April 2005 Archives
April 20, 2005
A spokeswoman for the online broker said it was told in February that a package holding four data cassettes containing current and former Ameritrade (Research) account holders' information from the years 2000 through 2003 was misplaced by a shipping company Ameritrade uses. It declined to name the company.Three of the four tapes were recovered at the shippers' Maryland facility, said the spokeswoman, Donna Kush. The one tape that remains missing contains information on as many as 200,000 current and former customers, she said. Ameritrade has about 3.7 million customers.
Kush says Ameritrade has reviewed the customer information that would be on the missing back-up tape and has decided that only 175,000 of those customers needed to be notified, in accordance with industry standards. The company began sending letters to those customers last week.
...
She said Ameritrade has every reason to believe that the missing fourth tape has either been destroyed or is still somewhere in the shipper's facility. In addition, she said, the missing back-up tape contained compressed data that would require very advanced computer systems to access.
Yeah, I'm sure that's going to be a real barrier to the kind of people who reverse engineer obfuscated binaries.
This, folks, is why you need encrypted backup. It's not like you need to use some super-secret key that's easy to forget or lose (and it's exactly when you want to do a restore that you're going to discover you've forgotten the encryption key). Just stick it in a sealed envelope in the machine room with a "break seal in emergency". That way, when the backup tapes get lost, the people who find them don't get access to all your confidential data.
April 19, 2005
In the United States, the Virginia-based company MicroSort has been helping parents give nature a nudge since 1996, through a process called cytometry that separates X and Y chromosome-bearing sperm cells. Seventy-nine percent of the company's clients shoot for girls.
Sounds like a good basis for trade.
Under the proposed rule, a passport that contains a damaged, defective, or otherwise nonfunctioning electronic chip or with observable wear and tear that render it unfit for further use as a travel document may be invalidated by the Department of State. While an electronic passport with a nonfunctioning electronic chip may continue to be used if the data page is not damaged, it would nonetheless lack the ability to be read by chip readers at ports of entry and would not reflect the security features inherent in the electronic chip technology. If the damage were caused deliberately, the passport would be invalidated upon discovery. Individuals whose passports contain failed electronic chips may choose to obtain a replacement passport for the balance of the original validity period by applying presenting the passport, and new photos; or they may apply for a new full validity passport by applying presenting the passport, new photos and applicable fees.
In other words, you can't just microwave it. Hasbrouck's post also contains the following gem:
There's no plan to invalidate existing passports, which are good for 10 years from the date of issuance, but Moss says he expects that holders of non-RFID passports will face increasingly second-class treatment (longer lines, slower processing, more intrusive searches) once most USA passports in circulation are chipped.
If you're interested in this issue, Hasbrouck's post provides an excellent introduction.
April 18, 2005
- Pharmacists have the right to refuse to dispense EC without impacting their job status.
- Pharmacists have the right to refuse to dispense EC, but employers can fire them for it.
- Pharmacists have the right to dispense EC, but pharmacies must arrange for the customer to be able to acquire EC--though potentially at another pharmacy.
- Pharmacists have the right to refuse to dispense EC, but pharmacies must ensure that someone is on staff to dispense EC locally.
- Pharmacists have the right to refuse to dispense EC, but they have an affirmative personal obligation to arrange for the customer to be able to acquire EC.
- Pharmacists have the right to refuse to dispense EC, but they have an affirmative personal duty to arrange for the customer to be able to acquire EC.
- Pharmacists have an affirmative personal duty to dispense EC.
Now, clearly if we were discussing radial tires, the societal consensus answer would be (2). Sears would be perfectly within their rights--and almost certainly would--fire any employee who would only sell bias ply.1 But what's the difference here?
It seems to me that there are basically two reasons why people who are in favor of allowing pharmacists not to dispense EC feel that EC is different:
- There are people who have principled--or at least so they believe--objections to EC.
- They themselves object to EC, and this makes it harder to get.
