February 2005 Archives

Bernard Ebbers's defense appears to be that he was too stupid to do what he was accused of:

Mr. Ebbers also said he was ignorant about accounting in general. "I know what I don't know," he said, referring to his lack of understanding of the technology WorldCom sold as well as its finances.

He testified that he did poorly in college, where his "marks weren't too good," and that he bounced from one job to another, working as a milkman, basketball coach and warehouse manager, before he and a small group of investors started the predecessor of WorldCom in 1983.

This is certainly a plausible story, since WorldCom's revenues were on the order of 30 billion a year. I make a lot less than 30 million a year and I still need an accountant to do my taxes. It's easy to believe the Ebbers didn't understand any of the details of what his accountants had done.

Of course, the problem for this account is that Scott Sullivan, WorldCom's former CFO says that he told Ebbers that the accounting changes "weren't right". If my accountant tells me that, I'm going to get pretty nervous, even if I don't understand exactly what IRS regulation I'm supposedly breaking...

The February 18th Science has an interesting article about Simonsen et al.'s analysis of influenza deaths. Simonsen's work suggests that influenza vaccination may not reduce mortality in old people. I haven't read the full study and so I don't have an informed opinion. Obviously, if we're going to be in the business of rationing flu vaccine it would be nice to know that the right age groups are getting it.

UPDATE: Fixed a broken link. Thanks to Ken Hirsch for pointing this out.

Here's an update on getting FreeBSD 5.3 working on the Panasonic W-2:

• Neither ACPI nor APM work correctly. You can put the laptop to sleep but it doesn't resume. As Hovav Shacham points out, this sounds like you're halfway there, but it's really a lot less than that.
• PCMCIA support works but only if you turn off the new PCMCIA support and turn on the OLDCARD support.
• I'm able to talk to the Centrino wireless (software here), but it doesn't seem to associate with my AP. I get unknown association state 4. I think the problem here may be the MAC filtering on my AP but I don't know for sure and I haven't had time to debug this.
• My Wavelan card (wi0) works but you need to use ifconfig to set up WEP instead of the historical wicontrol

So far so good. Given the long battery life of the W2 I can live without suspend but it would be nice to have. Maybe I can debug it at IETF.

The EU just passed a law requiring airlines to compensate passengers if their flights are delayed for more than five hours. A blow for passengers' rights against inconsiderate airlines, right? Well, maybe not:

BRITISH AIRWAYS jumbo jet carrying 351 passengers was forced to make an emergency landing after an 11-hour transatlantic flight with a failed engine.

The fault occurred on take-off from Los Angeles but the pilot declined all opportunities to land in the US and instead continued on three engines for 5,000 miles to Britain.

The incident happened three days after a European regulation came into force requiring airlines to compensate passengers for long delays or cancellations. Under the new rules, if the pilot had returned to Los Angeles, BA would have been facing a compensation bill of more than 100,000.

Balpa, the British Air Line Pilots Association, gave warning last night that the regulation could result in pilots being pressured into taking greater risks for commercial reasons.

The regulation requires airlines to refund passengers the full cost of their tickets as well as flying them home if a delay lasts longer than five hours. Passengers must also be put up in hotels if the delay continues overnight.

The BA flight departed at 8.45pm on Saturday and the airline admitted that the delay would have been well over five hours if it had returned to Los Angeles.

BA initially claimed that the engine had failed an hour into the flight. But the airline admitted yesterday that the problem had occurred a few seconds after take-off when the Boeing 747 was only 100ft above the ground.

...

The Boeing 747 was unable to climb to its cruising altitude of 36,000ft and had to cross the Atlantic at 29,000ft, where the engines perform less efficiently and the tailwinds are less favourable. The unbalanced thrust also meant the pilot had to apply more rudder, causing extra drag.

The pilot realised as he flew over the Atlantic that he was running out of fuel and would not make it to Heathrow. He requested an emergency landing at Manchester and was met by four fire engines and thirty firefighters on the runway.

BA, of course, denies a financial motivation, but that's a bit implausible given their incentives and their dishonesty about when the event occurred:

BA said financial concerns had played no part in the decision. Captain Doug Brown, the senior manager of BAs 747 fleet, said the only consideration had been what was best for passengers.

The plane is as safe on three engines as on four and it can fly on two. It was really a customer service issue, not a safety issue. The options would have been limited for passengers [if the plane had returned to Los Angeles]. He said the pilot would have had to dump more than 100 tonnes of fuel before landing at Los Angeles. The authorities would have had words to say about that.

A customer service issue, huh? I'm sure that being diverted to Manchester and being met by four fire engines was extremely convenient for the passengers.

People who are HIV negative already have an incentive to have safe sex, but people who are HIV positive have much less off an incentive--except of course for general altruism.¹ Dan Savage makes an interesting suggestion to modify those incentives:

If people are looking for a truly radical step something that might actually curb unsafe sex I've got a suggestion. But first some context: When extremely promiscuous gay men assess the risks and benefits of unprotected sex, most assume that if they get infected, or if they infect someone, an AIDS organization or state health agency will pay for the AIDS meds they or their sex partners are going to need to keep themselves alive. It seems to me that one surefire way to curb unsafe sex would be to put the cost of AIDS meds into the equation. I'm not suggesting that people who cant afford AIDS meds be denied them God forbid. No, my radical plan to curb unsafe sex among gay men is modeled on a successful program that encourages sexual responsibility among straight men: child-support payments. A straight man knows that if he knocks a woman up, he's on the hook for child-support payments for 18 years. He's free to have as much sex as he likes and as many children as he cares to, but he knows in the back of his mind that his quality of life will suffer if he's irresponsible.

So why not drug-support payments? If the state can go after deadbeat dads and make them pay child support, why cant it go after deadbeat infectors and make them pay drug support? Now that would be radical. Infect someone with HIV out of malice or negligence and the state will come after you for half the cost of the meds the person you infected is going to need. (The man you infected is 50 percent responsible for his own infection.) Once a few dozen men in New York City, San Francisco, Toronto, Los Angeles, Chicago, Miami, and Vancouver are having their wages docked for drug-support payments, other gay men will be a lot more careful about not spreading HIV. Trojan won't be able to make condoms fast enough.

