EKR: September 2007 Archives


September 30, 2007

Polio vaccine comes in two types, the original inactivated Salk vaccine (IPV) and the somewhat later attenuated Sabin vaccine (OPV) [*]. The Sabin vaccine can be delivered orally, provides superior immunity, and because it's live, it can infect people other than the vaccinated, providing some immunity to them. The disadvantage is that it can occasionally convert in the body into an infectious form. That's what's been happened in Nigeria:
So far, there are 69 confirmed cases of paralysis, and more suspected, caused by VDPV in nine northern Nigeria states, says Kew. The case count seems certain to rise. About half the cases have occurred around Kano, a largely Muslim state where anti-Western sentiment and rumors that the vaccine caused sterility or AIDS led several states to halt polio vaccination in 2003. After repeated demonstrations of the vaccine's safety and considerable behind-the-scenes diplomacy, vaccinations resumed about a year later, but the damage had already been done.


The current outbreak came to light when a technician at the CDC polio lab noticed a preponderance of type 2 virus in the isolates sent in from northern Nigeria. That instantly raised suspicion, Kew says, because wild type 2 poliovirus has been eradicated globally. That meant the only possible source was the trivalent vaccine, which had been used in Nigeria in preboycott campaigns. Since Nigeria resumed vaccinations in 2004, says Kew, it had "quite properly" been using the more effective monovalent vaccines against wild types 1 and 3 in its campaigns. Genetic analysis quickly confirmed the source; it also suggests that several VDPVs emerged independently in 2005 and 2006, multiple times.

The problem here seems to be that if your overall vaccination rate is really low, then any cases of VPDV can spread through the rest of the population:

In earlier outbreaks, circulating VDPVs have been relatively easy to stamp out, but this one has persisted despite four campaigns with trivalent OPV in the past year. "We suspect it is simply because the coverage was not adequate; we don't believe there is anything exceptional about this virus," says Kew. As evidence, he notes that two VDPV strains jumped from Nigeria to Niger, where routine vaccination is almost 90%. Both "barely made it 5 kilometers before they dead-ended," he says.

Unlike Nigeria, the vaccine of choice in the US is IPV.


September 28, 2007

The NYT covers the kabuki theater over the new citizenship test. Predictably, those opposed to immigration said the old test was too easy and those in favor say the new test is too hard:
The redesign of the test, the first since it was created in 1986 as a standardized examination, follows years of criticism in which conservatives said the test was too easy and immigrant advocates said it was too hard.

The new questions did little to quell that debate among many immigrant groups, who complained that the citizenship test would become even more daunting. Conservatives seemed to be more satisfied.


In a statement today, the Illinois Coalition for Immigrant and Refugee Rights, one of the groups consulted in shaping the new test, denounced it as "the final brick in the second wall." The group said the test included "more abstract and irrelevant questions" that tended to stump hard-working immigrants who had little time to study.

But several historians said the test appeared to be fair.

"People who take this seriously will have a good chance of passing," said Gary Gerstle, a professor of American history at Vanderbilt University. "Indeed, their knowledge of American history may even exceed the knowledge of millions of American-born citizens."

John Fonte, a senior fellow at the conservative Hudson Institute, called the new test "a definite improvement." But he said it should have included questions about the meaning of the oath of allegiance that new citizens swear. "I would like to see an even more vigorous emphasis on Americanization," he said.

This whole debate is a little hard to take seriously because the test only has 100 questions, all of which are published in their entirety along with the answers. In order to pass, you need to get 6 right out of 10 chosen by the examiner (this is unchanged from the previous test.) Whatever the questions, this doesn't exactly require deep knowledge. Given this format, it's pretty hard to take seriously objections that it's somehow too hard to pass. I'm pretty confident with a day or two to prepare I could pass a similar test on the history of Burkina Faso, or for that matter, Epsilon Eridani.

On the other hand, given this format it's pretty hard to get excited about claims that it's somehow too easy to pass—that somehow we're passing people who don't understand American civics—even with the old test. A test with 10,000 questions rather than a hundred would be a lot more plausible. It would at least preclude memorizing all the questions.


