EKR: April 2006 Archives


April 30, 2006

John Aycock and Nathan Friess from University of Calgary have a new paper on next-generation spam generation. Their big idea is to have spam zombies mine the corpus of e-mails sent and received by the user of the infected machine. It than uses that information to craft spam that emulates that user's style, thus in theory making it harder to filter. I've never seen this exact idea before--though there are obviously similar ones--and its kind of interesting but it's not entirely clear if it works. The authors show that they can extract stylistic features, but that's well known. Unfortunately, they don't benchmark their technique against existing anti-spam measures, so it's not clear whether it's any better than existing techniques for fooling spam filters.

April 29, 2006

The EFF is suing AT&T claiming that AT&T violated customer privacy by en masse diverting their traffic to the NSA. Now the US Government intends to interrvene in the case, asserting the state security privilege. Their claim:
The United States cannot disclose any national security information that may be at issue in this case. However, the fact that the United States will assert the state secrets privilege should not be construed as a confirmation or denial of any of Plaintiffs intervening allegations, either about AT&T or the alleged surveillance activities. When allegations are made about purported classified government activities or relationships, regardless of whether those allegations are accurate, the existence or non-existence of the activity or relationship is potentially a state secret. Therefore, the assertion of the state secrets privilege, as a general matter, does not mean that any particular allegation is true but is a reflection of the subject matter at issue.

The United States is preparing to submit its state secrets privilege assertion, motion to intervene, and motion to dismiss by May 12, 2006, prior to the scheduling conference set for May 17, 2006, and in advance of the dates on which Defendants response to Plaintiffs pending motion for a preliminary injunction is due (May 18, 2006) and scheduled to be heard (June 21, 2006). See Order dated April 26, 2006 (Docket No. 78). Counsel for the United States will attend the May 17 scheduling conference should the Court wish to address the governments participation in this case.

I can't speak to the legal issue here, but let's just look at the issue from a practical perspective. The first thing to realize is that the details of the program aren't important here. The important question is whether AT&T is diverting a feed of their traffic to NSA. We know this is technically possible--indeed it's straightforward--so there's no need for NSA to reveal any of their technical capabilities in order to address the issue. So, the only secret is whether the program actually exists.

Let's do the case analysis here: there are two possibilities:

  1. AT&T is doing substantially what the EFF claims they are.
  2. AT&T isn't doing what the EFF claims they are.

Let's take each case in turn.

Case 1: AT&T is doing substantially what the EFF claims they are
At the moment, everyone pretty much assumes that this is the case. So, the effect of the case proceeding would be to confirm that, which provides only a very small amount of information. It's hard to see how such confirmation could substantially directly assist our enemies, who I imagine already behave they way they would if they were absolutely sure that NSA were snooping in this way.

On the other hand, if the case proceeds it could eventually turn out to be the case that EFF prevails and this activity could stop. Obviously you could argue that this was bad for national security, but since the precise issue at hand is whether this is acceptable behavior, it seems weird to argue that the case can't proceed because of that.

Case 2: AT&T isn't doing what the EFF claims they are
The only surprising result here would be if it turned out that AT&T wasn't actually doing what EFF claims. Arguably (and somewhat paradoxically) this could help terrorists by letting them know that they didn't have to take the precautions they are currently taking. On the other hand, it would be fairly foolish for them to assume that just because we weren't mounting this kind of surveillance now we weren't going to in the future, so a wise terrorist would continue to take precautions. So, it's not clear that discovering the secret information that the NSA wasn't actually snooping on everyone's traffic would actually damage security that much.

UPDATE: Fixed writing above. AT&T is allegedly diverting a feed of their traffic to the NSA, not to AT&T. Thanks to Richard Parker for pointing this out.


April 28, 2006

New Jersey is one of the two states in the country which don't allow self-serve gas (the other is Oregon). Now, in a bold move, Governor John Corzine wants to do a three month trial of self-serve gas:
Drivers could save 5 or 6 cents a gallon if stations offered self-service, Corzine said at a news conference on the state's response to soaring gas prices.

But he wants to study whether the savings would be passed on to drivers and would last, he said. He said he would lobby legislators to allow a three-month pilot program, perhaps beginning on the New Jersey Turnpike.

Study??? Seeing as 48 states already have self-serve gas, you'd think that the cost/benefit equation for self-serve gas would be fairly clear.


April 27, 2006

I don't know whether to laugh or cry. [*] Incidentally, I wonder what the cost per check would be to actually send these rebates.

April 26, 2006

Telecommuting is super-convenient, but has the obvious problem, especially for developers, that you want to be able to access resources on the corporate network. The classic soution here is a VPN, but there are lots of situations where the overhead of setting them up is excessive, especially since a lot of services (e-mail, remote login, version control, etc.) can be remoted without one.

One hack that people often use for applications that aren't so easily remoted is SSH port forwarding. For concreteness, say that you're working on your laptop in your hotel room and you want to use a service on your corporate network. You can use SSH to set things up so that if you connect to port L on your laptop (operated by your SSH client) then the SSH server connects to port R on some specific machine M on your corporate network. (This gets a little confusing because the technical term here is that port L is called the "local" port and M:R is called the "remote" host and port, even though you're the one working remotely.). Any data you write to the client (on L gets forwarded to the M:R.)

Once you have port forwarding set up, you reconfigure your client to think that localhost:L is the server and your client just works--at least it does for many protocols, such as POP and IMAP. Unfortunately, it interacts badly with two features of the Web: absolute URLs and virtual hosts

Absolute URLs
When you make an IMAP or POP connection, you configure the address of the server once and then your client uses it from then on (until you change it). But that's not how the Web works. Even if you type in the URL (address) of the home page, from then on you navigate by clicking on links. Each link, of course, is a pointer to some other page.

Now, links come in two basic flavors: relative and absolute. Absolute URLs specify both the server and the page on the server, like http://www.educatedguesswork.org/movabletype/archives/2006/04/2_billion_dolla.html. That means they can point anywhere. Relative URLs specify only the path, either the entire path, like /movabletype/archives/2006/04/2_billion_dolla.htm or just a partial path, like 2_billion_dolla.html. All those links go to the same place, but because the second two are relative, they only go to the right place if you have the right context, which is to say if you're reading the right page to start with.

The great thing about relative URLs is that they allow portability. Say I decide I want to change the name of my web site to www.eg.org. If I'm using relative URLs then I can just make a copy of the site and everything works. If I'm using the second kind of relative URL, I can even change the directory my pages live in. The bad thing about relative URLs is that they're context dependent. One way in which this is bad is that if you're reading this page in a Web-based RSS reader like bloglines then the URLs end up pointing to Bloglines site not mine and so may not work properly. And, of course, you can't use relative URLs to point to other sites. In any case, people often use absolute URLs even for links that point inside their own site.

Absolute URLs cause big problems if you want to tunnel access to a Web site over SSH. To see why, think about how the tunnel works. Say I want to tunnel to www.example.com but it's behind my firewally. I set up a port forwarding association between port 8080 on my local machine and www.example.com:80. Then I type http://localhost:8080 into my browser and things just work--at least they do as long as all the URLs are relative. Relative URLs like /page.html get turned by my browser into absolute URLs like http://localhost:8080/page.html and everything works fine because I go back to my local server, which is just a tunnel to the remote server.

But consider what happens if there's an absolute URL on the page, like http://www.example.com/page.html. Your browser has no way of knowing that that's actually the same site--it thinks you're on http://localhost:8080, so it tries to connect to www.example.com, which is inaccessible (hence the need for the tunnel) and you're hosed.

Virtual Hosts
The second problem is name-based virtual hosts. Remember that to do NBVH the client sends the Host: header which contains the domain name of the server it thinks it's connecting to. If the server is using NBVH and it gets localhost:8080 instead of www.example.com:80 you probably aren't going to get the result you expect.

