Sunday, December 31, 2006

Propaganda was meant to be something we do well.

The botched execution of Saddam goes from bad to worse. The Al Zarquawi style snuff video with the hooded executioners was bad enough. A waiter should dress at least as well as his clientele, the same goes for executioners. Shouting vulgar abuse makes the condemned look less like a criminal and more like a victim. Saddam's grave has already become a monument for the insurgents.

The choice of crime (the judicial murder of 147 men and boy suspected of sympathizing with Prime Minister Maliki's party), the decision to carry out the execution on a day the Sunni observe a major holiday, the choice of the holiday (the day on which Muslims celebrate the willingness of Abraham to sacrifice his son Issac) were all intentional insults made by the Shia-Kurd dominated government against the Sunnis who will hold the US occupiers responsible regardless of the implausible denials comming from Washington.

How could the situation have been handled better? Simple, put Saddam on trial by an international tribunal. Bring charges that reflect the extent of Saddams crimes: the use of chemical weapons, the unprovoked attacks on Iran and Kewait. The trial of Milosevic left no doubt as to either his guilt or the fairness of the proceedings. By the time of his death Milosevic was a pathetic figure with few remaining supporters willing to continue the fight. The same is not true of Saddam and the blame for this is entirely due to the Bush administration.

Update: Apparently the abuse was hailing the Moktada al Sadr we are currently attempting to crush.

War Bloggers

Mainstream media commentary on the blog phenomenon tends to follow a common pattern. After a few breathless paragraphs about the power of the individual the reader is told that much of what appears in the blogosphere is dangerous opinionated nonsense.

What the reader is not told of course is that much of what is published in the mainstream media is dangerous opinionated nonsense. The left and right both complain about conservative or liberal bias but the real bias of the press is to constantly repeat the comfortable prejudices of the Washington beltway, prejudices that bear little resemblance to either reality or the real political concerns of the country.

The mainstream media in the US knows how to package celebrities and trivia. Predictable mediocrity delivers ratings more reliably than taking a risk. That's why the networks show an hour of Letterman and Leno every single night of the week despite the fact that neither manages to be funny for more than ten minutes a night. Both frequently go an entire night without being funny at all. Comedy depends on freshness and suprise, nobody can be funny for an hour five nights a week every week. The shows they host are both carbon copies of the tired formula Bob Hope established in the 1930s when he took his vaudeville act to the radio.

Political reporting and analysis follows the same model. This is why it does not matter how many times or how badly a pundit might be wrong. As Paul Krugman recently observed, if they are a familiar face with predictable opinions they will still get preference over any number of pundits whose predictions were accurate.

The blogosphere is sometimes held up as an example of the antidote to this situation but if you look more closely the blogsphere has pathologies of its own and not just those the mainstream media projects onto it.

In the first place we have to ask why the blogosphere happened when it did. The Web has been a mass media for over a decade. People have used the Web to write online political diaries for a decade. I had a politics site on the Web in 1992.

What has changed here is not the technology, it is the politics. The defining event for the blogosphere in the US was the invasion of Iraq. Until that point liberals opposed to the war could at least pretend that their opinions were fairly represented in the mainstream media. The refusal of the mainstream media to broadcast any views that were even skeptical of the war aims or its chance of success made this impossible. Liberals quickly abandoned the mainstream media in favor of outlets that were willing to report news that did not conform to the beltway consensus: Jon Stewart's Daily Show and the blogosphere.

The UK blogosphere is nowhere near as influential as the US blogosphere despite a party system that is in many ways more conducive. The UK media did not fail in the same way or the same extent as the US media did.

The liberal blogosphere is essentially defined by opposition to the invasion of Iraq. The right wing blogosphere is defined by its opposition to the liberal blogosphere and a Stalinesque repetition of the Whitehouse line, the only deviation from which being the Orwellian view that Napoleon's only failing is his willingness to compromise with his opponents when he should stick fast to his principles.

The outcome of this situation is likely to be profoundly different for the two principal parties. Markos Moulitsas ZĂșniga may have fail led in his attempt to unseat Joe Lieberman but any Democrat who aspires to an office they do not already hold needs his support. Barak Obama may be the darling of the mainstream media but his chance of winning the Democratic Presidential nomination is zero as long as Kos is pointing out that two years as a senator is hardly an impressive record of public service. Kos and the netroots are not only the new kingmakers of the Democratic party they are its future. By the 2016 elections expect blogging to be considered an essential qualification for becoming a Democratic candidate.

The same is definitely not true of the conservative bloggers, few of whom even attempt to establish any position independent of the party line. Their role is to endorse, not influence decisions. They are no more kingmakers or future candidates in the party than Ann Coulter or Rush Limbaugh. The warbloggers emerged from a clique that was convinced that the principle failing of the mainstream media was its unfair reporting of Israel.

This situation might have changed if the conservative blogs had begun to act more like the liberal blogs in the wake of the 2006 midterm defeat. But the Iraq war remains the central issue of US politics and all of the conservative big blogs make clear that they will severely punish any Republican who dares make any suggestion that might threaten the security of Israel as they view it.

Unlike the Democrats, the Republican party has never been considered a 'safe' supporter of Israel. The current Neo-con clique is markedly different in this respect from the first Bush administration when James Baker made his famous observation "F*** the Jews, they don't vote for us anyway". The conservative bloggers are mostly supporters of the Likud approach to Israeli politics who are intent on making sure that the Republican party does not deviate from this position in the future. An examination of the political blogs in the run up to the 2006 midterms is instructive: while the liberal blogs were focused on fundraising, campaigning and organizing the conservative blogs were more concerned by the latest events in Israel.

As a result the warbloggers do not create or facilitate an internal party debate as the liberal bloggers do, their aim is to suppress it and they are likely to continue to do so long after the need for a debate is painfully obvious. Over the past decade the Republican party has campaigned on an anti-gay hate plank. They are entirely capable of campaigning on an anti-Semitic plank if they see advantage in doing so. If they are not going to blame themselves for the Iraq fiasco they have few other choices. Things are likely to become very unpleasant.

Learning from mistakes

One of Jim Collin's key points in Good to Great is the need to learn from mistakes. The Iraq war is demonstrating the wisdom of this advice while providing a long list of mistakes to learn from.

Fiasco lists many of the mistakes that were made and are being made. Chief amongst them the failure to learn from history. Before the invasion I pointed out on a radio call in program that 50,000 civilians had died during the British occupation of Iraq and that an invasion was likely to lead to at least as many dead. So far even the grossly under-reported administration estimate is higher. Independent estimates are consistently above 400,000 and as high as 650,000 if deaths resulting from the damage done to the sanitation infrastructure are included.

The picture painted in Fiasco is of a bunch of ideological zealots convinced of the justness of their cause and the absolute rightness of their political prejudices carelessly ripping up the established order in Iraq but being entirely unable to replace it. This group of alleged conservatives do not appear to have recognized the inconsistency of their core belief that government is bad while establishing what amounts to a command economy.

The Green Zone follies are most familiar to anyone who has read biographies of Stalin or Mao. Both murdered millions but they killed tens of millions through incompetent economic management. Substitute rubber plants and steel mills for hospitals and schools and the rhetoric is depressingly familiar.

A command economy can work but only for limited purposes and for a limited time. The British economy was successfully put on a command basis during World War II. The war could not have been won under the free market but after five years the entire industrial infrastructure was run into the ground.

What seems to be missing in the conservative ideological view is the acceptance that the policies that are most beneficial to a modern industrial economy are not necessarily most beneficial to one attempting to recover from a dictatorship. The economies of Eastern Europe that mamaged the transition from communism most successfully were the ones that ignored the fashionable advice in favor of an immediate transition to a free market and instead took a moderate, pragmatic course.

The vingnettes are telling: a person is put in charge of managing the Iraqi stock market who does not speak Arabic and has no experience in finance. The Iraqis use whiteboards and a manual accounting system to track trades. This is 'obviously' not acceptable to the US administrator so an attempt is made to computerize the system. Management of a major computer project being yet another area where the US appointed expert has no expertise. What Ricks does not mention is that until recently the London and New York Markets both operated in essentially the same way.

What Ricks unfortunately does not provide is a solution to the mess. This is not so much a flaw in the book as a reflection of the lack of options which are in any case dwindling.

Friday, December 29, 2006

Carvewright $1900 for computer controlled carving

The cost of CNC machines is something I have been keeping an eye on. Until recently the cheapest machine that was not a kit cost $10K and was designed for factory use. But all that really provided was a router on an X-Y plotter.

The Carvewright shows what is possible with production engineering. The costly X-Y bed is replaced by what is in effect the guts of a benchtop planer. Sears even sell the machine alongside their planing machines.

With volume production I don't see why a machine like this should not be possible for $1000 or even less.

All of which is likely to have a profound impact on design trends. Since the 1930s design has been dominated by flat surfaces. Plywood and chipboard are the materials of choice for the manufacturers. Extraneous detail has been eliminated.

With cheap CNC machines the cost of adding relief detail is likely to drop to $10 per square foot or less. How about a relief frieze underneath the cornice mouldings? Include pictures of members of the family, change them acording to the season.

