Wednesday, August 06, 2008

Never talk to the police ...

I'd come across multiple references to this talk, but I didn't f/u until Schneier recommended it:
Schneier on Security: Why You Should Never Talk to the Police

This is an engaging and fascinating video presentation by Professor James Duane of the Regent University School of Law, explaining why -- in a criminal matter -- you should never, ever, ever talk to the police or any other government agent. It doesn't matter if you're guilty or innocent, if you have an alibi or not -- it isn't possible for anything you say to help you, and it's very possible that innocuous things you say will hurt you.
It's very persuasive. In particular, there's a funny kink in American law. Whereas "anything you say may be used against you", the converse is not true; exculpatory statements are inadmissible hearsay.

The other lesson that stuck with me is that non-videotaped statements are very prone to being remembered differently by different people. These are the majority of statements made to police.

In comments there's a reference to an ACLU guideline for persons stopped by police. Two of the frequently repeated items are "don't say anything without a lawyer" and "be clear you do not consent to search".

In practice I'll speak with police if I think I can help with law enforcement -- though that's rarely come up in my life. Most of my non-casual conversations with police ended when I bought a car with cruise control.

Tuesday, August 05, 2008

Paris Hilton responds to the wrinkly white guy

Quick check: how many times have I referred to Paris Hilton?

Phew. Just a few times. Once to defend her poor choice in phone passwords, another time to connect her and Paul Krugman to America's deeply dysfunctional journalists.

So I'm still under quota; I can point to Brad DeLong's take on Paris Hilton's presidential campaign video. This is her response to a typically juvenile McCain ad that tried to connect Barack Obama to Paris Hilton, and thus to debauchery, celebrity and hot sex with young blond women.

Paris' comeback is funny, and oddly endearing. I thought she looked a bit nervous, but my celebrity interpretation skills are fairly minimal. In the video battleground she wipes McCain.

She refers to Senator Obama by first name, but his opponent is only a "wrinkly white guy".

I'm guessing she won't be voting for John "wrinkly white guy" McCain.

Ho hum. Another 40 million credit cards stolen

Yawn. The Webtel, Netfill, MJD Services credit card fraud of 1998 (ten years ago) netted about $40 million, so this $60 million + fraud is simply more of the same. I'm guessing Schneier has covered about 3-4 similar scans in the past decade....
11 Charged in Theft of 40 Million Card Numbers - NYTimes.com

BOSTON — The Justice Department said on Tuesday that it had charged 11 people in the theft of tens of millions of credit and debit card numbers of customers shopping at major retailers, including TJX Companies, in one of the largest reported identity-theft incidents on record.

TJX, of Framingham, Mass., which owns the Marshall’s and TJ Maxx chains, was the hardest hit by the ring, acknowledging in March 2007 that information from 45.7 million credit cards was stolen from its computers.

The charges focus on three people from the United States, three from the Ukraine, two from China, one from Estonia and one from Belarus.

The authorities said that the scheme was spearheaded by a Miami man named Albert Gonzalez, who hacked into the computer systems of retailers including TJX, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW Inc. The numbers were then stored on computer servers in the United States and Eastern Europe.

They then sold the information to people in the United States and Europe, who used it to withdraw tens of thousands of dollars at a time from automated teller machines, the authorities said...

... TJX has agreed to pay more than $60 million to credit-card networks Visa and MasterCard to settle complaints related to the incident, which is one of the largest on record based on the number of accounts involved.
It's only the largest based on the number of accounts involved, sounds like a lot of the accounts haven't been hit ... yet.

The $60 million only represents losses from people who noticed the transactions and then complained. The article doesn't describe the size of the per-person losses, but typically these scammers will hit an individual for $40 to $100 bucks.

I probably wouldn't even notice the hit, we long ago ran out of time to audit our credit card statements for petty thefts (big thefts are another matter). As long as the crooks don't get to greedy we're better off bleeding than fighting with Visa.

I suspect the basic Visa/Master Card security infrastructure is about as pathetic as it was in 1998, and that AMEX is still the best alternative (though not invulnerable).

The only way this will be addressed will be if we make the banks liable for cost plus punitive damages.

It's going to take a fortune to improve our credit card security infrastructure, and no bank can afford to make that investment if it has any plausible alternative. Making the banks pay more for security breaches is the only way to make change possible.

Update 8/12/08: The NYT has more details on the crime.

