Wednesday, April 10, 2013

Buying a used road bike (Mineapolis St Paul example).

When I published my 'touring bike' page in 1997 I'd just bought a new 1996 Cannondale touring bike for $600. I've made many upgrades over the past 16 years, but it's been a very decent bike.

These days similar bikes seem to start at $1000. I can find good value mountain bikes or cross-bikes for my relatively short #1 son, but road bikes of any kinds are an elite product these days. So I'm looking at used bikes, which aren't cheap either. (Not surprising, given the cost of a new bike.)

Finding a used bike is a bit tricky. There are too many stolen bikes on Craigslist for me to be happy there, and searching Craigslist for a small frame bike is a pain anyway [1]. Fortunately a friend of mine is a passionate lover of old bikes, and she was happy to pass on on some advice. It's Minneapolis - St Paul specific of course: 

  • The Bike Hub Coop has a wide range of used bikes, but many are high priced consignment or high class refurbs, so the average price is $300+. In June they have a "used bike extravaganza" -- a good time to hunt for a small frame bike.
  • One on one bicycle studio (Minneapolis warehouse district) - they'll watch for a small frame if asked
  • Cycles for Change is near my St Paul home. They had a slightly big bike for the right price, but it had been refurbed with a wide cartridge modern wheel and the chain rubbed on the frame.
  • Mr Micheals Reycles Bicycles: web site isn't worth much but I think as of 2022 they are still around.

I think prices will be around $250-$400. In some shops the bikes are assembled by trainees -- which is part of the mission. They aren't necessarily bike experts though, so you need to inspect mechanicals.

For now #1 is riding my wife's 1984 Nishiki -- a fine and tough old steel bike. She's fond of it but happy to let him try it out, gives me time to test him out and find a used one. (Emily is loathe to part with old gear, so she's not interested in replacing the Nishiki with a $$$ carbon frame thingie.

[1] An app.net comrade suggested pawn shops, but that seemed a bit hit or miss. I think in these parts bike shops that specialize in used bikes are the best bet.

PS. A post with a picture of my 1976 Raleigh International; I think it was $450 then. In those days that was a high end bike, the equivalent of a $2,000 bike today. (Since that picture I did make one concession - I put Shimano mountain bike clips on it.)

Thursday, April 04, 2013

Roger Ebert and Iain (M) Banks

Two days ago I learned that Iain (M) Banks, one of my favorite writers, had months to live. He should have had decades. He announced he was marrying his partner.

The same day I read a blog post by Roger Ebert. He announced that a recent fracture was "pathologic" -- meaning related to a cancer recurrence and his new plans...
A Leave of Presence - Roger Ebert's Journal 
... I am re-launching the new and improved Rogerebert.com and taking ownership of the site under a separate entity, Ebert Digital, run by me, my beloved wife, Chaz, and our brilliant friend, Josh Golden of Table XI. Stepping away from the day-to-day grind will enable me to continue as a film critic for the Chicago Sun-Times, and roll out other projects under the Ebert brand in the coming year...
I assumed, reading it, that he was preparing, as quickly as possible, for the end. That came today. I will miss his wisdom and compassion.

Monday, April 01, 2013

Google Field Trip -- Scooba Mississippi

My gypsy wife sent us on a 12 state 9 day road trip from the frozen north to Florida's "Emerald Coast" and back to the still frozen North.

This was less painful than you might think; we kind of like road trips. iPhones help, but so does a cheap old two panel auto DVD player and our patented movie selection method -- parent chooses four, each child removes one until one DVD remains.

This time we tried out Google Field Trip for iOS. I won't trust my data to Google products like the comically named "Keep", but I'm relatively good with this kind of ad-supported product [1]. Leonard has a good review up on Salon, with his take on the coverage problem we also ran into ...