Perhaps this is what happens to all those print your photos online operations when people stop feeling the need to mimic 35mm prints.

The immutable law of scripting languages

Why is it that everyone who designs a scripting language appears to believe that it is necessary to eliminate type checking?

Type checking and array bounds checking are two of the most powerful tools in the programmer's arsenal. Using them makes it easier, not harder to write code that works.

At the current time roughly 70% of all coding is done using three languages that are essentially identical in terms of syntax: JavaScript, Java and C#. They are almost but not quite the same and the 'not quite' part leads to endless problems.

Python has many of the features I would want in a programming language (especially indent delimited structures) but it tends to get overlooked as a result of the functional programming features.

All a programming language is is a set of high level abstractions that allow someone to get to grips with a low level machine code. Why can't we get rid of the idea that the coder of an application gets to choose the scripting language that people will use to program in it? Why can't I use python (or for that matter C#) to code extensions for Mozilla with the same ease as the hideous JavaScript?

Thursday, December 14, 2006

Google patent search

Forbes reports that Google has a new patent search engine.

Last time I go to the USPTO site, Google do it right and they don't use a whacked page descrption language so they can still charge you for printable copies.

Try it here

e = 2.71828183

The dotCrime Manifesto is the fourth highest ranked site on Google for the numeric value of PI to 8 decimal places.

Only makes sense to go for the value of e as well.

Just as well I didn't round it off to Web 22/7.

Cell phone spam: 413-499-6605

So far they have called me twice on my cell phone line.

Their physical location is 703 West Housatonic Street, Pittsfield, MA. Here is a satelite image of their HQ.

Reports show that they are using a robodialer that disconnects as soon as someone picks up. This is in breach of FCC requirement to always give the name of the caller. Calling cell phone numbers is another breach. Violating the do not call list a third.

As the phishing gangs start using VOIP phishing we need to have law enforcement teams in polace that can react rapidly to shut down their operations. Taking out robodialers breaching the do-not-call and other regulations would be an excellent means of getting some target practice before the main event begins.

These calls seem to be some sort of 'free' vacation scam. But from here on out every junk calling operation should be treated as if it was a hardcore bank fraud scheme.

Pet peve of the day - robodialers

So Dish Network was meant to upgrade the PVR on Monday. They didn't.

At 4:30 they call to say that they won't make it, they reschedule for Wednesday. Again they are a no-show. This time no call.

Its not as if I need them to run a cable from the dish hookup to the TV. What I do need them for is to provide the multiplexer that allows four tuners to hook up to the three satelite LNBs.

So anyway I call up Dish to ask when they plan to make it here. They have one of those auto-attendant things.

I loathe these automated systems because the only reason I would ever use the telephone rather than the Web is because I have a problem that requires talking to a person.

Worst of all is the way that they require you to type in your account number at the keypad then when you actually get to a represenative they ask you for the number again.

The first time I got through to Dish I am asked what my telephone number is. Since I have seven different telephone numbers I pause for a couple of seconds while I try to remember the middle of the area code. The representative hangs up.

So next time I dial in I am pretty pissed and make no attempt to hide the fact. And so the cost of running these operations goes up because the representatives spend all their day talking to people that the automated systems have made angry.

Wednesday, December 13, 2006

The Holocaust Denier Conference

You have to distinguish between holocaust denial and holocaust doubters. I don't think that Irving and co have the slightest doubt that the holocaust is a historical fact. Claiming the opposite is a tactic, not a belief. Irving only started the holocaust denier schtick after the media reaction to Hitler's war where he disputed the extent of Hitler's personal involvement. His original theory that the holocaust was performed without Hitler's knowledge by subordinates trying to please is not intrinsically anti-semitic, just utterly wrong. His later move to full fledged holocaust denial was clearly motivated by anti-semitism (see earlier).

The conference in Iran is not a sincere attempt to discover the truth, it is a political event staged for the purpose of demonstrating that Ahmadinejad is just possibly nuts enough to attack Israel if provoked.

Ahmadinejad has good reason to expect that the US might try to invade. The Axis of evil speech was tantamount to a declaration of war. Iran would be much harder to defeat but Bush might make the attempt anyway

The real message of the conference was 'attack me and I will attack Israel'. Ahmadinejad has the means to do that and to close the Straits of Hormuz and most of the gulf refineries and ports. Unlike the US or Israeli forces there will be absolutely no doubt as to whether Iran is intentionally targetting civilians, there will not even be the pretence of concealment.

Monday, December 11, 2006

Use of pretexting to access phone records now indisputably illegal

There was very little doubt that pretexting was illegal before the bill passed but the doubt was sufficiently great for people to think it worth a try.

The bill pre-empts state laws which may be tougher. I am not sure whether or not this is a good thing. In general it is not a good idea to have different laws governing communication policy in different parts of the country. On the other hand the emergence of privacy law in the US has tended to start with the states.

The lesson for perpetrators should be that if you build a business based on a ridiculous interpretation of a law that is completely contrary to the original intention you should not expect to stay in business very long. But I doubt that is the lesson they will draw.

EGold Raided

Reports have been circulating on the criminal bulletin boards for some time stating that EGold has been blocking various accounts.

A story in Wired suggests that the reports are true. After a raid on the company offices EGold has dropped the libertarian anarchy 'you can't touch us' pose and is busy co-operating with law enforcement.

EGold is incorporated in Nevis but operates out of offices in Florida. The company has been charged with operating an unlicensed money-transmitting service. According to the article the company is disputing the charge on the technical grounds that they do not accept cash.

People who set up such businesses need to think about how they will be used by criminals. A business founded on a technicality is not going to last very long if it becomes a conduit for organized crime.

Saturday, December 09, 2006

Booting from flash memory

A lot of people have been thinking extensively about trustworthy computing (we already have trusted computers the task is to make them trustworthy). Lots of effort going into signing the BIOS, bootstrap loader and so on.

How about this for an idea: put the core of the O/S image and critical drivers onto a flash drive that can be write protected. These can be bought for $25 or so for a card with more than enough memory.

The limited number of write cycles that flash supports would not be an issue since the media would only be changed infrequently.

The ability to pull the flash drive out of the machine would have other advantages, it would be possible to configure the flash drive offline. This would allow a sysop to configure a machine without having to physically touch it.

Application programs would be run from signed distribution files for Virtual Machines running on the base platform.

THUMP

An MP3 player integrated into sunglasses.

A really cool idea only spoily by the lack of removable media. I will wait for the micro-SD version.

Tuesday, December 05, 2006

Things that don't exist but should

MP3 players are now small enough to fit into a pair of earphones. Why has no company produced a pair of lightweight noise cancelling earphones with a built in MP3 player that takes an SD Card?

Another similar non existent product thats overdue is the MP3 player built into a compact cassette form factor. Many MP3 players come with a 'car kit' with a dummy cassette that you stick into the dash which then drives the magnetic heads on the cassette player with the signal from the headphone socket.

The MP3 player is now much smaller than the cassette. In the ideal system the player would pick up power from a dynamo connected to the motor drive and would also be a satelite radio.

Speaking of which, why is it so hard to find an aftermarket car radio with built in XM Radio support and slots for MP3 media? CDs are now an obsolete technology The changers are bulky and don't hold much music. One would think that it would be easy to buy an MP3 player that was plug compatible with the existing compact disk changer and would allow a decent quantity of music (8GB or so) to be stored.

Last Xmas I bought a device that was an MP3 player that just plugged into the cigarette lighter socket and broadcast by FM radio. It was a nice, simple design. Pity it was made so cheaply and baddly that it broke after less than an hour of use. The design was good the execution hopeless. But I have not yet seen one like it from a name brand.

The point here is that we are moving from the stage in the market where the mere ability to do something matters much less than execution. Products need to be properly engineered as systems and not just as components that the user is expected to connect together and cope.

Forget bluetooth, its a crutch that encourages engineers to still think in the looser mode of components. Think about the system.

Monday, November 27, 2006

Jon Stewart on 'Identity Theft Tuesday'

"Enjoy being you while you can."

Why is there no 'turn off overstrike mode' option

<rant>
Two of the most idiotic and loathesome features of Windows are the capslock key and overstrike mode. Close competitors are the idiotic features whereby Windows ignores the fact that you were selecting only part of a word and force selection of the whole word instead, the fact that cut and paste defaults to keeping the current formatting and the fact that in Word a document that has track changes turned on will always open in the 'view with markup' mode.

I have never found a use for any of these features but turning them off is either not possible or not an option. Although the Insert key can be remapped to have another function this does not seem to guarantee elimination of the loathesome overstrike mode. Same holds for the capslock key. If I remap the key I will end up in a situation where capslock is turned on and I can't turn it off.

These should be user preferences that can be easily and reliably set at the platform level. I keep telling Windows to turn off sticky keys, why do I still get asked about them? I told the machine to turn the option O-F-F. That does not mean ask me again next time I hold the shift key down for five minutes. Its my shift key you stupid machine.

Nanny options like Melinda Gate's talking bloody paperclip should be easy to disable.

