Net security is completely broken

Matt Honan was thoroughly hacked, including having his iCloud link computers obliterated [1], because our net security infrastructure is completely broken.

Here's just one bit of the hack ...

How Apple and Amazon Security Flaws Led to My Epic Hacking | Gadget Lab | Wired.com

... It turns out, a billing address and the last four digits of a credit card number are the only two pieces of information anyone needs to get into your iCloud account. Once supplied, Apple will issue a temporary password, and that password grants access to iCloud...

... First you call Amazon and tell them you are the account holder, and want to add a credit card number to the account. All you need is the name on the account, an associated e-mail address, and the billing address. Amazon then allows you to input a new credit card. (Wired used a bogus credit card number from a website that generates fake card numbers [1] that conform with the industry’s published self-check algorithm.) Then you hang up.

Next you call back, and tell Amazon that you’ve lost access to your account. Upon providing a name, billing address, and the new credit card number you gave the company on the prior call, Amazon will allow you to add a new e-mail address to the account. From here, you go to the Amazon website, and send a password reset to the new e-mail account. This allows you to see all the credit cards on file for the account — not the complete numbers, just the last four digits. But, as we know, Apple only needs those last four digits. We asked Amazon to comment on its security policy, but didn’t have anything to share by press time....

That sound you hear is the hollow laughter of Bruce Schneier, who used to write about the madness of 'secret questions' before the sheer stupidity of it all wore him down.

It's all broke guys.

Once upon a time civilians [2] used the same password everywhere. Smart civilians made it a bit harder to guess, like "Joseph45206". They knew their passwords.

They were hacked of course. So companies began insisting on more robust passwords. Civilians stopped remembering their passwords. So they took to requesting password resets whenever their browsers forgot a password. Except email addresses fade away, so resets often failed. Then sites started asking 'secret questions' to do resets, but nobody remembers the answer they gave to their #$! secret question [3]. So now Apple support basically hands over credentials to nice sounding voices.

This system can't be fixed.

Phone based two-factor might help, but I've been using Google's two-factor since day 1 and it's still a royal pain in the ass. It's strictly for geeks. Not to mention what happens when you lose your phone.

We need to give Schneier a few drinks and get him to talk about this again. Failing that:

1. Backup for Darwin's sake.
2. Don't enable remote wipe of Mac OS X hardware. Just encrypt it.
3. Use Google two-factor (two-step verification) if you are a geek and can stomach it.
4. Fear the Cloud. Keep the data you value most close to you.
5. Don't use iCloud.
6. Don't trust Apple to get anything right that involves the Internet and/or Identity. [4]

Not being Schneier my advice isn't worth much, but fwiw I suspect the "solution" is:

1. Get rid of the secret security question.
2. Strictly limit password resets. If someone lost last access, charge them $50 to go to bank, post office or notary to establish their identity.
3. Incorporate biometrics (thumb print and speech probably).

[1] Of course he didn't have backups. Don't beat him up about that, he's busy flogging himself.
[2] As opposed to geeks with 15 yo FileMaker password databases stored on encrypted disk images. 
[3] Unless they've added a $!%!%$! secret question field to the #$!#$ FileMaker encrypted disk image database and the answer to the secret question is something like: "4hgoghi4ohh4tt".
[4] Apple needs to pay their executives less and their geeks more. 

Coin flips and climate

The weather is unusual, but is the climate truly different? How would we know?

I toss a fair coin 10 times. Which of these patterns is more likely than the other?

• HTHTHTHTHT
• HHHHHTTTTT
• TTTTTTHHHH
• HTTHHHTHTT

Now toss a fair coin nine times. I get HHHHHHHHH. What's the chance of getting T on the next toss?

The answer to the first question is that all of these outcomes are equally likely, though some seem odder to us than others. They all show five tails and five heads, the most common result of tossing a coin ten times. [1].

The answer to the second question is, of course 50%.

Now for the interesting question.