The Fermi Paradox in science fiction: a review

There's nothing new for me in this Tor.com review of the Fermi Paradox in Science Fiction, but it's a good start. Read the comments for additional examples.

If you read good science fiction the future always feels familiar.

PS. The review includes a link to a delightful short story.

Sunday, August 03, 2008

Why the undead Palm is great news for my Palm to iPhone conversion

It's a movie cliche.

The demon
is dead and the popular kids have returned to their debauched ways, partying by the demon's grave.

A hand thrusts out of the fresh grave ...
Palm sells 2 million Centro’s - John at myITforum.com

So why isn’t this getting much press? The Apple cult media sure played up all the iPhone sales right? Why isn’t Palm getting the same recognition for selling 2 million Centro’s?

Palm, Inc. (Nasdaq:PALM) today said it has sold its two-millionth Centro smartphone, confirming the $99 [jf: bogus new-contract price] product's growing momentum with traditional mobile phone users who want to move up to a phone that offers more functionality.(1) Palm is now offering Centro in more than 25 countries in North America, South America, Europe and Asia Pacific....

Palm Centro growth has been particularly strong among a demographic Apple wants to own - women.

Now why would that be? What does the Centro do that's particularly interesting for women? What can the Centro do with a core OS technology that was old in 1990?

Is it the pretty colors?

Well, my daughter likes pretty colors, and I suspect she'll still like them twenty years from now. Personally, I like lime green -- it's easy to find.

Obviously it's not the pretty colors. The connection is the other way. Vendors with a product women buy always offer more color choices.

So what does the Centro do that's particularly appealing to women?

To answer that question, let's go back before the Palm.

Those were the days, before Palm and BlackBerry and Windows CE/whatever and Getting Things Done, when the Franklin Planner ruled. Emily and I had a matched set -- burgundy and navy.

Back then, the The Franklin Co sold planners, books and courses to mid-level managers (ie. people without admins) - a mix of men and women. They also sold to millions of non-managers, mostly women, who all had one thing in common.

Complex lives. Lives involving lots of people and tasks and things to plan and coordinate. People who needed to plan -- and who couldn't keep it all in their head.

That's why Franklin Covey's front page still features a collection of purses (bags). Most men have simple lives, most women have complex lives.

Now jump to the 1990s, and the PalmPilot. Unlike every other gadget before or since, it was popular with women -- because it was designed to help manage complex lives. Emily used one until Palm began making very unreliable devices, and blew away its market [1]. (She's been back on the paper Franklin Planner ever since, though she uses a BB Pearl for email and map services.)

Fast forward. In 2008 middle-managers use Outlook and a Blackberry, so there's no opening there for the iPhone or Palm device.

That leaves the non-corporate complex life market -- which is largely female.

So what do these women see when they go to buy a phone? They see the iPhone, which is a $500 technological wonder and a completely brain-dead PDA. On the other hand, there's the Centro, a $300 phone that inherits 1980s technology and the skeleton of a once brilliant PDA design. (With a kb, so the horror of Grafitti Two is irrelevant.)

Sold by Franklin Covey, by the way.

The Centro is the only logical choice.

Two million smartphones is a pretty a nice bit of the growing market. It's probably enough to keep Palm on life support. It's also enough to put a crimp in Apple's sales targets.

Good.

I like most things that make Apple miserable and worried.

Maybe Palm's dead-man-walking act will make Apple decide that they need to add 1980s-class functionality to the iPhone (hint: tasks? memos?), fix their broken-everywhere synchronization, and enable multi-calendar publish-subscribe on MobileMess.

Thank you Palm Centro customers. Thanks for making it conceivable that I'l really be able to one day migrate from my Palm to my iPhone.

Keep up the good work.

[1] Palm set some kind of capitalist record for self-inflicted wounds. It's a credit to the astounding work of the original PalmPilot team that the company still exists.

When McCain sold his soul

I haven't been surprised by McCain/Bush III's embrace of Rove.

Why wasn't I surprised? He once had a reputation for integrity. I couldn't remember when he'd thrown that away, when I realized what he was.

Joe Conason reminded me: "By the time McCain spoke up feebly against the Swift boat campaign, the damage had been done -- to him as well as to Kerry."

Yes, that was it. That was when McCain sold his soul, the day he realized he'd betray anyone and anything to win the presidency.

The day he became George Bush III.

