« April 2005 | Main | June 2005 »

May 31, 2005

The books Phyllis Schaffly hates

Human Events's list of the most harmful books of the 19th and 20th centuries is making the rounds. Now, I realize that these guys are conservative and so it's not surprising to see the usual suspects: The Communist Manifesto, Mein Kampf, etc., but the list starts to get a little weird around number 4, The Kinsey Report, and 10, Keynes's General Theory of Employment, Interest and Money. But it's in the Honorable Mention section that things go totally off the rails: The Origin of The Species, The Descent of Man, On Liberty????

Posted by ekr at 9:39 PM | Comments (3) | TrackBack

Curse you, Alaska Airlines registration system

People forget their website passwords constantly, and having them talk to some customer support type is very expensive. As an aid to automatic password recovery, web sites have taken to recording "personal questions" that are semi-private but that you presumably already know the answer to (e.g., where did you go to school). Then, they can ask these questions when you ask for a password reset, which still doesn't require a human. Now, anyone who does much research about me knows that I attended the University of Lagos, but it (at least in theory) raises the bar for a casual attacker.

I recently had occasion to register for an Alaska Airlines online frequent-flyer account and was confronted with a form that demanded four personal questions. Aside from the obvious pain in the ass for users (you've just doubled the time it takes to fill in the form), there's an obvious privacy risk. If you actually fill in each of these questions truthfully, Alaska has a bunch of information about you they wouldn't otherwise have. Indeed, some of their questions (which come from a drop-down list so you can't input your own) include mother's maiden name, father's birthday, etc. You can, of course, lie, but this obviates the point of the personal questions since now you have to remember your lies (or write them down on the same post-it you wrote down the password).

To make matters worse, it potentially turns Alaska's security problems into your security problems. I might trust Alaska's privacy policies, but if someone breaks into their system and steals my questions and answers1, that's not a good thing, especially if people are stupid enough to actually give Alaska their mother's maiden name, which I'm sure they are.

And of course all of this is used to secure access to your frequent flyer account.

1. Yes, Alaska could hash the responses, but that makes it hard to deal with minor variations in case, punctuation, etc., so I doubt they do.

Posted by ekr at 8:14 AM | Comments (2) | TrackBack

May 30, 2005

Why are homosexual discharges down?

In February, the DoD released data indicating that discharges under the military's homosexual conduct ("Don't ask, don't tell") policy are way down. 653 servicemembers were discharged in 2004, down from 770 in 2003 and 1,227 in 2001. [*]. In some sense, this is unsurprising; the military is having enormous manpower problems. They're missing recruitment targets and having to forcibly extend people's enlistments. Obviously, the incentive is not to discharge gays if at all possible.

But the flip side of that is that the reason that the military is having such a big manpower problem is that the service environment has become much more hazardous. So, why aren't more service members choosing to opt out? Note that I'm not suggesting that people lie to avoid service. We have a military of about 1.4 million with roughly 200,000 personnel deployed in Iraq and Afghanistan. Even if we assume that only 1% are gay, that would still translate to over 2,000 discharges a year. Add that to the peacetime base rate of about 1000 discharges a year and you get about 3,000 discharges. So, we're missing about 2,000 discharges.

So, it appears that soldiers who could easily place themselves out of harm's way are choosing not to. Why? My best guess here is that it's for the most honorable reasons: loyalty to their comrades and commitment to getting the job done. Bravo.

Posted by ekr at 9:46 AM | Comments (4) | TrackBack

May 29, 2005

Why does the Department of Education need your data?

The New York Times reports that the Department of Education wants to require universities to report information on all students (previously, information was only required on students who received federal funding):
The plan could be part of the spending bill for the Higher Education Act that the Senate will vote on next month. If included in the spending measure, the plan would radically change current practice by requiring schools to provide personal information on all students, not just those receiving federal aid.

Submissions would include every student's name and Social Security number, along with gender; date of birth; home address; race; ethnicity; names of every college course begun and completed; attendance records; and financial aid information.

Such detailed information is now provided only for students receiving federal aid, giving the department only a partial picture of higher education nationwide. The new approach, department officials say, would not only complete the picture but also help track students who take uncommon paths toward a degree.

"Forty percent of students now enroll in more than one institution at some point during their progress to a degree," said Grover Whitehurst, director of the department's Institute of Education Sciences, which devised the plan. "The only way to accurately account for students who stop out, drop out, graduate at a later date or transfer out is with a system that tracks individual students across and within post-secondary institutions."

I certainly understand why the DoE would want to gather this information. It's certainly much easier to study things when you have all the raw data in front of you. But DoE's convenience isn't the only issue here: under this plan they'll be collecting all sorts of personal information that students aren't necessarily willing to share. Indeed, the University is forbidden to release this information to ordinary third parties under 20 USC S. 1232g (b)(1). I would imagine that DoE could get most of the data that they want in ways that protects students privacy better (e.g., anonymization, aggregation, etc.) Of course, why bother to think about that when you can just order universities to give you the data you want?

Posted by ekr at 8:45 PM | Comments (1) | TrackBack

Small money saving tip

Trader Joe's is now carrying Trader Joe's brand beers. A TJs tells me that they're made for TJs by Gordon Biersch, and if you look carefully you can see that the TJ beer logo is a takeoff of the Gordon Biersch logo. They seem to be basically the same as the GB beers... a pretty good deal at $4.99 a six pack.

Posted by ekr at 7:34 PM | TrackBack

Do you know what that cell phone could do in the wrong hands?

Federal law enforcement is concerned about allowing cell phone use in flight because (I'm not making this up) terrorists might use it to coordinate. Let's take this point by point.
WASHINGTON (Reuters) - Allowing airline passengers to use personal cell phones during flights could help potential hijackers coordinate an attack or trigger a bomb smuggled on board, U.S. security officials have told regulators.

The U.S. Justice Department, Department of Homeland Security and Federal Bureau of Investigation late on Thursday outlined the potential dangers associated with allowing cell phone use during plane flights, as the Federal Communications Commission has proposed if safety issues can be resolved.

Yes, terrorists could use cell phones to communicate with the ground. But they could do that right now because people already use cell phones on planes. This only gets detected when the flight attendants actually hear you talking on the phone, but you can avoid that by using the phone in the lavatory or using SMS instead of voice. The bomb argument is even sillier because bombs can certainly be set off by SMS or even simple radio detonators. Even if you had some sort of cellular call detector in place--which as far as I know, planes do not--by the time you find out who's making the call, you've already been blown to pieces.

If wireless phones are to be allowed in-flight, the law enforcement agencies urged that users be required to register their location on a plane before placing a call and that officials have fast access to call identification data.

Uh, this would be half the people on the plane, right?

Security theater at work again...