I toss a coin 100 times and I get 95 tails. What is the chance that the coin is fair [2]?

What if find one side of the coin is more magnetic than the other?

What if you inspect the rim and notice a color change from one side to the other?

Each of those three observations makes it less likely that the coin is fair. Taken together they strongly suggest the coin isn't fair.

We know that weather is not "fair". It is biased by climate.  If the distribution of weather events changes, we may infer that the climate bias is changing. If we have strong reason to suspect that atmospheric CO2 concentrations change climate, and we know CO2 is rising and weather events are changing, we have even more reason to suspect that climate is changing.

That's why we can say, beyond a reasonable doubt, that our climate is changing.

[1] Contemplation of these results doubtless leads to speculations on the arrow of time, Boltzman's brains, and the insanely unlikely probability of my certain existence. But that's not for today.
[2] Can I reject the null hypothesis of a fair coin, where a fair coin, tossed a very large number of times, will turn up heads and tails with equal frequency?

Google's Kansas Gigabit and the wireless war

The Google-Apple war continues, but it's dwarfed by the wireless war that started when Verizon and ATT used price signaling to become VerizATT [1].

Now AT&T retail sales is incented to trash talk iPhones and sell Android. VerizATT is, for the moment, allied with Google against Apple. (Which should give geek fans of Android some qualms.)

This is starting to feel like the tooth-and-claw capitalism of the 19th century railroads [2].

Meanwhile Google is going nuclear on Comcast. Will they stay loyal to VerizATT, or will they turn when Apple is wounded?

Will Comcast do a deal with Apple? Will Microsoft continue to sit on the sidelines?

Will Apple and Microsoft form a separate consortium to buy Sprint and T-Mobile?

With its massive pipes, will Google offer free net access to homeowners willing to mount a LTE-Advanced tower on their roof?

These are interesting times.

[1] They must figure that by the time antitrust kicks in the war will be done.

[2] Not the first time that comparison has been made. Railroad tracks have a lot in common with wireless spectrum. My grandfather was a railroad man when everyone was in railroad; sometimes I wonder if 19th century geeks were all in the railroads.

Microsoft: what really happened?

I finally read the entire How Microsoft Lost Its Mojo Vanity Fair article. It's worth a read for all geeks over 40, despite some obvious flaws. A few quick comments:

• The article makes Microsoft sound atypical. I don't think it is, I think it's a very typical corporation. It's no more had a lost decade than any other publicly traded company that's not Apple. (Google search is more than 10 years old. What have they done since?). It's only remarkable because it was once so extraordinary.
• Most modern corporations do something like stacked ranking, they're just not usually so obvious about it. GE's disastrous HR innovations are ubiquitous.
• Vanity Fair's fact checkers should be stack ranked. Obviously Eichenwald needed help. There are many chronological and tech history errors in the article; I especially don't get what was so remarkable about OS X 10.4/Tiger. 10.3 was the amazing version of OS X.
• I don't remember mention of the effects of the 1990s Consent decree. That's a curious omission. In the late 90s it was possible that Microsoft would be broken up for business practices that are illegal for de facto monopolies. If Gore had won in 2000 that might have happened. Instead Bush won. (I wonder who Gates funded that year.) Microsoft remained intact; now that seems a Pyrrhic victory.
• I think Google is following Microsoft's path, they're just not as far along. More importantly, I don't see how Apple can avoid Microsoft's fate. Jobs psyche and power were unique. All publicly traded corporations tend to resemble one another.

Minnesota: There is official bicycle parking at the Rosedale Mall (aka Rosedale center)

(and now for something completely different).

I made my most recent Apple store trip by bicycle. Before I set out I tried to find a bike parking slot at the typical old-style suburban mall near my office -- the Rosedale Center (mall).

All I found was a lonely picture of someone's bike padlocked to a stairway railing.

That's why I wrote this post; so that Google will now know the answer to that question.

The answer, as you might suppose from the title, is yes.

The official response is that there are "bike racks at the Food Court entrance and the entrance near Green Mill."

