in how good the finished products are. No problem: sell chips in a bunch of different clock speeds. Then make a bunch of identical chips and test them to see what the highest clock speed they'll operate at is. Label and sell accordingly.

A target rich environment

In the aftermath of the Madrid bombing, Olympia Snowe and Mike Castle have written a letter to Tom Ridge complaining about security in our rail infrastructure:

In the letter to Secretary Ridge, Snowe and Castle outlined the overall discrepancies between the various types of transportation security. They noted that in the Fiscal Year 2004 Homeland Security Appropriations Conference Report, the Office of Maritime and Land Security within the Department of Homeland Security (DHS), which has oversight of cargo and passenger rail security, was funded at $263 million with no funding allocated to Amtrak or commuter rail services to assist with their passenger security efforts. Other transportation avenues have faired better. Of that $263 million, close to half was earmarked for port security grants, $22 million went to highway trucking security, and $10 million for intercity bus security. The Transportation Security Administration (TSA), by comparison, received significantly more funding - $3.7 billion for airport security. Last November $50 million from the Urban Area Security Initiative (UASI) was released to Metropolitan Rail Transit Authorities. Snowe and Castle wrote that this "... was a solid first step but clearly not enough to help our inter city and commuter rail trains enhance their security efforts."

...

"The 10 bombs which exploded during yesterday's morning rush hour in three commuter train stations in Madrid, Spain killing 190 people and wounding thousands, just as easily could have happened here in the United States. My thoughts and prayers go out to the victims' families. This terrorist attack should be a wake up call for rail security in this country and abroad. For too long, the federal government has made air and port security top priorities while funding for rail security has lagged far behind. Our national homeland security strategy is only as strong as our weakest link," Castle said.

I totally agree that security is only as strong as the weakest link, which is why the obsession with rail security is so misplaced. Airplanes make good targets because they offer a lot of leverage--a small bomb can kill everyone on a plane, maybe hundreds of people. There are very few terrorism opportunities that offer this kind of leverage. By contrast, the Madrid bombings were a factor of 10 less effective, killing an average of about 20 people per bomb.

The reason that train stations make good terrorism targets isn't that they're transportation related but that there are a lot of people packed close together. But they're not unique in that: a a crowded mall or sporting event makes just as good a target (see, for instance Thomas Harris's Black Sunday.) So, why don't we see Senators writing letters about how we're not spending enough money on mall security? Aren't people in malls just as important as people on trains. [0]

It should be clear after a little thought that there are way too many soft targets on the level of malls and train stations to make it worthwhile trying to secure them. We need an anti-terrorism strategy that doesn't depend on securing every potential target. Otherwise, the terrorists will just attack whatever we're not defending.

[0] I should mention that it appears to be pretty easy to derail a train. Couldn't you mount an explosive charge on the rails somewhere out in the middle of nowhere and kill a bunch of people that way? I don't see any realistic way to defend against that attack--and there are lots of other attacks just this good. However, as far as I know this isn't what the Madrid bombers did.

Just like BMWs?

This SJ Mercury article on Intel's great chip renaming compares them to BMW model numbers:

Think of the Pentium as the BMW of computer chips.

Intel executives may hope you do now that they're naming their microprocessors after the Ultimate Driving Machine. Consumer-unfriendly clunkers like the Pentium 4 processor with HT Technology Extreme Edition 3.40 GHz will be traded in for the much sleeker 300, 500 or 700 series.

After years of driving the personal-computer market by promoting the ever-increasing speed of its microprocessors, the Santa Clara chip giant said Friday that new chips will bear names that denote features rather than ``clock speed.''

Much like teenage boys boasting about the horsepower of their hot rods, Intel engineers staked bragging rights on how much gigahertz their microprocessors packed.

But speed doesn't always equal performance and Intel executives said they also want to promote their chips' other abilities, such as prolonging laptop battery life or enabling wireless Internet access.

And so future incarnations of Intel's entry-level Celeron microprocessor will be dubbed the 300 series. The more powerful and pricey top-of-the-line Pentium chips will be designated the 700 series.

There are two things strange about this. First, while the BMW 3, 5, and 7 series differ in price, primarily they differ in terms of size: the 3 series is a compact sports sedan, the 5 series an intermediate size, and the 7 series a luxury car. In other words, there are tradeoffs other than price. While the 7 series drives about as well as you could expect a big car to drive, if you want something that drives real well, you buy a 3 or a 5 series.