September 27, 2007

Yes, yes, Verizon sucks for refusing to allow blast SMSes from NARAL, even if they did eventually recant. But fundamentally what you should be objecting to is a system in which you need permission from Verizon for this kind of activity ( this was opt-in so NARAL wasn't spamming). But that's what you get when you have a centralized messaging system going through some provider choke point instead of a transparent data bearer service. You'll note that I can make some Internet mailing list without asking Comcast or permission.
This weeks NEJM has a study [link goes to abstract, but the full article seems to be available] on the relationship of early thimerosal exposure via vaccines and neurophysiological functioning. They don't find anything very interesting:
Among the 42 neuropsychological outcomes, we detected only a few significant associations with exposure to mercury from thimerosal. The detected associations were small and almost equally divided between positive and negative effects. Higher prenatal mercury exposure was associated with better performance on one measure of language and poorer performance on one measure of attention and executive functioning. Increasing levels of mercury exposure from birth to 7 months were associated with better performance on one measure of fine motor coordination and on one measure of attention and executive functioning. Increasing mercury exposure from birth to 28 days was associated with poorer performance on one measure of speech articulation and better performance on one measure of fine motor coordination.

This sounds sort of bad, but because of the very large number of measures tested, it's not at all implausible that this is just a case of data mining—something the authors point out as well.

It's also worth noting that they didn't include autism measures. Apparently there's another study on that in the works.


September 26, 2007

Mrs. G. was singing Frére Jacques earlier tonight and it reminded me of the generally incorrect English translation. As Landes points out, "sonnez les matines" is an imperative "ring the morning bell", not, as commonly translated "morning bells are ringing." The idea here is that this is an instruction to whatever monk is responsible for ringing the bells calling the other monks to morning prayer.

I seem to have lent out my copy of Revolution in Time, so I had to resort to Wikipedia, which goes on in some detail:

Given that some maintain that nursery rhymes have serious themes when they are examined in detail (this might not always be true, however[2][3] ), one might infer some morbid undercurrent to the French version of this song. Admittedly, if the song originally was created to commemorate some negative event, it might have greater cultural resonance and be more likely to be incorporated into the canon of cultural elements that are transmitted from generation to generation. Once a memetic unit like this song reached sufficient familiarity and social penetration, it presumably would continue to be passed on as part of a tradition even though its original meaning had been forgotten. If one subscribes to this line of reasoning, one might expect Frére Jacques to refer to a well known figure and a well known event.

Another piece of evidence that appears to support a dark interpretation of this song is the fact that in some places such as Austria, it was at one time commonly sung in a minor key, rather than a major key, giving the song the quality of a funeral dirge.[4][5]

In this vein, some have suggested that this verse might not refer to sleep, but to the death of a friar or monk, or perhaps a member of one of the religious military orders. For example, it is widely believed in France that the renowned Frére Jacques de Molay of the Templar Knights, who was executed in 1314, is the subject of the Frére Jacques song.[6][7] This claim should be probably approached with an air of caution, because there are many alternate interpretations. For example, the poet Jean-Luc Aotret has written a poem suggesting that the subject of Frére Jacques is the excommunicated Franciscan poet Jacopone da Todi (1236\u20131306).[8][9][10]

OK, then.


September 25, 2007

Brian Korver and I took a 3-day, 2-night trip in the Jennie Lakes Wilderness in the Sequoia National Forest.

The trailhead is out past Freso, so we got there about 4:30. The first day was short, out to Weaver Lake. The second day was fairly long (GPS nav says 16 miles and 4000-5000 feet of climbing), out to Marvin Pass. By the time we got there it was looking pretty cold and windy, so we decided not to go to Mitchell Peak and headed down to JO Pass and Jennie Lake. Jennie Lake is at 9040 feet, and by 7:30 it was so cold I repaired to the tent. About midway through the night, I noticed what I thought was rain on the tent and brought our packs into the vestibule. Turns out it was snow. Cold, but an impressive view. The trip back to the trailhead is mostly downhill and fairly easy.

On our way back we stopped by Grant Grove and checked out the Boole Tree and the General Grant Tree. I knew giant sequoias were big, but actually seeing one is a bit different.

