July 31, 2004

Price list for attacks

The Independent has a pretty good article about for-sale zombie networks

Sending a million e-mails to an enemy costs up to £50. A programme to hijack users' internet browsers to display a pornography site will set you back around £200. And between £8,000 and £12,000 will buy a full-blown assault on a website.

This week two new computer viruses emerged which proved that their writers no longer do it for idle recreation. Instead, they aim to set up "zombie networks" of thousands of virus-infected PCs, to offer as tools for criminals to exploit and attack the wider internet.

On Monday the MyDoom.O virus spread so rapidly that it took over thousands of machines around the world, with the side-effect of paralysing the search engine Google because the virus used it to search for more machines to infect.


The most valuable use now for such "zombie" systems is to launch "distributed denial of service" (DDOS) attacks on websites which have to offer online services, particularly betting and financial organisations. The DDOS uses the zombie machines to make the internet equivalent of a phone call - and then hang up immediately. With thousands of machines each doing this hundreds of times per second, the site is overwhelmed by fake requests.

Simon Noble, chief executive of the Antigua-based website BetWWTS.com, said his site experienced an attack last September - followed, about 20 minutes later, by an anonymous e-mail pointing out that the site was under attack due to "a problem with your network". It suggested the company paid $40,000 (£22,000) to stop the problem. Mr Noble would not say whether he paid up - but said that in general, "everybody who has been attacked has paid". Other sites, including the British gambling site Bluesquare, insist that despite multiple attacks they have never given in.


Posted by ekr at 09:37 AM | Comments (17) | TrackBack

Revealed preference for outsourcing

OK, so a lot of people claim not to like offshoring, but do they dislike it enough to pay to talk to an American? AP reports that Delta is considering charging customers extra to speak to an American rather than someone in their Indian call center.

Posted by ekr at 09:17 AM | Comments (24) | TrackBack

July 29, 2004

Fun with zoning

From the AP

July 28, 2004 (PACE, Fla.) 2014 Scott Teston is fighting his neighbors whole hog.

He put 17 pigs in his Florida Panhandle yard after neighbors objected to a zoning change request. Teston wanted the property rezoned from agriculture to business.

Now, neighbors are raising a stink about the pig pen next door. But county officials say there's nothing they can do about the animals because the suburb of Pace is zoned agricultural.

Teston is being a little pig-headed about his rezoning request. He says if it's rejected again, he'll put 500 hogs on his property.

I wonder what my zoning lets me put on my property.

Posted by ekr at 08:21 AM | Comments (45) | TrackBack

July 28, 2004

Dick on Cramer on Google's IPO

Jim Cramer is pretty unhappy with the Google IPO. Kevin Dick is pretty unhappy with Cramer's comments and sent me the following:

Jim Cramer, founder of TheStreet.com has some strange rantings about the Google IPO. He seems to think Google has botched it, but it's hard to work out his reasoning. Let's try and reverse engineer his thinking. Here's his parting shot:

What a fiasco! What a blown opportunity. What a shot-in-the-foot moronic way to go about ruining what could have been a definite shot in the arm for this horrid market.

I'm sorry, but this seems to confuse who the beneficiary of the IPO is supposed to be. Who cares about "The Market"? The pre-IPO shareholders and the post-IPO shareholders are the parties to this transaction. The pre-IPO shareholders achieve liquidity and see that the company gets additional cash with which to increase the value of the stock that they decide to hold. The post-IPO shareholders buy something they want, just like the buyer of any good.

Great. We have an economic transaction. In this case, there is a fixed supply of shares that Google can produce in the short run. The only metric for evaluating such a transaction of which I'm aware is whether the actual price is the market clearing price. Moreover, we have extremely straightforward indicators of whether Google accurately sets this price. If the offering is undersubscribed, we know they set the price too high. If there's a big "pop", we know they set the price too low. Now we can examine Cramer's specific criticisms and see if they are founded upon a firm economic foundation:

(1) "First, you buck the system, which had finally gotten a lot of the kinks out of it, and make sure that the thing's done Dutch ."

I guess this means he thinks Dutch auctions are inferior to traditional-investment bank-driven transaction. For this to be true, you have to believe the price set by a Dutch auction is farther away from the market clearing price than the alternative. Given that investment banks are famous (infamous) for setting a price that generates a big "pop", I find this hypothesis hard to believe. Certainly, Cramer doesn't provide any reasoning as to why this will be the case. Moreover, it's an empirical question that we'll get to answer on IPO day.

(2) "Second, you set the price at a level that is the most forbidding to the most people: north of $100."

I'm not aware of any evidence that a high absolute price in the range of $20 to $200 has any affect on trading volume. Obviously, there's no real economic difference in a transaction that doubles the number of shares and halves the price. Each dollar buys you the same fraction of ownership. Now, you could argue that there are structural reasons that prevent an efficient market for high-priced shares. Maybe in the case of Berkshire Hathaway (to which Cramer compares Google's price, by the way), where the price is north of $85,000, you could make this argument. However, given that average trade size on the NASDAQ yesterday was over $8000 (computed from http://www.nasdaqtrader.com/asp/Dly_Mkt_Summary.asp), I can't see how just over $50 versus just over $100 is going to have any structural effect. Again, we'll see on IPO day whether the market clears.

(3) "Third, you talk about shareholder democracy but then you do the single most anti-democratic thing possible: issue two classes of stock."

How is this not democratic? There are some shareholders that want to have a piece of ownership but no opinions about how to run the company. There are other shareholders that want to have opinions. How is giving people more choices of what to buy not democratic? From all the different varieties of laundry detergent and cola drinks, I'd say this is the American way. In any case, democracy is not the real metric. Non-voting shares a simply a different kind of good from voting shares. Whether Google miscalculated the relative demand for these two kind of goods is another empirical question. If Google wants to sell non-voting shares, people want to buy non-voting shares, and the market for them clears, there's no problem here from an economic standpoint.

Cramer offers two other reasons, holding the IPO during the summer and snubbing the traditional investment institutions, that don't even dignify analysis. The basic problem seems to be that Cramer has missed the forest for the trees. I guess he's been a part of the institutional Wall Street culture for so long, that he believes it has value in and of itself rather than as a vehicle for implementing efficient financial markets. Perhaps he should audit an introductory economics course. One of the standard texts is by Hal Varian--who helped Google set up its advertising auctions, BTW.

My take: I wasn't impressed by Cramer's argument either.

Posted by ekr at 12:30 PM | Comments (6) | TrackBack

Attacks on Barracuda spam firewall

Apparently a number of people have been having problems with their Barracuda Networks spam filters stalling. The reason as revealed today on NANOG:

On July 27th a new stream of spam was introduced into the wild. This
spam contained certain formatting
aspects that were intentionally designed to cause Spam Assassin's
Bayesian implementation to run at
extremely slow speeds. Due to the way Spam Assassin handled the email,
it was taking several minutes to
process these messages and the Barracuda's internal processes would
detect the potential problem and start
queuing mail to prevent any mail loss. Unfortunately this precaution
had the byproduct of further
increasing the message latency on the system.

Barracuda Networks' team of engineers created a patch for this Spam
Assassin attack. The patch was
released in version 1.6.733 of the spam definitions. If you were
affected by the new spam, please make
sure you are running this version or higher of the spam definitions
(Advanced->Energize Updates in the web
GUI). Also, if you had previously contacted tech support and were
advised to disable Intention Analysis
(Basic->Bayesian/Fingerprinting) as a way to attempt to reduce
latency, you should be able to turn this
feature back on without any issues.

It's a little hard to tell from this bare description, but it sounds like this may be an example of the algorithm complexity attack described by Crosby and Wallach. The idea there was to take advantage of what one knew about the internal implementation of some program to make it run in worst-case time rather than average case time, for instance by feeding a bunch of entries with the same hash value into a hash table, thus turning it effectively into a linked list. I know that some of the SpamAssassin guys read EG, so if you want to chime in with the details and what you did to fix it, I'd be happy to post them.

In any case, it's worth noting something interesting here: if the mail server is correctly designed, this attack won't cause spam to get through--at least not directly--but it will cause increased latency and maybe message loss. So, the purpose of this attack to punish people who run this particular spam filter, thus incentivizing them not to run it. And of course, if you turn off your spam filtering, you get more spam...

Posted by ekr at 09:38 AM | Comments (9) | TrackBack

July 27, 2004

Oh, great, the counterworm idea

In the wake of our current little MyDoom problem, Paul Boutin has an article in Slate arguing that we should create a counterworm to patch the systems that are vulnerable to MyDoom:

The only way to stop MyDoom might be to out-hack the hackers. In the past, "white hat" programmers have launched viruses that expose security holes without causing destruction in an attempt to make computer users more security-conscious. Last year, one programmer took the next step. As the Blaster worm circled the globe, the do-gooder released a worm called Nachi that infiltrated the same security hole as Blaster. But Nachi wasn't a Blaster variant, it was a Blaster antidote: It erased copies of Blaster it found on PCs it invaded, then downloaded and installed a Windows update from Microsoft to secure the computer against further Blaster (and Nachi) attacks. Ingenious! There was only one problem: Nachi overloaded networks with traffic, just like Blaster had.

