Tuesday, March 25, 2008

What if you lived in a world where nothing worked?

You know, like Bizarro world.

I think I've been slowly migrating into that world.

My MetLife experience today was typical. I have an ancient annuity with them (odd story), and I decided to try to update my online profile.

It went like this:

  1. Login with the default settings.
  2. Submit -- returns to login screen. No error message, just the login screen.
  3. Phone in, get password reset.
  4. Try again - get request to change password. Looks good.
  5. Login, oops, Back to #2.
  6. Do an online password reset. Notice button press doesn't seem to work with Firefox 2.
  7. Try it again with IE 7. It works.
  8. Now login again. back to #2.
  9. Wait -- what was that brief flicker of text? Something about a popup?
  10. Turn off IE 7 popup blocking.
  11. Try again.

The entire interaction with the MetLife web site occurs inside a popup window. The original login window remains behind, that's why I kept returning to the above step #2 when the popup was blocked.

Incidentally, if you ever want to hack into someone's account, I recommend MetLife. They implement the usual array of misguided security measures, including the laughable: "secret question". (Does any crook not know my mother's maiden name by now?)

I'm picking on MetLife, but these days I feel like a live in a great cloud of "stuff that doesn't work". Our world won't burn up or rust out, it'll just collapse in a great cascade of stuff that doesn't really work ...

PS. Most of the science fiction I've read assumed either a post-apocalyptic world or a world of uncanny reliability. Dysfunctional dystopias don't get their due. Terry Gilliam's (a famous Minnesotan!) Brazil and Twelve Monkeys are notable exceptions; Gilliam seems to have this niche to himself.

Monday, March 24, 2008

Head still exploding: The AT&T mobile phone rebate card scam

After I wrote this post I wondered if I was over-reacting:

Gordon's Notes: John's head explodes: AT&T rebate paid with an AT&T debit card

Ok, so I knew when I did the deal with Satan's pond-sucking scum that I should expect a shaft or two, but this one is so audacious.

I just noticed, in a very fine print amongst all the paper work of a new cell phone contract, that AT&T pays its rebates with an AT&T debit card.

AT&T has been sued over this practice...

I received my two cards ($50 each, one for each line of the family account), which are accepted "anywhere Visa debit cards are accepted", except you have to "tell the cashier" to "process the card as a credit transaction, not a debit transaction".

You need to activate the cards before use, by entering the number they're assigned to. AT&T tells me the number ends in 8. For both cards. Because both our phone numbers end in 8.

The cards expire in July of 2008, about three to four months after they came to us.

There are lots of complex rules about how to spend them. The only reasonable way to use them is to spend MORE than the card amount, then arrange with a flustered and irritated cashier (and their manager too?) to pay the residual through some other means.

Ok, so now I go to www.att.com/wirelessrebatecard to try to activate the cards. I'm redirected to https://www.888extramoney.net -- they're probably outsourced the scam. I'm asked to enter the "first 10 digits of your account number from your AT&T card". Well, I don't have an AT&T card, but I'll try the first 10 digits of the first VISA rebate card number -- since that might be tied to my phone number.

It turns out my theory is correct, from there I get a login screen that requests the entire card number and the last four digits of each cell number. I guess right on those and my cards are "activated". [1]

I could spit nails if I didn't have so many other battles to fight. I signed up with AT&T because of the #$!$#! iPhone. Compared to similar services from Sprint our family costs have gone up about 70% a month. Sprint, for all their many sins, didn't make me jump through these hoops.

In a just world AT&T would have to pay out billions for this kind of scam, but in this world George Bush is President, we have a Republican governor in Minnesota, and our state Attorney General has been neutered.

I just know some mid-level AT&T exec made SVP and a golden handshake when s/he came up with this scam to reduce rebate payments. I suppose it's unbecoming for me to to imagine her/his pending appointment in the eighth circle of hell ...

