June 2008 Archives

ICANN has announced plans to expand the pool of TLDs:

"The potential here is huge. It represents a whole new way for people to express themselves on the Net," said Dr Twomey. "It's a massive increase in the 'real estate' of the Internet."

Presently, users have a limited range of 21 top level domains to choose from -- names that we are all familiar with like .com, .org, .info.

This proposal allows applicants for new names to self-select their domain name so that choices are most appropriate for their customers or potentially the most marketable. It is expected that applicants will apply for targeted community strings such as (the existing) .travel for the travel industry and .cat for the Catalan community (as well as generic strings like .brandname or .yournamehere). There are already interested consortiums wanting to establish city-based top level domain, like .nyc (for New York City), .berlin and .paris.

I'm having some trouble seeing the value of this proposal. As I've mentioned earlier, there has been remarkably little uptake of the non big 7 gTLDs, with .com being the elephant in the room. What reason is there to believe that .brandname is going to have any more uptake? So, it doesn't make much sense to say that this increases the "real estate" of the Internet.

Even if that weren't true, the structure of the DNS more or less negates the idea that creating more TLDs somehow creates more "real estate". One could easily create exactly the same amount of real estate by inventing a single new TLD, e.g., .tld which implements whatever policies you intended to promulgate for new TLDs. This would have essentially the same effect except that the names are a bit longer. Moreover, we effectively have all that real estate, since any existing DNS zone could instantiate exactly these policies: nothing in the DNS structure stops me from setting up tld.educatedguesswork.org.

That's not to say that this is necessarily a bad idea, but the arguments I've heard so far aren't very convincing.

As I mentioned earlier, Netflix Instant Viewing (and hence the Roku) is pretty heavy on the cheezy 80s TV shows. Mrs. EG and I have been catching up on Forever Knight, the existential tale of a vampire living in Toronto, trying to become human, and making up for his sins by posing as a Canadian cop named Nick Knight (though not that polite, so you can tell he's not really Canadian). Anyway, in the Forever Knightiverse, it seems you can get along OK by drinking cow's blood, so we're back to the situation I alluded to in an earlier post, vampirism as an immortality treatment with some annoying side effects. Given that, it occurs that Mr. Knight would do a lot more good for people by starting a cow blood production operation and saving the lives of the terminally ill by turning them into vampires. Just saying.

I was listening to NPR this morning and caught an interview that made me think about the hierarchy of importance of appearances in public radio. Obviously, being on the radio is good, but some appearances are better than others. In ascending order of importance in the public radio universe, the list goes something like this.

• Appearing on This American Life
• Appearing on a "specialty" show like Latino USA or News and Notes.
• Being mentioned in a news segment.
• Being interviewed briefly in a news segment.
• Appearing on a local show, like Forum
• Appearing on a national show, like All Things Considered
• Appearing on Fresh Air.
• Appearing repeatedly.
• Appearing repeatedly on Fresh Air.
• Getting mentioned when you die.
• Having Fresh Air rerun your interview when you die.
• Getting mentioned on the anniversary of your death.
• Having Fresh Air rerun your interview on the anniversary of your death.
• Having your relatives interviewed on the anniversary of your death.
• Having your relatives interviewed on their birthday.

I'm not kidding about the last one, by the way. I heard an interview today with Ernest Hemingway's son, on his 80th birthday—the son's not Ernest's.

Mrs. EG and I just ordered one of the new Roku Netflix players. If you haven't seen one of these before, it's a hardback book sized appliance that ties into your Netflix account via your home Internet connection (ethernet or WiFi). I ordered it on Sunday after seeing one at Terence Spies's house.

The fulfillment and out of box experience is pretty good. I ordered it on Sunday and had it on Wednesday morning. I pulled it out of the box and had it wired up to my TV and Internet in 10 minutes. The box booted up, asked me whether I wanted wireless or wired, downloaded a firmware update, and then gave me an access code. You log on to Netflix's web site, enter your code, and a few minutes later, the box announces it's ready, offers you access to your Netflix instant queue, and you're watching video on demand. I spent more time figuring out where to plug in the wall wart, routing the cables through my audio stand, and getting an ethernet jack live in the room than I did getting the box running.