So far, no one's created an effective antidote to MyDoom, which has done far more damage and shows no sign of stopping. While someone tried to repurpose Nachi for the job in February, that's the wrong approach. What we need is a final MyDoom variantlet's call it MyDoom.Omegathat breaches the exact same security holes as versions A through O, yet spreads itself slowly and carefully to prevent traffic jams. It could even launch warnings on the user's screen for a few days ("Hey dummy! Click here to protect yourself!") before going ahead and patching the hole itself.

This idea gets bounced around in the security community pretty frequently, but saner heads usually prevail. To start with, it's quite risky. Even if you can manage to write a virus which patches systems without damaging them--a fairly fall order given that it's fairly common for legitimate patches to cause problems when they're installed on people's machines--small mistakes can result in a virus that spreads aggressively, which causes problems, which is exactly what happened with Nachi. Indeed, the original Morris worm had the same problem. Given that, it's hard to see anyone publicly accepting the liability for writing such a piece of software.

To make matters worse, it's not a stable strategy, because the virus/worm authors have an easy countermeasure. All they have to do is write a worm that patches the hole it used to gain entrance to the machine, thus making the machine immune to being patched by the counterworm. It's easy to write a worm that quickly infects a large fraction of the machines, thus preempting any counterworm patching activity. Worse yet, you could make one that detected when the patches were installed and then reversed them. And that's just off the top of my head...

Of course, you could release your counterworm shortly after the vulnerability was announced, before any worm had been released, but not all vulnerabilities get turned into worms, and given the danger that your worm will do damage, that seems like quite a large risk to take. And of course, once your worm is released, the bad guys can use it as the basis for their own worms that do damage infected systems.

Posted by ekr at 06:15 PM | Comments (5) | TrackBack

RealAudio and the iPod

There's been a fair amount of press about Real's technology to add support for the iPod. Check out Paul Hoffman's take about why this isn't so thrilling.

Posted by ekr at 05:23 PM | Comments (2) | TrackBack

Why don't we have better cold drugs?

I've got a cold. Now, as everyone knows, there's no cure for the common cold (though there's some data suggesting1 that zinc nasal spray helps--and some2 that it doesn't--but which I'm still firing up my nose at full speed) so you pretty much just have to suffer through it, getting whatever symptomatic help you can from drugs. Which brings up the question: why do all the drugs we have for treating colds suck so much? Using a carefully titrated combination of Sudafed, Afrin and my ordinary anti-allergy corticosteroid nasal spray, I can pretty much keep my nasal passages clear enough to breathe through, but nothing stops the running and sniffling. As far as I can tell, nearly everyone else is in the same boat--they can get some symptom suppression but not complete relief.

So, obviously there's an unexploited market here. But there doesn't seem to have been a major new OTC anti-cold drug on the market in like 20 years, with the exception of the aforementioned zinc stuff. (I'm not counting rebrandings of existing drugs). Why? Is this a really hard problem to solve? Do the drug manufacturers figure that whatever they come up with wouldn't be that much better? Any clues?

1 Mossad SB., Effect of zincum gluconicum nasal gel on the duration and symptom severity of the common cold in otherwise healthy adults., J Fam Pract. 2003 May;52(5):352-3.

2 Belongia EA, Berg R, Liu K., A randomized trial of zinc nasal spray for the treatment of upper respiratory illness in adults, Am J Med. 2001 Aug;111(2):103-8.

Posted by ekr at 09:11 AM | Comments (38) | TrackBack

July 26, 2004

Security at the DNC

Cryptome has extensive information from James Atkinson about the weak security measures at the Democratic National Convention:

The HVAC systems are still insecure, the access hatches still are not locked down, and the area is easily accessible by anyone who cares to open and play with them. No security, nothing to keep someone from sabotaging the units, and contaminating the units with a nerve agent, of biotoxin like anthrax, etc.

Zero access covers on the streets and sidewalks have been secured, zero sewer grates have been welded or secured, and I could not find even one manhole cover that had been secured. No security, major liability.

While there has been juggling of the jersey barriers over the past few days in the area, the problem has just gotten worse as many jersey barriers have been clustered together, but have not been anchored, or interconnect. Also, quite a number of the new placements are not solidly on the ground, and could be easily twisted out of the way by 3-4 college students. A number of gaping holes has also been created around the Tip O'Neil building that are wide enough to drive a really large truck through (if someone wanted to park a semi truck or Ryder truck in the steps of the Federal building). Also, no visible security other that a small number of really poor quality video cameras and speed domes. No visible FRP weenies outside the Federal building, nor the surrounding area.... Walmart has better security at one of their stores, then this convention has.

The "Free Speech Zone" is a joke, and it nothing more than a way to intimidate protesters and to keep them locked up and out of site in what is best referred to as "an Ashcoft Monkey Cage". The "zone" is poorly designed, poorly built, and serves no legitimate purpose from a security perspective. The fence posts are not anchored into the Jersey Barriers, and the fence fabric is so poorly attached to the poles that it can be easily torn off. Also, the fence posts can be very simply broken free of the fence fabric due to the small number of poorly installed soft aluminum staples/wires. This would give the protester a very heavy steel pole that can be used as a lethal weapon, a battering ram, and to cause a huge amount of damage. If protesters are not allowed to protest they tend to become violent, and go on a riot, with the Fleet Center being the likely focal point of any riot.

The page has a whole bunch of pictures of the security measures, Free Speech Zone, etc. There is also a list of the radio frequencies being used for DNC security. An anonymous source confirms that these frequencies are correct.

Link credit: Perry Metzger. You can find Perry's post here.

Posted by ekr at 08:52 PM | Comments (2) | TrackBack

The burka gap

Some friends and I went to Shalimar (an excellent Indian/Pakistani restaurant in Fremont, highly recommended) last night. On display was a particularly extreme example of a common type: a woman in a full burka and a cleanshaven man in American casual clothes. Does this strike anyone else as unusual?

Obviously, given the context and what we know about the kind of cultures where women wear burkas, it's tempting to see this as an example of male domination: men want their wives to dress traditionally and modestly but they want to wear whatever's comfortable. I've seen women in traditional Indian costumes (saris) with men in western attire, and (at least as I understand it) the sari is fairly comfortable and there's certainly Western clothing that's as modest as the sari. Anyone got a better explanation for why it so often seems to be the women wearing traditional clothing?

Posted by ekr at 08:30 PM | Comments (43) | TrackBack

$12 billion!?!?!

You'll be glad to know that we're getting warmed up to give a 12 billion transfer payment to tobacco farmers in order to compensate them for the removal of quotas which have been propping up prices for the past 50 years or so. The big question seems to be whether the money will come from a tax on cigarettes--which is to say smokers, who, it's important to remember, have been the ones being hosed by artificially high prices all along--or straight out of your and my pockets. Outstanding!

Posted by ekr at 07:52 AM | Comments (49) | TrackBack

More TdF Theory

Alex Tabarrok posts an analysis (by Stephen Tuel) of the stage 18 incident in which Armstrong rode with Simeoni to the breakaway already in progress, forcing Simeoni to abandon the breakaway:

The 18th stage was an excellent example of game theory at work. Lance Armstrong and the peloton were a few minutes back of a breakaway group of 6 riders (none of whom were a threat to the top of the overall standings since all were over 1 hour behind). Reading the various news reports and between the lines it appears that Armstrong's team, US Postal, was doing all the work at the front of the peloton and the team of the closest competitors, T-Mobile, were loafing. (The crucial strategic variable in bicycling appears to be the effect of wind resistance, especially on the flat and on downhills--whoever is at the front has to work harder, and whoever is following can choose to conserve energy or share the effort.)

Armstrong and another rider (also over 1 hour behind in the overall standings) left the peloton, caught up with the group of 6, and helped them build a bigger lead. Once the lead started stretching, the T-Mobile team moved back to the front of the peloton and started taking their turns at the lead to help catch the breakaway group. Armstrong and his collaborator then relaxed, let the group of 6 go on (one eventually won the stage) and rejoined the peloton. By moving up with the breakaway group, Armstrong changed the payoffs which were letting the T-Mobile team slack off. Presumably, the continuing threat kept them working their share through the rest of the race.

I don't think this analysis is entirely correct--or at least complete. Actually, the story is rather more interesting. As Tuel says there was a group of 6 in a breakaway, none of whom was a real threat. Then Simeoni--also not a real theat--attempted to bridge the gap and Armstrong went with him. Why? It seems that Simeoni has testified in the doping trial of Armstrong's current team doctor, Michele Ferrari--against Ferrari. Armstrong called Simeoni a "liar" and now Simeoni is suing Armstrong. So, what appears to be going on here is that Armstrong was punishing Simeoni by making sure he couldn't participate in the breakaway and therefore didn't have a chance to win the stage.