... The fraudulent—those guilty of deliberate, knowing evil—are located in a circle named Malebolge ("Evil Pockets"), divided into ten bolgie, or ditches of stone, with bridges spanning the ditches...

... Bolgia 10: Groups of various sorts of falsifiers (alchemists, counterfeiters, perjurers, and impersonators) are afflicted with different types of diseases. (Cantos XXIX and XXX)

[1] It's not documented, but if you login this way you can see the record of card transactions and the residual balance.

Update 12/29/08: One commenter suggested using the AT&T card to buy a gift card at a reputable retailer. Then you can use it when it suits you.

Update 3/6/09: As per a most appreciated comment AT&T has settled with the New York attorney general's office ...
A $2.63 million agreement with AT&T Mobility over a misleading and deceptive sales promotion involving rebate offers that were fulfilled with onerous and condition-laden rebate cards by the New York's Attorney General Andrew M. Cuomo.

AT&T is required to provide more than $2.63 million to consumers who received rebate cards from AT&T in fulfillment of its rebate offers on cellular phones and other wireless equipment and services.
I sincerely hope Minnesota climbs on board.

This isn't AT&T's only mobile services scam. They're also shafting their customers with EDGE phones, effectively eliminating data services people have paid for by contract and phone purchase.

Update 4/20/09: Dilbert on mobile phone rebates. "Dude, we spent it before you left the store."

Sad days for the American Academy of Family Physicians: AFP and FPM behind the paywall

The AAFP is putting American Family Physician and Family Practice Management behind a paywall. After April 1 new issues will only be available to members.

This is sad news. For years I've admired the academy's policy of public access to AFP, it's been a great patient and provider information resource. No more.

The academy is also restricting the default distribution of Family Practice Management to members in office practice; a good change overall but probably another indicator of diminishing advertising revenue. I suspect there are other economy measures going on that aren't being communicated to members.

What's going on?

I'm still a member, but I'm very removed from the AAFP these days. I don't really know. My guess is that advertising revenue, in particular, is down. I also wonder if membership is falling off; I suspect a lot of members were unhappy when the Academy failed to resist the peculiar board certification changes implemented by the American Board of Family Medicine [1].

It fits with a ten plus year trend of declining interest in primary care in general, and family medicine in particular. I think the crowd is wrong again, but I fear it will be another ten years before we rediscover that primary care physicians are a cost-effective way to deliver quality care. I also wonder if pharmaceutical advertising revenue is down across the board -- the pharmas are thought by many to be entering a period of grim economic news.

I hope the AAFP will reconsider. I'd be very surprised if removing AFP from public access is going to help finances and/or recruiting in any significant way. This is a bad economizing measure.

[1] Admirable in theory, in practice they're the equivalent of putting a patient with congestive heart failure on a high speed treadmill.

The emperor's clothes, Microsoft Word, and the folly of crowds

In the fairy tale version the impolitic child comments on the emperor's birthday suit. All the people who thought they were imaging the emperor's nakedness realize they're not crazy after all. The emperor is laughed out of town.

That's not how things work in the real world.

I thought of this recently as I revised my sister-in-law's Masters thesis*. Well, revised isn't quite the right word -- my job was to fix up a structured Microsoft Word document. In the old days in-laws typed up handwritten theses, now we repair Word documents. A much quicker job, but far more technical. Hmm. That about sums up the last 30 years of technological progress, doesn't it?

Anyway, as I adjusted styles, auto-generated lists of figures and tables from captions, set alignment styles for document objects, created section specific pagination rules, etc I recalled my 2003 rant against Microsoft Word. It's still pretty current, even though I've given up on my macro workarounds. Honestly, Word is broken**. It's been broken since 1995 or 1997, when some misguided Microsoft development team merged two different formatting models and produced the software equivalent of "the fly".

The Emperor is buck nekkid.