Video quality is pretty good, even through S-Video (my DVD player is using my only component jacks), and it's really nice to be able to just decide you want to watch something and be watching it a minute later. The selection is kind of limited, and slanted towards older movies and cheesy 80s TV shows (plenty of Magnum and Quincy), but if you just want to relax and watch something, there's plenty available, and the fact that browsing is so low impact means you can take a chance on stuff that you ordinarily wouldn't be willing to accept Netflix's latency to try. Jesus Christ: Vampire Hunter, anyone? An additional benefit, at least for now, is that there's no additional charge over your basic Netflix account—actually, I dialed down my subscription because I wasn't really keeping up anyway. I wonder how long that will last.

That's the good news. The bad news is that it's clearly a first generation product. For starters it's slow. From the time you select what you want to watch it takes about 20 seconds of waiting before the video shows up. I know that sounds nitpicky, but since that happens pretty much every time you want to change what you're watching, even fast forward or rewind by a minute, it starts to get annoying after a while. At some level you're limited by the speed of the network, but you could also do a lot better with more buffer and lookahead. For instance, the box could download the first 5 minutes of everything in your queue, so it would always be 5 minutes ahead. This would allow instant play and limited fast forward. And if you kept the entire movie as it was being watched, you could do complete rewind. This delay is doubly irritating because once it's started streaming stuff into the buffer you can't interrupt it until it's started playing.

Obviously, this would require a lot more storage than the box has (256 MB from what I understand), but that could be easily fixed by adding an external drive. Easily, I say, except that the Roku doesn't have an external USB or Firewire jack, so it won't accept an external drive. This is too bad, really, because if they had just added a jack, external storage would just be a software update. You could still use a network-based NAS, I suppose, but that's not really as cheap or convenient¹.

The other (sort of strange) problem I've found is this weird interaction with my TV. I have one of the early Sony WEGA TVs with the anamorphic squeeze feature. For some reason, the TV decides that the Roku is sending out anamorphic images and squeezes everything down, making everyone look just a tiny but fat. If you tell the Roku to emit in 16x9 rather than 4x3, the aspect ratio comes out OK, and stuff in widescreen looks fine, but stuff in 4:3 comes out centered on the screen with about 3" of black border on each side. Not terrible, but sort of annoying. Not sure if this is a problem with the Roku or a problem with the TV—though my DVD player works fine. I don't see any additional settings in the Roku, but maybe there's some way to reconfigure my TV: a little web searching shows some potential angles to try, though I can't say I'm super-excited about putting my TV into service mode.

So, I'm at Safeway yesterday and they ask me whether I want to donate $1 for prostate cancer. Here's the promotion of which I speak. Now, I'n not unsympathetic to the cause of prostate research—I own a prostate and it might someday decide to go berserk—but one suspects that this isn't the most efficient way to run a health research program. Indeed, it looks rather like a case of rent seeking, with the monopoly rent in this case being space at the Safeway cash register. And as with all rent seeking, we have to worry about two kinds of inefficiencies: inefficient allocation of resources, and money spent lobbying to acquire the monopoly rents. Again, I'm not saying there's anything wrong with funding prostate cancer research (though I think it was breast cancer or MS a few months ago), but it's also pretty unclear what the connection is between being able to convince Safeway to sponsor you and being a good place to put research dollars. This, after all, is what we pay NIH to do.

That said, while I did see people in front of me in line handing over their money, I wonder whether the value here as far as the prostate cancer foundation is concerned is the money they collect at Safeway as much as commitment and consistency: once you've handed over your dollar (as I recall that's what they're asking for), you're probably a lot more likely to be willing to favor prostate cancer research later, whether you're asked to hand over significant amounts of money or just to vote for it. While we're on the topic: I wonder whether this sort of promotion has any impact on how likely grant reviewers are to favorably rate proposals for research the disease du jour.