Port Forwarding With HTTP
The fix here is to tell the client that your SSH port tunnel is actually your proxy. This is one of those things that seems totally natural if you know nothing about HTTP, is surprising if you know a bit about HTTP (especially, if like me, your opinions about HTTP were largely formed in the early 90s), but actually works. The reason why you'd think it might not work is this: Many HTTP proxies modify the content. When you talk to an HTTP server, the URL you give it to request a page is just the path part of the URL, like so:

GET /index.html HTTP/1.1

But in HTTP/1.0 the Host: header hadn't been invented and so you would sent the absolute URL to the proxy, like so:

GET http://www.educatedguesswork.org/index.html HTTP/1.1

The proxy would then strip off the host part, connect to the right host, and send the request with only the path part of the URL. So, the server would only see the path part of the URL. So, because the SSH port forwarding doesn't change the request, you would expect the server to choke.

In HTTP/1.1, however, servers are required to accept full URLs in the request line--presumably on the theory that in some hypothetical future version of HTTP we will send them all the time. So, it turns out that the server accepts this request just fine. Basically, the SSH port forwarder is acting as what HTTP calls a transparent proxy.

Port Forwarding With HTTPS
Unfortunately, this doesn't work properly for HTTP over SSL/TLS. The problem is that HTTPS's interaction with proxies is totally different. When you do HTTPS, you do the SSL/TLS handshake first and that doesn't contain any information that the proxy can use to know which server to connect to.

To get around this problem, SSL uses a special proxy method called CONNECT which basically means "make a direct connection and then get out of my way". So, the client sends:

CONNECT www.educatedguesswork.org:443 HTTP/1.1

And the proxy makes a connection to www.educatedguesswork.org:443 and then transparently forwards any data the client or server sends without inspecting or modifying it. This gives IT managers fits but it's not like you can tell your employees not to buy stuff at Amazon.com.

The problem here is that your average SSL server is not prepared to accept a CONNECT request. So, if you set your SSH port forward to be your SSL proxy, the server sees the CONNECT and throws an error, hangs up on you, or both. So, you need to somehow consume that CONNECT. The fix is to run a Web proxy on the remote machine (the one you're SSH-ing into). You then point your SSH tunnel at the Web proxy. When your client connects to the tunnel (and thus transitively to the proxy) and offers CONNECT the proxy says OK and makes the connection for you. Mission accomplished. A lot of work to get to your corporate Web servers, though.

Just released:
The Transport Layer Security (TLS) Protocol Version 1.1
T. Dierks and E. Rescorla
RFC 4346

This document specifies Version 1.1 of the Transport Layer Security (TLS) protocol. The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.


Datagram Transport Layer Security
E. Rescorla and N. Modadugu
RFC 4347

This document specifies Version 1.0 of the Datagram Transport Layer Security (DTLS) protocol. The DTLS protocol provides communications privacy for datagram protocols. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the Transport Layer Security (TLS) protocol and provides equivalent security guarantees. Datagram semantics of the underlying transport are preserved by the DTLS protocol.

If you need me, I'll be over here editing the current draft of TLS 1.2.


April 25, 2006

Due to concerns over the high prices of oil (and the expected high profits), President Bush is advocating repealing $2 billion worth of tax breaks on the oil industry:
For the longer term, Mr. Bush said he was asking Congress to repeal $2 billion in tax breaks and incentives in last year's energy bill. White House officials said he had never advocated the incentives for the oil industry.

For perspective, Exxon's 2005 gross profit was $158 billion. This may or may not be an excessive number, but screwing around fractions of a percent at a time is more PR than anything else.

Here's another way to look at things: assuming that we want a revenue neutral tax system, this corresponds to about a $10 per capita difference in your annual tax bill. That sure takes the sting out of those high gas prices!


April 24, 2006

According to this NYT article, Airbus is pitching a "seating" configuration where the passengers are strapped up against a padded wall. If that takes off, it's certainly going to make Economy Plus a lot more attractive.

April 23, 2006

The Manchester Union Leader carries the story of a man facing jail time for creating "child pornography" by photoshopping the faces of real children onto the bodies of people engaging in sexual behavior.
Zidel was accused of juxtaposing the heads and faces of campers onto images that depicted the youngsters engaging in sexual activity. Those images, saved on a CD ROM, were accidentally given to the camp's director, according to the press release.

While Zidel's attorney admitted that his client knew the campers depicted in the photos were under 16 years old, the attorney argued the images were not child pornography because the children were not subjected to sexual content, according to the press release.

Assistant Hillsborough County Attorney Nicole Fortune prosecuted the case and argued that the images were child pornography, as the law was designed to protect children from being depicted as engaging in sexual activity.

Over Fortune's objection, Lewis allowed Zidel to remain free on $50,000 cash or corporate surety bail.

Zidel faces a maximum of 3 1/2 to 7 years in prison on each of the nine counts. A presentencing hearing has not been scheduled. Fortune said she expects sentencing to take place within the next couple of months.

From a legal perspective, this is a tricky case: child pornography is not a protected 1st Amendment class (see N.Y. v Ferber) but purely virtual child pornography is protected (see Ashcroft v. Free Speech Coalition). The reason for this is that Ferber's rationale for why prohibiting child pornography is that its production is intrinsically tied to child abuse, which is harmful to children. Virtual child pornography isn't. This obviously falls somewhere in the middle here, so who knows what side the courts will come down on.

From an ethical perspective, it's tricky as well. Obviously, children probably aren't going to be real happy about there being wide distribution of pornography with their faces on it. On the other hand, there's lots of legitimate non-pornographic pictures of me from when I was a kid that I'd be pretty unhappy to see posted on the Internet. All things considered, I think I might be more unhappy with the idea that people were seeing how goofy I looked back then than that my face was on porn. The production of this kind of pornography doesn't involve child abuse--in fact the subjects would never have even known if Mr. Zidel hadn't screwed up. So, it's creepy and embarassing, but it's not clear to me that's sufficient rationale for banning it--assuming that one otherwise wouldn't be willing to ban pornography. The problem with banning things on the basis of creepy and embarassing is that we get into some serious edge cases: what if Mr. Zidel had just picked models that looked a lot like the subjects and then photoshopped them to look even more so--without using any photos of the subjects? Or what if he'd just sketched them naked? Obviously, that's pretty creepy, but it would be just about equally creepy if he'd done it too adults. At some point if you care about free speech you've just got to live with creepy.


April 22, 2006

A coalition of activists have started a site called Save The Internet, to lobby for net neutrality:
Writing net neutrality into law would preserve the freedoms we currently enjoy on the Internet. For all their talk about deregulation, the cable and telephone giants dont want real competition. They want special rules written in their favor.

Either we make rules that ensure an even playing field for everyone, or we have rules that hold the Internet captive to the whims of the a few big companies. The Internet has thrived because revolutionary ideas like blogs, Wikipedia or Google could start on a shoestring and attract huge audiences. Without net neutrality, the pipeline owners will choose the winners and losers on the Web.

And when the network owners start abusing their control of the pipes, theres nowhere else for consumers to turn. The cable and telephone companies already dominate 98 percent of the broadband market. Only 53 percent of Americans have a choice between cable and DSL at home. Everyone else has only one choice or no broadband options at all. Thats not what a truly free market looks like.

