EKR: April 2005 Archives


April 20, 2005

I'll be spending the next two weeks in an undisclosed location without Internet access. Blogging will return when I return, on May 4th or 5th.
Via CNN:
A spokeswoman for the online broker said it was told in February that a package holding four data cassettes containing current and former Ameritrade (Research) account holders' information from the years 2000 through 2003 was misplaced by a shipping company Ameritrade uses. It declined to name the company.

Three of the four tapes were recovered at the shippers' Maryland facility, said the spokeswoman, Donna Kush. The one tape that remains missing contains information on as many as 200,000 current and former customers, she said. Ameritrade has about 3.7 million customers.

Kush says Ameritrade has reviewed the customer information that would be on the missing back-up tape and has decided that only 175,000 of those customers needed to be notified, in accordance with industry standards. The company began sending letters to those customers last week.


She said Ameritrade has every reason to believe that the missing fourth tape has either been destroyed or is still somewhere in the shipper's facility. In addition, she said, the missing back-up tape contained compressed data that would require very advanced computer systems to access.

Yeah, I'm sure that's going to be a real barrier to the kind of people who reverse engineer obfuscated binaries.

This, folks, is why you need encrypted backup. It's not like you need to use some super-secret key that's easy to forget or lose (and it's exactly when you want to do a restore that you're going to discover you've forgotten the encryption key). Just stick it in a sealed envelope in the machine room with a "break seal in emergency". That way, when the backup tapes get lost, the people who find them don't get access to all your confidential data.


April 19, 2005

Emily Bazelon's Slate article contains a very interesting tidbit. It's well known that in the developing world, sex selection technology (primarily abortions) is used to choose male children. Not so in the US:
In the United States, the Virginia-based company MicroSort has been helping parents give nature a nudge since 1996, through a process called cytometry that separates X and Y chromosome-bearing sperm cells. Seventy-nine percent of the company's clients shoot for girls.

Sounds like a good basis for trade.

Ed Hasbrouck points to the Notice of Proposed Rule-Making for the RFID passports. Here's the summary:
Under the proposed rule, a passport that contains a damaged, defective, or otherwise nonfunctioning electronic chip or with observable wear and tear that render it unfit for further use as a travel document may be invalidated by the Department of State. While an electronic passport with a nonfunctioning electronic chip may continue to be used if the data page is not damaged, it would nonetheless lack the ability to be read by chip readers at ports of entry and would not reflect the security features inherent in the electronic chip technology. If the damage were caused deliberately, the passport would be invalidated upon discovery. Individuals whose passports contain failed electronic chips may choose to obtain a replacement passport for the balance of the original validity period by applying presenting the passport, and new photos; or they may apply for a new full validity passport by applying presenting the passport, new photos and applicable fees.

In other words, you can't just microwave it. Hasbrouck's post also contains the following gem:

There's no plan to invalidate existing passports, which are good for 10 years from the date of issuance, but Moss says he expects that holders of non-RFID passports will face increasingly second-class treatment (longer lines, slower processing, more intrusive searches) once most USA passports in circulation are chipped.

If you're interested in this issue, Hasbrouck's post provides an excellent introduction.


April 18, 2005

The battle over emergency contraception is heating up. The key question is what obligation pharmacists have to dispense emergency contraceptives. It seems to me that there are at least the following coherent positions in roughly decreasing order of uncertainty for customers:
  1. Pharmacists have the right to refuse to dispense EC without impacting their job status.
  2. Pharmacists have the right to refuse to dispense EC, but employers can fire them for it.
  3. Pharmacists have the right to dispense EC, but pharmacies must arrange for the customer to be able to acquire EC--though potentially at another pharmacy.
  4. Pharmacists have the right to refuse to dispense EC, but pharmacies must ensure that someone is on staff to dispense EC locally.
  5. Pharmacists have the right to refuse to dispense EC, but they have an affirmative personal obligation to arrange for the customer to be able to acquire EC.
  6. Pharmacists have the right to refuse to dispense EC, but they have an affirmative personal duty to arrange for the customer to be able to acquire EC.
  7. Pharmacists have an affirmative personal duty to dispense EC.

Now, clearly if we were discussing radial tires, the societal consensus answer would be (2). Sears would be perfectly within their rights--and almost certainly would--fire any employee who would only sell bias ply.1 But what's the difference here?

It seems to me that there are basically two reasons why people who are in favor of allowing pharmacists not to dispense EC feel that EC is different:

  1. There are people who have principled--or at least so they believe--objections to EC.
  2. They themselves object to EC, and this makes it harder to get.