GPS distance: 27 miles (nominal, 23 miles)
Total ascent: 7000 ft
Cost: $20 park entrance
Pics here.


September 23, 2007

Apparently the iPod SHA-1 thingamajig has been reverse engineered. As I said earlier, I'm not convinced that this actually was intended to lock down the iPod. However, it's interesting to ask how one would actually do that in a way that was harder to reverse engineer.

Two goals were ascribed to the alleged SHA-1 in the database:

  • Stop any programs other than iTunes from managing the iPod.
  • Lock the iPod to a specific instance of iTunes.

If all you have is a hammer, everything looks like a nail, and if you're a COMSEC guy, problems like this bring crypto to mind. At a high level, there are two cryptographic strategies for this kind of job: encrypt the database which is then decrypted by the iPod/iTunes or apply an integrity check which is checked by the iPod/iTunes. Each of these have advantages in some contexts, but we can treat them mostly the same for the purposes of our discussion, so without loss of generality, let's talk about an integrity check.

The difficulty, as with most cryptographic contexts, is key management. We want to make sure that only legitimate copies of iTunes can produce databases that the iPod can verify, which means that iTunes has to contain a key that isn't known to third party developers. There are two options here: all copies of iTunes have the same key—this is basically the same as a fixed, secret, integrity check function or one over unknown data, i.e., the situation we have now. Any system of this type is very vulnerable to key extraction via reverse engineering. Once you have the key (or the function) you can write your own program.

The other approach is to use a separate key for each copy of iTunes. When a new iPod is attached to iTunes, it gets a copy of the key (imprinted). The most attractive mechanism here is probably to use public key cryptography and put the public key on the iPod. The key can even be signed by Apple to avoid false imprinting. Then all database updates are signed and the iPod verifies them. Of course, you can still mount a reverse engineering attack and extract the key from a single copy of iTunes, but then we're in an arms race where Apple can program new iPods to ignore that key, thus forcing the third-party software authors to constantly change keys.1

Another strategy for the attacker is not to extract a single key but rather to have the third-party software extract keys from a valid copy of iTunes, though this is obviously this is a bit inconvenient if you don't want to be involved with Apple's software at all.

If this sounds like the kind of issues you have with DRM, it is. And like DRM, the attacker has an enormous advantage as long as your system is software only and he's prepared to reverse engineer it. The situation changes a lot if you are willing to have trusted hardware (in this case on the host computer) but that would be a big change for Apple.

1. If Apple is willing to force people to register online, you can make detection and revocation of extracted keys much more efficient.


September 21, 2007

Via cilogear makes packs, a link to empirical work on how to dig out someone who was buried in an avalanche. Money quote:
To prevent the problem of digging straight down to the victim and creating a non-workable hole, we determined that it was essential to clearly define the excavation area before digging. This area, called the "starter hole," should be excavated first, preferably starting on one's knees. Once this hole is up to the rescuers' waists, then the next level can be excavated. Without this starter hole, rescuers tend to get "tunnel vision" and lose the opportunity to create a hole that will be workable when the victim is reached.


Via Crooked Timber Philippe Van Parijs tries to figure out a fair way for everyone to communicate using English. The basic point is that it's a lot easier for people to communicate if we all speak the same language, but it's a much higher burden for those who don't speak English to learn it than it is for native English speakers to, well, do nothing. Is there some way to balance this burden? Incidentally, there's some sort of analogy here to the transition from IPv4 to IPv6, but the incentives are in a different direction—the established players all have IPv4 addresses, it's those who by definition are less established who would likely benefit the most from IPv6.


September 16, 2007

This article in Science reports on the lack of improvement in cancer treatments for Adolescents and Young Adults (AYAs). Here's the depressing figure from the article, showing the situation from 1975 to 1999:

It's not really clear what the issue is. The dominant theory seems to be that pediatric cancers and adult cancers are fundamentally different and that AYA tumors mix them and so adult treatment, at least, doesn't work. It's unclear if pediatric treatment will work better, but the specialists seem skeptical.

Also, note the negative progress in the 30-35 cohort. I wonder if that's real or just noise.