I absolutely agree that the threat is real, and they're quite right to identify the problem as a lack of choice, but as I noted earlier, it's not clear that legislation is the right approach. In particular, the Internet Non-Discrimination Act of 2006, which this group appears to be endorsing, appears to prohibit some standard ISP practices. For instance:

(a) IN GENERAL, A network operator shall--
(1) not interfere with, block, degrade, alter, modify, impair, or change any bits, content, application or service transmitted over the network of such operator;


(5) allow the attachment of any device which, if such device is in compliance with part 68 of title 47, Code of Federal Regulations, without restricting any application or service that may be offered or provided using such a device;

To give you one example, many ISPs (especially the cable-based ones) forbid users from operating servers--Web servers, for instance--which would seem to me to be a clear violation, especially if it blocked them. It would also seem to prohibit ISPs from offering variable quality of service offerings (for instance in order to get better performance for VoIP) such as diffserv, even if they and the customers want them to. Of course, it's arguable that both of these practices are objectionable, but that doesn't mean that they should be illegal. I'm not saying that it's not possible to write a law that doesn't overreach this way--though it's harder than it sounds--but I'd like to see an existence proof before getting on board this particular bandwagon.


April 21, 2006

CNET has an article on the new Bush Administration Internet Rating plan. The key points seem to be:
  • A required self-rating scheme for each "sexually explicit" page. Apparently this includes "close-ups of fully clothed genital regions".
  • Punishing web site operators for misleading visitors (or really search engines, I guess) about the content of their web sites when such content is actually pornographic.
  • Forbid commercial sites from having sexually explicit material on their home page that shows up without user intervention.
  • Some sort of unspecified record-keeping requirement for ISPs.

So, I definitely understand why the feds would want to require a whole bunch of recordkeeping for ISPs, but the other initiatives seem to be premised on some sort of "pusher" model of Internet porn where the porn providers try to shove porn on unwilling viewers. That's not my experience at all. I have Google safesearch off and I do a lot of searching, and I practically never come across anything remotely pornographic--unless I was actually looking for it, of course. So, while Gonzales claims that the system is intended to "prevent people from inadvertently stumbling across pornographic images on the Internet," it's not clear to me that there's even a problem here. Obviously, the big search engines have a lot of incentive to not inadvertantly show their customers porn, so it would be a good reality check to see if they're in favor of this.

Of course, a system of mandatory labelling would be useful for a number of other things. For instance, you could require (now self-described) pornographers to forbid access to children. Thinking further ahead, combined with mandatory record keeping you could construct a database of which people were viewing porn. Thinking even further ahead, you could require ISPs to filter out everything with a certain label. I'm not saying that this is somehow on the roadmap--though of course various authorities have already tried to enforce both forbidding access to children and filtering of specific sites--but I would like to see some evidence that accidental access to porn is a big enough problem to motivate something as intrusive as a mandatory, universal, labelling scheme.


April 20, 2006

Ed Felten has a very nice series of posts about HDMI security. As Ed observes, the actual security protocol that HDMI uses is very weak, despite the fact that it's well-known how to design a stronger system. Similar comments apply to the DVD copy protection system CSS. Felten suggests an explanation:
First: Why is the weak system worth spending 10,000 gates for? The answer doesnt lie in platitudes about speedbumps or raising the bar any technical bumps or bars will be obliterated when the master secrets are published. Its worth noting, too, that the data stream they are protecting uncompressed super high-def (1080i) video blasts so much data so fast that theres no affordable way for a would-be pirate to capture it, at least today. About all that can be done with such data streams today, at reasonable cost, is to display them, or to run them through simple format converter boxes. In future years, capturing the video stream will become a viable piracy strategy, but by then the master secrets will almost certainly have been published. So temporary piracy prevention doesnt seem like a good explanation.

A much more plausible answer is that HDCP encryption exists only as a hook on which to hang lawsuits. For example, if somebody makes unlicensed displays or format converters, copyright owners could try to sue them under the DMCA for circumventing the encryption. (Also, converter box vendors who accepted HDCPs license terms might sue vendors who didnt accept those terms.) The price of enabling these lawsuits is to add the cost of 10,000 gates to every high-def TV or video source, and to add another way in which high-def video devices can be incompatible.

If you're familiar with the DMCA, you won't find this to be a surprising situation. DMCA doesn't require you to design a strong DRM system, just one that's "effective"--whatever that means. I'm not a lawyer but as far as I can tell it basically means one that works as long as nobody is attacking it. Back in the old days, we used to say that you couldn't do strong DRM without trusted hardware, since any attacker could just break your software and get the keying material. But the DMCA's anti-circumvention procedures act as a kind of legal hardware security module--break the security and you've broken the law. Better than hardware tamper-resistance, in some sense.

In Albert Gonzales's anti-child-porn speech today he claimed:
Of course, the National Center and law enforcement have been focused on identifying, investigating, and prosecuting these offenders for some time. But I welcome the media's recent focus. It's important that the public learns how serious and widespread this threat actually is in America today because of the ease and anonymity of communication over the Internet.

According to one study, one child in every five is solicited online. The television program "Dateline" estimated that, at any given time, 50,000 predators are on the Internet prowling for children. It is simply astonishing how many predators there are, and how aggressively they act.

The "one in five" claim comes from the Youth Internet Safety Survey. I've blogged about this survey before, but the bottom line is that the one-in-five statistic is fairly misleading in a number of respects. The great majority of solicitations were of teenagers 14-17, technically children I suppose, but not really the image that the statistic conveys. Moreover, only 4% of the solicitation was by adults over 25, so this more looks like come-ons across the 18 barrier than like dirty old men. Oh, I should also mention that according to this study: "None of the solicitations led to an actual sexual contact or assault."

I haven't heard the 50,000 statistic before, but a little bit of searching seems to indicate that it's one of those statistics that gets thrown around as "has been estimated" without any real support. The first public appearance seems to be a Dateline program entitled "Catching potential Internet sex predators" aired November 10, 2005. Unfortunately, no primary source is cited. I can't find any actual study that's the source of this estimate--but would be very interested to see how it was derived.


April 19, 2006

The IETF 66 hotel info is up. Book early, book often.

April 18, 2006

A handicapped girl in Maryland is going to be competing with other athletes in track events:
A Howard County high school track athlete who uses a wheelchair will race against peers who compete on foot and will earn points for her team based on her finish against those peers for the rest of the county's track and field season, officials ruled yesterday.

Mike Williams, Howard County's coordinator of athletics, acknowledged that Atholton sophomore Tatyana McFadden's times in distance events are likely to be much better than students competing on foot, but decided to allow her to accrue points for her team to comply with a federal judge's ruling. The move surprised McFadden and her mother, Deborah, who filed suit last month with hopes of merely competing at the same time as other runners, not directly against them.

"The judge never said she should get equal points because this was never about points," Deborah McFadden said. "The judge said that Tatyana is not asking for blue ribbons: She's asking for the right to be with her teammates. I'm flabbergasted and dumbfounded they interpreted it this way."


Tatyana McFadden, 16, won two medals at the 2004 Paralympics in Athens. She is expected to compete in the 200-, 400-, 800- and 1,600-meter events today.

Though her average times in the 200 likely won't be good enough to win today, she likely will win her three other events. Her time of 1 minute 55.01 seconds in the 800 at an international meet last summer is faster than any time run this year by an able-bodied woman. McFadden has never competed in a 1,600-meter race, but her time of 3:30.60 in the 1,500 last summer would be the fastest time ever on foot, male or female.

In general, wheelchair times are much faster than foot times for almost all events. For instance, this year's men's wheelchair Boston Marathon time was 1:25:29. This year's mens open time was 2:07:14 and noone has ever run under two hours (the world record is 2:04:55, by Paul Tergat). In 2005, the California state girl's 800 meter winner put in a time of 2:04.5. Basically, letting people in wheelchairs compete against people on foot is like having runners compete against roller bladers or cyclists. It's not even close.

The McFaddens had simply hoped the judge would allow Tatyana to compete at the same time as runners. In most of her previous high school races, McFadden competed -- often alone -- in events designated for wheelchair athletes. She would score one team point for each event.