Bringing laptops across the border

As a young traveler I had mild run-ins with the occasional border official. That's when I was told that they have extraordinary legal authority - judge, jury and executioner basically. Understanding that helped my patience, and gray hair eliminated most of the hassles.

This is something to remember if you're a young man traveling with a laptop:
Crossing the line at the border | Good Morning Silicon Valley

...Without explanation, we can seize your laptop or any device capable of storing information (including cell phones, thumb drives, video tapes, and old-fashioned analog paper). We can keep it as long as we want. We can look through the contents, and we can share them with other agencies or private entities. And we can do all this whenever and to whomever we want...
This is Bush appointee policy, so if you really don't like it you might consider the voting implications. The obvious recommendations are:
  1. Don't carry any sensitive data or apps across the border
  2. If you want a seized laptop back quickly don't encrypt anything. If you must encrypt, then be ready to provide keys.
  3. Have a current backup - you may never see your data again.
  4. Be very polite to border officials. They have their share of dull, troubled, and resentful people [1], but they're all very good at detecting sarcasm.
  5. Don't carry or wear anything that insults any GOP officials or christian deities.
[1] There's a legislated and institutional preference for veterans in the customs service. Since untroubled veterans have a broad choice of employment, there's a bias for troubled veterans to end up in customs (and the post office too).

Update 8/5/2008: Schneier has an essay on how to carry a laptop across the border. In a later article however, he simplifies his advice, and recommends storing sensitive data in an encyrpted file on a secure server back home. The data can then be retrieved from the server after crossing the border. Don't bother carrying the data with you.

Strange loops: Google custom and customized search - and a memory blog

This is a strange loop story.

It began unremarkably. I was finding my own blog posts when I searched on various topics. I felt a bit chuffed -- the GGG (great god google) liked my sacrifices. Often I chose my own posts; since I write in part to extend intracranial memory they worked for me.

Then things got odd. I was getting back more and more of my own results -- often at the very top of a search. GGG likes me alright -- but not that much.

Around the same time, as I discovered new ways to use search against my extended and interconnected memory, I changed my home page to my Google custom search page. Using this page my blog search results were not sorted by date, but rather by GGG assigned value -- the "best" posts came first. Now my extended memories were being organized by Google, searches were more effective, and I leveraged more of my old posts.

The Solipsistic Strange Loop was strengthening, for I was seeing Google's customized search results. The combination of my Google Custom Search Page, my extracorporeal memories (blogs), my use of Google's web history, my location information and my default digital identity have been building a recursive loop of public-private interconnectivity.

As a fringe benefit these web-of-one searches are making a mess of sleazy search engine optimization hacks. It's hard enough to game one set of search results -- really hard to game millions of different result sets.

Where will it go next?

My iPhone lets me take geo-tagged pictures, and it lets me bookmark my location. Inevitably I'll be able to combine the images, locations, time stamps and annotations, and weave them into my extended memory. Custom search means they'll live in a neural network that merges into the GGG metamind.

Interesting times.

Friday, August 01, 2008

Alzheimer's disease: 70 genes?!

This doesn't sound like one coherent disease:
Alzheimer's disease | A tangled tale | Economist.com

...The Cure Alzheimer’s Fund, a charity, also had an important finding. It announced that its mapping of the disease’s genetic basis has found 70 genes that may be involved, far more than expected...
70 genes?! This sounds like schizophrenia -- lots and lots of mutations.

I've long felt that "Alzheimer's" wasn't a disease, but was the normal destination of the aging brain. Not so bad when it hits at age 105, but genuinely horrible when it hits at 55. A "70 gene" story fits with the theme that
  1. It's really quite tricky to build a functioning human brain out of the flotsam of primate evolution. The current model has a lot of hacks and glitches.
  2. Any one of hundreds of faults will derail the train early. To get to 105 without full dementia takes a perfect performance.
  3. We ain't going to cure this anytime soon.

Consumer safety bill: whiplash

What planet am I on again?

The new consumer safety bill seems to be a very positive development.

It passed the House 424-1 and the Senate 89-3 -- and the WSJ doesn't like it. The toy industry seems in favor.

Even Bush probably won't veto it.

Weird.

Thursday, July 31, 2008

More evidence that schizophrenia is an evolutionary disorders

A year ago I coined the term "evolutionary disorders" for diseases arising from malfunctions of rapidly evolving organs -- like the human brain.