I suspect that for most people in favor of the right of pharmacists not to prescribe EC, the deciding factor is point (2). Ask yourself this: if there was a significant group of people opposed to the sale of radial tires would you support a law that guaranteed the right not to sell them without being fired by Wal-Mart. I suspect that for most people in favor of the right not to prescribe EC the answer here is "no". But the only real difference here is that a larger fraction of the population (in this case legislators) opposes EC, whereas they probably drive on radial tires. But note that this isn't an issue of freedom of the pharmacist's conscience, but one of the pharmacist's right to make the decision the legislators approve of.
On the other hand, if we were discussing radial tires, there wouldn't be anyone endorsing a law guaranteeing the right of consumers to buy them, even if vendors didn't want to carry them--though there are people in favor of such a law for EC. I see two major differences in this respect.
- There's a substantial entry barrier to becoming any kind of pharmacist or running a pharmacy. This barrier is at least partly erected and supported by the state. By contrast, pretty much anyone can sell tires.
- When people need EC they need it quickly, whereas you can typically drive for a while on partly worn out tires. It's not like you can just order your EC from Amazon.com and wait for it to show up.
I find the first and second points the most convincing. If the state is going to help you enforce your monopoly on some services, it seems to me that this creates some obligation to perform that service for all comers. And unlike a doctor's discretion not to prescribe certain medications, refusing to dispense EC isn't really an medical judgement, it's an ethical one.
Of course, there's an easy solution to this conflict: just make EC available over the counter. There's no medical reason why a pharmacist needs to sell EC; Plan B comes in a convenient single-use package. OTC use would would substantially lower the entry barrier and so reduce the impact of any individual pharmacist not wanting to sell it. Concerns (IMHO bogus concerns) have been raised about making EC available to minors, but it would be easy to have clerks check for ID, as they do for alcohol and cigarettes. Of course, if what you really want isn't to give pharmacists freedom of conscience but rather to make EC harder to get, then this option doesn't really accomplish that. On the other hand, if that's your goal, then hiding behind freedom of conscience is kind of disingenuous.
1 Sure, the radial tire thing is kind of silly but consider a Mormon who doesn't want to sell caffeinated beverages--not that they do so as far as I know.
April 17, 2005
April 16, 2005
DVD encryption accomplishes two major goals:
- It stops people from making third party players.
- It makes it hard to get access to the plaintext.
Why deny access to the plaintext when copying the ciphertext is so easy? Well, DVDs are fairly large, so they consume a lot of disk space and take a long time to transmit over the Internet. So, if you want to share files it pays to be able to compress them--even much smaller music files are generally compressed for transmission and storage after people copy them from CD. But encrypted data is essentially incompressible so getting access to the plaintext is the first step in doing the transcoding.
Because of the size issue, effective DVD encryption would make sharing movies over the Internet very difficult. But of course, this is a temporary situation. Given the rapid increase in disk space and network bandwidth it's only a matter of time before you can copy encrypted DVDs around.
And of course, AACS only works if you can identify which key was compromised. If people just rip their DVDs and post the compressed plaintext, there's no way of knowing1 which player was compromised and so you can't revoke it. Obviously, it's a lot of work for your average end user to compromise his own player (though you could imagine some hacker releasing a patch that would let you break any copy of some player) but it's not that much work for a pirate.
At the end of the day what you're left with is a technology that doesn't really stop piracy but that does stop people making unauthorized players.
1. Yes, I know about watermarking, but it's very inconvenient to use watermarking because that requires having each disk be different and tracking who buys which disks. I don't get the impression that AACS involves watermarking.
April 15, 2005
The naive way to solve this problem is to give each DVD player its own encryption key. Call the key owned by player i K_i. When you want to print a DVD you generate a random key k and encrypt it under each K_i. So, the DVD will have a key encryption block consisting of E(K_1,k), E(K_2,k), E(K_3,k), ... E(K_n,k), where n is the last DVD player that will ever be manufactured. Then, when player j is compromised you just don't encrypt under key K_j for all future DVDs. Now, you can't always tell when a player has been compromised, but the threat model here is that someone takes the key and embeds it in a piece of software, so all you have to do is get a copy of the software player and extract the key.
