Monday, July 21, 2008

My interview with Jon Udell

Emily knows that when I received a podast invite from Jon Udell I yipped out loud. I’m a longtime fan of Jon’s writing and thinking; it’s timeless work. His writing from ten or fifteen years ago is still very relevant today.

The podcast is online. I’m going to make myself listen to it, though I have the not unusual aversion to hearing myself speak.

John … amazing Outlook hack (and why it matters) « Jon Udell

Although I’ve conversed online with John …. since my days at BYTE, we’ve never met, and we had not even spoken on the phone until last week when he joined me on an episode of my Interviews with Innovators podcast…

Jon interviewed me under my not-so-top-secret true name, rather than my John Gordon pseudonym. So if you follow the link you can learn the name I answer to.

The odd thing about the interview is that Jon’s voice and manner seemed very familiar. He writes as he is – curious, enthusiastic, smart, open, friendly and a pleasure to talk with.

We covered a bit of ground, so I’ve tagged this post with some of the topics we discussed.

Sunday, July 20, 2008

How good are the FBI's genetic test matches?

We're read similar stories over the past few years...
Slashdot: News for nerds, stuff that matters

...'The Los Angeles Times reports that an Arizona crime lab technician found two felons with remarkably similar genetic profiles, so similar that they would ordinarily be accepted in court as a match, but one felon was black and the other white. The FBI estimated the odds of unrelated people sharing those genetic markers to be as remote as 1 in 113 billion. Dozens of similar matches have been found, and these findings raise questions about the accuracy of the FBI's DNA statistics. Scientists and legal experts want to test the accuracy of official statistics using the nearly 6 million profiles in CODIS, the national system that includes most state and local databases. The FBI has tried to block distribution of the Arizona results and is blocking people from performing similar searches using CODIS. A legal fight is brewing over whether the nation's genetic databases ought to be opened to wider scrutiny. At stake is the credibility of the odds often cited in DNA cases, which can suggest an all but certain link between a suspect and a crime scene.'
The FBI's fondness for lie detectors and watch lists, not to mention abundant stories of incompetence over the past decade, gives them zero credibility. Not quite the negative credibility of the Bushies, but zero.

I believe they're guilty, and hiding their guilt. The testing is not as specific as they claim, perhaps because there crime labs are incompetent, perhaps because truly accurate tests cost more than they want to spend.

If we elect McCain, the FBI won't be reformed.

Saturday, July 19, 2008

Post Mortem for a failed Silicon Valley startup

I was a part of a start-up that was technically successful (investors somewhat happy), but it really didn't meet our early expectations.

I had my own set of post-mortem analyses; I'm sure everyone else in the company had a different set.

So I appreciated a founder's review of a start-up that really did die: Monitor110: A Post Mortem, even though they probably have an element of self-protection in 'em. That's inevitable.

I'd heard one of 'em before: "Too much money." Counter-intuitive, but a common item in the post-mortems I've read and heard.

WALL-E's Starship Axiom is from Northern Minnesota

WALL-E's starship Axiom must have launched from Duluth.

No, scratch that, there are more non-white folk in Duluth than we see on the Axiom. Maybe International Falls?

It's a bit creepy. Fat and melanin deficient.

Antidotes to Data Lock: DataPortability.org and Document Freedom Day

My (lousy) experience with moving PIM (personal information manager) type data (tasks, notes, calendar, address book) from Outlook/Palm to MobileMe(ss), OmniFocus, Evernote and Remember The Milk have given me that lonely pioneer feeling. I'm even starting to miss my old Nemesis.

I feel the jaws of the Data Lack trap ...

Gordon's Notes: Software as service: watch out for Data Lock

Every method of selling software has its own Dark Side.

Microsoft's traditional model favored proprietary data formats (Data Lock), feature mania until competition died, then forced obsolescence every 2-3 years.

Ad-supported software has to get us to look at the ads. If we stop looking, it will get more and more obnoxious. Data Lock helps ensure we can't escape, even as the pain level rises.