This suggestion certainly would incentivize people to use safe sex. However, there's an obvious problem: it disincentivizes people from revealing their contact information. Since contact tracing and partner notification is a major method of controlling STDs (though as Dan points out not as widely used with HIV as with other STDs) this is bad. If people are going to be liable for the medical costs of people they infect, they're pretty unlikely to list the names of their contacts. Standard post-exposure protocol for HIV involves immediate anti-retroviral therapy, but this can't be administered if people don't know they're infected.

^1. It's of course possible to get infected with another HIV strain or some other STD, but if you already have HIV, the potential marginal loss of utility is a lot less.

I've spent quite a bit of time on online customer service systems this week (don't ask) and noticed a real irritation that you may have noticed to. So, you call your phone company and the first thing the automatic system does is to ask for your phone number. You key that in on DTMF keypad and get bounced through a few more phone menus. Finally, you get to speak to a person and what does that person do? Ask you for your phone number! Why? I've already given it to the computer. But noooo.... I've got to go through the whole stinking procedure again, authentication, SSN, and all.

I suppose you can make some security argument (though it's not like authenticating twice with the same information is a big challenge) but I suspect that the real problem is that the voice response system and the back-end computer systems aren't well enough integrated to transfer the context to the rep's desk. Hopefully this will change as the technology gets more advanced: it's certainly fairly easy to do with VoIP and it must be fairly expensive to burn all that customer rep time on reauthenticating you.

I know some EG readers work on telephony systems. Anyone want to comment?

I received my Panasonic W2 Toughbook today ($2049 from Amuras) and I've started the FreeBSD install:

• If you want to dual boot, the first thing you need to do is reclaim some of the hard drive from Windows. Luckily the Windows XP restore disk lets you use part of the hard drive for the OS and reserve the rest for data. The "data" section ends up as an empty D: partition, which I used to install FreeBSD.
• I put on FreeBSD 5.3. The initial FreeBSD install went smoothly and I can dual-boot FreeBSD and Windows (though Windows comes out as "???" in the FreeBSD boot selector. Have to work on that later).
• X.org works out of the box. X.org -configure produces a working conf file. The big problem is that the mouse doesn't work by default. Changing the mouse device to /dev/psm0 and the mouse type to ps/2 fixes this. You may only need one of these. Also, if you want 24-bit color you should tweak the conf file to use 24 bit by default.
• FreeBSD recognizes the Ethernet jack (rl0) by default but I haven't tried it yet. It doesn't recognize the Centrino-based wireless interface at all. I'm guessing that that's not going to work well. I've got a PCMCIA wireless card, so I don't really need the on-board wireless.
• ACPI doesn't seem to work well. FreeBSD detects it, but the laptop never comes back from suspend. This isn't exactly a surprise. Next step here is to try APM support, which I've had better luck with in the past.

So far so good. Next step is to get the network and some kind of power management working—all I really need is suspend/resume— and then install the rest of my environment.

In the wake of the ChoicePoint debacle, people are starting to think about how to stop identity theft. It's not an easy problem, though, because almost all the information that you use to establish your identity is publicly known, especially in the age of Google. In particular, the social security number (SSN), while ostensibly secret, is trivial to get your hands on because everyone from the DMV to your credit card company to your doctor's office wants to know it.

The basic problem with SSNs as a proof if identity is that they're used for two purposes:

• Authenticator—because it's ostensibly secret, lots of organizations use your knowledge of your SSN as evidence that you're you. This only works if not many other people know your SSN.
• Record lookup keys—the SSN is the only unique identifier that pretty much every American has, so it makes a pretty much ideal storage and lookup key. But this leads to everyone knowing it, a problem which is made even worse when databases that contain SSNs get stolen.

This is obviously a bad mix of properties and it's at least partially responsible for the identity theft problem. The good news is that there's a standard fix in cryptographic protocols: public key cryptography.

Public Key Approach
Every user (in this case, American citizen) gets an asymmetric key pair. You use the public key as the lookup key and the private key is the authenticator. The user performs a digital signature to prove that it knows the private key.

Of course, this has some obvious problems for this particular application. The most serious of these is that it requires users to have a computer in order to prove their possession of the private key—digitally signing is a pretty complicated operation, far too complicated to do by hand. An additional problem is that the database lookup keys get large (at least 160 or so bits), which requires very extensive modification to existing systems.

Hash functions
There's a sloppier solution, though: instead of using digital signatures you use hash functions. Here's the simple approach: the authenticator is some random value X. The lookup key is L=Hash(X). In order to let people look up your records, you just give them Hash(X). This is all you need for your doctor's office, the DMV, etc. For things like credit card applications, you need to authenticate. In order to do this, you provide X. The credit card agency (or whatever) computes Hash(X) and verifies it against L. If it matches, you're you.

This strategy has two good features:

1. You don't need to give your authenticator to everyone, just people who are trying to verify your identity.
2. People who verify your identity don't need to store your authenticator—they can discard it as soon as they've verified it, so they're not as at risk from database theft.

However, it's still not very good. You may not be giving L out to everyone, but you're still giving it out to plenty of people, so there's still a fairly high risk of compromise. And since there's only one authenticator, you can't really recover from that without changing L in every database on the planet. A second problem is that L is a lot longer than your average SSN, so it will still require retooling all the back-end systems.

Signed Authenticators
I've been doing some thinking, though, and I think there's a hack that might get us most of the way there. Every year the SSA sends you a set of pre-signed authentication tokens, each good for a single month. These tokens are simply digitally signed versions of your SSN, e.g., Sign(SSN, Month). When you want to authenticate yourself, you provide the current token. In order to verify it, the verifier checks the digital signature and verifies that the token isn't expired. If both check out, then you've been authenticated.¹

This strategy has one really nice feature: because the tokens are signatures over the SSN, no changes are required to the back-end database, which can continue to use SSNs as before. The only changes are required to the verification procedure. Systems which use the SSN only as a locator don't have to change at all, which is obviously attractive.