In my case I used a quite nice set of racks that are immediately behind the Apple Store; I wonder if they were installed for employees. (Incidentally, if you're picking up a 27" iMac you can park here for 30 minutes. Wish I'd known that prior to my last visit.)

There's another set of similar racks to the right of this location; I think they're the "food court entrance" racks and they at 45.01217, -93.17242:

Now you know. Kudos to the mall for having such fine bicycle parking, now they just need to note it on their web site.

Poverty in the west

For much of human history slavery, rape, abuse of children and women, heavy drinking, murder, cruelty, and animal torture were commonplace and accepted.

Not so much now, at least in wealthy nations. Humans are immensely imperfect and prone to regression, but we are better than we were. Progress happens.

Progress happens, but then the bar goes up. We clean the air of LA and the acid rain of the Northeast, so we get global CO2 management as our next assignment. We work through a chunk of our racist and genocidal history, and we get to work on gay marriage. Fifty years from now we won't eat animals. And so it goes.

Poverty elimination is also on the list. Might be an even harder problem than CO2 emissions. The good news is that worldwide poverty is improving very quickly...

US intelligence agency sees world poverty in sharp drop, rising fight for resources by 2030 - The Washington Post

Poverty across the planet will be virtually eliminated by 2030, with a rising middle class of some two billion people pushing for more rights and demanding more resources, the chief of the top U.S. intelligence analysis shop said Saturday.

If current trends continue, the 1 billion people who live on less than a dollar a day now will drop to half that number in roughly two decades, Christoper Kojm said...

I don't think 'virtually eliminated' means what Kojm thinks it means - but this is good news all the same.

The bad news is that poverty in America isn't going away.  Peter Edelman runs the numbers  on our brand of poverty ...

Why Can’t We End Poverty in America? - Peter Edelman - NYT NYT

... The lowest percentage in poverty since we started counting was 11.1 percent in 1973. The rate climbed as high as 15.2 percent in 1983. In 2000, after a spurt of prosperity, it went back down to 11.3 percent, and yet 15 million more people are poor today...

... We’ve been drowning in a flood of low-wage jobs for the last 40 years. Most of the income of people in poverty comes from work. According to the most recent data available from the Census Bureau, 104 million people — a third of the population — have annual incomes below twice the poverty line, less than $38,000 for a family of three. They struggle to make ends meet every month.

Half the jobs in the nation pay less than $34,000 a year, according to the Economic Policy Institute. A quarter pay below the poverty line for a family of four, less than $23,000 annually. Families that can send another adult to work have done better, but single mothers (and fathers) don’t have that option. Poverty among families with children headed by single mothers exceeds 40 percent.

Wages for those who work on jobs in the bottom half have been stuck since 1973, increasing just 7 percent...

Addressing these problems will be challenging. Children are very expensive in a post-industrial society, yet much of American poverty is concentrated in father-free families managed by a single mother. Their poverty would be easier to manage if they had made different fertility choices; simplistic income subsidies could incent politically unsustainable behaviors.

Fortunately there are strategies which eliminate perverse incentives. Tying income to managed work, providing health and child care (including easy access to contraception), and quality educational programs alleviate poverty and provides the means and incentives to make thoughtful fertility choices.

A different slice of our poverty comes from a mismatch between post-industrial employment and human skills. This isn't going a way, 3D printing of manufactured goods will do to manufacturing what full text search did to the law. Meanwhile six percent of Americans suffer from a serious mental illness every year and twenty-five percent of Americans have a measured IQ less than 90. Given changes in technology, and the automation of many jobs, is it conceivable that 20% of Americans are relatively disabled?

Again, the strategy for this community is subsidized work -- the same strategy used for the "special needs" community. (Since I won't get to retire ever, I assume I'll be in this community sooner or later.) 

We know what we need to do. We even know where the money will come from -- from taxing CO2 emissions, financial transactions, and the 5% (ouch).

Sooner or later, we'll do it.