In the real world though, the crowd of hundreds of millions figures the child is deluded, and they must simply be doing something wrong. Surely a bazillion dollar company couldn't be producing junk - could it? Sharepoint must be a good document management system - because everyone uses it. Real estate must be a good investment - because everyone's buying houses. Global warming can't be a real problem, because our government would tell us if it were. Gmail's contact management and list functions can't be completely lousy -- because Google is full of geniuses. Crowds must be wise, because that's what the book says. Crowds re-elected George Bush, didn't they?

Hmmphh.

Either humanity has some serious loose screws, or I'm a loon.

Or both ...

PS. I don't believe in this "wisdom of crowds" stuff. Just to be clear. On the other hand, there's tons of money to be made betting on the folly of crowds.

--

* I think she's written a doctoral thesis, but that's another story. I hope she turns it into a book.

** Office 2007's XML based structured documents might be an improvement, but that requires a completely proprietary file format that none of my other applications can read.

Sunday, March 23, 2008

Google goes to warp speed, oddly fond of me

This morning I wrote a post about worrisome behavior associated with XPonlinescanner.com. At that time a search on the term led to the spammer's web site.

As of this evening a search on the same term leads to my blog post. This morning three people who ran into the same worrisome ad behavior left comments on my initial post -- they found it at the top of their searches within 15 minutes of the original posting.

This evening I posted about the frustrations of using iMovie '08 with a Flip Video camcorder. A few minutes after I posted it I decided to see if anyone else had discovered that Mike Ash's QTAmateur would translate the AVI files. I found exactly one post on the topic- mine.

Google indexed my blog post within 15 minutes of creation.

I then experimented with a post I made this evening to Apple's Discussion group. It too was indexed within 30 minutes of posting. That's nothing about me of course, Google is indexing that massive archive at an astounding speed.

This is unnerving on two levels. Personally it's unnerving that Google is so oddly fond of my blogs. They're not high readership blogs, though I do like to imagine my readership is unusually perceptive. Weird.

The personal focus is odd enough, but the indexing speed is even more uncanny. Google has quietly turned on a warp drive; how the heck are they able to index so quickly? What does this say about their bandwidth capacity -- that they're basically reading large portions of the net in almost real-time?

What oil price will radically change American life?

When does the price of oil change what Americans do?

I wrote in July of 2007 that a significant number of people would start to make different decisions at $5 a gallon. On the other hand I've read realtors claiming that the bubble popped when gas hit $3 a gallon, and people started worrying the cost of exurban commutes.

It's not just the absolute costs of course, it's the trend line. So if gas goes from $3 a gallon now to $5 a gallon in 2011, then people will react as much to the trend line as to the absolute value. If the price hits $5 a gallon in 2010 then the reaction will be even stronger.

On the other hand someone who does this sort of thing for a living things the price will have to hit $13 or so to force a "radical restructuring":
FuturePundit: Peak Oil By 2012?:

.... Energy analyst Charles T. Maxwell thinks gasoline prices in the US will need to more than triple to force Americans into a radical restructuring of how they live.

Maxwell said it will take $12 to $15 a gallon to get Americans to let go of what he called the “precious freedom of mobility.” As much as Maxwell laments the loss, he sees no other way for the U.S. to impose enough conservation to deal with the growing imbalance between oil demand and supply that he sees developing around 2010 and getting worse in 2012 or 2013, as the world hits a “peak” in conventional oil production...
I was thinking in terms of "start to change" when I picked $5 a gallon, radical change is a few steps beyond that.

Maxwell is elsewhere quoted as predicting "peak oil" in 2012-2013 resulting in a steady "rise starting in 2010, reaching $180 a barrel in 2015 and $300 a barrel in 2020". Since we're about $100 a barrel now, we wouldn't hit his "radical change" date until after 2025 or so.

I'd love to see an economist make some predictions here based on the historical record, though I have a hard time thinking of a precedent in an industrial economy outside of wartime.