Posted by ekr at 9:20 AM | Comments (6) | TrackBack

May 28, 2005

Physical advantages

Drivers are complaining that Danica Patrick has an advantage at the Indy 500 because she only weighs 100 lbs:
"The lighter the car, the faster it goes," Gordon said. "Do the math. Put her in the car at her weight, then put me or Tony Stewart in the car at 200 pounds and our car is at least 100 pounds heavier.

"I won't race against her until the IRL does something to take that advantage away."

The IndyCar Series does not consider the weight of the driver in its race specifications. The car has to weigh at least 1,525 pounds before the fuel and driver are added, and teams in Indy have estimated that Patrick will gain close to 1 mph in speed because of her small stature.

No doubt the weight advantage is real, but so what? Sports are full of situations in which one competitor has a physical advantage over another. Presumably, Gordon's current position is at least partly due to his good reflexes. Should he have to put some kind of damper on his steering wheel so that I have a shot against him?

Posted by ekr at 7:21 PM | Comments (8) | TrackBack

EKR's Comments on NNTP over TLS

Comments on draft-ietf-nntpext-tls-nntp (these comments are on the very similar -05 version, rather than the current -06 version): 
To: IESG
Subject: Comments on draft-ietf-nntp-tls-nntp-05.txt
Cc: [Authors]
Date: Tue, 24 May 2005 08:22:57 -0700
From: EKR

I just reviewed draft-ietf-nntp-tls-nntp-05.txt. I see that it's
in Last Call Requested, so consider these some early LC
comments:

S 2.2.2.1 reads:

     If the NNTP client decides that the level of authentication or
     privacy is not high enough for it to continue, it SHOULD issue a
     QUIT command immediately after the TLS negotiation is complete.  If
     the NNTP server decides that the level of authentication or privacy
     is not high enough for it to continue, it SHOULD either reject
     subsequent restricted NNTP commands from the client with a 483
     response code (possibly with a text string such as "Command refused
     due to lack of security"), or reject a command with a 400 response
     code (possibly with a text string such as "Connection closing due
     to lack of security") and close the connection.

I don't understand how this happens. TLS includes a negotiation mechanism.
Implementations shouldn't offer ciphersuites that they aren't willing to
accept when they complete. If you mean that you get a certificate
that you subsequently decide you don't like, that's a slightly 
different issue and I think deserves special discussion.


     o  The client MAY check that the identity presented in the server's
        certificate matches the intended server hostname or domain.
        This check is not required (and may fail in the absence of the
        TLS server_name extension [TLS-EXT], as described above), but if
        it is implemented and the match fails, the client SHOULD either
        request explicit user confirmation, or terminate the connection
        but allow the user to disable the check in the future.
     o  Generally an NNTP server would want to accept any verifiable
        certificate from a client, however authentication can be done
        using the client certificate (perhaps in combination with the
        SASL EXTERNAL mechanism [NNTP-AUTH], although an implementation
        supporting STARTTLS is not required to support SASL in general
        or that mechanism in particular).  The server MAY use
        information about the client certificate for identification of
        connections or posted articles (either in its logs or directly
        in posted articles).

I don't understand the underlying authentication model here. Roughly
speaking, there are two ways to use certificates:

PKIX:
    Certs are signed by some third-party CA. This is an attestation
    that the key in the cert corresponds to the named end-entity.
    If you're relying on the certificate in this way, then you
    must verify the peer identity or there's no point in verifying
    the cert at all, since any idiot can obtain one.

Key Carrier: 
    The certificate is unsigned and is just used as a way to carry
    the key. Variants of Key carrier include "fingerprint" where you
    check that the cert matches some externally exchanged fingerprint
    and leap-of-faith" where you check that the same cert is used
    every time. In all three of these environments, it doesn't make
    any real sense to verify the peer host name, except to detect
    misconfiguration.

The text you have here doesn't seem to well match either model.


S 5:
     Both the NNTP client and server must check the result of the TLS
     negotiation to see whether an acceptable degree of authentication
     and privacy was achieved.  Ignoring this step completely
     invalidates using TLS for security.  The decision about whether
     acceptable authentication or privacy was achieved is made locally,
     is implementation-dependent, and is beyond the scope of this
     document.

As noted above, it's not really sensible to ask whether a sensible
level of privacy was achieved b/c that's inherent in TLS's 
handshake. The right question is about peer identity. As an implementation
note, most TLS stacks let you force the policy rules for peer
authentication into the handshake process, so you don't even
get to this stage if the peer's credentials aren't ok.


     The client and server should also be aware that the TLS protocol
     permits privacy and security capabilities to be renegotiated mid-
     connection (see section 7.4.1 of [TLS]).  For example, one of the
     parties may desire minimal encryption after any authentication
     steps have been performed.  This underscores the fact that security
     is not present simply because TLS has been negotiated; the nature
     of the established security layer must be considered.

Yes and no. 
     
     1. Peers *can* renegotiate, however, this very rarely happens
	because the semantics aren't well-defined. In particular,
	there are I/O deadlock issues unless you're fairly careful.

     2. Either peer can offer renegotiation, but the other peer
	can ignore the request. The consequences here are a little
	undefined (see above).

     3. Renegotiation can't be forced by any outsider.

     4. You can guarantee that your security properties can't 
	change by only offering/accepting the same ciphersuites
	post-renegotiation as before. This may result in a 
	connection loss, but not a failure. cf. My previous 
	comments about not TLS negotiating algorithms you don't
	like. 


I wanted to note this sentence in particular:

     For example, one of the parties may desire minimal encryption after
     any authentication steps have been performed.

I hear this kind of thing a lot, usually for performance reasons.
Modern computers can encrypt at a truly tremendous rate. For
background

FreeBSD 5.3, P4, 3GHz,
------------------------
RC4		123 MB/s
MD5		308 MB/s
SHA-1		115 MB/s
AES-128		 70 MB/s

So, in practice you can saturate a GigE line with SSL/TLS traffic without
too much effort. If we assume that you use the fastest algorithm: RC4/MD5,
you see a 4x performance improvement removing RC4. However, if you
are using SHA-1 (as is current recommended practice) you only get a
factor of 2, which isn't that impressive. I would generally avoid
encouraging WGs to advise people to turn off encryption for performance
reasons. 

-Ekr

UPDATE: You can find the discussion thread resulting from this comments here.

Posted by ekr at 9:03 AM | Comments (4) | TrackBack

Fischer Black and external memories

Tyler Cowen quotes (summarizes?) from a biography of Fischer Black:
He did almost all of his work in an outlining program called ThinkTank, which he used as a kind of external associative emmory to supplement his own. Everything he read, every conversation he had, every thought that occurred, everything got summarized and added to the data base that swelled eventually to 20 million bytes organized in 2000 alphabetical files...Reading, discussion and thinking that Fischer did outside the office was recorded on slips to paper to be entered into the database later. Reading, discussion, and thinking that took place inside the office was recorded directly. While he was on the phone, he was typing. While he was talking to you in person, he was typing. Sometimes he even typed while he was interviewing a prospective job candidate, looking at the screen not the candidate.