I happened to look at a transcript of the original manuscript of the Bill of Rights today and noticed something I somehow didn't learn or forgot in American History: there were originally 12 amendments, with the familiar 10 being numbered 3-12.[This used to read 2-12. Thanks to Danny McPherson for the correction.]. The first two are (courtesy of Wikipedia):

Article I - After the first enumeration required by the first article of the Constitution, there shall be one representative for every thirty thousand, until the number shall amount to one hundred, after which the proportion shall be so regulated by Congress, that there shall be not less than one hundred representatives, nor less than one representative for every forty thousand persons, until the number of representatives shall amount to two hundred; after which the proportion shall be so regulated by Congress, that there shall be not less than two hundred representatives, nor more than one representative for every fifty thousand persons.

Article II - No law varying the compensation for the services of the Senators and Representatives, shall take effect, until an election of Representatives shall have intervened.

The first of these was never ratified, and the second was only ratified in 1992.

While we're on the topic, it's worth checking out this old Doonesbury cartoon:

These days I think this might read "All power should rest with the unitary executive."

When I was at the NIST IBE workshop, I happened to notice the NIST standard reference material (SRM) catalog. Leafing through it, I noticed you could order a bunch of cool stuff, like, for instance, Plutonium-239. So, interesting question: could you order enough fissile material to make a bomb? Unsurprisingly, the answer appears to be "no." NIST's Pu-239 SRM is 220 Bq and costs you about $1000 ($937). Plutonium's activity is about 4.4x10^{-10} g/Bq, so the SRM consists of about 10^{-7} g. Critical mass of plutonium is about 10 kg (10^4 grams), so you would need need 10^{11} samples, for a price of $10^{14} (100 trillion). Seems a bit spendy. I should probably mention that the samples are 5 ml each, so this would be 5x10^8 liters of fluid, which might be a bit much to manage. Also, I suspect that NIST would notice when you called to place your order.

When we wrote RELOAD-04, we specified it using a protocol description language based on that used to specify TLS (RFC4346). This was done with the intention that when it came time to do an implementation we would be able to write a compiler that would take the spec as input and automatically emit encoders and decoders. I chose the TLS language because I knew it well and because I already had a YACC grammar on hand from when I'd tried the same thing for TLS (though that didn't work out that well.)

Based on that experience, this time I wrote the PDU descriptions with compilation in mind so I was fairly confident I could make that approach work. Moroever, I used the first pass of the compiler as the basis for s2b, so when I cleaned up the PDUs for RELOAD-04, I had a pretty good idea of what would compile and what wouldn't and it made sense to do a compiler (s2c) for the RELOAD coding party. Even with that background, I quickly discovered mistakes, some in my choice of language constructs to use, and some in my compiler design.

More after the break.

Spent the last three days at a coding party for a P2PSIP/RELOAD implementation. (Long hours coding → no blogging) hosted at Google. I'll have more on the project itself later, but for now, check out my badges for the first and last day:

The first badge is on the top. As others were checking in, we noticed that the last letter of our host's name (Butcher, not Butche), was being cut off. I assumed the problem was that they hadn't left enough space for the field, so I dropped the middle letter to see if it would work.¹ As you can see, it didn't. Same error, even though the field is shorter. David Butcher suggested adding a space afterwards, and though I don't have a picture, that works. This suggests that the problem is that the name field is being right aligned to a position that is outside the bounding box of the badge printing area. Hard to tell if this is in the rendering software or the printer itself.

As an experiment, yesterday I added a whole lot of spaces after my name. As you can see, it shifted it way to the left, confirming the justification/bounding box theory, but notice that I was able to shift it so far to the left that it overwrote the date field. I suspect with enough spaces I could push it all the way off the page. It would be an interesting experiment to see if you could do the same thing with the other fields. They appear to be centered, but does the centering take into account spaces? Anyone try it yet?

^1. In retrospect, I should have realized this was wrong, since I've seen single-letter truncation on Google badges before with names that were longer than David's. If this theory were right, those names would be truncated further. Interesting that this bug has been there so long, though.