I suspect that for most people in favor of the right of pharmacists not to prescribe EC, the deciding factor is point (2). Ask yourself this: if there was a significant group of people opposed to the sale of radial tires would you support a law that guaranteed the right not to sell them without being fired by Wal-Mart. I suspect that for most people in favor of the right not to prescribe EC the answer here is "no". But the only real difference here is that a larger fraction of the population (in this case legislators) opposes EC, whereas they probably drive on radial tires. But note that this isn't an issue of freedom of the pharmacist's conscience, but one of the pharmacist's right to make the decision the legislators approve of.

On the other hand, if we were discussing radial tires, there wouldn't be anyone endorsing a law guaranteeing the right of consumers to buy them, even if vendors didn't want to carry them--though there are people in favor of such a law for EC. I see two major differences in this respect.

  1. There's a substantial entry barrier to becoming any kind of pharmacist or running a pharmacy. This barrier is at least partly erected and supported by the state. By contrast, pretty much anyone can sell tires.
  2. When people need EC they need it quickly, whereas you can typically drive for a while on partly worn out tires. It's not like you can just order your EC from Amazon.com and wait for it to show up.

I find the first and second points the most convincing. If the state is going to help you enforce your monopoly on some services, it seems to me that this creates some obligation to perform that service for all comers. And unlike a doctor's discretion not to prescribe certain medications, refusing to dispense EC isn't really an medical judgement, it's an ethical one.

Of course, there's an easy solution to this conflict: just make EC available over the counter. There's no medical reason why a pharmacist needs to sell EC; Plan B comes in a convenient single-use package. OTC use would would substantially lower the entry barrier and so reduce the impact of any individual pharmacist not wanting to sell it. Concerns (IMHO bogus concerns) have been raised about making EC available to minors, but it would be easy to have clerks check for ID, as they do for alcohol and cigarettes. Of course, if what you really want isn't to give pharmacists freedom of conscience but rather to make EC harder to get, then this option doesn't really accomplish that. On the other hand, if that's your goal, then hiding behind freedom of conscience is kind of disingenuous.

1 Sure, the radial tire thing is kind of silly but consider a Mormon who doesn't want to sell caffeinated beverages--not that they do so as far as I know.

William Saletan has an interesting article in Slate about the use of LASIK as a sports performance aid. According to Saletan, many athletes are using LASIK to have their vision improved beyond 20/20. It seems to be reasonably common to achieve 20/15 or 20/10 vision, prompting even people who's vision is fairly normal (20/30 or so) to get LASIK as a performance enhancement, even going ack for retreatment if they're not satisfied with the results. As I've said before, this line is going to get harder and harder to draw as medicine improves.

April 17, 2005

OK, so the Bush administration wants to repeal the estate tax. Now, I can certainly understand why people would be against a big giveaway to the rich, but it's not like the effect on the federal budget is really that enormous. In 2003 the estate tax brought in 20 billion. By comparison, the 2003 Federal original tax receipts were about 800 billion and the 2004 On-budget deficit is 567 billion On the other hand, it's about the same amount of money the feds expend on "Science, space, and technology" every year.

April 16, 2005

The thing about DVD encryption, whether it's CCS or AACS is that it's not going to stop copying DVDs. The obvious way to copy a DVD is simply to make an exact duplicate of all the data onto your hard drive or another piece of plastic. This requires that you be able to read the raw bits off the DVD, but there's no technical obstacle to making that kind of equipment and in fact it's fairly easy to get. No encryption can stop this from happening because it bypasses the encryption.

DVD encryption accomplishes two major goals:

  1. It stops people from making third party players.
  2. It makes it hard to get access to the plaintext.

Why deny access to the plaintext when copying the ciphertext is so easy? Well, DVDs are fairly large, so they consume a lot of disk space and take a long time to transmit over the Internet. So, if you want to share files it pays to be able to compress them--even much smaller music files are generally compressed for transmission and storage after people copy them from CD. But encrypted data is essentially incompressible so getting access to the plaintext is the first step in doing the transcoding.

Because of the size issue, effective DVD encryption would make sharing movies over the Internet very difficult. But of course, this is a temporary situation. Given the rapid increase in disk space and network bandwidth it's only a matter of time before you can copy encrypted DVDs around.

And of course, AACS only works if you can identify which key was compromised. If people just rip their DVDs and post the compressed plaintext, there's no way of knowing1 which player was compromised and so you can't revoke it. Obviously, it's a lot of work for your average end user to compromise his own player (though you could imagine some hacker releasing a patch that would let you break any copy of some player) but it's not that much work for a pirate.

At the end of the day what you're left with is a technology that doesn't really stop piracy but that does stop people making unauthorized players.

