Driven to distraction: aware of the risks?

A month ago, I talked about a New York Times article about distracted driving. And last year I discussed the issue of sending text messages when you’re supposed to be paying attention to what’s around you.

This weekend, the New York Times presented another example: a 19-year-old in Utah who was texting while driving, crashed into another car, and killed two. The incident resulted in a new Utah state law that makes driving and sending text messages at the same time... illegal.

That’s fine — it certainly should be — but why does texting need to be called out explicitly? Here’s why:

Still, county prosecutors thought they were unable to charge Mr. Shaw with something other than “left of center.” For instance, if they wanted to prove Mr. Shaw guilty of negligent homicide, a misdemeanor, they would need to show he knew of the dangers or should have known of the dangers of texting while driving.

That would seem to be easy to show, don’t you think? Everyone knows texting while driving is dangerous, and you shouldn’t do it. Everyone knows. Don’t they?

Prosecutors and judges in other states already have the latitude to use more general reckless-driving laws to penalize multitasking drivers who cause injury and death. In California, for instance, where texting while driving is banned but the only deterrent is a $20 fine, a driver in April received a six-year prison sentence for gross vehicular manslaughter when, speeding and texting, she slammed into a line of cars waiting at a construction zone, killing another driver.

But if those prosecutors want to charge a texting driver with recklessness, they must prove the driver knew of the risks before sending texts from behind the wheel.

Come on! This is common sense, people; no one should have to prove anything. We just need to accept that anything that takes your attention away from driving is dangerous, and that everyone is presumed to know that. Teach this to people in diving class, put it on the driver’s license exam, and make it a condition of being allowed to drive that you know that. No one should have to prove whether you understood that it’s a hazard to, while you’re driving, read the newspaper, play a guitar, have your (fairly large) dog in your lap, shave, or do your eyelashes — all of which I’ve seen on the road at 50 miles per hour and above.

And no one should have to question whether you were away that typing on a minuscule keyboard while driving could get you and others killed.

More broadly, Mr. Swink said, drivers in Utah are now on notice that texting while driving is inherently reckless. And as drivers across the nation become more aware of that notion, he said, judges and prosecutors will feel more comfortable asking for big penalties. He said the Shaw case helped to pave the way.

Good on you, Utah. But this just needs to be standard procedure: everyone needs to be on notice, in and out of Utah.

Carnivals!

Would you let a seven-year-old take your SUV out on the road? Sylvain, of Québec, did, and put the video on YouTube.

The video was made two years ago, while the family was on a remote logging road to a lake in Quebec’s North Shore region. In the back seat, the boy’s mother is shown with a toddler on her lap, fretting and warning that little Samuel is going too fast and that there are ravines on the side of the road. Sylvain responds on the video by describing her as “a real mother hen.” He is also heard congratulating his son for reaching 70 km/h. [45 MPH]

Sylvain explained Tuesday, “They weren’t ravines. They were little ditches.” The boy drove “40 maximum,” [25 MPH] he said. “Yes, I said he was going 70, but that was just a joke. I would never have let my son drive that fast.”

Oh, well, that’s OK, then, eh?

Pointers to this fortnight’s blog carnivals:

• Skeptics’ Circle #118.
• Carnival of the Liberals #96.
• Carnival of Mathematics #56.
• Math Teachers at Play #14.
• Carnival of the Godless #124.

Aren’t they plurals?

It’s funny, sometimes, how we twist plurals from other languages.

Because English has taken words from many other languages, we have many different ways of making plurals. Some are more true to the origins than others. Some morph in funny ways. And some are just confusing.

“Radius” comes from Latin, and its Latin plural is “radii”, a construction that we usually retain — it’s pretty uncommon to see “radiuses”, though American Heritage accepts it. “Virus” looks related, but its plural is not “viri” (and definitely not “virii”, which would be wrong in any case), but “viruses”. I often jokingly use “irii” as the plural of the iris flower. Jokingly.

But we say “octopi” without jest, though it should be a joke: “octopus” comes from Greek, not Latin, and should not take the “-i” plural. Say “octopuses”, please.

The variations on the Latin word for folks who attended one’s school cause no end to confusion. Here’s the skinny: a male graduate is an “alumnus”, a female graduate is an “alumna”, a group of female graduates are “alumnae” (last syllable sounds like “knee”), and a group of male, mixed-sex, or unknown-sex graduates are “alumni” (last syllable is “nye”). Or just say “alum” and “alums”; casual and short, they’re never wrong.

“Index” and “appendix” become “indices” and “appendices”, but not in some style guides, which prefer to avoid “confusing” plurals. “Datum” and “agendum” have pretty much gone away, replaced in singular usage by their plurals. “Addendum” and “erratum” survive, though, along with their correct plurals, “addenda” and “errata”.

I once had an electronic device that had instructions that “this unit require six pieces of size D battery.” I had images of chopping a battery into six chunks with a cleaver, but I learned the reason for the odd translation. In English, we can say “one battery”, but we can’t say “one grass”. We have to give the grass its unit: “one blade of grass”. In Chinese, it’s true of all nouns that when they get a number, they need a unit. So the “pieces” translation is just direct from the Chinese.

I’ve found some amusement in Italian plurals, which we use for foods: zucchini, cannoli, tortellini, and the like. Yes, those are plurals. So don’t order “two cappuccinos”, but try “due cappuccini”, and see if you get what you want. I’ve wondered about asking for a single cannoli. Shouldn’t I say “cannolo”? No, advised an Italian colleague. It’s true that “cannoli” is plural, but the singular isn’t used: Italians would ask for “un pezzo di cannoli”, one piece from the batch.

Maybe with these foods, the point is that you can’t eat just one, so we just stick with the plurals. Only, we do say “zucchinis” sometimes, when ”zucchini” should do.

The British take care of the problem by calling them “courgettes”, from the French.

Technology and fraud

Fraud has been around as long as people have. I’m convinced that back when people lived in caves, some troglodyte took another’s kill in exchange for a “spacious” cave that turned out to just be an indentation in a rock next to a swamp.

People have perpetrated fraud door-to-door, by mail, by telephone, out of an actual office, whatever. It’s even entertaining, when it’s fictionalized. We delighted to the story of “Professor” Harold Hill in The Music Man. A 10-year-old Tatum O’Neal won an Oscar playing with her father, Ryan, in Paper Moon; the same year’s The Sting won Best Picture, along with six other Academy Awards.

There’s nothing entertaining about it, though, when it’s done for real, and there’s a lot that’s the same between the snake-oil salesman in his horse-drawn wagon in the old west... and the folks selling remedies to improve one’s “love rocket” (as a recent message in my spam folder called it) on the Internet.

There’s also a lot that’s different, and those differences are what enable modern fraud to work on such a vast scale.

The huckster in the wagon had a rough job. He needed that wagon and horses, for one thing, and he had to feed and care for the horses. He rode all over, usually riding more than selling, and when he got to where he could sell he became a performer. He also sometimes became a fugitive, driven out of town with threats of tar and feathers, or worse — and hot tar is a punishment that’s far less comical than jokes make it out to be.

Moving through the years, printing brochures and other advertising material and setting up fake offices took money and required special equipment (printing presses) and access (office space). Even cheating people by telephone necessitated one-on-one phone calls, a significant investment in time, and a fixed location that was prone to being raided by the authorities.

Technology and the Internet makes this all so much easier, and that’s what has really changed. Printing stuff? You can get professional results with an inexpensive ink-jet printer. Pre-paid mobile phones are untraceable and don’t tie you into a fixed location. But most useful are email and web pages.

Constructing a brick-and-mortar business is quite a task. But a web site can be put up in minutes, and abandoned as quickly. Email can be sent out in the millions, also in minutes. Set yourself up, and sit back and wait for the clicks. You can make it semi-legitimate (by actually sending out “product” in response to purchases) or not, as you please.

Worse, though, is how easy it is not just to set up a bogus business, but to mimic a real one. Building a fake Bank of America branch to lure people in with their money would have been next to impossible 20 years ago. Putting up a fake Bank of America web site that’s hard to distinguish from the real one is trivial today. Slipping someone a fake map or fake directions to send them to your storefront used to be an idea limited to the movies. Sending a phony URL by email, or rerouting traffic from an Internet café is no big thing.

It’s even easy to set up a fake “magazine” and suck in advertising revenue. It’s amazing how many unsuspecting folks will be willing to write for free, as “interns”. Even easier is to scan the Internet for interesting items and then just republish them on your own site, without permission. Throw in a bit of “search-engine optimization” to draw people to your ’zine (SEO is big business in itself, these days), and, again, you can sit back and collect the money.