The PC keyboard has function keys but for some reason the user has never really been allowed to configure them. I want two keys added to my keyboard. The first would reset the capslock, overstrike and any other modal interaction (did I mention the ultra-idiotic numeric keypad overlay mode on the thinkpad).

The second key would be for control-alt-delete. This is now a regularly used key sequence, hitting it by mistake no longer has a negative consequence (oh yes I remember the handily placed RESET key on the Apple ][). So make it easy to activate.
</rant>

Tuesday, November 21, 2006

Web 3.14159265

There has been so much talk of Web 2.0 and now Web 3.0 that its time to lay claim to the next meme.

O'Riely's definition of Web 2.0 always left mutch to be desired. Curiously the conference agendas seemed to always be filled with the same type of vaccuous venture capital driven bubble-speak as Web 1.0. All buzzwords, no substance.

At the Web Conference in Edinburgh I suggested trumping the Web 2.0 nonsense by adopting the Microsoft Approach: 'Web 2008', 'Web 2010' and so on. Instead they declared the Semantic Web to be Web 3.0.

So what next? As the title of this post suggests I believe that we should adopt the Knuth approach and declare Web 3.1, Web 3.14, Web 3.141 and so on. Not only would this be fun and cliquish it is the only thing I can think of that might succeed in burying this idiotic meme in the popular press.

Blogger Beta sucks

The blog this button no longer works on my Google toolbar.

Come on guys, wouldn't have hurt to make it work right.

Friday, November 17, 2006

Matthew Taylor blames the blogs

It is not surprising to see politicians complaining about the effect of the Internet on their profession. Nobody likes it when technology makes you more accountable.

His specific criticisms are that the Web and in particular blogs fuel "shrill discourse of demands". The article continues:

he said more needed to be done by the web community in general to encourage people to use the internet to "solve problems" rather than simply abuse politicians or make "incommensurate" demands on them.


The blogs certainly do encourage a certain type of dialogue. But so does the mainstream media. Is it really the case that the mainstream media that has reduced all politics to personalities and all policy to focus group tested soundbites are any worse?

Blogging has been possible for over a decade. As some readers know I ran a political web site in 1992, the first politics site on the Web in fact. Back then it was the mainstream politicians who were trying to find ways of getting their message out without having it intermediated 'filtered' by the press.

What blogs are really a reaction to is a combination of the mainstream or 'legacy' media and the strategies politicians have adapted to manage it. The most frequent complaints in the blogosphere are not about personalities or politics but about the blatant manipulation of the legacy media.

The Friday afternoon document drop that comes after the deadlines for the national newspapers is now a staple of every Western country. The Mathew Taylors of the world are upset only because it no longer works as well as it used to. The Friday afternoon drop takes place after the professional reporters have already started writing their stories but just as the amateur blogger logs in after the day job. The information that the legacy media ignores is grist for the prime weekend blogging newscycle.

rather than work out these dilemmas in partnership with their elected leaders, they were encouraged to regard all politicians as corrupt or "mendacious" by the media, which he described as "a conspiracy to maintain the population in a perpetual state of self-righteous rage".


Again this seems to me to be much more true of the legacy media than the blogs. The blogs are partisan and many blogs make a full time profession out of muckraking but they are considerably more focused in their criticisms than the legacy media.

It is true that the legacy media has paid considerably less attention to the Abramoff and Cunningham scandals in the US than the blogosphere. The blogosphere on the other hand has paid much less attention to Hillary Clinton's haircuts and Al Gore's choice of suit. Five years ago these were the leading stories in the legacy media for several news cycles. Meanwhile the question of whether it was possible to increase spending and cut taxes without busting a huge hole in the budget was ignored.

The blogs are having a profound effect but that effect is being felt directly by the legacy media rather than the politicians. The effect on the politicians is indirect, they have to unlearn the habbit of using soundbites and start actually discussing policies.

Contrary to what Mathew Taylor believes the people are not behaving like irresponsible teenagers, it is the politicians like him who have been treating them as such for the past twenty years and that is why they are so angry.

UK Passport security. Oh dear oh dear oh dear

Fatally, however, the ICAO suggested that the key needed to access the data on the chips should be comprised of, in the following order, the passport number, the holder's date of birth and the passport expiry date, all of which are contained on the printed page of the passport on a "machine readable zone."

[The Guardian]

Tuesday, November 14, 2006

New Twist on the Money Mover Scam

I just got this in email.


Dear Sir/Ma'am,

Calvary greetings to you in the name of our lord!Kindly
note that wehave some of our missionaries travelling to different
destinationsaround the world on mission team.Arrangement have been made in
regardsto payment as we have a lot of our sponsors in USA,UK,Japan,Austrailia
etc.

It would be our pleasure to know if you could assist in theevangelical
work by arranging their flight tickets booking.We shall besending you payment
from sponsors immediatelly you confirm theirflight tickets arrangement.
Should you require to get back to me urgently,do not hesitate to do soby
contacting me via E-mail,Phone or Fax.

May God bless you!
Paul
Schuette.


The tickets are almost certainly bought using stolen credit cards. Presumably they have some means of reselling the tickets or claiming a refund.

Sunday, November 12, 2006

Its the oversight, not the supoenas

Lots of silly articles are being written predicting a showdown between Congress and the administration over subpoena power.

The point being missed here is that the ability to hold the hearings and set their agenda is what is important. The administration can stonewall attempts to subpoena the administration, they cannot block subpoenas againt third parties.

If you want to find out how mant times Jack Abramoff visited the Whitehouse you subpoena him, not the Whiehouse. You subpoena the Whitehouse to prove that they have something to hide.

The point of oversight is to lay the groundwork before questioning the guilty. The only reason you need them at hearings at all is to demonstrate that you gave them an opportunity to give their side of the issue. The hope is that they have nothing to say.

Web 3.0

Looks like O'Rielly's attempt to define the next generation of the Web has been beaten. Web 2.0 meet Web 3.0.

How long before others take my suggestion to use the year? Web '08, Web'09 and so on.

Interesting article by the way.

Senate Midterms, scandal, not politics

Much is being made of the role of policy and the Iraq war in the Democratic takeover of the House and Senate. This seems to me to be misplaced.

Only two of the Senate losses can be attributed to policy issues: Santorum and Chafee. The voters were voting against GOP control of the Senate, not Chafee. The voters in Pensylvania realized that Santorum was exactly the type of Republican politician that disgusted them most.

The other four fell because of self inflicted wounds. Looking straight into a video camera held by an Indian and directing a racist insult at the as Allen did in Virginia is simply incomprehensible. Burns and DeWine were both felled by corruption, Burns because he is likely to face prosecution over his role in the Abramoff scandal, DeWine because the entire state party was embroiled in the Noe scandal.

It appears to me that the only race lost due to a bad campaign decision was Talent's loss to McCaskill where the Talent campaign mishandled the stem cell research issue. Michael J. Fox's campaign video was personal and powerful. When Rush Limbaugh attacked Fox as a faker the Talent campaign should have disowned him immediately. Instead they were silent and were (correctly) interpreted as endorsing Limbaugh's mean spirited attack.

Health service IT boss 'failed computer studies'

The GBP 12 billion ($20 billion) project is behind schedule and headed for the traditional HMG fiasco.

Saturday, November 11, 2006

Midterm postmortems - Republicans

Hekuva job Karl.

Republicans are quick to rally round Karl Rove asserting that its not his fault that the Republicans lost the midterm elections.

Not so fast.

I agree that Rove is one of the finest political tactitians in US history but he isn't a good strategist and certainly isn't a genius. Exit polls indicate that the biggest issues for voters were corruption, Iraq and incompetence. Although both were outside Rove's direct control his influence was critical.

Rewind to the first 12 months of the Bush Presidency. After running as 'a uniter not a divider' Bush swung sharply to the right before the election results were counted. From the start Rove put 'the base' first. Any hope of bipartisanship evaporated as Rove attacked with a series of wedge issues beginning with abortion and gay marriage and ending with the biggest wedge issue of all - the Iraq war.

If Rove had been a political genius he would have realized that Bush could have eclipsed Reagan if he had chosen to act just slightly differently in the wake of 9/11. The entire country was behind him and wanted him to suceed. Instead of reaching out to the middle Bush sucker punched them.

Rove was not in control of every part of the Bush strategy but he was most certainly the author of the Terri Schaivo fiasco. Intended as a cheap means of ingratiating the party with the conservative right the Schiavo affair reaked of political opportunism so baddly that even the base was offended. Later when the Katrina fiasco unfolded numerous comentators noticed how Bush had rushed back to the Whitehouse from his Crawford ranch to sign the bill but didn't find Katrina as important.

If Rove had been halfway competent, let alone a genius he would have had the President on show before the storm hit. Rove was also on holiday when Katrina hit but what sort of genius does not have a halfway competent deputy to mind the store and call him in when there is a major problem?

Rove's personal involvement with Abramoff was not discussed widely enough to have been a cause of the defeat. Rove does however share responsibility for the failure to police the Congress and ensure that political liabilities were removed. In particular Rove was responsible for pressuring Mark Foley to stand for another term despite the fact that his page problem was already known to Hastert. A halfway competent strategist would have known what Hastert knew.