That's not, of course, to say that there isn't strategic thinking going on here. In the short term, you can can only make a good breakaway when you're either much stronger (these guys weren't) and the peleton isn't interested in trying to catch you. Once Armstrong joined the breakaway, the peleton had no choice to chase and so the lead group was motivated to push Simeoni out. In the long term--and of course this is an iterated game--it incentivizes people not to accuse others of doping. (You'll have to decide for yourself whether that keeps down real accusations--as Simeoni wou ld suggest--or false accusations--which Armstrong claims have been made about him.)

Now, it is true that sometimes it is necessary for one team to incentivize the others to do some work, but that mostly applies when they're trying to chase down a breakaway, not when they're just at cruise pace. At modest speeds, USPS actually seems to like to control the front of the peleton in order to make sure there aren't breakaways and to keep Armstrong safe. Remember that USPS had no real incentive to catch the breakaway. If they wanted T-Mobile to do more work, they could have just pulled back from the front of the pack, which I've seen them do in chase situations where they didn't really care.

Posted by ekr at 07:31 AM | Comments (2) | TrackBack

July 25, 2004

EMF: Another health "hazard" that won't die

According to an article by Alison Leigh Cowan in the NYT, the Jewish Community Center of Greater Haven and Connecticut Light and Power are coming into conflict over power lines.

WOODBRIDGE, Conn., July 21 - The Jewish Community Center of Greater New Haven, looking to expand, came to this town in 1990, when a local utility offered to sell a 53-acre patch of green, teeming with pheasants. As gratified as the center's backers were to find a vast piece of undeveloped property close to New Haven for only $1.5 million, there was one obvious catch: the string of 115-kilovolt overhead power lines that slice through the property.

At the time, officials from the center believed that any risk from the overhead wires was minimal, according to Scott Cohen, its assistant director. So they accepted a deal that gave the utility the right to maintain the lines and install new ones as needed, and moved in.

The center and the utility quietly coexisted, until last year, when the center's management learned about plans to add 345-kilovolt lines to the property as part of a proposed 69-mile upgrade in southwest Connecticut.

Of all the blights that afflict suburbia - unsightly cellphone towers, clogged roads and subdivisions subdividing again - nothing has the power to turn lives upside down quite like power. People lose their homes and have their property taken by means of eminent domain. Pretty towns look less pretty. And in the center's case, new power lines may drive it out of business.

At the center, children have the run of the place, especially in the summer when campers make full use of the woods and trails. Camping programs, after-school enrichment classes and year-round day care for those as young as 3 months draw 1,350 participants.

The electric industry insists the new lines will be safe, but many of the children's parents are disturbed by studies that suggest an association between the electromagnetic fields found around high-voltage transmission lines and childhood cancers like leukemia.


A spokeswoman for United Illuminating, Marcia Wellman, said the utilities on the project know of "no causal connection between the transmission lines and ill health effects."

Note how Cowan avoids taking sides. She just presents the fact that the parents are worried about the safety of the lines and the utility's denial as if they were somehow equally valid. No doubt she thinks that this is being evenhanded but it's really not. The fact of the matter is that the initial research suggesting a link between electromagnetic fields (EMF) and cancer was fairly weak and much more extensive and thorough studies have failed to find any good evidence of an effect1. Now it's true that these studies don't rule out the possibility of danger (it's nearly impossible to prove a negative) but considering how much research has been done and with such weak results, if there were something to fear you would have expected to find better results than we have. Indeed in 1997, the NEJM argued that we should stop wasting our time on this line of research. Is it really too much to ask for reporters to present an accurate picture of the issue, rather than credulously behaving as if both sides of the issue were equally valid? Here's a more accurate rewrite of the offending paragraph:

Many of the children's parents expressed that the electromagnetic fields found around high-voltage transmission lines could cause childhood cancers like leukemia. Although some early studies suggested such an association, extensive research has failed to confirm any link and in 1996 the National Research Council concluded that "the current body of evidence does not show that exposure to these fields presents a human-health hazard. Specifically, no conclusive and consistent evidence shows that exposures to residential electric and magnetic fields produce cancer, adverse neurobehavioral effects, or reproductive and developmental effects."

Now, was that so hard?

1 See the Quackwatch entry on power lines and cancer.

Posted by ekr at 06:53 PM | Comments (38) | TrackBack


Posted by ekr at 03:19 PM | Comments (6) | TrackBack

July 24, 2004

Revealed preference of the Republican party

ABC news reports that Ralph Nader was only able to collect 5,400 of the 30,000 signatures required to get on the Michigan ballot. Conveniently, the Michigan Republican Party provided 43,000 signatures of their own. Obviously they think that Nader's presence in the race will help Bush. As if there was ever any doubt...

Posted by ekr at 08:29 PM | Comments (22) | TrackBack

Liability for FDA-approved products

According to the Times the Bush Administration is arguing that consumers shouldn't be able to sue when they claim to be injured by FDA-approved products. Naturally plaintiffs are upset:

Kimberley K. Witczakof Minneapolis said her husband, Timothy, 37, committed suicide last year after taking the antidepressant drug Zoloft for five weeks. "I do not believe in frivolous lawsuits," Ms. Witczak said, "but it's ridiculous that the government is filing legal briefs on the side of drug companies when it's supposed to be protecting the public. My husband would be alive today if he had received adequate warnings about the risk of self-harm." Ms. Witczak sued Pfizer, the maker of Zoloft, in May. The government has not intervened in her case.

Thomas W. Woodward of North Wales, Pa., whose 17-year-old daughter committed suicide last year after taking Zoloft for a week, said, "I've been sickened to see the government taking the side of pharmaceutical companies in court." Mr. Woodward has not filed a suit.

This is actually a rather tricky issue. All drugs have side effects and any testing regime will only uncover some of them. Indeed, we still don't really know if SSRIs cause suicide. Given that the FDA has set the regulatory bar in a specific place and the company has complied in good faith, it doesn't seem reasonable to retroactively range the bar. In particular, uncertainty about the eventual height of the bar under litigation is likely to produce inefficient decisions by drug manufacturers about how much testing to do and which drugs to bring to market. Note that I'm not arguing for any particular set of testing requirements, merely that the requirements shouldn't be subject to retroactive change via litigation.

That said, the FDA's approval process relies almost entirely on data submitted by the drug manufacturer, which of course gives them an opportunity to cheat. Accordingly, if a manufacturer is found not to have complied in good faith with the FDA's requirements, concealed material facts, etc. then they shouldn't be able to use the fact of FDA approval as a shield for liability.

Posted by ekr at 07:04 PM | Comments (41) | TrackBack

July 23, 2004

Copying art

There's an interesting article in the Times about the use of high resolution scanning and computer numerically controlled milling machines to copy various sculptures. Neat trick, really.

I've been wondering for a couple of years whether you could apply this kind of technique to copying other kinds of art. Photocopies of paintings don't look right, even when they're taken at very high resolution: paintings are three dimensional so any copy doesn't look correct. Also, paint is often translucent and so the interaction between the different layers can't be captured with something like a photograph. But if you took a high resolution 3-D scan, e.g. with laser spectroscopy, and could figure out what paint was at each layer, you might be able to lay down similar layers using some kind of modified ink jet printer, thus producing a cheap, high-quality copy of the original. Do any EG readers know of any projects along these lines--or of someone who wants to fund one?

Posted by ekr at 10:14 PM | Comments (18) | TrackBack

Do you really need to floss your teeth?

Lately Listerine has been running some ads claiming that Listerine has been shown to be as effective as flossing. There have been two studies by Bauroth et al.1 and Sharma et al.2, showing that rinsing with Listerine for 30 seconds twice a day is "as good as" flossing at controlling plaque and preventing gingivitis. In fact, it's potentially better. Here are the 6 month improvements from
Bauroth et al.1:

VariableBrushing + FlossingBrushing + Listerine
IP Plaque Index3.4%19.0%
WM Plaque Index3.2%19.6%
IP Modified Gingival Index4.3%11.1%
WM Modified Gingival Index3.9%11.5%

(IP = Interproximal, WM = Whole Mouth)

As you can see, the rinsing results are actually better than the flossing results. Indeed, the IP plaque index results are significantly better (P < .001).

Based on these results, it appears that if you have to choose between flossing and rinsing, you should go for rinsing. Flossing probably takes a minute or two out of your day, as does rinsing, and I, at least, find rinsing to be more enjoyable. The question then becomes, should you both floss and rinse? There's definitely some evidence3 that flossing + rinsing is better than flossing alone. Strangely, however, there don't seem to have been any comparisons between flossing and flossing + rinsing. It would be interesting to see one.