The second unusual thing is that BMW's model numbers do indicate something very equivalent to clock speed: the size of the engine. The last two digits of the model number indicate the size of the engine in liters. E.g. the 540i is a 4.0 liter engine. Like clock speed, engine size is related to not directly predictive of performance. Should we expect the Pentium 520 to be 2.0 GHz?

Smuggler's insurance

More from Landes:

Watches were too easy to hide and watch duties simply too hard to enforce. Smuggling had become an organized, institutionalized trade. Maybe prohibition might have helped, with body searches of passers-by and house searches without warning, but these were not a feasible recourse in Britain. In the mean time, anyone who wanted to smuggle without risk merely had to pay 10 per cent of the value of the contraband as insurance. This was slightly higher than the premiums charged for shipments across the Jura into France, but was well under the British duty of 50 per cent.

Smuggler's insurance, eh? Ah, the genius of capitalism.

Those dastardly Swiss and their cheap imports

The phenomenon of domestic products being displaced by cheaper imports isn't new. In the 1980s it was Japan and now it's China, but in the 19th century it was Switzerland. Here's David Landes from A Revolution In Time:

In spite of legal prohibitions, moreover, the British imported those machines, tools and files that had laid the material foundations of British large-scale watch manufacture in the first half of the eighteenth century. Stop the diffusion of these instruments of production? As well try to stop the tides. All a good Swiss maker needed was one example of a British machine and he could make his own with some improvements thrown in. As for files, they were thinner than pencils and could be concealed as easily as the contraband watches going in the other direction.

Such watches, the British makers affirmed, were substantially inferior to the genuine British product. Perhaps so; although British makers were not above turning out their own rubbish. In any event, the leading London makers declared, Swiss pieces were 'so much cheaper than any that can be made in this country, as to preclude all competition.' All that was left of a once fluorishing export trade was bits and pieces in protected territory: English speaking areas such as the United States and imperial possessions such as India. Yet language and habit could not long hold back the flood: the American market was going fast. One watch merchant explained the rout by what would one day become the standard refrain of the hard-pressed British manufacturer: the customer was wrong. The Americans, he noted, 'have always been fond of cheap articles... any thing of a decent watch there, is very little called for'.

Sound familiar?

One + One

Citizens! Yesterday was the one year anniversary Educated Guesswork. I'd like to thank all of the people who read the blog and especially those who have taken the time to comment, whether you agree with me or not. I'd also like to thank everyone who's linked to me or told your friends about the blog. After all, what's the point of a blog if nobody reads it?

Our five year plan is proceeding well. I expect to clear 4000 visits for the first time this month, so we're making good progress in our quest for world domination. If we are to succeed we need to redouble our efforts: if you know of someone you think would enjoy the blog, it's your patriotic duty to give them the URL today. We shall not rest until every man, woman and child in the world gets their opinions from EG.

Enough with the comments spam

I've just installed Jay Allen's MT-Blacklist anti-spam plugin for MovableType. Maybe this will help cut down on the comment and trackback spam I've been getting. Certainly was easy to install and seems to do it's thing seamlessly. It's a little slow to despam the entire site, though...

If you're a legitimate commenter who gets stuffed by it, please let me know and I'll see what I can do to fix the problem.

DoS attacks on OpenSSL

The OpenSSL team has released some patches for OpenSSL [*]. Basically, if you're running an SSL server a client can remotely connect to you and potentially cause your server to crash. How much should you worry about this? It's phrased as a DoS attack, but really it's just a specific set of inputs that might cause the OpenSSL server process to crash.

How much should you worry about this? My initial answer would be: not much. First, software crashes. It's a fact of life. Any real program probably has hundreds of conditions that would cause it to fail. If you're writing a server, you need to write it in such a way that it's robust against this kind of problem. For instance, you might have a watcher process whose job it is to notice when the server has crashed and start a new version.

Second, there are even easier "denial of service" attacks on most SSL servers. The conventional way to write a UNIX server program is to fork() off a new process for each client. If a client initiates a connection to the server and then just holds it open it can tie up the server process for long periods of time. The timeouts used to close out stalled server processes are generally on the order of minutes. So, effectively bringing down a single server process is comparatively easy. It's not clear that crashing that server process is any worse.