1. Yes, I know about watermarking, but it's very inconvenient to use watermarking because that requires having each disk be different and tracking who buys which disks. I don't get the impression that AACS involves watermarking.


April 15, 2005

The specifications for AACS, the replacement for the CSS DVD encryption system, are out. I've just skimmed it, but it looks to be much more competently designed than CSS. CSS used a single key to encrypt every DVD, so as soon as a single device was compromised the system was catastrophically broken.

The naive way to solve this problem is to give each DVD player its own encryption key. Call the key owned by player i K_i. When you want to print a DVD you generate a random key k and encrypt it under each K_i. So, the DVD will have a key encryption block consisting of E(K_1,k), E(K_2,k), E(K_3,k), ... E(K_n,k), where n is the last DVD player that will ever be manufactured. Then, when player j is compromised you just don't encrypt under key K_j for all future DVDs. Now, you can't always tell when a player has been compromised, but the threat model here is that someone takes the key and embeds it in a piece of software, so all you have to do is get a copy of the software player and extract the key.

There is an obvious problem with this scheme: the key encryption block is enormous. If you expect a billion DVD players to be made, then each DVD player will need to have a billion encrypted keys. If each key is 16 bytes, that's 16 GB, which is twice as large as a DVD--and we don't even have any data on it yet.

Luckily, it turns out that there are schemes (collectively called "broadcast encryption" schemes) for arranging the keys in such a way that the encryption block is much smaller. The simplest one is to lay out all the keys in a tree, like so:

Each player gets one of the leaf node keys and all the keys on the path to the root. So, player 0 would get keys K, K_0, and K_00.

Initially, all DVDs are encrypted under key K which all players have. (Well, technically the DVD key is encrypted under K.) Now, say that key K_00 is compromised. From then on DVDs are encrypted under keys K_01 and K_1. This allows every player but player 0 (holding K_00) to decrypt the DVD). Every time a player is compromised, you change the set of keys you encrypt under to exclude that key. This isn't the best (most efficient) scheme, but it should give you the basic idea. The particular scheme that AACS uses is called "subset difference", which is rather more complicated to explain. (see here for an explanation.)


April 14, 2005

Brad DeLong makes an important point about the fact that nobody is perfect:
My father believes that one should leave typos in one's galleys uncorrected. It is a law of nature that when one opens the printed version the first thing one will see will be a mistake. If you leave the typos alone, the first thing one will see will be a typo. If you correct the typos, the first thing one will see will be a truly horrible and inexcusable substantive error...

Absolutely right. On the other hand, in final review of SSL and TLS, we discovered that I'd claimed that 1 made a good RSA public exponent (it should have been 17). That's one typo I'm glad I fixed.

On the gripping hand, just seven lines later the text says that to do RSA private decryption you compute Ce mod N, which manages to be both a typo and a horrible, inexcusable substantive error.

Ed Felten reports on the State Department's rather poor showing at CFP over contactless passports:
In the Q&A session, I asked Mr. Moss directly why the decision was made to use a remotely readable chip rather than one that can only be read by physical contact. Technically, this decision is nearly indefensible, unless one wants to be able to read passports without notifying their owners -- which, officially at least, is not a goal of the U.S. government's program. Mr. Moss gave a pretty weak answer, which amounted to an assertion that it would have been too difficult to agree on a standard for contact-based reading of passports. This wasn't very convincing, since the smart-card standard could be applied to passports nearly as-is -- the only change necessary would be to specify exactly where on the passport the smart-card contacts would be. The standardization and security problems associated with contactless cards seem to be much more serious.

After the panel, I discussed this issue with Kenn Cukier of The Economist, who has followed the development of this technology for a while and has a good perspective on how we reached the current state. It seems that the decision to use contactless technology was made without fully understanding its consequences, relying on technical assurances from people who had products to sell. Now that the problems with that decision have become obvious, it's late in the process and would be expensive and embarrassing to back out. In short, this looks like another flawed technology procurement program

I don't think it's entirely crazy to want to have something that's contactless. As one of the commenters (Cypherpunk) points out, there are good reasons for not wanting to have electrical contacts. Any physical electrical interface is inherently more brittle than a contactless interface. But RFID isn't the only kind of contactless interface. Optical interfaces are contactless too--though you can't easily do processing on cards with that kind of interface.

If you want to do processing on the card, probably the optimal choice is to use an RFID card but with access controlled by a per-card key which is printed on the inside of the passport. Then you can optically scan the key and access the RFID card. This keeps contactlessness, but limits access to people with physical access to the passport. This basic idea was proposed during the initial design of RFID passports and for some reason opposed by the US. It's unclear whether this opposition was for simplicity concerns or to deliberately preserve the possibility of remote reading.