1 Bauroth K., Charles CH, Mankodi SM, Simmons K, Zhao Q, Kumar LD, The efficacy of an essential oil antiseptic mouthrinse vs. dental floss in controlling interproximal gingivitis: a comparative study., J. Am Dent Assoc. 2003 Mar;134(3):359-65.

2 Sharma NC, Charles CH, Qaqish JG, Galustians HJ, Zhao Q, Kumar LD., Comparative effectiveness of an essential oil mouthrinse and dental floss in controlling interproximal gingivitis and plaque., Am J Dent. 2002 Dec;15(6):351-5.

3 Sharma N, Charles CH, Lynch MC, Qaqish J, McGuire JA, Galustians JG, Kumar LD., Adjunctive benefit of an essential oil-containing mouthrinse in reducing plaque and gingivitis in patients who brush and floss regularly: a six-month study., J Am Dent Assoc. 2004 Apr;135(4):496-504.

Posted by ekr at 10:04 AM | Comments (55) | TrackBack

July 22, 2004

Ubiquitous e-mail monitoring

Tyler Cowen points to this article which says that nearly half of companies monitor their employee's email. The ostensible purpose is to prevent leakage of confidential information. As I noted previously, it's trivial to circumvent this kind of monitoring. I wonder how often they actually catch people doing anything more interesting than downloading pornography.
Posted by ekr at 09:16 PM | Comments (45) | TrackBack

July 21, 2004

The power of Lance Armstrong

Lance Armstrong won today's Individual Time Trial up L'Alpe d'Huez in 39'41". L'Alpe d'Huez is 15.5 km long and an average 7.9% grade. Lance weighs 75 kg. Plugging these numbers into Analytic Cycling's Forces on Rider estimator, we get a stunning 431 watts.
Posted by ekr at 09:06 PM | Comments (34) | TrackBack

A big powerful man

Paul Sherwen: "He's a big, powerful man, Jan Ullrich"

Jan Ullrich is 6'1" and weighs 161.

Posted by ekr at 09:22 AM | Comments (2) | TrackBack

July 20, 2004

What you're getting for your money

As we saw yesterday, the price of marijuana has been mostly flat over the past twenty years. Below are the price levels for heroin, cocaine, and methamphetamine

Source: Office of National Drug Control Policy [*].

Compare this to the DEA's budget in millions of dollars in the period 1972 to 2003, shown below:

Source: DEA. Conversion factors from Robert Sahr, OSU.

Remind me again, is the objective of the DEA to make drugs more or less available?

Posted by ekr at 08:15 AM | Comments (36) | TrackBack

July 19, 2004

Good news for marijuana consumers

The graph below shows the price of marijuana for the period 1981-2000. (Click on the image to get a bigger version.)

Source: Office of National Drug Control Policy [*].

As you can see, the price in 2000 was basically the same as in 1981. If potency has really increased substantially, then the cost per gram of THC has gone down quite a bit. that's good news for the marijuana consumer--and for the Frito-Lay company.

Posted by ekr at 10:23 PM | Comments (1) | TrackBack

Markets in everything: amusement park lines

I like amusement parks but I hate waiting in lines. I've long wondered why amusement parks don't offer a premium service to let customers cut the line. Now, it looks like it's happening. Parks are offering reservations so that you know when to come back. In some places, you can also buy a front of the line ticket.
While the Disney system is free, Six Flags parks charge a fee for getting to the front.

Six Flags, with 28 theme and water parks nationwide, sells front of the line tickets at most of its parks. Five parks rent an electronic device that works like a pager.

The costs vary at each park. At Six Flags Over Texas and Six Flags Over Georgia it costs $10 to rent the device and another $10 for each person using it.

Guests insert the palm-sized device at a sign near the ride and reserve their time to come back and get on a roller coaster with little or no wait. The device, called a Q-Bot, vibrates and beeps when it's time to ride.

The system was developed by an English company, Lo-Q, and is used at Six Flags parks in New Jersey, Texas, Massachusetts, Missouri and Georgia.

Leah Moss, director of Lo-Q's U.S. operation near Atlanta, said more people would visit amusement parks if they knew they could avoid waits.

"We're looking at people who work really long hours and don't have much leisure time," she said. "People have more money than time these days."

Not everyone thinks it's fair for some guests to buy their way to the front.

Sean Flaharty, a roller coaster enthusiast from Columbus, said the system can produce longer lines. Some parks reserve coaster seats for people who have front of the line passes, and those seats sometimes go unfilled.

"I can see why people get angry because that makes the line actually go slower," said Flaharty.

It will be interesting to see how the public takes to people paying to get ahead of them in line. They tolerate frequent flyers cutting ahead of them, but I think that's partially out of a sense that they earned it by flying all the time. If they were just paying for the privilege, it might be appreciated less.

Posted by ekr at 09:35 PM | Comments (4) | TrackBack

More potent pot is good

Chris Rangel does a pretty good job of debunking the ONDCP's scare stories about pot here.
According to the University of Mississippi's Marijuana Potency Project, average levels of THC, the active ingredient in marijuana, rose steadily from 3.5 percent in 1988 to more than 7 percent in 2003.

Yea . . . and???? It's funny how pot opponents use this fact as if it is an "a priori" statement of the evilness of modern marijuana. Not only is this claim of the increase in potency of pot a subject of hot debate (and likely based on poor science) but it also makes it clear that those who believe this type of rhetoric have neither used marijuana nor understand the difference between "strength" and "potency". A drug of higher potency is one that takes less of a dose to get the same response than other less potent drugs. Scientifically, "strength" essentially means the same as "dose" or the actual amount of drug taken.

What this means for you pot smokers out there is that you can get high on less marijuana if it is of the higher potency type. Unlike alcohol use where people can and usually do get much more intoxicated on higher potency liquor then on the same about of beer, pot smokers usually use only enough marijuana to "get high" and then only enough to maintain that high for as long as they want and there is data that higher potency pot leads to fewer number of joints smoked. In other words, getting high is usually a self-limiting activity. Unlike alcohol where people often become so inebriated that they can risk death from alcohol poisoning, pot smokers rarely overdose. Higher potency pot simply means that they don't need to buy as much weed in order to get high and this means that the consumer gets more for their money. In a capitalist economy this is usually considered a good thing.

Totally right, but there's another important point here. The one way in which pretty much everyone agrees marijuana is probably bad for you is that inhaling smoke into your lungs is bad. So, the higher the concentration of THC , the less you have to smoke, and the better it is for your lungs. Maybe what we need is a federal project to increase the potency of marijuana.

Posted by ekr at 11:27 AM | Comments (3) | TrackBack

July 18, 2004

Drugs or Satan

I recently reread Chuck Klosterman's Fargo Rock City, which has the following nice riff on what's shocking in rock:
What's even more facinating was [Marilyn] Manson's personal reinvention for his 1998 album Mechanical Animals. The look and sound were both conscious rip-offs of glam-era Bowie, but his new scare tactic was a little more original: The main set piece on his tour was a huge electric sign that screamed DRUGS and the record's best song was titled "I Don't Like the Drugs (But the Drugs Like Me)." During his live performance of the tune "The Speed of Pain," his set was dusted with a blizzard of fake snow that clearly represented cocaine.

The significance of this new gimmick is substantial: Manson slowly realized that American society had grown to fear drugs more than the devil. We have so demonized narcotics that they now seem worse than actual demons. In the eyes of a lot of stupid parents and confused teachers, the concept of a kid experimenting with marijuana is more terrifying than a kid who is intrigued by worshiping the devil!

Generally a pretty funny book with some astute--and some stupid--observations.

Posted by ekr at 10:12 AM | Comments (1) | TrackBack

July 17, 2004

The overarching Tour narrative

Seen on Wednesday's tour.

We constantly talk about two men, Jan Ullrich and Lance Armstrong. Let's have a look at about a little bit more of these two greats of the cycling world.

Cut to stock footage of old-time pairs of cycling rivals climbing

Great rivalries have always defined sport two competitors at the peak of their athletic abilities matching one another, marking one another, and ultimately trying to defeat one another.

Cut to stock footage of Lance kicking Jan's ass repeatedly.

Jan Ullrich and Lance Armstrong are rivals, there's no question about that. And the theatre in which this duel has had its greatest performances, the Tour de France.

Cut to Lance receiving the trophy a the Champs Elysees.

And while again this year the two covet cycling's most prestigious title, their paths to greatness could not have been more different.

Armstrong, a brash American thrust into a Eurocentric world.

Cut to young Lance winning some small race and celebrating in what the Euros no doubt think is an overenthusiastic American fashion.

And Ullrich, bred in the old East German system to ride and to win, period.

Cut to a frowning Ullrich covered with EEG leads and being prodded by team doctors.

Cut to an emotionless Ullrich standing in line for steroids with the rest of the East German sports clones.

Blah blah blah... They've raced a lot and Lance has always tooled Ullrich at the Tour. Blah blah blah. Will he do it again this year?