Software as a service has technical issues (Gmail was down a few days ago - again), but, above all, Data Lock is a terribly strong temptation. At least on the desktop there are local files that conversion software might run against.

...while all three models suffer the Data Lock temptation, it's strongest in the "Software as Service" model...

I'm not completely alone though. Google not only supports Document Freedom Day, they've made some real moves towards data freedom. There's DataPortability.org, the cryptic microformats initiative, and good old OPML.

We need to push the "cloud" vendors towards the world of data freedom, or they'll make us nostalgic for the lost tyranny of Microsoft.

Update 5/15/10: Happily, we now have Google's Data Liberation Front. I have issues with Google, but the DLF is one reason they are lesser of all evils.

How did the "secret question" get out of control?

Recently I had to answer 4 "secret questions" for some investment account that controls a bit of our retirement.

Four.

All different from the usual "mother's maiden name", because so many people have hacked that answer that the questions have moved on.

Now they ask what model my first car was.

That will be hacked, and then I'll be asked a different secret question. Eventually some future AI will be able to reconstruct my entire life from hacked "secret" questions.

How did this get so out of control? When Schneier wrote this 3 years ago, I figured the stupidity would die off (emphases mine) ...
Schneier on Security: The Curse of the Secret Question

....It's happened to all of us: We sign up for some online account, choose a difficult-to-remember and hard-to-guess password, and are then presented with a 'secret question' to answer. Twenty years ago, there was just one secret question: 'What's your mother's maiden name?' Today, there are more: 'What street did you grow up on?' 'What's the name of your first pet?' 'What's your favorite color?' And so on.

The point of all these questions is the same: a backup password. If you forget your password, the secret question can verify your identity so you can choose another password or have the site e-mail your current password to you. It's a great idea from a customer service perspective -- a user is less likely to forget his first pet's name than some random password -- but terrible for security. The answer to the secret question is much easier to guess than a good password, and the information is much more public. (I'll bet the name of my family's first pet is in some database somewhere.) And even worse, everybody seems to use the same series of secret questions.

The result is the normal security protocol (passwords) falls back to a much less secure protocol (secret questions). And the security of the entire system suffers.

What can one do? My usual technique is to type a completely random answer -- I madly slap at my keyboard for a few seconds -- and then forget about it. This ensures that some attacker can't bypass my password and try to guess the answer to my secret question, but is pretty unpleasant if I forget my password. The one time this happened to me, I had to call the company to get my password and question reset. (Honestly, I don't remember how I authenticated myself to the customer service rep at the other end of the phone line.)

Which is maybe what should have happened in the first place. I like to think that if I forget my password, it should be really hard to gain access to my account. I want it to be so hard that an attacker can't possibly do it. I know this is a customer service issue, but it's a security issue too. And if the password is controlling access to something important -- like my bank account -- then the bypass mechanism should be harder, not easier.

Passwords have reached the end of their useful life. Today, they only work for low-security applications. The secret question is just one manifestation of that fact.

I think the lesson is that even when something is an "ex-parrot" humans will keep it propped up in the corner for a very long time. I used to follow Schneiers "random answer" technique, but then some sites started asking me both my regular password and my "secret question".

The idiocy of the "secret question" will never end.

Apple - with great power comes ...

Like the comic book said, 'With great power, comes great responsibility'.

Apple has the power now. Do they feel the responsibility?

Veteran Apple users celebrate Apple's rise, and Microsoft's decline, much less than the media might imagine. We remember that Steve Jobs has a history of what some might call "control issues".