Rove also bears an indirect responsibility for the culture of corruption. Rove was so good at the tactics that the party had become complacent. Ted Stevens would never had his bridges to nowhere approved if the party had seriously considered the possibility of defeat. The party approved them because they thought that they could get away with it. The insistence on controlling every news cycle set the party up for failure as soon as the news cycle refused to be controlled.

Midterm postmortems - Democrats

Success has a thousand fathers but defeat is an orphan.

One might think that after the most successful midterm elections in over thirty years that most Democrats would be applauding the '50 states' strategy of Howard Dean. Not so, James Carville is attacking Dean claiming that the party could have won another 10 to 15 seats by targetting the resources.

Dean supporters counter that if the party had followed its usual strategy it would have only backed 18 seats and almost certainly fallen short of the 15 necessary to win. This argument has a lot going for it, particularly as it is far from clear that the Democrats would have suceeded in picking up 8 GOP seats hit by scandal without the ground-work laid under the 50-state strategy.

The more important argument is that Dean and Carville were trying to achieve very different things. When Dean became chair two years ago very few people expected the Democrats to take the House or the Senate in 2006. Dean's strategy was designed to start building infrastructure that would support the party in the years beyond. As the political mood of the country changed and Democrats realized that there was an opportunity the argument was made for a tactical shift to the 'battleground states'.

This conflict between strategy and tactics is not new. Nor is it necessary for one to exclude the other. US politics has long been oversaturated with cash. It is not clear that Allen could have beaten Webb or Burns have beaten Tester by spending another million dollars.

Nor is the system a static one as Carville implies. Strategy is dialectic, if the Democrats had adopted different tactics the Republicans would have responded. Attacking the Republicans in 50 states reduced the amount of money flowing from 'safe' seats to the battleground states. The amount spent on the 50 states strategy was small compared to the amount of Republican cash that was pinned down.

The Democrats might have gained more seats in 2006 with a different allocation of resources. But like betting on roulette it is easy to see how you might have done better after the fact. If the 18 seats strategy promited by most of the party had been followed the Democrats would have won fewer seats. It is hard to see how 40 seats could have been won when nobody argued for that strategy.

Which does the party need more: another 10 seats in the House it already controls by a 15 seat margin or a nationwide party infrastructure capable of taking the Republicans on in any state of the nation?

Until Dean the Democrats had no party organization whatsoever in Alaska. Even today the staff is small. Ted Stevens, the incumbent Senator up for election in 2008 is facing a major corruption investigation. The offices of his son were raided recently after which the son decided not to stand again. Stevens is also a target for Republican criticism, his bridges to nowhere costing $315 million and $1.5 billion are widely considered to be a major cause of the loss of the Senate. If Stevens is replaced by a Democrat in 2008 the 50 state strategy will be the reason.

Why are wireless telephone handsets so useless?

I am now on my second wireless telephone system. The first, a Siemens gigaset died within 18 months due to the poor quality of the components used despite costing almost $2,000. After the third $300 basestation died it was time to write off the nine proprietary and system specific handsets at over $100 each.

The other problem with the Siemens was that visitors found the system unintuitive and had to be shown how to use it. So even though I found no difficulty using it the system was a constant source of aggravation.

The second system, an AT&T badged Uniden system was a lot cheaper but offers fewer features. It only supports one line so I have to have a separate basestation and handsets for the office line. The basestations only support 6 phones each. Again the handsets are proprietary and specific to one basestation.

My rule is that a phone should always be where you are likely to need it. 12 handsets may sound a lot but it isn't really. Each member of the family needs one in their bedroom - thats 4 plus one for the guest bedroom, two for the offices, one for the kitchen, living room, hot tub and workshop. Another will be needed if we get round to building a garage. My house is a bit larger than most but there is no real reason why there should be any limit on the number of handsets. If I was designing the system I would design it to support at least 64. Another related problem is that the wireless signal is not really strong enough to cover the whole house. This is not unusual and there should be provision for repeater stations.

The AT&T and Siemens systems both have half-baked directory support. Both systems assume that you will want to have different directories on every handset. On the AT&T you have to program each number into each handset separately. This is very tedious with 6 handsets. so as a result people wander round the house to find the 'right' handset to call a person. The Siemens had a scheme for copying the directory between phones but this was also half-baked. To copy the directory you had to enter the command on every phone separately.

Both systems are poor when it comes to handling area codes. Using the redial feature on the AT&T always fails unless you remember to press the right sequence of buttons to select the correct area code. This can and therefore should be done automatically.

Another irritating feature of both systems is the lack of features to control which handset rings when. I don't want the phone to ring at all in the bedroom at night. There are some callers whose calls I want to go straight to voicemail and some that I just want to hear a fast busy.

The reason for the lack of usability in these systems is that they are all limited by the user interface of the handset. Typing in callers using a keypad is a pain. The phone system should have a network interface and allow remote management via the Web.

My ideal home wireless telephone system would be WiFi based. Both the phone lines and the fax line are VOIP. More important than the technology though would be the feature set:

  • Use standards based non-proprietary protocols.
  • Support a minimum of 16 handsets, preferably more.
  • Support a minimum of 4 repeater stations.
  • Cost less than $200 per basestation, $50 per handset.
  • Support at least two lines.
  • All management operations accessible through Web interface.
  • Directory entries automatically replicated to every handset.
  • Operation of the handset to follow familiar use model.
  • Central reporting of battery status
  • Support all existing features (speakerphone, headset jack.

Lithium ion batteries would be a welcome but non-essential addition.

I don't think that it would have taken very much thought to realize the need for any of these features. Why does it take the manufacturers so long to understand?

Friday, November 10, 2006

National Donut Day

today is national donut day and the Marine Corps birthday. This is not a coincidence as this article inDefenseLINK News explains.

Wednesday, November 08, 2006

Wednesday Shipping Container Blogging


Dvorak has an interesting article on turning shipping containers into housing.

Its a neat idea. Main problem would be the limited width. 8 ft wide rooms are not easy to use.

Better idea might be to use them as structural elements within a more conventional building. As a foundation, framing or to provide tunnels or ariel walkways.

Sunday, November 05, 2006

Idiotic Prediction of the Day

[Houston Chronicle]: "Daisy Waugh, columnist for The Times of London, wrote: 'Never again will an aging multimillionaire take a beautiful young bride with an unsubstantiated history and be arrogant enough to imagine that she's not interested in his money,' she wrote."

Saturday, November 04, 2006

NeoCon III

Further reading of the NeoCons attempts to relaunch themselves shows that they may have more in mind than getting an early start in the post-election recriminations of the Republican party. In addition to re-affirming their commitment to 'stay the course' the NeoCons want to invade Iran as well.

One of the most infuriating features of the NeoCon cabal is their attempt to claim that the future is inherently unpredictable and so there is no reason to suppose that their wishful thinking might be entirely wrong. The invasion of Iraq 'might' have been a cakewalk, but most serious analysts predicted that the occupation following the invasion would be very grim.

So now that they are planning to attack Iran seems a good time to point out the likely outcomes.

  • The utterly implausible outcome is the one where the Mullahs simply fold like a cheap umbrella after a few weeks bombardment. The regime has already lost a million martyrs in the Iran-Iraq war. Expecting the mullahs to care much over a body count of less than a hundred thousand is only possible if you are profoundly ignorant of the nature of the regime. The mullahs appear to believe that the US will invade sooner or later unless they build an effective nuclear deterrent. How is an attack meant to dissuade them?

  • Equally implausible is the idea that the US somehow manages to find men and materiel to launch a ground invasion that results in the same rapid initial success seen in Iraq. The US military is fully committed already, there are no troops left in reserve to launch a successful ground invasion of a country with three times the population of Iraq and a considerably better equipped military.

    The best outcome then is that Iran simply ignores the attack and continues as if it never happened without attempting to retaliate, in other words the best outcome that can be reasonably expected is that the US position is no worse after the attack.

    It is rather unlikely that Iran will not retaliate. They have three possible avenues to do this. The first is to use their proxies in Lebanon to attack Israel. Iran demonstrated its willingness to do this three months ago when it allowed its proxy Hezbollah to escalate tensions by kidnapping an Israeli soldier. The second avenue is to use their proxies in Iraq to attack the US directly. The third avenue is to go for the West's jugular and shut down transport of oil through the Straits of Hormuz.

    My guess is that the Iranians would go for the second and third option. The second being not so much an option as a more or less inevitable result, if the US attacks Shi'ias in Iran the Shi'ia militias in Iraq are going to find it much easier to recruit causing the Iraqi civil war to escalate further.

    Even if Iran was a fourth rank military power it would have no difficulty in blockading the gulf. Supertankers are the slowest ships imaginable, their cost is stupendous. The insurers are risk averse. Iran was only persuaded to suspend attacks on tankers during the 1987-88 tanker war because it could not afford the risk that the US would assist Iraq in the Iran-Iraq war. The cease-fire was signed months later.

    Today Iran has what it did not twenty years ago - surface to sea missiles allowing it to effectively control the straits without the need for surface boats.