There's a temptation in the security community to label any crash a vulnerability, and there's a sense in which it is. Certainly, crashes aren't good and the kind of memory errors which cause crashes very often are symptoms of something more exploitable. However, as vulnerabilities go, a simple crash in a server process like this is typically not that serious.

Great, child-impersonating chat programs

The New Scientist is reporting on this chat program designed to impersonate children and catch pedophiles. This whole catching Internet pedophiles thing has gotten very big. Just out of curiousity, does anyone have any data on just how many children actually get picked up on the Internet and molested? Is this a serious problem or just the same sort of paranoia that gave us the McMartin trials.

Should we compensate the wrongly imprisoned?

There's a discussion going on at Crooked Timber about the British Government's proposal to charge the innocently imprisoned (and now freed) for room and board, apparently as a charge against whatever compensation is due them for being wrongly imprisoned. Most of the commenters seem to take it for granted that the government should pay some compensation and the only issue is whether charging them for room and board is fair.

The problem is that this form of compensation creates some real perverse incentives. While it's true that punishing the state for wrongly convicting people incentivizes the state not to pursue people who's guilt is in doubt, the same people involved in the original conviction also have a lot of control over whether people are subsequently declared innocent and released. If by doing so they incur a substantial penalty--even on behalf of the state--this creates an incentive for them to fight releasing such victims tooth and nail. So, while compensating people for being wrongly imprisoned might be good for the people who actually are cleared, it may be very bad news for people who are not released because the prosecutors fight harder against it.

Bite me

Check out this article in the New Scientist about a study on the accuracy of bite-mark matching, which, like fingerprints, have received very little scientific study.

Unusually Clear
But critics are still far from convinced. The study says little if anything about real-life scenarios, they argue, because the skin marks the researchers used were much clearer than those in real-life cases. "Bite marks don't lend themselves well to a bench study," says Richard Souviron, a forensic odontologist at the Miami-Dade Medical Examiner's office.

Even with these unusually clear bite marks, some subjects in the study were falsely identified while others were falsely excluded.

Gould and Cardoza presented their research to the American Academy of Forensic Sciences conference in Dallas, Texas, in February. They made marks using casts of 10 different sets of teeth in either clay or human skin (Gould's arm).

They photographed the marks and gave them to 22 experts along with "overlays" of the casts - images of the pattern a set of teeth make when they bite onto a flat surface. Forensic odontologists generally place such images over a wound to decide whether the two match.

The experts in the study were asked to match the overlays with images of the clay or skin marks, using a sliding scale of certainty. Gould and Cardoza told the conference that the experts correctly matched 98 per cent of the clay marks and 84 per cent of those on skin. On the face of it, this is a good result, but the pair admit these figures exaggerate the success rate, because in some cases they included some only labelled as "possible" matches.

False Match
What's more, in some cases the experts excluded the correct cast, saying they were certain it could not have made the mark. And there were examples where they assigned the wrong cast to a mark, a false match which in a real case could have led to a miscarriage of justice. Gould and Cardoza would not tell New Scientist how many of these errors there were.

I'm not that worried about the sensitivity of the test. After all, a technique that only catches 84% of the suspects is still pretty useful. On the other hand, the false positive rate is pretty important and the fact that Gould and Cardoza won't disclose it is not encouraging, seeing as it's a standard measure of error rate.

There's a bigger issue here than just bite marks, though. If we're going to be using scientific evidence to prosecute criminals, we need to have confidence on the reliability of the testing procedures. And yet, it seems that we have no good data for the reliability of bite marks or fingerprints and police persist in using line-up techniques which are known to have high false positive rates. This isn't good.

Keep that ham sandwich away from me

On the first night of our weekend down the the coast, I came down with a particularly nasty case of food poisoning/stomach flu/extreme gastrointestinal distress and spent much of the evening bending over a toilet bowl expelling the previous day or so worth of food in the direction in which it had originally arrived.