See also:

• Median male earnings - declining since 1969? 3/2011
• Mass disability and Great Depression 2.0 3/2008
• Employment in the Great Stagnation 8/2010
• Post-industrial employment: adjusting to a new world 5/2010
• Plan B - Skip College - NYTimes.com 5/2010
• Why your daughters should be roofers -- not architects 3/2004
• Causes of the Great Recession: China, GPSII and RCIIIT. Now for Act III. 4/2010
• Neo-Feudalism: Return of the Trades 2/2004
• Unemployment and the new American economy - with some fixes 1/2010
• Is labor lumpish in whitewater times? 7/2012

Facebook's share price: based on my ads, it's going to stay in the 20s

Facebook opened at 38 and it's down to 24 (7/28/2012). Facebook has earned less money than expected.

I don't know where Facebook's money was supposed to come from, but Facebook claims advertising pays the bills:

Advertising on Facebook

Ads help keep Facebook free
From the beginning, the people who built Facebook wanted it to be free for everyone. It now costs over a billion dollars a year to run Facebook, and delivering ads is how Facebook pays for this.

You see personalized ads
Facebook tries to show you the ads you’ll be most interested in. These ads are chosen based on the things you do with Facebook such as liking a page, and info Facebook receives from you and other sources. Dig into the details.

You can impact the ads you see
Unlike ads on television, you can influence which ads you see on Facebook. Spot something that doesn’t interest you? Click the X and it’s gone.

Except ads are obviously not paying as expected. There are two reasons for this, one obvious and fixable, the other simply weird.

The obvious problem is that when i use Facebook.app I don't see ads. I assume that's why Facebook is working with Apple on a unified iOS/OS X integration strategy that will bring ads to mobile. (It's funny how many geeks claim it's app performance that's driving the rewrite.)

The weird problem shows up in my web browser. I see ads in my browser, but they are uninteresting or annoying. 

It's not I'm immune to advertising. I pay for a Silent Sports subscription so I can read their ads. So why can't Facebook give me interesting ads?

It's not that I don't try to help. I visited their 'interests' page -- but they didn't list any of my interests (I ran into the same problem with Google's ad-interests page years ago.) I "x out" the fb ads that are annoying or uninteresting, but I still don't get anything interesting. Facebook's two year old ad voting isn't working.

I'd love to read an article on why Facebook's ads are so poor, and why Google's are only somewhat better. The best minds of today's young are spent trying to get me to click on ads, I'm trying to help them, and it's not working. I get better ads on the rare occasion that I watch broadcast TV, and much better ads in magazines.

That's weird.

I can think of three possible causes. One is that the products and services I buy from don't need Facebook ads. They get more mileage from Facebook's free Pages. Another is that Facebook's leadership is mediocre and delusional. (I think the era of mega-wealth is making that age-old problem worse.) Lastly the real profit in facebook ads may come from exploiting the same population that watches daytime tv; I'm not worth bothering about.

I suspect all three answers are correct. Unless Facebook can do a great deal with Apple, or figure out how to make Pages pay without killing them[2], or come up with a new business model, their share price is going to be stuck in the 20s for years to come.

I really do need to learn how to make bets on relative spreads. [1]

See also:

• Why are Google and Facebook ads so crappy? 4/2012
• Facebook changing: it's not about friends or games any more ... 7/2012
• Facebook has the eBay disease - the Farmville story 11/2009
• Facebook's ad voting - fascinating 7/2009
• 21st century TV - preying upon the weak 3/2011
• Facebook's Ads Are Terrible, It's Amazing The Company Will Do $4 Billion In Ad Sales: Apparently an analyst named Rich Greenfield wrote on this pre-IPO, but it looks like his share price estimates were optimistic. 

[1] John A, I still have the notes you gave me! The linked article is about making bets on single trends, I'm more interested in bets on relative trends. (Ex: Divergence between Facebook/Google share prices over an 8 month period.)
[2]  About Sponsored Stories - Facebook Help Center

Google Fiber: a blog, not a G+ share

Google uses a blogspot blog, not a G+ channel, to tell us about Google Fiber.