My memory is pretty good but about two years ago I had to give in and offload my scheduling memory to a PDA. I haven't tried offloading my actual memory yet. Any EG readers try something realy extensive like this and want to share the results?

Posted by ekr at 8:39 AM | TrackBack

The FTC, ISPs, and zombies

The FTC has launched Operation Spam Zombie in an attempt to control spam. Here are the five recommendations they sent in their letter to 3000 ISPs:

These actually seem like fairly sensible recommendations, with the possible exceptions of the first point. A lot of ISPs already implement port 25 blocking, but I'm not sure it really makes that much sense. After all, it's not like it's really that hard for a zombie program to connect to the ISP's SMTP server (get that information from the user's legitimate mail program), and I understand that some malware already does this. The chief benefit of blocking is that it provides a central control point, which makes rate limiting easier. But you could do much the same thing with either passive monitoring or transparent interception and gatewaying. (Phil Karn raises the same point here)

Most of the public attention has focused on the fourth point: that ISPs should actively shut off people's zombied PCs. Response has generally been fairly positive (see the NANOG thread here) and my intuition is that this is a good idea. To a great extent, spam is enabled by poor end-user system security and since the cost to the end-user of being a spam zombie is comparatively low, we have a classic public good sitution, with the public good, in this case being systems security, being underproduced. Giving users a reason to keep their systems secure (in order to keep being able to send mail) helps give them the proper incentives.

Posted by ekr at 8:31 AM | Comments (30) | TrackBack

May 27, 2005

Irisprints or fingerprints?

Wired News reports (unsurprisingly) that DHS expects international travel to require fingerprints or iris scans in the near future. If, like me, you're skeptical this will prevent terrorism, but concerned about privacy, you should probably prefer iris scanning to fingerprints. Iris scanning is a pure authentication technology with no real forensic uses: if the feds have your iris code, all they can do is determine whether a new scan matches the stored scan. By contrast, as everyone who watches CSI knows, you leave your fingerprints everywhere you go, so even if you're not scanned in real time, you're leaking personal information everywhere you go.

I try not to think about what it's going to be like when the feds want to use DNA-based biometrics.

Posted by ekr at 11:23 AM | TrackBack

May 26, 2005

Half-baked idea of the day: Internet OK light

Debugging end-user Internet failures is a big pain for consumers and ISPs alike. Typically when you call up your ISP, the first thing they want you to do is reboot your computer, turn off your firewall, etc. This consumes enormous amounts of end-user and help-desk time. Even if the problem ultimately turns out to be something totally out of the ISP's control (e.g. browser misconfiguration) it still costs the ISP quite a lot of money to determine that (I've heard numbers around $10/call). Worse yet, from the consumer's perspective, it can take hours and several escalations to convince the ISP that the problem is on their end (No, the net's not working. No, the D and B channel lights don't work. In fact, there's no tone at the MPOE, so it's pretty clearly your problem.)

Now, these debugging procedures made some sense in the days of modems, but if you have broadband, you almost certainly have some kind of modem/router/bridge, etc. Put an LED on the front labelled "Internet is working". The device monitors the status of the network in a bunch of ways:

  1. The status of the link (most devices do this already).
  2. The nameserver works (this is often configured in, but the device can determine it from which nameservers the user's computer uses).
  3. The first hop gateway is accessible.
  4. Some assortment of remote hosts (controlled by the device manufacturer) are reachable.
If everything is good, the LED is green. If it's not, the LED is red. If it's green, don't bother calling your ISP, because there's nothing they can do. If it's red, the ISP doesn't need you to reboot the computer, turn off their firewall, etc. because the problem's on their end.

Obviously, this works best if the ISP is purely in the packet carrying business. If they provide integrated service, e.g. E-mail, VoIP, etc., then those services can be broken even if the basic Internet connection is broken. Even in these environments, though, a system like this would speed up debugging, since you could eliminate network problems right away.

Posted by ekr at 8:55 PM | Comments (2) | TrackBack

May 25, 2005

Speculation: Cipro overuse?

It appears to be standard practice for westerners travelling to Southeast Asia (and other places, for all I know) to be prescribed Cipro as a "just-in-case" measure, in particular for serious traveller's diarrhea. However, there are two obvious ways this can go wrong:

First, a large fraction of travellers get some kind of GI problem. Since you have the Cipro (and it expires relatively quickly), it's tempting to take it just to be sure. (Note that Cipro can of course cause its own GI problems, but people often don't know this). Of course, most people don't get bad traveller's diarrhea, so instead of taking the Cipro while on vacation, they just bring it back with them. That's not a problem if it just sits on the shelf, but it's very common for patients to pressure doctors for antibiotics in a futile attempt to cure colds, flu, etc. I wonder how they behave if they happen to have some Cipro lying around.

My friend Kevin suspects that the second form of overuse isn't likely to be much of a problem: sure, people are likely to overuse something like amoxicillin, but Cipro seems high-powered and scary, so he argues that most people won't take it without direct instruction. I'm not so sure. As always, actual data is welcome.

Posted by ekr at 2:58 PM | Comments (3) | TrackBack

May 24, 2005

The market price for your financial information

Terence Spies pointed me to this article on a Wachovia/BofA security breach:
"We are getting calls from those who are concerned, which is understandable," she said. "When we tell them what we are doing, they are relieved."

Zisa has said Orazio Lembo Jr., 35, of Hackensack, made millions of dollars through the scheme but spent most of it on a fast-paced lifestyle.

Authorities discovered the plot after they executed a search warrant at Lembo's apartment in February as part of a separate investigation. They seized 13 computers which contained details about the plan, Zisa said.

Lembo received lists of people sought for debt collection and turned that information over to the seven bank workers, who would compare those names to their client lists. The bank workers were paid $10 for each account they turned over to Lembo, Zisa said.

This kind of thing is already old news, but this is the first time I've actually seen the price per account listed: $10. Of course, in a competitive market, the price of a commodity quickly declines to the marginal cost of production....

Posted by ekr at 10:27 AM | Comments (2) | TrackBack

Finally, a virus that does something interesting

One of the things that's been puzzling infosec types for a long time is why malware is so lame. Typically it just propagates itself and any damage is purely collateral as a side-effect of spreading. It would be easy to do something destructive, so why doesn't it happen more. (Witty is the one well-known counterexample).

Thus, it comes as something of a relief to see some malware that actually mounts a sort-of-interesting attack:

Washington - Computer users already anxious about viruses and identity theft have a new reason to worry: hackers have found a way to lock up the electronic documents on your computer and then demand $200 (about R1 200) over the Internet to get them back.

Security researchers at the San Diego-based Websense uncovered the unusual extortion plot when a corporate customer they would not identify fell victim to the infection, which encrypted files that included documents, photographs and spreadsheets.