Among those contents was one black forest ham sandwich, with provolone, on parmesan bread. I ate the aforementioned sandwich, purchased at a Togos in Santa Cruz, for lunch on my way down to Big Sur. Now, I'm not saying that said sandwich was responsible for my GI distress. I suppose it's possible, but I have no real opinion one way or the other. However, my body absolutely has an opinion and it blames Togos--or at least ham sandwiches. It's so sure, in fact, that last night I saw an Arby's commercial about how they slice their own deli meat and the sight of sliced ham--or whatever mystery meat it was--instantly filled me with nausea. In fact, just writing these words is making me feel rather sick.

This is actually a rather well known phenomenon in Classical Conditioning: animals develop food aversions in response to poisoning very readily. In fact, unlike other forms of conditioning, which generally take multiple trials to learn, food aversions can often develop in a single trial, even when the time period between the food and the experience of nausea is very long (hours in my case). The originally discovery of this effect was by Garcia and Koelling in 1966. (See here for Kassin's description of the experiment).

The most interesting feature of this kind of learning is how selective it is. Why didn't I develop an aversion to Big Sur, Togos, or road trips? Garcia's work shows that animals learn associations between sickness and food much more easily than sickness and other stimuli. The evolutionary advantages of this are obvious: if you've gotten sick, it's quite likely to be something you ate and that you can avoid in the future.

Of course, it's not always adaptive, since I rather like ham sandwiches and now I can't eat them. Or, as Kassin notes:

It is important to note that people acquire taste aversions, too--often with important practical implications. Consider, for example, an unfortunate side effect of chemotherapy treatments for cancer. These drugs tend to cause nausea and vomiting. As a result, patients often become conditioned to react with disgust and a loss of appetite to foods they had eaten hours before the treatment (Bovbjerg et al., 1992). Thankfully, the principles of classical conditioning offer a solution to this problem. When cancer patients are fed a distinctive maple-flavored ice cream before each treatment, they acquire a taste aversion to that ice cream--which becomes a "scapegoat" and protects the other foods in the patient's diet (Bernstein & Borson, 1986). Still, many cancer patients who had undergone chemotherapy and survived report that they continue to feel nauseous, and sometimes vomit, in response to the sights, smells, and tastes that remind them of treatment--as much as twenty years later (Cameron et al., 2001).

It turns out to be quite hard to extinguish this kind of food aversion too. Still, twenty years! Seeing as I only vomited for a day or so, hopefully I'll be able to eat ham within a couple of years.

iPod and iTrip annoyances

Over the weekend, Lisa and I borrowed Terence's iTrip for our trip to Big Sur. Some notes..

• In California it's pretty hard to find a really blank radio station for the iTrip to broadcast on. You have to change stations pretty frequently, which leads to...
• The iTrip tuning mechanism looks cool: each potential radio station has a tune associated with it, which you play to tell the iTrip to broadcast on that station. Unfortunately, whenever you want to change stations you need to stop whatever you're playing, which isn't exactly convenient.
• The iPod UI isn't designed to let you play one song at a time. You have to wait till the station has changed and press pause in the middle of the "song". [*]. Not very convenient.

Actually, the entire iPod UI isn't that obvious. Over the weekend I discovered that Lisa had never figured out the iPod's volume controls and had had to ask someone how to turn it off (hold the play button). Clearly, the iPod is a fantastic piece of technology--small, nice DAC, good management UI--but I think the Apple designers may have gone a bit overboard on the UI simplicity thing.

Hotels and your laundry

If you stay in hotels much you've no doubt noticed the now-universal signs exhorting you to save the environment by reusing your towels. (e.g. [*]. Whenever I see this sort of sign, I wonder how much water is actually being saved. Let's say that your typical hotel guest uses three towels while he's there, one bath towel, one hand towel, and one washcloth. Based on my home washing machine, you can probably accomodate about 4 such guests in a single load. Let's assume that the hotel has switched to front-loaders (and if they haven't, there's an enormous unrealized environmental savings), which consume about 20-25 gallons/load [*], for an average of 6 gallons per guest.

Here are some points for comparison:

• average Bay Area residential user uses 95 gallons per day.
• I pay .5c/gallon of water, so an extra $.03/day would cover the entire cost of my water.
• The average low flow shower head consumes 2-2.5 gallons per minute.

Ask yourself whether you'd be willing to pay an extra quarter a day to have clean towels in your hotel. Heck, I pay that to have the USA Today (which I basically never read) delivered to my room, just because I'm too lazy to remember to tell them not to drop it off. I'm not saying that reuse of towels in hotels is a bad thing. Sure, there's some environmental benefit. But as far as I can tell it's pretty modest on the grand scale of things. I find it a bit puzzling that it's become so universal.