"The judge said many, many times the scoring system was not part of the case," Tatyana said. "I don't care about points."

Williams said the county's decision will not change unless he's instructed to amend the scoring plan when he meets with the Maryland Public Secondary Schools Athletic Association's outdoor track committee this morning in a regularly scheduled meeting.

"The judge's ruling set no guidelines, so we feel we can't treat her any differently," Williams said. "We feel by doing this we have completely complied with the judge's orders."

It's not clear to me what purpose is served by having McFadden compete against athletes on foot when she's so clearly better, whether she's scoring points for her team or not. I raced the 800m and mile in high school and 10 seconds is an eternity. Basically, at the finish she'll be 60 meters ahead of the person in second place. That's not competing, it's a rout.

Of course, if she is going to score points, that's a very serious disadvantage for any team she competes against. But there's an easy countermeasure for them: have one of their own able-bodied athletes compete in a wheelchair. There's no reason to believe that she's a particular great athlete, she's just using vastly superior technology. It's true that there's a bunch of sport specificity, but with enough training, a good athlete should be able to put in a good showing.


April 17, 2006

Paul Kiel points to quite a clever little campaign financing hack. (þ Josh Marshall). To prevent outright bribery, there are all sorts of restrictions on what candidates can do with the money they raise. But of course your campaign can hire consultants:
Rep. John Doolittle's (R-CA) wife, acting as his fundraiser, was getting a 15% cut of contributions coming into his campaign. That sounds sketchy to us, but you never know in D.C., so we asked around to people who do know. The verdict: it sounds as bad to experts as it does to you. And a strong case can be made that Doolittle broke the law.

Neither Fred Wertheimer of Democracy 21 nor Naomi Seligman of CREW could think of another example of a lawmaker's wife or other family member getting a cut of contributions, and it's not hard to figure why: because it sets off all sorts of warning bells. It is against the law for lawmakers to convert campaign money to personal use. And that's just what was going on here.

Now, as with all matters legal, it's more complicated than that. The FEC ruled on a matter very similar to this one back in 2001, when Jesse Jackson, Jr. was seeking to use his wife for consulting work. And what the FEC said back then was that it was OK as long as his wife was paid the "fair market value" for her services.

In that case, Jackson's wife had plenty of experience. In this case, Doolittle's wife had no experience. And she was being paid a 15% commission, which sounded high to Naomi Seligman.

So, obviously this sounds bad, and as Kiel says, it's quite possibly illegal. And even if it's not, it's fairly straightforward to make this exact thing illegal, but trying to draw a firm line here is harder than it looks.

Let's start by asking what's objectionable about this arrangement: the limitation on converting funds to personal use serves two purposes. First, it acts as a brake on the extent to which donors can incentivize politicians, since they can only use those funds for politically-related expenses, as opposed to say, buying a new car. Now, actually the incentive effect there seems pretty strong, especially since money is fungible and there are a bunch of ways for campaign funds to be used to benefit you personally. However, in order for any attempt to limit direct payments to make sense we need to assume that the incentive effects of direct payments are greater. So, the problem here is that Doolittle's incentives are now greater by 15% of the difference between campaign and direct incentives.

Seen in this light, it's not clear that a restriction to "fair market value" or experience makes that much difference, since if your spouse happens to be a lobbyist, you're still getting the same incentive effect to the tune of the fair market value. To make matters worse, what if two lawmakers swap: my spouse is your fundraiser and your spouse is mine. As long as we're not in competition and generally inclined to vote the same way, then donors can incentivize us fully--unless we're prepared to require that everyone hire only experienced people and pay them market value (and how do we determine that if this sort of thing becomes widespread?).

On the other hand, if we look at this as an incentive issue, it may be possible to remove the incentive: forbid fund-raisers to take a cut and make them take a flat salary. That would mostly leave the candidate with only the ordinary interest in raising a lot of money. Of course, that leaves us with the second purpose of this legislation: to prevent politicians from enriching themselves via the public purse. (Note: you can argue that these are private donations, but of course a major reason that these donations are given is to influence candidate behavior, which only applies because of their position). If we want to make that harder, we would probably need to ban politicians from employing anyone in any way related to them or related to any of their co-officeholders. I doubt that's going to happen any time soon.


April 16, 2006

Had dinner at Shalimar Sunnyvale this evening. Quality is quite commensurate with Shalimar Fremont. The restaurant seems to be a little larger than Fremont, but otherwise much the same. One important thing to know is that there is both an E. and W. El Camino, with W. El Camino being more Northern, towards Mountain View. Shalimar is at 1146 W. El Camino, just south of Bernardo, on the West side of El Camino. Google map here.

April 15, 2006

William Saletan points to an old but still relevant Gina Kolata article on the newest nutritional scare trans fats. A little background first. A fatty acid is basically a long string of carbons attached to a carboxyl (COOH) group, like this:
  H H H H H O-H
  | | | | | |	
  | | | | |
  H H H H H

That = sign is a double bond. You don't need to know the quantum theory here, but the rule of thumb here is that each carbon (C) can form a total of four bonds, each oxygen (O) can form a total of two, and each hydrogen (H) 1. So, in this structure, the right-hand C and the singleton O attached to it need to be double-bonded in order to make the bond count come out right. If we remove one H each from a pair of Cs, we can form a double bond between a pair of carbons too, like so:

  H H     H O-H
  | |     | |	
  | | | | |
  H H H H H

Fats with all single bonds (every available position taken up with a hydrogen) are called saturated. Fats with double bonds are called unsaturated and fats with more than one double bond are called, you guessed it, polyunsaturated. Saturated fats tend to be more solid and unsaturated fats tend to be more liquid. Also, they tend to spoil faster. For both these reasons, food manufacturers like to hydrogenate them: add hydrogens to some of the C-C double bonds (that's what e.g., "partially hydrogenated soybean oil" means. The "partially means that it's still partially unsaturated).

Now, the other thing you need to know here is that single bonds rotate freely. So, for instance, the carboxyl group (the COOH, remember) rotates on the bond to the next carbon (call it C2). But double bonds don't rotate freely, so the group attached to C3 (the one next to C2) is fixed with respect to the group attached to C4. These pictures don't capture the geometry well, but think of the bonds around C3 and C4 being arranged in a planar triangular geometry:

  H     H
   \   /
   /   \ 
  X     Y

Where X and Y represent the non-hydrogen groups.

Because the double bond is flat, that means that there are two orientations around it, the one where the hydrogens are on the same side, as shown above (called cis) and the one where they're on the opposite side, (called trans), shown below:

  X     H
   \   /
   /   \ 
  H     Y

Now, despite the fact that saturated fats taste good and are good for cooking with, there's also a fair amount of evidence that they're bad for you. See the 2002 Institute of Medicine Dietary Reference Intakes report for a survey of the current literature. In particular, there's a strong observed correlation between consumption of saturated fat and elevated low-density lipoprotein (LDL, "bad cholesterol")/high-density lipoprotein (HDL, "good cholesterol") ratio as well as to coronary heart disease (CHD).

This brings us to the topic of trans fats, which have also been shown to be associated with high LDL/HDL ratio and with CHD. In fact, trans fatty acids appear to have a higher impact on LDL/HDL ratio than do saturated fats, as seen below. However, it's unclear whether this difference is in fact clinically significant.

Figure from Ascherio et al. (1999) by way of the IOM report.

Why this is all relevant now is that there's been a lot of news about how bad trans fats are for you. In particular, groups like the Center for Science in the Public Interest are pressuring manufacturers to remove them from their products--with some success. For instance, many of this year's girl scout cookies are now trans fat free. Now, there's not necessarily anything wrong with removing trans fats from food, but these self-same cookies (thin mints in this case) have 6g of saturated fats (75% of the total fat load) per 170 calorie cookie.