A ransom note left behind included an e-mail address, and the attacker using the address later demanded $200 for the digital keys to unlock the files.

Apparently in this case they managed to decrypt the data somehow, but it's merely a matter of time till the viruses get good enough to stop that (hint: public key cryptography).

As always, don't panic. This is just a particularly annoying kind of hard drive crash (actually better in some respects since you have the opportunity to get your data back for $200. The going rate for standard hard drive failures seems to be more like $300-400.) Anyway, the solution is the same: backup your computer.1

1 I've heard suggestions of malware that will contaminate your backups for weeks before finally destroying your data, but I wouldn't expect to see that any time soon. Still, a good reason to do test restores.

Posted by ekr at 9:23 AM | Comments (2) | TrackBack

May 23, 2005

Filibuster compromise?

So, let me see if I have this right: in return for the Republicans "agreeing" not to use the nuclear option in return for the Democrats agreeing not to filibuster Brown, Owen, and Pryor. [*]. Maybe I'm missing something, but weren't Brown and Owen the nominees that the Democrats found most objectionable? The dignity of the senate aside, the purpose of the filibuster from the Democrat's perspective is to allow them to block senate action they don't like. There's not a lot of point in preserving the right to filibuster if you can't actually use it.

This would be a plausible-seeming compromise if the Democrats had extracted a real commitment but it doesn't seem to me that they have:

But Republicans said they are free to back a ban if they believe Democrats act in bad faith and filibuster a nominee whose credentials do not amount to an "extraordinary" circumstance. "We don't think we're going to get there," said Sen. Mike DeWine (R-Ohio), adding that he will not hesitate to vote to ban judicial filibusters if he concludes the Democrats are abusing the right.

How is this not complete capitulation by the Democrats?

Posted by ekr at 9:00 PM | Comments (7) | TrackBack

Campaign finance mailing list hygiene

Mrs. Guesswork just got an offer to:
join President Bush, Laura and the entire Republican Congressional leadership as they gather on the evening of June 14th here in Washington D.C.
For a small donation to the National Republican Senatorial Committee and the National Republican Congressional Committee of course... And will you allow all of us to recognize and honor the important role you have played over the years?

There's just one minor problem here. Mrs. Guesswork definitely hasn't played any important role in aiding President Bush, because.... Mrs. Guesswork isn't a U.S. Citizen or Permanent Resident and so couldn't donate any money to the the Republican National {Senatorial,Congressional} Committee even if she wanted to. If you're wondering how that guy on the terrorist watch list got hit up for money by the Republicans, you've pretty much got your answer: bad mailing list hygiene. On the other hand, isn't it kind of comforting that the Republicans don't have--or aren't using--your personal information to scrube their mailing list?

Posted by ekr at 8:14 PM | Comments (2) | TrackBack

Orr on ID

H. Allen Orr from U. Rochester has a very nice piece disassembling Intelligent Design. Also, check out his review of Behe's Darwin's Black Box.

Posted by ekr at 7:08 PM | Comments (8) | TrackBack

The Creation Museum

Terence Spies pointed me to this article about the Creation Museum, devoted to countering "evolutionary indoctrination". Check out the Museum Walkthrough, including exhibits on the Garden of Eden, T. Rex menacing Adam and Eve, and Noah's Ark. Outstanding!

Posted by ekr at 8:03 AM | Comments (1) | TrackBack

May 22, 2005

NY scraps subway photo ban

NYC has decided not to ban photography in the subway after all. Of course, they still "will continue to investigate and intercede if necessary, if the activity photo-related or not is suspicious." I'm not counting on the NYPD having that great a sense of what's suspicious, but this is still better than a total ban.

Posted by ekr at 5:26 PM | TrackBack

Ouch!

Watching Howard Dean on Meet The Press

Dean: Some of the things the president said on our way into Iraq. They just weren't true and I don't think that's right.
Russert: Such as?
Dean: Such as the weapons of mass destruction, which we have all known about.
Russert: You said there were weapons of mass destruction.
Dean: I said I wasn't sure, but I said I thought there probably were. But the thing that really bothered me the most, which the 9/11 commission said also wasn't true, is the insinuation the president continues to make to this day, that Osama bin Laden had something to do with supporting terrorists that attacked the United States. That is false. The 9/11 commission chaired by a Republican said it was false. It is wrong to send people to war without telling them the truth. And the truth was that Osama bin Laden was a very bad person who was doing terrible things, but that Iraq was never a threat to the United States. That is the truth. It was underlined by the 9/11 commission, headed again by a Republican--well respected group of people--I don't think you send American men and women to war, first of all without properly equipping them, and secondly without telling the truth to their parents about why it is you're asking [them] to make that sacrifice. So, those are the kinds of things that I think are very bad about the Republicans.

Russert doesn't seem to catch the error. Obviously this is just a verbal slip, but it kind of undercuts your message about Bush falsely accusing Saddam Hussein if you yourself can't keep him and Osama bin Laden separate.

Posted by ekr at 8:34 AM | Comments (2) | TrackBack

May 21, 2005

Bad actors

Sit down and watch TV or even your average movie and notice how terrible most of the acting is. Obviously, there are a few great actors (De Niro, Brando, Hugh Laurie, etc.) who really seem to be the character they're playing, but most of the time it's acutely obvious that the actor is faking. (Mrs. Guesswork likes to watch Charmed where this feature is particularly in evidence.) Consider some potential theories for the low quality of acting:
  1. It's incredibly hard to actually fool other humans, so even the best actors aren't very convincing. So, while the market may be efficient, there just aren't enough good actors for all roles to be filled by convincing actors. I'm skeptical of this theory because people seem to get regularly fooled by all manner of con-men, fraudsters, etc. (Required reading: Influence: Science and Practice by Robert Cialdini.
  2. The market is efficient but it's selecting for some factor other than pure acting talent--being very attractive, for instance. If you watch a lot of evening TV (e.g. The WB) this seems like a plausible theory, but consider that the number of attractive people far exceeds the number of actors, so this really brings us back to option 1, there aren't enough attractive people who are also good actors.
  3. The market isn't efficient, but is mostly driven by factors other than actor quality, e.g., nepotism, ability to convince directors you are easy to work with, etc. So, unsurprisingly, you end up with a lot of bad actors who are well-connected. The fact that so children of actors often become actors themselves is sort-of evidence for this, but it could also be a result of those children being on average better actors than other people, so this isn't exactly what you'd call absolute proof.

Any other theories?

Posted by ekr at 5:15 PM | Comments (10) | TrackBack

May 20, 2005

A compromise for chronic pain relief?

Radley Balko's been doing a good job of covering the DEA's war on pain specialistsnarcotics diversion. See here, here, and here. It seems pretty likely that the DEA's prosecution of pain specialists is causing chronic pain to be undertreated:
The charges against Deonarine and other deaths involving OxyContin have had a chilling effect on doctors who treat chronic pain patients, according to Dr. Pamela Sutton, a pain management specialist with the North Broward Hospital District. One doctor told Sutton that he would only give the drug to patients in the hospital, while another said he would not prescribe it to anybody.