I'm probably making too much of this ray of sunshine, but Google Fiber and open blogs are both old school GoogleMinus. My Google feeds have been shrinking since the dark day, this is the first one I've added in almost a year.

Is it coincidence that I ordered a Nexus 7 two days ago? If I'd known Google was that easy I'd have ordered a Nexus something months ago.

Really Google, if you want to win me back, just give St Paul Minnesota some of that fiber love. We're only 400 miles up highway 35E. I'll even put a mini-tower atop my home to provide data coverage to complement your t-mobile acquisition.

You're 50 now. It's time to start plan 0.

Ken Murray hit a nerve when he wrote "how doctors die" last November. Now he's back with Doctors Really Do Die Differently.

Briefly, physicians are relatively good at dying. Maybe we just think about it more. Certainly we have a better idea than most civilians of what medicine can do (heart transplants) and what it can't do (run an effective code after respiratory arrest, prevent dementia, etc).

So I'm thinking now about plan 0.

No, not wills and living wills and the like -- Emily and I took care of that stuff decades ago and we've redone them several times. There's still work I need to do on digital archive plans and transferring domain names, but it's manageable.

No, not contingency plans for password and account information access. (Though, come to think of it, I do need to update the danged password archive. That's getting harder these days.)

Plan 0 isn't about those things. It's about emulating Molly Thunderpaws Squirrelbane. She lived to be an old dog, maybe a bit forgetful but good company. One day she's sick with some abdominal cancer. Heartbroken we feed her high cost lamb for her last few days. Which turned out to be 340 last days. It got quite expensive, since we obviously couldn't stop the therapeutic lamb. Cheaper than vincristine though, and tastier. Finally, her legs give out, friends gathered, and the vet made a house call. Perfect.

I have a bit of time to figure out plan 0, probably 30 years or so assuming a good morbidity compression strategy [1]. First I need to get euthenasia legalized, then I need to give the kids a financial incentive to bump me off, but not too much of an incentive ...

[1] Based on family history, health habits, current health, mortality curves and assuming medical progress continues to be very slow.

A shot in the dark - Am I my brother's keeper?

Roger Ebert wrote a column on gun control and received 650 comments.

He read them all.

Then he responded, with one of his best columns ever. Some of the lines are so well said I've excerpted them below. I've written about this many times, but, of course, not with his eloquence.

A shot in the dark - Roger Ebert's Journal

Catie and Caleb Medley went to the doomed midnight screening of "The Dark Knight Rises." It was a movie they'd been looking forward to for a year, her father said. Gunfire rang out. The bullets missed Catie, who was pregnant. Caleb was shot in the eye. On Tuesday, their son Hugo was born. Caleb is listed in critical condition, and the cost of emergency treatment for his head wound has already reached $2 million. The Medleys were uninsured.

... Many of the comments were about health care, and one of the arguments frequently heard was: "I don't want the federal government taxing me to pay for the medical costs of people who don't care enough to provide for their own costs."...

... In our imagination it's always other people who get sick. I have a reader who tells me he's never been sick a day in his life. I tell him that's interesting from an autobiographical point of view, but otherwise not relevant. I can assure him that unless he's killed in an accident, sooner or later he will most surely get sick, and sooner or later he will most surely die.

Are we our brothers' keepers? Many people who resort to scripture are under the impression that we are not. They forget that it was Cain who said he was not his brother's keeper, after murdering Abel. In a similar sense, if our fellow citizens die because they have no access to competent medical care, they argue that we are not their keepers...

... I quote from the Bible for a particular reason. Many of the opponents of Universal Health Care identify themselves as Christians, yet when you get to the bottom of their arguments, you'll find them based not on Christianity but on Ayn Rand capitalism...