April 13, 2005

Well, it's happened again. Fernando Gont has discovered that there potential connection reset vulnerability in a number of TCP/IP stacks. (Advisory here). Unlike the last TCP DoS attack this attack uses ICMP messages rather than TCP RSTs.

The Internet Control Message Protocol (RFC 792) is used to send various kinds of control messages to IP-connected hosts. For instance, the ICMP Host Unreachable message, which tells the receiver that the sending router can't forward the packet to the destination. Another example is ICMP Datagram Too Big message which tells the sender that the packet is too big to forward and can't be fragmented (because the Don't Fragment bit is set). This message is used in Path Discovery (RFC1191).

When a TCP implementation receives an ICMP Host Unreachable that tells it it can't talk to the receiver and it needs to terminate the connection. In order to help the sender identify the correct connection and prevent attackers from forging Host Unreachable messages ICMP messages contain the first 64 bits of the offending datagram. Thus, in order to generate a valid message the attacker needs to be able to see the packets of the connection it wants to attack.

In theory this should stop attackers from resetting connections that they can't see. In practice, it turns out that a lot of TCP implementations (in particular Cisco, Juniper, and IBM) don't check the host and port in the ICMP messages but don't check the TCP sequence number. Often the host and port portions are predictable and so if you know about a connection you may be able to reset it. There are also a variety of other attacks involving other ICMP messages. The correct fix is described in draft-gont-tcpm-icmp-attacks-03.txt.

This isn't something to panic about. As with last year's TCP attacks, the scope of this attack is fairly limited. There aren't many TCP-based protocols that simultaneously are high value and rely on long-lived TCP connections. Web transactions, for instance, are basically unaffected. The main example is BGP. Unfortunately, the TCP MD5 fix from last year's attack doesn't seem to prevent this attack--however one of the workarounds--port randomization--does. So, in principle, it's possible to DoS substantial fractions of the Internet routing system. In practice, Cisco has already rolled out fixes and I imagine Juniper and IBM will if they haven't already.

OK, this is interesting. The FDA Advisory Panel has voted 7-2 to approve Mentor's silicone breast implants. It will be interesting to see if the FDA approves them.
The FDA expert panel has voted against approving Inamed's silicone breast implants:
"This hearing was premature," said panel member Amy Newburger, a suburban New York dermatologist, after the vote. "I don't see how we can get or give adequate informed consent for our patients based on the data we've seen."

Inamed Corp. sought the new advisory meeting a year after the agency rejected its earlier application and presented one additional year of safety data. While the panel members complimented the company on its research, they concluded there wasn't enough new information on key issues, including why some implants leak, the effect of released silicone, and the long-term risks of intact implants.

Here's the thing, though: these exact same breast implants are already available. It's just that you can only get them for reconstructive surgery after you've had a mastectomy. So, the question at hand is whether they'll be allowed for breast enlargement. There's no medical need for you to have normal-sized breasts after a mastectomy, it's basically a cosmetic issue--in the sense of being about how your breasts look and feel. Effectively, the FDA is now in the business of saying "These people have an appearance that's sufficently problematic that they're allowed to have implants but these other people do not."

It seems to me that there's something fairly problematic about the FDA making this kind of decision. It's certainly not the same as the usual kinds of decisions that FDA makes, namely is something safe (i.e., does it have a risk level below a given amount) and is it effective (i.e., does it work). These are in some sense empirical issues, though of course it requires some real judgement to interpret the studies, especially because the acceptable level of risk depends on the seriousness of a condition (HIV treatments can obviously be a lot more dangerous than treatments for minor acne.)

In this case, however, it's basically a matter of saying that "reconstruction" is OK but "enhancement" isn't. Given that neither is medically necessary, why is this a decision that the FDA should be making in the first place?


April 12, 2005

Here's my latest paper, Fiber-Optic Cables Considered Harmful, Courtesy of MIT SCIgen. It's also worth checking out Mazieres and Kohler's submission to SCI 2005 (for reference, SCI is an apparently bogus conference which constantly spams CS researchers with their CFPs.) Make sure to check out Figure 1.

UPDATE: Unfortunately, due to circumstances beyond my control, I seem to have lost the previous paper. However, I have some new results which you can read about in Operating Systems Considered Harmful.


April 11, 2005

Actual dialog from a recent West Wing rerun:

Josh: What do I say to people who ask why we subsidize farmers when we don't subsidize plumbers?
Farmer's daughter 1: Tell 'em they can pay seven dollars for a potato.

Yes, I know it's a TV show, but do people actually think like this? I always assumed that the reason we couldn't get rid of farm subsidies was rent seeking by the farmers, but if people actually believe this, that could be part of the problem.