  • David Frum

    I already blogged the Vanity Fair Piece. Kevin Drum notes a comment by David Frum that I had also thought particularly noteworthy but for different reasons. [The Washington Monthly]

    "I always believed as a speechwriter that if you could persuade the president to commit himself to certain words, he would feel himself committed to the ideas that underlay those words. And the big shock to me has been that although the president said the words, he just did not absorb the ideas. And that is the root of, maybe, everything."


    Drum's take is 'so what did you expect with this president'. Having written speeches for others my take is 'since when was policy decided by speechwriters?'.

    The role of a speechwriter is to communicate policy, not to make it. If a speechwriter for Kennedy or Clinton had attempted to 'persuade the president to commit himself to certain words' they would have been shown the door very quickly.

    The risk is that policy will be decided by which course of action allows for the greatest rhetorical flourish. As a speechwriter Frum was responsible for the phrase 'Axis of Evil', probably the single most disastrous phrase used by any US President. Effectively a declaration of war against three countries at once the phrase Axis of Evil ensured that Iran and North Korea would ensure that they acquired nuclear weapons at sany cost.

    NeoCons - Blame Bush for taking our advice

    After railroading the administration and the country into a war that has conspicuously failed to meet its objectives the architects of the fiasco have found someone to blame - the President. [vanityfair.com]

    They don't accept any blame themselves of course: they haven't stopped offering advice and they refuse to admit that plenty of policy specialists had predicted the outcome of the war in advance. The President was at fault for failing to execute their plan correctly. The plan was undermined by opponents within the administration. Socialism did not fail, it has never been tried.

    The NeoCons no longer matter. It is clear from the article that this administration no longer listens to them. Even if a future president were to accept their world view the country will not. Instead of remaking the Middle East to suit the interests of Israel and the West they have reshaped the region to suit the interests of Iran and the Mullahs.

    Friday, November 03, 2006

    You need a lie detector for what?

    The Denver Post reports that the gay male prostitute at the center of the Haggard allegations failled a lie detector test.

    You need a machine to tell you that he might be lying? Seriously.

    In fact all the 'lie detector' is alleged to do is to detect stress. The test was taken at 5am in the morning and the subject has been followed around by the press for the past 24 hours so finding stress is not suprising.

    Besides which alleged lie detectors are no better than Witch smelling devices. The guild of polygraph operators has standing instructions on its members to refuse to be involved with any scientific testing.

    Update: Haggard admits buying crystal meth, denies using it, having sex with the prostitute. But his voice is on the prostitute's answering machine discussing $100/$200 buys of meth. So while there are points of disagreement the polygraph result appears to be definitively busted.

    Thursday, November 02, 2006

    When customer preference detection goes wrong


    I recently attempted to find out if Bronowski's The Ascent of Man has been reissued in DVD form yet. Unfortunately it appears not, at least not in the USA as yet althought Keneth Clark's equally excellent Civilization is available.



    After viewing Civilization and the Ascent of Man Amazons comparison shopping algorithm gets a brainwave. I might want other books with the word 'civilization' in their title.

    The crossover appeal is rather interesting and not what you might expect. 9% of the people who look at the history of porn by Kenneth Clarke's series instead but the number of customers going the other way is too small to register. The history of porn is #5,000 or so, Clarke is at #1000 despite costing twice as much.

    WaPo: Seafood Population Depleted by 2048, Study Finds

    The idea we might run out of fish is completely believable and demonstrates the critical problem with fisheries politics. Every year stocks dwindle. Every year scientists call for massive cuts in quotas. Every year quotas are cut by an amount that is insufficient to halt the decline.

    Jarred Diamond explains a similar set of political processes in his book Collapse. This should be required reading for all politicians. The point is that civilizations can and do collapse and the reasons for this occurring are very much the same reasons that stop our politicians getting to grips with issues like exhaustion of the fisheries.

    The action of the politicians is not just shortsighted from an environmental point of view, it is dooming the fishing industry to extinction as well. No fish, no fishing. If the industry had accepted the cuts proposed in the 1950s quotas would be an order of magnitude larger than they are today. Instead the fishermen fight every quota cut tooth and nail.

    Wednesday, November 01, 2006

    Sun's Project Blackbox -- datacenter in a container - Engadget

    So now we find out why so many geeks seem to have suddenly taken an interest in shipping containers. Sun's Project Blackbox -- datacenter in a container - Engadget

    The data center in a container concept is the next logical step in containerization: containerized manufacture. Build the equipment into the container, on arrival plug it into whatever inputs and outputs it requires. If the machinery malfunctions swap it out for a working unit, return the defective one to base for repair.

    Information fits perfectly into this scheme as the inputs and outputs are bits, not atoms. Bury the container underground and it becomes very hard to steal.

    Tuesday, October 31, 2006

    Disruptive change in military technology?

    A few days ago I responded to Max Boot on military supremacy. He arrives at the right result for the wrong reason. Changes in military supremacy are almost without exception the result of economic forces rather than technology alone. If you don't have the economy you can't afford the technology either.

    There is perhaps an exclusion to the rule and possibly even a combination of two current technological trends that may combine to create a blind spot for the US military machine. The politics of US military appropriations may be such that these create the equivalent of a 'disruptive change'.

    The first trend is the use of unmanned weapons. Remote controlled drones are no longer limited to reconnaisance, armed with missiles they become a potent force.

    Although the US is well positioned at the forefront of the development of robotic warriors it is much less well placed to deal with one of the consequences - automation and mass-mass production. The US is very good at producing relatively small numbers of exceptionally high technology military equipment. It is much less well suited to producing vast numbers of servicable arms. If the AK-47 Kalashnikov rifle had pushed the limits of manufacturing in 1949 it would not have been possible to built 100 million.

    The politics of US military procurement ensure that when a contract is awarded for a weapon it will be awarded on the most favorable political terms. This generally means securing jobs in the districts of the politicians with the sharpest elbows and the most generous campaign contributors. Procurement rules intended to secure the lowest possible cost frequently end up inflating costs dramatically.

    While there is little doubt that the US will be the first country to have a supersonic drone capable of intelligent independent action this may prove to be the wrong approach. It is likely that the more potent force will be to have a hundred thousand or a million slower, less intelligent, less powerful but expendable drones.

    China has factories that can stamp out DVD players for $10 a time. When they start stamping out robot warriors by the million instead who will be the superpower then?

    Max Boot on military supremacy

    Max Boot muses on The Race for Military Dominance. As Eric Rescorla has pointed out he is mistaken in the examples he uses to assert that the key developments in computing came from individuals not working for the government. But this does not negate his main point that military supremacy tends to be an ephemeral condition.

    The larger flaw in his argument appears to be his insistence on technology as the driving force rather than economics. The British Navy did not lose its dominance due to a failure to grasp the military importance of the Air Craft carrier. On the contrary the British Navy developed the concept as aggressively as any other world power. Britain lost its number one status in naval power because the British economy could not possibly continue to support it after the loss of the Empire which in the aftermath of World War II no amount of military force could possibly have prevented.

    Choosing the Spanish Armarda as an example of a weak force defeating a strong one is strange to say the least. The Armada pretty much defeated itself the British Navy did little more than assist them. The Spanish invasion was based on a hopeless plan that depended on coordinating the action of two forces more closely that the communications technology of the day permitted.

    The whole point of military supremacy is or at least ought to be not to have the need to put it to the test. It does not much matter if you are not the world superpower as long as everyone assumes that you are. Nor does possessing a greater strength than your opponents imagine help much in matters of defense.

    A reasonable conclusion to draw from the US experience in Iraq is that it is no longer feasable for any nation to occupy another country with more than about five million inhabitants for any extended period of time. This is only a depressing conclusion if your military objective is not primarily defensive.

    As to the grander thesis Boot advances; it is most unlikely that the US will remain the sole superpower but not because of technology or even economics but because of politics. In addition to smashing up the US military machines the neo-cons have unfortunately given other powers the incentive to compete. The economies of China and India will inevitably overtake the US economy in the very next couple of decades. The doctrine of pre-emptive war means that they must insist on being global powers.

    The US government is certainly spending enough to expect to remain at the forefront of military technology but this may not guarantee success, an issue I will return to tommorow.

    Push polling

    John Dickerson finds Republican push polling efforts to be 'lame'

    There have been many reports of push polling efforts so clumsy that one really does wonder who is behind them. If it is the GOP then they are really off their game. If the Democrats are using the polls to fire up their base they have suddenly found an extra helping of devious.

    I don't think it at all likely that Democrats will turn out to be behind them but the very fact that the question can be asked shows how bad they are. The whole point of a push poll is to present partisan attacks as authoritative facts. Voters are unlikely to be fooled when they are asked about an opponents purported support for terrorists, pedophiles and rapists.

    What seems to be going on here is that campaign finance reform is having an effect. Independent groups are not allowed to coordinate with the candidate's campaign. So when an independent smear operation goes off the rails there is no way to (legally) pull it back.

    On the other hand Ken Blackwell, the bizzare Ohio candidate for Governor did accuse his opponent of supporting NAMBLA in person in a debate so maybe the push polls reflect the way that the GOP actually thinks about politics.

    YouTube - The Chaser's War on Everything - Terrorism

    Another Chasers episode that needs to be labelled 'don't try this at home'.