September 15, 2007

The iPod/iPhone is obviously designed to be used with iTunes, but for a variety of reasons, some people want to use them without. A number of pieces of 3rd-party software have been developed that can talk to the iPod, copy songs to the disk, manage playlists, etc. However, the newest iPods appear to have some feature that makes this problematic:
At the very start of the database, a couple of what appear to be SHA1 hashes have been inserted which appear to lock the iTunes database to one particular iPod and prevent any modification of the database file. If you try to do either of these, the hashes will not match and the iPod will report that it contains "0 songs" when the iTunesDB would otherwise be perfectly adequate.

Can't you get around this?

Well, maybe. We really need people who are excellent at reverse engineering to help.

This is what we know so far about the start of the iTunesDB file:

MHBD header:
0x00   4  mhbd
0x04   4  header size = 0xBC       (changed)
0x08   4  filesize
0x0C   4  unknown = 1
0x10   4  version number = 0x19    (changed)
0x14   4  child count    = 0x05    (changed)
0x18   8  itunes databaseid
0x20   2  unknown = 2
0x22   2  unknown = 0x0263         (changed, 0x0000 before)
0x24   8  ipod identification?     (changed)
0x2C   4  zero padding
0x30   2  unknown = 1
0x32  20  unknown, changing completely from itdb to itdb
0x46   2  language, seen: de, en
0x48   8  library persistent id
0x50   4  unknown, seen: 1, 5
0x54   4  unknown, seen: 0x08, 0x0D, 0x1D, 0x4D, 0x8D
0x58  20  unknown some similarities between versions
0x6C   4  timezone offset in seconds. +2*60*60 ->
          0x00001C20, -4*60*60 = 0xFFFFC7C0 (really?)
0x70  76  zero padding 0x00000000

0x32 is most likely a SHA1 hash, and 0x58 also could be.

I have no special knowledge about this particular situation, but some initial reactions follow:

  • Even without reverse engineering iTunes, it may be possible to determine whether 0x32/20 is a SHA-1 hash by doing some simple entropy testing and looking at the average number of bits that change if you change the database at all.
  • If 0x58/20 really has some "similarities between versions" then it's probably not a SHA-1 hash, because digests appear random with respect to their inputs. Not everything that's 20-bytes is SHA-1.
  • If either of these values (0x32/20 in particular) is a SHA-1, then it should be pretty straightforward to figure out what data is being hashed is by reverse engineering iTunes.
  • Even if it's not SHA-1, unless Apple is going to break the invariant that any iTunes can manage any iPod, it pretty much must be possible to write a universal program that will compute whatever the function is. I.e., it's hard to see how it could be keyed to some specific iTunes instance.
  • I'm not entirely convinced that this is intended to lock out third party management software. It may just be some kind of ordinary database integrity check implemented in a fail-unsafe kind of way.

September 12, 2007

In Slate, Daniel Engberg argues for/covers Alan Weisman (The World Without Us)'s argument for smaller families as an environmental move:
Oh, if we all just disappeared. According to The World Without Us, Alan Weisman's strangely comforting vision of human annihilation, the Earth would be a lot better off. In his doomsday scenario, freshwater floods would course through the New York subway system, ailanthus roots would heave up sidewalks, and a parade of coyotes, bears, and deer would eventually trot across the George Washington Bridge and repopulate Manhattan. Nature lovers can take solace in the idea that the planet will thrive once we've finally destroyed ourselves with global warming. But Weisman takes the fantasy one step further: Let's not wait for climate change, he says. Let's start depopulating right now.

Instead of burning down our numbers with oil and gas, we might follow the advice of the founder of the Voluntary Human Extinction Movement, who tells Weisman that everyone in the world should stop having kids all at once. Weisman isn't up for quite so drastic a measure, but he makes his own pitch, moderate in comparison: Let's cut the birth rate to one child per couple, for a few generations at least. The population would dwindle by about 5 billion people over the next century, he says, ensuring the habitability of the Earth for the 1.6 billion who remained. At that point, they could all reap the rewards of a more spacious planet, sharing in "the growing joy of watching the world daily become more wonderful." It seems like a notion from the fringe, but Weisman's book has become a mainstream best seller. Could population control be the next big thing in green culture?