Interestingly, girl scout cookies are made by two licensed bakers, ABC/Interbake and Little Brown Bakers. ABC's version is trans-fat free. Little Brown Bakers is not. Here's the relevant nutrititional info for the respective thin mints:

-ABC/InterbakeLittle Brown Bakers
Total fat (g)87
Saturated fat (g)64
Trans fat (g)01

Two things to notice here. First, the saturated + trans load is lower on the non-trans free cookie. Even if trans fats are significantly worse than saturated fats, it's not clear that 6g of saturated fats is better than 4g of saturated fats + 1g of trans fats. Of course, it's certainly possible that you could reformulate the LBB cookie to be trans fat free while retaining the 5g total load, but one wonders why ABC didn't do that if it were easy. Note also that the ABC cookies have a higher carbohydrate load, so it could just be a subtly different recipe. Nevertheless, I think it makes the point that you can't just look at trans fats.

The second thing to notice is that the total saturated fat load is much higher than the trans fat load, even in the non-trans-fat free cookie. This suggests that it's probably not a good idea to focus on trans fat reduction to the exclusion of saturated fats, since saturated fats comprise a much higher portion of the average person's diet, and so a rather higher fraction of your total risk.

So, why all the interest in trans fat? Here's Paul Rozin's explanation:

It is also an unsurprising one, said Paul Rozin, a psychology professor at the University of Pennsylvania who studies people's psychological relationships with the food they eat. While trans fat occurs naturally in foods like milk and meats, most trans fat in processed foods was created by chemically altering oils like corn oil, turning them into fats that add texture and stability. That means most trans fat is artificial, which causes many people to recoil.

"Food is one of the areas where people think to leave it alone is better," Professor Rozin says.

I guess not everyone believes in better living through chemistry.

Anyway, based on the data so far, it seems like it's worth being cautious about trans fats, but not treating it like plutonium. Given the data about LDL/HDL ratio, it's probably pretty to treat 1g of trans fat as somewhere between 1 and 1.5g of saturated fat.


April 13, 2006

AT&T wants to block EFF's use of some of their internal documents in EFF's suit against AT&T:
Mark Klein, a former technician who worked for AT&T for 22 years, provided three technical documents, totaling 140 pages, to the EFF and to The New York Times, which first reported last December that the Bush administration was eavesdropping on citizens' phone calls without obtaining warrants.


AT&T's lawyers also told the court that intense press coverage surrounding the case, including Wired News' publication of Klein's statement, was revealing the company's trade secrets, "causing grave injury to AT&T." The lawyers argued that unsealing the documents "would cause AT&T great harm and potentially jeopardize AT&T's network, making it vulnerable to hackers, and worse."

The EFF filed the documents last week under a temporary seal when it asked the judge to force AT&T to stop the alleged internet spying until the case goes to trial.

Well, I can certainly imagine that having it revealed that AT&T would consider the information that they were helping NSA spy on people something they'd want to keep secret, and that having people find out about it would harm their business. I'm pretty skeptical of the claim, however, that this information makes their network "vulnerable to hackers". It's not exactly secret information that telcos use Narus-type boxes to analyze their networks--actually, Narus lists AT&T as a customer--and while I don't know exactly what sort of topology AT&T is using here, it's not like you need something exotic to make this work. Indeed, much of the point of a system like a Narus is that it's easy to deploy.if their network is even remotely properly designed, it's hard to see how this information leaves them vulnerable--except to the extent to which it pisses off hackers who might otherwise attack somebody else.


April 12, 2006

Shalimar, the best Indian (Pakistani) restaurant in the Bay Area, has been promising for years to open a branch in Sunnyvale (the other three branches are in San Francisco and Fremont). We were at Shalimar Fremont tonight and they had a banner claiming that Shalimar Sunnyvale is finally open:

Address: 1146 El Camino Real
Phone: 408.530.0300

Try the Chicken Tikka Breast.


April 11, 2006

Iran announces that they've enriched some uranium:
If the Iranian declaration is correct, the enrichment and what appear to be rudimentary bomb-making documents that international inspectors have found in Iran suggest Iranians may now have most of the knowledge that Mr. Bush has sought to deny them.

At the least, they appear poised to be able eventually to expand enrichment on an industrial scale and, if they are determined to do so, enrich the uranium to levels necessary for an atomic weapon. But so far the quantities that the country has produced appear to be minuscule, and the enrichment level announced today 3.5 percent would work for producing power, not warheads.

International inspectors are stationed at Iran's main enrichment facility at Natanz, and presumably will be able to confirm or refute Iranian claims in coming days, assuming they have access to centrifuges.

Centrifuges are devices whose rotors spin very rapidly to enrich, or concentrate, a rare form of uranium known as uranium 235, which can then be used to fuel nuclear reactors or atom bombs. The 164 centrifuges Iran said it has strung together in a cascade are enough to test the technology, but with such a small number would take years to produce enough uranium for even one weapon.

Isotope separation is an incredibly expensive process because different isotopes are essentially chemically identical (though not 100%, see kinetic isotope effects). It's even worse in the case of uranium because the mass difference between U235 and U238 is only slightly over 1%. A lot of the uranium for the Manhattan project was separated by mass spectrometry.

For background here, natural uranium is .72% U235 and weapons-grade uranium is around 85% U235, though apparently you can get away with 20% (Wikipedia article here). According to Globalsecurity, you need about 1000-3500 centrifuges to produce enough material for a bomb, with more advanced designs needing less Uranium and consequently fewer centrifuges.


April 10, 2006

Schneier posts about KittenAuth, a reverse turing test in which you're asked to distinguish pictures of kittens from other kinds of animals. Schneier raises the obvious issue of how to brute-force these kinds of systems:
Of course you could increase the security by adding more images or requiring the person to choose more images. Another worry -- which I didn't see mentioned -- is that the computer could brute-force a static database. If there are only a small fixed number of actual kittens, the computer could be told -- by a person -- that they're kittens. Then, the computer would know that whenever it sees that image it's a kitten.

Of course, ability to brute force is basically a function of database size. My guess is that their database is pretty small, since I just got three copies of the same image in my challenge--though it does look like they're using some low-resolution fuzzing to make the problem harder. What you want is a large database of pictures that are pre-labelled for you and that people can't get a labelled database dump for. I don't know of one for cats/other animals (there's Flickr I Love My Cat Photo Pool, but it's pre-sorted). but male/female is als a quite difficult problem. The obvious choice for this is Am I Hot Or Not, which (1) has a large database (2) sorts pictures into male/female and (3) doesn't seem to let you get a copy of the database. They also sort things into age ranges of 18-25, 26-32, 33-40, and over 40, so you could probably get another bit from 18-25 vs. over 40.


April 9, 2006

Seymour Hersh's monster piece on the Bush Administration's plans for Iran is required reading. Highlights:
A government consultant with close ties to the civilian leadership in the Pentagon said that Bush was absolutely convinced that Iran is going to get the bomb if it is not stopped. He said that the President believes that he must do what no Democrat or Republican, if elected in the future, would have the courage to do, and that saving Iran is going to be his legacy.

One former defense official, who still deals with sensitive issues for the Bush Administration, told me that the military planning was premised on a belief that a sustained bombing campaign in Iran will humiliate the religious leadership and lead the public to rise up and overthrow the government. He added, I was shocked when I heard it, and asked myself, What are they smoking?


