Thursday, December 30, 2010

All About Rechargeable Batteries

Rechargeable batteries are a pretty complicated subject.  Not that I have any particular need for rechargeable batteries, but I found a very in depth resource for rechargeable battery info.  So far I've learned that storing NiMH and Li-ion at 100% or completely discharging them isn't good for them.  It's also possible that using the slowest possible charging speed isn't best, and that leaving them in the charger for months on end on trickle isn't good either.  I have 20+ tabs open so I should know the answer in a few short hours.

This forum is the internet's resident authority on batteries.  This post is a long list of links that deal with various specific subjects.
http://www.candlepowerforums.com/vb/showthread.php?t=217683

Wednesday, December 29, 2010

Storing Passwords Securely

Background:
Recently, Mozilla has admitted to accidentally leaking password info for 44,000 addons.mozilla.org accounts.  A few weeks ago, Gawker had accidentally leaked password info for a million+ accounts.  These incidents have spawned a lot of discussion about what was done wrong and what changes should have been implemented.  I wrote something about picking good passwords before, so I'll just address how to securely store passwords.

I won't attempt to address specifics for how a website should store its password database, or how they can prevent leaks.  That is a matter of internal policy, and isn't relevant to what I want to discuss here.  I'll begin with the assumption that passwords are stored in a database and that this database will be leaked at some point.  The question is what practices should be put into place to mitigate damage when that leak happens?

Solution:
The answer is actually quite simple, and easy to implement.  When the user creates a password (with no practical limits on length or characters) this password should be combined with a per-user unique salt, and then a cryptographically secure hash (e.g. SHA-2bcrypt) should be taken and stored with whatever token the system uses to ID users (e.g. username).  This process can be repeated (i.e. feeding the hash result back into the hash function) many times if one wishes to increase computational time needed for an attack.  There are many ready-made functions to do just this, in any language a site is likely to be using for its backend database work.  Thus, implementing this process is simple.  Indeed, it's likely that using a ready-made and secure function is going to be easier than reinventing the wheel and coming up with a custom in-house function that ignores decades of cryptographic research.

Explanation:
So what does all that above mean?  Why not just store the passwords in a database directly?  After all, if the database leaks at all, it is likely to be a very bad thing.  Shouldn't the effort be made in ensuring the database leak doesn't occur in the first place?  Certainly leaks should be prevented, but security is all about assuming compromises and then creating a system that is robust enough to survive them.  Many independent layers should work together to provide overall security.  In many discussions of secure communications there is the assumption that all communications are intercepted.  There are methods to have secure conversations without eavesdropping, but it is still wise to operate from a premise that you can't foresee and avoid every attack.  By making your system secure even if it is intercepted you provide your communications with an extra layer of security.  For the same reason, it is wise to store passwords securely in a database, even while working to prevent that database from leaking.

Encryption?
If you're now in agreement that passwords should be stored securely in a database (which itself should in-turn be stored securely), your next question should be what exactly does the process outlined above mean, and how does it actually provide security?  When a password is stored directly in a database, so that it may be retrieved by the system, it is said to be stored in plaintext.  The answer is not to simply encrypt the passwords, at least not in the traditional sense.  The problem is that the master key used to encrypt the passwords then has to be stored in plaintext.  If the database is leaked, it is safe to assume any key used to encrypt entries in it will also be leaked.

You may have noticed that many websites, when you forget your password, will reset your password to something random and email it to you, as opposed to emailing you the original password you chose.  The reason is that these sites don't know your password at all.  Indeed, a surefire sign of poor security is if, when you recover a password, the site sends the original as opposed to a new random password.  Even with a metaphorical gun to its head, a secure website could never reveal your password, simply because it doesn't know it.  This appears to lead to a paradox, as clearly the website is able to authenticate users.  How can a website know that the password a user enters is correct without itself knowing the password?  The answer is one way functions, and specifically cryptographic hash functions.

Hashes:
Hash functions are rather simple concepts.  One can provide any data, without a lower or upper limit on size, and the hash will output a short hash value of a constant size.  Some key properties of cryptographic hash functions are:

Constant Output Size - The hash always returns a value of a certain size, regardless of input size.  For example, the MD5 hash of 'Monkey' is '4126964b770eb1e2f3ac01ff7f4fd942'; the 591 MB slackware-13.0-install-d1.iso file has an MD5 hash of '6ef533fcae494af16b3ddda7f1c3c6b7'.  Both are 128 bit numbers expressed as 32 hex values.  This is a key fact.  It also shows why limits on password size are silly, and usually a good sign the site is using some insecure method of storing passwords.  No matter how long the user makes their password the size of the value that needs to be stored is the same.

One Way - The next thing is that they aren't reversible.  Given a hash there is no way to figure out what data created that hash, short of brute-force trying of every possible combination of data until the same hash is found.  Even then, if the input data is random there is no way of knowing for sure that the correct input has been found.  It should be obvious that if 591 MB can be reduced to a 16 byte number, then clearly there must be multiple inputs that give the same output.  While the number of outputs possible with 128 bits is quite large, it is considerable smaller than the infinite number of inputs possible with any arbitrary length.

Collision Resistant - When two different inputs create the same output it is known as a collision.   As seen above, collisions are unavoidable.  However, in order for a hash function to be considered cryptographically secure they must be unpredictable.  In other words, given an output hash value, if there is any method for finding a collision that is easier than just trying possibilities until one is found, then the hash is considered flawed.  How much easier it is to find collisions than a brute-force will determine how seriously flawed the hash is.  Attacks on the common MD5 hash have found collisions with complexity of 291.  This has the practical effect of reducing the security of the MD5 hash from 128 bit to 91 bit.

Avalanche Effect - Another very important factor for cryptographic hash functions is that very small changes must lead to very large changes in the hash.  As I stated above, the MD5 hash for 'Monkey' is '4126964b770eb1e2f3ac01ff7f4fd942'.  On the other hand, the MD5 hash for (going from capital 'M' to lower case 'm') 'monkey' is 'd0763edaa9d9bd2a9516280e9044d885'.  Notice that there is a single byte change, and that made a dramatic change in the output.  Given the three hashes calculated here, and told the three inputs they were derived from, but not which matched with which, it would be impossible to determine which two had nearly the same input.  There are just under five billion bits in the above mentioned Linux iso.  Flipping just a single arbitrary bit from 0 to 1 or vice versa would result in totally different output.  I'm too lazy to demonstrate, but suffice it to imagine a random 128 bit number.

In the parlance of cryptography this is called the avalanche effect.  It is the reason hashes are often seen when downloading a file.  By checking of hash of the file you receive to the one the website lists you can be sure there were no transmission errors.

Benefits of Hashes:
Now that we've covered hashes, let's review what benefits using them provides.  When the user sets their password the system finds the hash of that password and stores that.  Since hashes are fast to compute and output a short number there is little overhead in using them.  When the user attempts to log in they enter their password and the system computes the hash of it, compares that hash to the one on record and if they match the user is given access.  When an attacker gains access to the database all they have is the hashes of the passwords.  As we learned above there is no way to reverse the hash to find the passwords.  Since the system takes the password input from the user and calculates the hash itself, this means that even with the hashes an attacker can't gain access.  If he submits the hash the system will calculate the hash of that, which will not match the hash on file.  The attacker must find the input that gave the hash, and the only way to do that is a brute-force.  In addition, this provides some security to users that use the same password in multiple places.  Since the attacker still doesn't know the actual password, he can't use it to gain access anywhere.

If you were following the Gawker leak, you know that lists of the most common passwords were spread online.  Gawker did not store the passwords in plaintext, they only stored the hashes.  How then, were the plaintext versions found?  The answer shows why simply using hashes (as Gawker did) isn't enough.  In addition to only storing the hash one must add salt.

Salts:
Before explaining salt, first I'll answer how the Gawker passwords were found from their hashes.  There are a handful of cryptographically secure hashes in widespread use.  MD5 is probably the most common, but there are also the newer SHA-1 and SHA-2 (aka SHA-256/512).  Since there are only a handful of hashes used by everyone a new attack arose.  Attackers can take a dictionary of common password, or even a compressive list of all possible combinations within certain specifications (e.g. all alphanumeric combinations from 1 to 8 characters) and precompute the hash for all of them.  This process may take a long time; however, once it's done the results can be used over and over again and even shared.  The resultant database of possible passwords and their hashes is known as a rainbow table, and is indeed, very common.  An attacker with a rainbow table and a database from a compromised web site can quickly find all the passwords whose hashes have been precomputed in his rainbow table.