Posted by ekr at 09:12 AM | Comments (36) | TrackBack

July 16, 2004

Getting some insight into pro cycling performance

If you watched today's Tour, you got to see a beautiful demonstration of climbing. Analytic Cycling is useful for exploring these parameters. For comparison, the record for the local benchmark climb, Old La Honda (3.4 miles, 1290 feet) is about 15 minutes, set by Eric Heiden. That's 13.6 mph and an estimated 372 watts. Eric Heiden was a good pro, but not in Lance Armstrong's league. Unbelievable.
Posted by ekr at 10:49 PM | Comments (2) | TrackBack

July 15, 2004

Where are the Abu Ghraib videos?

Brad DeLong is posting about Sy Hersh's speech about an allegedly very damaging videotape of various goings on at Abu Ghraib: (originally from Ed Cone
Seymour Hersh says the US government has videotapes of boys being sodomized at Abu Ghraib prison in Iraq.

"The worst is the soundtrack of the boys shrieking," the reporter told an ACLU convention last week. Hersh says there was "a massive amount of criminal wrongdoing that was covered up at the highest command out there, and higher."

(I transcribed some of his speech from this streaming site. Hersh starts at about 1:07:50.)

So, here's my question: why isn't that videotape on Kazaa and being downloaded by you, me, and everybody else? I suppose it's possible that Hersh is lying, but, for instance, this Washington Post article describes similar videos, as did Rumsfeld in his congressional testimony. I haven't heard of these being made available either. Does anyone else find it a little surprising that this stuff hasn't leaked? Or has it and I'm just out of the loop?

Posted by ekr at 10:28 PM | Comments (5) | TrackBack

Better living through science

I'm currently watching live coverage of the Tour de France featuring the view from motorcycles and helicopters, combined in real time with live commentary and beamed into my home. Quite a step up from my old copy of A Sunday in Hell.
Posted by ekr at 06:54 AM | Comments (44) | TrackBack

A pilot's view on airport security

This morning Interesting People has the following message from a "senior pilot for a major American airline":

In consideration of the change in flight crew procedural response, armed pilots, air marshalls, and especially the reinforced flight deck door, there is no reason to screen passengers for anything other than explosives, and we do not have the effective means to do that. Screening for nail clippers, scissors, and any other portable implements including guns is meaningless.

The avenues available to effect assault upon an aircraft are numerous. The taking of an aircraft for use as a piloted missile is practically impossible. The methods remaining to accomplish that are few and the TSA is not dealing with it. Statisical probability of doing so is almost the requisite 10 to the minus ninth.

The TSA is neither compromising safety nor protecting it. They are just wasting our time and money.

Now, I'm not saying that pilots are necessarily experts on security--though of course they do have a lot of opportunity to observe the process--but then the security experts think it's stupid too.

Posted by ekr at 06:23 AM | Comments (3) | TrackBack

July 14, 2004

Sandel on stem cells

Michael Sandel has a good article in this week's NEJM. Sandel provides a particularly well-written version of the arguments the "embryos are people" arguments against embryonic stem cells:

Third, defenders of in vitro fertilization point out that embryo loss in assisted reproduction is less frequent than in natural pregnancy, in which more than half of all fertilized eggs either fail to implant or are otherwise lost. This fact highlights a further difficulty with the view that equates embryos and persons. If natural procreation entails the loss of some embryos for every successful birth, perhaps we should worry less about the loss of embryos that occurs in in vitro fertilization and stem-cell research. Those who view embryos as persons might reply that high infant mortality would not justify infanticide. But the way we respond to the natural loss of embryos suggests that we do not regard this event as the moral or religious equivalent of the death of infants. Even those religious traditions that are the most solicitous of nascent human life do not mandate the same burial rituals and mourning rites for the loss of an embryo as for the death of a child. Moreover, if the embryo loss that accompanies natural procreation were the moral equivalent of infant death, then pregnancy would have to be regarded as a public health crisis of epidemic proportions; alleviating natural embryo loss would be a more urgent moral cause than abortion, in vitro fertilization, and stem-cell research combined.

Even critics of stem-cell research hesitate to embrace the full implications of the embryo objection. President George W. Bush has prohibited federal funding for research on embryonic stem-cell lines derived after August 9, 2001, but has not sought to ban such research, nor has he called on scientists to desist from it. And as the stem-cell debate heats up in Congress, even outspoken opponents of embryo research have not mounted a national campaign to ban in vitro fertilization or to prohibit fertility clinics from creating and discarding excess embryos. This does not mean that their positions are unprincipled only that their positions cannot rest on the principle that embryos are inviolable.

Quite so.

Posted by ekr at 09:17 PM | Comments (49) | TrackBack

Provable security

All of the major cryptographic sytems we use are considered secure on the rather dubious basis of what Kaufman, Perlman, and Speciner call the "Fundamental Tenet of Cryptography": If lots of smart people have failed to solve a problem, then it probably won't be solved (soon).. Now, public key systems (RSA, DH, etc.) are generally based on one or more mathematical problems which are believed to be hard. So, for instance, RSA is based on the problem of factoring numbers which are the product of two large primes. [0]

Now, in order to use a system like RSA, you need to be confident of two things:

  1. That the underlying problem is difficult.
  2. That there's no way to attack the cryptosystem that's much easier than solving the underlying problem.

It turns out that point (2) is critical. It's pretty easy to (hopefully accidentally) design a system which can be attacked without solving the problem on which it's based. In fact, the way that RSA is typically used can be partially broken in a way [1] which, while not easy, is vastly easier than factoring the modulus, and everyone had to change their SSL implementation to compensate for this attack.

In the past 10 years or so, one of the major projects of cryptography has been to put our algorithms on a stronger footing. While we still pretty much rely on the Fundamental Tenet for point (1), the aim is to design algorithms for which point (2) is known to be true. The project is to design a mathematical model of the capabilities of the attacker and then demonstrate that any successful attack on the system would imply that you could solve the underlying problem. [2] This is called a "provably secure" system and we say that the system comes with a proof of security.

As of 2004, we're in a slightly funny situation. You basically cannot propose a new cryptographic algorithm without also proving it. However, all of the major algorithms in common (RSA, DH, DSA, ...) were designed before this became a requirement and in general the way that they're used isn't provably secure. The problem here is that you can't just use the algorithms as-is. You need a bunch of glue to connect them up to your actual system and back in the old days that glue was fairly ad hoc and so you can't prove the entire system to be secure. There are provably secure variants of at least RSA and DH, but they're not in wide use. There's been a lot of pressure from the cryptographers to replace the current algorithms with provable ones, but it's been met with very little interest from systems designers and implementors.

Last week, respected cryptographers Neal Koblitz and Alfred Menezes posted a paper that has challenged a lot of the received wisdom about provably secure algorithms. They provide a nice summary of the history of provable security and the work on a variety of popular systems and then go on to criticize a lot of the current work.

There's a lot of technical detail and you should read entire paper if you want details, but the gist of K&M's argument can be summarized in three major points:

  1. We shouldn't have too much confidence in the proofs. The proofs of security that appear in papers are often very complicated and difficult to follow, and there's reason to believe that they generally get very little review. In one famous case, a "proof" of the security of an RSA variant was accepted for seven years--and indeed, standards were predicated on it--before a flaw was found. This doesn't inspire confidence in the validity of proofs in general and has produced some skepticism about proofs of security among communications security types.
  2. Even if you trust the proofs, it's not clear how much security having a provable algorithm buys you. Even if not provable, the algorithms we have now have seen a lot of review and the best known attacks are not very good. The flip side of this is that the proof models don't necessarily capture some important kinds of attack, such as side-channel attacks, so modest implementation errors can totally compromise the security of algorithms even if they're provably secure.
  3. There are a variety of different sets of assumptions you can use to prove stuff. Until very recently, the standard set involved something called the Random Oracle model (RO). Lately, there has been some work showing that systems which were secure under RO can be attacked and in response there's been a lot of activity building systems which are provably secure even without RO (which generally makes them less efficient). K&M argue that the aforementioned attacks are unrealistic and contrived and that RO is plenty good for the real world, and that by extension the attempt to design RO-free algorithms doesn't add a lot of value.

Unsurprisingly, this paper is creating a lot of controversy in the cryptographic community. This year's CRYPTO conference should be interesting.

[0] Well, technically, RSA is no harder than factoring the product of two large primes. As Boneh and Venkatesan showed in 1998, breaking RSA is actually easier than factoring (see footnote 2). See also here.
[1] Bleichenbacher's "million message attack."
[2] Technically, what you do is show a "reduction": if you had a machine which would let you attack the system, you could use it to solve the specific instance of the underlying problem on which the victim's keys were based. For instance, in the case of RSA you'd be able to show that breaking an actual use of RSA reduces to being able to solve the RSA problem: given N, e, and x, find a value y such that y^e = x. Breaking RSA is not equivalent to factoring.