There are of course two ways of looking at preserving the environment: as something that's good in itself or as an instrumental good—who wants to live in a world where the environment is so destroyed that all you get to eat is soylent green? If you subscribe to the first theory, then sure, the lower the human impact the better. On the other hand, if you subscribe to the second theory, then it's much less obvious that a reduced population is a good thing. Those people who weren't born yet would presumably have taken some pleasure in life and now they won't. Now, obviously the people who are born will have a higher quality of life, but this kind of reasoning runs us right into Parfit's "How only France survives". I don't have a good answer to what the right population of the Earth is, but I don't see Weisman/Engberg's argument as particularly dispositive either.

Of course, it could easily be that Weisman subscribes to the first theory. I haven't read his book but I heard him being interviewed on NPR and got the distinct sense that he took some pleasure in contemplating a world without humans.


September 10, 2007

In his article explaining why he would rather have a Blackberry 8830 than an iPhone, Magid writes:
In the iPhone's place, I'm now using a BlackBerry 8830 that I borrowed from Sprint, and I have to say that, on balance, I prefer it to the iPhone. I miss the iPhone's great Web browser and the way it implemented Google maps, but I'm much happier with the true 3G network from Sprint and BlackBerry's physical keys. I find myself typing messages on the BlackBerry and making fewer mistakes, though I do miss the iPhone's software that corrects mistakes as you type.

The biggest difference is Sprint's true 3-G broadband network which is not only faster but seems to work in more places. And, unlike the iPhone, the BlackBerry is able to display Word files, PDFs and some other attachments, making it a lot more practical to use to review business documents.

Obviously, everyone has their own opinion about whether they like the on-screen keyboard or not, but this stuff about PDFs and Word files is just wrong. The iPhone will display both Word and PDF files. Kind of hard to take the rest of Magid's comments seriously when he gets something like this wrong.


September 9, 2007

Pascal Boyer in Religion Explained argues that belief in witchraft, magic, etc. is not adequately explained by people's search for explanations for bad things that happen to them:
In the past, anthropologists sometimes suggested that this may be because people were not very good at understanding natural correlations or the work of random variables. In some groups, most cases of disease or death are ascribed to witchcraft. Surely, the argument goes, statistically aware people would notice that more or less everybody catches some disease at some point, that not all operations are always successful, and that in the long term we all will die. Failing to appreciate these contingencies, people resort to magical explanations for events that are in fact perfectly ordinary. This is what we generally mean by superstition." People see patterns and causes where there is just chance.

However, anthropologists know that people the world over are in fact rather good at detecting statistical regularities in their environment. Indeed, even the simplest techniques depend on such detection and this has been the case for as long as humans have been around. Early humans could not successfully maintain a rich food supply as foragers unless they could detect which fruit and tubers could be found where, with what frequency, in what season. People cannot hunt animals without without detecting which habits and behavior are true of a species as a whole and which apply only to particular exemplars, and so on. So it seems difficult to maintain that contingencies and random events are not generally understood.

I don't find this very convincing. It's absolutely true that people are extroardinarily sensitive to patterns. But like many evolution designed mechanisms, it's messy and heuristic. In particular, it tends to detect patterns that aren't there. This is well-known, as in for example the gambler's fallacy. It's absolutely true that if the detector didn't work at all, that would be a problem, but it's not clear that it needs to work perfectly. That said, it's possible that the particular set of built-in biases it seems to have aren't the optimal ones; that depends on the cost of seeing patterns that aren't there compared to the cost of missing patterns that are there.

It's also interesting to note that in the West, people make the same kind of attribution errors about bad outcomes, but they blame them on science and scientists instead of witches (cf. mercury/autism, fluoridation, EMF, cancer clusters, etc.) Of course, given the amount the average person knows about science, scientists might just as well be witches.


September 8, 2007

Sorry if you're seeing a lot of test posts, especially in your RSS feed. I was trying to figure out why my Emacs-based posting software wasn't working. Looks like what happened here is that Dreamhost upgraded to some version of Apache (Apache2?) with automatic response compression and the version of xml-rpc.el I was using couldn't handle it (w3 doesn't seem to uncompress automatically in all cases). I think I've got it fixed now.

