Friday, September 14, 2012

The Cosmo story, the facade of online security, and the US Postal Service.

Mat Honan, who is making a career out of being hacked, has a solid profile of a juvenile delinquent hacker [1] - "Derek", alias Cosmo (Cosmo, the Hacker 'God' Who Fell to Earth (via Schneier).

"Derek" is a troubled kid, but, in addition to hurting a lot of people, he's also done us a favor. He's become the latest in a series of people exposing the facade of online security.

Unsurprisingly AOL is the worst -- until recently you could reset someone's account just by knowing their address. Apple, Amazon, Netflix and just about everyone else isn't much better. Only Google makes a good try at it, and they just plugged a big hole.

This won't surprise anyone who knows the history of credit card hacks (example). The reasons are fairly easy to understand:

  1. If your iCloud account is hacked, Apple loses approximately nothing.
  2. Good processes and security are expensive. You have to train staff. To prevent one hack you probably have to irreversibly piss off somewhere between 10 and 1000 customers. Each of these customers will rage to at least five friends.
  3. Less than 1 person in a zillion can manage password security, and that person's family will be completely screwed when they run off or die [2].

What we have here is a market failure. Market failures are one reason we have governments.

Governments, particularly post offices, have managed identities for a long time. Passports for example, are managed by Post and Passport Offices. There are laws and procedures in place.

Digital identity management in most nations will eventually be handled by some cooperative mixture of government and business within a regulatory framework. We'll use multi-factor authentication, and we will have "break the glass" functionality available through government when access is lost (for a fee).

Preposterous? No. Six years ago these kinds of proposals generated snort-milk-out-the-nose laughter. I don't hear the laughter any more. It will take a decade, just because these things always stagger on for longer than I can imagine, but it will eventually happen.

See also:

[1] Steve Jobs was the most famous member of this cohort.
[2] Number of people who have both a highly secure password system and a method to pass information to spouse in event of death or disability? Does your spouse have your list of ten Google two-factor bypass codes? What if s/he dies in the car crash with you? Does your estate have them?

Wednesday, September 12, 2012

iPhone 5: meh.

What I wanted from the new iPhone and Apple

  • Ability to specify calendar colors for Exchange Server/ActiveSync calendars
  • Water resistance
  • Lower cost data plans
  • Parental controls that work (ability to disable embedded browsers).
  • Fix the Apple ID debacle
  • Bicycle directions on the Map app

What I got

  • A new connector with a $30 adapter.
  • No more parental controls for YouTube (since it's a separate app).
  • A map app without Google bicycle routes
  • A bunch of features I don't care much about
  • A dumbed down version of iTunes that will probably omit much of many of the query (smart list) abilities I rely on
  • More iCloud fail

Meh. I'll probably buy another AT&T iPhone and extend my contract, but I'll wait until I see how the different data plans shake out. The $30 adapter is particularly arrogant.

Sunday, September 09, 2012

Home maintenance: Our toilet leak, why Google searches about home problems suck, and my fix

Emily claimed the toilet was running. It seemed fine to me. Flush, fill, stop.

She didn't believe me, despite my stellar home repair history (I know how to stand aside while she calls a contractor). She bought a new flap valve, but still she could hear a leak. Obsessed, she took to spending hours staring at the toilet, listening ...

Or maybe minutes. She showed me that the tank water level was dropping until it triggered the float valve, and the tank refilled. There was no sign of water entering the bowl -- so where was it going?

Google was no help, but eventually we figured out that when I last replaced the float/valve mechanism I'd failed to trim the refill tube. It was so far down the overflow pipe it was below the fill line, and water was being siphoned into the overflow pipe. I assume this must run into the bowl, but we couldn't detect the flow (ok, that puzzles me - but I can't believe there's another flow option.)

That solved our home problem, but not the Google problem. It's not the first time I've noticed that searches for home issues don't work well. For some reasons, Google seems to have lost the SEO battle for the home maintenance market.

The answer to that problem is a free (ad-supported) Google custom search engine.