There are also some drawbacks. First, the authentication tokens are fairly large. Even the smallest signature schemes are a lot longer than an SSN. E.g., BLS is 160 bits (26 or so base 64-encoded characters) at the 80 bit security level. This makes them fairly difficult to read over the phone and even harder to memorize. Second, since they're only good for a month or so, you're not going to want to memorize them. On the other hand, you won't need them anywhere as often as you need your SSN, so it's not quite as impractical to keep them in a card in your wallet or whatever. Third, since each token is reusable during its validity period, there's still some risk if its stolen. It's possible to do single-use tokens but that requires some national database of which tokens have been used (or more likely the hashes of which tokens have been used).

Like I said, this is somewhat half-baked. It's a hack designed to improve security while not requiring too many changes to existing infrastructure. Sometimes hacks like these hit the sweet spot and sometimes they're the worst of both worlds. I can't decide which this one is.

^1. Note that you don't need to provide the month with the token. The verifier can just check the token against the current valid month.

The Times is covering the shortage of Prilosec. This was reported in EG back in October 2004. Advantage, EG!

Here's Bertrand Russell from What I Believe:

Physical science is thus approaching the stage when it will be complete, and therefore uninteresting. Given the laws governing the motions of electrons and protons, the rest is merely geography--a collection of particular facts telling their distribution throughout some portion of the world's history. The total number of facts of geography required to determine the world's history is probably finite; theoretically they could all be written down in a big book to be kept at Somerset House with a calculating machine attached, which, by turning a handle, would enable the inquirer to find out the facts at other times than those recorded. It is difficult to imagine anything less interesting or more different than the passionate delights of incomplete discovery. It is like climbing a high mountain and finding nothing at the top except a restaurant where they sell ginger beer, surrounded by fog but equipped with wireless. Perhaps in the times of Ahmes the multiplication table was exciting.

This essay was published in 1925, the same year that Schrodinger and Heisenberg published the first real treatments of quantum mechanics and two years before the Uncertainty Principle. 80 years later we're still chasing a complete theory.

From the February 9th CSI:NY

The average volume [of blood] in a healthy adult is 4.7 to 5 liters. You lose 500 milliliters, you're unconscious

That will no doubt surprise the American Red Cross, which takes a pint (450 ml or so) of blood at a time. According to their FAQ:

A blood donation equals approximately one pint of blood. The average adult body has 10-12 pints. The vast majority of people will not feel any different because of the donation. A very small percentage may experience temporary dizziness, but some rest and fluids will help you feel better quickly. Your body will replace the lost fluid within 24 hours.

It's not like if the phlebotomist screws up and takes an extra 50 ml (< 4 tablespoons) you're going to pass out.

Yeah, yeah, I know it's a TV show, but really, how hard is it to get the science right? Don't they have medical consultants on staff?

UPDATE: Adam Roach points out that a tablespoon is 15 ml, not 30 ml. Corrected.

I'm a big fan of technological histories and I just finished David Owen's Copies in Seconds. Copies in Seconds tells the story of the invention of the Xerox machine. It's truly an amazing story. Chester Carlson filed his first patent on of photocopying (called "electrophotography" back then) in 1937 and it took until 1960 for the first really commercially usable photocopier (the Haloid Xerox 914) to be brought to market.

Why? Despite the simplicity of the photocopying concept and the push-button reliability of modern photocopiers, building a working photocopier turns out to be incredibly complicated, with issues ranging from paper handling to getting the toner to stick to the paper to getting the excess toner off the paper without smudging the copy. At pretty much every stage of the operation, a sane person--or company--would have given it up as hopeless, but Carlson and Haloid stuck it out and changed the world.

David Owen does a good job with this book, starting with a 50-page history of pre-Carlson printing and duplication technology and then moving on to the 20+ year history of the development of a working photocopier. Throughout he does a good job of explaining the technical obstacles faced by the Haloid engineers and how they overcame them. Copies in Seconds isn't as good as Rhodes's Making of the Atomic Bomb but it's a solid effort and worth checking out.

In her Slate column on the Larry Summers controversy, Meghan O'Rourke writes something truly amazing:

More generally, although matters have improved, we still treat the hard sciences and math as essentially masculine domains. The phenomenon of the girl math geek who frets that she can't get any dates continues to be a stereotype for a reason.

Huh? It's not the girl math geek that can't get a date. it's math geeks of both genders. Indeed, being a nerdy girl is an excellent way to meet guys, precisely because the demographics are so male heavy. Of course, you have to be willing to date nerdy guys, but if you're nerdy yourself, you don't have much standing to complain about that. It's particularly amusing that O'Rourke uses Mean Girls as an example, since any high school girl who looks like Lindsey Lohan--math geek or no--pretty much has to beat guys off with a stick.

Apparently Microsoft is recalling 14 million Xbox power cords. What could possibly go wrong with a power cord, you might ask? It's not like making them is some kind of rocket science. Apparently, the problem isn't the power cords but rather the consoles and the power cord is some sort of backup:

Why are Xbox replacement power cords needed?
The replacement power cords are designed to protect consumers and their Xbox consoles from rare electrical component failures that can pose a fire hazard.

How great is the risk?
Fewer than one in 10,000 consoles have experienced these component failures. In almost all instances, any damage caused by these failures was contained within the console itself or limited to the tip of the power cord at the back of the console.

Does my console require a replacement cord?
If it was manufactured before October 23, 2003, your console requires a replacement cord (except for consoles purchased in Continental Europe, where consoles manufactured prior to January 13, 2004 require a replacement cord). Consoles manufactured after October 23, 2003 (after January 13, 2004 for consoles purchased in Continental Europe) do not require replacement cords because design improvements to the cord and console already protect against the problems that are addressed by the replacement cords.

I wonder what's actually wrong with the Xboxes, and what happens when the internal components fail with the new power cord.

Now California is considering a mileage tax.

And that saves him almost $300 a month in gas. It's great for Just but bad for the roads he's driving on, because he also pays a lot less in gasoline taxes which fund highway projects and road repairs. As more and more hybrids hit the road, cash-strapped states are warning of rough roads ahead.