It’s a new world, but I’m not sure how “brave”.

Using public networks

Someone recently sent me a Fox News article from about a month ago. It’s about risks of using public networks, specifically wireless ones — while the issue isn’t limited to wireless, few people wire themselves in any more.

The newest trend in Internet fraud is “vacation hacking,” a sinister sort of tourist trap. Cybercriminals are targeting travelers by creating phony Wi-Fi hot spots in airports, in hotels, and even aboard airliners.

Vacationers on their way to fun in the sun, or already there, think they’re using designated Wi-Fi access points. But instead, they’re signing on to fraudulent networks and hand-delivering everything on their laptops to the crooks.

“More and more people are traveling with Wi-Fi devices like smartphones and laptops,” says Marian Merritt, Internet safety advocate at the computer-security giant Symantec. “Airports and airlines and hotels are responding. They’re setting up free Wi-Fi networks to lure in customers. Now they’re luring in hackers as well.”

The problem here is that there’s a lot of misunderstanding about what the risks are and what to do about it. The advice in the article is fine, as far as it goes, but at the same time it instills unnecessary fear and yet doesn’t go far enough.

Let’s start with advice I gave a long time ago: never, ever use a public computer to log into anything. The computer may be logging your keystrokes, or doing any manner of snooping, man-in-the-middle attacks, and such. Use Internet cafes, kiosks, and other public computers only to look things up... only, in other words, for public stuff.

Now, what about connecting your computer to an unknown network? (And by “computer”, I include iPhones and other PDAs, Kindles, and any other device that gets on the Internet.)

When you connect to any network, everything you send to and receive from the Internet goes through that network. And, so, everything you send to or receive from the Internet can be recorded. Also, your traffic can be redirected (using phony routing or phony DNS resolution). But:

1. What you do locally on your computer can not be recorded. In particular, an attacker can’t do keystroke logging.
2. If your computer is properly secured, files on your computer are safe. The attacker can’t read them or tamper with them.
3. If your computer is properly secured, no one can install malware (or any other software) on your computer.
4. If you have a proper, secure connection to a service provider, even though your network traffic can be recorded by the network, the encrypted data will be undecipherable and useless.

And that all means that you can safely do a lot more with your own computer on someone else’s network, provided that your computer is properly secured and that you’re certain you’re using secure connections to your email service, your credit-card company, and your stock broker.

Let’s look at some advice from the article, and then come back to the question of what that last paragraph means:

Beware of “Evil Twins.” Some Wi-Fi networks look legitimate but are actually dummy networks created by criminals. Even if they contain the name of your airport, airline or hotel, they will directly link your computer to the hacker’s. If you always use the official access keys provided by the establishment, then you should be safe.

I disagree with this item completely. There is absolutely nothing that will prevent an attacker from setting up an “evil twin” that you can not distinguish from the real network. The network’s name is public. The WEP key or WPA password is given to all users, so the attacker can get it too. The attacker can easily set up an access point that looks exactly like an “official” one. If you have to go through a login screen on your first web access, the attacker can mimic that. If you have your own, unique sign-on password, the attacker can just accept whatever you type, and you’re none the wiser.

It makes no difference whether you’re using “official access keys provided by the establishment.”

It is possible to protect users from evil-twin attacks, but it involves more setup work than any public network is willing to do. So you have to protect yourself, by making sure that your computer is protected:

1. Do not run Internet applications that you don’t need to have running. Do not, for instance, have iTunes running if you’re not using it. Do not, for instance, have anything running that lets someone log into your computer or access its files remotely. Shut down file sharing, FTP or Telnet servers, and the like.
2. Do run firewall software. That should be superfluous, but if you’ve forgotten something in number 1, the firewall will back you up in number 2. Configure the firewall to block everything incoming when you’re on a public network, and be sure to switch to that setup.
3. Be especially careful to use secure web connections (SSL/TLS, HTTPS), and be sure you use your own, trusted bookmarks to get to the web sites.
4. Never accept any security-related warnings when you’re on a public network — just go away, and come back when you can trust your network.

That last point is crucial, and is missing from the article’s suggestions. It helps to understand how the SSL “certificates” work:

1. BigBank owns the domain bigbank.example.
2. BigBank goes to a known certificate authority and gets a security certificate for bigbank.example, signed by the certificate authority. Note that this doesn’t mean that the CA says that bigbank.example is a good domain — only that the certificate is vouched for.
3. You visit https://bigbank.example in your web browser to log in.
4. As part of the HTTPS interaction, the web site sends your browser the certificate.
5. Your browser knows about the certificate authority, and accepts the certificate as credentials for the web site.
6. Your browser compares the domain name in the certificate with the domain name in the web site’s URL. This is a key point, and you must not ignore warnings from this step. If the network surreptitiously redirects you to b1gbank.example, the fake web site might actually have a valid certificate for that domain, but it won’t match the requested bigbank.example.
7. Your browser responds to all this by establishing a secure, encrypted channel to the web site, and by displaying some indications of that in the user interface — there’s usually a padlock symbol in the browser frame, an “https” URL in the address bar, and maybe some sort of colour coding around the address bar as well. Do not be fooled by any padlock symbols in the web page itself, and look only for the trusted one in the browser frame.

If you are sure that you have an encrypted connection to the correct web site, it’s actually OK to enter passwords, account numbers, and other personal information there. But only do so if you understand how to check for a valid SSL/TLS connection, and you’ve used a trusted bookmark to get there.

And stick to using insecure connections for reading the New York Times, and Staring at Empty Pages.

Goodbye, Senator

Senator Ted Kennedy died last night. The people of Massachusetts, as well as liberals throughout the U.S., have lost an intelligent, dedicated, and influential voice. Surviving his brother the senator and president by more than 45 years, and his brother the senator, attorney general, and presidential candidate for more than 40, Edward Moore Kennedy succumbed to brain cancer at the age of 77.

I’ll quote back, in memory of the senator, the words he said for his brother in 1968:

My brother need not be idealized or enlarged in death beyond what he was in life, to be remembered simply as a good and decent man, who saw wrong and tried to right it, saw suffering and tried to heal it, saw war and tried to stop it.

Those of us who loved him and who take him to his rest today, pray that what he was to us and what he wished for others will some day come to pass through all the world.

Ted Kennedy did his best to work toward that end. Others continue to, but it won’t be the same without him. Goodbye, Senator.

Blogs as journalism: what standards?

Some friends and I were having a conversation recently that seems reasonable to report on here.

A friend sent to some others of us a link to a technology column, and I, unimpressed with the column’s author, responded with some strong criticism:

Given that he’s being paid to write, it’s a pity he doesn’t write better: he misspells, he doesn’t use commas correctly, he gets subject/verb agreement and number agreement wrong, and he has awful, run-on sentences that are so convoluted even the writer can’t get the ending right. And that’s just in one article.

The sender’s response to that was that hey, it’s a blog, not the New York Times, implying that “blogs” shouldn’t be held to standards as high as those we’d hold the Times to. To which another correspondent said, “That’s one of my bigger complaints about blogs. A lot of bloggers are in dire need of an editor, not merely an author.”

The conversation finished with the sender’s noting that some blogs are “rougher hewn,” and that that’s OK, “as long as reader expectations are set and met consistently.” But there’s the thing: there are all different kinds of blogs, all different kinds of readers, and all different kinds of expectations.

There are individual blogs like this one. No pay, no pretense to journalism. Widely varying quality of writing, and the people who read them know what to expect from the ones they read. I try to maintain good writing standards, and I think I usually succeed. But it’s not something one expects when one stumbles onto a blog like this.

There are group blogs that work pretty much as individual blogs, except that there are multiple contributors. They usually vary by contributor. There are also group blogs that are more formal, and some where contributors do get paid.

And then there are “blogs” like the Huffington Post, like the “technology blogs” (one of which started this discussion), and like the blogs that are actually part of the New York Times. These are labelled as “blogs”, but they certainly aspire to “journalism”. Some are simply less-formal, less-edited columns written by actual journalists, who otherwise write formal, edited pieces for the same outlets. David Pogue, for instance, has technology columns in the Times, as well as a blog there.

Should we be applying different standards to Mr Pogue, say, depending upon whether we read his comments on www.nytimes.com or on blogs.nytimes.com ?

And back to the author in question, who is associated with a major techno-journalism outlet: is it OK for him to write badly because he has an established readership, and his readers accept it?