Today comes news that the vast spectrum of disorders we lump together as "schizophrenia" arise from a very diverse array of unrelated mutations.

Sounds like a disorder of evolution.

Sometimes a criminal can do you a favor

File this one under ‘life is best drunk black’.

We know phishing scams are getting more sophisticated. It’s the age old story – target the vulnerable. Mostly the vulnerable are the cognitively disabled, including the ever growing population of once sophisticated adults with new pre-dementia. (Emerging trend: children filtering their parent’s email.)

There are other vulnerables though. People facing medical or financial crises, where desperation trumps judgment. Or people with a missing loved one.

Recently I received a phishing email promising information on my brother. It wasn’t all that well done (no, I won’t point out how the scum could improve); I presume it was an amateurish attack from some online registry.

Coincidentally it came in around the 6th anniversary of my return to Saint Paul from Whistler Canada. Nice timing!

Ironically, the crooks did me a favor. They made me check the old domain I setup years ago. I was shocked to find it pointing to my hosting service – Lunarpages. Turns out a credit card had expired, and the registration had lapsed. Lunarpages still held the domain, so once I fixed the card they restored the service. (Now I have to figure out what happened to their missing notifications, and whether I want a different host.)

So here’s a thanks to the scum-sucking lice running phishing scams against the families of disappeared persons. You did me a good turn. Tell me where you live, and I’ll return the favor …

Challenges to medicine and science – medication invention hits a brick wall

Pharma has a problem – they’re not coming up with any great ideas…

Health Blog : Hey, Drug Researchers, Lotsa Luck!

Name a drugmaker that isn’t struggling to come up with breakthrough medicines. Research costs have ballooned while output at many companies has slowed to a trickle. Technology that was supposed to make drug research more predictable seems to have instead made it easier to come up with more drug failures faster.

“The molecular revolution was supposed to enable drug discovery to evolve from chance observation into rational design, yet dwindling pipelines threaten the survival of the pharmaceutical industry,” say consultant David Shaywitz and Nassim Nicholas Taleb, author of “The Black Swan: The Impact of the Highly Improbable.”

“What went wrong?” they ask in the opinion pages of the Financial Times. “The answer, we suggest, is the mismeasure of uncertainty, as academic researchers underestimated the fragility of their scientific knowledge while pharmaceuticals executives overestimated their ability to domesticate scientific research.”

When you get right down to it, Shaywitz and Taleb say, we still don’t understand the causes of most disease. Even when we think we do, because someone found a relevant gene, we’re not very good at turning the knowledge into a treatment. “Spreadsheets are easy; science is hard,” they tell Big Pharma…

I can vouch for the lack of progress. I’m wrapping up a review of roughly the last 7 years of changes in medical practice.

To put it delicately, progress has sucked. If you put a good physician to sleep 7 years ago, and woke her up today, she’d be reasonable competent on day one. A week later she’d be fully up to speed.

My med review conclusions are:

  1. Lots of new combinations of old drugs, maybe due to co-pay schemes
  2. Many new drugs have suicidal ideation as a side-effect.
  3. Lots of failed immune related drugs re-purposed with limited focal impact on a few disorders.
  4. Probably some improvements in seizure meds. Lots of new Parkinson’s and diabetes meds, but they’ve had limited value. (metformin was a home run, but that was more than 7 years ago).
  5. Really lousy progress in antibiotics; there are fewer useful therapies now than 7 years ago. Actually, fewer every year.

Every so often I read stories about how physicians are demoralized by financial pressures or lack of social support. I can see that, but maybe we should start asking real physicians (not industry types like me) if they’re feeling discouraged by the lack of medical progress.

It’s a lot more fun to practice medicine when you’re able to do new things to help people, not so much fun when there’s no more magic in the hat …

Amazon Payments and Simple Pay - will be big (and a bug)

PayPal, about a hundred years late, has established a signed email infrastructure. I don't see PayPal/eBay phishing scams on Gmail any more, because anything unsigned is instantly deleted.

So they're trying to clean up a bit. Too late for me. They played a dirty game too long - I want 'em gone.

I thought Google Checkout would do the trick. Much as I like Checkout though, Google hasn't done that much with it. (Given a choice, I usually choose a Google Checkout vendor.) In particular Checkout never went person-to-person, and it never went international.

Maybe Amazon will do better with Simple Pay and Amazon Payments.