First, now that I knew the problem, I searched for a site that would have solved it:

Toiletology ... : "Another occasion when siphoning is a problem in a toilet tank occurs when the refill tube drops too far down into the overflow pipe. Then the water is siphoned from the tank into the overflow pipe and down the drain. While this scenario won't harm you, it will wreak havoc on your water bill, because you have water constantly recycling through your toilet. This problem often arises when a new refill valve is installed. They usually come with extra long refill tubes that are meant to be cut to size, but instead a do-it-yourselfer just drops the long tube down inside the pipe. The refill tube should be cut to just reach the top of the overflow and then be clipped to the top edge of the pipe. "

Then I started my home repair and maintenance custom search engine (see all of mine) with toiletology. Next I added the site for a magazine Emily subscribes to - "The Family Handyman". I'll gradually add sites to the CSE, but I don't want to add too many. That will produce Google's behavior -- lots of duplicative references on common problems, and the real result buried on page 114. 

See also:

Saturday, September 08, 2012

Learning French: using free speech recognition services to improve pronunciation and accent

I can learn most things pretty easily; but not music or language. Tone deaf is an understatement.

This was a problem for a lower class anglais caught up in Quebec's Quiet Revolution. Around the age of 12 I had to learn French; at a time when nobody knew how to teach it. This did not go well. Much later a delightful summer immersion in Chicoutimi was more successful, but I still struggled to be understood. My French diction is almost as bad as my Thai.

This is a hard problem. I needed a demanding listener who could tolerate repetitive errors without annoyance. It would help if they were available at any time, and were willing to work for free.

Happily, that teacher has long been available. It occurred to me long ago that I just needed to practice with a French speaker-independent non-adaptive continuous speech recognition engine until the output matched my input. I waited for that to be built into language education software.

And I waited. Sometimes I idly thought about putting the software together myself.

Today I realized I could simply use Mac speech recognition and language support to learn French speech. It works rather well. I expect many iOS, Android and OS X language education apps will be able to integrate this  capability into language education for French, Chinese and English. Android will have an advantage here, since iOS is more restrictive about what developers can do.

I'm looking forward to buying those apps when they become available. In the meantime my son will be using this during for his High School French class.

Thursday, September 06, 2012

Education - how much has math teaching changed?

I have thought of myself as somewhat mathic. I'm certainly no mathematician, but I did it well back when raptors roamed the earth. When I did another grad degree in the 90s I enjoyed my grad stats.

I've changed my mind though, now that I'm reading math blogs like Gödel’s Lost Letter and P=NP, and now that I'm seeing the 13yo cover math topics years ahead of when I did them (MN public school). I was mathic in my day, but the curve is wider now.

Math education has changed, perhaps more than most of us realize. It's likely to change a lot more. Math classes still require medieval calculators, and math exams often mandate particularly primitive calculators. Meanwhile the cost of a used iPod Touch is falling to $120, and Wolfram Algebra Course assistant sells for $1.99.

Sometime in the next few years, despite the drag of obsolete standardized testing [1], math classes will switch from primitive calculators to symbolic math software.

Times are changing.

[1] Old-fart anecdote. I grew up with Quebec provincial standardized exams. I don't know when they started, as a teen they seemed eternal. In the 1970s they still included exercises that involved logarithm table lookups. Paper logarithm tables -- what people used before slide rules. So we learned how to use paper logarithm tables (not hard) at the expense of slide rules (that was dumb). This didn't turn into much of a handicap because calculators came along, so the exams just dropped the log tables and never had to address slide rules. So these transitions are not without precedent.

Monday, September 03, 2012

Do evolutionary strategies evolve?

Biologists study evolutionary "strategies", such as r and K selection.

These are the strategies deployed the Great Programmer as she fiddles with the game states of the multiver... erkkk. Just kidding. These are, of course, human terms for the emergent phenomena of natural selection.

At a more granular level, a predator's niche might be contested on the basis of bigger teeth, stronger claws, faster moves, greater endurance, or bigger brains.

Likewise, microbes, who rule the earth, have a range of "strategies". Symbiosis, parasitism, fast reproduction, encysting and so on.