The answer to this attack is to salt the passwords before storing them.  By adding some data to each password before the hash is calculated one ensures that the outputted hashes won't be in any premade rainbow tables.  This data is known as the salt.  While simply adding a random piece of data to every password one can ensure that any rainbow table must be specifically computed for this one specific website, an even better practice is to use a piece of data that is unique to every user.  For example, a username, email, or UID would be ideal choices to add to the password as a salt.  Even though those pieces of info aren't secret they will make premade rainbow tables useless.  In addition even a custom rainbow table for an entire web site, which could be worth the effort, would be useless.  The only options an attacker has are to either brute-force each password individually, or attempt to precompute rainbow tables containing password+salt combinations.

In a well known example, early (1970s) Unix implementations used an only 2 byte salt.  This created 4096 possibilities for each password.  It therefore, increased the rainbow table size needed to cover any set password space by a factor 4096.  While in the 70s this was adequate, by the 2000s storing the full rainbow table with salts became practical, and any *nix versions still using the old password system had to be updated.

Salts must be stored in plaintext, since the system needs to use them to find the hashes.  As such, they provide no extra security to a user using a weak password from a brute-force standpoint.  However, if large enough, they all but eliminate the possibility of rainbow table attacks.  Since there is little downside to using longer salts, a modern secure system might use something like this: MD5(user_password + UID + 256_bit_pseudorandom_salt) with the 256 bit salt being a random number created by the system for each user when they create a password and stored, in plaintext, in the database along with their UID and hash of password.

With the combination of hashes and long salts a website ensures that even if their database is leaked the only way for an attacker to get access to passwords is with a brute-force attack.  Which, if the user uses a sufficiently long password, should be prohibitively time consuming, to the point of being impossible.

Additional Security:
Additional difficulty in brute-forcing can be created by recursively running the hash through itself.  If a hash takes one millionth of a second to run on a modern system, then running the hash a million times over and over for each password will increase the time taken to one second.  While providing extra security, this only scales linearly as opposed to exponentially (as is the case with increasing hash or salt size).  Since it creates an identical slowdown for both the attacker and the website this is viewed as a limited layer of security.

Example:
To review, a proper modern system might look like this:
$userpass; //the user's inputted password
$uid; //unique id for each user used as database key
$salt; //unique and random 256 bit salt created for each user
$hash; //the hash of the user's pass + salt stored in the database

//user registration:
input $userpass; //get password from user
input $uid; //generate $uid or get from user
$salt = ran(0, 2^256); //create a random 256 bit salt
$hash = bcrypt($userpass + $salt); //find bcrypt hash of password+salt
//store $uid, $salt, and $hash in database, don't store $userpass

//user login:
input $userpass; //get password from user
input $uid; //get user's uid
//find $salt and $hash from database using $uid as a key
if $hash == bcrypt($userpass + $salt)
//if hashes match access granted
//if hashes don't match access denied


Addendum:
In the time since writing this I've been swayed on the effectiveness of massive GPU parallelization in generating hashes fast enough to brute force passwords with salts. This doesn't change the overview of password storage and why salts are needed, but it does change my recommendation to use SHA-512 and my aversion to recursively using the hash to slow down the process.  A thousand dollars worth of GPUs can generate 250 million SHA-512 hashes per second (or 20 billion MD5 hashes).  Modern hashes intended for password storage are designed to be harder to massively parallelize.

With that in mind, I'll revise my advice.  Instead of SHA-512, one should use bcrypt (or similar) with the number of repetitions set high enough so that hashing takes at least 0.1 seconds on modern hardware.

Also, I was well aware that MD5 was hopelessly broken when I wrote this, but I didn't make that clear at all in the post.

Tuesday, December 28, 2010

How Ma Bell Shelved the Future for 60 Years

http://io9.com/5699159/how-ma-bell-shelved-the-future-for-60-years
Let's return to Hickman's magnetic tape and the answering machine. What's interesting is that Hickman's invention in the 1930s would not be " discovered" until the 1990s. For soon after Hickman had demonstrated his invention, AT&T ordered the Labs to cease all research into magnetic storage, and Hickman's research was suppressed and concealed for more than sixty years, coming to light only when the historian Mark Clark came across Hickman's laboratory notebook in the Bell archives.

But why would company management bury such an important and commercially valuable discovery? What were they afraid of? The answer, rather surreal, is evident in the corporate memoranda, also unearthed by Clark, imposing the research ban. AT&T firmly believed that the answering machine, and its magnetic tapes, would lead the public to abandon the telephone.

Thursday, December 23, 2010

A Brilliant Idea

So, xkcd has a book out and I was reading Amazon reviews when I found one that is the funniest thing I've read on this Internet thing in possibly hours.  Some may argue that linking to Amazon reviews is pretty silly.  However, others may argue that since Amazon reviews are done for neither critical acclaim nor monetary award, it is the purest form of art.  Discuss.

This humor may be a bit specific:
Who will like XKCD?

* Problem-solvers who, upon realizing that the a-hole ops of #Linux answer every question with "RTFM", spoof another IP while running a hacked ID validator and give wrong answers to their own questions, baiting the experts into jumping in with corrections.
- KAZ Vorpal, aka Michael Karl

Monday, December 20, 2010

Julian Assange's Rape Charge

One of the better articles I've seen describing the unusal circumstances of Julian Assange's rape charges.
http://washingtonexaminer.com/news/world/2010/12/assange-rape-case-spotlights-swedens-liberal-laws

Friday, December 17, 2010

Hashcash

http://en.wikipedia.org/wiki/Hashcash
Hashcash is a method of adding a textual stamp to the header of an email to prove the sender has expended a modest amount of CPU time calculating the stamp prior to sending the email. In other words, as the sender has taken a certain amount of time to generate the stamp and send the email, it is unlikely that they are a spammer. The receiver can, at negligible computational cost, verify that the stamp is valid. However, the only known way to find a header with the necessary properties is brute force, trying random values until the answer is found; though testing an individual string is easy, if satisfactory answers are rare enough it will require a substantial number of tries to find the answer.
The theory is that spammers, whose business model relies on their ability to send large numbers of emails with very little cost per message, cannot afford this investment into each individual piece of spam they send. Receivers can verify whether a sender made such an investment and use the results to help filter email.

Tuesday, December 14, 2010

The Tiger Oil Memos

http://www.lettersofnote.com/2010/08/tiger-oil-memos.html

Memos from a cranky old boss to his employees:
There is one thing that differentiates me from my employees. I am a known son-of-a-bitch, and I care to remain that way. I have the privilege of swearing publicly, in front of anyone, or doing anything I want to because I pay the bills. When you work for me, you don't have that privilege.

Anyone who lets their hair grow below their ears to where I can't see their ears means they don't wash. If they don't wash, they stink, and if they stink, I don't want the son-of-a-bitch around me.

Do not speak to me when you see me. If I want to to speak to you, I will do so. I want to save my throat. I don't want to ruin it by saying hello to all of you sons-of-bitches., 

there will be no more birthday celebrations, birthday cakes, levity, or celebrations of any kind within the office. This is a business office. 

Internet = Cat Pictures

http://www.buzzfeed.com/expresident/109-cats-in-sweaters

Remember before the internet how infrequently you saw large collections of pictures of cats in mildly amusing situations?  How did we get by?

Thursday, December 9, 2010

Profile of Ron Paul

http://www.theatlantic.com/magazine/archive/2010/11/the-tea-party-8217-s-brain/8280/
In Congress, Paul usually stands alone. This is a natural consequence of voting against Mother Teresa and the countless other bills on seemingly unobjectionable matters to which only he has objected. For much of his career, his own party routinely blocked him. His notoriety peaked three years ago during a presidential-primary debate in South Carolina when, alone among the 10 candidates, Paul, an isolationist, questioned the U.S. presence in the Middle East and seemed to suggest that it had prompted the September 11 attacks. Rudy Giuliani immediately demanded he withdraw the statement (he refused), and afterward Paul tussled with Sean Hannity of Fox News, which derided him mercilessly for the rest of the campaign. When Republicans convened in Minneapolis to nominate John McCain, Paul was so far out of favor that he and his supporters held their own convention across town.

Look Out Ben Bernanke, Ron Paul Is Gunning for You!

http://www.theatlantic.com/politics/archive/2010/12/look-out-ben-bernanke-ron-paul-is-gunning-for-you/67779/
Last week, I wrote a column about what I think is one of the more intriguing storylines for the new Congress: the possibility that Rep. Ron Paul (R-Texas)--strident libertarian, devotee of Austrian economics, author of End the Fed--might finally assume the chairmanship of the House subcommittee that oversees the Fed. Twice before he's been denied this spot because the GOP leadership worried he was too much of a rabble-rouser and too independent-minded to control. But given the broad animus toward the Fed--a new Bloomberg poll shows that half of all Americans want it reined in or abolished--especially among the ascendant Tea Party wing of the Republican caucus, denying Paul for a third time would have provoked an uproar.