Ultimately, everyone’s job is to make one’s boss happy. If the people who are paying the guy are pleased, then who am I to say? And, yet, it bothers me. It bothers me that people are being paid to write, and they write badly. It bothers me to know that there are good writers out there who can’t get work, and, yet, bad writers are... making their bosses happy. It bothers me that standards of writing and of journalism are deteriorating.

It bothers me that standards seem now to be driven by what readers will tolerate, rather than by what they deserve from paid professionals.

Some new photo albums

Busy today, and nothing interesting to write. So I’ll just note that I’m working on putting up older photo albums on Picasa. New ones:

1. Salzburg and environs (2003)
2. Paris (2005)
3. London (2005)
4. Sedona (2006)
5. Lake Tahoe (1999)
6. Oregon (1998)
7. Washington, DC
8. New York City
9. Jamaica Bay Wildlife Refuge
10. Grounds for Sculpture

Is this a cheaty way to count a blog post for today? Maybe.

Oh, well.

[Update, 25 Aug: Added Sedona, Tahoe, Oregon.]

[Update, 31 Aug: Added DC, NYC, Jamaica Bay.]

[Update, 8 Sep: Added Grounds for Sculpture.]

Lacrimae

I’ve mentioned that the local Methodist church with the marquee sign seems to have come up with some new  aphorisms to put there. Maybe their source puts out updates periodically. I wonder whether they have to buy a subscription. Or maybe they get it from the mother church as part of the franchise.

The current blurb is another new one:

EYES WASHED BY TEARS
CAN SEE CLEARLY

I thought about that for a bit. (I guess that’s part of the point.)

I wondered whether there might be some relation of tears to Methodist tenets. There’s certainly a lot of tears and crying in Biblical religions. An old friend used to enjoy the bit of trivia that the shortest verse in the (King James) Bible is “Jesus wept.” (John 11:35)

The Catholic Requiem mass contains the Lacrimosa verse in the Dies Irae (day of judgment) sequence, referring to a tearful day:

Lacrimosa dies illa
Qua resurget ex favilla
Judicandus homo reus
Huic ergo parce, Deus

At the Passover seder, Jews use salted water to represent tears of the enslaved Jews in Egypt... and dip out some of the celebratory wine to acknowledge the suffering of the Egyptians under the ten plagues.

It’s not clear how any of this relates to seeing clearly, though. Is it that only through tears of suffering can people understand life (or God)? Maybe it’s that through the tears, we learn to appreciate what we have.

Another thought: the tears aren’t literal, here, but the slogan is a metaphor, reminding us to be compassionate toward others. If we weep for those less fortunate, maybe we’ll see our way to helping them, as well.

Sunt lacrimae rerum et mentem mortalia tangunt.

— Virgil, from “The Aeneid”

The world is a world of tears, and the burdens of mortality touch the heart.

— Translation by Robert Fagles

Of all the displays on that sign, I think I like this one best.

And it brought to mind a different view of “seeing clearly”, from my high school days:

I can see clearly now; the rain is gone.
I can see all obstacles in my way.
Gone are the dark clouds that had me blind.
It’s gonna be a bright, bright sun-shiny day.

— Johnny Nash

Speedometer accuracy

For the drive to Montréal, I borrowed a Tom-Tom GPS device — for fun, really; the way is straightforward. It’s the first time I’ve used one in my car, and I have to say that despite the advantage of portability, the built-in ones that I’ve seen in friends’ cars are far better, what with their larger screens and consequent improvement in user interface.

One thing the Tom-Tom does is show your driving speed. Because it’s measured from the GPS signals, I presume it’s accurate. And I found something interesting: my car’s speedometer reads about 5% high, at least at highway speeds. I had to go 68 or 69 MPH on my speedometer for the GPS to show 65 MPH (the speed limit on the Northway).[1]

On thinking about it, it makes sense, for obvious reasons, to design speedometers to read slightly high, to slightly overstate the speed. It’s certainly always preferable to having them read low. If I think I’m going 70, but I’m really doing a little less than 67... I think I’m speeding just a bit, but I’m actually following the speed limit pretty well.

Of course, then it becomes like the people who set their clocks fast so they’ll think they’re running late and hurry. They know how fast their clocks are, so they compensate for it — they don’t worry if it looks like they’re ten minutes late because the clock is ten minutes fast. Similarly, I wonder if I’ll now compensate for my speedometer, and mentally subtract 3 MPH from what it reads on the highway.

Probably not.
 

---

[1] But note, here, that apart from the accuracy of the two devices, they also have different precisions (see this post for an explanation of the difference). The precision of the GPS device’s speed display is 1 MPH, while the precision of the speedometer’s is 5 MPH. “68 or 69 MPH” is an extrapolation interpolation. [Corrected; see comment from Jim.]

Barney Frank nails it

This has been all over the Internet already, but, well, I love it so much, and any of you reading these pages who’ve not already seen it... must.

In a “town hall” meeting in Dartmouth, Massachusetts congressman Barney Frank got a question from a woman who held a Hitlerized photo of President Obama, called Mr Obama’s health-care plan a “Nazi policy,” and asked the congressman why he supports it. Representative Frank’s reply is in this video. You have to see it in his own delivery, but I’ve also included, below, a transcript of what he said.

When you ask me that question, I am gonna revert to my ethnic heritage, and answer your question with a question. On what planet do you spend most of your time?   [applause]

You want me to answer the question? Yes... and you stand there with a picture of the president defaced to look like Hitler [the woman proudly raises the picture in the air] and compare the effort to increase health care to the Nazis. My answer to you is, as I said before, it is a tribute to the first amendment that this kind of vile, contemptible nonsense is so freely propagated.   [applause]

Ma’am, trying to have a conversation with you would be like trying to argue with a dining room table. I have no interest in doing it.

I’ve always liked Barney Frank, but now he’s my new hero. It’s refreshing to watch a legislator openly tell someone who’s full of shit that she’s full of shit. I wish more of them would, and I wish the media would as well, and would stop giving them platforms from which to spout this stuff.

Green lights and left turns

While we’re on driving-related comments, there are (at least) two interesting things that differ between Montréal and New York:

1. The signal for a protected left turn in New York is a green arrow pointing left. In Montréal, the regular green light blinks. If you don’t know what the blinking green means, you’ll find out when the people behind you blow their horns because you’re not turning.
2. In New York, they tell you what you mayn’t do (no left turn, for instance), and anything not forbidden is permitted. In Montréal, they tell you what you may do, and anything not permitted is forbidden. If the sign has green arrows pointing straight and to the right, it means that left turns are not allowed there. (If there’s no sign, everything is OK, as in New York.)

Number 1 brings me to a recent conversation (in New York). Usually, at intersections that have green arrows, the arrow comes before the normal green light... but sometimes, it’s after. A friend pulled into a left-turn lane at a red light, and waited. The light turned (normal) green, and then later gave the green arrow, and my friend, annoyed with having had to wait longer, said, “I don’t know why they don’t have the green arrow first.”

As usual, the engineering analysis kicked in, and my first thought was that it makes no difference with regard to throughput. We arrived when the light was red, so we had to wait through the remainder of the red and the normal green before getting the arrow. But if the arrow came first, we could just as well have arrived right after it turned to normal green, and had to wait for the rest of the green and the red. Assuming a uniform distribution of arrival times, the average time you’d have to wait to get a green arrow is the same, regardless of whether the arrow comes at the start of the green cycle, or at the end.

But if the light is controlled by a sensor and there’s no red arrow (left turns are permitted during the normal green part of the cycle), it actually improves overall throughput to have the green arrow at the end. Here’s why:

With the leading arrow, left-turning cars arriving when the light is red trigger the sensor and schedule a green arrow, allowing them to turn right away. Cars arriving after that get the normal green, and have the opportunity to turn if they can. If not, they wait for the next green arrow. The green arrow, making the oncoming traffic stop, is scheduled whenever a left-turning car arrives while the light is red — or while the light is green and the car isn’t able to make its turn because of traffic.

With the trailing arrow, left-turning cars arriving when the light is red do not trigger the sensor unless they’re unable to turn during the green cycle. The only time the green arrow is scheduled is when cars remain in the left turn lane at the end of the green. That means that if the intersection is not saturated — if it’s sometimes possible for cars to make their turns without the arrow — using the trailing arrow results in less need for the green arrow, and, so, less overall delay for the traffic that isn’t turning.

