Wednesday, August 13, 2008

Spooky action 10,000 times FTL. Yawn.

On the one hand, completely boring. Another test of QM is in complete agreement with theory.

On the other hand, this is almost as creepy now as it was when a 2007 Wired magazine article on a 1999 entanglement experiment casually noted that observer-independent reality was up against the possibility of free will. That set me off on my extended review of quantum mechanics; along the way free will seems to have come out ahead of reality.

Not quite as creepy though, because I'm getting used to living in a universe that's infinitely weirder than it seems. Here's the latest edition ...
Quantum weirdness wins again: Entanglement clocks in at 10,000 times faster than light: Scientific American Blog
No matter how many times researchers try, there's just no getting around the weirdness of quantum mechanics.
In the latest attempt, researchers at the University of Geneva in Switzerland tried to determine whether entanglement—the fact that measuring a property of one particle instantly determines the property of another—is actually transmitted by some wave-like signal that's fast but not infinitely fast.
Their test involved a series of measurements on pairs of entangled photons (particles of light) that were generated in Geneva (aerial view at left) and then split apart by optical fiber to two villages 18 kilometers (11 miles) apart where the team had set up photon detectors. (In 2007, researchers transmitted entangled light 144 kilometers between two of the Canary Islands.)
The idea in the new experiment is that the photons in each pair of entangled pair are hitting the distant detectors simultaneously, so there's no time for them to exchange a signal. By comparing results from the two detectors, the researchers determined whether the photons were entangled or not, using a test known as Bell's inequalities.

The photons were indeed entangled, the group reports in Nature. But in reality, no experiment is perfect, so what they end up with is a lower limit on how fast the entanglement could be traveling: 10,000 times the speed of light....
.. It's always conceivable that quantum mechanics might break down (read: show some signs of everyday normalcy) if experimenters could test it the right way. In a 2007 study, researchers in Vienna tested the idea that maybe the instantaneous-ness of entanglement (called nonlocality) was consistent with hidden "variables" that can explain the randomness of quantum measurements. But no dice for that idea...
... Rudolph says we're probably stuck with instantaneous entanglement, which seems impossible to us because we're stuck in everyday space and time. "We need to understand how quantum mechanics sees space and time," he says. "I think there's probably much deeper issues.
Yep, we're stuck.

I recommend Gribbin for a layperson explanation of how bad things are, though his preferred model for understanding entanglement is currently out of fashion (and incompatible with free will).

Tuesday, August 12, 2008

Slate reviews swim goggles

This is a surprisingly useful review. I'm tempted by fixed optical correction goggles, but otherwise ...
The best swim goggles. - By Juliet Lapidos - Slate Magazine

Speedo Speed Socket, $24.99

This pair is roughly like the Swedish goggles in that the eyecups are exceptionally well-designed to match the bone structure of the socket and it's possible to custom-fit the nosepiece. But they're better for nonprofessional swimmers, because the soft eyepieces rest more comfortably against the skin than the hard-plastic Swedes, and because they're much easier to customize. Speedo sends along three ready-made nosepieces, each slightly different in size, and it couldn't be easier to clip them on and off.

My friends and I agreed that the Speed Sockets look sleek and professional. And for just $5 more you can get a pair with mirrored lenses, which keep out sunlight and give your face a certain T-1000, liquid metal je ne sais quoi. Because the suction isn't too aggressive, I didn't experience any pain, and the raccoon effect was minimal. These goggles deserve high marks in every category...

Ease of Use: 5
Comfort: 9
Visibility: 10
Aesthetics: 5
Value: 5
Total: 34

Obama as the Antichrist - now from McCain

We weren't suprised by the Obama is the Antichrist meme. Heck, Clinton was accused of the same role.

Now we aren't suprised that the GOP is embracing Obama as Antichrist:
An Antichrist Obama in McCain Ad? - TIME

... includes images of Charlton Heston as Moses and culled clips that make Obama sound truly egomaniacal — taps into a conversation that has been gaining urgency on Christian radio and political...
McCain/Rove and the GOP will make this the ugliest campaign in modern history. They will do anything and say anything. They'll incite paranoid schizophrenics to violent action -- whatever it takes to win.

Don't assume it won't work. America is perfectly capable of falling for this.

Monday, August 11, 2008

Need some reading? Hugo nominees online

2008 Hugo Nomination List includes links to novellas and shorter works that are now available online.

I think that's really neat.

Sunday, August 10, 2008

My Peak Oil Call

On 3/10/08 I wrote:
Gordon's Notes: Oil price speculation: is it rational investment or a bubble?

...So here's my proposal for deciding if Peak Oil is on the way.