September 7, 2007

Harold McGee has an interesting article about the use of gelatin filtering to prepare unusual consommes:
A blog called Ideas in Food (ideasinfood.typepad.com), written by two chefs, H. Alexander Talbot and Aki Kamozawa, is sprinkled with suggestions for an impressive variety of gelatin-clarified consommes including Parmesan and Roquefort, foie gras, olive oil, caramelized banana, ranch dressing, butter pecan, kimchi, pumpernickel and baked potato "with all the fixings." Mr. Talbot likes to keep consommes handy in the freezer, like one he brews from brown butter, soy sauce and Tabasco.

"They're great with seafood, asparagus -- anyplace you would want those flavors without all the fat," he wrote in an e-mail message. "We also use consommes as brines and braising mediums. Artichokes cooked in horseradish consomme are remarkable."


Mr. Iuzzini also uses the technique to make an even more surprising dish for his chocolate course. He makes separate "stocks" of dark and white chocolate by cooking them in water, then clarifies them into fat-free liquids, one brown and one colorless. He then adds sugars and xanthan gum, a thickener, to give the two liquids different densities and a slight cohesiveness. This allows him to build a two-story drink, a layer of cold white chocolate consomme riding on a base of hot dark chocolate consomme.

There seem like a lot of possibilities here. I wonder if you could make a Harold Washington consomme.


September 5, 2007

"Millionaire Adventurer" Steve Fossett has now been missing for three days after his plane went down over Nevada. Search and Rescue seems to be having a lot of trouble finding him, which is a bit surprising. I had just assumed that he wasn't carrying a locator beacon for some reason (I don't think that PLBs are required, but I admit I'm not sure), but according to this he was:
"This is kind of strange because these aircrafts have transponders and emergency locators and you can usually readily find them anywhere in the world, including under the sea," said Ross Aimer, CEO of Aviation Experts, a San Clemente, California-based aviation consulting firm.

"This guy is totally lost.... So far, nobody's heard the electronic location beacon," said Aimer, who has flown the region several times. "That sounds to me very, very strange. There's all kinds of possibilities."


Officials say there's been no detection of the emergency locator beacon that would automatically go off in the event of a crash or could have been enabled by Fossett himself if he were capable. Fossett did not file a flight plan and didn't carry extra radio equipment because he was only planning to be gone for a short while, Ryan said.



September 4, 2007

From Worse Than Failure, a story of public key cryptography:
Near the end of a technical interview, Paco H. was asked a rather blunt question from the candidate he was interviewing: "Hey, be straight with me. How am I doing?" Paco replied with the truth: not too well. The candidate was a bit disappointed, so Paco gave him a chance of redemption.

Paco: So, tell me, what are you great at?
Candidate: What am I good at?
Paco: No, no. What are you *GREAT* at?
Candidate: Hmmm. (a few seconds pass) Cryptography!

Fortunately, Paco knew a thing or two about cryptography, and knew where to begin a line of questions.

Paco: Ok. Well let's just start with the basics. Tell me the difference between asymmetric and symmetric cryptography.
Candidate: Well, the way I see it is like this. The symmetric cryptography is like when you're driving down the road and there's a dotted line down the middle and cars are going both ways. Asymmetric cryptography is like when there's a double yellow line.



September 3, 2007

Steven Griffin writes:
Yesterday, the NYT had an editorial on the presidential primary mess. The system has been falling apart because of the desire of states to have early primaries. The Times mentioned some prominent solutions, which basically involve being fairer to all states. Funny, I thought the point of the nominating process was to select a candidate who has the greatest chance of winning the general election. Surely some thought should be given as to how you could design the process so as to maximize the chances this will happen. Perhaps this is asking too much of careful design, but there is a possible solution to be considered. Leaving aside the knotty question of the sensitive feelings of Iowa and New Hampshire, suppose you focused on the most important states defined in terms of the general election.