Thanks to Hovav Shacham for helping me with a number of the finer technical points. All errors are of course mine.

Posted by ekr at 01:35 PM | Comments (56) | TrackBack

July 13, 2004

The sweet taste of ethylene glycol

Today's Slate has an article about antifreeze poisoning. They correctly identify the active ingredient as ethylene glycol. Technically, ethylene glycol is nontoxic, but its metabolites are toxic. (See here for a complete writeup.) Interestingly, ethylene glycol is metabolized by alcohol dehydrogenase, the same enzyme that metabolizes ethyl alcohol (the kind you drink). The way you treat ethylene glycol poisoning, then, is to block the alcohol dehydrogenase and thus prevent ethylene glycol metabolism and the production of the toxic byproducts. According to the above source, the standard is a drug called Antizol. The traditional treatment, however, is to give the patient ethyl alcohol, which does the same thing and gets the patient drunk in the process.
Posted by ekr at 10:50 PM | Comments (12) | TrackBack

July 12, 2004

Stealing technology

It's fairly well known that the Soviet Union atomic bomb project benefitted from extensive intelligence on the American bomb project. Here's Russian astrophysicist Roald Sagdeev, quoted in Richard Rhodes's Dark Sun:
Kurchatov [the head of the Soviet project] used American materials for the dual purpose of double-checking the scientific results obtained by members of his team, and for evaluating the probability that the stolen secrets might contain purposely planted disinformation. Inside the Russian nuclear establishment legends were told of how his ubordinates--the theoretical physicists--would report to Kurchatove with freshly calculated formulas. According to their accounts, Kurchatov would look carefully at their work, then silently open the safe with the precious stolen American secrets to compare the results. "No, that is not right," he would say. "You have to work more and come again."

At this point, of course, it's fairly straightforward do design a bomb from information in the open literature, but back in the 1940s things were a little different.

Posted by ekr at 07:23 AM | Comments (2) | TrackBack

DMCA and vendor lock-in

LawGeek reports that StorageTek has used the DMCA to stop a third-party vendor from fixing StorageTek's tape systems:
How is this a DMCA violation? Well, it turns out that StorageTek allegedly uses some kind of algorithmic "key" to control access to its "Maintenance Code", the module that allows the service tech to debug the storage system. The court found that third party service techs who used the key without StorageTek's permission "circumvented" to gain access to the copyrighted code in violation of the DMCA, even though they had the explicit permission of the purchasers to fix their machines.

What does this ruling mean? If it stands up on appeal, it means StorageTek has a monopoly on service for all of its machines. No independent vendor will be able to compete with them for service contracts because no independent vendor will be authorized to "access" the maintenance code necessary to debug the machine.

This kind of use of DMCA has been rumored for a while now, but I think this may be the first time it's actually been endorsed by a court. The problem, of course, is that mostly tech-illiterate legislators wrote an incredibly overbroad law without any real thought to the ways it could be used. It's just going to get worse, too. As more and more stuff becomes pure software or software-controlled, it will be increasingly easy to mount DMCA claims to control the way people use thing you've already sold them.

UPDATE: Adam Roach points out that there was a similar ruling in Lexmark v. Static Devices in early 2003.

Posted by ekr at 06:37 AM | Comments (47) | TrackBack

July 11, 2004

The Napster of the book business?

Today's NYT has an article about the effect of Internet-based used book sales on the publishing business. Predictable, there's a lot of whining about how low-cost book sales are hurting the sale of new books:
Lorraine Shanley, a principal at Market Partners International, a publishing consultant, said that the industry was just starting to appreciate the dimensions of the problem.

"Used books are to consumer books as Napster was to the music industry," she said. "The question becomes, 'How does the book industry address its used-book problem?' There aren't any easy answers, especially as no one is breaking any laws here."

The last sentence is the important one: however much the publishing industry might wish it to be otherwise, there's absolutely nothing illegal about reselling used books. As far as I know, there's not even a credible argument that it's ethically wrong. In particular, there's one very important distinction between used book sales and Napster: used books aren't a sharing process. When you sell a used book, you don't have it to read any more. Perhaps Ms. Shanley thinks that anything that cuts into the publishing industry's profits is by definition bad, even if it's good for consumers.

Moreover, as the article admits, there's no firm evidence that used book sales depress the sale of new books:

Greg Greeley, Amazon's vice president for media products for North America and Japan, strenuously disagreed with the notion that online sales of used books harmed the publishing industry. And Kathryn Blough, the vice president for the Association of American Publishers, said that she "wouldn't jump to the conclusion that used books are eating away at the new-book market."

Ms. Blough said used-book sales were growing, particularly online, and new-book sales had been "a little flat." The publishers association reported earlier this year that 2003 sales for mass-market paperbacks and for hardcover and paperback books were virtually unchanged from 2002, when they reached roughly $3.5 billion. But Ms. Blough said the new-book market could be weak for several reasons, including a slow economy and a sharp increase in other media vying for the book reader's attention.

It's not even clear that we would expect a depressive effect. It's true that if used books suddenly appeared on the market, we'd expect them to depress the price of new books some--though it's not clear how much since they're not perfect substitutes. However, it's important to remember where used books come from: they are sold by the purchasers of new books. The existence of this resale market somewhat lowers the effective cost of new books, so it could easily be the case that used books sales would increase sales of new books. The direction and magnitude of the effect depend entirely on the shape of the demand curve for new and used books and the amount of substitutability, neither of which it seems we have good data on.

Posted by ekr at 09:20 PM | Comments (3) | TrackBack

What information can you extract from DNA?

If you've ever watched CSI or Law and Order, you know that it's possible to use DNA evidence to determine whether two DNA samples come from the same person or whether two people are related. Lately, I've been wondering what else you can do.

Wild speculation alert: What follows is based on my general knowledge of biochemistry and not on any specific knowledge of current DNA forensic techniques. It could well be the case that we already do the stuff that follows. It may equally well be the case that none of the techniques suggested below works at all.

Age of the donor
Based on the DNA evidence you can already test for a lot of information. For instance, you can determine the sex of the DNA donor, whether they have certain genetic disease, etc. I speculate that you should also be able to roughly determine the age of the donor. One possible way to do this is by looking at the length of the telomeres. Another possibility is to look at how much damage the DNA has suffered. For instance, if you have multiple cells (which obviously descend from an original cell and then barring damage would have the same DNA), then you should be able to estimate age by measuring the degree of divergence.

Rough individual identification by reference samples
One obvious use of DNA samples--the one you see on TV--is to identify the relationship between the DNA donor (who is probably unknown) and a known reference donor. That's obviously useful if you have a sample from the unknown donor, but what if you don't? Routine collection of DNA evidence is starting to mean that we have a lot of reference samples. If we combine this information with the pre-existing family tree graphs from birth certificates, can this information be used to triangulate the identity of the unknown donor down to a small group of people? What percentage of the population do we need reference samples for in order to do this?

Posted by ekr at 03:56 PM | Comments (53) | TrackBack

July 10, 2004

A good year for American cycling

Amid all the Lance Armstrong hoopla, it's hard to remember that cycling used to be a pretty much completely European sport. Back when Greg LeMond won the Tour in 1986, It was really rare to see Americans in the peleton. By contrast, this year 3 of the pre-race favorites are American and they currently dominate the standings:
PlaceRiderTime backCountry
5Lance Armstrong-USA
13Tyler Hamilton0:36USA
21Jan Ullrich55Germany
25Levi Leipheimer55USA
31Ivan Basso1:17Italy
39Roberto Heras1:45Spain
94Iban Mayo5:27Spain

Big reversal.

OLN just ran a feature making more or less this exact same point (advantage, EG!). Interestingly, there are only 7 Americans in the tour overall 6 out of the 7 were in the top 30 as of Thursday.

Posted by ekr at 06:46 AM | Comments (12) | TrackBack

July 09, 2004

Brad DeLong on the IRS

In his post commenting on Steven Landsburg's article about the minimum wage, Brad DeLong drops the following gem:
The IRS's comparative advantage is using random terror to elicit voluntary compliance with the tax code on the part of relatively rich people.


Posted by ekr at 03:25 PM | Comments (2) | TrackBack

Does HTTP caching still matter?

Back when I first got involved in the Web, caching of HTTP responses was a big deal. Indeed, a lot of the features in HTTP 1.1 are concerned with various kinds of cache interaction (specifying lifetimes, busting caches, dealing with noncompliant or old-style caches). Even now, a very common objection to hear to any change to HTTP is that it won't interact well with caches. Lately I became curious: are caches still important? I'm not talking about content distribution networks like Akamai but conventional caches that aren't operated by the server. Does anybody know what fraction of HTTP traffic goes through caches these days?

For discussion: how would you estimate the answer to the above question?

Posted by ekr at 08:05 AM | Comments (55) | TrackBack

July 08, 2004

Why quantum cryptography?