If the price of oil craters ($65) in the next 6 months then we're living in an energy bubble today and Peak Oil is more than 10-15 years away.

If the price of oil is above $105 a barrel in August of 2008 then Peak Oil is on the sooner rather than later, and the world I grew up in is shuffling away -- sooner than I'd expected....
Today a barrel of oil costs $115 or so.

I believe that's above $105/bbl. True, the price is falling, but that doesn't matter. I'll stick to my criteria.

I say Peak oil is here.

I say that despite, in my 1979 chemical engineering class, being told that peak oil was coming in the late 1980s (I think we reviewed the 1957 Rickover speech back then). I say this despite remembering Jimmy Carter's peak oil prediction in the 1970s.

Of course I'm really talking about Peak sweet light oil, and I don't mean "Peak" in absolute, or even demand > supply, I mean Peak in terms of rational market expectation of a > 70% probability that demand > supply within 5-8 years.

Basically I'm claiming that the price increases of this past year were due to praiseworthy speculation on the fundamentals rather than salacious speculation on psychology.

This means I'm expecting oil to go to Dyer's $200/bbl limit at least once in the next five years, though may transiently fall back to $80 along the way. After 5-8 years it will be very apparent that oil will be a shrinking percentage of our energy supply, and that in the absence of a severe carbon tax (or the equivalent) we'll be baking the plane with burning coal and burning tar sands.

It also means that it's now rational to invest in conservation, and to expect real estate prices to reflect increased commuting costs.

More on Peak Oil later, but I was overdue to make my promised call. (It's been a busy month!)

Friday, August 08, 2008

People didn't used to laugh when we said these things

This would be funnier if Russia weren't invading Georgia:
BBC NEWS | Europe | South Ossetia clashes intensify
...US Secretary of State Condoleezza Rice called on Russia to pull its troops out of Georgia and respect its territorial integrity...
She probably says it without irony.

The value of GrandCentral

GrandCentral is a VOIP service that gives users a phone routing service. Google bought 'em, and I signed up.

Problem is, I couldn't figure out what they were good for. Until today ...
Gordon's Tech: GrandDialer: will this help my phone bill?
But what if I could use my GrandCentral account to call Canada, then GrandCentral connects me in?
GrandDialer would make that easier:
GrandDialer, an iPhone app for GrandCentral - The Unofficial Apple Weblog (TUAW)
...GrandDialer (iTunes link) allows you to use your iPhone to call people using your GrandCentral telephone number....
This is using the GrandCentral "Click2Call" feature.
Briefly, it works. For most people this is a curiosity, but free AT&T cell calls to Montreal will pay for my iPhone.

Which explains this mysterious meeting transcript I found in my junk mail today:
... AT&T guy: "Thanks for joining us today. We really admire the work you've done at Google. We know you appreciate the fiber services we provide, and you understand why it's only fair that Google pay a bit more for the quality of service only we can provide."

Google guy's phone starts playing The Rolling Stone's "Under my Thumb".

Google guy: "Sorry about that. It's the ring tone I use for my GrandCentral calls. You understand ..."

AT&T guy: Would a 5% volume discount be ok?
AT&T is living off the big bucks they charge me for long distance calls. If they lost their long distance service they'd fall over dead.

GrandCentral could take a lot of that away -- if Google ever opened it up and created a GrandCentral widget like GrandDialer for every cell phone on the market.

In the meantime, GrandCentral is paying its way without earning a penny. They can afford to pay for my calls to Canada ...

Net security, the end of the password, and human evolution

The signs of the end are at hand.

First, this completely asinine alleged (a misquote I hope) comment from someone who must, really, know better:
BBC NEWS | Technology | Net address bug worse than feared

... Mr Silva at VeriSign said even though patches have been put in place, this doesn't mean users can sit back and relax.

'The biggest gap in security rests between the keyboard and the back of the chair,' he said.

'The look and feel of a website is not what a consumer should trust. They should trust the security behind that website and do simple things like use more secure passwords and change their password regularly...
Of course they should. They should also lose 50 lbs, run ten miles a morning, study a new language every month, and master levitation.

I really hope that was a misquote.

Next, I lose my last remaining gasket when the complexity of modern life leads to a security breach, and the need to change my 2 year old high quality primary Google account password:
Gordon's Tech: How to steal my Google account

... Yes, to steal my Google account, my primary digital identity, all you need to know is my first phone number...
  1. Passwords are a complete fail. Schneier has been saying this for years. We are now into the realm of madness. We need multi-factor authentication devices that handle our secondary authentication for us. Yeah, it's not perfect, but, really, this is s#$!@# insane.

