Outstanding!: December 2006 Archives


December 19, 2006

As you may have noticed, it's become quite inconvenient to get pseudoephedrine. Luckily, Pfizer has rolled out a replacement, Sudafed PE, containing phenylephrine, a common topical nasal decongestant Not so luckily, there's no good evidence that it works as an oral decongestant, and substantial reason to think it doesn't, as indicated in this review by Ronald Eccles (þ Robert Cohen via Radley Balko) :
The aim of this review was to investigate the rationale for replacing the nasal decongestant pseudoephedrine (PDE) with phenylephrine (PE) as a means of controlling the illicit production of methamphetamine. A literature search was conducted in electronic databases and use of textbooks. Restrictions have been placed on the sale of PDE in the USA in an attempt to control the illicit production of methamphetamine. This has caused a switch from PDE to PE in many common cold and cough medicines. PE is a poor substitute for PDE as an orally administered decongestant as it is extensively metabolized in the gut and its efficacy as a decongestant is unproven.

Pseudoephedrine, by the way, does work. Outstanding!


December 17, 2006

The Times runs the story of Donald Vance, a US contractor in Iraq who was an informant for the FBI and then was captured when the company he worked for was raided:
The detainee was Donald Vance, a 29-year-old Navy veteran from Chicago who went to Iraq as a security contractor. He wound up as a whistle-blower, passing information to the F.B.I. about suspicious activities at the Iraqi security firm where he worked, including what he said was possible illegal weapons trading.

But when American soldiers raided the company at his urging, Mr. Vance and another American who worked there were detained as suspects by the military, which was unaware that Mr. Vance was an informer, according to officials and military documents.


Nathan Ertel, the American held with Mr. Vance, brought away military records that shed further light on the detention camp and its secretive tribunals. Those records include a legal memorandum explicitly denying detainees the right to a lawyer at detention hearings to determine whether they should be released or held indefinitely, perhaps for prosecution.

The story told through those records and interviews illuminates the haphazard system of detention and prosecution that has evolved in Iraq, where detainees are often held for long periods without charges or legal representation, and where the authorities struggle to sort through the endless stream of detainees to identify those who pose real threats.

"Even Saddam Hussein had more legal counsel than I ever had", said Mr. Vance, who said he planned to sue the former defense secretary, Donald H. Rumsfeld, on grounds that his constitutional rights had been violated. "While we were detained, we wrote a letter to the camp commandant stating that the same democratic ideals we are trying to instill in the fledgling democratic country of Iraq, from simple due process to the Magna Carta, we are absolutely, positively refusing to follow ourselves."

A spokeswoman for the Pentagons detention operations in Iraq, First Lt. Lea Ann Fracasso, said in written answers to questions that the men had been treated fair and humanely, and that there was no record of either man complaining about their treatment.

She said officials did not reach Mr. Vances contact at the F.B.I. until he had been in custody for three weeks. Even so, she said, officials determined that he posed a threat and decided to continue holding him. He was released two months later, Lieutenant Fracasso said, based on a subsequent re-examination of his case, and his stated plans to leave Iraq.


The military has never explained why it continued to consider Mr. Vance a security threat, except to say that officials decided to release him after further review of his case.

In case it's not obvious, this is why the ordinary criminal justice system doesn't allow people to be held indefinitely without access to counsel or habeas corpus hearings. If your job is to catch and detain security threats, you don't have a lot of incentive to let people if you aren't totally sure about them. For that matter, you don't have a lot of incentive to sort out who's a security threat and who's not. The point of an adversarial system is to institutionalize that kind of incentive. Of course, in this particular case the suspect is an American citizen so he had family who could make a fuss (though as you can see above, it's not entirely clear why Mr. Vance was released, I imagine bad PR is something even the American military cares about.) I suspect that having your average Iraqi family upset about the fact that their son is being held incommunicado probably isn't quite as effective.



December 11, 2006

If you're a phisher your basic strategy is to convince the victim that he's talking to some site he regularly does business with. Now, you can't control the user's experience when he's talking to the legit site so what you do instead is make the experience you provide as much like the legit site as possible, hence tools for mirroring the site you're impersonating. If you're a potential victim of impersonation, you want to get the user into the habit of not trusting indicia that the phishers can easily indicate. To that end, you might want to tell your users not to click on URLs they receive in e-mail claiming to be from you. Unless, that is, you're Amazon:
From: Amazon.com Customer Service 
Date: 11 Dec 2006 11:42:28 -0800
Subject: Payment for Your Amazon.com Order (#ORDER-NUMBER-HERE)
To: ekr@rtfm.com
Cc: payment-update@amazon.com

Greetings from Amazon.com.

We're writing to let you know that we are having difficulty processing your
Visa (exp. YYYY/MM).

We will try charging your credit card again shortly. It is not necessary to
place a new order, but you may want to review the payment information for
your order and make sure it is correct and current.

To do this:

1. Go to our home page (www.amazon.com) then click "Your Account" on the
top right menu.

2. Choose the option "Change payment method" (found under "View by Order"
in the "Where's My Stuff" box).

3. After you sign in, you will see all your current open orders. You can
click the "View or change order" button beside any order and make changes.

4. Click "Change" button in the "Payment Information" box beside "Payment
Method." At this point, you may review your current payment method, choose
a different payment method, or enter a new one.

Thanks for shopping at Amazon.com.

Amazon.com Customer Service

Please note: This e-mail was sent from a notification-only address that
cannot accept incoming e-mail. Please do not reply to this message.

Now, this mail has been sent in plaintext (i.e., text/plain) so there aren't any links. (Though you could of course get caught by cutting and pasting out of the message.) Unfortunately, Gmail decided to help me out and turned everything that looks like a domain name or URL into a link. Now, as it happens I had screwed up something with my credit card and this isn't a phishing message and, but it just as easily could have been. For extra credit, if you put a link to a different location in your message, Gmail will display it exactly like the links it auto-formats. Outstanding!


December 4, 2006

In a post titled "Is there a simple way to make a pdf call home?" and filed in the category "good code", Larry Lessig asks:
Let's say you release a draft of a paper using PDF. But when people open the paper to read it, you'd like the PDF to check whether there's a more recent version available. If there is, you'd like it to indicate as much — somewhere. Obviously, you could always include a link that says "For the most current version, go here." But is there a way to say, "A more recent version of this document is available here."?

I'm sure a feature like that would never be abused!