Well, word has just come down from the Financial Service Committee that Paul got the job.

Wednesday, December 8, 2010

ACLU sues N.J. for keeping Hunterdon salt barn plans confidential

http://www.nj.com/news/local/index.ssf/2010/12/aclu_sues_state_for_keeping_hu.html
The American Civil Liberties Union has filed a lawsuit against the state after it refused to release the construction plans for a barn used to store road salt, on the basis that doing so would be a security risk.

Abandoned Pennsylvania Turnpike


"The Abandoned Pennsylvania Turnpike is the common name of a 13 mile (21 km) stretch of the Pennsylvania Turnpike that was bypassed in 1968 when a modern stretch opened to ease traffic congestion. The reasoning behind the bypass was to reduce traffic congestion at the tunnels. In this case, the Sideling Hill Tunnel and Rays Hill Tunnel were bypassed, as was one of the Turnpike's travel plazas. The bypass is located just east of the heavily congested Breezewood interchange at what is now exit 161."

The Abandoned PA Turnpike is a stretch of highway that was bypassed and is no longer used. A few years ago it was sold to Southern Alleghenies Conservancy.

http://picasaweb.google.com/floor9/AbandonedPennsylvaniaTurnpike#

http://maps.google.com/maps/ms?ie=UTF8&hl=en&msa=0&msid=101818717000588153352.000434f7d70d35ae7a687&t=h&z=12

http://www.briantroutman.com/highways/abandonedpaturnpike/index.html

http://forgottenpa.blogspot.com/2007/09/ten-lonesome-miles-abandoned-pa.html

http://en.wikipedia.org/wiki/Abandoned_Pennsylvania_Turnpike

http://briantroutman.com/highways/abandonedpaturnpike/trip.html

Monday, December 6, 2010

Barack Obama gives way to Republicans over Bush tax cuts

http://www.guardian.co.uk/world/2010/dec/06/barack-obama-bush-tax-cuts
But leading Democrats say the president is backing down and has agreed to extend tax cuts for everyone. In return, the White House appears to have extracted an agreement to extend benefits for the long-term unemployed.
"I know we're in debt so we'll only agree to reduced income if you agree to increase spending.  Agreed." - US Government to itself.

Sunday, December 5, 2010

Should Service Learning Be Mandatory For College Students?

Another Essay for my English class.  This time, in response to the question:
Should service learning be a requirement for college graduation?

Service learning is the name for forcing college students to do volunteer work as part of their college careers. The hope is that this volunteer work will give students a better sense of civic duty, and thus, be a worthy addition to college curriculums. However, this idea relies on the faulty premise that if one is forced to volunteer that one will derive the same benefits as someone who does it out of their own desire to help. Mandatory service learning will not have the desired effect, and should not be forced upon students.

It is perhaps intuitive to think that by making students help others there will be a net positive; there could be no downside to volunteering time and effort to help the community. However, a more detailed inspection reveals there are many negatives, and any positive effects are just wishful thinking.

To begin with, service learning wouldn’t benefit the students’ education. Indeed, many students would be unable to volunteer in their field. This negates any argument that service learning would help the students’ education. While there may be specific cases where a student with a practical major could benefit from volunteering their efforts, this would simply be a positive indirect effect. Not only that, but in many cases such students are already effectively volunteering their time in the form of unpaid internships. If schools wish students to volunteer in such a manner they should be working with charities to establish more voluntary internships. However, as soon as students are forced to volunteer for the sake of volunteering, it no is longer about helping the student.

One has to ask: why it is exclusively schools that would take up this forced volunteer work? If it was really a needed benefit to society, then companies could also be forced to volunteer for the community. Indeed, in many cases a company would be better equipped to help in whatever way was needed. However, to a company their time is money. If a company is forced to give its time and resources to volunteer, it might as well give money instead. That money, in the form of taxes, is already paid by both companies and individuals to the government. That money, in turn, should be used to help communities when needed. If communities need extra help, the answer is increasing taxes to provide that extra help. Forcing college students to provide that help directly ignores the efficiencies gained from specialization. A college student, who isn’t even studying whatever field is needed, would be able to help more by working in their actual field for money, and then giving that money to a specialist, via the government, to provide the direct help. The only problem with that arrangement is that it doesn’t provide the positive feelings that directly helping would. However, gaining a positive sense of accomplishment at the expense of providing less efficient help is a purely selfish motivation.

In the case of labor being needed that almost anyone could do, there is an even greater gain in having the public at large finance the work instead of doing it directly. Instead of having a college student learn about basic construction, which he will likely never use again in his career, wouldn’t it make more sense to pay someone local to the community to do the work instead? That way, not only is the work done, but someone learns a trade which may provide them with a future source of income. In this way, a community can be helped to help itself. This is always preferable to relying on the altruism of others. Not only will it give the community a greater sense of pride, it will also make them less at the mercy of a fickle public. When the fad of service learning passes, and the aid stops, the community will have gained valuable skills which they will be able to continue to use to their own benefit.

Again, the only argument for directly doing the work is the positive feelings it would invoke in those doing the work. Proponents of service learning call these positive feelings a sense of civic duty. They argue that the feelings do have a worth in and of themselves. However, all the sense of civic duty in the world won’t help someone who doesn’t understand the very complex problems of the world. As John Egger eloquently points out in "Service 'Learning' Reduces Learning":
a student’s hours in a soup kitchen is simply charitable contribution and emotional experience. But her feelings provide no clue to the amelioration of poverty. Would a higher minimum wage help ... or hurt? How about tax laws that permit the expensing of capital investments? Or reform of business licensing regulations? In the hours the real student is not tied up in the soup kitchen, she can analyze these policy changes. That’s what education is for. (1)
This is a very important point, for a student’s time is not limitless. Indeed, any time spent doing service learning is time in which they aren’t learning how to actually fix the problems they see. No solutions to the world’s problems will be found if people are unable to agree on the causes of those problems, and as John Egger points out “A liberal education offers subjects including art, history and chemistry to promote the individual’s understanding of human nature and therefore his ability to cooperate with others in society” (1). Only through a very thorough education will the true causes of very complex problems become clear. By compelling students to divert time and energy away from studies, colleges would be impairing these students’ ability to actually bring about a positive change. That would result in a large detriment to all, much greater than any short-term gain given directly by the students.

In "Local Students Serve As They Learn" Robert Caret argues that “Students discover how political, economical, and social influences affect people and programs in real communities” (1). Bringle and Hatcher echo these sentiments in "Implementing Service Learning in Higher Education": “Emphasizing a value of community involvement and voluntary community service can also create a culture of service on campus” (1). However, both of these papers refer to students who voluntarily worked to help their communities. This ignores what will happen when someone is forced to volunteer against their will. When volunteering ceases to be voluntary, it loses even the sense of civic duty that was its only positive factor. Instead of feeling good about helping the community, students who are forced to do work will associate negative thoughts with volunteering in general. This will end up having a net negative effect as far as future volunteering is concerned.

While service learning may seem beneficial upon first glance, a more thorough inspection reveals the truth that there is very little in the way of real benefits accruing to either the student or the community. In the cases where a student is able to provide a specific service in his or her field an internship with a charity would be the better tool to facilitate that. In the case of students who are providing general help outside their fields, government sponsored work done by the communities themselves would both be more efficient, and provide a greater total benefit to the community. The only justification for having the students do the work themselves is a sense of civic duty. Unfortunately, by forcing the students to do the work, any positive sense of civic duty will be offset by negative emotions from being forced. A better way to gain the desired sense of civic duty is through additional education that addresses the problems and their causes. In the end, the idea of mandatory service learning doesn’t make sense.

Works Cited:
Bringle, Robet G. and Julie A. Hatcher. “Implementing Service Learning in Higher Educations” (Excerpt). Journal of Higher Education 67.2 (1996): 221-223. Print.

Caret, Robert L. “Local Students Serve as They Learn.” Examiner.com. The Examiner. 20 September 2007. Web. 9 Sept. 2008.

Egger, John B. “service 'Learning' Reduced Learning.” Examiner.com. The Examiner, 2 October 2007. Web. 9 Sept. 2008.

Friday, December 3, 2010

Close the Washington Monument

http://www.schneier.com/blog/archives/2010/12/close_the_washi.html
Securing the Washington Monument from terrorism has turned out to be a surprisingly difficult job. The concrete fence around the building protects it from attacking vehicles, but there's no visually appealing way to house the airport-level security mechanisms the National Park Service has decided are a must for visitors. It is considering several options, but I think we should close the monument entirely. Let it stand, empty and inaccessible, as a monument to our fears.