There is an obvious problem with this scheme: the key encryption block is enormous. If you expect a billion DVD players to be made, then each DVD player will need to have a billion encrypted keys. If each key is 16 bytes, that's 16 GB, which is twice as large as a DVD--and we don't even have any data on it yet.
Luckily, it turns out that there are schemes (collectively called "broadcast encryption" schemes) for arranging the keys in such a way that the encryption block is much smaller. The simplest one is to lay out all the keys in a tree, like so:
Each player gets one of the leaf node keys and all the keys on the path to the root. So, player 0 would get keys K, K_0, and K_00.
Initially, all DVDs are encrypted under key K which all players have. (Well, technically the DVD key is encrypted under K.) Now, say that key K_00 is compromised. From then on DVDs are encrypted under keys K_01 and K_1. This allows every player but player 0 (holding K_00) to decrypt the DVD). Every time a player is compromised, you change the set of keys you encrypt under to exclude that key. This isn't the best (most efficient) scheme, but it should give you the basic idea. The particular scheme that AACS uses is called "subset difference", which is rather more complicated to explain. (see here for an explanation.)
April 14, 2005
My father believes that one should leave typos in one's galleys uncorrected. It is a law of nature that when one opens the printed version the first thing one will see will be a mistake. If you leave the typos alone, the first thing one will see will be a typo. If you correct the typos, the first thing one will see will be a truly horrible and inexcusable substantive error...
Absolutely right. On the other hand, in final review of SSL and TLS, we discovered that I'd claimed that 1 made a good RSA public exponent (it should have been 17). That's one typo I'm glad I fixed.
On the gripping hand, just seven lines later the text says that to do RSA private decryption you compute Ce mod N, which manages to be both a typo and a horrible, inexcusable substantive error.
In the Q&A session, I asked Mr. Moss directly why the decision was made to use a remotely readable chip rather than one that can only be read by physical contact. Technically, this decision is nearly indefensible, unless one wants to be able to read passports without notifying their owners -- which, officially at least, is not a goal of the U.S. government's program. Mr. Moss gave a pretty weak answer, which amounted to an assertion that it would have been too difficult to agree on a standard for contact-based reading of passports. This wasn't very convincing, since the smart-card standard could be applied to passports nearly as-is -- the only change necessary would be to specify exactly where on the passport the smart-card contacts would be. The standardization and security problems associated with contactless cards seem to be much more serious.After the panel, I discussed this issue with Kenn Cukier of The Economist, who has followed the development of this technology for a while and has a good perspective on how we reached the current state. It seems that the decision to use contactless technology was made without fully understanding its consequences, relying on technical assurances from people who had products to sell. Now that the problems with that decision have become obvious, it's late in the process and would be expensive and embarrassing to back out. In short, this looks like another flawed technology procurement program
I don't think it's entirely crazy to want to have something that's contactless. As one of the commenters (Cypherpunk) points out, there are good reasons for not wanting to have electrical contacts. Any physical electrical interface is inherently more brittle than a contactless interface. But RFID isn't the only kind of contactless interface. Optical interfaces are contactless too--though you can't easily do processing on cards with that kind of interface.
If you want to do processing on the card, probably the optimal choice is to use an RFID card but with access controlled by a per-card key which is printed on the inside of the passport. Then you can optically scan the key and access the RFID card. This keeps contactlessness, but limits access to people with physical access to the passport. This basic idea was proposed during the initial design of RFID passports and for some reason opposed by the US. It's unclear whether this opposition was for simplicity concerns or to deliberately preserve the possibility of remote reading.