1. Don't blame me. That's how she's identified.


April 10, 2005

Spike TV and the Ultimate Fighting Championship have been running a reality show called "The Ultimate Fighter." They pick 16 unsigned MMA fighters who are competing for a UFC contract, a new car, watch, etc.

If you're into MMA, TUF is definitely worth watching. Of course, there's the usual reality TV schlock: dividing people up into two teams, ridiculous physical challenges, team infighting, and team membership juggling by the organizers, etc., but after the first few shows, all eliminations were decided by fights, with the loser going home. (In a nice touch, the competitors were required to bring their gear to the matches and the losers had to leave right away.) The fights aren't all good, but a lot of them are, and in some cases they're more interesting than the pro UFC fights, since the action can be a little slower and easier to follow.

The final matches were shown live last night on Spike. The card was:

MiddleweightDiego Sanchez v. Kenny Florian
Light heavyweightForrest Griffin v. Stephen Bonnar
-Ken Shamrock v. Rich Franklin

It will be showing again tonight at 10 PM and Monday at 11 PM. I strongly advise you watch it. The Griffin/Bonnar fight in particular is one of the best I've seen this year.

(Spoilers below the fold)

Brad DeLong has an interesting gloss on the Bush administration's current argument for social security private accounts:
If Blahous understood the argument he's making--and seriously wanted to communicate it--he would say something like this: "Think of it this way: Bush and Delay and Hastert and Frist are out of their minds, and are on a giant financial bender. They think they can drink up every bottle in the liquor cabinet, but if they do we'll have nothing left for the party we're giving tomorrow. Private accounts is a way of moving some of the good liquor to another cabinet and putting a lock on it so Bush and Delay and Hastert and Frist can't spill and waste it tonight. That's what we are really doing."

And, Blahous says, Bush really wants the bottles moved to the other cabinet--one with a lock on it--so he can't get at them. After all, Blahous says, "The President believes that surplus Social Security money should not be spent, which is one reason why he has proposed creating a system of personal accounts. These personal accounts would save Social Security money, protecting it in the accounts of individual workers, where the government could not take it away." You see, Bush really wants the government to run a budget surplus equal to the Social Security surplus, and we have to enact private accounts to force him to do what he really wants.

Yes. It's a clown show.

(Note that this is basically the same rationale behind "starve the beast").

Anyway, if the issue is being able to commit the US to not spending the Social Security surplus, it seems to me that there are simpler mechanisms. As I understand the situation, the argument being made here is that because the Social Security debt is in treasury notes, all the US government has to do is say that it's not going to honor treasury notes held by the SSA. I.e., they're just IOUs to yourself. The theory here is that this doesn't compromise the government's ability to borrow money, since it's not going to repudiate the generic debt, just the SSA debt.

Now, I'm pretty skeptical that that's not going to totally destroy America's credit, but it seems to me that there's a pretty easy way to credibly commit to not doing so: stop holding the SSA debt in treasuries. I'm not saying that the SSA has to buy HP stock or something. Just sell off the treasuries it currently holds and buy bonds from stable governments.

The point here is to destroy the distinction between the debt owed to the SSA, so the government has to repudiate the entire debt. Of course, the government can still just sieze the entire trust fund, but of course the government could just increase the private account clawback too... It's just such fine distinctions that turn out to make a big difference to how things look on TV.

And yes, before you ask, I realize quite well that this isn't the Bush administration's real reason for wanting to have private accounts, but that doesn't mean it's not a good idea to protect ourselves in the future.


April 9, 2005

Microsoft and the RCMP are teaming up to fight child pornography. Their first tool seems to be a data mining system that lets law enforcement do a better job with the data they already have. That seems fine, but here's what MS claims to be working on:
CETS is just one of several initiatives at Microsoft aimed at stemming child pornography and promoting online safety for children. Child-protection experts at Microsoft are working with the Windows development team on potential ways of building protective mechanisms directly into the platform. "There is a group within the Windows team that is looking at these issues and making proposals," Cranton says.
See also here:
t's unclear just how far along Microsoft has gotten with the idea, but Hemanshu Nigam, a Microsoft lawyer whose background includes investigating child pornography at the Department of Justice, has begun working directly with the Windows development group to explore what's possible. "They're looking at, 'What can we do to not have our products used for child exploitation?'" says LaMagna.

Just how would Windows distinguish between an innocent image of a 7-year-old taken by a loving parent and something that crosses the boundary into child pornography? One clue may be that child-porn consumers seldom store a single image. "They're collectors," LaMagna says. "There are patterns that can be looked at."