One of the militarys initial option plans, as presented to the White House by the Pentagon this winter, calls for the use of a bunker-buster tactical nuclear weapon, such as the B61-11, against underground nuclear sites. One target is Irans main centrifuge plant, at Natanz, nearly two hundred miles south of Tehran. Natanz, which is no longer under I.A.E.A. safeguards, reportedly has underground floor space to hold fifty thousand centrifuges, and laboratories and workspaces buried approximately seventy-five feet beneath the surface. That number of centrifuges could provide enough enriched uranium for about twenty nuclear warheads a year. (Iran has acknowledged that it initially kept the existence of its enrichment program hidden from I.A.E.A. inspectors, but claims that none of its current activity is barred by the Non-Proliferation Treaty.) The elimination of Natanz would be a major setback for Irans nuclear ambitions, but the conventional weapons in the American arsenal could not insure the destruction of facilities under seventy-five feet of earth and rock, especially if they are reinforced with concrete.


The adviser added, however, that the idea of using tactical nuclear weapons in such situations has gained support from the Defense Science Board, an advisory panel whose members are selected by Secretary of Defense Donald Rumsfeld. Theyre telling the Pentagon that we can build the B61 with more blast and less radiation, he said.


If the order were to be given for an attack, the American combat troops now operating in Iran would be in position to mark the critical targets with laser beams, to insure bombing accuracy and to minimize civilian casualties. As of early winter, I was told by the government consultant with close ties to civilians in the Pentagon, the units were also working with minority groups in Iran, including the Azeris, in the north, the Baluchis, in the southeast, and the Kurds, in the northeast. The troops are studying the terrain, and giving away walking-around money to ethnic tribes, and recruiting scouts from local tribes and shepherds, the consultant said. One goal is to get eyes on the groundquoting a line from Othello, he said, Give me the ocular proof. The broader aim, the consultant said, is to encourage ethnic tensions and undermine the regime.


The adviser went on, If we go, the southern half of Iraq will light up like a candle. The American, British, and other coalition forces in Iraq would be at greater risk of attack from Iranian troops or from Shiite militias operating on instructions from Iran. (Iran, which is predominantly Shiite, has close ties to the leading Shiite parties in Iraq.) A retired four-star general told me that, despite the eight thousand British troops in the region, the Iranians could take Basra with ten mullahs and one sound truck.



April 8, 2006

EFF is suing AT&T claiming that they've been assisting the government in wholesale Internet surveillance. Here's the writeup from Wired about what supposedly happened:
According to a statement released by Klein's attorney, an NSA agent showed up at the San Francisco switching center in 2002 to interview a management-level technician for a special job. In January 2003, Klein observed a new room being built adjacent to the room housing AT&T's #4ESS switching equipment, which is responsible for routing long distance and international calls.

"I learned that the person whom the NSA interviewed for the secret job was the person working to install equipment in this room," Klein wrote. "The regular technician work force was not allowed in the room."

Klein's job eventually included connecting internet circuits to a splitting cabinet that led to the secret room. During the course of that work, he learned from a co-worker that similar cabinets were being installed in other cities, including Seattle, San Jose, Los Angeles and San Diego.

"While doing my job, I learned that fiber optic cables from the secret room were tapping into the Worldnet (AT&T's internet service) circuits by splitting off a portion of the light signal," Klein wrote.

The split circuits included traffic from peering links connecting to other internet backbone providers, meaning that AT&T was also diverting traffic routed from its network to or from other domestic and international providers, according to Klein's statement.

The secret room also included data-mining equipment called a Narus STA 6400, "known to be used particularly by government intelligence agencies because of its ability to sift through large amounts of data looking for preprogrammed targets," according to Klein's statement.

Narus, whose website touts AT&T as a client, sells software to help internet service providers and telecoms monitor and manage their networks, look for intrusions, and wiretap phone calls as mandated by federal law.

Let's assume for the sake of argument that what Klein is saying is substantially accurate. That sounds bad but doesn't necessarily mean that the NSA is doing mass surveillance on Americans. It could, for instance, be targeting only traffic destined to be routed out of the US, or traffic for which the NSA has FISA warrants, etc. Given the government's reluctance so far to reveal details of its surveillance program, it may be hard to find out what's really going on. On the other hand, given Alberto Gonzales's statement that he can't rule out domestic warrantless wiretaps, I wouldn't exactly be shocked if it turned out that something like that was already going on.


April 7, 2006

Brian Korver and I spent most of last night recovering severe filesystem corruption issues on a pair of our servers. For background for the rest of this post, here's the configuration of the machines:
  • Pentium 4 3 GHz
  • ASUS P4C800-E motherboards
  • 2x240 GB Maxtor SATA hard drives
  • FreeBSD 5.3/5.4

These ASUS motherboards have four SATA connectors, two tied to a Promise PDC20378 RAID controller and two tied to an Intel IHC5R. We had the drives set up in a RAID 1 (mirroring) configuration using the Promise controller, on the theory that this would provide high availability in the case of drive failure. Now, I'm the first to admit that my knowledge of RAID is sketchy and as I was about to discover, the gap between theory and practice is rather large in this case. Call this critical mistake 1.

The precipitating event for last evening's festivities was a hardware fault in one of the drives on machine #1 during a routine operating system upgrade. This caused the machine to hang. Upon reboot I discovered to my extreme dismay that fsck was also hanging trying to fix the hard drives. So much for high availability. Time to haul out the fixit CD, reboot, etc. Now, the thing you need to know about these machines. They're physically completely identical and they're installed in the rack one on top of the other (critical mistake #2) and so in the process of trying to salvage machine 1, I accidentally frobbed the reset switch of machine 2 (critical mistake #3), and apparently on these machines ACPI isn't set up to treat this as a clean powerdown (critical mistake #4).

Now, ordinarily this just entails a reboot and some machine slowage while the background fsck runs, but in this case we got the extra bonus of the fsck hanging on startup. Now, remember that unlike machine 1, there's absolutely nothing wrong with the hardware machine. It was pure pilot error and fsck should be able to recover, but what we're actually seeing in practice is that it halts (by which I mean complete machine unresponsiveness) to even the first hint of filesystem corruption. It's not just fsck, either--trying to make a tarcopy of the disk also causes hangage. Needless to say, this is not usual behavior for FreeBSD, which normally fscks just fine. The only other time I've seen this is on one of these machines about 6 months ago, and so at this point I'm starting to suspect that the problem is the RAID system or the FreeBSD RAID drivers and that I'm basically hosed.

Needless to say, I was a little despondent about the meltdown, but in the midst of my preparations for hari-kari, it came to me [*]: these drives are set up in a mirrored configuration, so each drive has a complete set of filesystems on them. The kernel can talk to each drive individually, so what if we just try to mount one of them directly rather than throuth the RAID? We try it and it superficially works, leading to the following restore procedure:

  1. Disconnect both drives from the Promise controller.
  2. Connect one drive up to the IHC5R, leaving--and this is important--the other unconnected as a backup in case we hose something on the restore.
  3. Turn off RAID on the IHC5R (it's got RAID 0 support)
  4. Boot up the kernel in single-user mode. At this point it hangs because it's trying to find the root partition on the RAID /dev/ar0s1a, which no longer exists.
  5. Key the right partition (/dev/ad10s1a) in at the provided prompt.
  6. Once the machine comes up single-user carefully fsck all the filesystems.
  7. Edit /etc/fstab so that all references to /dev/ar0s? point to /dev/ad10s1?.
  8. Reboot the machine.

This all worked fine for machine 2 (it was more important so we fixed it first) but when we got to machine 1, we got a DMA error off drive A (remember the hardware fault that kicked all this off?). No problem we'll use drive B. But when we tried it the system couldn't see drive B at all. A little investigation revealed that in all the screwing around we'd managed to knock the SATA connector off of drive B (stupid interference fit SATA connectors). Plugging that in seemed appropriate and let us see the drive.