April 13, 2005
The Internet Control Message Protocol (RFC 792) is used to send various kinds of control messages to IP-connected hosts. For instance, the ICMP Host Unreachable message, which tells the receiver that the sending router can't forward the packet to the destination. Another example is ICMP Datagram Too Big message which tells the sender that the packet is too big to forward and can't be fragmented (because the Don't Fragment bit is set). This message is used in Path Discovery (RFC1191).
When a TCP implementation receives an ICMP Host Unreachable that tells it it can't talk to the receiver and it needs to terminate the connection. In order to help the sender identify the correct connection and prevent attackers from forging Host Unreachable messages ICMP messages contain the first 64 bits of the offending datagram. Thus, in order to generate a valid message the attacker needs to be able to see the packets of the connection it wants to attack.
In theory this should stop attackers from resetting connections that they can't see. In practice, it turns out that a lot of TCP implementations (in particular Cisco, Juniper, and IBM) don't check the host and port in the ICMP messages but don't check the TCP sequence number. Often the host and port portions are predictable and so if you know about a connection you may be able to reset it. There are also a variety of other attacks involving other ICMP messages. The correct fix is described in draft-gont-tcpm-icmp-attacks-03.txt.
This isn't something to panic about. As with last year's TCP attacks, the scope of this attack is fairly limited. There aren't many TCP-based protocols that simultaneously are high value and rely on long-lived TCP connections. Web transactions, for instance, are basically unaffected. The main example is BGP. Unfortunately, the TCP MD5 fix from last year's attack doesn't seem to prevent this attack--however one of the workarounds--port randomization--does. So, in principle, it's possible to DoS substantial fractions of the Internet routing system. In practice, Cisco has already rolled out fixes and I imagine Juniper and IBM will if they haven't already.
"This hearing was premature," said panel member Amy Newburger, a suburban New York dermatologist, after the vote. "I don't see how we can get or give adequate informed consent for our patients based on the data we've seen."Inamed Corp. sought the new advisory meeting a year after the agency rejected its earlier application and presented one additional year of safety data. While the panel members complimented the company on its research, they concluded there wasn't enough new information on key issues, including why some implants leak, the effect of released silicone, and the long-term risks of intact implants.
Here's the thing, though: these exact same breast implants are already available. It's just that you can only get them for reconstructive surgery after you've had a mastectomy. So, the question at hand is whether they'll be allowed for breast enlargement. There's no medical need for you to have normal-sized breasts after a mastectomy, it's basically a cosmetic issue--in the sense of being about how your breasts look and feel. Effectively, the FDA is now in the business of saying "These people have an appearance that's sufficently problematic that they're allowed to have implants but these other people do not."
It seems to me that there's something fairly problematic about the FDA making this kind of decision. It's certainly not the same as the usual kinds of decisions that FDA makes, namely is something safe (i.e., does it have a risk level below a given amount) and is it effective (i.e., does it work). These are in some sense empirical issues, though of course it requires some real judgement to interpret the studies, especially because the acceptable level of risk depends on the seriousness of a condition (HIV treatments can obviously be a lot more dangerous than treatments for minor acne.)
In this case, however, it's basically a matter of saying that "reconstruction" is OK but "enhancement" isn't. Given that neither is medically necessary, why is this a decision that the FDA should be making in the first place?
April 12, 2005
UPDATE: Unfortunately, due to circumstances beyond my control, I seem to have lost the previous paper. However, I have some new results which you can read about in Operating Systems Considered Harmful.
April 11, 2005
Josh: What do I say to people who ask why we subsidize farmers
when we don't subsidize plumbers?
Farmer's daughter 1: Tell 'em they can pay
seven dollars for a potato.
Yes, I know it's a TV show, but do people actually think like this? I always assumed that the reason we couldn't get rid of farm subsidies was rent seeking by the farmers, but if people actually believe this, that could be part of the problem.