Thursday, December 2, 2010

How the CIA Used a Fake Sci-Fi Flick to Rescue Americans from Tehran

http://www.wired.com/wired/archive/15.05/feat_cia.html

Mendez had spent 14 years in the CIA's Office of Technical Service — the part of the spy shop known for trying to plant explosives in Fidel's cigars and wiring cats with microphones for eavesdropping. His specialty was using "identity transformation" to get people out of sticky situations. He'd once transformed a black CIA officer and an Asian diplomat into Caucasian businessmen — using masks that made them ringers for Victor Mature and Rex Harrison — so they could arrange a meeting in the capital of Laos, a country under strict martial law. When a Russian engineer needed to deliver film canisters with extraordinarily sensitive details about the new super-MiG jet, Mendez helped his CIA handlers throw off their KGB tails by outfitting them with a "jack-in-the-box." An officer would wait for a moment of confusion to sneak out of a car. As soon as he did, a spring-loaded mannequin would pop up to give the impression that he was still sitting in the passenger seat. Mendez had helped hundreds of friendly assets escape danger undetected.

For the operation in Tehran, his strategy was straightforward: The Americans would take on false identities, walk right out through Mehrabad Airport, and board a plane. Of course, for this plan to work, someone would have to sneak into Iran, connect with the escapees, equip them with their false identities, and lead them to safety past the increasingly treacherous Iranian security apparatus. And that someone was him.

Tuesday, November 30, 2010

WikiLeaks Will Unveil Major Bank Scandal

http://news.slashdot.org/story/10/11/30/1849235/WikiLeaks-Will-Unveil-Major-Bank-Scandal
"When WikiLeaks announced it was releasing 251,287 US diplomatic cables, we all thought we knew what was meant by its earlier ominous words that, 'The coming months will see a new world, where global history is redefined.' It now appears the organization is sitting on a treasure trove of information so big that it has stopped taking submissions. Among data to be released are tens of thousands of documents from a major US banking firm and material from pharmaceutical companies, finance firms and energy companies."

Monday, November 29, 2010

Wikileaks cables reveal China 'ready to abandon North Korea'

http://www.guardian.co.uk/world/2010/nov/29/wikileaks-cables-china-reunified-korea
China has signalled its readiness to accept Korean reunification and is privately distancing itself from the North Korean regime, according to leaked US embassy cables that reveal senior Beijing figures regard their official ally as a "spoiled child".

Sunday, November 28, 2010

Does a Link Exist Between the MMR Vaccine and Autism?

This is my English term paper, dealing with the supposed vaccine and autism link.  I feel it compares well with my last term paper.

In 1998 Alan Wakefield was the lead author of a paper that presented the possibility of a link between the measles, mumps, and rubella (MMR) vaccine and autism spectrum disorders.  This paper was widely reported on by the media, which, in turn, caused a significant drop in vaccination rates.  That drop caused an increase in measles and mumps, with some cases being fatal.  The paper also spurred a large amount of further research to be done on any possible link between the MMR vaccine and autism.  To date, no other credible links have been found.  In addition, the original paper has been retracted by ten of the thirteen coauthors and the journal that published it.  Despite this, there exists a great deal of fear and uncertainty about vaccines and autism among the general public.  Some of this is spread by ignorance, while some is spread by malicious motivations.  Regardless of the campaign to discredit vaccines in the public's eyes, it is clear that no link exists between vaccines and autism.

The paper which first proposed a link between the MMR vaccines and autism, was published in the British journal The Lancet in February of 1998.  In the paper the authors admitted “We did not prove an association between measles, mumps, and rubella vaccine and the syndrome described” (Wakefield et al. 641).  This, however, did not stop the authors from alleging a link between the MMR vaccine and autism based solely on anecdotal evidence provided by parents.  This questionable evidence, based on just twelve sets of parents, was the only link ever provided between the vaccine and autism.  Unsurprisingly, the paper's results were not reproduced by any of the many subsequent followup studies.

Many laymen have a very poor understanding of the scientific method and the principles on which it operates.  To many, if a study purports a link between two things, then that is an answer.  However, to the scientist, this is merely the beginning.  Rather than rely on lone experiments and studies to provide answers, the scientific method is based upon the dependency that experiments and findings be reproducible.  If someone cannot verify, for themselves, the findings of a study or experiment, then those findings should be questioned.  To some degree, this requirement to verify for oneself the results is lessened if the results have been verified by a large group of others independently.

In the case of Wakefield's MMR vaccine study the media did not wait for subsequent confirmation, or, in this case, refutation, of the hypothesis that the MMR vaccine was linked to autism.  Instead, they exploited the fear and ignorance people had, knowing that a fearful audience would be a captive audience, and spread the story.  To worsen the situation, reporting of scientific studies rarely does an adequate job of conveying the actual findings to people.  Often, possible links under specific circumstances are simplified into causes.  Links which are barely scientifically significant will be inflated into direct causes.

This was the case with the reporting of the MMR vaccine study.  The link between the MMR vaccine and autism was not even directly found by the study.  Instead, it was inferred from a handful of parents' casual observations.  Anecdotal evidence has no place in a scientific study.  Rigorous repeatable wide scale tests are the basis for any serious results.  The problem with anecdotal evidence is that it is easy to find anecdotal evidence of just about anything.  If one takes two fairly common events, e.g., the MMR vaccine and autism, it is easy to find a dozen examples where it seems obvious that one caused the other.  This is a consequence of simple probability.  There are millions of people with autism, and virtually all of the many millions of people in the developed world receive the MMR vaccine.  Given a pool of millions to choose from, it would be trivial to find any routine event that seemed to occur suspiciously close to the onset of autism symptoms.  In the case of the study in question, many of the parents claiming a link between the MMR vaccine and their child's autism were suing the vaccine manufacturers.  In a sense, these parents had selected themselves by making their belief in the autism-vaccine link public.  It is not surprising then, that when these same parents were selected for the study that they held a common belief that the MMR vaccine was linked to autism.

The link between the MMR vaccine and autism was tenuous at best.  However, this tenuous link was the only evidence the media needed to promote the story.  Around 2001 the media hype in the UK was gaining its full momentum.  During this time, British Prime Minister Tony Blair was asked if he had his son Leo vaccinated from MMR.  He refused to answer to protect the child's privacy.  The media subsequently reported on this refusal in great detail.  Reports about the MMR vaccine from January to September of 2002 mentioned Leo Blair 32% of the time, while Wakefield was only mentioned in 25% of reports (Economic and Social Research Council 22).  In addition, the media consistently avoided mentioning the overwhelming evidence for the safety of the MMR vaccine:
The bulk of evidence suggests that the MMR vaccine is safe – as opposed to the well established risks of the diseases themselves. The use of such evidence to was often used to ‘balance’ Wakefield’s claim – although not, perhaps, as widely as might have been expected...half the television reports on the issue referred to such evidence...Similarly, over a third of all TV reports mentioned that the MMR vaccine is regarded as safe in the 90 countries in which it is used. (Economic and Social Research Council 22)
There was also a lack of criticism of Wakefield's weak claims by the media: “Wakefield’s claims were not comprehensively or systematically challenged in media coverage...the weakness of empirical evidence in support of Wakefield’s claim was never fully aired” (Economic and Social Research Council 23). By neglecting to report on the prevailing consensus in the scientific community that vaccines were safe, the media was very much responsible for the controversy that followed, and continues to this day.  This tendency to prefer fear based speculation over the more mundane facts is a result of the media's desire to increase viewership at any cost.  Much of the blame for the mistrust the public feels in vaccines today can be placed directly on the media.

However, while the media is partially to blame, the person who deserves the lion's share of the blame is Alan Wakefield.  Wakefield, who is no longer a doctor after having his medical license revoked by the UK's General Medical Council, was the primary catalyst for the controversy.  He was the lead author of the original paper, and subsequently promoted the supposed link, and urged parents to question the safety of vaccines.  In July 2007, the General Medical Council began a hearing into charges of professional misconduct during the study that lead to the supposed link between autism and vaccines.  The charges specifically involved performing the study without approval from the hospital's ethics committee, and performing unnecessary, and invasive medical procedures on the children during the study.  However, perhaps the most damning charge was that he accepted hundreds of thousands of dollars from a law firm that was preparing to sue the MMR vaccine manufacturers.  He failed to disclose this payment publicly, or to either the hospital's ethical board or the journal the paper was submitted to.  On January 28th 2010, the General Medical Council ruled against him on all counts. Then, a few months later they revoked his medical license.  It was also discovered that Wakefield filed for a patent on a proposed safer MMR vaccine in June of 1997, prior to the original study (Deer).