As I've written previously our confusing situation may become clear within the next six months:
...If the price of oil is above $105 a barrel in August of 2008 then Peak Oil is on the sooner rather than later, and the world I grew up in is shuffling away -- sooner than I'd expected...
If we are at or above $105 in August I think we'll see a gradual and continuous change rather than a radical disruption. The price signals will be relatively clear with smooth trendlines.

This isn't, of course, good news for the survival of human civilization. Unless we put a very large carbon-tax-equivalent on coal, humanity will start burning massive amounts of coal to power our electric cars and to create various fuel products. Our carbon dioxide output will skyrocket -- even as our mobility and our gasoline consumption start to plateau. We'll push past the ancient maxima for CO2 and bake much of our habitat.

We need a technologic miracle, but in the meantime we need a carbon-tax-equivalent on coal.

Hacking encryption keys: quantum and otherwise

A non-specialist has written a review of quantum computer factoring that matches what I've been reading from my physics blogs. Quantum computing, alas, isn't as impressive as it used to be. Even if we can make it work, quantum computing is not necessarily a qualitative improvement over conventional computation -- though it will explore some (truly) mind-boggling quantum physics.

I wanted to call out one small part of the post though:

... I went over to a site that will tell you how long a key you need to use, http://www.keylength.com/. Keylength.com uses estimates made by serious cryptographers for the life of keys. They make some reasonable assumptions and perhaps one slightly-unreasonable assumption: that Moore's Law will continue indefinitely. If we check there for how long a 4096-bit key will be good for, the conservative estimate is (drum roll, please) — the year 2060...

Most of us make do with AES 128 bit (Tiger disk image encryption) and AES 256 bit (Leopard disk image encryption) keys. I checked out the NIST 2007 recommendations on keylength.com and found:

  • AES 128: > 2030
  • AES 256: >> 2030

Another table (ENCRYPT) described 256 symmetric key (ie. AES) as "good protection against quantum cryptography". So most of us don't need to worry about 4096 bit keys unless we're protecting information that will be very valuable in 2040.

I'll be 80 then -- if I'm alive. I'm not too worried.

Of course Schneier et all are usually reminding us that the key length is generally the least of our worries. Weak passwords, dictionary attacks, attacks on keys in memory, etc are all bigger threats. The biggest threat of all, though, is security that either destroys our data (that's really secure!) or that is too onerous to easily implement.

PS. I was in the "quantum will get us" crowd, so I'm a bit humbled by the new wave of "quantum reality".

XPonlinescanner.com: Malware infection on Star Tribune and other news sites

Preface: 3/24/2008.

I've retitled this post and added this preface due to a comment I received today:
I've seen several versions of the install file over the past week which is an indication that someone is up to no good. The source was: hxxp://xponlinescanner.com/2008/download
XPantivirus2008_v77011816.exe
XPantivirus2008_v880136.exe
XPantivirus2008_v77024205.exe
XPantivirus2008_v880181.exe
I submitted these files to TrendMicro and they all came back as malware containing a Trojan downloader.
So it looks like this was part of an attack of some sort. The Minneapolis Star Tribune site may have been compromised or it may be an unwitting attack vector. I couldn't find a good email address to notify them yesterday, but I did find a "feedback" form that looked like it might work. They really need to have a link to notify them of website issues in general and malware attacks in particular.
--
I click on the StarTribune National News link and my Firefox page vanishes. Instead I see:

I have to kill Firefox from the XP application list to get free. Talk about "erratic PC behavior, PC freezes and creahes".

There actually is a vendor selling this product. So this might not be a simple phishing attack; maybe the bot virus is embedded in a supposed commercial product instead. Maybe my XP box isn't really infected and this really was something the Strib's ad supplier tossed up.

Or not. [jf: see comments. Looks like a malware attack.]

I just can't tell. McAfee SiteAdvisor connects the vendor to spam, so I'm leaning towards my machine NOT being infected and XPonlinescanner.com being a shady enterprise with a good probability of a nasty "backdoor" in their "antiviral" "security" product.

