EKR: June 2010 Archives

 

June 29, 2010

So you work with a lot of confidential information and occasionally you print some out. Unfortunately, now you have a bunch of confidential pieces of paper and when you're done with them you need to dispose of them somehow. You could of course buy a shredder, but they kind of suck and instead a lot of companies engage a shredding service. The shredding service drops off a "console"; you put your documents in the console, and then periodically a shredding company rep comes by, takes the documents, and shreds them.

That's one way of putting it. Another way of putting it is that you carefully segregate all your most confidential documents from your ordinary boring business documents. You put those documents in a cheap particleboard box that locks with an easily picked disk lock. Then once every couple weeks some tattooed guy with a goatee and a ponytail and wearing a cotton t-shirt with a Shred-It logo comes by, opens the box, and takes all your confidential documents away with him and leaves you a helpful receipt.

Anyone know where I can get one of those Shred-It shirts?

 

June 26, 2010

I'm always on the lookout for good pizza, so when Joe Hall was in town for dinner I rode over to Berkeley to hook up with him and go to this pizza place he'd been raving about, Emilia's Pizzeria. Emilia's is best characterized as minimalist New York Style. It's a tiny shop worked by a single dude (I assume his name is Emilia but I didn't verify). They only serve one size of pizza (18") [NO SLICES!!!] and only have about 5 toppings. He keeps making pizza till closing or he runs out of dough (check his Twitter feed for status updates). If you're serious, you need to call ahead to make sure pizza will be available. Also, there are only two tables, so you may have to wait or eat outside or something.

We ordered a pizza with red onions and peppers. The crust was light, crispy, and a bit flaky. The cheese and sauce were flavorful, and while I was a little suspicious of the concept of roasted red peppers, they turned out to be excellent. Overall, I would rate it around an 8/10. My preference is for Chicago Style Pizza (though IMO Zachary's is overrated), but I would definitely recommend Emilia's if you're looking for New York Style pizza in Berkeley.

 

June 18, 2010

When I first heard about government's requesting copies of Google's over-captured WiFi traffic, my first thought was what could possibly go wrong?. Shockingly, it now turns out that the French government has your password. Well, maybe not your password, but someones's password:
Wi-Fi traffic intercepted by Google's Street View cars included passwords and email, according to the French National Commission on Computing and Liberty (CNIL).

...

At the time, Google said it only collected "fragments" of personal Web traffic as it passed by, because its Wi-Fi equipment automatically changes channels five times a second. However, with Wi-Fi networks operating at up to 54Mbps, it always seemed likely that those one-fifth of a second recordings would contain more than just "fragments" of personal data.

That has now been confirmed by CNIL, which since June 4 has been examining Wi-Fi traffic and other data provided by Google on two hard disks and over a secure data connection to its servers.

"It's still too early to say what will happen as a result of this investigation," CNIL said Thursday.

"However, we can already state that [...] Google did indeed record email access passwords [and] extracts of the content of email messages," CNIL said.

Well, duh.

Look, these are packet switched networks, and to a great degree the packets are independently interpretable. Even on a much slower network, a password submission (say 300 bytes when you add all the HTTP overhead) takes far less than 200 ms. (Do the math here: even on a 56 kbps modem which is much slower than your average WiFi network this takes something under 50 ms.) Statistically, as long as you capture enough traffic to get a full packet, there's not a huge amount of difference in the number of packets you would expect to capture listening to a single network for hours versus switching which network you listen to every 200 ms. [Handwavy explanation available on request if really necessary.]

In any case, Google no doubt captured a bunch of passwords and now the French CNIL has some of them. I wonder which data set Google provided them, or, more precisely, whether they provided them with a data set captured in France or one from outside of France. From a personal perspective (though I try to use encryption whenever possible), I hope it's the second. Any readers with more legal experience know what the legal implications would be of one choice versus the other?

Regardless of where the traffic came from, it seems like it might have been nice for Google to sanitize the data to remove obvious passwords. This isn't possible in every case, but it seems likely that the vast majority of passwords come from a small number of sites, so Google could have figured out the password submission format and built some kind of masking software. It's pretty hard to tell from the press coverage whether or not they attempted this (or were allowed to), but of course if they had we would of course know that there were passwords since the masking software would have identified them.

 

June 14, 2010

I heard back from the people at Mission Motors. They say that the bike will have about 136 hp and weigh around 480 lbs. For comparison, the Honda CBR1000RR, weighs about 440 lbs wet (gased up) and develops 178 bhp and 82 ft-lbs of torque. [*] (range is approximately 190 miles). So, these bikes are actually not that incomparable. Except for the estimated price of the Mission Motors superbike being upwards of 60k, that is...
 