App of the Week - Salon.com

... it’s not clear how in-depth Field Trip’s coverage is across the entire U.S. I used the integrated Google Maps feature to peer into some other regions I know pretty well and received widely varying results. I took a look at downtown Gainesville, Fla., and found a wealth of interesting historical information, but very little in the way of restaurant or bar recommendations. I zoomed in on Peterborough, N.H., and found zero recommendations of any kind. I checked out my father’s old neighborhood in the Upper East Side of Manhattan, and discovered much less than one would expect of one of the most densely packed regions of the world...

We had pretty good coverage of local history in parts of Illinois, but then less in Indiana and almost nothing in Kentucky. Most of the interesting alerts came from Google's use of the volunteer led Historical Marker Database; its coverage may depend on where volunteers live. I'm hoping Google will support some expansion as part of their routine Street View maintenance.

We're a long way from getting road trip history on a place like Scooba Mississippi. From the name and look of the old main street, called Railroad St, Scooba was a railroad town that died with passenger rail:

Screen Shot 2013 04 01 at 8 56 12 PM
(image from Google Street View)

Now it's the home of East Mississippi Community College - which was likewise empty on our Good Friday drive by. Empty except for two police cars with closed gates on every entrance road but one. (The web pages appear to have been last revised in early 2012, but the campus is still in business. I think.)

Google Field trip was silent on Scooba. I'd like to know what it was like when times were good, and I'd like to know why students go to EMCC and what happens to them after they leave.

[1] Relatively good, there's still the Google predatory pricing problem. "Free" (ad supported) aps like this push better alternatives out of the market.

Saturday, March 23, 2013

Schneier: Security, technology, and why global warming isn't a real problem

In the Fever Days after September 2011, I wrote a bit about "the cost of havoc". The premise was that technology was consistently reducing the cost of havoc, but the cost of prevention was falling less quickly.

I still have my writing, but most of it is offline - esp. prior to 2004. As I said, those were the times of fever; back then we saw few alternatives to a surveillance society. Imagine that.

Ok, so that part did happen. On the other hand, we don't have Chinese home bioweapon labs yet. Other than ubiquitous surveillance, 2013 is more like 2004 than I'd expected.

The falling cost of offense/cost of defense ratio remains though. Today it's Schneier's turn to write about it… (emphases mine)

Schneier on Security: When Technology Overtakes Security

A core, not side, effect of technology is its ability to magnify power and multiply force -- for both attackers and defenders….

.. The problem is that it's not balanced: Attackers generally benefit from new security technologies before defenders do. They have a first-mover advantage. They're more nimble and adaptable than defensive institutions like police forces. They're not limited by bureaucracy, laws, or ethics. They can evolve faster. And entropy is on their side -- it's easier to destroy something than it is to prevent, defend against, or recover from that destruction.

For the most part, though, society still wins. The bad guys simply can't do enough damage to destroy the underlying social system. The question for us is: can society still maintain security as technology becomes more advanced?

I don't think it can.

Because the damage attackers can cause becomes greater as technology becomes more powerful. Guns become more harmful, explosions become bigger, malware becomes more pernicious...and so on. A single attacker, or small group of attackers, can cause more destruction than ever before...

.. Traditional security largely works "after the fact"… When that isn't enough, we resort to "before-the-fact" security measures. These come in two basic varieties: general surveillance of people in an effort to stop them before they do damage, and specific interdictions in an effort to stop people from using those technologies to do damage.

Lots of technologies are already restricted: entire classes of drugs, entire classes of munitions, explosive materials, biological agents. There are age restrictions on vehicles and training restrictions on complex systems like aircraft. We're already almost entirely living in a surveillance state, though we don't realize it or won't admit it to ourselves. This will only get worse as technology advances… today's Ph.D. theses are tomorrow's high-school science-fair projects.

Increasingly, broad prohibitions on technologies, constant ubiquitous surveillance, and Minority Report-like preemptive security will become the norm..

… sooner or later, the technology will exist for a hobbyist to explode a nuclear weapon, print a lethal virus from a bio-printer, or turn our electronic infrastructure into a vehicle for large-scale murder...

… If security won't work in the end, what is the solution?