Presumably the catalog of strategies changes over time. Before there were teeth, big teeth strategies were not available.

Before there were neurons, big brain strategies didn't work.

So that leads to the obvious question, do evolutionary strategies evolve? That is, do new strategies emerge from variations of strategies such that the strategies themselves are subject to selection pressure (a sort of meta-selection I suppose)?

Seems an obvious question, but as of Sept 2012 Google has 9 hits on that precise phrase, none by biologists.

So I guess it's an obvious question, but maybe obviously dumb. I'm surprised though that I didn't find a blog post explaining why it's dumb.

(A bit of context, this came up in a discussion with my 13yo about what species would fill our ecological niche (global multicellular apex predator). Having hit upon the strategy of investing in brains, would natural selection keep returning to the theme?)

Saturday, September 01, 2012

Weird economics - why our kids end up with expensive iPhones that make me nervous

The US mobile market may not be quite as bleak as Canada's, but it's pretty bad. What I really want is to be able to buy a full-price iPhone and then buy metered data services separately (oh, and some voice too). Unfortunately, that's hard to do here. We're stuck in a market where the economically rational thing to do is buy a new device as soon as AT&T or Verizon allows (typically ever 12-18 months depending on how much money you spend during a 24 month contract). 

If we don't buy new, we pay the same data rate as someone whose data rate includes their phone payment. Sucks really.

This has some odd side-effects -- lots of used iPhones.

These can be sold, but only at a fraction of their original $660 cost [1.] Amazon, for example, will currently buy a 16GB iPhone 4 for $300 and a 32GB for $320. That's good money, but it's comparable to the cost of a 16GB iPod Touch (@$250)[2] and the iPhone includes phone and much better camera capability.

So it makes some sense to give the old iPods to the kids [3], who tend to lose them or drop them in the toilet. Which drives me kind of crazy because these are, in some sense, $500 devices and we're not Romney-rich.[5],[7]

If iPhone economics weren't so weird we wouldn't do this. We'd give the kids cheap disposable phones and an iPod Touch (less cost) or iPad Mini (harder to lose/drop in toilet) [6]. Given iPhone economics though, they end up with overpriced phones which they can't take to school [4].

Weird market.


[1] $300 initial plus $15*24= 660
[2] Target has cut the price of an 8GB Touch to $180. They call it an "MP3 Player", which is like calling my iMac a DVD player. The price crash on this pocket computer isn't getting much attention. 
[3] We pay $10 a month for each 12+ kid for their texting and voice services, no data.
[4] If they really need a phone we put the paygo SIM in a disposable plain phone. They each have persistent Google Voice numbers through the family Google Apps domain, so we can route calls as needed. 
[5] Romney rich is when not working doesn't significantly alter your net worth. Below that is simply rich, where not working means you become comfortably upper middle class but do need to sell the mansion. Then there's us and I'm not complaining. Interestingly, in terms of power and security, the merely rich have more in common with the 99% than they have with the Romney Rich.
[6] Very cheap game consoles and media devices because all the real costs are shared across multiple devices. 
[7] At which point they inherit the tail-end device or have to help pay for a used iPod Touch ($130 or so now!) while we wait for a new iPhone to trickle down. 

Nexus 7 - what is it good for?

I bought a Nexus 7 four weeks ago, deliberating violating Gordon's Laws of Acquisition. In particular, I wasn't sure what I'd do with it. I took a calculated risk.

Time for a progress report. I haven't figured out how it can help me. It has however, taught me what to look for in a future device.

The biggest issue is that it's a network-centric device that's wifi only. That would make it potentially useful at home, but here I have my iPhone and my computers. At work there's only the corporate network; some of our offices have a BYOD 'guest' wifi network but we don't. I tried it on the corporate network, but it doesn't easily connect to our peculiar VPN protocol (Lion has no problem. I didn't persist because even if I could make it work there was little added benefit).

In theory it works for reading documents, but I've found that drag and dropping over a wired connection doesn't always put docs in places where the reader app can find them.