Of course, if the intersection is so busy that one can effectively only turn with the arrow (or if turns are only permitted with the arrow), then we go back to the original situation: it doesn’t matter either way, leading or trailing.

That probably means that we should switch to trailing green arrows always, to improve the throughput when it matters, and to get us used to that way as a rule. But this is all napkin-scrawling; I haven’t done any proper modeling to verify that I’m right.

Metered parking in a high-tech world

I just spent an extended weekend in Montréal (here’s the Picasa album), and one thing I noted is the parking payment system — New York is adopting a similar system.

In some places, they still have the old parking meters (well, for some value of “old”; they’re digital), and I used one of those — you put coins in, and the time on the display increases up to the maximum. When the time runs out, you stand to get a parking ticket.

But in much of the city, at least in the areas where I was, the parking places are marked with numbered poles instead,[1] and there’s a payment kiosk[2] nearby (“Payez—Partez”, pay and leave). You remember your parking-space number, you go to the kiosk, you pay for the time you want, et voilà. I used one of those, as well.

I started thinking, as an engineer does, about the comparative advantages of the two systems. The new system clearly has many advantages for the city. The poles with the parking-space numbers are pretty low-maintenance things, so they don’t have to worry about repairing meters. In fact, the failure mode of those poles is pretty good: because the numbers are consecutive, if a pole is vandalized and is missing or unreadable, it’s easy to infer the space number from the poles nearby. Someone would have to take out a whole block to cause a real problem there. The money, too, is in one box rather than dozens, so it’s easier to collect it. And, because you can pay with a credit card as well as with cash, money isn’t always an issue anyway.

Of course, regular parking meters could also be fitted to take credit cards. That’d be much more expensive — again, putting the necessary stuff into every meter, one per parking space. So it’s not likely that the city would do that. The ability to use credit cards is a real benefit to the user, who doesn’t have to worry about having pockets full of coins, and then finding that the meter doesn’t take dimes, say.

But the interesting thing to me, as a network security guy, is how the new system favors the city and how it can and can’t be attacked.

With the old parking meters, the model was that you rented the parking space for a given time, the remaining time was publicly displayed, and if you left with time still on the meter, well, the next user would benefit from it. It’s a pretty user-friendly system, in that regard.

With the new system, you also rent the space for a given time... but the time you purchased is not displayed anywhere. Your receipt tells you the time of day when your carriage turns into a pumpkin. But it doesn’t tell it to anyone else, and, in particular, when you find an empty parking space you have no idea whether someone still has a lease on it that she’s not using.

And there’s the great advantage to the city: there might be an hour left on the lease, but you have no way to know, so you pay for the hour that you need. The alternative is to risk a parking ticket. And the city now collects double rent for that space — perhaps even triple or more (my gut feeling is that triple is reasonably likely, and the likelihood goes down pretty rapidly from there... but I don’t know).

To attack the system, you’d need to figure the chances that there’s time left, how much remaining time is likely, and how quickly cars get ticketed when they’re in violation. Then you could approximate the expected cost of parking without paying, for various periods of time, and play the odds.

But to throw another wrinkle into it — how do the enforcement officers know when the time expires for each space? They could get it from the kiosk, but perhaps it’s all “online”, and they get it electronically. One can envision a sophisticated system that uses GPS to track the enforcement officer’s position and gives her a ready list of the status of all the parking spaces in the area. It could highlight the ones that have recently paid, so she can visit those preferentially and note what cars are parked there. If she sees a different car parked in the same space with no intervening payment, she’s found a cheater.

We can even imagine that the identification of the cars might be done with image analysis, using a camera that she carries with her. Everything would be recorded on her little computer tablet — which might well double as a way to write tickets, if it comes with a portable printer built in.

I don’t actually know how the detection and enforcement is done, but it’s fun to speculate on how such a system might work. If we added detectors that could tell when a car enters or leaves a parking space, it might be very difficult, indeed, to get away without paying.
 

---

[1] As you can see in the photo (click to enlarge), the markers often double as hitching posts for bicycles, which are used a great deal in the city.

[2] The kiosks are solar powered.

La Grande Rencontre

Some photos from La Grande Rencontre, Montréal

Clockwise from top left:

1. Raz-de-Marée (Tidal Wave)  [video]
2. Alise Marlane et ses amis
3. Baqqhus  [video]
4. Aditya Verma (sarod) et Udai Mazemdar (tabla)
5. Le Duo Lemieux (Daniel et Louis-Simon Lemieux)  [video]
6. Purgatoire
7. De Temps Antan  [video]
8. Gadji-Gadjo  [video]

[Update, 20 Aug: Added pointers to brief video clips I took at the festival.]

Charitable donations to send email

In 2004, Mark Wegman, Peter Capek, Scott Fahlman, and I, wrote a paper about using charitable donations to “stamp” email messages as a mechanism against unwanted mass mailings (see Charity Begins at… your Mail Program (PDF)). The paper was not accepted at that year’s Conference on Email and Anti-Spam (CEAS).

In this year’s CEAS, Yahoo! presented a similar paper, profiling a micro-donation system that they’re piloting (see CentMail: Rate Limiting via Certified Micro-Donations (PDF)). Running code is always more compelling, and five years brings a change in focus.

The basic idea is that if you take a company’s or an individual’s existing donations, you can break them into small chunks of, say, one cent each, and count each of those chunks toward a “stamp” for your mail. On the theory that a spammer sending 50 million messages would not be willing to spend half a million dollars to stamp them, you can give at least some preference through your spam filtering to stamped mail.

MacGregor Campbell just wrote an article for New Scientist about Yahoo’s CentMail pilot, and he refers back to the IBM work and quotes Scott Fahlman and me (though he didn’t get the part that I’m not with IBM any more).

Here’s what he got from me:

Barry Leiba, also at IBM, points out that one of CentMail’s core features could also be a weakness, though.

People may not wish to receive messages plugging a cause they don’t agree with. “I might feel that by accepting his messages, I’m implicitly supporting his charity choices — choices that I might be vehemently against.”

I don’t think this is an insurmountable problem, but I don’t know how to get around it. Here’s the scenario in full, as I gave it to Mr Campbell:

I have a colleague whom I like and respect professionally, and with whom I get on well personally... except that we’re politically opposite. If we should start using Charity Seals or CentMail, I might feel that by accepting his messages, I’m implicitly supporting his charity choices — choices that I might be vehemently against.

Note that this issue exists whether or not we disclose the specific charities. The fact that I know what kind of organisations he’s likely to donate to is sufficient to trigger it. So we can’t mitigate this just by saying (as Yahoo! appears to be doing) that the message is stamped, without saying to what charity the sender gave money.

The responses I get to this concern are usually either

1. “That won’t really be a problem,” which amounts to summary denial, or
2. “We’ll only choose non-controversial charities,” which I think is somewhat naïve, and perhaps unworkable.

It might indeed be that it won’t turn out to be a problem. We won’t know that until it’s out there, and we see how it works. I worry, though, that if it does become a problem, it’ll be harder to solve at that point.

That said, I think the charitable donations thing is a good idea, worth pursuing, piloting, experimenting with. I’m eager to see how Yahoo’s program goes.

Carnivals!

A guy in Jensen Beach, FL, who was caught with child pornography on his computer claims that he didn’t download it — his cat did:

Griffin told detectives he would leave his computer on and his cat would jump on the keyboard. And when he returned there will [sic] be strange material downloaded, the release states.

The cops didn’t buy it. And Griffin obviously hadn’t bought this product.

[And, yes, the “kitty porn” joke has already been made, in the comments to the article.]

Pointers to this fortnight’s blog carnivals:

• Skeptics’ Circle #117.
• Math Teachers at Play #13.
• Carnival of the Godless #123.

We are stardust; we are golden

It’s a summer full of notable anniversaries. 40 years ago today, shortly after 5 in the afternoon, Richie Havens took the stage to open the Woodstock Music and Art Fair — which wasn’t actually in Woodstock, and was never planned to be in Woodstock, nor even in the same county. The first venue, in Wallkill, fell through, and eventually the concert was moved to the dairy farm of one Max Yasgur, near Bethel, NY. The rest is, as they say, history.

I’m a farmer... and I don’t know how to speak to twenty people at one time, let alone a crowd like this. This is the largest group of people ever assembled in one place. But I think you people have proven something to the world. That a half a million kids can get together and have three days of fun and music... and have nothing but fun and music, and I God-bless you for it!