Stories like this one remind us we love Apple best when their back is to the wall...
One Little Article - Inside iPhone Blog
...Unfortunately, we don't have An App Store, we have The App Store. The difference is exclusivity. With An App Store, software can be put on the iPhone through some other method. The App Store, however, is the sole way to get software on the iPhone. This leads to some major problems all around. Users who want software that Apple doesn't approve of can't get it, because it's obviously not listed by Apple in the App Store. Developers who aren't accepted into Apple's program, for whatever reasons, can't get on the iPhone at all and thus can't sell to customers. Developers who are accepted are still running into immense issues with updates, bug testing, and more. Ultimately, that's bad for Apple too, as it means those users and developers are unhappy and will aim their frustrations squarely at Apple.
Presumably, Apple has considered all this. If so, they've determined that they'd rather have complete control over the applications available on the iPhone than have more flexibility for developers and customers alike. I can see how this could be good for Apple itself - a dictatorship tends to serve the dictator quite well. I can't, however, see why developers would support it, nor customers...
Android, Please get well soon. We Apple customers need you give the gift of Fear to Apple.

The Economist's in depth review of Fannie Mae and Freddie Mac

Outside of the obituary and Africa coverage, The Economist is a pale shadow of its former excellence. On occasion, however, it can rise to old standards.

A recent review of the American mortgage crisis, Fannie Mae and Freddie Mac | End of illusions, is the best I've seen. Of course it would have been even more impressive had they pointed out the structural problems a year or two ago!

With our newly enhanced vision, Fannie and Freddie look like a classic Ponzi scheme, effectively able to issue their own debt. Their ultimate downfall came when they figured out how to evade the last vestiges of old regulation by investing in mortgages they themselves could not hold.

The emerging consensus of the economists I read is that the financial markets are now in the biggest mess since 1932, however the rest of the economy is not expected to relive the great depression. On the other hand, the Economist article ends with a curious note:
... Perhaps it is no surprise that traders in the credit-default swaps market have recently made bets on the unthinkable: that America may default on its debt.

Friday, July 18, 2008

The pain is all in your head

Firstly, this excellent essay by Atul Gawande is a reminder of how cruel life can be.

Scratching through one's skull is an undeniable sign of way too much suffering.

Secondly, it's a story of how the understanding of perception is evolving ...
Annals of Medicine: The Itch by Atul Gawande for The New Yorker

...This may help explain, for example, the success of the advice that back specialists now commonly give. Work through the pain, they tell many of their patients, and, surprisingly often, the pain goes away. It had been a mystifying phenomenon. But the picture now seems clearer. Most chronic back pain starts as an acute back pain—say, after a fall. Usually, the pain subsides as the injury heals. But in some cases the pain sensors continue to light up long after the tissue damage is gone. In such instances, working through the pain may offer the brain contradictory feedback—a signal that ordinary activity does not, in fact, cause physical harm. And so the sensor resets....
The ideas aren't quite as novel as Gawande suggests. I recall fifteen years ago veteran physicians, with lots of experience with intractable pain and chronic fatigue, had begun to think the problems were "all in the patient's head". By which we meant, with intentional irony, that the problem was "malwiring" of the brain.

The good news is, the brain is plastic. We can't easily alter it directly, but we can slowly reprogram it through the mind. That's how the mirror-box therapies Gawande describes work, and presumably that's how exercise therapy works for chronic fatigue syndrome (albeit both imperfectly).

We'll get better at this 'rewiring by programmed experience' techniques, but we're also going to have to sometimes rewire directly -- with microfilament implants and with the grosser neurosurgical techniques sometimes used for intractable seizure disorders.

(original link via FMH)

Power boosted bikes for low cost, low carbon, commuting

Sci Am has a nice review of a $2,000 50lb LiOn battery power assist bicycle.

Recharge times are six hours. It's a pure assist system, there's no power regeneration. A computer controlled transmission system adjusts energy input.

I like this idea. It's not hard to imagine a $1,000 version in a few years better optimized for higher speeds (drop bars, recumbent design, etc.). A recumbent tricycle version with some shielding could make rain or snow conditions tolerable for the average reasonably fit person.

Development is active in Europe and China; but if our gas prices go to $8 a gallon we'll be doing development here too.

Giant has a web site view.