I could install standalone added value software that doesn't need a net connection, but I already have a computer at work -- and I have my iPhone.

I can't give it to the kids because there are no parental controls - it's a wide open net device. We like to monitor the kids net use.

I'm still playing with it; technically it's impressive. I'm sure I'd have a use if it had a LTE chip, but then it would be significantly more expensive.

I suspect when if/when I get an iPad of some kind, I'll sell the Nexus 7.

Update 9/2/2012: Charlie Stross has the best guide I've seen to worthwhile Android apps. Ironically for me, the best use of the Nexus may be as a Kindle reader. Also, thanks for comments on this post. To clarify: If I had tethering or mifi there's no doubt it would be useful. In the US that hasn't been cost effective for me, but see American MIFI - priced for a limited and shrinking market and Mobile broadband hope: Walmart, TruConnect, Netzero, Sprint, Amazon and why I'm waiting on my next iPhone.

Update 9/17/2012: I sold it to a colleague who will make good use of it. He got a good deal; when I sell things I want the buyer to be delighted. In the end 7 things killed it for me:

  • Jelly Bean has a longstanding bug with 802.11X EAP connections. That meant I couldn't turn it into a word device. I'm sure this will get fixed, but it doesn't work now. It's been broken for a while.
  • It's a network-centric device without built-in cellular connectivity. An iPhone works well when disconnected, the Nexus doesn't.
  • I expected better identity management -- including OS level support of my 3 primary Google identities. There is some identity support, but it's inconsistent and weird.
  • Jelly Bean reminds me very much of Windows 3.1. I have to manage Win 7, OS X and iOS. I don't have time for Windows 3.1. It's very crude compared to the iOS environment (sorry, true).
  • The App Store is weak, but the Play store is even weaker.
  • Android's security issues.
  • I'm not sure in the end that I really need a pad.

The last one means I'll hold off on an iPad purchase for a while. I do most of my reading work on my iPhone, and I like my MacBook Air for portable work. A low end Kindle may make more sense for me, but at this time I'm holding off on all pad purchases.

Calculators are really weird tech, but their time may finally pass

My 8th grader needed a 'scientific calculator'. I looked at the requirements, and it seemed that my 1980s Made in Singapore HP 32SII would work quite well. [1]

Photo 739539

Of course many things from 1980 still work. Pencils, rulers, and notebooks haven't changed much (pens have improved). A computer from 1980 though is a museum piece.

So why is my old HP still better than most of the modern alternatives? (Not to mention it comes with a massive manual.)

It's because calculators are weird tech. They exist because they were perfected decades ago for a set of tasks that haven't changed in centuries. The i41CX+ (HP-41 emulator, vintage 1979) app on my iPhone (below) has more RPN power than the 32SII, but the physical buttons mean the 32SII is a better calculator.

They also exist because schools haven't been able to base their curricula on symbolic math software and spreadsheets. A shoddy but useable modern calculator costs about as much as a set of notebooks -- so it's a reasonable universal requirement.

The time of the calculator, however, may be coming to an end. By next year it's estimated that half of the phones in the world will be full fledged computers. My son's H2O Wireless iPhone 4 (not allowed in school) runs the i41CX+, but it also runs Wolfram Algebra. So does the iPod touch, and the Nexus 7 certainly could. The much heralded iPad Mini will probably debut at $250, but will drop to $200. Eventually, perhaps before I die, some device will make my 1998 "Cereal Box" $20 prediction come true.

See also:

[1] Yeah, he might lose it and they sell for $170 for Amazon. OTOH, it's just sitting in my drawer. I've not used it in years; I have spreadsheets and symbolic math and google math and my i41CX+ emulator. So better it get some use. Also, who's going to steal an old-grody looking RPN calculator than almost nobody knows how to use? Not to mention if someone takes it, it will be kind of obvious.

Thursday, August 30, 2012

Time-reversal symmetry violation

When did physicists first begin to suspect that what we experience as time emerges from quantum entanglement, much as we experience heat from the kinetic energy of molecules?