Yeah, that's just what I want Windows to do, grovel through my files looking to see if I'm a child pornographer. Do I even have to go into all the ways that this could go wrong?


April 8, 2005

Alastair Reynolds Revelation Space, Chasm City, Redemption Gap, Absolution Gap These four are a series and should be read in that order. Diamond Dogs, Turquoise Days is in the same universe, but is really two novellas and to my mind is significantly weaker.

You're not going to like the answer to the Fermi paradox.

Chris Moriarty Spin State.

We've got teleportation, but it kind of sucks. First, it's not perfect so you tend to lose more and more of your memory the more you teleport. To make matters worse, it depends on entangled Bose-Einstein condensates which can only be mined on one planet by people working under near-slave conditions.

Dan Simmons Hyperion, The Fall of Hyperion,Endymion,The Rise of Endymion.

Technology has finally given us a golden age. Unfortunately, it's all run by a group of AIs called the TechnoCore, and they're not really on our side. Hyperion is excellent. Quality sort of decays from there on in, with Endymion being distinctly iffy.

Ilium is interesting, though runs a little long.

Simmons is incredibly prolific. A lot of his work is in horror, which I'm not a big fan of, but he's also done three extremely hard-edged detective novels in the spirit of Richard Stark's Parker novels: Hardcase, Hard Freeze, and Hard as nails. I've read the first two and they're solid. The reviews on Hard as nails are bad, though. Darwin's Dlade is another mystery but is pretty generic.

Greg Egan Quarantine, Distress, Axiomatic (short stories), Diaspora.

These books aren't really connected, but they're all based on pretty amazing speculations. Diaspora's probably the most impressive: the nature of humanity has been totally changed and most people live as uploads in computers. What exactly would life be like in this environment? These are all older. I haven't read any of his newer stuff and so can't offer much of an opinion.

Iain M. Banks Consider Phlebas, The Player of Games, Use of Weapons, Look to Windward.

These are all set in the same "Culture" universe where life is utopian because technology has advanced to the point where everything is basically free. The major civilization in this universe is a mostly human civilization called The Culture which is really run by super-advanced AIs called Minds. These novels focus on the Culture's Contact section which seems to spend most of its time trying to reform more primitive civilizations.

Also see: Against a Dark Background and The Bridge, which is only sort of SF.

Richard Morgan Altered Carbon, Broken Angels.

We've got easy mind uploading. Everyone is fitted with a "cortical stack", which stores your memories, personality, etc. Bodies are disposable because you can simply upload your personality into another body or into a computer. This tends to affect your perspective a bit. These books should be read in this order.

The big problem with current gene therapy technologies is that the new genes insert at poorly controlled locations in the gene sequence. This has obvious problems and two subjects who were treated for the X-SCID immune deficiency developed leukemia, likely as a result of the therapy. This isn't exactly a great advertisement for gene therapy.

Now, Urnov et al. report that they have found a way to create targeted modifications. I can't get at the whole article, but based on the New Scientist writeup, what it looks like is that they've built "zinc finger nucleases" (ZFNs), which are amino acid/zinc complexes that will bind to specific base sequences, ligate them, and splice in the correct sequence. They get 18% replacement, which is apparently pretty good.

The experiment being described was performed in vitro. The researchers extracted blood and treated it externally. It's not clear to me if this will work in in vivo. Conventional gene therapy often uses a virus. I'm not sure I see how to use this technique outside of the test tube.


April 7, 2005

At the FDA's request, Pfizer has withdrawn Bextra from the market. The only COX-2 inhibitor still available is Celebrex, which the FDA says "the benefits of Celebrex outweigh the potential risks in properly selected and informed patients".

April 6, 2005

The liberal blogosphere is upset about this rather silly David Brooks column arguing that liberals aren't thoughtful enough. One paragraph that's gotten a lot of attention is the following:
Liberals have not had a comparable public philosophy debate. A year ago I called the head of a prominent liberal think tank to ask him who his favorite philosopher was. If I'd asked about health care, he could have given me four hours of brilliant conversation, but on this subject he stumbled and said he'd call me back. He never did.

What a strange question. I certainly can't name my favorite philosopher. And it's not just because I'm not an expert in the field. I can't name my favorite cryptographer either.