At that point, we had working systems (without RAID and they're staying that way) and so were able to finish up:

  1. Take a fresh backup and put it in a safe place.
  2. Finish the system upgrade that we were doing when things went to hell.
Total elapsed time from first failure to going home for the evening: 7 hours.
Scott McLellan:
But Bush's spokesman, Scott McClellan, appeared to draw a distinction about Bush's oft-stated opposition to leaks. ''The president would never authorize disclosure of information that could compromise our nation's security,'' Bush's spokesman said.

Bernard Woolley:

That's another of those irregular verbs, isn't it? I give confidential briefings, you leak, he is being prosecuted under Section 2A of the Official Secrets Act.

April 6, 2006

The Gospel of Judas, released Thursday, offers a version of the crucifixion narrative in which Jesus apparently asks Judas to betray him to the Romans (excerpts here) though it's actually not as explicit as you may have heard. The press coverage of the Gospel focuses--misguidedly in my view--on the question of whether the Gospel is factual or not (see, for instance, this Times article), but really there's nothing new here. Ever since Nag Hammadi we've been swimming in alternate gospels, including ones named after Thomas, Philip, and Mary.

The facts of the situation are this: There are an enormous number of alternative texts to the canonical Gospels and the other canonical texts. While most of them appear to be rather newer than the big four, at least one, the Gospel of Thomas, is widely believed to be very old (cf: the two-source hypothesis). Many of these texts tell radically different narratives than the canonical ones. Even Thomas, which to a great extent resembles the canonical material, has some surprising material:

(37) His disciples said, When will you become revealed to us and when shall we see you?"

Jesus said, When you disrobe without being ashamed and take up your garments and place them under your feet like little children and tread on them, then [will you see] the son of the living one, and you will not be afraid"


(114) Simon Peter said to them, "Let Mary leave us, for women are not worthy of life."

Jesus said, "I myself shall lead her in order to make her male, so that he too may become a living spirit resembling you males. For every woman who will make herself male will enter the kingdom of heaven.

Nearly all of this material was floating around at the time that the current canon was finally solidified in the 4th century CE. The process of selection was fairly messy, intensely political, and far from instantaneous. (This site provides a good introduction to the history). This process appears to have been driven to a great extent by the authorities choosing texts which matched their beliefs rather than assessing the accuracy of the texts based on the kind of historical critical techniques that modern scholars use. Obviously, if you're a believer in one particular set of texts that's something you have to come to grips with, but if you've been paying attention it's not exactly news.


April 5, 2006

From Jared Diamond's Collapse:
Especially puzzling, if one believes that there was nothing more to the genocide than Hutu-versus-Tutsi ethnic hatred fanned by politicians, are events in northwestern Rwanda. There, in a community where virtually everybody was Hutu and there was only a single Tutsi, mass killing still took place--of Hutu by other Hutu. While the proprtional death toll there, estimated as "at least 5% of the population" may have been somewhat lower than that overall in Rwanda (11%), it still takes some explaining why a Hutu community would kill at least 5% of its members in the absence of ethnic motives. Elsewhere in Rwanda, as the 1994 genocide proceeded and as the number of Tutsi declined, Hutu turned to attacking each other.


All but one of the known victims at Kanama fell into one of six categories. First, the single Tutsi at Kanama, a widowed woman, was killed. Whether that had much to do with her being Tutsi is unclear, because she furnished so many other motives for killing; she had inherited much land, the had been involved in many land disputes, she was the widow of a polygnous husband (hence viewed as a competitor of his other wives and their families), and her deceased husband had alread been forced off his land by his half-brothers.

Two more categories of victims consisted of Hutu who were large landowners. The majority of them were men over the age of 50, hence at a prime age for father/son disputes over land. The minority were younger people who had aroused jealousy by being able to earn much off-farm income and using it to buy land.

A next category of victims consisted of "troublemakers" known for being involved in all sorts of land disputes and other conflicts.

Still another category was young men and children, particularly ones from impoverished background, who were driven by desperation to enlist in the warring militias and proceeded to kill each other. This category is epecially likely to have been underestimated, because it was dangerous for Andre to ask too many questions about who had belonged to what militia.

Finally, the largest number of victims were especially malnourished people, or especially poor people with no or very little land and without off-farm income. They evidently died because of starvation, being too weak, or not having money to buy food or to pay the bribes required to buy their survival at roadblocks.

Thus, as Andre and Platteau note, "The 1994 events provided a unique opportunity to settle scores, or to reshuffle land properties, even among Hutu villagers.... It is not rare, even today, to hear Rwandans argues that a war is necessary to wipe out an excess of population and to bring numbers into line with available resources."

For some reason, I can't find any mention of this incident in Gourevitch's We Wish to Inform You That Tomorrow We Will be Killed With Our Families: Stories from Rwanda, Powers's or A Problem from Hell: America and the Age of Genocide, or Dallaire's Shake Hands with the Devil : The Failure of Humanity in Rwanda.

April 4, 2006

Biondi and Desclaux's slides from BlackHat Europe are very interesting. They seem to have done a fairly complete job of reverse engineering the binary and explain how a bunch of features work. One thing I've started hearing recently is that they've "cracked" Skype (see, for instance, this article by Ryan Singel), which is true in some technical sense, but kind of misleading.

The primary security property that you as a user of Skype care about is that other people can't listen to you communications, impersonate the person you're calling, etc. We don't have complete documentation on Skype's protocols, but neither the Biondi and Desclaux work or Tom Berson's review indicates that there's any problem there--with the obvious exception that Skype themselves can man-in-the-middle your communications, but that's inherent in them being the certificate authority, so that's no secret.

However, Skype, Inc. has a secondary security property they want to enforce: that you go through their network. They use a bunch of security techniques to tie the software to their network and Biondi and Desclaux do show how to bypass those protections. So, while they can be said to have "cracked" Skype, but it doesn't really represent a threat to your security as much as to Skype's business model. Note that Biondi and Desclaux do suggest that this could be used to attack your communications by giving you a compromised copy of Skype, but if they can convince you to install software of their choice, the game is pretty much over in any case--they can just install spyware directly--so that's not really that interesting a threat.

None of this means, of course, that Skype doesn't have vulnerabilities in their software proper, but then what software doesn't? Finding a vulnerability like that isn't really the same as breaking the protocol or the system as a whole.


April 3, 2006


Grizzly Paw Brewing Company
Your typical brew pub with maybe 1 sigma better food than average. Beer was so-so. $10-15 CAD for entrees.

Fresh Trax Cafe
The cafe at the Nordic Centre (see below). Pretty good, actually, considering. $5 CAD for a Paninni.

Luna Blue
Quirky little pasta restaurant on Canmore's Main Street. I had Spaghetti Napolitana (i.e., spaghetti in tomato sauce) which I expected to be generic, but was really struck by how good the pasta itself was. Cost: $40 CAD with drinks.

Coffee Pot and Curry Stop
A coffee shop which is also a curry joint. Mrs. Guesswork and I both had the "Curry in a Hurry", which is curry over rice with a few small pieces of naan. Not the best I've ever had, but solid--and a lot better than you expect at a coffee shop. The beef was nicely spicy and the naan was just a bit greasy. Cost: $7 CAD.

The Rose and Crown
Typical English pub. Mrs. G. really liked the fish and chips. I agree the chips were excellent but found the fish a bit marginal. I had a pretty good spinach salad. Cost: $10 CAD or so, per person not including drinks.

Zona's Late Night Bistro
Fusion. The most interesting meal we had in Canmore. Mrs. G had a Caesar Salad and the Molasses Morrocan Lamb Curry. I had the spinach salad (just a bit too sweet, but still good) and the Savory ??? Salmon Rushdie (sorry, forgot the whole name here) -- basically Indian butter chicken with salmon instead of the chicken (could have used a bit more sauce). As noted, neither of the items I had was perfect, but the salmon was extremely interesting, as was the lamb. Definitely worth a try. Cost: $60 CAD or so including drinks.