I suspect it was a long time ago, perhaps around the time of the double-slit experiment in 1909, but certainly by the 1960s. More recently some of the physicists I read have been openly speculating that time is emergent at the macro level, presumably in the context of a collapse of the wave function (measured in unit.

So it's particularly interesting that new experimental evidence of an "arrow of time" used quantum entanglement to expose T symmetry violation in kaons...

The arrow of time: Backward ran sentences… | The Economist

... The main hint that nature violates the time-reversal (T) symmetry ... —and thus that there really is an arrow of time—came from seemingly disparate discoveries about matter and antimatter. Mathematically, particles and their anti-versions differ in two ways: they have opposite electrical charges and they are each other’s mirror reflections. But in 1964 some particles called kaons were shown not to respect this charge-conjugation/parity (CP) symmetry, as it is known. Matter and antimatter are not, in other words, quite equal and opposite. However, according to another law, C, P and T symmetries, when lumped together into a single, overarching CPT symmetry, must be conserved. This means that if CP is violated, then T must be too, in order to even things out.

The obvious place to look for this T violation is where C and P are already known to misbehave. Between 1999 and 2008 a laboratory in California was set up to do just that. The old linear accelerator at Stanford was repurposed, turning it from the machine that co-discovered a particle known as the charm quark (thus winning its operators a Nobel prize) into a factory for making particles called B mesons. These are interesting because they and their antiparticles exhibit CP-violating tendencies. They are thus a promising place to look for T violations, too.

Which is what the scientists of SLAC’s BaBar experiment have been doing. Though the B-meson factory itself has been silent for four years (the accelerator is now in its third incarnation, as the world’s most powerful X-ray camera), its data live on, and the collaborators have been ploughing through them. They are looking in particular at how long it takes a B-meson to change its nature, focusing on one particular member of the extended B-meson family, the electrically neutral B0.

As with many things quantum, B0 can exist in a number of forms. These are known as B, B-bar, B-plus and B-minus. Like a subatomic werewolf, a B0 constantly shifts between them. If time truly has an arrow, though, some of these shifts will occur at a different rate when going in one direction rather than the other. In particular, CP-violation theory predicts that B-bar will turn into B-minus faster than B-minus turns into B-bar. All that remains is to measure the difference.

Unfortunately, that is not as easy as it sounds. A particle’s final state can be known by looking at what other sorts of particle it decays into. What cannot easily be known is what it was beforehand, and for how long.

In the wacky world of quantum physics, however, it is not always impossible to work out what a particle once was but no longer is. That is because B-mesons are sometimes born as quantum-mechanically conjoined twins. One twin gives away the initial state of the other and how long it lasted in that state—and all is revealed.

That revelation, which has been submitted for publication to Physical Review Letters, leaves no room for doubt: B-bars turn into B-minuses far faster than B-minuses turn into B-bars. As many as five B-minuses are produced for every B-bar. The chance of this result being a fluke is a nugatory one in 10**43...

It feels as though we're closing in on the nature of time. The next few years should be fun.

See also:

Wednesday, August 29, 2012

When paper dies, what will happen to all the mill towns?

Between Minnesota and Montreal, across Wisconsin and the UP and along the 17, there are hundreds of communities. Most are a few thousand people.

When we drive that route, we always wonder -- how did these people come to live there? Why do they stay?

No, it's not smart-ass urban elite kind of question. We know some of the answers. Emily grew up on a mill town north of nowhere

Screen shot 2012 08 29 at 7 43 22 PM

We both practiced medicine in an even smaller but less remote mill town.

Screen shot 2012 08 29 at 7 45 35 PM

So we know how people can end up in those towns -- and we know why many stay. It's a bit surprising to many, but mill towns can be very pleasant places to live --  assuming the mill is modern and downwind (though you get used to the smell). There's work for a wide range of people there -- not just for the elite. There are usually forests, and they're not all tree farms. We liked our towns a lot.

Of course not all of the towns we pass through are mill towns. Some are agricultural centers, some are government towns, and a few are former industrial centers turning into college towns.