1. Don't blame me. That's how she's identified.
April 10, 2005
If you're into MMA, TUF is definitely worth watching. Of course, there's the usual reality TV schlock: dividing people up into two teams, ridiculous physical challenges, team infighting, and team membership juggling by the organizers, etc., but after the first few shows, all eliminations were decided by fights, with the loser going home. (In a nice touch, the competitors were required to bring their gear to the matches and the losers had to leave right away.) The fights aren't all good, but a lot of them are, and in some cases they're more interesting than the pro UFC fights, since the action can be a little slower and easier to follow.
The final matches were shown live last night on Spike. The card was:
Middleweight | Diego Sanchez v. Kenny Florian |
Light heavyweight | Forrest Griffin v. Stephen Bonnar |
- | Ken Shamrock v. Rich Franklin |
It will be showing again tonight at 10 PM and Monday at 11 PM. I strongly advise you watch it. The Griffin/Bonnar fight in particular is one of the best I've seen this year.
(Spoilers below the fold)
If Blahous understood the argument he's making--and seriously wanted to communicate it--he would say something like this: "Think of it this way: Bush and Delay and Hastert and Frist are out of their minds, and are on a giant financial bender. They think they can drink up every bottle in the liquor cabinet, but if they do we'll have nothing left for the party we're giving tomorrow. Private accounts is a way of moving some of the good liquor to another cabinet and putting a lock on it so Bush and Delay and Hastert and Frist can't spill and waste it tonight. That's what we are really doing."And, Blahous says, Bush really wants the bottles moved to the other cabinet--one with a lock on it--so he can't get at them. After all, Blahous says, "The President believes that surplus Social Security money should not be spent, which is one reason why he has proposed creating a system of personal accounts. These personal accounts would save Social Security money, protecting it in the accounts of individual workers, where the government could not take it away." You see, Bush really wants the government to run a budget surplus equal to the Social Security surplus, and we have to enact private accounts to force him to do what he really wants.
Yes. It's a clown show.
(Note that this is basically the same rationale behind "starve the beast").
Anyway, if the issue is being able to commit the US to not spending the Social Security surplus, it seems to me that there are simpler mechanisms. As I understand the situation, the argument being made here is that because the Social Security debt is in treasury notes, all the US government has to do is say that it's not going to honor treasury notes held by the SSA. I.e., they're just IOUs to yourself. The theory here is that this doesn't compromise the government's ability to borrow money, since it's not going to repudiate the generic debt, just the SSA debt.
Now, I'm pretty skeptical that that's not going to totally destroy America's credit, but it seems to me that there's a pretty easy way to credibly commit to not doing so: stop holding the SSA debt in treasuries. I'm not saying that the SSA has to buy HP stock or something. Just sell off the treasuries it currently holds and buy bonds from stable governments.
The point here is to destroy the distinction between the debt owed to the SSA, so the government has to repudiate the entire debt. Of course, the government can still just sieze the entire trust fund, but of course the government could just increase the private account clawback too... It's just such fine distinctions that turn out to make a big difference to how things look on TV.
And yes, before you ask, I realize quite well that this isn't the Bush administration's real reason for wanting to have private accounts, but that doesn't mean it's not a good idea to protect ourselves in the future.
April 9, 2005
CETS is just one of several initiatives at Microsoft aimed at stemming child pornography and promoting online safety for children. Child-protection experts at Microsoft are working with the Windows development team on potential ways of building protective mechanisms directly into the platform. "There is a group within the Windows team that is looking at these issues and making proposals," Cranton says.See also here:
t's unclear just how far along Microsoft has gotten with the idea, but Hemanshu Nigam, a Microsoft lawyer whose background includes investigating child pornography at the Department of Justice, has begun working directly with the Windows development group to explore what's possible. "They're looking at, 'What can we do to not have our products used for child exploitation?'" says LaMagna.Just how would Windows distinguish between an innocent image of a 7-year-old taken by a loving parent and something that crosses the boundary into child pornography? One clue may be that child-porn consumers seldom store a single image. "They're collectors," LaMagna says. "There are patterns that can be looked at."