Tim Horton's
By law, all Canadian towns must have a Tim Horton's. In Canmore, the Tim's is colocated with a Wendys, which is currently under construction. In order to ensure compliance, the Tim's was open in a trailer attached to the building. Cost: $3-4 CAD for two muffins and a hot chocolate.

Coffee Mine
Apparently the standard coffee place in Canmore. Mrs. G. says the coffee was really good. Cost: $1-2 CAD for drip.

Crazy Weed Kitchen
Generally considered the best restaurant in Canmore (according to some in Canada). We tried to get a reservation Sat night but were denied so went for an early lunch on Sun. A highly mixed experience. The service was somewhat brusque, and they didn't make a good impression on me when they were out of most of their beers. I ended up with an Alexander Keith's which was described as "like a lager... an IPA". These are words you should never hear, and while I'll concede that it was true that it was a remarkably lager-like IPA, if I ever had to say this about a beer I was selling I would discontinue selling it immediately.

Mrs. G. ordered a prosciutto, swiss, and olive paninni with a house salad and I ordered a sausage, etc. 10" pizza. I was informed it would be 20 minutes for the pizza, which was fine since we were there early anyway. About 30 minutes later, the sandwich showed up and I was told the pizza would be there in "2 minutes". About 5 minutes later another waitress (not ours) showed up and told me that the kitchen had made the wrong pizza and I could either wait 20 minutes for another or take the one they had made. I told her I'd take the third option and go somewhere else. "Are you sure?" "Yes". A few minutes later our waitress showed up and apologized and offered me one of the pizzas (which one wasn't clear) for free, but at this point I was just ready to leave and asked for the check.

Just to be clear, nobody was every rude or anything like that and I realize that restaurants do botch orders from time to time, but given that I'd just waited for 30+ minutes for my food I kind of expected the first offer to be a little better than to wait another 20 minutes or so. For what it's worth, Lisa reports her food was excellent. Cost: $20 CAD for a drink and Lisa's lunch.

Famous Chinese Restaurant
Divey looking Chinese restaurant on the outside. Somewhat less divey looking on the inside. Totally empty. I had the special Singapore-style rice noodles, which were excellent and just the right amount of spicy. Cost: $12 CAD.


Falconcrest Lodge
We stayed at the Falconcrest Lodge, which I can't really recommend. The facility itself is quite nice, but there are environmental problems. The first room we were in was at the back of the hotel but unfortunately the wireless Internet didn't work there (we could see an AP, but it wouldn't issue us an address). They moved us to another room which seemed fine until 6 the next morning when we discovered that it was right across from a construction site. They moved us again (and were very nice about it) to a room which seemed quieter, but we could never get the temperature right: despite turning the thermostat to minimum (and even setting it to "cool") I still woke up in the middle of the night sweating and thirsty.

We solved this problem by opening the window, only to discover that this room actually had quite a bit of road noise as well, not to mention something that sounded like either a party or a hockey game (is there a difference) on Saturday night. I know that this all sounds like I'm an incredible pain in the ass, and it's true that I'm pickier than average (and definitely like my room colder than average), but this really was below the standard I expect. It seems like a lot of the hotels in Canmore are close to the road, so noise is probably a factor for many of them, but if I come back to Canmore I will plan to stay somewhere else. Cost: $134 CAD + tax, etc.

Sports Facilities

Canmore Nordic Centre
Canmore Nordic Centre is a main training location for the Canadian National Cross-Country Ski team and was the site of the X-C events for the 1998 Winter Olympics. That said, while you may see the occasional Olympian (there was a celebration for them while we were there) it's your typical cross-country ski resort, complete with ski shop (where we rented our skis) and cafe (see above). It's only at about 4700 feet, so at this time of year the snow varies between good and marginal (icy in some spots, bare and soft in others), but the trails are well marked and I imagine would be excellent in mid-winter. Difficulty level was average, even on the trails marked "difficult". Cost: $7 CAD/day with free skiing outside the hours of 9-5.

Mt. Shark
Mt. Shark is just a Canadian Provincial Park that's been groomed for X-C skiing. It's at higher altitude and the snow here was better than at the Nordic Centre--although our first hour or so was spent skiing into snow. The trail markings here are a bit iffy and we did one 3-4 km loop twice before we realized we were going in circles. The major drawback here is isolation: to get here from Canmore you need to drive for about 35 minutes over a wide but poorly graded dirt roads and when you get there there's no visitor's center, just a vault toilet and the usual map sign. Cost: free.

Peter Lougheed Provincial Park
Our best day of skiing was at Peter Lougheed Provincial Park (1 hr from Canmore). Snow quality was generally good, though there were some extremely icy sections interspersed with a number of sections so soft that as you skied onto them it felt like your parachute had deployed. The scenery is pretty unbeatable though, with basically nobody around and views of the Rockies. The trails are well marked and there's a lot of difficulty variation so you can get a good workout if you choose, or just coast. Cost: free but buy a map for $1.25 CAD and maybe a cookie from the nice ranger at the visitor's center.

The Vsion Climbing Gym
Vsion Climbing Gym (in Elk Run Industrial Park, outside of Central Canmore) is sort of your generic low-budget climbing gym. It has a bunch of plywood nailed up at various angles with the usual assortment of holds and tape-marked routes. While there are some anchors hanging from the ceiling and they'll rent you a belay device (a tube or a Grigri), this is basically a bouldering place. The highest point is two stories up and you just put down a crash pad and take your chances. I found the routes here quite difficult, with a lot of overhangs and doorways, so don't be surprised if you find yourself dying on some marked "easy". Cost: $16.50 CAD drop-in plus $5 CAD for shoe rental.


April 2, 2006

Walk on the boardwalk of Santa Cruz or most any other tourist-oriented American seaside community (and they nearly all have boardwalks, or "Fisherman's wharf" or some-such thing, don't they?) and nestled between the fish restaurants and shops selling tourist schwag you'll notice one that sells candy, and in particular fudge and salt-water taffy. Until recently, this never struck me as particularly remarkable, probably due to small sample size, and because such boardwalks are typically festivals of junk food anyway; the Santa Cruz boardwalk is actually an amusement park. Moreover, they're located near the sea and for some reason I've always mentally registered salt water taffy as a maritime product (it's the salt water bit, don't you know?).

Strangely, while I've seen lots of candy stores, I don't recall ever seeing a "fudge store" anywhere outside a tourist area. This could of course be observer bias, but I'm fairly partial to fudge so I tend to think I would have noticed. I recently encountered this phenomenon in its purest form in Canmore, Alberta, which hosts a thriving tourist trade (for skiing) and boasts a combination fudge/candy/gift shop, called, as I recall "Fudge and Gifts". It wasn't particularly good fudge, as you might expect to be served by someone who went into the business because they loved fudge. It's more like the proprietors sensed that tourists needed fudge and gifts and decided to fill the need. So, the question I have is: what is it about fudge that makes it particularly attractive to sell to tourists?

My best explanation is that fudge is basically an indulgence product--not in the sense that it's expensive, but in the sense that it's clearly incredibly rich and fattening--and that people in vacation have given themselves leave to indulge in a way they wouldn't at home. The problem with this explanation, of course, is that ice cream is also incredibly rich but North America is littered with ice cream shops, even in totally non-tourist cities like Palo Alto or Dallas, and ice cream has been getting more fatty and rich over the years, not less. It's not obviously climatic, either, since there are plenty of ice cream stores in cold areas. Another possibility is that ice cream is just better than (preferred to, that is) and so people are more willing to indulge regularly. That's not much of an explanation either, but it's the best one I have. Can you do better?