— Max Yasgur, speaking at the festival

I was twelve years old when the concert happened, and I lived in south Florida. There was no chance of my going to the concert. And, in fact, we hadn’t heard of it at all, down there, before it happened. Large, multi-headliner rock and folk festivals were commonplace, then — I remember one in Miami that included the Grateful Dead, Fleetwood Mac, Steppenwolf, Iron Butterfly, and others. Monterey was, of course, legendary. So yet another big festival with yet another list of headliners — and one that was turned down by the likes of the Doors and Led Zeppelin — wasn’t notable.

Until, that is, it turned into far more than what it started as.

Yeah, it’s far out, man. I don’t know, like, how many of you can dig how many people there are, man. Like, I was rappin’ to the fuzz, right, can you dig it? Man, there’s supposed to be a million and a half people here by tonight. Can you dig that? New York State Thruway’s closed, man. Ha! Lotta freaks!

— Arlo Guthrie, during his Friday evening performance

The ultra-stoned Arlo Guthrie was overstating it — maybe “the fuzz” gave him an exaggerated number — and “a million and a half” was triple the largest reasonable estimates. Nevertheless, the organizers expected 200,000 and got at least twice that many. None of the facilities were up to handling that kind of crowd — the sound system, the food distribution, the medical facilities all proved inadequate. Yet people made do.

But Arlo was right that at one point the authorities closed the Thruway because of the crippling traffic (hm; see my recent post about denial of service). There may well have been a million or more at the festival, had they only been able to get there.

On Sunday, one of the stage announcers read from a New York Times article (the link gives you the first paragraph; you can pay for the PDF of the full article (I did)):

OK, people, we got a Times. OK. On the front page we have, on the left, a very big aerial photo of a huge mass of people, which are you. And it says, “Music was the magic for throngs at Woodstock Music and Art Fair. Towers near the stage hold loudspeakers. 300,000 at Folk-Rock Fair Camp Out in a Sea of Mud.” Ha! Ha-ha! Dig it, dig it.

“Bethel, NY, August 16th: Despite massive traffic jams, drenching thunderstorms, shortages of food, water, medical facilities, about 300,000 young people swarmed over this rural area today for the Woodstock Music and Art Fair. ...the prospect of drugs and the excitement of ‘making the scene,’ the young people came in droves, camping in the woods, romping in the mud, talking, smoking, and listening to wailing music.” Quote: “Participants well-behaved: The crowd, which camped on the 600-acre farm of Max Yasgur near here for the past few days was well-behaved according to both the sponsors and the police, even though about 75 persons in the area were arrested, mostly on possessing narcotics.” Mmm, bummer, bummer.

It says other things here, man, like how shortages of water, like how cars are lined up for about 20 miles in huge traffic jams, and all this other good shit. All in all, man, it says that you’ve been pretty groovy, man, and you’ve been doing a groovy scene out here. And we gotta thank you for it, you’re being very beautiful. You’re making this show.

— stage announcement during the festival

Yes, despite the mess and the difficulties, it was an iconic weekend. It was an event that deeply affected rock and folk music afterward, and one that gave us a cultural anchor for the time. It also gave us one of the best documentary films ever, and some magical moments of music on the recordings. Who can forget Santana’s Woodstock version of “Soul Sacrifice”; or my brother’s favourite, Alvin Lee and Ten Years After playing “I’m Going Home”; or how Jimi Hendrix closed the concert Monday morning, inserting a fuzzed-out, distorted rendition of “The Star-Spangled Banner” into his set?

I came upon a child of god
He was walking along the road
And I asked him, where are you going
And this he told me
I’m going on down to Yasgur’s farm
I’m going to join in a rock-and-roll band
I’m going to camp out on the land
I’m going to try an get my soul free
We are stardust
We are golden
And we’ve got to get ourselves
Back to the garden

— Joni Mitchell, “Woodstock”

Joni Mitchell wasn’t at Woodstock; she was supposed to be, but she cancelled — reportedly to avoid missing an appearance on the Dick Cavett Show. As with a number of other artists, she didn’t foresee its importance at the time, but she watched the TV coverage and wrote the song in her hotel room. Crosby, Stills, Nash, and Young were there (and made it back for the Cavett appearance), and they later had a hit with their cover of Ms Mitchell’s song on their album Déjà Vu.

In the end, Woodstock stays in our collective consciousness more as a fantastic image of what it was than as the reality of mud and hungry crowds, traffic jams and madness. Woodstock is, to many of us who were young at that time, the concept voiced during another of the stage announcements included on the record album: “The man next to you’s your brother.”

Women at Risk

Bob Herbert’s op-ed pieces in the New York Times are often good ones, and last week’s is particularly so. Written in the days after the attack on a gym, which resulted in the death of three women, Mr Herbert notes that such attacks are far too common:

We’ve seen this tragic ritual so often that it has the feel of a formula. A guy is filled with a seething rage toward women and has easy access to guns. The result: mass slaughter.

Back in the fall of 2006, a fiend invaded an Amish schoolhouse in rural Pennsylvania, separated the girls from the boys, and then shot 10 of the girls, killing five.

I wrote, at the time, that there would have been thunderous outrage if someone had separated potential victims by race or religion and then shot, say, only the blacks, or only the whites, or only the Jews. But if you shoot only the girls or only the women — not so much of an uproar.

That, as he says, “[w]e have become so accustomed to living in a society saturated with misogyny that the barbaric treatment of women and girls has come to be more or less expected,” could even be seen in the presidential campaign, when candidate Hillary Clinton was belittled with sexist comments of the sort that we’d never see for a serious male candidate — and they were excused by press and public alike, putting us in collective denial of the obvious bias.

I’ve spent no small amount of outrage about bias and violence  against  women in these pages before, and this is another case of the pervasive misogyny in our society. This time, though, I want to have a word about the motivation, the male side of it. Again, Bob Herbert:

One of the striking things about mass killings in the U.S. is how consistently we find that the killers were riddled with shame and sexual humiliation, which they inevitably blamed on women and girls. The answer to their feelings of inadequacy was to get their hands on a gun (or guns) and begin blowing people away.

And he quotes Dr. James Gilligan:

What I’ve concluded from decades of working with murderers and rapists and every kind of violent criminal, is that an underlying factor that is virtually always present to one degree or another is a feeling that one has to prove one’s manhood, and that the way to do that, to gain the respect that has been lost, is to commit a violent act.

That last point really connected, and reminded me of male coming-of-age rituals in societies from African and American tribes to criminal groups and street gangs. Tolerate pain. Show how tough you are. Assert dominance. Fight, and win. Kill, and be proud of it. And, whatever you do, be strong, and don’t let any woman get the better of you.

Our legends and fiction, too, are full of that last message. Beware the femme fatale, the woman who will undo you if you aren’t wary enough. The Sirens. Delilah. Their power comes from what they can get men to do. And the message is clear: avoid them... or kill them.

It doesn’t have to be that way. Physical strength no longer has the importance it once did. In our modern society, balance is more important. That we have an anthropological basis for these sort of demonstrations of power and dominance doesn’t mean we have to keep them. They do not serve us well now, if they ever did.

Some will write all these attacks off as perpetrated by unstable individuals, and deny that it’s supported by our mainstream society. And, to be sure, these people are unstable, nuts, very far from the norm, and there will always be such people. We can’t change that.

But the point is that, while their behaviour is extreme, its direction is set by what we see all around us, every day.

We can change that. We have to.

A secure Internet?

My anti-spam colleague John Levine wrote last week about why we can’t make the Internet secure.

In a discussion about a recent denial of service attack against Twitter, someone asked

Some class of suppliers must be making money off of the weaknesses. Anybody out there have a prescription for the cure?

[...]

The basic answer to your question is that the people who run the net, all umpteen million of us, have collectively decided that it’s cheaper to live with the damage that criminals cause than to deal with the problems that let them do it. Change that attitude, then we can talk.

Read the post. The gist of it is that the pieces that make up the Internet were not originally designed with security in mind, and, while we’ve tried to change a lot of that since then, no one wants to foot the costs of making the necessary changes now.

That last point is central. There’s no one thing that we can close up to fix things. There’s no one weak point, but many, many weak points all over the Internet, from the machines we connect to the network, to the protocols at the lower network layers, to the application protocols on top, to the applications that use them. Attackers can and do attack ever piece of the system.

And trying to close it all is expensive, in more than one sense. It’s very costly to produce bug-free software, and no matter how hard you try and how much money you spend, you’ll ultimately fail — some bugs will slip through, and some of those will be exploitable as security holes. It’s costly to block users with insecure computers or software, it’s costly to eschew free but buggy software,[1] it’s costly to upgrade everything to use newer, more secure protocols.