June 12, 2010

Now that hybrid cars are a commodity item and there's starting to be more interest in electric cars, you've started to also hear about electric motorcycles. All the models I've seen had prohibitive performance, principally because the energy density of batteries is much worse than that of gasoline. Wikipedia says that LiOn cells have a density of about 500-700 kJ/kg compared to about 46000 kJ/kg. Since the weight of the gasoline and the engine is such a large fraction of the weight of the motorcycle, the weight of the battery is correspondingly more important.

Yesterday evening, I heard the CEO of Mission Motors on the radio, so I thought I would check it out. They're quoting a range of 150 miles for their sport bike with a quote of 100 foot-pounds of torque. (for comparison, the range of a typical sport bike is something like 200 miles, with about 40-80 foot-pounds of torque). Unfortunately, they don't list any of the other specifications, including vehicle weight or horsepower, which makes it hard to do a straight-up comparison with a gasoline-powered bike. I suppose one might argue that a straight-up horsepower comparison would be misleading, but weight is a pretty important consideration, so it's hard to know what to think of this bike without knowing that.

I've got mail into the Mission Motors guys asking for this stuff, (they're apparently claiming in public 30-40 lbs heavier than a comparable sport bike). I figured I'd try some back of the envelope calculations. Here are two attempts:

  • The battery pack that powers the Tesla Roadster weighs around 1000 lbs and stores about 53 kw/h of power. The Roadster is based on the Lotus Elise platform and weighs about 800 lbs more than the Elise. The Elise gets about 25 mpg, so you'd need about 8 gallons of gas (64 lbs). You're looking at about a factor of about 15X in battery versus gas. Even if we assumed that the required power scales with mass (which is not even close to true, you'd be looking at a factor of over 10X.
  • Wikipedia claims that a gasoline motor has about 20% efficiency at turning energy into fuel into power output at the back wheel. If we assume 100% efficiency of the electric motor, then given the 100:1 mass-energy density ratio of gasoline versus batteries, we would expect that batteries would weigh about 20X as much for the same amount of power delivered to the wheels. Sport bikes get about 35-45 mpg, so you're looking at about 3.5 gallons of gas (28 lbs), so we'd expect the battery to weigh 280-420 lbs.

At 35-45 mpg, 150 miles is about 3.5 gallons, weighing 28 lbs, so you're looking at between 280 and 560 lbs of batteries (with 280 being optimistic). The actual electric engine is pretty light, but you still have the chassis, wheels, etc., which probably account for about half the dry weight of the bike. So, my guesstimate is that you're looking at a bike which weighs between 450 and 700 lbs. 450 would be about average for a sport bike. 700 would be really heavy.

 

June 10, 2010

Alfred Renyi famously said "A mathematician is a device for turning coffee into theorems." (actually Paul Erdos famously said it, but according to Wikipedia it's actually Renyi). I'd long believed (and thought the evidence showed) that caffeine improved concentration and hence productivity. Now Rogers et al. have come along and spoiled everything:
Caffeine, a widely consumed adenosine A1 and A2A receptor antagonist, is valued as a psychostimulant, but it is also anxiogenic. An association between a variant within the ADORA2A gene (rs5751876) and caffeine-induced anxiety has been reported for individuals who habitually consume little caffeine. This study investigated whether this single nucleotide polymorphism (SNP) might also affect habitual caffeine intake, and whether habitual intake might moderate the anxiogenic effect of caffeine. Participants were 162 non-/low (NL) and 217 medium/high (MH) caffeine consumers. In a randomized, double-blind, parallel groups design they rated anxiety, alertness, and headache before and after 100 mg caffeine and again after another 150 mg caffeine given 90 min later, or after placebo on both occasions. Caffeine intake was prohibited for 16 h before the first dose of caffeine/placebo. Results showed greater susceptibility to caffeine-induced anxiety, but not lower habitual caffeine intake (indeed coffee intake was higher), in the rs5751876 TT genotype group, and a reduced anxiety response in MH vs NL participants irrespective of genotype. Apart from the almost completely linked ADORA2A SNP rs3761422, no other of eight ADORA2A and seven ADORA1 SNPs studied were found to be clearly associated with effects of caffeine on anxiety, alertness, or headache. Placebo administration in MH participants decreased alertness and increased headache. Caffeine did not increase alertness in NL participants. With frequent consumption, substantial tolerance develops to the anxiogenic effect of caffeine, even in genetically susceptible individuals, but no net benefit for alertness is gained, as caffeine abstinence reduces alertness and consumption merely returns it to baseline.

Roughly speaking, this paper says that if you don't use caffeine, taking it won't make you more alert. If you do use it, it will make you more alert but only because you're less alert due to caffeine withdrawal and taking it brings you back up to normal.