The premise here seems basically wrong. The purpose of the primaries is to decide who will represent the party in the general using whatever criteria seem most appropriate to the members of the party. As a degenerate case, there are many districts where the winner of one or the other primary is more or less guaranteed to win the general election, say if the district is 2/3 one party. Certainly, in such cases it doesn't make sense to have a primary system which chooses candidate X, with a .999 chance of winning the general, rather than candidate Y, whose positions are much more attractive to the party, but who has only a .99 chance of winning the general.

In general, any method of choosing a general election candidate is going to be a balance between electability and how much one likes that candidate's positions as measured against the other potential candidates. It's not clear that the primary system really needs to be specifically designed to be slanted towards the median voter.

The NY School system has just fired a carpenter for submitting false time information. The evidence is that his cell phone has GPS tracking and that the locations don't match where he claimed to be:
August 31, 2007 -- Schools Chancellor Joel Klein yesterday fired a veteran worker whose movements were tracked for five months through the GPS device in his cellphone, leading to charges that he was repeatedly cutting out early.

"This individual was getting paid for not working," said schools spokeswoman Margie Feinberg, explaining Klein's decision to accept an administrative law judge's recommendation to ax John Halpin, a longtime supervisor of carpenters.

Halpin had worked in the school system for 21 years and was conscientious enough to show up as much as two hours early for his 8 a.m.-to-3:30 p.m. shift.

He said he was never told that the cellphone he was given in 2005 could be used to monitor his every move and questioned the accuracy of the data it produced.

But neither argument swayed administrative law Judge Tynia Richard, who found Halpin guilty of submitting false time records when he left early on numerous occasions between March and August 2006.

She issued a decision saying the Department of Education was under no obligation "to notify its employees of all the methods it may possibly use to uncover their misconduct."

I generally don't think much of the Theory X management style of rigorously tracking what employees do. Certainly I wouldn't want to work that way. But even if that is the kind of shop you want to run, it's not clear to me that what you want to track people by is their cell phone. Presumably a lot of the reason you give your employees cell phones is so you can reach them. If the phone is also being used to track them, then they certainly have a lot less incentive to make sure that they have it on them at all times.

From a security guy perspective, it's also worth nothing that this technique is fairly easy to cheat. The tracking system works based on where the handset is, so you just need to get a second handset and then arrange for your phone to transfer calls to and from that handset. Probably, it's as simple as turning on call forwarding on your employer provided line. That certainly could be detected but I doubt the providers currently check for it. There are also a number of more sophisticated and harder to detect techniques.


September 2, 2007

Over at Volokh, Ilya Somin recently asked:
I recently bought a digital camera, and used it to take numerous photos on a trip abroad. To my considerable annoyance, after I returned I learned that digital photos are formatted to be 4.5x6 inches rather than the standard 4x6. As far as I can tell, after calling up several photo shops, my only two options are either to 1) have the pictures cropped to 4x6 (which might eliminate important material, or 2) pay a fairly high price ($0.39/photo, even for a Ritz member like me) to have Ritz Camera develop them in 4.5x6 (the other shops I called don't develop in 4.5x6 at all). I realize that I could manually crop the photos on my computer. But that's not a realistic alternative because there are too many of them and I'm not good at cropping. I bet that many VC readers probably know more than I do about digital cameras (not a high bar to clear, to be sure). So here's my question. Is there any way I can do one of the following:

1. Have the pictures resized to 4x6 WITHOUT cropping of either the automatic or manual variety - and at a reasonable price.

2. Have them printed at 4.5x6 at a price significantly lower than Ritz's (20-25 cents/photo or less would be acceptable).

I suspect that I'm not the only person who has encountered this problem with digital photos. So I'm hoping that someone more savvy about digital cameras than I am has come up with a good solution.

His commenters then spend a bunch of time explaining to him that you can't convert 4.5x6 to 4x6 (a ghastly aspect ratio by the way) without either (1) letterboxing (though in this case it's pillar-boxing) or (2) cropping or (3) changing the aspect ratio, which you don't want to do. It doesn't take any knowledge whatsoever of digital photography or photography at all to convince yourself of this. Just imagine the image as printed on a rubber sheet and think about what happens when you stretch it in any one dimension. You can't simultaneously have the same framing that you originally wanted without also introducing image distortion. In this case, the distortion is quite bad, because 4.5 is 12.5% bigger than 4, and a 12% shrink is very noticeable.