Yeah, that's just what I want Windows to do, grovel through my files looking to see if I'm a child pornographer. Do I even have to go into all the ways that this could go wrong?
April 8, 2005
Alastair Reynolds | Revelation Space, Chasm City, Redemption Gap, Absolution Gap
These four are a series and should be read in that order.
Diamond Dogs, Turquoise Days is in the same universe, but is really two novellas and to my mind is significantly weaker.
You're not going to like the answer to the Fermi paradox. |
Chris Moriarty | Spin State.
We've got teleportation, but it kind of sucks. First, it's not perfect so you tend to lose more and more of your memory the more you teleport. To make matters worse, it depends on entangled Bose-Einstein condensates which can only be mined on one planet by people working under near-slave conditions. |
Dan Simmons | Hyperion,
The Fall of Hyperion,Endymion,The Rise of Endymion.
Technology has finally given us a golden age. Unfortunately, it's all run by a group of AIs called the TechnoCore, and they're not really on our side. Hyperion is excellent. Quality sort of decays from there on in, with Endymion being distinctly iffy.
Ilium is interesting, though runs a little long. Simmons is incredibly prolific. A lot of his work is in horror, which I'm not a big fan of, but he's also done three extremely hard-edged detective novels in the spirit of Richard Stark's Parker novels: Hardcase, Hard Freeze, and Hard as nails. I've read the first two and they're solid. The reviews on Hard as nails are bad, though. Darwin's Dlade is another mystery but is pretty generic. |
Greg Egan |
Quarantine,
Distress,
Axiomatic (short stories),
Diaspora.
These books aren't really connected, but they're all based on pretty amazing speculations. Diaspora's probably the most impressive: the nature of humanity has been totally changed and most people live as uploads in computers. What exactly would life be like in this environment? These are all older. I haven't read any of his newer stuff and so can't offer much of an opinion. |
Iain M. Banks | Consider Phlebas,
The Player of Games,
Use of Weapons,
Look to Windward.
These are all set in the same "Culture" universe where life is utopian because technology has advanced to the point where everything is basically free. The major civilization in this universe is a mostly human civilization called The Culture which is really run by super-advanced AIs called Minds. These novels focus on the Culture's Contact section which seems to spend most of its time trying to reform more primitive civilizations. Also see: Against a Dark Background and The Bridge, which is only sort of SF. |
Richard Morgan | Altered Carbon, Broken Angels.
We've got easy mind uploading. Everyone is fitted with a "cortical stack", which stores your memories, personality, etc. Bodies are disposable because you can simply upload your personality into another body or into a computer. This tends to affect your perspective a bit. These books should be read in this order. |
Now, Urnov et al. report that they have found a way to create targeted modifications. I can't get at the whole article, but based on the New Scientist writeup, what it looks like is that they've built "zinc finger nucleases" (ZFNs), which are amino acid/zinc complexes that will bind to specific base sequences, ligate them, and splice in the correct sequence. They get 18% replacement, which is apparently pretty good.
The experiment being described was performed in vitro. The researchers extracted blood and treated it externally. It's not clear to me if this will work in in vivo. Conventional gene therapy often uses a virus. I'm not sure I see how to use this technique outside of the test tube.
April 7, 2005
April 6, 2005
Liberals have not had a comparable public philosophy debate. A year ago I called the head of a prominent liberal think tank to ask him who his favorite philosopher was. If I'd asked about health care, he could have given me four hours of brilliant conversation, but on this subject he stumbled and said he'd call me back. He never did.
What a strange question. I certainly can't name my favorite philosopher. And it's not just because I'm not an expert in the field. I can't name my favorite cryptographer either.