Ditzen, Pellegrino, and Vauxhall had an interesting paper in science a few months ago about the insect repellent DEET and its mechanism of action. Their results seem to indicate that a significant fraction of the effect of DDT isn't so much insect repellence as blocking the attractant effect of 1-octen-3-ol, which is present in human breath. The figure below summarizes the observed behavioral results on drosophila:

At high concentrations of DEET and/or when flies can come in direct contact with the DEET, flies are repelled. I.e., they prefer an empty chamber without DEET to one with DEET. If you reduce the concentration of DEET to 10% and cover it with a perforated polypropylene barrier, the repellent effect is eliminated, and the flies end up equally in both vials. However, if you take the same pair of vials (one without DEET and one with DEET) and put food in both of them, then the flies far far prefer the one without DEET.

This is confirmed by direct studies of the fly (drosophila) and mosquito (anopholoes gambiae) sensory systems which show a significantly reduced response to 1-octen-3-ol in the presence of DEET (The other major attractant is CO2, but DEET doesn't seem to have much effect on that.) This kind of explains why DEET has a relatively short range of action: this NEJM article claims 4 cm, while Ditzen et al. claim 38 cm (I can't read either of the original sources) but in either case, it's pretty short. I wonder if part of the issue is that mosquitos are still attracted to other chemicals you're emitting (e.g., CO2) but they get confused when they can't smell the 1-octen-3-ol, so they get close but don't want to actually land on you. What you really want, though, is something that will convince mosquitos they want to be far away from you, not just that they don't want to be near you.

I'd already heard that a bunch of airlines were going to start charging for checked baggage, but I read that USAir is now going to charge for soft drinks. Unlike the checked baggage policy (and previous policies for good seats), however, it doesn't look like they're going to exempt elite flyers. It's easy to see why that would be inconvenient for them to do ("please show me your card, sir"), but this, along with new, higher fees for award travel (travel bought with miles), elimination of mileage bonuses, and closures of a bunch of lounges, starts to look like they've decided that they don't value their elite flyers. Obviously, they have no obligation to suck up to elites, but the result is that travellers don't have any real incentive to choose USAir over other carriers, so they're forced to compete almost entirely on price.

Conversely, the charge for checked baggage (at least on United) may actually make being elite more attractive, at least comparatively. First, not having to pay the baggage charge is a benefit if you want to check baggage. Second, a baggage charge incentivizes everyone to bring more carry-on, which makes overhead bin space scarcer, which makes the early boarding privileges that come with being elite more valuable.

Aside from being kind of pointless, Terence Spies pointed out to me today that there's a real negative externality to an attempt to crack Gpcode's RSA key. Once you've bothered to build a big distributed RSA key cracking system (this assumes of course that this is practical, which isn't clear), there's a temptation to use it, and there are lots of 1024-bit and smaller RSA keys floating around in the world. It's not at all clear that the benefit from cracking the public key used for a single piece of ransomware exceeds the cost of a crack of long-term keys used for legitimate purposes.

Gpcode is a "ransomware" virus that infects your machine, encrypts your data under some RSA public key, and asks you to pay money to get the decryption key. Kaspersky Labs is trying to start a project to crack the public key, which would allow them to recover the data. According to Kaspersky, they broke an earlier key because it wasn't generated securely, but it sounds like they're trying to attack this one directly. This seems pretty unscalable. Even if they do manage to factor the RSA modulus—which seems unlikely unless they gather a pretty surprising amount of computing power— whoever is releasing the virus can just create a new, longer, public key. The whole point of cryptography is to give an insurmountable advantage to the defender. That's not going to change just this time because the people using cryptography are mean.

Hovav Shacham ran a small physics problem by me the other day. You have a body rolling along a flat, frictionless, track of length L, as shown in "A" above. Assume it's been given a single initial impulse so it's moving at speed S. We all know that it will take time L/S to traverse the track completely.

Now, consider the diagrams labelled B, C. These are two tracks with the same horizontal displacement as A, but we've added either a hill or a valley to the middle of the track. The diagrams aren't to scale and don't assume that shape of the hill/valley is an arc, even though it's shown that way, but you can assume that:

• There's only one hill/valley. It's not rolling.
• B and C are mirror image of each other. I.e., they're equally deep and high with identical slopes.
• All tracks are symmetrical around the dashed line "Y"
• The ball is moving fast enough to complete each track (in particular, to clear the top of the hill in B).