What's most surprising here is the result that caffeine doesn't improve alertness in non-users. This contradicts previous work which shows an improvement in alertness from caffeine consumption by non-users. The authors propose one explanation for this might be that people are reporting low/no usage of caffeine when they are actually using it at higher levels (the 40 mg/day level cutoff here between low and moderate is actually quite low; coffee contains something like 100mg/cup.) So, when you force withdrawal and then dose with caffeine you get an improvement in alertness. This is partly borne out by their measurements of caffeine levels in "non-users" which are actually modestly high. However, this seems like it would benefit from more study.

However, it appears that once you are already a regular caffeine user, you do get some benefit from caffeine, in that it restores normal function. So, it's not crazy to take it once you're a user. However, it appears that you could get an equivalent benefit from just abstaining entirely and then (maybe) using caffeine when you needed to be alert (assuming you don't believe the non-user result). Of course if you're a user, you'll have to withdraw, which isn't a lot of fun.

One thing I should note is that the instrument this paper uses is a direct measure of (subjective) perceived alertness. The authors also had subjects do a variety of tasks that presumably required alertness. Those results don't appear in this paper, so it could be that they show improvement in non-users: i.e., they don't feel more alert when taking caffeine but they are more effective, which would make consumption worthwhile. I look forward to the publication of that data.

 

June 6, 2010

Sharon Weinberger has a fairly damning article in Nature on DHS's behavioral screening program, SPOT.
"No scientific evidence exists to support the detection or inference of future behaviour, including intent," declares a 2008 report prepared by the JASON defence advisory group. And the TSA had no business deploying SPOT across the nation's airports "without first validating the scientific basis for identifying suspicious passengers in an airport environment", stated a two-year review of the programme released on 20 May by the Government Accountability Office (GAO), the investigative arm of the US Congress.
[GAO report here]. Apparently, the program is based heavily on Paul Ekman's research on microexpressions (see the TV show "Lie to Me"). There's a bunch of unpersuasive stuff here, for instance:
Ekman's work has brought him cultural acclaim, ranging from a profile in bestselling book Blink -- by Malcolm Gladwell, a staff writer for The New Yorker magazine -- to a fictionalized TV show based on his work, called Lie to Me. But scientists have generally given him a chillier reception. His critics argue that most of his peer-reviewed studies on microexpressions were published decades ago, and much of his more recent writing on the subject has not been peer reviewed. Ekman maintains that this publishing strategy is deliberate -- that he no longer publishes all of the details of his work in the peer-reviewed literature because, he says, those papers are closely followed by scientists in countries such as Syria, Iran and China, which the United States views as a potential threat.

The data that Ekman has made available have not persuaded Charles Honts, a psychologist at Boise State University in Idaho who is an expert in the polygraph or 'lie detector'. Although he was trained on Ekman's coding system in the 1980s, Honts says, he has been unable to replicate Ekman's results on facial coding. David Raskin, a professor emeritus of psychology at the University of Utah in Salt Lake City, says he has had similar problems replicating Ekman's findings. "I have yet to see a comprehensive evaluation" of Ekman's work, he says.

...

A confounding problem is that the methodology used in SPOT, which is only partially based on Ekman's work, has never been subjected to controlled scientific tests. Nor is there much agreement as to what a fair test should entail. Controlled tests of deception detection typically involve people posing as would-be terrorists and attempting to make it through airport security. Yet Ekman calls this approach "totally bogus", because those playing the parts of 'terrorists' don't face the same stakes as a real terrorist -- and so are unlikely to show the same emotions. "I'm on the record opposed to that sort of testing," he says.

These seem like red flags to me: If we're going to base our defenses on a specific scientific theory about what it takes to detect deception, then it would be nice to have some concrete empirical evidence that the relevant techniques work. If we can't even agree on the terms of the test, then it's hard to see how to have confidence in the system.

We do have some data, though:

The TSA does track statistics. From the SPOT programme's first phase, from January 2006 through to November 2009, according to the agency, behaviour-detection officers referred more than 232,000 people for secondary screening, which involves closer inspection of bags and testing for explosives. The agency notes that the vast majority of those subjected to that extra inspection continued on their travels with no further delays. But 1,710 were arrested, which the TSA cites as evidence for the programme's effectiveness. Critics, however, note that these statistics mean that fewer than 1% of the referrals actually lead to an arrest, and those arrests are overwhelmingly for criminal activities, such as outstanding warrants, completely unrelated to terrorism.

According to the GAO, TSA officials are unsure whether "the SPOT program has ever resulted in the arrest of anyone who is a terrorist, or who was planning to engage in terrorist-related activity". The TSA has hired an independent contractor to assess SPOT. Ekman says he has been apprised of the initial findings, and that they look promising. But the results aren't expected until next year. "It'll be monumental either way," says Maccario.