April 5, 2005
There is an oversight in the Evaluators report regarding the risk associated with the proximity of the applicantsComplet primary and secondary data centers. The report gives negative marks to Sentan due to the relative proximity of its primary and secondary data centers at 400 miles apart. Sentan subsequently received a a "GREEN" on this factor (as did DENIC at 275 miles -- for apparently similar reasons). However, according to section 5.b.i and 5.b.xv of its proposal, VeriSign's two data centers are located in Dulles, VA, and Ashburn, VA, approximately 10 miles apart. Despite this discrepancy, VeriSign received a perfect "BLUE" score in this section and Sentan received a "GREEN." All other comments associated with VeriSign and Sentan in this section are equal, so it seems clear that Sentan was penalized for data centers that are 400 miles apart and VeriSign was rewarded for data centers just 10 miles apart. Given the considerable focus and concern placed on this item by the evaluators during their on site evaluation, in their questions to us, and in the final report, we believe a fair scoring on this factor would place Sentan in a higher color category than the incumbent.and from Denic's statement:
It is also a fact that the report contains serious factual errors. One of the key shortcomings held against DENIC in the report is that it allegedly uses home-made database software, whereas it actually uses a commercial product from one of the world's foremost suppliers a point made expressly in the application documentation. Sabine Dolderer went on to add that "it is not now our intention to descend to the level of petty nit-picking, but there is no escaping the impression that the evaluation report was drawn up under great pressure of time, and it was its quality that suffered. It is precisely because there was little to choose between all the applicants as Telcordia concedes itself and because they would also all have the ability to administer .net that such sloppy mistakes are so problematical, since they give a false picture the applicants' true capabilities."
I have no idea whether these claims are correct or not, but I also don't think the answer is that important. Telcordia's report concluded that both Sentan and VeriSign are good choices. The only reason that it's necessary to make this fine a distinction is that ICANN has decided on a beauty contest methodology and has to pick a winner on merit. That's fine when the differences are large, but when they're small like this, we get treated to the festival of rent-seeking and influence behavior we're observing now.
April 4, 2005
The New York Times > Arts > Music > Music | Bootleg Review: The Lost Apple: In 2002 and 2003, Fiona Apple recorded what would have been her third album, 'Extraordinary Machine.' Its producer, Jon Brion, has said that Ms. Apple's label, Sony Music's Epic Records, shelved the album because it didn't hear potential hit singles. An Epic spokeswoman said, 'Fiona has not yet delivered her next album.' Lately, what purports to be the full album, 11 songs, has been leaked onto the Internet, where - despite the efforts of Sony's legal department - a simple search will find multiple sources of downloads. The album is an oddball gem.
Its producer, Mr. Brion, is fond of instruments that huff and plink and wheeze, as he showed in his soundtrack for 'I {sheart} Huckabees.' Epic may have been discomfited that Ms. Apple's collaboration with him doesn't sound anything like what's on the radio now. As a songwriter, she's the same Fiona Apple who sold millions of copies of her first two albums; she's still sultry and sullen, obsessing in detail over why her romances went wrong and teetering between regret and revenge. Her vocals smolder like torch songs, then boil over with rage and accusations. But this time, the music doesn't always mope with her.
...
Had it been released, 'Extraordinary Machine' would have been a fine counterbalance to a pop moment full of monolithic, self-righteous sincerity. As it stands, mysteriously leaked and proliferating, the album is an object lesson in how an Internet that's not controlled by copyright holders can set artistic expression free.
This particular framing—where the big bad label won't release the album even though the artist wants them to, but the Internet sets it free—slots right into the dominant "Information wants to be free" narrative (cf. Wilco's "Yankee Hotel Foxtrot"). But there's something interesting to note: what makes you think that Apple actually wanted this album released? The Times implies that Brion did, but we don't get any kind of quote from Apple, which is a little surprising. Maybe she thought it sucked and was happy to have it round-filed. I've certainly written stuff like that.
Although it seems to me that the Weak Copyright side isn't having that much success on the legislative front, it seems to me that in this particular respect, they've managed (with some cooperation from the content industry) to frame the issue to their advantage. Copyright enforcement doesn't just serve to let content providers charge for their content, it also helps control access to content they actually don't want seen at all. The same networks that are good for distributing bootleg copies of The Black Album is just as good for transporting Microsoft's stolen source code.