    Monday, October 30, 2006

    Slashdot | Venezuelan Interest In U.S. Voting Software

    According to reports a Venezuelan company controls a leading provider of U.S. voting software [Slashdot]

    While I very much doubt that electoral fraud is actually taking place this last news should surely cause concern. The idea that a corporation such as Diebold could hatch a plot to rig an election in their own country is not very credible. Corporations might have the technical capability to do such a thing but not the political will to act in concert without anyone reporting the activity to Law Enforcement.

    The situation changes significantly when the proposition is to rig the election in a different country and changes entirely when the operation is being run by a government. The idea that a US company might have helped to rig the Nicaraguan elections during the Sandinista period is not at all far fetched. Given a reasonable chance of success the CIA would certainly have run such an opporation if the opportunity existed.

    It is not at all farfetched to imagine that Chavez would attempt to rig a US election, any such attempt would be made through a front company and look very much like the current situation.

    There are two ways to go about a remedy. The first is to try to regulate who is allowed to manufacture election machines for use in the US so that foreign ownership is prevented. In addition to being futile and expensive this would further fuel suspicions that there was a domestic attempt at ballot rigging.

    By far the best solution would be to adopt a technology that is not as hopelessly insecure. In the UK we use a thing called a ballot paper and a pencil...

    Friday, October 27, 2006

    The Great Risk Management Debate

    Arthur at Emergent Chaos joins in the argument Mark Rothman and Alex Hutton have been having on Risk Management.

    As often happens trying to follow arguments on the blogosphere trying to work out who is arguing what is a bit like trying to find a bug in a large piece of code by looking at just the diff files.

    I agree that Risk Management is a management task and needs to be separated from the task of managing devices. What I object to though is the assumption that management of a device is necessarily the task of a person.

    Already the principle of Managed Security Services (MSS) is established as the way to run network security in medium to large sized enterprises. The risk manager sets the policy by considering the various business risks concerning the network. The policy is then enforced at the device level by the MSS team using a combination of manual and automated techniques.

    The risk manager is thus interacting with their network at a much higher level of abstraction than Cheswick and Bellovin were working at two decades ago when they were chasing Berfd.

    Another way to look at it is that Risk Management is not the same as Threat Control. Threat control is an objective process: we have a list of threats that are to be excluded, we apply controls to eliminate those threats (as far as is practicable). We can outsource Threat Control because it is objective.

    Risk Management requires us to decide which threats are to be controlled and which are to be allowed. This is inevitably a subjective process because it involves the estimation of three sets of unknowable quantities, the value of the assets to be protected, the probability of loss, the cost of applying controls.

    I don't see Alex, Mark or Arthur actually disagreeing on the principles here, I think that the reason they are engaged in their semantics debate is that they have one term and two distinct meanings.

    Wednesday, October 25, 2006

    Quebec turns against electronic voting

    A report by the Chief Electoral Officer of Québec slams the electronic voting systems used in the Municipal Elections of November 2005 (via slashdot).

    Concern over voting systems tends to be highest amongst those who have lost an election. Concern over electronic voting in the US has to date been almost exclusively the concern of Democrats. The opinion polls suggest that this is likely to change next month.

    One of the main problems with the schemes is that the designers apparently fail to understand that the purpose of an election is to permit the peaceful transfer of power by convincing the losers that they have lost.

    The principle concerns are auditability and transparency of the election. Except in a police state secrecy is a very low priority. It is very difficult to bribe or intimidate sufficiently large numbers of voters to swing an election without the activity attracting attention.

    Despite the vast sums held on election gadgetry the US electoral system is spectacularly ad-hoc and ramshackle. There is no consistency from county to county let alone state to state. In statewide elections different voting machines with different failure rates are often used in different parts of the state. This should be utterly unacceptable and prohibited by federal law.

    In the UK we do things differently. We use a paper and a pencil. The voter places a mark next to the name of the candidate they are voting for. After the close of polls the votes are counted by bank tellers. The process is understood by all the participants including voters, polling clerks and tellers. The standards for scruitineering are well established by a century of case law.

    The UK system only appears to be more labour intensive because the time taken to count the votes is a clearly identifiable cost. The labour costs in the US system are largely hidden. The polling clerks must be trained in the use of the machines, the machines must be tested before and after each election.

    If elections were held every week the cost benefits of electronic voting would be clear. When elections are held twice a year in alternate years it is impossible to recoup the startup costs.

    Monday, October 23, 2006

    Patents again

    IBM is suing Amazon over some patents it owns [AP]

    What caught my eye was this line: "IBM is the world's leading patent holder, spending $6 billion a year in research and development and earning about $1 billion a year in royalties."

    In other words even IBM with the worlds largest patent portfolio makes only a modest sum from each patent and does not recover its R&D costs from patent licensing alone.

    Sunday, October 22, 2006

    More from the Chasers

    Hmm, what do you think happens when a person tries to film a bridge or a nuclear power station? Does it matter how they dress?

    Cow makeovers stop taxi crime, for a while

    A taxi driver from Chile has his taxis decked out in a black and white cow motif. The idea being that the cabs are so garish and distinctive nobody will want to steal them. The scheme appears to be working, but like most schemes of this kind there is a catch, if everyone was to copy this strategy interior decor in synthetic cow hide would no longer be unusual and the deterrence value would be lost. [Video BBC News]

    This is the reason why 'it works for me' does not mean that a scheme is going to be generally applicable as a plan to foil phishing or spam or other Internet crime issue of the day.

    Thursday, October 19, 2006

    Move showing dangers of Trojan Horse



    [via Emergent Chaos]

    Wednesday, October 18, 2006

    Your tax dollars at work

    This video shows British mercenaries in Iraq shooting at the local population for sport.

    The video was posted to a site www.aegisiraq.co.uk purporting to be run by employees of the company. The company has denied responsibility and the domain name now points to the Aegis corporate Web site.

    Saturday, October 07, 2006

    Micro-Economics is to Macro-Economics as Quantum Physics is to ...

    A recurring trope in politics is explaining the national economy as if it was a household budget. Magaret Thatcher was particularly good at this, her hustings schtick was to give presentations on the economy in gorcery stores.

    Some (but not all) of the points Thatcher raised were valid. Deficit spending was one of the causes of the inflation of the 1970s and inflation was one of the causes of the recession.

    But the comparisons can be misleading. National deficits have bad effects, household deficits have bad effects but the causes and effects are very different. There are even (rare) situations when a national economy should be spending more than it takes in. The inflation of the 1970s was caused by the money supply being too loose. The depression of the 1930s was caused by the money supply being too tight.

    Economics works rather differently at the large and the small scale. This is very much like Quantum mechanics and Newtonian physics. In aggregate particles behave according to familiar laws. But something very different is happening at the level of the individual particles. As Feynman remarked, if you don't find Quantum mechanics wierd then you don't understand it. Particles are not particles at all, rather they are a random wave sort of affair with infinite extent that only interacts with other particles as discrete events.

    The main difference between physics and economics is that in physics we are familiar with the problem in aggregate and must struggle to deduce the individual case, in economics the reverse is true.

    In the 1930s Keynes invented the modern science of economics by applying the engineering science of control theory. While a large part of modern economics is complete bunk (not least their insufferable habit of turning simplifying assumptions into immutable laws) they do seem to have a better understanding of how the small scale effects lead to the large scale results. Collaboration across that divide could be mutually beneficial.

    Tuesday, October 03, 2006

    Firefox exploit hoax...

    The widely reported 'zero day attack' on Firefox has been reported as a hoax (WaPost)

    I am not at all suprised, people who report bugs to the media rather than to the software providers are suspect in my opinion. The days of 'full disclosure' should be behind us. It is not necessary to tell the bad guys how to exploit a vulnerability to get it fixed. Limited disclosure where the vulnerability is disclosed to major customers of the vendor is just as effective in putting pressure on the vendor to issue a patch but avoids making it easy for a hacker to turn the vulnerability into an exploit.

    Some people are already reading into the debunking of this particular attack confirmation of their prejudice that open source code is automatically safe. Unfortunately the mere fact of publishing 4 Mb of source code does little to make it safe. Only expert review improves the security of code and that is rather harder to achieve.

    The relative resilience of Mozilla owes rather less to being open source than it does to the software architecture. In particular the use of safety checked string handling routines rather than the notoriously buggy and buffer-overun prone UNIX string handling routines. C# and Java represent a further step forward, managed code makes it even easier to avoid buffer overuns.

    But even the most resilient code will do little to eliminate the biggest security problem in the system - the user. We still need to solve the problem of designing security interfaces people can use.

    Patchguard

    Symantec and McAfee have been griping about patchguard again. But all patchguard does is to protect the kernel against modification, anti-virus products are still supported and there is an entire filtering infrastructure provided that allows anti-virus to work without hooking the kernel. Robert McLaws does an excellent job of separating fact and fiction here.

    I don't run AV on my personal machines. I find that the machines become markedly less stable and considerably slower with the AV installed. The major reason for that is that the AV programmers are hooking the kernel to implement their systems. The people doing this don't have the kernel sources, they only have a limited understanding of the kernel architecture.