The 2004 national cholesterol guidelines have no clothes

A pending board exam has forced me to review the 2003 NHLBI, ATP III Lipid management guidelines. I don't see patients, so I haven't had to really contemplate these before.

They're not a pretty sight.

Ok, so they're not quite as bad as a naked middle-aged emperor, but they still hurt the eyes.

The problem is they try to reconcile two different risk models. One risk model attempts to stratify people based on their similarity to a large population study - the Framingham model.

Another risk model is based on different research data sets, and tries to estimate risk based on a changing set of predictive "risk factors", such as Diabetes mellitus, and family history of heart disease.

Problem is, those two latter two big risk factors weren't a part of the Framingham model. In fact the Framingham model doesn't incorporate LDL cholesterol directly, it estimates it from Total and HDL cholesterol.

The two models look like this (table stolen from my obsolete online medical notes, this part was updated):

Item Risk calculation model Risk factor approach
Age x x
Gender x x
Total Cholesterol x  
HDL Cholesterol x x
LDL Cholesterol   x
Smoker x x
Hypertension x x
Family history   x
Diabetes   x

The guideline writers try to glue the two models together in a way that seems logical, but they really don't work that well. For example (LDL level in this table is the level where the statins start).

LDL Level Risk Factor Framingham 10 yr risk
> 100 CHD or "equivalent"* > 20%
> 130 2 + (ex. 46 yo male smoker) 10 - 20%
> 160 2 + (ex. 46 yo male smoker) < 10%
> 190 Treat based on LDL alone.

I played around with the online calculator, it wasn't hard to create a plausible patient with a Framingham risk of < 10% but a Risk Factor Model if CHD equivalent (basically a healthy diabetic patient, the right answer is clinical judgment with a bias towards treating if either of the risk models meet criteria. So treat if column A + either (B or C).

We really need a single integrated model of risk, not trying to juggle and compare two different models that can give contradictory answers.

Of course it may turn out that this single integrated model doesn't lend itself to memorization, but needs to be implemented as an electronic tool. Wouldn't be the first time that's happened.

Visualizing a complex connected network: lessons from E. Coli gene transfer

The Loom's "Festooning The Tree Of Life" tells how biologists have visually represented the history of E. Coli gene transfer. It's an example of "scientific visualization" and knowledge representation that belongs to any class or course on visualization and representation -- not to mention a future Tufte book.

Kafka's FBI Watch List over 1 million, grows 20,000 a month ...

Via FMH, the ACLU estimates the GOP/FBI "terrorist" Watch List (aka "the watchlist") has topped 1 million (ACLU estimate). It grows by 20,000 names a month, and it seemingly never shrinks. The ACLU provides a handy the counter and a form to complete if you've been harmed by the Watch List (typically extended inspection when flying).

The watch list is a corollary to the worthless no fly list. There used to be a TSA form to ask for removal from the no fly list, but the old link doesn't work any more. More recently the Traveler Redress Inquiry Program (TRIP) appeal program was recently reviewed by MSNBC (emphases mine):
... As of January 2008, some 24,000 people had used TRIP to appeal their inclusion on the lists. The TSA hasn’t revealed how many applicants have been officially cleared or whether clearance has actually resulted in no-hassle flying. Anecdotal reports from frequent fliers maintain that many travelers who were told they were cleared continue to be stopped in airports. 
The TSA press office in Washington, D.C. declined to take questions about TRIP from an Aviation.com writer, referring the writer to TSA spokesman Nico Melendez in Southern California. Melendez didn’t return the reporter’s telephone call or reply by e-mail for this story
In past years, TSA spokespeople suggested that aggrieved travelers contact the TSA ombudsman to set things right, but TRIP has largely superseded the earlier procedure. Perhaps that’s for the best, as the TSA ombudsman’s office has received scathingly bad reviews from TSA employees, as related by a report made public in late June by the Inspector General of the Department of Homeland Security. Complaining of poor training and tone-deaf management, some 20 percent of TSA screeners quit their jobs last year. 
As it stands, TRIP consists mainly of an online form. Travelers who want to tap into TRIP should go to the TSA’s Web site, look for the "Resource Center" section on the right-hand side of the page and follow the prompts...
Physicians would recognize the Watch List as one of those stupid lab tests that come out every few years claiming to find some nasty cancer, but ends up sending vast numbers of healthy people for misguided surgical procedures.