  2. We live in the age of the tyranny of the mean. Even the vast majority of geeks aren't going to figure out how to sync 1Password with an iPhone. Regular folks are going to use one password everywhere and then forget it. Google, like everyone else with these asinine security question is bowing to the reality that humans didn't evolve to live in a digital world. We're maxing out right now.
This madness has to stop. The stupidity is hurting my brain.

Really, none of us evolved for this. We either need to reengineer the human mind or we need to implement better security measures.

This is going to need real help from an Obama administration, we've seen decades of banks failing to deal basic with security issues. This won't get fixed by libertarian emergence; the current system is simply providing endless prey for hungry predators.

Oh, and remember, sooner or later, we're all prey.

Thursday, August 07, 2008

An unusual view into Apple, and why MobileMe may be fixed before January

Chuqui has almost as many typos as me, and that’s saying something. Read around ‘em though, because he’s written a very unusual post about how Apple does business. Shockingly, Apple is not Steve Jobs, though he is an amazingly hands-on CEO.

For the first time I’m actually thinking MobileMe might be get fixed before January 2009. That would be very good – especially Apple is also able to add calendar publish and subscribe features. I especially would like to see CalDAV sync with gCal (not entirely far fetched since CalDAV is built into OS X iCal).

Software reviews and the App Store: We do have a problem

It's well known in geek circles that the iPhone App Store doesn't allow "try before you buy" distribution. It's less well known that app sales have been less than some had hoped.

I think slow sales and the lack of demo versions are connected.

I "terminate with cause" at least 75% of the desktop software I try -- and I only try products that I want to buy. In most cases the software is either seriously buggy, or it fails a critical test (such as the ability to export and import data).

Reviews should help with this, but they don't. It's not just that reviewers need to be kind to keep getting software, it's also that readers don't like negative reviews. Illogical, sure, but this is humanity we're talking about. We're hard wired to mix the state of the product with the state of the reviewer.

I'm not just making this up! I've been writing Amazon reviews for many years. My positive reviews are always more highly rated. Sure, it could be a retailer rating effect, but my recollection is this effect has been seen in cognitive psychology studies as well.

This human glitch means that a rigorous software reviewer would soon lack for readers. Even amateur reviewers generally like to have an audience, so those that survive learn to be gentle.

The inevitably weak state of the product review marketplace, and, yes Andrew, the fact that I push the limits of software, means I have to test personally. The App Store doesn't allow this. So geeks like me are slow to buy, and that means we're slow to talk about the software. Even if we're few in number, lack of geek chatter impacts sales.

There's an obvious solution.

The App Store should show two buttons for every item. One is "demo", it downloads the demo version. The other is "buy". The demo version would follow the usual practices of desktop demo software: limited lifespan, some carefully chosen feature limitations, use of watermarks etc.

I expect Apple will do something like this soon (it is kind of obvious, after all). Then App Store sales will improve -- at least for quality products.

Interesting lesson about the limited utility of product reviews however ...

Wednesday, August 06, 2008

Progress is non-linear: Palm vs. iPhone Address Book

My iPhone Address book, with about 400 entries, is pretty darned slow ...

Gordon's Tech: iPhone notes you won't read elsewhere

... The Address Book is very slow to launch (4 secs on my phone), but Google Mobile search also searches the Address Book -- and it's fast...

My Palm address book, with about 600 entries, launches instantly. There's no perceptible delay.

Time to select an address on the Palm? Maybe 1-2 sec. On the iPhone? Maybe 6-7 seconds. (Faster if you use Google Mobile.)

The iPhone has, of course, at least fifty times the processor speed and more than 1,600 times the memory capacity of the original Palm.

The Palm had essentially instantaneous responsiveness from day one. It was one of the design goals of the original team. The Palm was to have instant on, no user waiting for a system response, and no crashes. Incredibly, the original Palm team met those goals. Later ... well, that's a sadder story.

Apple will one day fix the iPhone Address Book problems. Heck, Google Mobile already has. It is a good example, however, of the random walk aspect of progress.

The iPhone does a lot that the Palm never could, but the original Palm did a lot of things well that the modern iPhone does poorly or not at all. Technological progress is squirrelly.

The Domain Registry Support fax scan is still in business

I received a cell phone call from a blocked caller ID today. The caller, a woman with a youngish Indian accent, said she was with "Domain Registry Support" and needed to send me a fax number regarding "changes in the Internet" that would affect one of my domain names.

I asked for their phone number so I could google it. The funny thing is that they've used 800-591-7398 in their scam since at least 2006. It's some kind of domain name transfer fraud. I assume they then resell the domain to someone else, or hold it for ransom, or use the personal information for an identity theft project.