The problem, of course, is that chronic pain patients tend to develop a tolerance for opioids and so will eventually require enormous doses, which would be consistent with abuse in normal users. So, it's very hard to tell purely from dosage whether appropriate levels of opioids are being prescribed. If the DES is going to second-guess doctors, this is naturally going to make them very unwilling to prescribe high-dose therapy, leaving some patients undertreated.

It probably goes without saying that I think that the whole idea of the DEA second-guessing the opioid prescriptions doctors write--indeed, the whole notion that doctors should be expected to distinguish between drug-seekers and people in genuine pain--is absurd. However, I despair of the United States getting over it's national hysteria over drugs any time soon, so it's time to think about harm reduction.

What we need is some procedure that would let doctors prescribe high doses while being reasonably sure they weren't going to be arrested. The obvious approach is to have some scheme where doctors get prior approval for prescriptions above a certain level, either from the DEA or from some panel of other doctors. Doctors who followed that procedure would be exempt from prosecution resulting from writing those prescriptions. If the DEA is really sincere about allowing appropriate pain therapy while stopping diversion, they should be willing to embrace such a scheme.

Posted by ekr at 9:34 PM | TrackBack

The impact of Quran desecration

No doubt by now you've heard the Quran-in-the-toilet Newsweek article. Now, stories about US interrogators exploiting Islamic taboos are old news, but there's something sort of interesting about this particular one. Most of the stories center on forcing prisoners to personally violate religious prohibitions, such as contact with pork, menstrual blood, etc. Note in particular that a number of these trigger disgust reactions.

But in this case, what's happening is that the prisoner is being forced to observe someone else desecrating the Quran, not being forced to do it themselves. This isn't a simple matter of taboo violation: you wouldn't expect prisoners to react that badly if the interrogator walked in eating a ham sandwich. Rather, I think the point here is that the interrogator is showing disrespect for Islam.

This technique also seems to rely for effect on the interrogator/torturer not being muslim; what's enraging about the desecration of the Quran is that it's an expression of contempt for Islam by the interrogator. and that effect is lost or at least weakened if the interrogator is known to be muslim, since then the desecration is purely a matter of violating a taboo, not really expressing contempt--except maybe fake contempt.

Posted by ekr at 9:09 PM | TrackBack

First release of OpenSSL with DTLS

OpenSSL has just released OpenSSL 0.9.8beta1, which includes support for Datagram TLS, thanks to Nagendra Modadugu and Ben Laurie.

Posted by ekr at 6:19 PM | TrackBack

May 19, 2005

Another TCP DoS attack: please, please, make it stop!

Yet another vulnerability in TCP implmenetations has been published. Like the previous two, this allows a blind attacker to shut down a given TCP connection. As before, this really only affects long-lived protocols like BGP. So, while this could, I suppose crash the Internet (though there are by far easier ways to do so) it's probably not something you personally have to worry about.

Posted by ekr at 7:37 AM | Comments (1) | TrackBack

May 18, 2005

How much would it cost to record every phone call?

Mark A.R. Kleiman says that NSA captures pretty pretty much all voice traffic and then sifts through some of it later:
The only rational explanation I can invent is that the NSA's habit of catching everything that flies, while an open secret, is still officially a secret. And the practice, however legitimate, is almost certainly technically illegal.

The wiretapping laws treat a conversation as having been "intercepted" (and, if it's a conversation between U.S. persons and no Title III warrant has issued, illegally intercepted) when the conversation is recorded, not when the record is transcribed. So if, as widely reported, the NSA records everything but only transcribes the international traffic it's legally entitled to listen in on, it's probably violating the letter of the law every day. I'm told that there is, as a technical matter, no way to intercept only conversations that cross national boundaries. Maybe Title III needs to be amended.

If you're a networking type, the obvious question is how practical this is.

First, we need to estimate the total amount of data involved here. I'm having trouble finding statistics on total wireline minutes (the FCC's stats are here but they only have minutes for InterLATA calls), so let's start with wireless, for which we can get good statistics):

Mobile Wireless Telephone Subscribers (June 2003)147.6 million
Average Monthly Wireless Minutes of Use (Dec. 2002)427

This works out to about 5,000 cell minutes per year.

So, the storage cost is extremely practical, but let's ask what the cost of the recording equipment is.

Obviously these are back of the envelope estimates:

Bottom line, you should be able to tap all voice traffic in the US for order $100 million in fixed costs and maybe another $100 million in recurring equipment costs. The NSA's budget is reportedly around 3.6 billion.

UPDATE: Richard Akers is skeptical that the NSA actually records all voice traffic (see the comments section). I'm not saying they do, since I have no independent information here. I'm just saying that as a pure matter of cost it's fairly doable.

Posted by ekr at 8:14 PM | Comments (2) | TrackBack

May 17, 2005

Important safety tip

If you can, try to avoid having a root canal. If you must have a root canal, try to avoid having it in a molar at the very back of your mouth. Trust me on this one.

Posted by ekr at 7:10 AM | Comments (3) | TrackBack

May 16, 2005

Shorter enlistments

Yahoo news reports that
The Army, faced with a severe and growing shortage of recruits, began offering 15-month active-duty enlistments nationwide Thursday, the shortest tours ever.

The typical enlistment lasts three or four years; the previous shortest enlistment was two years.

Maj. Gen. Michael Rochelle, the head of the Army Recruiting Command, said 2006 could be even worse than this year, a continuation of "the toughest recruiting climate ever faced by the all-volunteer Army."

Recruits in the new 15-month program could serve in 59 of the more than 150 jobs in the Army, including the combat infantry, and then serve two years in the Reserve or National Guard.

They would finish their eight-year military obligation in the Guard or Reserve, volunteer programs such as AmeriCorps or the Peace Corps, or the Individual Ready Reserve, a pool of former active-duty troops who can still be called to duty but aren't affiliated with any military unit.

Wait, isn't the army already extending people's enlistments? In order for a reduced enlistment to be attractive, it seems they would need to be able to credibly commit not to extending the terms of these new enlistments.

Posted by ekr at 8:17 PM | Comments (4) | TrackBack

Conceding to the religious right

Matthew Yglesias argues on tactical grounds that liberals should concede some minor issues to the religious right:
Now the poll doesn't directly state what about the Christian right is well regarded if its stance on abortion isn't. It does, however, provide at least two examples of Christian right caucus that, unlike abortion restrictions, really are popular. One is letting public schools teach creationism along with evolution. Another -- and this one, unlike the evolution thing, is really wildly popular -- is putting the ten commandments up in public buildings. You should look at the data yourself and see exactly how popular this is, because I think a lot of readers will have trouble believing it. Public support is totally overwhelming, opposition is very much a marginal view. But opposition is highly concentrated in a single politico-demographic group that Pew rather unhelpfully labels "liberals." These liberals don't exhaust what we normally think of as the category of liberals. Rather, it's people like me -- white, reasonably prosperous, highly educated, secular folks. That describes me, the vast majority of people I know, and probably describes the vast majority of my readers and the vast majority of the people we know. Our views on lots of stuff are perfectly mainstream and, even where not always held by most people are at least broadly present in America. But not about the ten commandments. It's just us. Other sorts of Democrats are against us. Swing people are against us. Republicans are against us. Overwhelmingly.