20120813 Albion river trail 8 13 15484

Many of those towns have their own problems, especially because the live-anywhere-work-on-the-net vision of 1995 didn't work out. Mill towns though, they have bigger problems. 

Twenty-five years after it was proclaimed dead, paper is finally going away ...

Each product or business model travels through the life cycle phases of introduction, growth, maturity and decline. Paper markets, in general, are in the maturity or decline phase in North America; demand is declining, price is often the key differentiator, and industry consolidation is rampant. Over the last five years, 81 mills have closed in North America. After its paper making days are over, what will your mill become?

We know why. Newspapers and magazines are shrinking. Despite DRM-madness eBooks are growing. Currency will eventually be replaced by (zero privacy) electronic transactions. Lexmark has stopped making inkjet printers. China makes its own paper. 

The end of paper, or at least it's semi-retirement, has a bright side. We burned a lot of carbon and energy moving that paper around (though the replacement is hardly energy-free). It's not all bright though. A lot of very fine towns are going to be facing some hard transitions ...

Friday, August 24, 2012

The Ocean is a weird place: floating islands of pumice

A research vessel diverts course to avoid a 9 mile long floating island of volcanic rock: "the raft was already about 15 kilometers (9 miles) long. It eventually grew to more than 20,000 square kilometers". The article doesn't tell us how close to the surface the pumice came. Did it truly float? What old stories of the sea might have been about these transient islands?

Monday, August 20, 2012

How much of America's healthcare crunch is dementia care?

US healthcare costs were 2.6 trillion in 2010; about 18% of the 2011 US economy. Of that, dementia care costs about $200 billion, or about 8% of our total health care bill.

Demographics, and our failure to prevent brain deterioration, means dementia costs will grow. Since demented patients often exhaust all personal and family financial resources, these costs will show up as medicaid expenditures.

Even so, dementia is less of a problem than I had long thought. Even if costs were to increase by another 50% over the next decade, it still wouldn't break the bank.

Faced with the facts, I'm now forced to examine my unexamined assumptions. I can now imagine why dementia might turn out to be a bit of a bargain.

Many, if not most, dementia patients no longer receive aggressive medical care. They do need hands-on care, but in the modern economy there's no lack of people reasonably happy to do that work for comparatively little money. Demented people don't eat that much, and they don't require costly ingredients or food preparation. They don't demand the latest gadgets or costly bandwidth or cutting edge architecture or modern art on the walls. They can live where land is cheap.

In many ways, demented people are cheaper to maintain than non-demented people of similar ages. Given that neither produce wealth, from an economic accounts perspective dementia might be a money-saver.

Even as our dementia population grows, increasing costs may be offset by advances in robotics and remote monitoring, and, in time, by widespread acceptance of euthanasia [1].

Of course dementia and pre-demential can bankrupt individual families, but in our income skewed economy those bankruptcies don't add up to all that many billions.

To answer my title question then, dementia care does not appear to be a uniquely large part of our healthcare crunch. Obesity, for example, may be more important.

That's too bad, because many of us have a personal interest in a business case for dementia prevention...

[1] I want my kids to have a robust financial incentive to pull the off switch on my future demented self.

Friday, August 17, 2012

johngordon on is almost certainly doomed. Almost no-one believes that a Weibo-like communication service can run at scale other than by advertising or selling user information. I mean, it's not as though we pay for our data services, or our voice services, or for those stampy things. is a quixotic hopeless sad bit of misplaced nobility.

So, of course, I love it. Here's my stream: johngordon on

Monday, August 13, 2012

Is Detroit the future of Manhattan?

This year our family trek took us through Chicago and Detroit.

Detroit was more interesting and attractive than we'd expected, but it's not hard to find collapsed houses. We didn't get to make the urban ruins tour, but we've seen the pictures. Detroit crashed hard. 

Chicago did quite a bit better. It was never a one business town.

Unlike, say Manhattan. These days it seems to be a finance and business town, just as Detroit was once a car town.

So what happens when Finance doesn't need humans any more? What happens when it's all software and AIs and rule based systems?

Will Manhattan 2050 look like Detroit?