Kenneth Paterson, Fred Piper, and Rudiger Schaack have an interesting paper upon on ePrint called "Why Quantum Cryptography?". They analyze the pros and cons of existing quantum key exchange (QKE) systems and argue that their advantages are a lot smaller than advertised. Here's the abstract:
Quantum Key Exchange (QKE, also known as Quantum Key Distribution or QKD) allows communicating parties to securely establish cryptographic keys. It is a well-established fact that all QKE protocols require that the parties have access to an authentic channel. Without this authenticated link, QKE is vulnerable to man-in-the-middle attacks. Unfortunately, this fact is frequently overlooked, resuling in exaggerated claims and/or false expectations about the potential impact of QKE. In this paper we present a systematic comparison of QKE with traditional key exchange protocols in realistic secure communication systems.

The paper is fairly nontechnical and quite readable even if you're not a crypto expert. Worth checking out if you're interested in quantum crypto.

Posted by ekr at 10:36 PM | Comments (17) | TrackBack

July 07, 2004

Oh no, not an iPod!!!

A bunch of industry analysts (by which I mean Forrester, Gartner Group, Jupiter, etc., not the usual security mafia), are in a tizzy about portable USB storage devices.
Contu cites two kinds of threats that devices like the iPod, digital cameras, key chain flash drives and external hard drives can pose. Users can install so-called "malware," bypassing perimeter defenses like firewalls and antivirus programs. Perhaps more significantly, companies risk losing intellectual property (IP) and other sensitive data through these devices acting as portable data transports.


Jupiter Research Microsoft senior analyst Joe Wilcox said that the security problem posed by the iPod and other portable devices is nothing new. Rather, awareness of the problem has increased.

"Windows offers no real security mechanism for USB devices," Wilcox said in a MacNewsWorld interview. "Anyone with the proper access rights could grab gobs of data from a network server, transfer it to the music player and take it out of the company." According to Wilcox, banning these devices, one of the recommendations suggested by the Gartner analysis, is at best a stopgap measure. "The problem needs to be solved in the operating system, either directly or through third-party tools," he said.

The concern about malware seems sort of reasonable, but I don't get the data theft issue. I understand that companies are concerned about employees stealing their intellectual property, but I've never understood this obsession that they seem to have with technical security measures to prevent its theft. Computer media is incredibly small and easy to conceal. If your employees really want to walk out the door with it, you're not going to be able to stop them without turning your company into some kind of surveillance state. The same thing applies, of course, to the firewalls that companies use to filter outgoing traffic. It just takes a little more effort to bypass them.

Posted by ekr at 08:48 PM | Comments (34) | TrackBack

July 06, 2004

EG's unified theory of bicycle racing

Like every other cycling freak with a TiVo, I've been watching the Tour de France this week. I know that bicycle racing can be confusing unless you're used to watching it, especially if you're primarily familiar with running races or triathlon. As a public service, I hereby present the two facts you need to know to understand bicycle racing:
  1. Drafting confers an enormous advantage. At 25 mph, riding behind another rider requires 27% less energy than riding the same speed on your own. Because of the drafting effect, riding in a pack is much easier than riding on your own.
  2. Advertisers pay teams to have their logos on the rider's jerseys.

These facts let you derive much of the observed behavior of actual bicycle races:

  1. It's very hard for a single rider to break away from the pack because they have to work much harder than the chase pack, which is all working together.
  2. Road bicycle racing isn't an individual sport (with the exception of time trials as discussed below). Team members work together, drafting off each other, to get one team member into position to win the race.
  3. In many flat races, most of the action happens in the last few miles. The entire pack stays together until close to the end, at which point there is a sprint for the finish. Even in very long races, the winning margin is less than a second.
  4. The early stages of the Tour are basically flat, so the early leaders are sprinters. The riders who want to win the overall tour just make sure that they don't lose too much time, for instance by crashing or missing a big breakaway and losing a few minutes. The pack only starts to separate during the climbing stages (where drafting confers less advantage) or the time trial stages, where riders from team A can't draft off riders from team B.
  5. Sometimes you'll see a few riders try for a long breakaway. Because it's so much harder to sustain a breakaway with a small group, these breakaways are generally reeled in by the main pack. Mounting a break like this is a lot of work and doesn't help your team's standing in the race, so why do the riders do it? Answer: the TV cameras track the rider, which gets free PR both for the riders and their team sponsors. Did I mention that the teams are named for their main sponsor? How much is it worth it to have Phil Liggett keep mentioning your company's name every 2 minutes?

Any other behaviors you'd like explained?

Posted by ekr at 04:30 PM | Comments (51) | TrackBack

July 05, 2004

A privilege, not a right

Alex Tabarrok objects to the idea that driving isn't a right:
A sign on the highway on the road to Toronto speaks volumes.
Remember, driving is a privilege not a right.
Despite the fact that I am Canadian, everytime I see this sign my stomach churns with anger and I must suppress a desire to turn back to the U.S. The sign is a reprimand from the rulers to the ruled reminding them of their place. I want to tear it from the ground but my fellow Canadians think my reaction odd. More Americans, I think, would understand and that I suppose is why I call America home.

Happy Independence Day.

Regrettably, much the same situation obtains in parts of United States, at least that's the position of the Delaware and California DMVs, and probably a bunch of others.

Posted by ekr at 07:10 PM | Comments (16) | TrackBack

Pornographers and prudes

An interesting feature of the debate over online pornography is that there's potential for a bootleggers and Baptists type situation: both commercial pornographers and anti-pornographers can benefit from laws like the Child Online Protection Act. The benefit to anti-pornographers is obvious, but what's the benefit to pornographers? Protection from free pornography, which is currently very easy to find on the web. COPA-style requirements for age verification make it difficult to offer free pornography, thus benefitting commercial pornographers.
Posted by ekr at 06:53 PM | Comments (27) | TrackBack

Don't write "bomb" on the plane

For a fine example of how the Transportationn Security Agency is protecting us all, check out this article by a writer who was grilled by airport security for writing "I know this is kind of a bomb" (a line of of potential dialoge for his book) in the margin of the New York Times crossword puzzle. The best part is that even after it's perfectly clear that he's not any kind of terrorist, they still tell him that he's being placed on the watch list. One gets the impression that they're a little unclear on the concept.
Posted by ekr at 07:59 AM | Comments (9) | TrackBack

July 04, 2004

What's the threat model for Internet porn?

In the most recent battle in the Internet pornography war, last week the Supreme Court bounced the Child Online Protection Act case back to the lower court. (Decision here). A big part of Justice Kennedy's decision is the argument that filtering software may be better than legislation:
Filters also may well be more effective than COPA. First, a filter can prevent minors from seeing all pornography, not just pornography posted to the Web from America. The District Court noted in its factfindings that one witness estimated that 40% of harmful-to-minors content comes from overseas. Id., at 484. COPA does not prevent minors from having access to those foreign harmful materials. That alone makes it possible that filtering software might be more effective in serving Congress's goals. Effectiveness is likely to diminish even further if COPA is upheld, because the providers of the materials that would be covered by the statute simply can move their operations overseas. It is not an answer to say that COPA reaches some amount of materials that are harmful to minors; the question is whether it would reach more of them than less restrictive alternatives. In addition, the District Court found that verification systems may be subject to evasion and circumvention, for example by minors who have their own credit cards. See id., at 484, 496they can be applied to all forms of Internet communication, including e-mail, not just communications available via the World Wide Web.

That filtering software may well be more effective than COPA is confirmed by the findings of the Commission on Child Online Protection, a blue-ribbon commission created by Congress in COPA itself. Congress directed the Commission to evaluate the relative merits of different means of restricting minors ability to gain access to harmful materials on the Internet. Note following 47 U. S. C. 231. It unambiguously found that filters are more effective than age-verification requirements. See Commission on Child Online Protection (COPA), Report to Congress, at 19-21, 23-25, 27 (Oct 20, 2000) assigninging a score of "Effectiveness" of 7.4 for server-based filtering, and 6.5 for client-based filters, as compared to 5.9 for independent adult-id verification and 5.5 for credit card verification). Thus, not only has the government failed to carry the burden of showing the District Court that the proposed alternative is less effective, but also a Government Commission appointed to consider the question has concluded just the opposite. That finding supports our conclusion that the District Court did not abuse its discretion in enjoining the statute.

From a security perspective, what I find confusing about all of this is the lack of a clear threat model. It's clear what the objective is: children shouldn't be coming in contact with pornography. I'm not that really that sympathetic to this goal. I guess I'd prefer that kindergardeners not end up watching Internet porn, but I'm pretty skeptical that it does High School studends any harm. However, regardless of what I think it's pretty clear that that's the intention. So, given that goal there are (at least) two kinds of attacker:

  • Pornographers who want children to access pornography. After all, unless you're Hef, you're probably in the pornography business to make money. This is done either by advertising or direct selling. I don't know that much about the economics of porn web sites, so it's hard to gauge the relative importance of each motivation.
  • Children who want to access pornography. The motivation for this should be obvious.