Officials in car-clogged California are so worried they may be considering a replacement for the gas tax altogether, replacing it with something called "tax by the mile."

Seeing tax dollars dwindling, neighboring Oregon has already started road testing the idea.

"Drivers will get charged for how many miles they use the roads, and it's as simple as that," says engineer David Kim.

Kim and fellow researcher David Porter at Oregon State University equipped a test car with a global positioning device to keep track of its mileage. Eventually, every car would need one.

"So, if you drive 10 miles you will pay a certain fee which will be, let's say, one tenth of what someone pays if they drive 100 miles," says Kim.

I've complained about mileage taxes before, but if one wants to implement them, at least in California, there's no need at all to have a GPS. California cars need to have periodic emissions inspections, so it would be a fine opportunity to measure their mileage and levy taxes, without having some gizmo in your car that tracks everywhere you drive--and incurring the obvious privacy problems.

The only reason to use a GPS is to let you charge different prices for driving on different roads. But we already have a mechanism for that--it's called the toll booth.

There's been a lot of fuss about the REAL ID Act, but Section 102 is really amazing:

Section 102(c) of the Illegal Immigration Reform and Immigrant Responsibility Act of 1996 (8 U.S.C. 1103 note) is amended to read as follows:

`(c) Waiver- `(1) IN GENERAL- Notwithstanding any other provision of law, the Secretary of Homeland Security shall have the authority to waive, and shall waive, all laws such Secretary, in such Secretary's sole discretion, determines necessary to ensure expeditious construction of the barriers and roads under this section.

`(2) NO JUDICIAL REVIEW- Notwithstanding any other provision of law (statutory or nonstatutory), no court, administrative agency, or other entity shall have jurisdiction--

`(A) to hear any cause or claim arising from any action undertaken, or any decision made, by the Secretary of Homeland Security pursuant to paragraph (1); or

`(B) to order compensatory, declaratory, injunctive, equitable, or any other relief for damage alleged to arise from any such action or decision.'.

No doubt you'd need a lawyer to really interpret this, but doesn't this say that the Secretary can waive any federal law for any reason whatsoever? I know that it says that it has to be to ensure expeditious construction of barriers, etc., but what if the secretary decides that, for instance, the federal civil rights act or Social Security gets in the way of constructing barriers? In what way is ths not a blank check?

The recent rumored results on SHA-1 aren't a catastrophe, but we need to start planning for the future. (warning, slightly heavy sledding ahead).

The bad news is that there is no standard function that is guaranteed to be more secure. In particular, we can't really be confident that SHA-256 is going to be stronger.

Here's one thing that probablywon't work:
Concatenation The obvious thing to do is to take a SHA-1 and an MD5 and concatenate them on the theory that this makes things harder. Unfortunately, Joux's CRYPTO 2004 paper on multicollisions suggests that this doesn't make things anywhere near as much harder as you would expect.

Here are a few alternatives that might work:

• Randomized hashing The whole reason why this attack works is that the attacker knows the exact message you're going to hash. If you prefix the message with a random value, this effectively defeats the attack. So, when you sign a message you would sign H(random || message) instead of H(message) [0]. In particular, CAs should immediately start using unpredictable serial numbers. [1]
• A non-MDx-based hash function All of the major standard hash functions ultimately derive from MD4. It's possible to design hash functions based on block ciphers (see Tom Shrimpton's slides) for an overview. Unfortunately, as I understand it you can't prove security for these constructions in a realistic model of the underlying algorithm. However, there's some hope that you would have to make a pretty serious dent in that block cipher in order to break the hash.

Strangely enough, it's actually easier to specify a new hash function than it is to move to randomized hashing. At the end of the day, we'll probably want to do both because randomized hashing provides protection against this kind of attack in general, regardless of the status of the hash function.

[0] My intuition is that you'll want to pad out the random IV to an input block length, even if the IV is less than a block length, rather than just concatenating the values directly. However, you'd need to ask a real hash function here.

[1] It's easy to make these monotonically increasing. Just use Counter || random

Vint Cerf and Bob Kahn have won the Turing award for inventing TCP/IP.

Bruce Schneier is reporting that the Wang, Yin, Yu team has reduced the difficulty of finding collisons in SHA-1 to 2⁶⁹ operations:

• collisions in the the full SHA-1 in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length.
• collisions in SHA-0 in 2**39 operations.
• collisions in 58-round SHA-1 in 2**33 operations.

This is clearly pretty bad, but remember that in order to exploit a collision (as opposed to a second preimage) you need to generate the colliding pair in advance. So, even if we assume that you can build arbitrary collisions--which the previous work on MD5 didn't let you do---the attacker would need to expend that effort up front, before he cons you into signing one of the pair. It doesn't implicate signatures that have already been generated. See here for more details about the impact of this kind of attack.

Caught Terry Gross's interview with Brian Greene, author of The Elegant Universe and The Fabric of the Cosmos. Unfortunately, this good opportunity was mostly wasted by Terry's insistence on asking silly questions about the intersection of science and religion instead of like, physics, which is what his book was actually about.

Gross: You know, if the world is filled with dimensions that our senses don't allow us to perceive. You could argue that, you know, some, or all of those dimensions are the world of microparticles, but I guess you could also argue just as easily that the world is a more spiritual one in which we see, you know, spiritual forces that--in which there exist spiritual forces that we are incapable of perceiving

Greene: Yeah, I would dissuade people from heading in that direction and let me tell you why. Indeed, string theory is—the theory that I work on, one of the cutting edge developments, an attempt to build what Einstein called a "unified theory", a theory that might explain everything in the world in one basic master equation, and this approach, called string theory, does entail that the universe has more than the three dimensions that we know about. So we all know about left-right, back-forth, up-down, this theory does say that there are other dimensions beyond those. Since we don't see them, many people might say "well perhaps they are on par with some of the mystical ideas, or theological ideas, and the main difference, and the key distinction to keep in mind is: when we talk about these extra dimensions we ultimately—we haven't been able to do it yet—but we imagine that we'll make predictions for how these dimensions behave and the implications for observable phenomena. And that's the key difference between the scientific incarnation of these strange ideas and the mystical incarnation. We only will believe these ideas when we can test them experimentally. There's no act of faith that's going to be involved in us taking on the theory that we're studying. And I don't think that's true of either the mystical or theological approaches. It's always--as far as I have encountered so far--involves some element of faith and a key inability to make predictions that will be testable and that will allow us to determine whether those ideas are right or wrong.