April 5, 2005

Eu-Jin Goh pointed me to this interesting NYT article on treating cat allergies--at least in allergic mice. The idea is to bind a histamine blocking protein to a feline allergen. Cells which bind the complex produce 90% less histamine. This is an idea close to my heart, since I'm allergic to cats--even my cat. Unfortunately, it won't be available for 3-5 years at best.
The Register is carrying several stories on Telcordia's evaluation of the proposals for the .net registry, including criticism from Denic, Phil Sheppard, and Sentan. Denic and Sentan both claim that there were significant factual errors in the report. Here's an excerpt from Sentan's letter:
There is an oversight in the Evaluators report regarding the risk associated with the proximity of the applicantsComplet primary and secondary data centers. The report gives negative marks to Sentan due to the relative proximity of its primary and secondary data centers at 400 miles apart. Sentan subsequently received a a "GREEN" on this factor (as did DENIC at 275 miles -- for apparently similar reasons). However, according to section 5.b.i and 5.b.xv of its proposal, VeriSign's two data centers are located in Dulles, VA, and Ashburn, VA, approximately 10 miles apart. Despite this discrepancy, VeriSign received a perfect "BLUE" score in this section and Sentan received a "GREEN." All other comments associated with VeriSign and Sentan in this section are equal, so it seems clear that Sentan was penalized for data centers that are 400 miles apart and VeriSign was rewarded for data centers just 10 miles apart. Given the considerable focus and concern placed on this item by the evaluators during their on site evaluation, in their questions to us, and in the final report, we believe a fair scoring on this factor would place Sentan in a higher color category than the incumbent.
and from Denic's statement:
It is also a fact that the report contains serious factual errors. One of the key shortcomings held against DENIC in the report is that it allegedly uses home-made database software, whereas it actually uses a commercial product from one of the world's foremost suppliers a point made expressly in the application documentation. Sabine Dolderer went on to add that "it is not now our intention to descend to the level of petty nit-picking, but there is no escaping the impression that the evaluation report was drawn up under great pressure of time, and it was its quality that suffered. It is precisely because there was little to choose between all the applicants as Telcordia concedes itself and because they would also all have the ability to administer .net that such sloppy mistakes are so problematical, since they give a false picture the applicants' true capabilities."

I have no idea whether these claims are correct or not, but I also don't think the answer is that important. Telcordia's report concluded that both Sentan and VeriSign are good choices. The only reason that it's necessary to make this fine a distinction is that ICANN has decided on a beauty contest methodology and has to pick a winner on merit. That's fine when the differences are large, but when they're small like this, we get treated to the festival of rent-seeking and influence behavior we're observing now.


April 4, 2005

Brad DeLong points to this NYT article about Fiona Apple's never-released third album:

The New York Times > Arts > Music > Music | Bootleg Review: The Lost Apple: In 2002 and 2003, Fiona Apple recorded what would have been her third album, 'Extraordinary Machine.' Its producer, Jon Brion, has said that Ms. Apple's label, Sony Music's Epic Records, shelved the album because it didn't hear potential hit singles. An Epic spokeswoman said, 'Fiona has not yet delivered her next album.' Lately, what purports to be the full album, 11 songs, has been leaked onto the Internet, where - despite the efforts of Sony's legal department - a simple search will find multiple sources of downloads. The album is an oddball gem.

Its producer, Mr. Brion, is fond of instruments that huff and plink and wheeze, as he showed in his soundtrack for 'I {sheart} Huckabees.' Epic may have been discomfited that Ms. Apple's collaboration with him doesn't sound anything like what's on the radio now. As a songwriter, she's the same Fiona Apple who sold millions of copies of her first two albums; she's still sultry and sullen, obsessing in detail over why her romances went wrong and teetering between regret and revenge. Her vocals smolder like torch songs, then boil over with rage and accusations. But this time, the music doesn't always mope with her.


Had it been released, 'Extraordinary Machine' would have been a fine counterbalance to a pop moment full of monolithic, self-righteous sincerity. As it stands, mysteriously leaked and proliferating, the album is an object lesson in how an Internet that's not controlled by copyright holders can set artistic expression free.

This particular framing—where the big bad label won't release the album even though the artist wants them to, but the Internet sets it free—slots right into the dominant "Information wants to be free" narrative (cf. Wilco's "Yankee Hotel Foxtrot"). But there's something interesting to note: what makes you think that Apple actually wanted this album released? The Times implies that Brion did, but we don't get any kind of quote from Apple, which is a little surprising. Maybe she thought it sucked and was happy to have it round-filed. I've certainly written stuff like that.

Although it seems to me that the Weak Copyright side isn't having that much success on the legislative front, it seems to me that in this particular respect, they've managed (with some cooperation from the content industry) to frame the issue to their advantage. Copyright enforcement doesn't just serve to let content providers charge for their content, it also helps control access to content they actually don't want seen at all. The same networks that are good for distributing bootleg copies of The Black Album is just as good for transporting Microsoft's stolen source code.