Then, too, as we secure the protocols we see reluctance to deploy the new ones, and even more reluctance to demand them and to cut off participants who don’t use them. We see an example of the deployment problems in the long delays in implementing DNSSEC, which defends the Domain Name System — a crucial, basic part of locating addresses on the Internet — from integrity breaches. Further examples of it abound. My service provider, for example, does not support the use of a secure way to access or send email through POP3 or SMTP (and so I don’t use my ISP’s email service).

As we develop security-related protocols such as DKIM (Domain Keys Identified Mail), we have to answer concerns from the Internet community about partitioning the Internet (the domains that use the new protocols vs those that don’t), about “flag days” (a set time after which the new protocols will be mandatory, and we’ll no longer accept things done “the old way”), about whether the changes will be compatible with old software that hasn’t been updated in years.

Service providers could enforce minimum security standards for computers on their networks, something that many companies already do with their employees. Computers that are detectably infected or vulnerable to it could be blocked from the network until they’re secured. It wouldn’t be perfect; it might be a good step. But it requires implementation of automated scanning, a staff to follow up, and — probably most importantly — angering paying customers by telling them that you won’t serve them. To vary what John says, as long as businesses would rather have zombie computers on their networks than risk offending customers by chucking them, we can’t solve much.

On top of all of that, we users ourselves are weak points, refusing to follow advice that’s given to us every day. We continue to use weak passwords, we continue to share passwords, we continue to visit rogue web sites when we should know better, we continue to open email attachments that store evil software onto our computers. We continue to use public computers in places like Internet cafes to log into secure systems, such as our email and credit-card accounts.

The other day, as I was searching the Gmail forums for something else, I found the following question posted:

Since I started using Firefox 3.51, my Gmail has been painfully slow. Opening messages, opening Gmail, even coming to the Help page are all s l o w. I saw a reply to a similar problem here that recommended changing back to an http rather than https connection. That seems to have made it faster. Can anyone tell me why this is, and is Google working on this so I can go back to a secure connection in the future?

Right, that seems to have worked — turning off the security made it a little faster (it turns out, of course, that that wasn’t his basic problem).

But that recommendation is rather like saying, “Oh, it takes you a little longer to get into your house when you have to fiddle with the keys? I tell you what: why don’t you just leave the door unlocked? You’ll be able to get in faster that way.” And, yet, the user was happy to do it.

When you think about asking the question that the guy in John’s post asked, consider how much more you’re willing to pay for your computer, all the software you use on it, and your Internet service. And consider whether you’re willing to have chunks of the Internet inaccessible because they haven’t been secured.
 

---

[1] I don't mean to imply that all free software is terribly buggy, nor that software you pay for is necessarily better. It’s just one of the trade-offs.

A word about evolution

I’ve mostly stayed out of the evolution vs creation wars. It’s not that I don’t care — it’s appalling to me that 84 years after the Scopes trial, we’re still embroiled in this mess, still dealing with people who want to teach superstition in science class. It’s appalling to me that...

1. ...31% of American adults think “the Bible is the actual word of God and is to be taken literally word for word,” according to a 2007 Gallup poll. A further 47% think it’s “inspired by the word of God,” and only 19% consider it “ancient fables, history, and legends.” I guess I’m among the elite.
2. ...44% of American adults think that “God created human beings pretty much in their present form at one time within the last 10,000 years or so,” according to a 2008 Gallup Poll. 36% think “human beings have developed over millions of years from less advanced forms of life, but God guided this process,” and only 14% think that God had nothing to do with it. These numbers have been fairly stable and consistent over the last 25 years.
3. ...evolution is less accepted in the U.S. than in other western countries, according to a 2006 study at the University of Michigan. Around 80% of adults accept evolution in Iceland, Denmark, Sweden, France, and Japan, while just 40% do in the U.S. Of the 34 countries studied, the U.S. is 33rd — the only one that comes in lower than the U.S. is Turkey.
4. ...it’s not just random adults; 16% of U.S. biology teachers are creationists, according to a 2007 survey. This is exactly what John Scopes was bucking 84 years ago.

[It’s also interesting to note other bits of the evolution/creation/intelligent-design poll (number 2 above). 15%, for instance, would be more likely to vote for a presidential candidate because he said he did not accept evolution, and more than 50% said it wouldn’t make a difference. It’s too bad they didn’t ask the same question about a candidate who thinks the Earth is flat, the Sun revolves around the Earth, the Moon is made of green cheese, or we should have our naval submarines out there looking for the lost continent of Atlantis.]

So it’s not that I don’t care. It’s that there are lots of people out there with more energy to spend on this, and who also have more academic credentials for it and far more readership. I fervently believe in adding my voice to things; in this case, I don’t think it’s needed.

And so we get to the recent mass visit of non-creationists, led by biology professor PZ Myers, to the fantasy park that creator Ken Ham[1] calls the “Creation Museum”. The mainstream news media picked up the story, and Ham appears to have made himself unavailable to them. That meant that the media didn’t include his spin on things in their reports, leaving their reports unusually sensible, avoiding the inclusion of nonsense that often comes from trying to be “balanced” when no balance is reasonable.

Professor Myers regularly calls Ken Ham a “fraud” and worse, and Ham responds on his own blog (quoted here by PZ Myers; I won’t link to it) with the complaint that “this professor seems to have a fixation on me”. Well, he does, and with good reason:

Ken Ham is actively trying to make our children scientifically stupid. He goes out of his way to teach our children superstitious nonsense. He’s spent millions of dollars creating a building full of exhibits that flout science while looking — falsely — academic, and wants children to go away from it with the idea that their science teachers (at least, 84% of them) are wrong. He’s one of those who specifically teaches children how to argue with their teachers in class on this matter.

I’ll point out, here, that if a science teacher were trying to teach that, as I mentioned above, the Earth is flat, the Sun revolves around the Earth, the Moon is made of green cheese, or we should be looking for the lost continent of Atlantis, he wouldn’t be allowed to teach science. If someone tried to open a “museum” teaching such things, no one would accept it as anything but silliness. This should be no different.

And he has the money and backing to be influential, funded by the fat donations of many, many gullible people who think he’s helping their children, not understanding the damage he’s doing.

So, yes, Professor Myers — funded by an associate professor’s salary — has it in for him. Getting the public to see the danger of the direction Ken Ham and others like him are trying to take science education is a terribly important step in making sure the next generation is properly educated.

Maybe if we can do that, those numbers in the surveys above will shift over the next 25 years.
 

---

[1] Hm. Can I call Ken Ham a “creator”? Oh, my.

On choice among free services

They say that “beggars can’t be choosers,” but the adage doesn’t apply to the Internet. With countless free services out there, one really does often have a significant choice.

And I’ve just chosen to say auf Wiedersehen to Flickr (owned by Yahoo!) and to switch to Picasa (owned by Google) instead. Flickr has a bunch of severe limitations for its free version, which you can lift for “only” about $25 per year. I admit that $25 isn’t much for a year, but, well... it’s $25 more than zero.

Flickr has two limitations on their free accounts that particularly annoy me. One’s bothered me for a while, but I didn’t do anything about it: you can only create three “sets”. That meant that I couldn’t group my photos — one would run past the three-set limit almost immediately, if one should try. I did create one set, and I used a search for grouping others, tagging the photos with a distinctive tag. So I could manage.

The other limitation is one I didn’t even know about until the weekend, when I was uploading photos from Sweden. It warned me that I’ve exceeded the 200-photo limit for a free photo stream. It’s saved all my photos, it assured me, and links to them still work. But only the 200 most recent ones will appear in the list that people (including me) get when they visit my Flickr pages.

Well, OK, that is, in a word, useless. Oh, yes, they say, all my lovely photos will be restored to the list if I pay them, and they’ll lift other limitations as well: they’ll allow access to the original, higher-resolution versions that I uploaded; they’ll give me unlimited storage; they won’t limit my uploads to 100 MB per month any more (and they’ll double the maximum size of a single photo, to 20 MB); they won’t delete my account if it’s not used for 90 days (did you know about that one?)

But that’s if I pay them $25 a year.