Alan Wakefield's conflicts of interest could hardly be more significant.  Between hundreds of thousands of dollars paid to him directly by a lawyer interested in proof of harm caused by the MMR vaccine, and a patent application on an alternative method of administering the MMR vaccine, there should be little surprise that he claimed a link between the vaccine and autism.  It should also not be surprising that he then promoted the possible link, as well as promoted the alternative of individual applications of the MMR vaccine, since he stood to directly profit from his patent on that very method.  What should be surprising is that he still has the audacity to claim he is being persecuted, or that the government is trying to cover up his findings.  Wakefield, and his supporters, have attempted to use his discreditation to their advantage, by claiming in interviews that there is something akin to a large coverup being orchestrated by governments and research institutes the world over.  The total agreement of virtually every party that has looked at the possibility of a link between the MMR vaccine and autism, as well as the vast array of motivations and funding sources that these parties have, makes the idea of a mass conspiracy absurd at best.

As stated above, the cornerstone of scientific research is repeatable results.  The original study linking the MMR vaccine and autism and the following media attention sparked an abundance of studies looking for this link, as well as other possible links between vaccines and negative health effects.  These studies have overwhelmingly found no such links.  Some studies have looked at the countries where thimerosal, a mercury based preservative which has been claimed, by some, to be the cause of autism in vaccines, has stopped being used:
this study took advantage of the cessation of thimerosal use in Denmark and Sweden in 1992 to conduct a before and after comparison of the incidence or case numbers of autism. In both countries, autism increases throughout the years 1987-1999, contrary to the decrease in autism that would be expected after 1992 if thimerosal exposure was related to autism. The increasing trend for autism is most notable in Denmark where the number of autism cases rises substantially even after the discontinuation of thimerosal use. (CDC 1)
Other studies have looked for a link between the MMR vaccine and a large population, but have not found any such link: “The Danish study, which followed more than 500,000 children, over 7 years, found no association between the MMR vaccination and autism” (CDC 3).  A separate study found no link between the administration of the vaccine and the onset of autistic symptoms: “The study found that the overall distribution of ages at MMR vaccination among children with autism was similar to that of matched control children” (CDC 4).  Wakefield's original paper claimed that the MMR vaccine caused gastrointestinal tract disorders, and that these disorders were, in turn, the cause of the autism.  He also claimed that measles RNA could be found in the gastrointestinal tract of children with autism where this had occurred.  This link too was disproved by a study:
Laboratories evaluated bowel tissues from 25 children with autism and GI disturbances and 13 children with GI disturbances alone (controls); only 2 biopsy samples with measles virus RNA were found, one in the autism/GI group and one in the control group, showing that the presence of measles virus sequences was not associated with an autism diagnosis...Samples were analyzed in three separate laboratories blinded to diagnosis, including one laboratory wherein the original findings suggesting a link between measles virus and autism had been reported in 1998. (CDC 4)

Finally, a Japanese study from 2005 took advantage of the fact that the MMR vaccine had been discontinued in Japan in 1993 due to minor health problems unrelated to autism, including the administration of vaccines after their expiration date.  The version of the MMR vaccine that was used in Japan was different from the one used elsewhere.  Despite the relatively minimum threat posed by the MMR vaccine, the scare caused people to avoid it, and the government had to remove the requirement of it from school children.  Because of this, Japan is currently the only developed nation with widespread measles outbreaks—hundreds a year in recent years (Public Health Agency of Canada).  While unfortunate for Japan, this provides a good opportunity to observe what would happen to the autism rate if the MMR vaccine was stopped in other countries:
The MMR vaccination rate in the city of Yokohama declined significantly in the birth cohorts of years 1988 through 1992, and not a single vaccination was administered in 1993 or thereafter. In contrast, cumulative incidence of ASD up to age seven increased significantly in the birth cohorts of years 1988 through 1996 and most notably rose dramatically beginning with the birth cohort of 1993. (Honda et al.)
These studies all agree that there is no link between autism and the MMR vaccine.  There is no shortage of other studies that say the same.  There is no need to cherry pick studies that support this view.  Any time a large population is looked at, any apparent link quickly disappears.  The only time that a possible link can be finessed out of the data is when a very small sample is looked at, such that virtually any arbitrary connection could be found if it were being looked for.

Why then, given the mountain of evidence disproving any link between vaccines and autism is there still any debate or controversy?  Unfortunately, humans are predisposed to believe things they feel they have witnessed with their own eyes.  If a person has seen one of these consequences, which are unlikely individually, but virtually certain in the large-scale, they will tend to believe in the existence of a link, even if it is refuted by many rigorous scientific studies.  A parent with an autistic child will be very emotional over the subject, and rightfully so.  However, emotion is known to cloud rational thought.  Faced with the choice between a concrete link they can understand that caused their child's autism, and an open-ended unknown reason, many will choose the answer they can better understand, even if that answer conflicts with factual evidence.  There is also a desire to have a person to blame.  By linking the MMR vaccine and autism, parents can blame the doctors and scientists that said the vaccine was safe.

In addition, the controversy over autism has become fueled by celebrities, many of whom have come out against vaccinations.  On one side there are hundreds of scientists armed with dozens of large-scale rigorous scientific studies, and, on the other, there are a handful of celebrities with no evidence beyond feelings.  The choice is easy in a rational light.  However, many choices in people's daily lives are not rational.  Entire industries exist purely due to people's tendency to behave irrationally.  As one brief example, casinos and lotteries are always weighted against the player.  A simple bit of mathematics will show conclusively that the player will lose in the long run.  Despite this, there is no shortage of people willing to give their money to casinos and lotteries based on the irrational believe that they will come out ahead.  With this in mind, it is perhaps easier to imagine how people could choose to accept the celebrity's charisma over the scientist's facts.

Still, some argue that the autism rate has gone up dramatically in recent decades.  This does coincide with an increase in vaccinations.  If vaccinations are not the cause, then what is?  The answer is that many children who are currently diagnosed as autistic would have been previously diagnosed with a more generic or catch-all disorder, or often simply not diagnosed at all.  In the early 90s, the diagnosis of autism was replaced with autism spectrum disorder.  The new diagnosis reflected a greater range of autism, replacing the binary yes or no diagnosis of the past.  Immediately, many children who previously would not have been diagnosed at all, were said to have a mild form of autism.  As more and more doctors began to use the new system, the rate of diagnosis went up.  This is a rather obvious effect of the changing definition, and, in retrospect, it seems like it would be hard to not come to this conclusion.

Still, some are not convinced of the safety of vaccinations.  They argue that it is better to be safe than sorry.  Some propose simply delaying the vaccinations, and spacing them apart to lessen any effect the combination of them may have.  This, on its face, may seem to be a reasonable precaution; however, there are problems with delays.  Vaccines provide an actual proven benefit in that they protect from deadly diseases.  It is no secret that children are more susceptible to diseases in general.  By delaying the administration of vaccines, one only extends the time a child is vulnerable to a particular disease.  For an example of the effect this delay can have, one can look at Japan.  As stated above, Japan has largely abandoned the MMR vaccine out of fear.  However, even before abandoning the vaccine it was common practice to delay the administration of it to later in the child's life.  The BBC reports that “Deadly epidemics of measles are far more common in Japan than the UK. The [Japanese Ministry of Health] says that is because children are often vaccinated much later” (Scanlon).

In addition to the fact that delaying vaccination increases the risk of disease, the mind-set of simply being safe rather than learning the facts and making the correct decision is the wrong one.  People are quick to recommend a cautious delay when faced with unknowns.  However, these unknowns are only unknown to the layman.  If one took the time to research the facts independently, the conclusion would be the same as the professionals had reached.  No one says one must blindly accept what one is told by scientists as fact.  Indeed, questioning everything is one of the foundations of the scientific method.  This does not mean that one can just ignore evidence that disagrees with one's beliefs.  If one is unwilling to research the topics personally then the only other choice is to just accept the expert's opinions  The mindset of better safe than sorry is a perpetual roadblock that only serves to impede progress.  Edward Jenner is famous for boldly acting on his hypothesis that infection with cow-pox would provide immunity to smallpox, a much more serious disease.  His confirmation of this fact is viewed as the groundwork for all modern immunology.  Additional delay, and the better safe than sorry mindset, would have caused literally millions more to die.  It is wrong to think that blindly trying random solutions is the correct course of action.  However, a balance must be struck between recklessness and being suffocated by caution.

The link between the MMR vaccine and autism does not exist.  It was proposed and promoted by a man guilty of medical misconduct, and who had numerous conflicts of interest.  The link was subsequently retracted by almost everyone who had anything to do with it.  The media is largely responsible for spreading the story, while ignoring the evidence that contradicted it.  A plethora of studies followed and, virtually without exception, they failed to find any link between vaccines and autism.  The scientific community and rational people have unanimously agreed that no link exists.  Only misinformation from those who stand to profit, and the ignorance of, possibly well-intentioned, celebrities continue to breathe life into this myth.  Suggestions of caution are unnecessary, and indeed, will cause more harm than good.  The link between autism and vaccines has been proven conclusively and irrefutably false beyond all reasonable doubt.