Ebert is talking about prosperity theology (wikipedia, see also Prosperity Theology | Christian Bible Studies [1]), a belief that wealth is a sign of god's approval, and poverty of god's disapproval. Since sin earns god's disapproval, the poor are sinners.

Although American Christians have brought prosperity theology to new heights, it's not unique to Christianity or to Mormonism. Hinduism's justification of caste maps well to the idea that poverty goes with sin, and wealth with grace.

In 2012 the fundamental difference between the right and the liberal is how we answer the question: "Am I my brother's keeper". Ironically, avowed Christians often give the answer of Cain and Ayn, while secular humanists often give the answer of Abel.

Cain and Abel. Romney and Obama. Some things never change ...

[1] Probably the only time I've ever linked to Christian Bible site.

Zenith CruisePad 1996

I found this in some archives.

A little bit of history from 1996. An antecedent to the iPad, the CruisePad was a wireless thin client sold into healthcare verticals ...

Zenith just announced its MultiCruise system that supports 5-60 simultaneous users of its mobile CruisePAD (640x480 VGA LCD 3.2 lb with integrated touch- or stylus-activated dignitzer panel). The system works with standard DOS, WIndows 3.x, Windows 95, and Windows NT applications. The wireless communication uses Integrated Spread Spectrum Frequency Hopping radio that supports a standard range of up to 500 feet in office environments, unlimited range if a network of CruiseLAN/Access Point nodes is installed. Thus, a clinic could implement an interactive EMR system enabling clinicians with CruisePADs to access the system anywhere in the clinic without hard wiring PC's in every room. A complete 5-user system, including single Pentium (upgradable to 4 processors) server with 36MB RAM (upgradable to 768MB), 850MB HD (upgradable to 24GB), keyboard, montor, 5 CruisePADs, and an extended version of Windows NT Server lists for "about $15,000."

Apple's profits disappoint. So what has Apple done for me lately?

Apple's margins disappointed today, and the stock dropped.

Coincidentally, I just ordered a Nexus 7 for $200.

 

Or maybe that's not entirely coincidental. What, after all, has Apple done for me lately?

 

Apple forced me to migrate from MobileMe/OS X to iCloud/Lion - causing significant pain for my family and me with zero perceived benefits. Actually, less than zero benefits. Lion is a slug on our previously lively MacBook, and iCloud has added nothing but severe pain while eliminating iWeb and Gallery.

 

Apple botched the MobileMe Gallery to iPhoto transition, destroying some user's iPhoto Libraries (I was spared that one).

 

Ten years late Apple enabled iPhoto Library integration -- but incompletely and only with Aperture and Lion (this is actually the least of their sins).

 

Apple is changing the iPhone Dock Connector. That would be tolerable if they were going to something that was USB standard compatible, but rumor expects another proprietary connector.

 

Apple screwed up my Apple ID to Apple product records.

 

Apple doesn't yet have repair support for unlocked AT&T iPhones.

 

iOS Parental Controls are still broken.

 

I could go on. Bottom line - Apple has done a lot for me over the past decade, but not so much over the past two years.

 

That's part of why I ordered a Nexus 7 today rather than wait for an iPad 8". If the Nexus works I'll wait until next spring to look at the iPad. Maybe. Google is definitely evil, but lately they've been less incompetent than Apple.

 

Evil is bad, but incompetence is worse.

Usenet: it's time to put a stake in it

Google has rebooted Google Groups for Business. I'd was surprised by the reboot, so the announcement brought me back to my old Groups account.

I found Google had me listed as a member of rec.sport.skating.inline. Yes, a usenet group. Google inherited them when it rescued the DejaNews usenet archive from oblivion [1].

There are still posts to the group that pass Google's spam filters -- one every few weeks. Alas, even they look like spam. I saw some older posts from a year before.

Wikipedia tells us that most of the usenet traffic now is spam and "binaries" newsgroups. The article gives the impression that those binaries range from illegal software to child porn. Most ISPs don't carry usenet any more; I'm sure Google doesn't index the binaries and I suspect it filters most of the spam.