Gone fishing

I'll be down in Big Sur and Monterey for the weekend. I'll be staying in the Big Sur Lodge tonight and seeing as they don't have TVs there (let along Internet connections) I wouldn't expect to see any blogging for a while.

Contour Crafting

Check out this page about automatic building construction using "Contour Crafting". They even have a video showing the process. I've seen this general idea used on a small scale but the idea of using it to make real-world buildings is incredibly cool. I want one of these houses. (originally seen on /..

Calories Burned==Suffering?

I'm up in Redmond to give a talk at Microsoft and I caught this Nautilus commercial on TV pitching their new machine the TreadClimber. The claimed proposition for the TreadClimber is that it lets you burn more calories than other machines [*], as shown in the chart below:

Here's a quote from their marketing literature:

The TreadClimber® fitness machine is more effective than any other exercise when it comes to burning calories. Even a 20-minute walk on TreadClimber effectively burns more calories than other workouts or machines. With TreadClimber, you work out smarter, not harder ... getting faster results with less effort.

TreadClimber Burns 157% More Calories Than Treadmills! In a recent university test, research showed that it takes twice as long to burn the same amount of calories on a treadmill than on a TreadClimber - at identical speeds.

Why? Because TreadClimber's ultra-effective dual-movement works more of your large muscle groups at once to really fuel calorie burning.

This kind of misses the point. It's silly to compare equivalent speeds on the TreadClimber and treadmill as if that was somehow comparable. If you want to burn more calories on a treadmill, just increase the incline. What's important here isn't how fast you're going but how much suffering you have to endure for each calorie you burn. I don't see any reason to believe that the TreadClimber is any better on that front. In my experience once you get used to an exercise the amount of suffering per calorie burned is fairly constant. And of course, how distasteful any given exercise is probably varies from person to person. That factor is likely to be much more relevant than how fast you're walking.

Dealing with zombies

Comcast is cutting off service to customers who are (probably unwittingly) serving as spam zombies. That ought to provide people a bit of incentive to keep their machines secure--or at least to clean off any zombie code. [*]. This should be interesting.

Phishing and SSL

Paul Hoffman pointed me to this article about the interaction of SSL and phishing. Phishing is a form of social engineering attack where the attacker convinces the victim that he's looking at one web site (typically that of a vendor) when he's actually looking at the attacker's web site.

The background here is kind of interesting. Web sites have addresses like "http://www.rtfm.com/index.html" which means "go to machine 'www.rtfm.com' and ask for the file 'index.html'". The "www.rtfm.com" part is called a "domain name" or a "host name". However, TCP/IP doesn't work in terms of names but rather IP addresses, which are simple numbers. The Domain Name System is used to map names to IP addresses in a process called "name resolution" (see more here for how this works). Once you have the IP address you can actually send data to the web server.

Now, if I ask you to go to the "the RTFM web site", there is a 3-stage process required for you to get there:

1. Map from "the RTFM web site" to the domain name "www.rtfm.com"
2. Map from the domain name "www.rtfm.com" to the IP address "198.144.193.125"
3. Actually connect to "198.144.193.215"

It's possible to attack the system at any of these stages. You attack stage 1 by interfering with the manual process of going from the text description to the domain name. You attack stage 2 by forging DNS information (the process is called DNS spoofing). You attack stage 3 by intercepting the connection to the web server and substituting your own data. These are both modestly sophisticated technical attacks but it's well known how to mount both of them and tools such as dsniff are readily available.

What SSL Does
Classic network security has focused on securing stages 2 and 3 and that's what SSL does. The way that SSL works is that a server is issued a credential (called a certificate) that demonstrates that it has the right to a certain domain name. Then, when the client connects to the server, the server can cryptographically prove that it's entitled to the certificate (and hence the domain name). Because this operation is cryptographically secure, if the attacker somehow convinces you to talk to them (whether by DNS spoofing or connection interception), it won't be able to complete the correct cryptographic handshake and therefore you'll know that you're dealing with an attacker instead of the real site.

This process actually works pretty well. The primary weak link is that bit about the "issued a credential". In order for that to wo