Works Cited:
Deer, Brian. "Royal Free's "anti-MMR" Products - Brian Deer." Brian Deer - Briandeer.com. Web. 03 Nov. 2010. http://briandeer.com/wakefield/wakefield-patents.htm.

Hargreaves, Ian, Justin Lewis, and Tammy Spears. "Towards a Better Map: Science, the Public and the Media." (2002). Print.

Honda, Hideo, Yasuo Shimizu, and Michael Rutter. "No Effect of MMR Withdrawal on the Incidence of Autism: a Total Population Study." Journal of Child Psychology and Psychiatry 46.6 (2005): 572-79. Print.

Public Health Agency of Canada. Measles Outbreak in Japan - Travel Health Advisory -Public Health Agency of Canada. Public Health Agency of Canada (PHAC) | Agence De La Sante Publique Du Canada (ASPC). 1 June 2007. Web. 03 Nov. 2010. http://www.phac-aspc.gc.ca/tmp-pmv/2007/measjap070601-eng.php.

Scanlon, Charles. "BBC NEWS | Asia-Pacific | Why Japan Stopped Using MMR." BBC News - Home. 8 Feb. 2002. Web. 03 Nov. 2010. http://news.bbc.co.uk/2/hi/asia-pacific/1808316.stm.

United States. Centers for Disease Control and Prevention. Centers for Disease Control and Prevention: Immunization Safety and Autism. 2009. Print.

Wakefield, A., S. Murch, A. Anthony, J. Linnell, D. Casson, M. Malik, M. Berelowitz, A. Dhillon, M. Thomson, and P. Harvey. "Ileal-lymphoid-nodular Hyperplasia, Non-specific Colitis, and Pervasive Developmental Disorder in Children." The Lancet 351.9103 (1998): 637-41. Print.

Sunday, November 21, 2010

Should Myspace Be Responsible for Sex Offenders?

Another essay for English class.  This time in response to a call for Myspace to be more responsible for child predators on their site.
Bob Sullivan - MySpace and sex offenders: What's the problem?

Any issue dealing with children tends to be a sensitive one.  Particularly, if the issue is that of sex offenders attempting to coerce children via Myspace into sex, then it is easy to let emotions cloud judgment.  Many knee-jerk reactions are made in the name of protecting children.  There is a desire to insulate children from all dangers.  However, rarely can risks be completely removed; rather, they must be mitigated.  This means one must be able to recognize when a risk is small enough that any additional attempt to reduce it will have too great a cost for the benefit provided.  Additionally, expecting corporations to voluntarily act in the best interest of children is naïve at best.  Instead, the government should be the one to protect children when needed.  However, ultimately the responsibility to keep children safe is with themselves and their parents.

Corporations' only goal is to bring profits to their shareholders.  Many see this as a negative, but it is simply the certitude of reality.  They will not act in the best interest of anyone other than their shareholders.  On the rare occasion that a corporation appears to do something altruistic, it can usually be explained as an attempt to increase public goodwill.  Just as a corporation is expected to act in the best interest of its shareholders, the government is the organization that should be expected to work in the best interest of the people.  When necessary, the government can force corporations to behave in certain ways to promote a public good.  However, in the case of Myspace and sex offenders, it is not necessary for the government to step in and force Myspace to do anything additional.  Instead, the government should be the one to safeguard the public good here.  The states' attorney generals have the job of investigating violations of parole.  They are the ones that should be investing time and money to make sure that there are not sex offenders breaking the law.

Myspace has already done more than they had to.  They have hired an outside company to search for sex offenders on their network, and removed them.  As stated above though, this move should not be confused for genuine altruism.  Rather, it was undoubtedly an attempt to ensure that parents felt safe letting their children on Myspace.  Even still, it was more than should be expected of a corporation.  They even retained the records so that they could be used as evidence, if need be.  This did not satisfy law enforcement, though.  Bob Sullivan points out that “But the spat likely signals more than concern about deletion of evidence. There is obvious sentiment among law enforcement agencies that MySpace was acting too slowly to remove known sex offenders from the site” (118).  However, if there were known sex offenders on the site, in violation of their parole, they should have simply been arrested.  Their profiles would not have been a concern after that.  Why should it fall to Myspace to investigate possible sex offenders?  That is the very purpose of law enforcement agencies.  Not only is it not Myspace's responsibility, but the law enforcement agencies are not doing much to help Myspace in doing their work for them.  There are over fifty different sex offender databases that Myspace must compile data from.  They expended a considerable amount of time and money cobbling it all together.  This burden would have been eased if the data was supplied to them in a better format.

The issue here is larger than just Myspace, though.  The Internet has brought about an innovative ability to anonymously communicate with anyone that did not exist before.  This new ability is, of course, used for all kinds of purposes, both good and bad.  With the new immoral uses comes new fears.  When confronted with these new problems, people often are confused about how to handle them.  However, more often than not the best solution is the one already in place, just simply adopted for the new threat.

There are many more ways to communicate online than just Myspace.  Email, chat rooms, web forums, and the variety of social networking sites are just a few.  As the web becomes more and more international, more of these sites are administered outside of the United States.  Even if Myspace could be forced into policing its own site for sex offenders, it is impossible to force the nearly limitless other sites to do the same.  Luckily, there are two traditional methods of protecting children from sex offenders that will work fine in this new environment.  First, law enforcement can continue to do its job investigating parole violations by those in their jurisdiction.  Where the offender is outside their jurisdiction, they can inform the local law enforcement and hope they take it from there.  There is little else law enforcement can do.  Second, children should be educated about the risks of meeting someone in real life from the Internet.  In the case of a sex offender attempting to meet a child, the sex offender cannot harm the child until he or she makes the decision to trust them and meet up.  Children need to be made aware of how trivial it is to lie about who one is online.  That lesson is likely to come from parents the same as any other basic safety lesson in a child's life.

Some would argue that Myspace does have a responsibility to keep child predators off its network.  However, relying on a corporation to do good on its own is never a good idea.  The only realistic way Myspace could be expected to do this is if they were forced to via legislation.  This would mean law enforcement would have to expend resources making sure Myspace was doing something the law enforcement agencies should have been doing in the first place.  Additionally, the ease with which a sex offender can create a new identity means that Myspace has little chance to catch any but the most obvious cases.  Instead, parents must educate their children about the dangers that face them online.

While it is tempting to demand someone else be responsible for children's safety, one must be realistic about the priorities of all the involved parties.  No parent should expect a corporation will keep their child safe.  That obligation falls to the parents and the children themselves.  If there is a need for measures above what a parent or child can be expected to provide for themselves, the government exists for exactly that reason.  Law enforcement is better equipped and trained to root out sex offenders on Myspace than Myspace itself.  Additionally, law enforcement has the responsibility to protect the public, whereas, Myspace does not.  It is often difficult to rationally deal with issues involving children's safety.  However, in this case the status quo is adequate.  The only areas that need improvement are law enforcement doing more to catch sex offenders violating their parole, and parents educating their children to all the dangers that await them on the Internet.

Works Cited:
Bob Sullivan, “MySpace and sex offenders: What's the problem?” Elements of Argument (2010):116-119.

Wednesday, November 17, 2010

A Fool And His Money Are Soon Parted

http://www.nytimes.com/2010/11/09/nyregion/09fraud.html?_r=3
That was only the beginning. Over time, prosecutors said, Mr. Bedi told Mr. Davidson about an elaborate international conspiracy that had attacked Mr. Davidson’s computer and was threatening Mr. Davidson and his family. The conspiracy allegedly involved a mysterious hard drive in a remote village of Honduras and a plot to infiltrate the United States government by Polish priests linked to Opus Dei. Mr. Bedi persuaded Mr. Davidson to pay the computer shop not only for data retrieval, but for personal protection, the authorities said.

It was, of course, a fraud, officials said. For more than six years, the computer shop, Datalink Computer Products, regularly charged Mr. Davidson’s credit card accounts. The charges totaled more than $6 million, according to the office of the Westchester County district attorney, Janet DiFiore. It took months for investigators with the police in Harrison, N.Y., and other agencies to unravel the many twists and turns of the case.
Anxiously awaiting confirmation that this is in fact a The Onion story that got picked up by the major news outlets.