I really do need to get rid of my last XP box. Using XP on the net is like waving a wad of bills in a port bar of old Bangkok.

Update 9/14/09: A similar attack hit the New York Times

Deliberations of the Zorgonian Commission on the Terran Problem

100011010101010: This human was exceedingly wrong about war #2545134 but publicly renounced his errors.

100101011010110: A cognitively disabled human was tortured for weeks by her housemates and her caretaker then murdered.

100011010101010: I see your point.

100101011010110: Then the deliberations may end?

100011010101010: It has been a long time, hasn't it?

010101010101010: Too long.

001101010101010: But who will take care of the dogs?...

Saturday, March 22, 2008

Everything you need to understand about the neo-banking crisis of 2008

Everything you need to know, in 3 paragraphs (emphases mine)

What Created This Monster? - New York Times

...A milestone in the deregulation effort came in the fall of 2000, when a lame-duck session of Congress passed a little-noticed piece of legislation called the Commodity Futures Modernization Act. The bill effectively kept much of the market for derivatives and other exotic instruments off-limits to agencies that regulate more conventional assets like stocks, bonds and futures contracts.

Supported by Phil Gramm, then a Republican senator from Texas and chairman of the Senate Banking Committee, the legislation was a 262-page amendment to a far larger appropriations bill. It was signed into law by President Bill Clinton that December.

Mr. Gramm, now the vice chairman of UBS, the Swiss investment banking giant, was unavailable for comment. (UBS has recently seen its fortunes hammered by ill-considered derivative investments.)...

And now, to save the greater economy, we will all donate to save Mr. Gramm and his ilk.

Because, you see, we can't let the those companies go under. And they can't be run, you see, without the the people who led them into their current peril. So we need to save the companies, which means saving their leadership, which means they get to keep the money of old that makes them rich, plus extra money from us now, because they really don't need to work because of the money they got before when they made the bests that ...

Yeah, you get the picture.

I'm acquiring an unsavory fondness for the Japanese tradition of Seppuku. In those days a dishonored leader didn't demand a new set of fresh stock options ...

Friday, March 21, 2008

Mall of America security expells PZ Myers from creationist movie

PZ Myers, was expelled from AMC theater's pre-screening of EXPELLED! by Mall of America security staff.

His crime was being PZ Myers, a prosletizer for atheism. Ironically, Richard Dawkins did get in to the pre-screening, and confronted the producer.

I'll be over at the MOA Monday, I wonder if anything will mark the spot.

Thursday, March 20, 2008

Economist obituary: the last French foot solder of World War I

I'd wondered if any were yet living.
Lazare Ponticelli | Economist.com:

... On March 17th he had his wish, or most of it: a state funeral for all the poilus at Les Invalides, and then a simple family burial. The government badly wanted this last foot-soldier to be memorialised; but he preferred to be uncelebrated and ordinary, even in some sense forgotten, and thus the more symbolic of all the rest.
There may be others, for a year or so, in Germany or England or elsewhere.

It's a good obituary.

I am grateful I've never been in a war. I hope my children avoid them.

Phorm - another eye in the sky

More of the same old stuff ...
A Company Promises the Deepest Data Mining Yet - New York Times:

...Amid debate over how much data companies like Google and Yahoo should gather about people who surf the Web, one new company is drawing attention — and controversy — by boasting that it will collect the most complete information of all.

The company, called Phorm, has created a tool that can track every single online action of a given consumer, based on data from that person’s Internet service provider. The trick for Phorm is to gain access to that data, and it is trying to negotiate deals with telephone and cable companies, like AT&T, Verizon and Comcast, that provide broadband service to millions...

...Phorm puts a cookie, a small bit of computer code, on a person’s computer to tie his or her Web-surfing to the random number and then saves only that number in advertising categories like types of cars or clothing...
In China the government tracks people's activities. In the US it's business. Funny.