So I went over and started using my Picasa web albums. They already existed, created implicitly when I post photos through Blogger, but I’d not created any public albums there. I uploaded the Sweden photos to it (including three photos from a two-day visit last year), and then went on to go through all my Flickr photos, find the originals on my computer, and re-upload them to Picasa. The tedious bits were copying the captions and geotagging them again... but that’s done (and it wasn’t too bad, because, after all, there were only about 200 to do, right?), so now I have albums for the other photos, including

• Prague (spring 2007),
• San Francisco and Napa Valley (spring 2008),
• Ireland (summer 2008),
• Storm King Art Center (summer 2008),
• the anti-war march in Washington, DC (fall 2007)
• and an album for miscellaneous photos that don’t fit in other albums.

Here’s a bonus: now that I can put things in albums, I might go back and do that with some other photo groups I’ve never posted.

Now, Google doesn’t eliminate all limits either. But the only limit I’m aware of is that I have 1 GB in which to store photos. That will eventually be an issue, if I start posting a lot of albums. I can post lower-resolution versions, to delay it... and, in any case, I won’t have to worry for some time yet. By the time I do, perhaps Google will have raised the free limit.

If they don’t, well, I can get my limit raised to 10 GB. I’d only have to pay them $20 a year.

Stockholm: the tourist part

Having posted my IETF report for the recent Stockholm trip, I’ve now gotten things together to write up the tourist part of the trip. If you just want to see a bunch of the photos, go to my Picasa album.[1] If you’d like to hear what I have to say about things, read on.

Stockholm is a city on a set of islands, located on Lake Mälaren where it meets the Baltic Sea. The islands are separated sometimes by a fairly wide bit of water, and sometimes by just a narrow stream, so it’s often not clear how to refer to the water. Many times, we wanted to say “the river”, sometimes, “the canal”. And there are parts that are officially called “bays”. But they’re all blobs, branches, arms, legs, and tributaries of Lake Mälaren.

The parts where we spent our time were the downtown area (lower Norrmalm), which is actually on the mainland; the attached eastern district of Östermalm; the islands of Kungsholmen, Södermalm, Skeppsholmen, and Djurgården; and the Gamla Stan (Old City) area, comprising four more islands, Stadsholmen, Helgeandsholmen, Riddarholmen, and Strömsborg. Home base for this part of the visit was the Nordic Sea Hotel, right next to Central Station. Except for a day outside town, we walked everywhere.

Gamla Stan, which literally means “Old City”, is very picturesque, very characteristic, and very touristy. There are many shops, most trying to sell you stuff to take home. There are lots of restaurants and cafés, some of them quite pricey (we spent SEK 400, about $55, per person for dinner at Mårten Trotzig, so that wasn’t bad for a nice dinner). There are churches and museums to visit, and, of course, there’s the royal palace. We caught a bit of the pageantry as the guards rode in on horses, and such... but the crowds were thick, and it was hard to see much (here’s a Wikipedia photo). Not surprisingly, this is a very busy tourist season in Stockholm, with beautiful weather and school vacations.

South from Gamla Stan is Södermalm, roughly translating to or “south district”. Being farther from the city center, this was decidedly less touristy, and we spent our time in two areas: Götgatan and “SoFo”. The north end of Götgatan also has the Stockholm City Museum.

Götgatan is a long shopping street, with plenty of restaurants and shops to check out. We walked it down to the bustling Medborgarplatsen, then headed east on Folkungagatan. Off in that direction, and south, is the area called SoFo. New York has SoHo, for “South of Houston”; Södermalm has SoFo, for “South of Folkungagatan”. And they’re similar in character in some ways, with funky cafés, shops, and galleries. We browsed some of the shops, had coffee and a pastry in the retro-cool Café String, talked with the proprietor of the Nyagatan restaurant (traditional Swedish cuisine, in the midst of many other ethnic varieties in SoFo), and walked through the tree-lined Katarina Bangata — one of the many pleasant, tree-lined walkways Stockholm has in the center reservations of the streets.

Another tree-lined street, Karlavägen, leads into Östermalm, the east district, an area of nice residential neighbourhoods and more streets of shopping, pubs, and cafés. It was on Karlavägen that the Barry med öl photo I posted last week was taken. And it was at Östermalmstorg (Östermalm Square) where we browsed the saluhall (indoor market) — full of counters selling fish, meats, cheese, desserts, and jams — and grabbed a spot of lunch one day.

Joining Östermalm with Norrmalm (the north district — the city center) is the new bridge area (Nybro), consisting of Nybroplan (new bridge field), Nybrokajen (new bridge quay), Nybroviken (new bridge bay), and Berzelii Park. What’s interesting is that there is not actually a “new bridge.” A bridge was originally planned over the bay, replacing the old bridge in the 1840s. But King Charles XIV decided to have it done as landfill instead, turning the whole area into a land-bridge.

Walking along the quay to the west puts us on Raoul Wallenbergs Torg — not actually a “square”, but a very seriously elongated rectangle, a strip along the bay extending to the Djurgårdsbron, the bridge to the island of Djurgård. There one finds a number of museums, including the Nordiska Museet (Nordic Museum) and the Vasamuseet (Vasa Museum), as well as Gröna Lund (Green Grove), a popular amusement park featuring a concert venue and three roller coasters.

We saved our museum visits for Monday, our last day in town... without realizing that most of the museums, including the major art museums, are closed on Mondays. So we didn’t get to see the National Museum or the Moderna Museet. But the Nordiska Museet (of Swedish culture) was open, as was the Nobel Museum at the Swedish Academy on Gamla Stan, so we saw those and enjoyed the day.

I have some square-dance friends in the Stockholm area, and we spent a beautiful, sunny Sunday with them, visiting out-of-town areas. Arne and Birgit took us to Taxinge Slott, which has a fabulous pastry kitchen — it’s hard to pick just one thing to have... so we didn’t — and Gripsholm Slott, one of the royal palaces. Add a nice late lunch on the shore of Lake Mälaren and some wandering around towns in the sun, and... ahhhhh.

A few words about the language

Of course, you know how I love language, so, of course, I had a nice time coming to understand bits of Swedish and figuring out how to pronounce things passably. I learned, for instance, that former U.N. Secretary General Dag Hammarskjöld’s surname is properly pronounced with a guttural sound, as the German “ach” or the Scottish “loch”, for the “skj”. Similarly for the “vsj” in the Stockholm district of Älvsjö, pronounced, approximately, “EL-*oo” (IPA ɛl-ɧœ).

There are two other interesting things about Swedish pronunciation. One is that they hold some consonant sounds for longer than we do. The other is that they use low and falling tones — it’s not tonal to the extent that Chinese is, and I don’t think it changes the meanings of words, but the combination of the tones and the long consonants gives Swedish its characteristic rhythm and sound. I can’t do either of them with even the most remote hope of being right. And, of course, if one does it wrong, one just sounds like a dufus, so I didn’t try. Maybe at next year’s Fürstenhagen dance I’ll buy Arne a beer and ask him to teach me.

As with German, Swedish makes long words by stringing modifiers together. That can make the street names hard to get along with, but a few tricks help. First, gata or gatan is “street”, väg or vägen is “way”, and torg or torget is “square”. So chop those off the end when they appear. On the beginning, we’ll often have Ny (new), Gamla (old), Norr or Norra (north), Söder (south), and so on. Chop those off too, and it becomes easier to figure things out. Kungsgatan becomes “King Street”; Gamla Brogatan becomes “Old Bridge Street”, and Norrmalmstorg becomes “North District Square”. Even if you can’t make sense of the bit in the middle, sorting out the prefix and suffix makes it much easier to figure out where you are. Gyllenstjernsgatan is a long name, but Gyllen - stjerns - gatan quickly turns it into “Golden Star Street”.
 

---

[1] Note that I’ve switched to Picasa from Flickr because of the latter’s silly limits on what free accounts can do. Competition is a good thing.

On not working into an office

After Richard Nixon’s resignation speech, 35 years ago yesterday, he cleared out his desk[1] and left his office for the last time 35 years ago today. For me, that experience happened 23 weeks ago, plus a few days. It’s never the same, of course: I was in my job for about 26 years longer than he had his. On the other hand, he was president of the United States, and I’m just a computer software researcher, so I think that balances things out in a sense.

Anyway, the point is that I cleared out my office and put things in boxes. And I’m now working from home, and not going to an office.

And, so, there are those boxes — four, to be specific. Four boxes full of my office stuff. I have not looked in them for the last 23 weeks, plus a few days.