Look, people, religion is full of vague metaphors and symbology and it's not exactly surprising that some of that stuff happen to pattern match on some scientific concepts. Just because Matthew 8:12 talks about people being cast into the "outer darkness" doesn't mean that they knew about black holes and Ecclesiastes 9:11 isn't about the Uncertainty Principle.

The Times has an interesting article about the search for new pain drugs. We're finally starting to understand how pain works and rationally design drugs to block the processes. Given the DEA's attitude towards the use of opioids for chronic pain, this is none too soon.

Boing Boing points to an account from a photographer who was stopped from photographing on Muni by Fare Inspectors and then by SFPD.

Officer Primiano expressed extreme frustration with me as soon as I began speaking of my rights to photograph in public places. She wanted to debate the wisdom of my taking pictures and asserted that in the wake of the Sept 11th attacks on our country, I should be more interested in aiding officials in their efforts to increase security than my rights as a citizen or journalist. Despite my calm statement of my side of the issue, Officer Primiano waved her hands in the air, stated, "This guy is really pissing me off", and walked away, leaving Officer Ryan to talk to me. Luckily he exhibited a more rational, professional demeanor.

However Officer Ryan was of the opinion that I should not be taking photographs. I explained to him that I didn't want to argue the wisdom of my taking photographs, or the efficacy of a ban on photography in the MUNI System should one exist. All I was concerned with was the legality of my actions. If I had in fact committed a crime by taking photographs, I should (and in fact wanted to) be cited under the relevant law so that I could then pursue the matter in the courts and assert my First Amendment rights. Officer Ryan told me in a very straightforward manner that he did not wish to allow me the opportunity to assert my constitutional rights in court.

After walking over to the group of Fare Inspectors and BART Police Officers, Officer Ryan returned to speak to me. He expressed his frustration at the situation and me by saying: "Would it have been so difficult for you to just stop taking photographs when these guys told you to stop? If you weren't on your soapbox, I'd be out fighting real crime rather than standing around here dealing with you." He expounded further, "Even if there is no law forbidding photography in the MUNI System, the Fare Inspectors have the right to refuse you service for any reason they choose, including taking photographs. Once they refuse you service they can swear out a citizens arrest for trespassing. I, or other officers, will book you and you'll spend the rest of your weekend in jail. It won't be for taking photographs, so your weekend would be ruined yet you'd never get a chance to argue the matter of taking photographs before a judge."

This isn't exactly the behavior I want out of my law enforcement officers. What makes it especially stupid is that there's no good reason to stop people from taking photographs of this kind of public. Yes, yes, I understand that if you wanted to mount some kind of terrorist attack on a Muni station it would be convenient to have photographs of the station for planning purposes, but consider that:

1. The vast majority of people taking photographs are almost certainly not terrorists—because the vast majority of people are not terrorists and photography is a pretty common activity.
2. It's fairly easy to set up surreptitious cameras so that you can film people and situations undetected. Ever see the candid photography segments on Jackass?

Whenever you're considering some security measure you have to weigh the costs against the benefits. Prohibiting this kind of public photography causes terrorists some inconvenience, but not that much inconvenience and and it would cause innocent photographers—who vastly outnumber terrorists—quite a bit of invonvenience. And that's not even counting the time that the police spend hassling innocent photographers (though that will no doubt go away when "sensitive" areas are tagged as no-photography zones).

Radley Balko links to a Knoxville News article about a case of apparent police abuse which the victims were clever enough to get on tape. That the police sometimes (often?) abuse suspects isn't that surprising, but here's the interesting bit:

"There's nobody knows we're (expletive) here," Webber says. "We're doing this on our own."

The transcript indicates that Webber produces a form that, once signed, will state that Siler gave his consent for the officers to search his home. Siler apparently refuses to sign it. The beating resumes.

This illustrates an obvious problem with this kind of consent form: it's fairly easy to pressure suspects into signing--recall how common it was in the Soviet Union for people to be forced to sign "confessions." The fact that it's easy to coerce cooperation makes it easy for suspects to claim that their cooperation was coerced after the fact. Of course, there's a simple technical fix: have the police take audio and visual recordings of every interaction they have with suspects. These recordings could be timestamped and signed in order to prevent tampering after the fact, thus demonstrating that the police hadn't coerced cooperation.

Alaska and Minnesota already record all police interrogations but the practice isn't universal in this country. As usual, there's resistance from law enforcement, with the usual argument being that it would hinder interrogation. But of course, that's only true if the police are using proscribed tactics, which isn't exactly something that should be reinforced.

The New Urbanist is covering the story of Warren Wimmer, who was stopped by a security guard when trying to photograph Anish Kapoor's Cloud Gate sculpture in Chicago's Millenium park

Here's the press director for the park:

"The copyrights for the enhancements in Millennium Park are owned by the artist who created them. As such, anyone reproducing the works, especially for commercial purposes, needs the permission of that artist."

Terence Spies points out that there's an obvious intersection between "privacy" technology like remote camera shutoffs and this kind of aggressive copyright enforcement: IPR zones where you're not only not allowed to take pictures, but it's technically impossible to do so because your camera won't let you.

A poster in Crooked Timber's comments section pointed to this rather cool tool for exploring the popularity of baby names. The decline in popularity of "Hillary" is particularly striking.

A school in Sutter County California is requiring students to wear ID badges with tracking transponders built into them:

The Tatros' complaint and objections by other parents to the tracking system have led the district to relax its rule that all children wear the tags. If parents send a note saying their children don't want to wear the tag, they don't have to display it, but they must carry it on their person until the board makes a decision on the program's future at a special meeting called for next Tuesday.

The badges contain a photo of pupils, their grade level and their name. On the back is a tube roughly the size of a roll of dimes.