Resilience -- building systems able to survive unexpected and devastating attacks -- is the best answer we have right now. We need to recognize that large-scale attacks will happen, that society can survive more than we give it credit for, and that we can design systems to survive these sorts of attacks. Calling terrorism an existential threat is ridiculous in a country where more people die each month in car crashes than died in the 9/11 terrorist attacks.

If the U.S. can survive the destruction of an entire city -- witness New Orleans after Hurricane Katrina or even New York after Sandy -- we need to start acting like it, and planning for it. Still, it's hard to see how resilience buys us anything but additional time. Technology will continue to advance, and right now we don't know how to adapt any defenses -- including resilience -- fast enough.

We need a more flexible and rationally reactive approach to these problems and new regimes of trust for our information-interconnected world. We're going to have to figure this out if we want to survive, and I'm not sure how many decades we have left.

Here's shorter Schneier, which is an awful lot like what I wrote in 2001 (and many others wrote in classified reports):

  • Stage 1: Universal surveillance, polite police state, restricted technologies. We've done this.
  • Stage 2: Resilience -- grow accustomed to losing cities. We're  not (cough) quite there yet.
  • Stage 3: Resilience fails, we go to plan C. (Caves?)

Or even shorter Schneier

  • Don't worry about global warming.

Grim stuff, but I'll try for a bit of hope. Many of the people who put together nuclear weapons assumed we'd have had a history ending nuclear war by now. We've had several extremely close calls (not secret, but not widely known), but we're still around. I don't understand how we've made it this far, but maybe whatever got us from 1945 to 2013 will get us to 2081.

Another bright side -- we don't need to worry about sentient AIs. We're going to destroy ourselves anyway, so they probably won't do much worse.

Thursday, March 21, 2013

Fermi Paradox: The solution set is stable


Any discussion of the Fermi Paradox has to be presented with a wink and a chuckle. Even if, behind the wink, there's a haunted look in the eyes.

Today's io9 version is no exception, but it contains two of my personal faves (wink, chuckle, give me a drink) ....
11 of the Weirdest Solutions to the Fermi Paradox 
...5. The Simulation Hypothesis 
...We haven’t been visited by anyone because we’re living inside a computer simulation — and the simulation isn’t generating any extraterrestrial companions for us.
If true, this could imply one of three things. First, the bastards — I mean Gods — running the simulation have rigged it such that we’re the only civilization in the entire Galaxy (or even the Universe)...
... the simulation is being run by a posthuman civilization in search of an answer to the Fermi Paradox, or some other scientific question. Maybe, in an attempt to entertain various hypotheses (perhaps even preemptively in consideration of some proposed action), they’re running a billion different ancestor simulations to determine how many of them produce spacefaring civilizations, or even post-Singularity stage civilizations like themselves... 
... 7. All Aliens Are Homebodies 
... An advanced ETI, upon graduating to a Kardashev II scale civilization, could lose all galactic-scale ambitions. Once a Dyson sphere or Matrioshka Brain is set up, an alien civilization would have more action and adventure in its local area than it knows what to do with. Massive supercomputers would be able to simulate universes within universes, and lifetimes within lifetimes — and at speeds and variations far removed from what’s exhibited in the tired old analog world. By comparison, the rest of the galaxy would seem like a boring and desolate place. Space could very much be in the rear view mirror...
The list omits the Theist Hypothesis -- that God(s) created Man to be Alone. This is, of course, simply a variant of the Simulation Hyopthesis.

I reinvented the Homebody Theory around 2000, but I later learned it goes back decades. The basic idea is that every civilization either dies or goes 'singular', and post-singular they are invariable disinterested in childish pursuits like interstellar travel.

The 'Phase Transition Hypothesis' doesn't really belong on the list; it's really just a term in the Drake Equation (technological life has been rare, etc).

The io9 post is a nice reference even if there's nothing new in the list; the set has been stable for at least seven years.