    McLaws points out that there is a fully documented filtering API in Vista and that the Microsoft products run on top of the filtering API. Not only is this more efficient, it is less likely to lead to system problems as unknown third party code interacts with the kernel.

    It appears that the real reason that McAfee and Symantec are complaining here is that Microsoft has made it too easy for competitors to implement AV in Vista. Meanwhile they will be forced to rewrite their AV engine to work on the new platform which will cost them money.

    There is a history here that the McAfee and Symantec management should remember. Long ago in the distant past there were two companies that were king of the word processor and spreadsheet software markets. The reason that Lotus and WordPerfect lost their market clout was their failure to support the new Windows platform when it was released. Instead management sat twiddling their thumbs waiting to see whether OS/2 or Windows would be the eventual winner.

    IBM and Microsoft both spent considerable time and effort trying to persuade Lotus, WordPerfect to support their platform and both were rebuffed. One of the (many) reasons that Microsoft won was that they were able to provide a decent Word processor for Windows by porting the product they had previously written for Macintosh.

    McAfee and Symantec are in a very similar position. They have a cash cow that dumps a huge amount of cash into their corporate coffers each year. Doing the job right on Vista would cost a tiny fraction of that revenue.

    Saturday, September 30, 2006

    Time on 'today's brand of personal politics'

    Time puts the resignation of Foley down to 'today's brand of personal politics'.

    Leaving aside the fact that Foley resigned hours before the news broke leaving no time for personal attacks, when was there ever a time when his actions might have been excused?

    Even if Foley had not campaigned against the very type of behavior he was found guilty of soliciting sex from an underage subordinate would mean an instant end to a political career even if the politician was straight.

    The only real difference here is the technology. In earlier days the solicitations would be made by telephone or in person. Email is a problematic medium combining spontaneity, intimacy and permanence.

    Email makes frequent appearances in the Abramoff saga, Better not put this stuff in writing. I have seen intercepts in cases where the conspirators ask 'do you think they might be reading this'.

    If email was merely making it easier to catch wrongdoers there would be no problem. But it seems likely to me that the characteristics of email that help get the criminals caught is encouraging the criminal behavior.

    Friday, September 29, 2006

    Walmart and hubris

    Variety reports on WalMart's demand that Apple share a part of the download pie.

    Conventional wisdom is that no manufacturer can afford to ignore WalMart. After all who can say no to 20% of their sales revenue? Actually many well run companies can and do, particularly when they are selling bits rather than atoms.

    A maker of baked beans or breakfast cereal has fixed capital costs. The sudden loss of 20% of their revenues goes straight to the bottom line.

    The same is sometimes true of digital content. A shopper who does not pick up Pirates of the Caribean next to the till at WalMart may not buy it at all. But the convenience of buying at WalMart cannot possibly compare to the convenience of having the film available for viewing whenever and wherever the consumer decides they might want to watch it.

    If Disney Studios was owned by a baked bean company it might make sense for them to capitulate to WalMart's demands. As Disney Studios is part of a much larger and diverse media empire, building its place in the next generation distribution channel is much more important for the company than short term profits on the small number of blockbusters that WalMart deigns to sell.

    Thursday, September 28, 2006

    Coming Zune

    Take a look at the Coming Zune site.

    Nice animation. But with IBM and Dell currently recalling laptop batteries containing Sony cells that are at risk of spontaneous combustion I would have nixed the phoenix motif regardless of what it cost.

    Tuesday, September 26, 2006

    The NIE Report

    The National Inteligence Estimate describing the current state of AlQaeda has been released. While most attention is likely to be focused on partisan interpretations of the document the document makes some other important points.

    In particular Al Zawahiri, the former head of the Egyptian group called Islamic Jihad is considered to be at least as great a threat as Bin Laden himself. In particular the report suggests that if Bin Laden were eliminated and Al Zawahiri became sole leader he could make a broader appeal to muslims than the narrow sect Bin Laden belongs to and thus pose a much greater threat.

    Monday, September 25, 2006

    Nude sunbather on Google Earth!

    Adam reports that a nude sunbather was spotted on Google Earth. Usual privacy concerns etc. etc.

    My take is why did it take so long to find someone? Hasn't there been something like hundred million teenagers scouring GE for something like this ever since they started?

    Now wait for six people to sign book deals and try to get on Oprah, all claiming to be the nude Google sunbather guy.

    Saturday, September 23, 2006

    Crazy Machines



    If you have children aged 5-10 and want to get them interested in physics and engineering take a look at Crazy Machines. The game has 102 puzzles that have to be solved by making various contraptions with magnets, pulleys, gears, motors, generators and so on. Some of the physics is somewhat questionable but they get the basics of Newtonian mechanics, friction etc. right.

    The only problem with the game is getting it running. We had to turn on some DirectX extensions that had been turned off to get another program to run.

    The same version of the program runs on Windows or Mac.

    Friday, September 22, 2006

    More Robodialing reports - 571-522-1575

    TPMmuckraker reports that these are from a Republican push polling operation.

    Tuesday, September 19, 2006

    The big nut

    Over the past few weeks I have been acquiring a set of wire wheels for my MGB. Unlike the current wheels that have the standard four lug nut arrangement keeping them on the car wire wheels a single nut at the center of the wheel like race car wheels.

    This arrangement was the cause of some concern. What if the nut comes undone? The wheels are spinning after all and nuts do have a habbit of working loose.

    As I started reading up on how to fit the wire wheels I discovered that my concern was somewhat misplaced. The nuts that are visible simply hold the wheel to the hub and the brake assembly. If the visible nuts held the wheel to the car chasis there would be no way for it to turn.

    So what holds the hub to the axles? A single medium sized nut hidden underneath a grease cap which is covered by the hub cap. So should I be less worried because this arrangement demonstrates that one nut is adequate or more worried because I now know that there are two single points of failure rather than one?

    Thursday, September 14, 2006

    Saddam not dictator!

    So Saddam claims he was not a dictator, the judge agrees. Its only a matter of time before the blogosphere goes wild.

    But what the judge actually told Saddam was that he was not a dictator but he was allowed to behave like one. In other words Saddam was never granted dictatorial powers and always claimed that his rule had the thin veneer of legitamacy.

    Saddam is currently being tried in a civil trial under Iraqi law. If the court accepted that he was a dictator this would be impossible. By definition a dictator is not subject to national law, the essence of dictatorship is that the dictator sets themselves above it.

    If Saddam was recognized as a dictator he could not be tried in a national court under existing national law. The only options would be to create new national laws with retrospective effect or to try him in an international court.

    While there is certainly enough justification to charge Saddam with war crimes the Iraqi government and the US occupation prefers a national trial. One of the many reasons for this preference being that the international courts no longer recognize the death penalty.

    So unpacking what the judge really said to Saddam he did not say 'you were not an evil dictator', instead what he said was 'you are on trial as a common criminal and will face the death penalty if convicted'.

    Protecting California's state secrets...

    Forbes.com reports that an LA talk show also accessed Arnies web site.

    You would think that with all his experience fighting robots etc Arnie would know better.

    Part of the problem is incompetence. Private data should never be stored on a public Web server. Come to that didn't US politicians learn to stop taping themselves after the Nixon Watergate tapes became public?

    A larger part is the fact that computer security systems are too hard to use. A large part of the problem is the fact that we still use systems designed to protect access and not data. It is not suprising that ACL based security schemes based down when 300Gb disks cost $200. In the traditional model, access controls are applied to the directory entry describing where a resource is stored. When the file is moved the access controls are lost.

    If we are going to have security systems that work we need to apply the security protections to the data so that the access controls move with the data. In other words we need a DRM/CRM type security system.

    Wednesday, September 13, 2006

    Rip Off Report:Suntasia Dba Agents Travel Network

    The only suprise here is that they can do this openly for so long.

    More HP Fallout

    Adam asks was ATT negligent in using the last four digits of the SSN for authentication?

    A four digit password that is widely published and does not change for up to a century is hardly an effective security measure. There is unfortunately a big difference between 'ineffective' and the legal standard for 'negligent'.

    I don't think that a case against ATT is very likely. If a case was going to be brought it would be against HP, the investigators and the agency they used.

    If a case was brought ATT would certainly point out that they were simply following a widespread industry practice here. Last four digits of SSN is arguably as strong or stronger than mothers maiden name or favorite pet (fido or fluffy). Unlike mothers maiden name or favorite pet the use of a false SSN is a criminal act in itself.

    Combined with other controls, SSN could be reasonably secure. Why were the phone records being sent anywhere other than the customer's billing address? Why do people think we need immediate access to our telephone calling logs anyway? Why is it the responsibility of the phone company to track who we call?

    The legal standard for negligence is the Hands test, probability of harm multiplied by cost of harm is greater than the cost of an effective control.

    The HP incident came only a few days after the existence of the cell phone records 'services' became widely known. Until then the incentive for stealling records and thus the probability of harm would arguably be low - in this case arguably meaning 'a jury might be persuaded'.

    SSN verification might be viewed as being equivalent to a door lock, it offers little security in itself but breaking it provides a clear indication of criminal intent.