Proposed Final ACTA Text Published

http://yro.slashdot.org/story/10/11/16/2132214/Proposed-Final-ACTA-Text-Published
The US Trade Representative has published a text which, subject only to a last legal review, is proposed to be the final text of ACTA. The differences between this text and last month's, from the Tokyo round, are mostly cosmetic but there's an important positive change giving signatories the option of excluding patents from section 2. As for software patents, most harm has been avoided. If signatories make use of the section 2 exclusion option, there might be no harm at all. Lobbying for this will be important. Meanwhile, the many problems regarding Digital Restrictions Management, and the extra powers given to businesses to obtain personal and identifying information about accused copyright infringers "in the Digital Environment" are still there (mostly section 5). Earlier texts were much worse. The improvements in recent months are surely due to public outcry, leaving us indebted to the anonymous friends who scanned and leaked the various secret versions and the activists who made text versions and spread them across the Internet. There's a chance we can still influence the text in this legal review phase, but the bigger task ahead will be working on the national implementations. It's not yet clear what procedure the US will require for its own ratification.

The third in a set of very good reads from Slashdot tonight.
http://www.wcl.american.edu/pijip/go/blog-post/acta-s-constitutional-problem

Tuesday, November 16, 2010

Shadow Scholar Details Student Cheating

http://news.slashdot.org/story/10/11/16/0131217/Shadow-Scholar-Details-Student-Cheating
A 'shadow writer,' who lives on the East Coast, details how he makes a living writing papers for a custom-essay company and describes the extent of student cheating he has observed. In the course of editing his article, The Chronicle Of Higher Education reviewed correspondence he had with clients and some of the papers he had been paid to write. 'I've written toward a master's degree in cognitive psychology, a Ph.D. in sociology, and a handful of postgraduate credits in international diplomacy. I've worked on bachelor's degrees in hospitality, business administration, and accounting. I've written for courses in history, cinema, labor relations, pharmacology, theology, sports management, maritime security, airline services, sustainability, municipal budgeting, marketing, philosophy, ethics, Eastern religion, postmodern architecture, anthropology, literature, and public administration. I've attended three dozen online universities. I've completed 12 graduate theses of 50 pages or more. All for someone else.
The article is a very good read.
http://chronicle.com/article/The-Shadow-Scholar/125329/

Stuxnet Was Designed To Subtly Interfere With Uranium Enrichment

http://it.slashdot.org/story/10/11/16/0347231/Stuxnet-Was-Designed-To-Subtly-Interfere-With-Uranium-Enrichment
Wired is reporting that the Stuxnet worm was apparently designed to subtly interfere with uranium enrichment by periodically speeding or slowing specific frequency converter drives spinning between 807Hz and 1210Hz. The goal was not to cause a major malfunction (which would be quickly noticed), but rather to degrade the quality of the enriched uranium to the point where much of it wouldn't be useful in atomic weapons. Statistics from 2009 show that the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 at around the time the worm was spreading in Iran.
The malware, however, doesn’t sabotage just any frequency converter. It inventories a plant’s network and only springs to life if the plant has at least 33 frequency converter drives made by Fararo Paya in Teheran, Iran, or by the Finland-based Vacon.
A lot of interesting detail in the article.
http://www.wired.com/threatlevel/2010/11/stuxnet-clues/

Sunday, November 14, 2010

Torture: Never Acceptable

This is an essay I had to write for an English class in response to an article that advocates legalizing torture.
Alan M. Dershowitz - Is There a Torturous Road to Justice?

Recently, it has been made public that the United States has been engaging in acts which are arguably torture. This has ignited a debate as to whether or not it is justifiable to torture, and if so, under what circumstances it becomes acceptable. Alan Dershowitz argues that torture should be legalized under some circumstances in “Is There a Torturous Road to Justice?” However, this debate should never even need to occur. Torture is morally wrong, and there are no circumstances under which it is acceptable.

The United States is a country founded on the principles of freedom and liberty. More-so than many modern democracies it holds those ideals as its cardinal rules. To legalize, and thus advocate, torture would be contrary to everything the United States is founded upon.

In his article, Dershowitz states that with respect to the 5th amendment, “Any interrogation technique...even torture, is not prohibited. All that is prohibited is the introduction into evidence of the fruits of such techniques in a criminal trial against the person on whom the techniques were used” (85). However, that only seems to address self-incrimination. The 8th amendment states that “Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted.” Note that there are no qualifiers for whether or not cruel and unusual punishments may be inflicted. It may not be used under any circumstances. If torture is not a cruel and unusual punishment, then what is? If it is claimed that it is not a punishment because it is merely a means to an ends, an interrogation technique, then how can the interrogation be worse than the punishment?

The question Dershowitz seems to be addressing here is if we can torture legally, when the real question is if we should. While some may insist that torture is necessary to combat terrorism, this is not true. Contrary to general belief, the goal of terrorism is not to kill. The goal of terrorism is to bring about whatever change the terrorist desires, using terror as the impetus. Terrorists kill because it causes fear, which in turn, causes irrational behavior that the terrorists hope will benefit them. Terrorism alone has no ability to destroy a nation; it needs the nation to do that itself. By accepting torture, even on a small scale, the United States would be destroying a part of itself.

From 1968 to 2006 there were 3,227 deaths from terrorism in the United States (NationMaster.com). That is 85 deaths per year from terrorism in the United States. For comparison, there were an average of 29 deaths a year from dog attacks in the United States from 2005 to 2009 (Wikipedia). Common pain killers, like aspirin, kill close to 8,000 per year in the United States (Robyn Tamblyn, et al.). The average person does not spend much time worrying about dog attacks or aspirin killing them. That is because they are, like terrorism, unlikely ways to die. The difference is that terrorism is designed to instill fear, and all too often is successful.

Terrorism is neither a threat to national or personal survival. The only threat it poses is the fear it can instill—fear which could lead to rash decisions. Decisions like legalizing torture, which are not acceptable in a civilized society. We do not need to legalize torture to combat terrorism, because terrorism cannot hurt us unless we allow it. The question of if we can legalize torture does not even need to be addressed. There is no need to compromise everything we stand for when there is not even a serious threat.

Extreme examples are often raised in an attempt to illustrate a time when torture might be acceptable. Dershowitz poses one such example: “consider a situation in which a kidnapped child had been buried in a box with two hours of oxygen. The kidnapper refuses to disclose its location. Should we not consider torture in that situation?” (86). A person, even one opposed to torture, might be tempted to accept it in this case. However, there are several reasons why even in the extreme cases torture is still unacceptable.

First, these extreme cases are extremely rare, so rare that they border on nonexistent. Children hidden in buried boxes and terrorists with ticking time bombs hidden in a secret location are the stuff of movies. Making grand decisions—that will doom hundreds or thousands to torture—based on these fantasies is absurd. Laws should be based on rational decisions and facts.

Second, an extreme case, with a ticking clock, and pressure to make the right move, is exactly the time when mistakes are most likely to be made. In this case, how can facts be weighed and it be judged that a person has information which could save lives in hours or minutes? How can it be certain that the right person is about to be tortured, or that they even know what they are alleged to know? The answer is to issue these “torture warrants” with little to no oversight beforehand. If there is a review process afterward, what would be done if an innocent person was tortured? The answer is likely nothing, or at least nothing that would matter to the person who had to endure the torture due to a mistake.

Third, it is easy to say that the torture of someone particularly evil, in order to save lives, is justified. However, having the moral high ground means never compromising, even when it may be justified. Even in war there are things which are not done to the enemy, e.g., the use of poison gas or land mines, even though they would save lives, even if the enemy is doing those very things. It has never been said that being above reproach is easy.

History has shown that powers given to the government will be abused. Dershowitz himself admits that many modern investigation powers have been abused. Warrantless wiretapping, which was justified under the same fear of terrorism that is now being used to justify torture, expanded tremendously. It is now five years since the public was made aware of warrantless wiretapping. In this time no individuals were punished for the abuses of power. In addition, there is no certainty that the program has been stopped. The key to preventing governmental abuse of power is to not allow the power in the first place.

Dershowitz ends with a tenuous piece of logic. He states that in an actual situation, where lives are at stake, and torture seems like it could save them, investigators are likely to use torture anyway. Why not then provide a legal framework for it? The answer to this is the same reason we do not provide a legal framework for murder, even in situations when it is likely to happen anyway. The fact that something is going to happen anyway is not a reason to legalize it. Also, if the investigators are going to do it anyway, but are denied the “torture warrant”, then why would they be stopped by that? After all, they were going to use torture even when it was completely illegal. The answer to someone doing something illegal is not to legalize it. The answer is to expend greater energy on prosecuting those who break the law.

It could be argued that it is wrong to allow someone to die in order to simply maintain a high moral standing. However, we already do this when we allow murderers, who may kill again, to go free when the evidence gathered against them was gained illegally. No one is happy about this, but the alternative is worse. The alternative is allowing the use of evidence gained by immoral means, and thus to allow those means to exist, and that, like torture, is unacceptable.

Some might argue that I would feel differently about torture if it could potentially save me or someone close to me. To this allegation, I have to say that of course I would. Similarly, if someone close to me was murdered, I would feel very differently about cruel and unusual punishment, and the use of evidence gained by any methods. In other words, I would be so emotional I would not be making rational decisions. Luckily, legal processes are not run by the families of victims. Rather, they are run by cool-headed, and impartial, third parties. These third parties know that sometimes an injustice must go unpunished to prevent a greater injustice from taking hold.