This seems like something it would be easy to do controlled trials on: say you pick 200,000 random passengers and give them secondary screening (apparently also including a check for outstanding warrants), what fraction would you end up arresting? Even so, if TSA officials are "unsure" I think it's safe to assume that practically none of these arrests have been for anything terrorist-related. After all, if GAO comes asking about the success of your program, wouldn't you deliver the most convincing data you had? So, we're looking at a success rate of somewhere between 0 and (say) 1/20,000. That's not really very impressive.

 

June 5, 2010

Public health types are always stressing how important hand washing is for preventing the spread of disease. Somewhat surprisingly, it seems to have other benefits as well. I somehow missed it but in 2006, Zhong and Liljenquist reported that handwashing seems to act as a counter to feelings of moral wrongness

Washing Away Your Sins: Threatened Morality and Physical Cleansing Chen-Bo Zhong1* and Katie Liljenquist2

Physical cleansing has been a focal element in religious ceremonies for thousands of years. The prevalence of this practice suggests a psychological association between bodily purity and moral purity. In three studies, we explored what we call the "Macbeth effect"--that is, a threat to one's moral purity induces the need to cleanse oneself. This effect revealed itself through an increased mental accessibility of cleansing-related concepts, a greater desire for cleansing products, and a greater likelihood of taking antiseptic wipes. Furthermore, we showed that physical cleansing alleviates the upsetting consequences of unethical behavior and reduces threats to one's moral self-image. Daily hygiene routines such as washing hands, as simple and benign as they might seem, can deliver a powerful antidote to threatened morality, enabling people to truly wash away their sins.

In a recent issue of Science, Lee and Schwarz report that handwashing after choice tasks reduces post-choice assessments of differences between the choices:

After choosing between two alternatives, people perceive the chosen alternative as more attractive and the rejected alternative as less attractive. This postdecisional dissonance effect was eliminated by cleaning one's hands. Going beyond prior purification effects in the moral domain, physical cleansing seems to more generally remove past concerns, resulting in a metaphorical "clean slate" effect.

The first of these studies seems straightforward but the second less so. As I read it, Lee and Schwarz's interpretation of the results is that people asked to select one of two alternatives when they are less indifferent feel the need to adjust their preferences to justify the choice. Handwashing reduces that reasessment process:

These findings indicate that the psychological impact of physical cleansing extends beyond the moral domain. Much as washing can cleanse us from traces of past immoral behavior, it can also cleanse us from traces of past decisions, reducing the need to justify them. This observation is not captured by the purity-morality metaphor and highlights the need for a better understanding of the processes that mediate the psychological impact of physical cleansing. To further constrain the range of plausible candidate explanations, future research may test whether the observed "clean slate" effect is limited to past acts that may threaten one's self-view (e.g., moral transgressions and potentially poor choices) or also extends to past behaviors with positive implications.

Even more future research might ask whether handwashing impacts other non self-image type issues. E.g., what's the impact on memory, reliability of past assessments, etc.? I also noticed that in the second paper, the initial variance between the two choices (pre-washing) was larger, so I wonder if this might have had an impact somehow. Regardless, I'll be stocking up on hand soap.

 

June 4, 2010

OK, so I get how Google could have accidentally captured packet payloads when recording data for Google Street View. Mistakes happen, etc.1 I also understand why if you were some national government you might want to investigate this sort of potential privacy compromise. That said, it's not clear that this is that great an idea:
A Google spokesman said Thursday that the data should be handed over within a matter of days. Last week, the company found itself in conflict with a privacy regulator at the German city of Hamburg, who wanted access to the data. Google said that it wasn't sure that handing over the data would be legal.

"The data protection authority in Hamburg has made a number of requests -- including to be given access to an original hard-drive containing the payload data, and to a Street View car. We want to cooperate with these requests -- indeed we have already given him access to a car -- but as granting access to payload data creates legal challenges in Germany which we need to review, we are continuing to discuss the appropriate legal and logistical process for making the data available," Google said in a statement last week.

Those challenges have apparently now been addressed.

The company plans to hand over data to German, French and Spanish authorities, according to the Financial Times, (FT) which first reported this latest development on Thursday.

This seems to miss the point a bit: the presumptive objection to Google capturing packet payloads is that it potentially contains people's sensitive information and someone might use it to learn that information. Turning it over the government presumably means that some larger set of people will have access to it. Of course, it's the government, so what could possibly go wrong?

1.Ironically, the opposite error is the common one for packet sniffing applications: by default tcpdump only records the initial bytes of a packet. So, when you record a protocol trace, if you forget the -s 0 flag, you only end up with the beginning of the packet, which can cause problems in applications that do full packet reassembly.