See also:

Sunday, March 17, 2013

Device size: clothing makes the choice

An App.net thread reminded me of some analysis I did in the 90s on what device sizes we should build our Cloud ASP service against. That analysis focused on pockets and purses; it came in an era when men still had shirt pockets and Jeff Hawkins carried around wooden models of the Pilot until he settled on one that fit his.

Since that time our devices have evolved a bit -- thought not as much as many think. We had slates in the 90s too -- they were just heavy and ran Windows variants or Windows thin client OS. Our clothing may have changed more [3]. Shirt pockets are gone, suit jackets are less common, and pants pockets are larger. Pocket location may also have shifted as men have gotten fatter around the world. (I don't know what's popular in China).

This produces some interesting size options based on clothing. Here's my own personal list of exemplar devices for each transport option with a gender assignment based on typical American practice.

GenderClothingDevice
b None [1] watch
m Traditional pants front pocket iPhone 5S
m Expansive pant front pocket Samsung Galaxy [2]
f Purse Samsung Galaxy
f Purse iPad Mini
b Backpack / shoulder bag iPad Mini
b Backpack / shoulder bag MacBook Air 11"
b Briefcase iPad (full) + Logitech Kb/Case
b Briefcase MacBook Air 13"

Running through the list, and disregarding whether one wants a phone or not, device options are probably best determined by one's clothing habits. The list also suggests the women should disproportionately prefer the Samsung Galaxy to the iPhone but that men should split 50/50 -- so the Samsung Galaxy should outsell the iPhone 5 about 1.5:1.

If the iPad Mini provided voice services the list predicts the combination of iPhone 5 and iPad Mini(v) would equal or exceed Samsung Galaxy sales.

This analysis suggests a narrow niche for the 11" Air. I have one and I like it, but if I were buying an Air today I'd get the 13". If I'm carrying a briefcase I might as well get the 13" Air or an iPad with Logitech Kb/Case. The 13" Air vs. iPad tradeoff is an interesting one -- for many travel cases I think the iPad wins on power and bandwidth consumption -- but see the comments -- Charlie Sross and Martin Steiger disagree. I can imagine a future version of OS X and OS X hardware with iPad like power and bandwidth use -- in which case I'd go Air.

[1] Swimsuit, running gear, nudist colony.
[2] I haven't seen mention of this, but my understanding is that Android handles variant screen geometry more easily than iOS. 
[3] Our devices must be influencing our clothing styles by now.

Saturday, March 16, 2013

Project Ducky - why I've stopped using new Cloud services.

Dilbert 04/14/1994:

Screen Shot 2013 03 16 at 3 39 53 PM

Yeah, Google Reader is on many geek minds today, but it's not the only cloud death to disrupt my routine.  Today, working in Aperture, I tried searching on a AppleScript workaround for Aperture's single-window mangled Project problems. I found a couple of good references -- to Apple .Mac pages that died with MobileMe. The page owners never recreated their lost resources.

Later I wanted to upload some photos from our special hockey team. I remembered then that Google discontinued Mac/Picasa integration and the iPhoto Plug-in.

Within a year I expect Google is going to discontinue Blogger, which currently hosts this blog.

Enough.

I'm on strike. You want my business? Give me standards. Give me products I pay for that have low exit costs and that have competitors. 

Oh, yeah, Google - go away.

See also:

Thursday, March 14, 2013

Google's war on standards: RSS, ActiveSync, now CalDAV

I remember when Google seemed to be somewhat friendly to standards and to the idea of open interchange.

That was, of course, Google 1.0. Now we live with Google 2.0.

With the neglect of Blogger, the end of Google Reader, and the RSS-free launch of G+, Google has put a stake in the RSS/Atom subscription standard. (Google played a big role in the development of Atom, when most of us write of "RSS" we mean "RSS/Atom".)

Recently Google limited support for ActiveSync, a de facto standard based on Microsoft Exchange technologies.