    I don't see much hope of demonstrating negligence in this particular case. But what happens when the phishing gangs and the advance fee fraud gangs work out a way to work this type of activity into their schemes? Identity theft is all about building up a comprehensive profile of the victim. Knowing who they talk to would help a lot.

    Tuesday, September 12, 2006

    HP Chairwoman resigns in phone snoop scandal

    Report from the Raw Story

    Perhaps the biggest Internet fallacy is the idea that it is a new frontier where no laws apply. In practice the law treats the Internet no differently. On the rare occasions where a drafting oversight is spotted the 'Internet exception' is usually closed.

    The problem is not the law itself but the enforcement and the perception of the law. Enforcement is difficult because the Internet is not confined to a narrow geography. The difficulty of enforcement combined with the unfamiliarity of the territory combine to create a false perception that existing laws do not apply to the Internet.

    Pretexting of telephone carriers to obtain cell phone records is an example where the public offer of a service creates a public perception and hence a presumption that the service is legal. Since pretexting is the use of deceit to obtain confidential information it is hard to see how it could fail to meet the legal definition of fraud.

    If the problem was a genuine ambiguity the answer would be to pass new laws. Since there is no actual ambiguity, merely the perception of one the introduction of new law would be counterproductive as this would reinforce the perception that the actions are currently legal.

    A much better approach and one that requires no scarce legislative resources is to bring an actual prosecution in a high profile case that is certain to be widely reported.

    Monday, September 11, 2006

    32 Gb Flash RAM

    Our ability to store information continues to increase

    But our ability to manage and secure large quantities of information does not.

    Discuss.

    Thursday, September 07, 2006

    Geeks review coffee makers

    History repeats itself, first as farce, then as crime.

    (via Froomkin) Geeks review coffee makers.

    Customer reviews are becomming increasingly important. Whenever I buy something on Amazon I read the reviews, in fact I go to Amazon mostly because of the reviews.

    But accepting unauthenticated inputs creates a security issue. Spoof reviews are funny but they also demonstrate the weakness in the system, the reviews are only as trustworthy as the people who provide them. The problem is made much worse by the fact that one negative comment has a much bigger effect than ten poisitive ones.

    Undoubtedly some of the attack reviews on Amazon are posted by competitors, others appear to be posted by disgruntled employees.

    Monday, September 04, 2006

    Steve Irwin killed

    The reporters concentrate on the fact that sting rays cause few deaths, I suspect that might have been the problem. People who are used to managing and controlling very big risks often underestimate small risks.

    A friend who does mountain climbing told me that the typical early death was a car crash in a high performance sports car.

    Friday, September 01, 2006

    The IETF NomCon Fiasco

    Eric Rescorla blogged on this before I got a chance to. He does a good job of setting out the current situation with the IETF NOMCON process.

    The short version is that this is a cryptographic protocol that is meant to select ten people at random from a list of eligible volunteers. The problem in this case is that 1) the list was not published as it should have been and 2) there was a person on the list who should not have been there. Due to the design of the cryptographic protocol used this meant that the compiler of the list could have biased the selection process and so has proposed that the process be 'reset' but this also creates a method of biasing the process as it creates a precedent whereby unacceptable outcomes can be avoided by having a 'redo' until the desired outcome is achieved.

    I have not seriously analyzed the IETF selection protocol before now but I have always considered it as 'too clever by half'. I come from a country where we use ballot papers and a pencil for every election and have not had a seriously contested outcome for over a century. The same cannot be said for the US where discussion of Florida's 'hanging chads' has been replaced by the question 'can we trust Diebold'.

    The superficially random nature of the selection process for the nomination committee is an artful way of disguising the fact that the whole point of the process is to avoid accountability. Academics are fond of tenure, Engineers dislike deadlines. If you allow a group of engineering academics to design an institution for themselves to work in you are unlikely to find that it has strong accountability mechanisms.

    Eric is correct in pointing out that the IETF is a volunteer organization. It is not however an amateur organization, or to be more precise the IETF prides itself on the importance of the work that it does and the expertise that it brings to this work. It follows therefore that volunteerism is not an acceptable excuse for amateurism.

    The flaw in the IETF protocol is the same one that is faced in real world elections and in most of the academic cryptographic voting schemes. One of the systematic failures of cryptographic voting protocols has been that with rare exceptions they consider the paramount concern to be secrecy of the ballot. In practice this is a very small concern. The point of secrecy is to prevent intimidation of voters or selling of votes. This is certainly one way to rig an election but any attempt at intimidation or vote buying on a large enough scale to affect the vote is going to be noticed and the results would be self correcting.

    The two real concerns in electoral systems are 1) auditability and 2) vote suppression. Vote suppression has a long history in the US, the simplest way to rig an election is to stop voters likely to vote for the other party from registering to vote or if unable to prevent them registering stop them getting to the right polling station or if unable to do that discourage them from voting by ensuring that there are not enough voting machines available.

    Vote suppression is a real issue but not one that can be fixed using cryptography. The principle concern for the cryptographic protocol therefore is to ensure that the process is auditable.

    The critical flaw in the IETF process is the dependence on the list of candidates. If the cryptography is going to be as robust as possible the influence of the organizaers should be minimized. The current process has a critical reliance on the drawing up of the list of candidates. Publishing the list of candidates prior to the discovery of the random seed information is a critical control if the process is to be fair and auditable.

    The way to fix the selection scheme is to eliminate the critical dependence on compiling the list. A simple way of doing this is to use a common random seed, a MAC function and the email address of the volunteer to create a score with the top ten scores being the selected members. So the score for alice@example.com would be MAC (seed, "alice@example.com").

    The advantage of this scheme is that it is still possible to generate a score even if the list is not generated and published correctly and on time. If a person is left off the list it is still possible to calculate a score for them provided they can prove that they are eligible. If a person is included in the candidate list but is found to be ineligible for any reason their inclusion does not affect the outcome and can be ignored.

    The moral here is that cryptography is often a critical part of the solution to real world security requirements but it is a mistake to consider cryptography to be a panacea. Cryptographic protocols that do not take account of real world exceptions turn out to be like cast iron - strong but brittle. The art is to design protocols that are like steel, strong enough and flexible enough for real world needs.

    Tuesday, August 29, 2006

    Perpwatch 30 months for hiring DDoS attack, 5 years for botherding

    Monday, August 28, 2006

    Secret hold? No such thing

    Cox news reports that a Senator put a 'secret hold' on a bill to open federal records.

    There is in fact no such procedure. The only way that a bill can be halted in the Senate is if the Majority party decides not to bring it to the floor or if there is a filibuster.

    The Senate observes a set of 'gentleman's agreements' that allow for this type of thing but it is the majority party that decides to observe them or not. If one Senator could in fact exercise a secret veto on any measure they chose to nothing would ever get done. What is really happening here is that a senator has asked the majority leader to block the bill and the majority leader has agreed.

    Pretending that such a mechanism does in fact exists allow the majority party to avoid accountability for their actions. It only works as long as the media is willing to go along with the charade. Unlike the mainstream media bloggers have no vested interest in maintaining the status quo. Bloggers do not get favored access to politicians.

    Congress will eventually yield to demands for accountability and transparency, a political system where secret holds are put on legislation and secret earmarks are used to reward campaign contributors is simply not sustainable in the blogging age.

    Thursday, August 24, 2006

    Is President Bush Stupid?

    As I made lunch I thought about Stephen Jay Gould's Mismeasure of Man and the general US preference for alleged measures of academic ability over academic achievement.

    As Gould points out this preferrence was historically motivated in large part by racism. Far from being 'culture neutral' as proponents claim to this day IQ tests are both learnable and have marked culture biases. I know from first hand experience that it is possible to increase your IQ score by practice. Entry to the Senior school at King's was by public examination. Pupils at the junior school like myself practiced taking IQ tests every week. By the end my score had improved by at least a standard deviation despite the fact that the tests got harder towards the back of the book.

    The insufficiently remarked upon corrolary of the claim that IQ tests measure an innate unchangable quality is that it precludes any possibility of improvement. This is especially ironic in view of the fact that the original purpose of the tests was precisely to tract the response of mentally deficient patients to remedial therapy.

    So now we have Conservative commentators asking the same question Liberals asked eight years ago, is George W. Bush an idiot?

    Since 'idiot' is a clinical term the answer is clearly no. But the US debate then goes on to ask if someone can be intelligent despite displaying no intellectual curiosity.

    Mental capacity is just like any other human capability, it is not possible to acieve peak performance without training and frequent practice.

    Tuesday, August 22, 2006

    JonBenet mania

    CNN's saturation coverage of JonBenet continues and will continue. If WW III and the second comming were to happen CNN would still lead on Karr's in-flight catering selections.

    The phrase 'unfounded media speculation' keeps comming up. You would never know that CNN was the principal cheerleader on this story for the past ten years and that the 'speculation' being referred to was by the same talking heads appearing on screen today. The CNN coverage consists of talking heads speculating wildly interspersed with video of the Colorado police asking people not to speculate, followed by the talking heads speculating about the police statement.

    The suspect is clearly a serious security concern. It does not appear very likely that his confession is genuine and the confession itself is not actually of murder but there is clearly something wrong.