If you ask me this and related issues would be fruitful areas for compromise. I wouldn't say posting ten commandments on public buildings is a good idea. It strikes me as slightly silly, mildly wasteful, and vaguely offensive. But it's honestly not a big deal. Abortion and reproductive rights matter. A lot. So does trying to maintain forward motion on the gay rights front. So do the basic economic issues, so does foreign policy. Ten commandments? "Under God" in the pledge of allegiance? Taxpayer dollars financing Christmas displays in the town square? That stuff doesn't really matter. I'd be happier were it otherwise, but if that kind of token gesture toward the concept that this is a Christian (or, as they say, "Judeo-Christian," whatever that means) country is what it takes to get support for a progressive political agenda, then sign me up. And I think most liberals will agree with me on that. The location of stone slabs is, like the precise number of bullets you can put in your ammo clip, not something that's worth losing elections over. Now where I'll probably lose your support is when I say that I don't even really care about the school prayer question, but speaking from experience I was forced to engage in sectarian Christian prayer in my (non-public) school and it was fine.

Now, it's perfectly clear from the Pew data that Matt cites that there's a lot of support (75%) for posting the 10 commandments and I'm willing to concede that whether the 10 commandments are posted in school is relatively small beer (though I don't think I agree about creationism), but the argument that this is a good idea depends on the assumption that moving a little bit towards the religious right will pick up that much support for Matt's progressive agenda. This seems to me to sort of implicitly assumes that there's a vaguely bell-shaped curve with the median centered somewhere around the question of whether the 10 commandments should be displayed, so that changing one's position would let you pick up a substantial number of votes.

But if it's for instance, bimodal, with 75% of the population wanting to have mandatory prayer in schools and the other 25% being against any religious displays. In that case, budging a little bit on the 10 commandments isn't going to gain liberals any significant amount of support at all. With this distribution, unless you're willing to concede on mandatory school prayer, which I doubt most liberals are, there's no set of moves along this axis that buy you much. Now, I'm not saying that I know which distribution this country has. Unfortunately, the Pew data doesn't really let us distinguish them. But wouldn't you want to know before making this kind of tactical compromise?

Posted by ekr at 7:53 PM | Comments (11) | TrackBack

What can the evidence tell us about information security?

You can find the slides from my talk at the Information Security Decision Conference in Chicago: "What can the evidence tell us about information security?" here.

Posted by ekr at 7:34 PM | Comments (2) | TrackBack

May 15, 2005

Ethical implications of evolution

I spent some time cruising the Intelligent Design Network site. The last few grafs of William Harris and John Calvert of the Intelligent Design Networks's Intelligent Design: The Scientific Alternative to Evolution provide a clue to the quality of the reasoning and what the IDN thinks the stakes are:
Did God create us or did we create God? Do we have inherent purpose or are we free to define our own purpose? The answers to these questions are key to any discussion of ethics. The late Professor William Provine helps us understand the deeper implications of a naturalistic, materialistic, and Darwinian worldview.
First, modern science directly implies that the world is organized strictly in accordance with mechanistic principles. There are no purposive principles whatsoever in nature. There are no gods and no designing forces that are rationally detectable. Second, modern science directly implies that there are no inherent moral or ethical laws, no absolute guiding principles for human society&. The conflict between science and religion is to the extent that persons who manage to retain religious beliefs while accepting evolutionary biology have to check their brains at the church-house door.71
Is Provine right or wrong? If one takes for granted that natural phenomena are not designed, he is logically correct. That is because purpose only derives from a mind that has the capacity to arrange future events for a purpose. Law and chance simply do not have the capacity to contemplate the future and aim at a goal.

Accordingly, a Darwinian or evolutionary worldview has profound ethical implications that are diametrically opposed to those flowing from a theistic worldview. Ethical decisions dramatically depend on whether we are or are not designed for a purpose. For example, we have a natural reluctance to act contrary to the plans and purposes of another mind absent a rational and reasonable justification. A land developer who discovers an ordered assemblage of stones in a field that appears to be an ancient graveyard would pause and reflect before he moved them. He would at least consider the implications before he violated the clear intentions and purposes of an ancient civilization. But if the stones were simply strewn willy-nilly across the field due to a flood or avalanche, he would without a thought bulldoze them into a ditch.

Similarly, if life is an accident, why not alter it to suits our needs? If we can, why not make human clones? Why not abort unwanted children? Why not euthanize the "useless" Why not end a challenging marriage? Why not cheat on our taxes? Why not "steal, kill, and destroy?" Ordinary people intuitively recognize that with no overarching, inherent purpose in life, anything that is consistent with the purposes created in our own minds is acceptable. "If there is no God, all things are permissible."72 However, if (and there is no bigger if) life is not just an accident or occurrence, but is something that has been designed and made, then life must have an inherent purpose. If purpose pervades life, then we pursue actions contrary to that purpose at our peril. Manipulating our genes to produce "designer humans" may conflict with an intended but currently unknown purpose of standard procreation and may result in disasters unimaginable. How extensively should we tinker with life when we do not know its intended purpose?

The bioethical implications of ID are clear, not only for individuals, but for culture as well. Who will tell us whether we should clone humans, traffic in human organs, inflict capital punishment? Who will sit at the head of the cultural table? Who is even allowed at the table? Naturalistic science tells us that it will provide the "facts," and it will tolerate theologians and philosophers as they opine about purpose and meaning. But materialistic science has already concluded that there is no inherent purpose in life, so what true role remains for religion? Why give any credence to individuals who have deluded themselves into the false notion that life has purpose? They are like the couple that must be invited to the party for political reasons but whose quaint views are ignored. What if life really is designed and truly has purpose? What then for science? If so, then religion not only deserves a place at the table, it may deserve to be at the head.

71William Provine, "Evolution and the Foundation of Ethics," MBL Science 3.1 (1998); 25-29
72Fyodor Dostoevsky, The Brothers Karamazov (Cutchogue, NY; Buccaneer Books, 1996).

Winston Smith does a pretty good job of demolishing the claim that God is needed to provide morality (the Divine Command Theory) here (read the whole thing):

Though there's no time now for me to go through the failings of the DCT in detail, let me just end on this note: The DCT is simply moral subjectivism writ large. The DCT proper is merely divine subjectivism (or an individualistic version of divine relativism, if you prefer). According to the pure form of the DCT, right acts are right and wrong acts are wrong merely because God says that they are. There is no rhyme or reason to morality, no objective reason that murder is wrong, no reason that God cannot change his mind tomorrow and make genocide and rape not only permissible but obligatory.