My office was full of a lot of things accumulated over the years. I had posters on the walls, and certificates, which I took with me — I had a lot of other certificates that I wasn’t displaying, and which I just left there. I had drawers full of office things: pens and pencils and Sharpies®, rubber bands, staples, paper clips. Diskettes. Lots of old diskettes. I left most of all that, too. What did I ever need with that many pens and pencils, anyway? Why do we let this junk collect in our desk drawers?

I had books, and I took some with me... but I left many of them. Some were old computer manuals that had been obsolete for ten years. Some had been obsolete for ten years, ten years ago. But even among the others, well... we’re moving ahead so quickly that a book teaching leading-edge concepts is overtaken quickly by others that are published at the leading edges of other, sharper blades. And we get most of our current technical information on the Internet now, where it can be updated rather than made obsolescent.

I did keep some, though, which are timeless. The “Bat Book”, for instance (Hi, Eric!), in case I should ever have to configure Sendmail in future. But it’s still in its box — one of the four, I don’t know which.

When I get down to it, I realise that of all I’d collected over the years, from the flowchart and HIPO templates, to the IBM 370 reference cards, to the empty CD cases that I couldn’t manage to toss away, to that drawerful of diskettes that... well, I haven’t had a computer that even has a diskette drive in several years... of all that stuff, I need none of it.

And, yet, I miss my office, and the things in it. It’s nice not to have the commute. It’s nice to save the gas and the wear on the car, and it’s nice to come out of the shower and go right to the computer and work. But there was something about going to the office that a home office doesn’t provide. I don’t get to have coffee with friends in the morning, no lunch in the cafeteria, no trappings of the business around me. I can call on colleagues just as easily as then, with email and IM and Skype — some would tell me I could use Twitter to my advantage, as well, but I’m not convinced. But it’s different.

I remember many times looking into the office of a newbie, as he sat there with a laptop computer on a plain brown tabletop, the walls beige and bare around him, nothing else in the room, just the newbie in his chair, with the laptop and a telephone, and thinking how stark and spartan and sad that looked. I wondered when he’d feel a need to personalize it.

Now I see that none of that stuff is necessary at all. I just need the computer... well, that and a cup of tea. The rest just served to make me feel that I belonged there.

Maybe that was the problem with it, and maybe that’s why the newbies don’t bother.
 

---

[Thanks to James Thurber for the title.]

[1] Right, he surely had someone else actually do the clearing out, but you know what I mean, here. Stop that.

Resignation

35 years ago today.

Listen to President Richard Nixon’s resignation speech, 8 August 1974.

On denial-of-service attacks

If you’re a Twit... [um, no...] if you like Tweety... [still no...] if you’re a Twitter user [there, that works] you might have been frustrated yesterday when Twitter had service problems. So, apparently, did Facebook and LiveJournal, all three hit with denial-of-service attacks on Thursday morning. Here’s Twitter’s status message from around 7 A.M. PDT:

Site is down

We are determining the cause and will provide an update shortly.

Update: we are defending against a denial-of-service attack.

...followed by this one about an hour later:

Ongoing denial-of-service attack

We are defending against a denial-of-service attack, and will update status again shortly.

Update: the site is back up, but we are continuing to defend against and recover from this attack.

Update (9:46a): As we recover, users will experience some longer load times and slowness. This includes timeouts to API clients. We’re working to get back to 100% as quickly as we can.

The media, including the New York Times attribute the attacks to “hackers”:

In a denial-of-service attack, hackers typically direct a “botnet,” often made up of thousands of malware-infected home PCs, toward a target site in an effort to flood it with junk traffic. With the site overwhelmed, legitimate visitors cannot access the service.

Fox News, through the inane babbling of Courtney Friel, invokes hackers and claims that DoS attacks “steal your information”:

[...] Twitter is blaming the attack on hackers, and they said they’re defending against a denial-of-service attack and will update their status again shortly. Denial-of-service attack, that’s what hackers use to crash your computer and steal your information. So, hopefully, they’ll get that fixed, ’cause a lot of twitterers are going crazy, talking to themselves, they’ve nowhere to broadcast their information.

(To be fair to Ms Friel, she’s been put out of her depth; Fox preferred to give this item to their “entertainment reporter”, rather than to consider it a tech story.)

Now, Twitter, itself, isn’t using the term “hackers”. Here’s what Twitter’s Biz Stone said at 8 A.M. PDT:

Denial of Service Attack

On this otherwise happy Thursday morning, Twitter is the target of a denial of service attack. Attacks such as this are malicious efforts orchestrated to disrupt and make unavailable services such as online banks, credit card payment gateways, and in this case, Twitter for intended customers or users. We are defending against this attack now and will continue to update our status blog as we continue to defend and later investigate.

Mr Stone correctly attributes the attack to “malicious efforts”, but avoids the overused and inconsistently used term for the people controlling it.

I’m being picky about this because there are a lot of misconceptions about DoS attacks, and I don’t want to confuse things as I talk about it. “Hackers” was originally not a particularly negative term, once used to refer to the top echelon of computer adepts, brilliant folks, if often quirky ones. It has since gone to the dark side, referring to those who break into other people’s computer systems. Some do use it to talk about this sort of attack; I prefer not to.

Because, you see, last month’s Twitter attack was hacking, in the break-in sense. The attacker in that case did break into computer accounts — and did steal information. It was confidential company information, not personal information belonging to its customers, but it could have been either.

This is not that.

This is more related to the attacks a week or so earlier than that, in which web sites in the U.S. and South Korea were affected. That, too, was a set of denial-of-service attacks.

And keep in mind that the botnets used in these sorts of attacks are big business. Get rid of the image of a post-adolescent with more time than sense, and no social life. Whether or not that profile is accurate, there’s nothing rudimentary, nothing ad hoc, nothing cute and precocious about this stuff. Zombie networks are cultivated carefully, are traded and leased for a lot of money, and run sophisticated software that’s hard for professionals to crack into.

So, what’s the difference between a hacker break-in and denial of service?

Computers and computer networks have limited capacities. You install so many computers, of whatever speeds. You set up your network with so many routers. You plan for a particular load on your system. If the load exceeds what you’ve planned for, your systems don’t run as well as you’d like — response is slower as requests come in faster than you can service them, and people have to wait in queues. The same is true of power systems, as when we have “brown-outs” during periods of peak demand. The same is true of telephone systems, when everyone phones mom for Mother’s Day, and sometimes we can’t get through. The same is true of face-to-face systems, when you show up at a store at a busy time and have to wait for service.

In the cases we’re used to, though, there are two aspects that keep them under control:

1. The people we’re waiting behind are also looking for legitimate service.
2. There’s a limit to the number of people who will come for service, so even if the lines get long and slow, we’ll get to the front eventually.

A denial-of-service attack is an insidious variation. In the general case, item 1 breaks down: the requests for service that are jamming things up are not legitimate, and are not really looking for service. The attackers are making requests and are not waiting for the responses (or are throwing them away when they get them). The purpose is to keep the servers too busy to provide service to those who really want it. It would be like going to a store and asking the clerk to find something for you in the back... and then walking away while they went back to look.

And when the attack comes from a botnet, as a distributed denial-of-service attack, item 2 breaks down as well: there is essentially no limit to the number of requests that can be queued in front of you. The servers may be entirely unable to service legitimate customers. On top of that, software often fails under such unexpected conditions, so the service systems might fail completely (imagine the fed-up clerk who just walks out and goes home, tired of wild goose chases in the stockroom).

These days, pretty much every denial-of-service attack is a distributed one.

Because they’re based on overloading service providers, denial-of-service attacks have varying success, depending upon how prepared the providers are for heavy loads. Hence, some computer systems held off the attacks in early July, while others caved in. Those with more excess capacity, or with techniques to reduce the damage done by bogus requests, were able to keep going.

But what techniques are there for reducing the damage?

There are many, but the basic point of all of them is the same: identify the bogus ones as early as possible, doing as little work as possible before throwing them away. Some examples:

• Keep track of known “bad actors” and refuse to service them (blacklisting).
• Limit the number of requests you’ll accept from a given requester in a given time (rate limiting).
• Check back with the requester periodically, and stop work if the requester goes away (keep-alive).
• Give priority to trusted requests, and delay untrusted ones.
• Challenge the requester in some way, assuming that bogus requesters will go away in the face of a challenge (or will be unable to correctly respond to it).

The other thing to note is that the only thing a denial-of-service attack does is block service for legitimate users. It does not “steal your information.” It does not steal anyone’s information. No Twitter user’s account will have been compromised by yesterday’s shenanigans. All that will have happened, in the end, is that they will have spent the morning talking to themselves.