Simple Pay is very much like Google Checkout (confusingly, Amazon Checkout is more like a store front service). It's business oriented, but I went through part of the signup and it's trivial -- any individual proprietor could easily use Simple Pay.

Simple Pay is also available for non-profit donations (so is Google Checkout, but we couldn't get that to work for MN Special Hockey). Here's their cut:

For Transactions >= $10:

  • 2.9% + $0.30 for all transactions

For Transactions < $10:

  • 5.0% + $0.05 for all transactions
Amazon payments is even more interesting. It allows phone-to-phone cash transfers and online cash transfers to any person.

I signed up. I can now send money to "anyone's" (I suspect they really mean "anyone in the US") email or phone, it goes against my regular credit card.

Update: You might want to wait a bit before using Amazon Payments. I, of course, found a bug. Amazon Payment has assigned me the name of a corporate admin who's card was a available for my use in my Amazon account. That card was never my primary payment card, and it's not been used for ages, but it was there. Extremely annoying. I've deleted it and remove the name from my address book, but the identity assignment remains. I'll update this note with Amazon's response.

Update 8/8/08: Yeah, it's a bug -- though Amazon thinks it's only a cosmetic problem.

It took me quite a few emails until Amazon stopped sending me automated, useless, support responses. Sadly, I had to resort to one of those upper case, exclamation point, adjective infested "YOU HAVE A BUG!!!!" emails. Modern email decision support systems treat these the same way voice recognition systems treat obscenities -- they route to a human.

That's so sad.

This is what Amazon finally responded with:
I have reviewed our previous correspondence with you, and I offer my sincere apologies for any misunderstanding thus far.

I'm sorry to hear about the difficulty you experienced with the name on your Amazon Payments account.

At this time, I do see that the name listed for your Amazon.com account is John G Faughnan, and your Flexible payments account may be showing as xxxxx.

We are aware that the Payments website may greet you by the name associated with a credit card rather than the name on your Amazon.com account. I have passed this feedback along to our developers. We are always happy to get this type of feedback from our members.

We will update the display name for your Amazon Payments account for you. This change should be completed within 1-2 weeks.

Please be assured that in the meantime your Payments account will operate correctly in spite of the name difference...
The problem arose because one of the credit cards on my Amazon account belonged to a corporate admin, that happened to be the name Payments randomly picked for a "greeting name".

Update 8/19/08: Amazon has some support issues. Either that, or their outsourced support organization is suffering from very high levels of turnover.

Today's episode:
I reviewed your Payments account and saw that the name associated with credit card on the account is "xxxxxxxxxxxxx" and the one associated with Amazon Payment is "yyyyyyyyyyyyyy". Please advise which one needs to be changed/updated on the account.

As always, please feel free to contact us should you have future questions or comments. If you need to contact us back, you can do so by using the secure form at the following specialized link to assure we receive your message:
Of course all my prior correspondence was clear on which was the correct name, and, as noted above, there's no way to respond to the message.

I tried the "specialized link". The saga continues.

11/1/08: The bug remains. Clearly, they can't fix it.

Odd note in a story on a national artificial joint registry

The NYT joins a call for a national joint registry to find problems sooner.

Makes sense, if the FDA had not been gutted by Bush it would probably have done this years ago.

The interesting bit, however, is the article unconsciously suggests an alternative approach:
The Evidence Gap - Experts Seek a Data Safety Net for Joint Replacements - NYTimes.com

.... The use of joint registries has proven beneficial abroad. In Australia, regulators use such data to force manufacturers to justify why poorly performing hips or knees should remain available, and products have been withdrawn as a result. In Sweden several years ago, surgeons alerted by their national registry stopped using a badly flawed hip long before their American counterparts did. A few medical organizations here, like Kaiser Permanente, operate their own registries to good effect and the Hospital for Special Surgery in New York has recently set up a registry....
If I were the governor of MN, I'd use the Swedish and Kaiser registries. How big a registry do we really need?

The NYT story incidentally illustrates how corrupted we physicians are. The physician profiled received lots of money from the hip replacement vendor. He eventually bit the hand that fed him, but we have lots of experimental data to show that paying "consultants" delays or softens any potential "bites".

In the absence of a national registry, or the use of Swedish and Kaiser data, paying off surgeons is a good investment. Not as great an investment as funding a helpful Senator's reelection, but pretty good.