So, two questions:

1. What's the relationship between the time the ball takes to traverse B and C? You don't need a numerical answer, just equal to, less than, or greater than.
2. The same question as above, but for A and C.

This doesn't require calculus or detailed mechanical calculations, just simple qualitative physics and some intuition.

Answers after the break.

Noticed this sign in the window of a drug store today.

Aside from the fact that I'm a bit nonplussed to be lectured on ethics by a company which spent years denying nicotine was addictive, but this seems like the bumper sticker version of some pretty confused ethical reasoning. It's not like there's some principled ethical argument to be made that selling cigarettes to 18 year-olds is OK but selling it to people who are 17 1/2 isn't. I'm not claiming that it's OK to sell it to toddlers, but setting the dividing line at 18 is purely arbitrary. In fact, according to Wikipedia, the legal age is 19 in some parts of the US, let alone the rest of the world. Is PM claiming that the state of Utah is immoral? You'll notice that they don't say "18", just "minors", so these signs are quite usable in Utah.

Now, that's not to say that it's not necessarily moral to sell tobacco to 17 year-olds. For instance, you could argue that it's wrong to sell tobacco to anyone, in which case it's also immoral to sell it to those under 18. Presumably, that's not the argument that PM is making. More plausibly, one could argue that while there's nothing special about the 18 barrier, but that it's wrong to break the law in any case, but then "It's not just wrong, it's illegal" doesn't make much sense, since it's wrong only because it's illegal.

For reasons which don't bear going into I had a truly horrible routing for my trip back from the NIST IBE Workshop. This routing involved spending 7 hours in LAX between the hours of 12:08 AM and 7 AM. Luckily, I got to IAD early and was able to reroute myself onto the 7:45 flight, which had a reasonable chance of letting me make a 10:50 connection in LAX. I say 7:45 flight, but actually it was a 4 PM flight which had been massively delayed due to extreme weather conditions (tornado? monsoon? who knows) in the greater DC area. Anyway, weather conditions were looking temporarily OK and so I figured the sooner I got out of DC the better.

This probably wasn't the best decision ever since before we'd even gotten everyone seated the announcement came over the PA we were likely to be delayed and the pilot didn't know when we'd take off. At this point I thought better of the whole "get on the plane" scheme since waiting in the terminal with the other victims is probably more fun than being on the plane, but unfortunately they'd closed the door so I was stuck.

90 minutes after we'd boarded, we finally pushed back from the gate and then hung out on the tarmac for a while. When the FAs came around handing out granola bars I figured that was a pretty bad sign and sure enough listening to Channel 9 it quickly became clear that almost nobody was being allowed to take off. Finally, at 8:00 the pilot came over the PA and announced that he had no idea when we would be able to take off and he wanted to put it to a vote whether we should return to the get and let people get off the plane. A pretty significant number of people were in favor of this but then the clarification came in that if we returned to the gate the flight would be cancelled (bad) and that this would be treated as a weather-related cancellation so no accomodation compensation (worse), and the pilot asked people what their opinions were with this new information.

Now, it's one thing to lose your slot in the departure queue, especially if it's not moving much anyway) and something totally different to have the flight cancelled and be stuck at IAD for the night, so at this point most of the people who wanted to deboard changed their minds, but a few held firm, raising the question of how many people wanting to get off is enough for them to turn the plane around, or, as the woman sitting near to me indignantly asked "you mean if three people want to get off, we have to go back to the gate and the flight is cancelled" (quoting from memory), which, while inartfully phrased, is an ethically sound question that I really have no idea how to answer. At one level, one is tempted to say that this is something that should be decided by democratic means, but on the other, it's not like being stuck in a metal tube sitting on the ground for 5 hours is part of whatever social contract you implicitly sign by getting on the plane so it does seem like the defectors ought to get some kind of veto.

Luckily, right about this time we go cleared for some sort of slot in the exit queue so people were sent back to their seats and the political crisis was averted. About 20 minutes later we finally took off, but of course we missed all connections in LAX so I got to spend a joyous 4 hours in the gate area, where I'm writing this now.