It's another Cheney/Bush legacy that Bush III (McCain) will institutionalize.

The ACLU's response is rational and similar to regulations for cleansing credit reports ...
  • due process
  • a right to access and challenge data upon which listing is based
  • tight criteria for adding names to the lists
  • rigorous procedures for updating and cleansing names from the lists.
Of course if the FBI actually followed those rules the list would be revealed as a worthless waste of money and a source of security-reducing noise.

The ACLU is doing good work. I should donate to them. Problem is, I've done that before. The ACLU has their own version of a "watch list" -- it's their "donor list". They use it to generate killer levels of paper spam (junk mail), and they sell it widely. I need a way to send plain unmarked bills to the ACLU so they can't spam me. Ideas?

See also:
Update 7/21/08: Schneier has a review, with links to notabob's basic predictive value analysis:
... We match (50 + 6) / (444 + 50 + 6) = 11.2% of terrorists using this scheme. 
Of the people matched, (50 + 6) / (990,000 + 50 + 6) = 0.006% are terrorists. Put another way, 99.994% of all people matched are innocent...
In medicine, this is what's known as a "worse than useless test". Lousy sensitivity, impossibly miserable specificity.

This is why I want to stop teaching calculus in high school, and make basic probability a requirement for graduation. Heck, it will come in handy at the Casino at least.

If the FBI's matcher were a lab test, it would never be approved for use.

If McCain gets in this will never go away.

The core of Al Gore's energy proposal is a carbon tax

When even John McCain tries to sound like he's agreeing with Al Gore, you wonder if my favorite ex-politician isn't on to something.

In the middle of his energy speech is the key proposal:
The (Annotated) Gore Energy Speech - Dot Earth - Climate Change and Sustainability - New York Times Blog

...I have long supported a sharp reduction in payroll taxes with the difference made up in CO2 taxes. We should tax what we burn, not what we earn...
Yep, that's the ticket.

It means gas prices don't go down though, and the price of electricity goes way up.

This is going to take a culture change comparable to what we need to reform America's lousy human development score.

If you have to tear off the top floor to add a new bathroom, you might as well add a new bedroom too. We need to do both changes together.

Thursday, July 17, 2008

The MobileMe iPhone - Microsoft, I miss you!

So I'm looking at the entrails of MobileMess, and I'm thinking ... this is hopeless. No tasks. No notes. Weak synchronization. Broken stuff everywhere. No import or export in OS X iCal ...

In my heart I know Apple hates people like me. Dull people with complicated lives who need to get lots of dull stuff done.

Google doesn't like dull stuff either. They're all young; they hate old, complicated lives.

I understand, when I was young I could write my To Do list on a single piece of notepaper too. I remember when 35 items was a lot to do. Sometimes I miss those days.

I need a vendor who likes dull people with complicated lives. A vendor who'd create something like Outlook ... or Entourage ...

A vendor like Microsoft ...
Help and How-To for Microsoft for Mac Office Products | Mactopia

....By using Sync Services, you can synchronize your Entourage contacts and calendar events with an iPod, iPod touch, or iPhone.

Sync Services is a central database on your Macintosh computer that keeps track of programs and devices that share information. After synchronizing an Entourage address book and calendar with Sync Services, the information is also synchronized with your Macintosh Address Book and iCal. Then you can use iTunes to synchronize the information with your iPod or iPhone...
Sure, that's the ticket! Microsoft could create a Task and Notes app for the iPhone, and sync with Entourage and Outlook ...

Oh, wait. Microsoft isn't developing for the iPhone.

Hell has frozen over.

I miss Microsoft.