So, we can have four possible situations:

  1. Neither side is trying to get children to access pornography. It's just a side effect of the pornographer's attempt to market to adults. I get all sorts of pornography spam, so I assume that your average kid does as well.
  2. Children aren't trying to access pornography but pornographers are trying to market to them. Obviously, if the children aren't interested then they're not going to give you money, so you must be making money via advertising. Is that really a big moneymaker?
  3. Pornographers aren't trying to to market to children but children are trying to access pornography. This strikes me as very likely. As I mentioned earlier, lots of kids are surely interested in porn and if you're in the business of selling anything, it's obviously much more convenient not to have to spend a lot of time checking to see if customers are allowed to purchase your product--even if the forbidden group doesn't represent a particularly big market.
  4. Children are trying to access pornography and pornographers are trying to market to them. This case also seems fairly likely. As I mentioned previously, I'm sure that there are plenty of teenagers who would want to buy porn and if you're in the business of selling porn, why would you turn down a paying customer?

So, why does it matter which threat model we have? Because different techniques make sense for different threat models. In particular, if our threat model includes the possibility that children will deliberately try to circumvent any restrictions that are imposed, then a lot of techniques start to look pretty questionable. Filtering software is easy to circumvent if you're at all technically sophisticated and (as the above quoted passage indicated) even credit card-based age verification systems are straightforward to circumvent. Similarly, if we believe that the pornographers are deliberately attempting to circumvent whatever restrictions are imposed, then we have to be concerned about offshore pornographers who aren't subject to U.S. law.

I haven't spent too much time thinking about this problem, but my intuition is that any threat model that assumes that either children or pornographers are the enemy, then the success of any restrictions will be extremely limited. On the other hand, if the assumption is that we're just trying to avoid accidental exposure--especially to very young children--then restricting access starts to look a lot more practical. Unfortunately, I don't think that this is the model that our legislators have in mind.

Posted by ekr at 01:48 PM | Comments (49) | TrackBack

July 03, 2004

What's important in computer security

Allan Schiffman on what he thinks is important:
Amateurs study cryptography; professionals study economics.

Would that that were actually true.

Posted by ekr at 08:39 AM | Comments (42) | TrackBack

We're running out of VINs

Apparently we're running out of vehicle identification numbers (see also here). This is not good, since there are all sorts of procedures (databases, etc.) that assume that VINs are unique.
At the root of the impending shortage is the explosion of vehicle production. Automakers build 60 million cars and trucks every year and each one needs a unique VIN. And that doesn't count heavy trucks, motorcycles and other vehicles that require VINs.

The Society of Automotive Engineers, which established the existing VIN system in 1981 and expected it to last 30 years, has formed a committee to address the impending shortage.

Unlike telephone companies, which simply created new area codes, the committee is not recommending longer VINs even though 18- or 19-character codes would not repeat for 100 years. Longer codes would require a major overhaul of computer systems, said Dave Proefke, chairman of the committee.

A moment's reflection tells us that fast vehicle production isn't at the root of the problem. VINs are 17 digits long, which means that potentially they could identify up to 10^17 vehicles, even if you only used digits and not letters. Since about 60 million cars are made a year, we could potentially identify a billion years worth of vehicle production with a VIN this size. So, how are we running out?

The likely answer is that the numbers are partitioned and sparsely assigned. This table summarizes the digit positions (information from here).

Starting positionDigitsMeaning
11Country of manufacture
31Vehicle type
45Vehicle features
91Check digit
101Model year
111Assembly plant
126Production sequence number

Thus, even though the space of potential VINs is very large, most of it is unused. It's easy to see how you could potentially run into problems with this scheme. If, for instance, GM made over a million exactly identical vehicles at the same plant in a single years they would run out of VINs. It's not clear, at least from this source, whether automakers use the same sequence number space for vehicles with different feature sets. If so, then they would run out of space even faster. The fix, of course, is to utilize some of the unused space. For instance, if BMW doesn't manufacture cars in Afghanistan, they could use the Afghanistan country code for some of the cars made in Germany, thus doubling their available VIN space. That said, I'm not sure exactly what the problem we're currently running into is. If any readers have details, I'd love to hear them.

Posted by ekr at 08:26 AM | Comments (42) | TrackBack

July 02, 2004

Can we get rid of flag guy?

As I've mentioned before, there's generally a lot of construction going on on the Palo Alto streets. A lot of the roads undergoing work are two-lane roads and when the crew closes off one lane to work on it, they need to multiplex cars travelling in both directions through the single functioning lane. This is generally done by having flag men on either end controlling access. This practice seems incredibly inefficient: those people aren't doing any work, they're just standing there with flags. I've seen work sites where half the crew are flag men.

While waiting in line the other day, Kevin Dick and I started to wonder whether we could streamline things. The obvious thing is just to have portable traffic lights that you set down at either end. These lights would be timed so that cars would only be flowing in one direction at any given time. Of course, you need to arrange that the lane is entirely clear of cars in direction A before you open the lane in direction B. timing. Assume that traffic is flowing North, so the Northbound light is green and the Southbound light is red.

  1. Turn the Northbound light red.
  2. Wait until the lane is clear.
  3. Turn the Southbound lane green.

You can implement the second step in at least two ways. The first is to simply wait for the time it would take the average car moving at the speed limit to clear the distance between the lights. The second is to actually count cars, which is what the flagmen typically do.

This kind of unattended interlock is quite practical. Indeed, one of the local roads, Highway 84W, had one for years and it worked fine. However, I can understand that people might be skeptical that a system like this could be quickly set up in the field, especially as construction machines may temporarily stop traffic, thus making timing difficult. Also, automated lights force people to wait even if nobody is going in the other direction.

However, even if manual control is required, we can still get rid of one flag man. We use the same light setup as before but instead of having the lights automatically controlled, each light is fitted with a video camera that sends a picture of the road back to some central console. The operator can then switch the lights as necessary. You don't even need to run wires--the whole system can run over 802.11 wireless. I estimate you could manufacture such a setup for less than $10,000 per installation, which is certainly a lot less than you pay the flagman per year. Anyone know of a reason why we shouldn't do this?

A number of commenters observe that portable traffic lights like this are common in Europe.

Posted by ekr at 07:12 PM | Comments (51) | TrackBack

Virtuality as a defense to child pornography

Eugene Volokh points to an interesting article about former prosecutor Dean Boland who's been testifying as a defense expert in child pornography cases and actually getting people off:
Boland has teamed with criminal defense lawyers who are exploiting a provision of Ohio law that says to obtain a conviction, a prosecutor must prove that a digital portrait of suspected child pornography is, in fact, a picture of a child. To meet that requirement, the image must be authenticated as a child and not an adult digitally enhanced to look like a child - an extremely difficult level of proof for police and prosecutors, Boland says.

Without the evidence to refute Boland's testimony and prove authenticity, judges threw out child-pornography charges in Summit and Portage counties in March. A Columbiana County judge has reserved his ruling until trial.

This, of course, is the horror story that motivated banning virtual child pornography in the first place--that it would become impossible to prosecute anyone for child pornography because you couldn't prove that actual children were involved. Certified virtual child pornography looks like a better idea all the time.

Posted by ekr at 08:40 AM | Comments (43) | TrackBack

July 01, 2004

Securing our critical resources

Hovav Shacham pointed me to this quite disturbing article:
The price of chocolate bars could soar if diseases that have devastated South America's cocoa crops are allowed to spread to other parts of the world, a scientist has warned.

Dr Gareth Griffith, of the University of Wales, Aberystwyth, fears that fungal infections are poised to trigger an international shortage of chocolate.

Britons are the largest consumers of chocolate in Europe, munch through ?3.5 billion worth each year.

Writing in Biologist magazine, Dr Griffith, an expert in fungi, warned that greater international trade and travel increased the chances of the diseases turning up in Africa.

Clearly American needs to take immediate action to protect our critical strategic resources. As a first step in this campaign, I've compiled the following table of the top four "states of concern":

Country2001-2002 production (tons)1SituationRecommended action
Cote d'Ivoire 1,265,000 Civil war. Potential ethnic cleansing. U.S. peacekeepers
Ghana 341,000 Clear U.S. enemy--Khofi Annan is from Ghana Sponsor coup. Replace current democratic government with strongman
Indonesia 455,000 Crucial ally on war on terror Send U.S. Military advisors to protect cocoa production from Osama bin Laden
Nigeria 180,000 Currently run by U.S. friendly democracy. Good soccer team IMF aid to restructure economy along more cocoa-friendly lines

Only if we take swift action now can we ensure continued access to the resources we need to keep our country strong.

1. source: International Cocoa Organization.

Posted by ekr at 12:22 PM | Comments (51) | TrackBack