It's time to put a stake in usenet. At the funeral, we should consider the lessons it taught us.

[1] I was a keen DejaNews user. I used to 'tag' my usenet posts with a unique string to enable retrieval and review (for example). I'm tempted to add this search string to my Google Custom Search engine, but I'm a bit leary of breaking the engine.

Facebook changing: it's not about friends or games any more ...

My slice of Facebook is changing in ways that are interesting, but not necessarily profitable for Facebook.

Consider this "Likes" list from the Minneapolis Park and Recreation Board's Facebook Page:

Many of the items on this page are of interest to me. Likewise for the items on the St. Paul pages. Not to mention the Pages I maintain for Minnesota Special Hockey Eagles and the Minnesota Inline Skate Club.

I "liked" quite a few of these Minneapolis Parks related pages. When I browse my list of Likes (painful term), many, if not most, are local organizations and businesses rather than people. These organizations used to try to reach me through newspapers or the US Mail, now I read them on Facebook.

I don't seem game invitations any more (mercifully); they're tucked away on the right upper page. Periodically I decline them all.

I don't see that much activity from friends and family. Some are quite active (thanks MC!) but most don't post at all. Many stopped using Facebook.

So my slice of Facebook isn't about games or celebrities (never was). It's still a bit about friends and family. Most of all though, it's about organizations and businesses I want to hear from, including local government.

How does Facebook make any money from this? They're going to have to start charging for Pages at some point ...

Aurora - the rational response is better schizophrenia management

Robert Ebert:  "Here is a record of mass shootings in the United States since 2005. It is 62 pages long ... The hell with it. I'm tired of repeating the obvious."

Gail Collins: "Did you catch the one last week in Tuscaloosa? Seventeen people at a bar, hit by a gunman with an assault weapon."

Well said, but both Collins and Ebert know we're not going to get meaningful gun control in the United States any time in the next twenty years. We'll get a Carbon Tax long before we'll get weapon management.

American gun control died when the NRA pushed Bush to a statistical tie with Gore, and brought us the torture presidency.

In any case, it's not clear even strict gun control would be more successful than the American War on Drugs. There are vast numbers of inexpensive and effective weapons of mass murder in the US. The cost of havoc is low.

As a nation, we've gone a long way down a rough road.

That doesn't mean we can't do anything. It's almost certain that the latest killer is mentally ill, probably paranoid schizophrenic. As a nation, our care of the mentally ill is abysmal in blue and red states alike. Physicians have fled the specialty of psychiatry and we're dramatically short of the family physicians who might fill the gap.

If we're going to get anything of value from this soon-to-be forgotten nightmare, it won't be from some incremental and soon eroded change to Colorado's gun control laws. It will come from leveraging Obamney Care's new financing for mental illness. We need to make it much easier for friends, family, and teachers to get help for paranoid schizophrenics, and we need to provide support for treated schizophrenics to stay well.

Update 7/22/2012: A slightly different take from a Columbine book author:

The Unknown Why in the Aurora Killings - David Cullen - NYTimes.com

... Dylan Klebold was an extreme and rare case. A vast majority of depressives are a danger only to themselves. But it is equally true that of the tiny fraction of people who commit mass murder, most are not psychopaths like Eric Harris or deeply mentally ill like Seung-Hui Cho at Virginia Tech. Far more often, they are suicidal and deeply depressed. The Secret Service’s landmark study of school shooters in 2002 determined that 78 percent of those shooters had experienced suicidal thoughts or attempts before mass murder...

It's a bit odd to say that someone who is suicidal and has delusional symptoms of major depression is not "deeply mentally ill", but Cullen is not a physician.

I think what he's trying to say is that most shooters are mentally ill, but that psychotic or severe depression is more common than schizophrenia.

I haven't been able to find any public health literature, but it's important to note that many shooters don't survive to get to a full psychiatric evaluation. One of the best responses to the Aurora shooting would be to fund a review of psychiatric issues in shooters and identify intervention opportunities.