Legalizing torture, even in rare cases, will put a seal of approval on it. It would show that the United States is willing to compromise its principles when it feels threatened. It would show the terrorists that they can in fact cause the United States to give up its principles. There is no real threat posed by terrorism, and thus no need to look to extraordinary measures to combat it. If torture is legalized it will be done out of fear, not rational thought. By legalizing it in some absurdly rare cases we gain nothing, and lose everything.

Works Cited:

Alan M. Dershowitz, “Is There a Torturous Road to Justice?” Elements of Argument (2010): 85-86.

Wikipedia contributors. "List of fatal dog attacks in the United States." Wikipedia, The Free Encyclopedia. Wikipedia, The Free Encyclopedia, 22 Sep. 2010. Web. 5 Oct. 2010.

Robyn Tamblyn, et al. “Unnecessary Prescribing of NSAIDs and the Management of NSAID- Related Gastropathy in Medical Practice” Ann Intern Med September 15, 1997 127:429-438;

“Terrorism Statistics > Terrorist Acts > 1968-2006 > Fatalities (most recent) by country” NationMaster.com http://www.nationmaster.com/graph/ter_ter_act_196_fat-terrorist-acts- 1968-2006-fatalities

Wednesday, November 10, 2010

Relativistic Bacon

http://www.smbc-comics.com/index.php?db=comics&id=2056#comic

My first thought upon ready this was, "that's actually a really good idea".

I Love MS Paint

http://www.nerdparadise.com/mspaint/lake/

MS Paint has to be the only product Microsoft ever made that I approve of.

Monday, November 8, 2010

The Burger “Experiments”

http://theness.com/neurologicablog/?p=2405
We have been getting a great deal of e-mail asking about the various “experiments” on YouTube (inspired by events on Fast Food Nation) in which a McDonald’s hamburger and fries are left out for weeks or months. To the surprise of some, the food does not rot away to nothing but instead shrivels a little and becomes hard and shiny, but does not get moldy or rotten. The implication is that there is something wrong and unnatural about food that doesn’t rot when left out.

Unfortunately this is what passes for “science” on the interwebs. But it does provide a teaching moment – with lessons about scientific methodology and how the logic of interpreting evidence.
http://www.youtube.com/watch?v=9ya9HRE6cYk

Cargo Cult Science

http://www.gasresources.net/Cargo%20Cult%20Science%20-%20by%20Richard%20Feynman.htm
During the Middle Ages there were all kinds of crazy ideas, such as that a piece of of rhinoceros horn would increase potency. Then a method was discovered for separating the ideas--which was to try one to see if it worked, and if it didn't work, to eliminate it. This method became organized, of course, into science. And it developed very well, so that we are now in the scientific age. It is such a scientific age, in fact, that we have difficulty in understanding how witch doctors could ever have existed, when nothing that they proposed ever really worked--or very little of it did.
But even today I meet lots of people who sooner or later get me into a conversation about UFO's, or astrology, or some form of mysticism, expanded consciousness, new types of awareness, ESP, and so forth. And I've concluded that it's not a scientific world.
I highly recommend you read Surely You're Joking, Mr. Feynman! if you haven't.

Saturday, November 6, 2010

A Roman Legion in China

http://historicmysteries.com/a-roman-legion-in-china
In 53 BC, a humiliating defeat for a Roman army set off a chain of events that may have led to the furthest eastward expansion of the Roman Empire’s military and cultural influence.

Thursday, October 28, 2010

You're Rich

http://www.globalrichlist.com/

I often like reminding people that they are in the top 10% of the world in terms of wealth, just by living in the US.  Of course, like everything I say, that is just something I made up.  So I decided to get around to doing a search to back it up.  Median income for highschool grad > 25 years old working full time in the US is $31,539.  According the the global rich list site that income would put them at the "375,759,196 richest person in the world" or "TOP 6.26%".  Median income for a BA degree of $50k, puts you in the top 0.98%.  The magic income to put you in the top 10% is $25k.

http://en.wikipedia.org/wiki/Personal_income_in_the_United_States

Thursday, October 21, 2010

Atlantic Wind Connection

http://en.wikipedia.org/wiki/Atlantic_Wind_Connection
Atlantic Wind Connection (AWC) is an electrical transmission backbone proposed by Trans-Elect Development Company that could be constructed starting in 2013 off the East Coast of the United States to service off-shore wind farms. Google, the investment firm Good Energies, and Japanese trading firm Marubeni are investing "tens of millions of dollars" in the initial development stage of what could become a $5 billion dollar project.
I stumbled upon this while reading Wikipedia during my English Comp class in a computer lab (I was reading the English Wikipedia though so it's ok).  The article is somewhat interesting, although brief.  However, there is a 10 page paper published in 2006 about offshore wind power in the mid Atlantic area that I found pretty interesting. 
http://fluid.stanford.edu/~lozej/Public/KemEtAl-OSWind.doc

On the off chance that any of my readers know me personally, you probably already know I do not view wind power favorably.  Specifically, I think the cost per watt (that is actual average produced watt, not nameplate capacity) is simply too high.  Particularly when you factor in nuclear.

I will say though that this paper has made me reevaluate the specific case of off shore wind farms over a very large geographical area.  I still think wind is more expensive than nuclear, but at least it's feasible.  Unlike photovoltaics, which are still obscenely expensive.

I'll summarize what I found interesting, or feel warrants a response for the small percentage of you that won't be reading the original paper.

The study is from 2006, and covers the states from Mass to NC and the adjacent water up to a depth of 100m (which they term the "Middle-Atlantic Bight (MAB)").

They claim that the energy needs and potential energy from wind of that area are:
"We find that the MAB wind resource can produce 330 GW average electrical power, a resource exceeding the region’s current summed demand for 73 GW of electricity, 29 GW of light vehicle fuels (now gasoline), and 83 GW of building fuels (now distillate fuel oil and natural gas)."

They get wind speed data from a handful of NOAA buoys that have recorded hourly wind data for 21 years.  They found that:
"Wind speeds at all nine NOAA buoys in or near the MAB show a mean of 8.3 m/s ([extrapolated] at 80 m height) with [standard deviation] across buoys of only 0.8 m/s."

They take into account areas that would be unavailable for use for a wide variety of reasons.  They also include 10x5 blade-diameter spacing around each turbine to ensure they don't affect each other.

Using the published wind speed to energy curves, as well as their wind history data they calculate an average of 39% nameplate capacity over the long term.

They address the variable output of wind by suggesting multiple sites over a large geographical distance with high voltage transmission lines connecting them.  Specifically, they look at 1, 3, or 6 generation sites in the MAB, and calculate the percent of the year when the combined generation would be at x percent of capacity.
"for the single site, 13% of hours are at maximum output but 15% of hours are off (below cut-in speed of 3.5 m/s). For 3 and 6 connected sites, the power is off only 2% and 0.3% of the hours, respectively."
They conclude that this means wind power is not "intermediate" but rather that its generation fluctuations don't match up to the demand fluctuations.  They propose one possible solution to storing this excess power.  Convert 66% of cars to plug in electrics with individual capacities of 30 kWh (Tesla Roadster is 53 kWh, Chevy Volt is 16 kWh).  Assume that at any given time half these vehicles could provide half their storage to the grid.  That capacity would be adequate to supply the average electrical demand for two hours.  They claim this would be sufficient all but five times a year.  In order to guarantee supply during those periods fossil fuel backups would have to be maintained.

Overall an interesting read.  However, they do not address cost, and that is where wind really suffers.  In a table they give figures for number of turbines that would fill the MAB.  It would take 166 thousand 5 MW turbines to cover the MAB.  That would give an average output of 330 GW.  Pinning down a cost per turbine is difficult, but this very topical article gives a hint:
http://articles.cnn.com/2008-06-23/tech/wind.turbines_1_jim-lanard-wind-turbines-bluewater-wind?_s=PM:TECH
150 turbines for an estimated $1.6 billion.  That gives a per turbine cost of about $10.6 million.  To cover the MAB would cost about $1.77 trillion.  Using a rather high estimate for new nuclear construction of $5,000 per kW getting the same 330 GW capacity would cost $1.65 trillion.

This however, still ignores the variable nature of wind power.  Additional costs would arise from long distance transmission lines, as well as mass electric vehicle conversions.  Or, more realistically from backup natural gas plants.

So, it would appear that large scale off shore wind is at least within the realm of possibilities.  That being said, given that nuclear is still cheaper, even given a high estimate, and excluding the hidden costs of wind, what reason is there not to just go with nuclear?