April 3, 2005

Texas is considering requiring all vehicles to have RFID tags in their inspection certificates. These tags are explicitly for identifying vehicles for enforcement purposes (more information on /.):
Commencing not later than January 1, 2006, the department shall 
issue or contract for the issuance of special inspection 
certificates to be affixed to motor vehicles that are inspected and 
found to be in proper and safe condition under Chapter 548.
	(b)  An inspection certificate under this section must 
contain a tamper-resistant transponder, and at a minimum, be 
capable of storing:
		(1)  the transponder's unique identification number; 
		(2)  the make, model, and vehicle identification number 
of the vehicle to which the certificate is affixed.
	(c)  In addition, the transponder must be compatible with:
		(1)  the automated vehicle registration and 
certificate of title system established by the Texas Department of 
Transportation; and
		(2)  interoperability standards established by the 
Texas Department of Transportation and other entities for use of 
the system of toll roads and toll facilities in this state.

	Sec. 601.508.  CIVIL PENALTY.  (a)  If an electronic reading 
device detects and identifies a motor vehicle to which a special 
inspection certificate is affixed that is not covered by a motor 
vehicle liability insurance policy that provides the minimum 
coverages required by this chapter, on verification of the 
information and issuance of a written notice of noncompliance, the 
registered owner of the vehicle is liable to the state for the 
payment of a civil penalty in the amount of $250.

	(b)  In connection with the same vehicle, until the 60th day 
after the date of issuance of a written notice under Subsection (a), 
the registered owner is not liable for the payment of another civil 
penalty under this subchapter if that vehicle is subsequently 
detected and identified by an electronic reading device and 
determined not to be covered by an appropriate motor vehicle 
liability insurance policy.

Outstanding. If California picks this up, I'll need to wrap my car in tinfoil.

For the past year or so I've been hiking with a Garmin Geko 101. It gets the job done, but it's not as useful for navigation as I thought it would be. The problem is that while the GPS tells you where you are in absolute coordinates, it's not that helpful in terms of figuring out where you are on the map, since you have to interpolate between map grid lines, which kind of takes the fun out of things, especially when all I want to know is that I'm on the right trail.

The good news is that you can get a GPS that lets you upload maps. However, in the spirit of proprietary devices everywhere, you need to use Garmin software to load maps onto Garmin GPSes (other software can upload routes and waypoints, but not maps). The shareware GPSMapper program will let you create your own maps and upload them but it doesn't seem to know how to read the commercial maps that I already have in electronic form, so it's not really that helpful unless I want to trace my maps myself. So, even though I have TopoUSA, which has map coverage of the Western US, I need to pay Garmin $100—and that only covers the National Parks in the West of the US. If I want to hike East of the Mississippi, I need another CDROM. And if I want trail maps at high resolution outside the national parks, I'm SOL.

The next time you hear someone talking about Open Standards, what they're really saying is that you shouldn't have to put up with this kind of thing.


April 2, 2005

Well, it looks like the US is still going ahead with RFID passports (though they're officially calling them contactless). My passport was due to expire in June, so I just renewed it. If your passport expires soon, you might consider doing the same, before State rolls out the RFID program.

April 1, 2005

CVS has many annoying behaviors, but yesterday I attempted one of the activities CVS users fear most: merging a branch back into the Head of Tree (H-O-T). Now, this works OK in the simple case where you haven't done anything on H-O-T, but if you've changed the same files in the branch and H-O-T, then you can get conflicts.

Now, in theory you only get conflicts if you've changed the same section of the file in both branches, but in practice I always get burned. It's standard practice to include a version id in your code. For instance:

static char *RCSSTRING __UNUSED__ ="$Id: tcpconn.c,v 2005/02/03 21:25:57 ekr Exp $";

When you do checkins and checkouts, CVS automatically modifies this string to reflect the current version, date, etc. This lets you instantly look at any code fragment and determine which versions it corresponds to, which can be very helpful in debugging customer problems. Here's when things start to go wrong. Say you've been working on file foo.c in both branches. So, in H-O-T you've got version number 1.23. In the branch you have version number This means you have different version IDs, and since the same line of code has changed, CVS decides you've got a conflict. It marks it up in the source code like this:

<<<<<<< tcpconn.c
static char *RCSSTRING __UNUSED__ ="$Id: tcpconn.c,v 1.23 2004/07/16 00:08:58 ekr Exp $";
static char *RCSSTRING __UNUSED__ ="$Id: tcpconn.c,v 2005/02/03 21:25:5 7 ekr Exp $";

Now, here's the baffling part: CVS controls these lines. It wrote them in the first place, so you'd think it could figure out that they're not real conflicts and just fix them up. But nooooo.... You have to go in and remove the conflicts manually. Yeah, yeah, I know that I could fix this myself, but wouldn't it be nice if I didn't have to?