...

So no sensible theist is a divine command theorist. But if a theist is not a divine command theorist, then he has no philosophical advantage over anyone else. A theist who is not a divine command theorist believes that right acts are right for some reason other than God's commanding them. Consequently, such a theist still faces the task of understanding and explaining why right acts are right. If God's commanding them doesn't make them right, then something else does--and the theist is in no better position to figure out what that is than the rest of us are.

Actually, the situation is rather worse for Intelligent Design because ID doesn't get you all the way to belief in God as the proximal cause of our existence. Even if you accept the basic principle of ID, namely that our existence (and the existence of all the extant species on Earth) is so improbable that it can't have occurred by evolution but must rather have been designed, that only demonstrates that there must have been some designer, not that that designer is God. And even if you subscribe to the DCT, that doesn't mean that that theory necessarily extends to any arbitrary designer.

To sharpen this point, consider the following thought experiment. Suppose we finish processing the entire human genome and somewhere in the junk DNA on chromosome 15 is the sequence "Designed on Alpha Centauri by Genomic Systems, Ltd., All Rights Reserved." Moreover, the genomes of every other species we sequence contain similar copyright notices. So, it's pretty clear that we were designed by some bug-eyed monster living on Alpha Centauri. So far so good, except that said bug-eyed monster shows up and informs us that we were designed to serve as a cheap source of food for Alpha Centaurans, who love the taste of human flesh (it's a cookbook!!!!).

So, we know what our purpose was... to be a tasty source of protein. The DCT theory (and that espoused by Harris and Calvert and the IDN) indicates that we ought to go along with this purpose and offer ourselves up for fricasseeing. This doesn't seem like a very attractive outcome, and I rather doubt that Harris and Calvert would be the first in line to the slaughterhouse.

You can try to bypass this fairly disturbing conclusion by arguing that the Centaurans themselves must himself have been designed by some designer (ID arguments again), that that designer was God, and that having humans served as tasty appetizers is contrary to God's purposes. I.e., it's not the proximal designer's purposes that matter but that of the original designer (God). There are (at least) two problems here:

  1. We don't know that ID arguments actually apply to the Centaurans. The current ID arguments rely fairly heavily on the current structure of Earth-based life forms, the fossil record, etc. Maybe the Centaurans are constructed in such a way that these arguments don't work and so they weren't actually designed. After all, the ID argument depends on God not having being designed in order to avoid infinite recursion.
  2. Even if the Centaurans were themselves designed, it's not obvious that they were designed by God. Maybe they were designed by some other kind of aliens, who were themselves designed by aliens, etc. How many levels of indirection do we have to have before its the purposes of the proximal designer that count rather than the original designer? And how, exactly, are we to access the purposes of the nth-order designer when all of our contact is with the Centaurans, who, as mentioned before, want to turn us into appetizers?

So, even if ID is correct (and as far as I can tell it's more or less without merit), it isn't sufficient to demonstrate any reasonable kind of more principles.

Posted by ekr at 9:58 PM | Comments (32) | TrackBack

Observed speciation?

Creationists are fond of arguing that we've never observed speciation and that this casts doubt on evolution. For instance:
Darwinism's claim that new species arose from very gradual changes from older species is not observable either because the process is so slow that no one can live long enough to see it happen or because we have yet to fully understand the biochemistry which actually is the source of change. Accordingly, both theories rely upon indirect evidence.

Actually, there's a simple example of a single mutation which simultaneously renders the new organism unable to interbreed with the wild type (a common definition of species) and confers enormous reproductive advantage: navel oranges. Navel oranges are generally seedless and so can't easily breed with ordinary oranges. Navel orange trees are propagated by grafting (actually, most oranges are propagated by grafting, though in principle non-seedless oranges can be bred).

There's a natural tendency to argue that this doesn't really count because it's not natural. But there are lots of species which can't reproduce without the help of other species, either voluntarily (plant pollination by insects) or involuntarily (malaria). This is just a case where the organism has convinced humans rather than some other animal to assist in its reproductive strategy.

Posted by ekr at 2:37 PM | Comments (2) | TrackBack

May 14, 2005

Return of the broadcast flag

News.com reports that the MPAA is preparing a bill to give the FCC the authority to impose the broadcast flag:
The draft bill says, simply, that the FCC will "have authority to adopt regulations governing digital television apparatus necessary to control the indiscriminate redistribution of digital television broadcast content over digital networks." The District of Columbia Circuit nixed the flag on the grounds that the FCC didn't have the authority. This language would clear that up.

Outstanding.

Posted by ekr at 6:30 PM | TrackBack

May 13, 2005

Other exotic cat breeds

Savannah cats aren't the only exotic breed. The Exotic Cat Network has a list. Toygers are probably the coolest. They're cats designed to look like miniature tigers. The story of their development makes quite interesting reading.

Credit: Pointer by Terence Spies.

Posted by ekr at 9:41 PM | TrackBack

Savannah cats

Eu-Jin Goh pointed me to this NYT Article about the growing popularity of Savannah Cats: a cross between an African serval wildcat and domestic house cats (list of breeders here) that is about twice as big as an ordinary domestic housecat:

Savannahs (like many other wild animal crossbreeds) are illegal in a lot of places, but for reasons that aren't entirely clear. There's a fear that they're dangerous (servals, of course, are) though there aren't any known cases of Savannahs attacking people. The following passage gives you some of the flavor of the controversy:

That's not the way State Senator Carl L. Marcellino of Syosset, N.Y., sees it. Mr. Marcellino, the Senate sponsor of the state's exotic pet law, objects to the Savannah cat as something alien to the animal universe.

"Breeders are creating animals for commercial purposes that would never exist in the natural world," he said. "These hybrid species are threats to the environment and potentially to the families who think they are buying a family pet and could be purchasing a wild animal."

The Savannah cat has caused a stir about what makes an acceptable pet even among the largest and best known cat enthusiast groups.

"I'm told they're very loving, but I'm not sure I believe it," said Carol Barbee, the president of the American Cat Fanciers Association, which does not recognize the Savannah in its official registry. "We do not want to support designer breeds for the fad pet market."

Some Savannah owners are fighting for their rights with ammunition from another group, the International Cat Association, which does recognize the Savannah as a breed.

"They are the sweetest most gorgeous things you've ever seen," said Leslie Bowers, the association's business manager. Dr. Carolyn McDaniel, a consultant with the Cornell Feline Health Center, said that while Savannahs are popular across the country, she has noticed that they have become particularly alluring to city dwellers. "It's amazing to me that apartment dwellers are frequently the owners of these large semiwild cats," she said.

"I think they're beautiful," Dr. McDaniel added, but "I'll watch them on the nature channel."