Here's a demo of what this all looks like with a picture that's vertically rather than horizantally oriented.

OriginalLetter-boxedCropped (centered)Resized

Somin then follows up with another post that suggests that he still doesn't get it:

Thanks to all who responded to my bleg on digital photo resizing. Pursuing one of the suggestions offered by commenters, I have downloaded a digital photo resizing program. Unfortunately, the resizing options are listed in terms of pixels rather than inches (i.e. -640x480 pixels instead of 4x6 inches). My question for you experts out there (or just those whose ignorance is less profound then mine): What pixel option should I choose to resize digital 4.5x6 photos to the standard 4x6, so I can then print them out in 4x6 size without cropping (my original objective)?

As previously noted: this means he has to pillarbox, not resize. Resizing won't do anything for him. Moreover, this can't be done by typing in pixel options. He needs to make a canvas with a 4:3 aspect ratio and then copy and paste a smaller version of the 1.5:1 aspect ratio image onto it.

I do find it a little puzzling that Somin seems to find this so hard to grasp. Is aspect ratio simply a difficult concept? Are people so dazzled by PhotoShop that they don't think about what they're actually asking the computer to do? I'm trying not to make generalizations about a legal versus technical education, but this seems like sort of a basic concept. I don't get it.


September 1, 2007

These guys claim that they have a program to unlock the iPhone. For those of you who aren't mobile phone wonks, here's how things work. In principle, the iPhone can work with two networks in the US: AT&T (formerly Cingular) and T-Mobile. Sprint and Verizon use a different cellular technology. The iPhone uses the European standard, GSM. One of the nice features of GSM is that the caller's information is contained on a chip called a Subscriber Identity Module (SIM). This has two implications:
  • You can move your number from phone to phone by moving the SIM.
  • You can move your phone from network to network just by putting the appropriate SIM in your phone.

For our purposes the second property is more interesting, because it allows consumers to mix and match phones and networks, forcing mobile phone carriers to compete on the basis of network quality rather than of who offers the coolest phones. Obviously, phone companies would prefer not to have to compete on these grounds; if you have to pay for a new phone whenever you want to switch carriers this disincentivizes switching. 1 One technique for stopping switching is to SIM lock the phone. The carrier (or more likely the vendor) programs the phone so it only works with a SIM from that carrier. However, generally the information about how to unlock the phone leaks somehow and it's pretty common for there to be third-party unlocking services. Sometimes the carrier will even do it for you; T-Mobile will if you've had the phone for more than 90 days.

This brings us to the topic of the iPhone. The iPhone is sold at the Apple store (and, of course, the AT&T store, but you have to be kind of nuts to go to the AT&T store) but SIM locked to AT&T. Naturally there's been some interest in unlocking it. An unlocked iPhone could also be used with T-Mobile in the US (a modest advantage in terms of coverage but a big advantage in terms of price) but could also be used with a non-US carrier.

A number of different techniques have been found for unlocking the iPhone (summary here) but all the readily available ones are either expensive (requiring some new hardware) or somewhat scary (opening it up and soldering some stuff). As noted above, there have been claims of software-only solutions but as of yet there doesn't appear to be any such software publicly available. Obviously something like this would be better than having to screw with the hardware.

This is all a basically separate issue from the question of running arbitrary software on the iPhone. As everyone knows, the iPhone is a closed platform, so, unlike your computer, you can't (officially) just load whatever software you want onto it. That protection has been broken for some time now (see here) and I have several friends who are running arbitrary software on their iPhones. Of course, it may be the case that being able to break that protection is important to making a software unlocking solution work. I don't think we'll know that till we see such a solution in action.

Oh, one more thing: the only people who claim to be offering unlocking software intend to sell you the software. However, I would expect that very shortly after such software is released, it will be reverse engineered and a free solution will be produced.

1. An additional complication is that in the US, at least, many carriers subsidize the initial purchase of the cell phone and require a contract with a cancellation fee, but that's just another way of making you pay to switch.