April 3, 2005
Sec. 601.507. SPECIAL INSPECTION CERTIFICATES. (a) Commencing not later than January 1, 2006, the department shall issue or contract for the issuance of special inspection certificates to be affixed to motor vehicles that are inspected and found to be in proper and safe condition under Chapter 548. (b) An inspection certificate under this section must contain a tamper-resistant transponder, and at a minimum, be capable of storing: (1) the transponder's unique identification number; and (2) the make, model, and vehicle identification number of the vehicle to which the certificate is affixed. (c) In addition, the transponder must be compatible with: (1) the automated vehicle registration and certificate of title system established by the Texas Department of Transportation; and (2) interoperability standards established by the Texas Department of Transportation and other entities for use of the system of toll roads and toll facilities in this state. Sec. 601.508. CIVIL PENALTY. (a) If an electronic reading device detects and identifies a motor vehicle to which a special inspection certificate is affixed that is not covered by a motor vehicle liability insurance policy that provides the minimum coverages required by this chapter, on verification of the information and issuance of a written notice of noncompliance, the registered owner of the vehicle is liable to the state for the payment of a civil penalty in the amount of $250. (b) In connection with the same vehicle, until the 60th day after the date of issuance of a written notice under Subsection (a), the registered owner is not liable for the payment of another civil penalty under this subchapter if that vehicle is subsequently detected and identified by an electronic reading device and determined not to be covered by an appropriate motor vehicle liability insurance policy.
Outstanding. If California picks this up, I'll need to wrap my car in tinfoil.
The good news is that you can get a GPS that lets you upload maps. However, in the spirit of proprietary devices everywhere, you need to use Garmin software to load maps onto Garmin GPSes (other software can upload routes and waypoints, but not maps). The shareware GPSMapper program will let you create your own maps and upload them but it doesn't seem to know how to read the commercial maps that I already have in electronic form, so it's not really that helpful unless I want to trace my maps myself. So, even though I have TopoUSA, which has map coverage of the Western US, I need to pay Garmin $100—and that only covers the National Parks in the West of the US. If I want to hike East of the Mississippi, I need another CDROM. And if I want trail maps at high resolution outside the national parks, I'm SOL.
The next time you hear someone talking about Open Standards, what they're really saying is that you shouldn't have to put up with this kind of thing.
April 2, 2005
April 1, 2005
Now, in theory you only get conflicts if you've changed the same section of the file in both branches, but in practice I always get burned. It's standard practice to include a version id in your code. For instance:
static char *RCSSTRING __UNUSED__ ="$Id: tcpconn.c,v 1.22.2.2 2005/02/03 21:25:57 ekr Exp $";
When you do checkins and checkouts, CVS automatically modifies this
string to reflect the current version, date, etc. This lets you
instantly look at any code fragment and determine which
versions it corresponds to, which can be very helpful in debugging
customer problems.
Here's when
things start to go wrong. Say you've been working on file foo.c
in both branches. So, in H-O-T you've got version number 1.23. In the branch
you have version number 1.22.2.2. This means you have different
version IDs, and since the same line of code has changed, CVS
decides you've got a conflict. It marks it up in the source code like
this:
<<<<<<< tcpconn.c
static char *RCSSTRING __UNUSED__ ="$Id: tcpconn.c,v 1.23 2004/07/16 00:08:58 ekr Exp $";
=======
static char *RCSSTRING __UNUSED__ ="$Id: tcpconn.c,v 1.22.2.2 2005/02/03 21:25:5 7 ekr Exp $";
>>>>>>> 1.22.2.2
Now, here's the baffling part: CVS controls these lines. It wrote them in the first place, so you'd think it could figure out that they're not real conflicts and just fix them up. But nooooo.... You have to go in and remove the conflicts manually. Yeah, yeah, I know that I could fix this myself, but wouldn't it be nice if I didn't have to?