Phorm assigns each computer-user-account-browser a unique ID and tracks the relatonship between unique ID and web page requests. I assume a Firefox extension would allow a browser to defeat Phorm. I assume they need ISP collaboration to track the web pages. A private VPN service would eliminate that possibility.

I've been using Witopia PPTP VPN when accessing public wifi, I wonder if it's time to start tunneling all my traffic through a trusted VPN.

Wednesday, March 19, 2008

Mea culpas of rationalists who supported the conquest of Iraq

Slate has a series of essays on the mistakes rationalists made in supporting the American invasion of Iraq.

Personally I was initially persuaded by Saddam's posturing (turned out to be a mixture of mostly bluffing Iran and genuinely not knowing what weapons he didn't have), our apparent inability to sustain the embargo, the harmful effects of the embargo on Iraqis (sigh), and the fake smallpox immunization program. I reversed course when Cheney/Bush completely alienated Turkey and left us with zero allies - prior to the actual invasion.

Of all the commentaries, Richard Cohen most resembles my own recollections -- but he focuses on the Anthrax mystery rather than my smallpox memories ...
I was miserably wrong in my judgment and somewhat emotional. - By Richard Cohen - Slate Magazine

Anthrax. Remember anthrax? It seems no one does anymore—at least it's never mentioned. But right after the terrorist attacks of Sept. 11, 2001, letters laced with anthrax were received at the New York Post and Tom Brokaw's office at NBC. In the following days, more anthrax-contaminated letters were received by other news organizations—CBS News and, presumably, ABC, where traces of anthrax were found in the newsroom. Weirdly, even the Sun, a supermarket tabloid, also got a letter, and a photo editor, Bob Stevens, was fatally infected. Other letters were sent to Sen. Tom Daschle's Capitol Hill office, and in Washington, D.C., a postal worker, Thomas L. Morris Jr., died. There was ample reason to be afraid.

The attacks were not entirely unexpected. I had been told soon after Sept. 11 to secure Cipro, the antidote to anthrax. The tip had come in a roundabout way from a high government official, and I immediately acted on it. I was carrying Cipro way before most people had ever heard of it.

For this and other reasons, the anthrax letters appeared linked to the awful events of Sept. 11. It all seemed one and the same....

Kaplan's story also runs parallel to my own. I would add that while I had some respect for Colin Powell, I was moved much more by Tony Blair's support for war. He had been a Clinton ally, at the time he had a terrific international reputation, and I didn't imagine he'd be a lackey of the Bush administration.

Nobody in the series mentioned Tony Blair. He's getting off far too easily.

The HIV genocide delusion

I think journalists do need to specifically ask Barack Obama about his perspective on the HIV genocide conspiracy theories. He didn't address this directly in his speech, in retrospect that's a noteworthy omission.
AIDS conspiracy theories: a field guide. - By Juliet Lapidos - Slate Magazine

... Barack Obama rebuked his former pastor the Rev. Jeremiah Wright on Tuesday for giving sermons in which he blamed the government for creating a racist state and "inventing the HIV virus as a means of genocide against people of color." Wright isn't the first to say that AIDS originated in the White House. Others have attributed the epidemic to a laboratory accident, malnutrition, or even God's divine will...

...According to a study released in 2005 by the Rand Corp., more than one-quarter of African-Americans believe the disease was engineered in a government lab, and 16 percent think it was created to control the black population...
I've read that this belief is also widely held in South Africa. Even if the US government were ten times as evil as Cheney/Bush, we don't have the technology to create a virus like HIV. We also don't have the power or technology to create a massive evolutionary and cross-species profile of the evolution and dissemination of HIV and its cousins.

One of my questions about Obama is how grounded is he in the world of logic and science. We already know McCain is arational, I'd like to know where Obama fits on the spectrum between Al Gore (reason) and George Bush (delusion).

The Slate article is quite well done; it's worth a full read.