Within it is a chip with an antenna attached. As the chip passes underneath a reader mounted above the classroom door, it transmits a 15-digit number, which then is translated into the student's name by software contained in a handheld device used by teachers to check attendance.

I'm not wild about this for the obvious reasons, but here's a question parents might be interested in: a tracking system like this can be used by third parties (aka strangers) to track their children. Is that something they really want?

Note: it's possible to build systems like this where you can't get the transponder to respond without being an authorized reader (e.g., by signing the reading request or having the response be encrypted using a semantically secure algorithm), however in my experience systems like this generally aren't designed this way. I'd be interested to see if this one is.

You've probably heard of Amazon's new AmazonPrime service. The way this works is that you pay a yearly $79 fee and then all your order get two-day shipping for free or overnight shipping for $3.99/item.

I place about 5-10 Amazon orders a year, all priced above $25 to get Super Saver shipping. Most of my orders arrive within 3 days. So, basically, I'd be paying for two things:

1. The privilege of getting my orders a day earlier.
2. The ability to make smaller orders and still have them ship for free.

(1) doesn't seem that attractive. Certainly, if you offered to make a given individual order arrive a day earlier for $8 (the average cost per order), I wouldn't go for it. (2) is a little attractive, but I generally find it fairly easy to think of 2-3 things I want to order, which generally gets it up over $25. So, the only thing that's left is the overnight shipping. I don't think I'd be willing to pay $3.99/item for that, either.

Of course, the calculation would change dramatically if Amazon discontinued Super Saver. Typical item shipping costs without Super Saver are about $5.00 for a $25 order. I would definitely be willing to pay an extra $3/order for 2-day shipping. I wonder if that's part of Amazon's plan.

In the "no surprise" department, North Korea has nuclear weapons, and they don't want to give them up.

Though Ms. Rice labeled the possession of nuclear weapons by both North Korea and Iran as "unacceptable," her comment about North Korea seemed aimed at reassuring Americans and perhaps Europeans at the end of her weeklong trip in Europe and in the Middle East that the dangers were not imminent.

Unacceptable, huh? So that means we have a plan to deal with it? That's what I thought.

The Hewlett-Packard board has fired Carly Fiorina. Check out the stock price graph:

Figure from Yahoo Finance

Right after the 2 PM announcement, the stock price jumped up 10% and settled down to close up 6.9% by the end of the day. Now, HP's market capitalization is $65 billion. In other words, the market thinks that Carly Fiorina was destroying about $5 billion in shareholder value just by being CEO. It's not often you get that clear an idea of how the world feels about you. Not a bad result for the HP board either. Fiorina's severance package is $21 million. There aren't many decisions you can make that increase your valuation by a factor of 200 over what you paid. That's a pretty good ROI.

Credit: Kevin Dick pointed out the cost/benefit ratio on the severance package.

Reason's Rand-O-Rama has some pretty entertaining quotes about Ayn Rand, but the best is from Nora Ephron:

Like most of my contemporaries, I first read The Fountainhead when I was 18 years old. I loved it. I too missed the point. I thought it was a book about a strong-willed architect...and his love life.I deliberately skipped over all the passages about egoism and altruism. And I spent the next year hoping I would meet a gaunt, orange-haired architect who would rape me. Or failing that, an architect who would rape me. Or failing that, an architect. I am certain that The Fountainhead did a great deal more for architects than Architectural Forum ever dreamed. Nora Ephron, The New York Times Book Review (1968)

Does being on the Internet Architecture Board count?

The way that HTTPS (Web over SSL) authentication works is that the web site certificate has to match the URL that you're trying to dereference. I.e. if you type "https://www.educatedguesswork.org", the server's certificate had better say "www.educatedguesswork.org". The client automatically checks that these two match, but you, the user, are responsible for making sure that the URL is right.

There are two basic ways to get to a web site:

1. You key in the URL or use one of your bookmarks.
2. You click on some web page.

The first way doesn't create much of a problem. Assuming you actually know the URL and didn't get it from Google or something, then the URL/cert comparison works.

The problem is when you get the URL from someone else. You type in "Microsoft" and click on one of the links. Unfortunately, it goes to www.micros0ft.com. Now, there's no reason why the operator of www.micros0ft.com can't get a certificate with www.micros0ft.com in it. You dereference the URL, the HTTPS connection works, the certificate matches, and unless you're paying really close attention, you don't notice that you have the wrong URL.

The standard advice to people is to pay really close attention, but that never worked real well and there's something that makes it worse: internationalized domain names. Originally, DNS names were ASCII-only, but recently they've been expanded to include non-ASCII characters. The problem is that there are some glyphs in other language sets that look like characters in English. This lets you mount an even more convincing attack, called a homograph attack, in which you use a foreign language glyph that looks like an ASCII letter, such as in www.paypаl.com. This has been known about for about 3 years but only works if browsers actually know how to process these domain names, which they didn't generally do back then. However, it has been recently shown that many browsers are now smart enough to be fooled by this. Outstanding!

How bad you think this attack is kind of depends on your model of how gullible people are. In particular, if you think people will be fooled by the micros0ft-style attacks, then homograph attacks don't bring much to the party. On the other hand, if you think people are a bit smarter, then maybe this makes the situation worse. That said, it's worth noting that there are lots of legitimate situations in which the URL you do a secure transaction with doesn't have much to do with where you started. Try buying a ticket from United Airlines and you get redirected to https://www.itn.net/...

Slate is now carrying an article describing how to circumvent airport ID checks with Internet boarding passes. Of course, EG readers knew about this attack at least as far back as October 2003. As Instapundit would say, "advantage EG!"

Tyler Cowen writes:

I question the almost universal disdain for the "Micky Mouse" copyright extension act. OK, lengthening the copyright extension does not provide much in the way of favorable incentives. Who innovates with the expectation of reaping copyright revenues seventy-five years from now? But this is a corporate rather than an individual issue. Furthermore economic research indicates that current cash flow is a very good predictor of investment. So the revenue in fact stimulates additional investment in creative outputs. If I had my finger on the button, I still would have pushed "no" on the Mickey Mouse extension, if only because of the rule of law. Privileges of this kind should not be extended repeatedly due to special interest pressures. But we are fooling ourselves if we deny that the extension will benefit artistic output, at least in the United States.