Now Clark reminds me that they've also ended CalDAV support, which I use to view my Google Calendars on my 11" Air:

Official Blog: A second spring of cleaning

... CalDAV API will become available for whitelisted developers, and will be shut down for other developers on September 16, 2013. Most developers’ use cases are handled well by Google Calendar API, which we recommend using instead. If you’re a developer and the Calendar API won’t work for you, please fill out this form to tell us about your use case and request access to whitelisted-only CalDAV API...

I'm glad I never committed to Android. I'm deeply enmeshed in the Google ecosystem, but it is time I started digging out.

Quick thoughts on the end of Google Reader

Of all the things Google has killed, I used Reader most of all.

I'm sad to see it go, but, unlike the end of Reader Social, I'm not angry. I'm just surprised Reader lasted as long as it did.

Reader feels now like something from a mythical Golden Age. Free, but with minimal and non-intrusive advertising -- particularly when used with Reeder.app and Readability. Standards based (OPML, RSS/Atom), and so open in a way that few things are in our locked-in locked-down era.

So Reader's end was expected -- and this time Google did things well. Unlike when they killed the 'sharebro' community, Google telegraphed this one. Even now we've got three months to switch -- much longer than I expected. 

It will be interesting to see what our options will be; the end of Reader will open up a new ecosystem. An ecosystem that will, I hope, include services we buy. There is at least one upside -- I'm losing one of my big Google dependencies. It's getting easier for me to swich away from Google.

Incidentally, I bet Blogger will die in 2014.

Saturday, March 09, 2013

Strange loops - five years of wondering why our corporate units couldn't cooperate.

Five years ago I tried to figure out why we couldn't share work across our corporate units.

This turned out to be one of those rabbit hole questions. The more I looked, the stranger it got. I knew there was prior work on the question -- but I didn't know the magic words Google needed. Eventually I reinvented enough economic theory to connect my simple question to Coase's 1937 (!) theorem1970s work on 'the theory of the firm', Brad DeLong's 1997 writings on The Corporation as a Command Economy [1], and Akerloff's 'information assymetry'. [2]

Among other things I realized that modern corporations are best thought of as feudal command economies whose strength comes more from their combat capacity and ability to purchase legislators and shape their ecosystems than from goods made or services delivered.

Think of the Soviet Union in 1975.

All of which is, I hope, an interesting review -- but why did I title this 'Strange loop'?

Because I used that term in a 2008 post on how Google search, and especially their (then novel) customized search results, was changing how I thought and wrote. This five year recursive dialog is itself a product of that cognitive extension function.

But that's not the only strange loop aspect.

I started this blog post because today I rediscovered DeLong's 2007 paper [1] as a scanned document. I decided to write about it, so I searched on a key phrase looking for a text version. That search, probably customized to my Gordon-identity [3], returned a post I wrote in 2008. [4]

That's just weird.

 - fn -

[1] Oddly the full text paper is no longer available from Brad's site, but a decent scan is still around.

[2] There are at least two Nobel prizes in Economics in that list, so it's nice to know I was pursuing a fertile topic, albeit decades late.

[3] John Gordon is a pseudonym; Gordon is my middle name.

[4] On the one hand it would be nice if I'd remembered I wrote it. On the other hand I've written well over 10,000 blog posts. 

See also: 

We do not understand the world in which we live

It is always this way, on the micro and the macro. I didn't understand high school until college. I didn't understand medical school until I was halfway through. I was deep into the corporation before I recognized my surroundings.

Did hunter-gatherers understand their context? 