I didn't have time to follow it up of course. I get at least 3 non-trivial phishing attacks every week, if I followed up on every fraud attack I'd have no sleeping time. Still, this is the first phone call attack in a while.

It's hard to remember when fraud wasn't a part of everyday life. It all feels like something out of a Charles Stross novel.

Never talk to the police ...

I'd come across multiple references to this talk, but I didn't f/u until Schneier recommended it:
Schneier on Security: Why You Should Never Talk to the Police

This is an engaging and fascinating video presentation by Professor James Duane of the Regent University School of Law, explaining why -- in a criminal matter -- you should never, ever, ever talk to the police or any other government agent. It doesn't matter if you're guilty or innocent, if you have an alibi or not -- it isn't possible for anything you say to help you, and it's very possible that innocuous things you say will hurt you.
It's very persuasive. In particular, there's a funny kink in American law. Whereas "anything you say may be used against you", the converse is not true; exculpatory statements are inadmissible hearsay.

The other lesson that stuck with me is that non-videotaped statements are very prone to being remembered differently by different people. These are the majority of statements made to police.

In comments there's a reference to an ACLU guideline for persons stopped by police. Two of the frequently repeated items are "don't say anything without a lawyer" and "be clear you do not consent to search".

In practice I'll speak with police if I think I can help with law enforcement -- though that's rarely come up in my life. Most of my non-casual conversations with police ended when I bought a car with cruise control.

Tuesday, August 05, 2008

Paris Hilton responds to the wrinkly white guy

Quick check: how many times have I referred to Paris Hilton?

Phew. Just a few times. Once to defend her poor choice in phone passwords, another time to connect her and Paul Krugman to America's deeply dysfunctional journalists.

So I'm still under quota; I can point to Brad DeLong's take on Paris Hilton's presidential campaign video. This is her response to a typically juvenile McCain ad that tried to connect Barack Obama to Paris Hilton, and thus to debauchery, celebrity and hot sex with young blond women.

Paris' comeback is funny, and oddly endearing. I thought she looked a bit nervous, but my celebrity interpretation skills are fairly minimal. In the video battleground she wipes McCain.

She refers to Senator Obama by first name, but his opponent is only a "wrinkly white guy".

I'm guessing she won't be voting for John "wrinkly white guy" McCain.

Ho hum. Another 40 million credit cards stolen

Yawn. The Webtel, Netfill, MJD Services credit card fraud of 1998 (ten years ago) netted about $40 million, so this $60 million + fraud is simply more of the same. I'm guessing Schneier has covered about 3-4 similar scans in the past decade....
11 Charged in Theft of 40 Million Card Numbers - NYTimes.com

BOSTON — The Justice Department said on Tuesday that it had charged 11 people in the theft of tens of millions of credit and debit card numbers of customers shopping at major retailers, including TJX Companies, in one of the largest reported identity-theft incidents on record.

TJX, of Framingham, Mass., which owns the Marshall’s and TJ Maxx chains, was the hardest hit by the ring, acknowledging in March 2007 that information from 45.7 million credit cards was stolen from its computers.

The charges focus on three people from the United States, three from the Ukraine, two from China, one from Estonia and one from Belarus.

The authorities said that the scheme was spearheaded by a Miami man named Albert Gonzalez, who hacked into the computer systems of retailers including TJX, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW Inc. The numbers were then stored on computer servers in the United States and Eastern Europe.

They then sold the information to people in the United States and Europe, who used it to withdraw tens of thousands of dollars at a time from automated teller machines, the authorities said...

... TJX has agreed to pay more than $60 million to credit-card networks Visa and MasterCard to settle complaints related to the incident, which is one of the largest on record based on the number of accounts involved.
It's only the largest based on the number of accounts involved, sounds like a lot of the accounts haven't been hit ... yet.

The $60 million only represents losses from people who noticed the transactions and then complained. The article doesn't describe the size of the per-person losses, but typically these scammers will hit an individual for $40 to $100 bucks.

I probably wouldn't even notice the hit, we long ago ran out of time to audit our credit card statements for petty thefts (big thefts are another matter). As long as the crooks don't get to greedy we're better off bleeding than fighting with Visa.

I suspect the basic Visa/Master Card security infrastructure is about as pathetic as it was in 1998, and that AMEX is still the best alternative (though not invulnerable).

The only way this will be addressed will be if we make the banks liable for cost plus punitive damages.

It's going to take a fortune to improve our credit card security infrastructure, and no bank can afford to make that investment if it has any plausible alternative. Making the banks pay more for security breaches is the only way to make change possible.

Update 8/12/08: The NYT has more details on the crime.