I absolutely agree with Tyler that if (say) Disney had more money it would most likely use that to fund the production of more content. Disney's expertise is in cranking out creative content, not in managing a large investment portfolio. So, if you think that for some reason the world would be better off with more creative content being produced (i.e. assume tha the amount being produced now is inefficiently low) it's not crazy to think that subsidizing the content creators would be a good idea. Now, the money for that has to come from somewhere, but

That doesn't mean, however, that extending copyright is a good way to do that. In fact, there are a number of reasons to think that it's an inefficient way to subsidize new content production. The first is that the subsidy accrues primarily to organizations which have very old content. These organizations are likely to have little creative continuity with the organization which 70 years ago created the original content. So, why should they get singled out for a special subsidy? Is more new, exciting, content likely to be created by subsidizing Disney or Pixar?

The second reason is that extending copyright isn't a simple transfer payment. It creates deadweight loss because ofthe people who aren't able to use the content freely. It can even act as a disincentive to the production of new content because it stops you from incorporating sections of the original content in your new work. (This is Larry Lessig's point).

For these reasons, I do think that the copyright extension is worthy of disdain. If we think that not enough new content is being produced--though how anyone with access to Amazon.com could think that I have no idea--a simple transfer payment would be a far better way to subsidize its production.

From John Steele Gordon's An Empire of Wealth:

In the 1830s a man, every business day, would climb to the top of the dome of the Merchant Exchange on Wall Street, where the New York Stock and Exchange Board then held its auctions. There he would signal the opening prices to a man in Jersey City, across the Hudson. That man would signal them in turn to a man at the next steeple or hill, and the prices could reach Philadelphia in about thirty minutes. It was clumsy at best (and, of course, didn't work at all in bad weather).

This system was replaced by telegraph, of course, but from a certain networking perspective, there's not much difference between telegraphy and semaphore flags.

I'm starting to get journal overload. Does anyone know where I can find RSS feeds for: Science, The New England Journal of Medicine, and and PLoS Biology? A feed that had just the abstracts would be really useful here.

A common argument for why water should be publicly supplied is that good water supplies are necesary for health and that the private sector can't be trusted to ensure safety and supply. In the latest issue of the Journal of Political Economics, Galiani, Gertler, and Schargrodsky report on the effect of water privatization in Argentina:

While most countries are committed to increasing access to safe water and thereby reducing child mortality, there is little consensus on how to actually improve water services. One important proposal under discussion is whether to privatize water provision. In the 1990s Argentina embarked on one of the largest privatization campaigns in the world, including the privatization of local water companies covering approximately 30 percent of the country's municipalities. Using the variation in ownership of water provision across time and space generated by the privatization process, we find that child mortality fell 8 percent in the areas that privatized their water services and that the effect was largest (26 percent) in the poorest areas. We check the robustness of these estimates using cause-specific mortality. While privatization is associated with significant reductions in deaths from infectious and parasitic diseases, it is uncorrelated with deaths from causes unrelated to water conditions.

That's a pretty strong argument that privatization isn't a bad thing and may very well be good.

It's long been believed that some single celled organisms are basically immortal. Many bacteria divides into two basically identical "children". In some sense it seems the original cell was immortal, since there's a direct line back to the original cell. It It turns out that bacteria may actually age, as Stewart, Madden, Paul, and Taddei report in PLoS Biology.

It turns out that E. coli has a rod structure. When it divides, each daughter gets one pole and then regenerates the other pole. This means that in any given cell, there is one old pole and one new pole. This creates an asymmetry between the daughters of that cell, because one gets the older pole and one gets the newer. Stewart et al. show that the daughter which gets the old pole grows 2.2% slower than the new pole, suggesting that there is some kind of aging going on.

Quite a clever piece of research with a surprising result. If bacteria age, we may be able to use them as a useful model for how people age.

This NYT article reports that cancer has finally passed heart disease as the leading killer of people under 85. Here's the interesting bit:

By far the main reason for the steep decline in cardiac deaths has been the reduction in cigarette smoking, especially among middle-aged men. Smoking is a leading cause of sudden cardiac death, and quitting smoking nearly eliminates this risk within a smoke-free year or two.

The relationship between smoking and cancer is quite different. Smoking can damage the genetic material in cells in many organs of the body. The damage is cumulative and irreversible, and evidence of it can take decades to emerge as a cancer - of the lung, larynx, mouth, bladder, pancreas, even the breast, among other organs. A person may quit smoking, but a nascent cancer will not disappear.

There's a lot of real low hanging fruit in terms of improving your health that doesn't require high tech methods or new research.

UPDATE: Hal points out that I should have written "under 85" instead of "over 85". Some sort of mental typo there. Corrected.

There's been a lot of traffic on NANOG about CNET's report about spammers sending to port 25 on the ISP mail server (start here). The consensus seems to be that this is old stuff and CNET just noticed:

From: Suresh Ramasubramanian
Date: Thu Feb 03 07:13:18 2005

On Thu, 3 Feb 2005 11:42:55 +0000, Michael.Dillon@radianz.com
 wrote:
http://news.com.com/Zombie+trick+expected+to+send+spam+sky-high/2100-7349_3-5560664.html?tag=cd.top
> that botnets are now routing their mail traffic through the local
> ISP's mail servers rather than trying their own port 25
> connections.

Now?  We (and AOL, and some other large networks) have been seeing
this thing go on since over a year.

> Do you let your customers send an unlimited number of
> emails per day? Per hour? Per minute? If so, then why?

Doing that - especially now when this article has hit the popular
press and there's going to be lots more people doing the same thing -
is going to be equivalent of hanging out a "block my email" sign.

One additional thing that I think wasnt mentioned in the article -
Make sure your MXs (inbound servers) are separate from your outbound
machines, and that the MX servers dont relay email for your dynamic IP
netblock. Some other trojans do stuff like getting the ppp domain name
/ rDNS name of the assigned IP etc and then "nslookup -q=mx
domain.com", then set itself up so that all its payloads get delivered
out of the domain's MX servers

This kind of stuff is just really hard to stop.