In the face of all this talk about how unnatural Savannahs are, it's easy to forget that modern domestic animals don't really exist in nature either. I don't know too much about the direct ancestors of domestic cats, but dogs, descend from wolves, which you wouldn't want to keep as any kind of pet. Yet, there are plenty of dogs with very sweet dispositions (and of course others which are vicious). This isn't to say that Savannahs aren't dangerous--I've heard some negative things about wolf hybrids, for instance--but that's a question to be answered empirically. The mere fact that they're a hybrid doesn't really tell you much at all.

Posted by ekr at 4:04 PM | Comments (3) | TrackBack

May 12, 2005

IPsec/ICMP active attack and crypto rules of thumb

NISCC has published a vulnerability which could allow the disclosure of information in IPsec. The attack works when data is encrypted but not authenticated. The attacker intercepts an encrypted message, damages it,1 and forwards it to the recipient. When the recipient receives the damaged packet, it responds with an ICMP message containing the beginning of the decrypted (but damaged) packet.

This only works under two conditions:

  1. When the IPsec implementation is configured not to encrypt ICMP messages.
  2. When authentication isn't being used.
The key point is the second. When authentication/message integrity is used, the IPsec stack is supposed to discard damaged packets without generating an ICMP message, in order to protect against exactly this kind of attack (this is a classic crypto error).

One of the general rules of thumb in designing communication security protocols is that you should always use authentication when you use encryption. It's not that there is no safe way to use encryption without authentication/integrity, but just that there are a number of ways it can go wrong, so it's better to be safe. IPsec doesn't require you to use authentication/message integrity, but it's recommended practice.

That said, it's not clear how great the impact of this attack is. All IPsec stacks should let you turn on authentication/integrity and in my experience most people do use it. So, I wouldn't expect this to be a big source of disclosure of secret information.

1. Damaging it correctly turns out to be kind of tricky.

Posted by ekr at 9:36 PM | TrackBack

May 11, 2005

What's a supercomputer, anyway?

After reading Nick Weaver's post about export regulations for supercomputer use, you might ask yourself "How does the BXA decide what a supercomputer is, and why are they export controlled anyway?" As I understand the situation, there are certain design processes--chiefly those for advanced nuclear weapons, but also hydrodynamic simulations such as are used for propulsion screws--which require large amounts of computational power. Denying bad guys this kind of computing power makes it more difficult for them to design nukes, propellers, etc.

As computers's get faster, the level of computing power that qualifies a device as a supercomputer keeps going up. Back in 1994, it was 1,500 \ MTOPS (easily achievably by modern desktop computers). Now, it's 190,000 MTOP\ S. This is obviously necessary because otherwise we'd have the situation where Dell couldn't export their standard desktop machines. But here's the problem with this: just because computers are getting faster doesn't mean that the problems that we're trying to prevent bad guys from solving are getting any harder; the fact that a machine which was suitable for designing nukes in 1996 is now obsolete doesn't make it substantially less usable for designing nukes today. So, what are the important defense applications that require greater than 190,000 MTOPS?

Posted by ekr at 7:23 PM | Comments (5) | TrackBack

May 9, 2005

Open and/or free always beats closed and/or expensive?

In the process of complaining that PSP binaries are signed, Wonderland delivers this gem:
Open and/or free always bests closed and/or expensive. Sony should have learned this when they chose ATRAC over mp3 - and look how much that cost them: far more than pirates ever could have. I guess this means no homebrew games running off the sticks then. *pout*

No kidding? I guess that explains why Linux and OpenOffice are the dominant office productivity systems and Windows and Office are relegated to the sidelines.

Posted by ekr at 6:02 PM | Comments (3) | TrackBack

May 8, 2005

What do people die of (WISQARS)?

I recently had some cause to research leading causes of death and found the excellent CDC WISQARS system. This includes nifty tools for exploring

Here are some interesting data points:

Top 5 causes of death overall (US, 2002)
Heart Disease (696,947)
Malignant Neoplasms (557,271)
Cerebrovascular (162,672)
Chronic Low Respiratory Disease (124,816)
Unintentional Injury (106,742)

Top 5 causes of death ages 25-34 (US, 2002)
Unintentional Injury (15,412)
Suicide (5,219)
Homicide (4,489)
Malignant Neoplasms (3,872)
Heart Disease (3,165)

Top 6 causes of death by years of potential life before age 65 (US, 2002)
Unintentional Injury (2,159,266)
Malignant Neoplasms (1,903,274)
Heart Disease (1,434,511)
Perinatal Period (924,364)
Suicide (666,398)
Homicide (579,268)

Over 50% (1,166,780) of the years lost due to Unintentional Injury are due to motor vehicle injuries. If we counted it as a separate category it alone would be the third leading cause of death. Drive carefully, folks.

Posted by ekr at 7:17 PM | Comments (2) | TrackBack

What's wrong with RealID?

Congress is poised to pass the RealID Act real soon now. Basically RealID requires the states to produce a standardized drivers license and to positively identify you (including your SSN) before they issue it to you. The driver's license will have some sort of machine readable portion though what kind is uncertain: DHS will be setting the details, so it could be magstripe, bar code, or RFID. Finally, the states will ahve to link up their databases.

Like many of my colleagues, I'm not super-excited about this. I hate having to show ID and proving my SSN doesn't sound like fun--I don't even know where my social security card is. The RFID feature could be a real mess (see previous comments about RFID passports), and I don't see how this is really going to protect us against terrorists. On the other hand, I don't really see that this is the disaster that some people claim.

For instance, here's the list of complaints from Bill Scannell's UnrealID.com site.

1. Dead Cops.

The Real ID Act requires that you give your permanent home address: no PO boxes; no exceptions. What about judges, police, and undercover cops? Oops!!! Hey Senators, let's endanger our police and judges!!!

I'm pretty skeptical of this argument. Maybe that's what the law literally requires, but laws aren't software. If the states really want to issue false IDs, there will be a way to do it. Either (1) this is actually permissible under RealID (2) they'll ignore the law or (3) the law will get fixed. There's no constituency in favor of making it difficult for undercover police to operate. That said, I'm not particularly in favor of judges or police (other than undercover police) having an easier time lying about their address than I do.

2. Stolen Identities.

Our new IDs will have to make their data available through a "common machine-readable technology". That will make it easy for anybody in private industry to snap up the data on these IDs. Bars swiping licenses to collect personal data on customers will be just the tip of the iceberg as every convenience store learns to grab that data and sell it to Big Data for a nickel. It won't matter whether the states and federal government protect the data - it will be harvested by the private sector, which will keep it in a parallel database not subject even to the limited privacy rules in effect for the government.

If business really want to swip the personal data off of your driver's license, there's nothing really stopping them from doing it now. There are only 50 states and each has a standardized license. An OCR scanner that read the data off the license would really be quite easy to construct--certainly much easier than a