CNET reports that spam zombies have started to send mail through ISP mail servers rather than sending it directly. Many ISPs block direct outgoing port 25 connections, so this ought to circumvent that kind of block. I'm no expert on how spammers operate but I'm actually kind of surprised to hear that zombies haven't always done this.

The NYT Bush's proposal for Social Security. Here's the paragraph that baffles me:

Calling Social Security "a symbol of the trust between generations," the president said the system needed to be retooled for the needs of a very different era. He called for the gradual creation of personal retirement accounts, into which younger workers could eventually divert up to 4 percent of their payroll taxes.

"We will make sure the money can only go into a conservative mix of bonds and stock funds," Mr. Bush said. "We will make sure that your earnings are not eaten up by hidden Wall Street fees."

Am I missing something here? Four percent of payroll taxes? I was expecting more like 50%. I haven't been tracking this that closely but can someone explain why this is a big deal?

UPDATE: Chris Walsh and Bob McGrew point out that this is 4 percentage points out of the 6% contribution employees make. That's a big difference. Am I the only one who thinks that the original article could have been written better?

Here's an account of Mustafa Ait Idr's "hearing", from Judge Joyce Hens Green's ruling:

In reading a list of allegations forming the basis for the detention of Mustafa Ait Idr, a petitioner in Bourmediene v. Bush, 04-CV-1166 (RJL), the Recorder of the CSRT asserted, "While living in Bosnia, the Detainee associated with a known Al Qaida operative." In response, the following exchange occurred:

Detainee: Give me his name.

Tribunal President: I do not know.

Detainee: How can I respond to this?

Tribunal President: Did you know of anybody that was a member of Al Qaida?

Detainee: No, no.

Tribunal President: I'm sorry, what was your response?

Detainee: No.

Tribunal President: No?

Detainee: No. This is something the interrogators told me a long while ago. I asked the interrogators to tell me who this person was. Then I could tell you if I might have known this person, but not if this person is a terrorist. Maybe I knew this person as a friend. Maybe it was a person that worked with me. Maybe it was a person that was on my team. But I do not know if this person is Bosnian, Indian or whatever. If you tell me the name, then I can respond and defend myself against this accusation.

Tribunal President: We are asking you the questions and we need you to respond to what is on the unclassified summary.

Respondents' Factual Return to Petition for Writ of Habeas Corpus by Petitioner Mustafa Ait Idir, filed October 27, 2004, Enclosure (3) at 13. Subsequently After the Recorder read the allegation that the detainee was arrested because of his alleged involvement in a plan to attack the U.S. Embassy in Sarajevo, the detainee expressly asked in the following colloquy to see the evidence upon which the government's assertion relied:

Detainee: . . . The only thing I can tell you is I did not plan or even think of [attacking the Embassy]. Did you find any explosives with me? Any weapons? Did you find me in front of the embassy? Did you find me in contact with the Americans? Did I threaten anyone? I am prepared now to tell you, if you have anything or any evidence, even if it is just very little, that I proves I went to the embassy and looked like that [Detainee made a gesture with his head and neck as if he were looking into a building or a window] at the embassy, then I am ready to be punished. I can just tell you that I did not plan anything. Point by point, when we get to the point that I am associated with Al Qaida, but we already did that one.

Recorder: It was [the] statement that preceded the first point.

Detainee: If it is the same point, but I do not want to repeat myself. These accusations, my answer to all of them is I did not do these things. But I do not have anything to prove this. The only thing is the citizenship. I can tell you where I was and I had the papers to prove so. But to tell me I planned to bomb, I can only tell you that I did not plan.

Tribunal President: Mustafa, does that conclude your statement.

Detainee: That is it, but I was hoping you had evidence that you can give me. If I was in your place -- and I apologize in advance for these words -- but I a supervisor came to me and showed me accusations like these, I would take these accusations and I would hit him in the face with them. Sorry about that.

[Everyone in the Tribunal room laughs.]

Tribunal President: We had to laugh, but it is okay.

Detainee: Why? Because these are accusations that I can't even answer. I am not able to answer them. You tell me I am from Al Qaida, but I am not an Al Qaida. I don't have any proof to give you except to ask you to catch Bin Laden and ask him if I am a part of Al Qaida. To tell me that I thought, I'll just tell you that I did not. I don't have proof regarding this. What should be done is you should give me evidence regarding these accusations because I am not able to give you any evidence. I can just tell you no, and that is it.

Outstanding.

This NYT article is fairly depressing. The author claims that teachers in a lot of schools are avoiding teaching evolution for failing to get into trouble. I don't know what the environment in my high school was, but I remember when I took biology that my teacher started the class by explaining that evolution was the central organizing principle of biology--which is exactly right.

The NYT reports that Congress is considering bills to restrict the sale of pseudoephedrine (Sudafed):

Although the bills vary in detail, most would classify pseudoephedrine as a controlled substance and would allow sales of products containing it, like Sudafed, only in pharmacies, not in grocery or convenience stores. Customers would have to purchase the medicine from a pharmacist, show photo identification and sign a logbook.

The rationale, of course, is that pseudoephedrine can be used to synthesize methamphetamine. Of course, it's questionable how much restricting pseudoephedrine is going to put a dent in methamphetamine production:

While 80 percent of the nation's methamphetamine supply is smuggled into the United States from Mexico or churned out in so-called superlabs in the Central Valley of California, the rest is produced in small home laboratories or even in the trunks of cars.

Restricting pseudophedrine in the US isn't going to impact production in Mexico at all, and there are plenty of syntheses that don't require pseudoephedrine. I suspect if you're running a big lab you can afford to start from other precursors rather than bothering to extract them from pseudoephedrine tablets.

I wonder if anyone has done a serious cost/benefit analysis comparing the likely impact on methamphetamine production versus the effect on consumers who will have trouble getting decongestants. In my area, for instance, there are lots of drugstores that are open 24/7 but the pharmacies themselves often close at 6 or 8 PM.