Three links that tell us we don't understand ours (all via DeLong):

  • The Singularity in Our Past Light-Cone 11/2010. " ... An implacable drive on the part of those networks to expand, to entrain more and more of the world within their own sphere? ... the radical novely and strangeness of these assemblages, which are not even intelligent, as we experience intelligence, yet ceaselessly calculating ..."
  • Twentieth Century Economic History - DeLong: "... What do modern people do? Increasingly, they push forward the corpus of technological and scientific knowledge. They educate each other. They doctor each other. ... They provide other services for each other to take advantage of the benefits of specialization. And they engage in complicated symbolic interactions that have the emergent effect of distributing status and power and coordinating the seven-billion person division of labor of today’s economy...
  • Algorithmic Rape Jokes in the Library of Babel | Quiet Babylon: " ... The Kindle store is awash in books confusingly similar to bestsellers... Icon’s books are created by a patented system... products that generate unique text with simple thesaurus rewriting tools called content spinners... Amazon ‘stocks’ more than 500,000 items from Solid Gold Bomb. These things only barely exist. They are print on demand designs... Talk about crapjects and strange shaper subcultures still gives the whole threat a kind of artisanal feel. The true scale of object spam will be much greater..."

In our work, our hive like human world, we seek those who know and do. Some hide themselves, some advertise. Some are specialists, some are generalists, a few are omni-talented. A very few are powerful, a few are powerless, most are in-betweeners. All are enmeshed in systems of symbiosis and parasitism, all embedded in the "novel assemblage".

This world seems strange to me.

It will seem quaint to whatever thinks in 2113.

Friday, March 08, 2013

What's so bad about a bit of torture?

"... The Guardian newspaper unveiled the results of a year-long investigation purporting to show that U.S. military advisers, with the knowledge and support of many senior officials, including former Secretary of Defense Donald Rumsfeld and disgraced Gen. David Petraeus, oversaw a vast program of torture inside Iraqi prisons..

..Col. James Steele and Col. James H Coffman, ran a high-level secret program inside Iraqi prisons to extract information from alleged insurgents and Al Qaeda terrorists...." (10 Years After the Invasion of Iraq, a World of Hurt )

I run into Republicans on occasion. There's my beloved Uncle D for one, and there are some at work and in my Facebook feed.

I run into them, but we don't discuss politics. Similarly I don't consume any GOP media; neither Murdoch's nor talk radio nor right wing blogs. So what I know of Republican thinking is filtered by the NYT, NPR, Ezra Klein, Paul Krugman and the rest of my 400 feeds.

Except for app.net. That's the one place where I get to correspond with intellectual Republicans. It was there that some of us worked through a discussion on the role of torture in modern warfare. During our conversation, I was challenged to defend my scorn for the Bush/Cheney/Rumsfeld (BCR) torture program. I was surprised -- it's been a long time since I've had to think about why the BCR program was a terrible idea.

It's good to have surprises like that, and good to use this blog to think through my position, starting with a contrary "pro-torture" perspective of my own. (I'm not trying to represent my correspondent's position, I'd likely distort it unfairly.)

My pro-torture argument has nothing to do with whether torture is effective or not. That's a red herring; for the sake of argument let us assume that a skilled torturer always breaks any resistance and hears whatever the victim believes to be true.

Instead I, playing the role of Dick Cheney, will argue that torture isn't so bad. After all, we Americans routinely kill combatants and civilians in our many wars, not to mention our domestic execution chambers. We, more than most nations, sentence vast numbers of citizens to particularly nasty prisons.

Those are nasty fates. Given the choice, many of us might opt instead for a bit of sensory deprivation, flogging, waterboarding, electric shocks, and thumbscrews.

So then why should we be particularly averse to torture? If torture is no worse than routine warfare, shouldn't we retroactively pardon the torturers we imprisoned after World War II? Should we apologize to North Korea and North Vietnam for the mean names we called them; and discard our meager loyalty to the Geneva Conventions once and for all?

These are strong arguments, but history tells me they are misguided. There's a reason that torture was slowly removed from the legal code, and that 'cruel and unusual punishment' was a part of the English Bill of Rights in 1689.

One reason is that people who inflict torment on prisoners, who are by definition helpless, are changed by their experience. Some are repelled by the work, but some are attracted to it. The historical record tells us the practice spreads quickly, from special circumstances to general circumstances. From a few isolated rooms to a vast network of American supported Iraqi torture chambers. From the battlefield to Homeland Defense, and from Homeland Defense to the Ultra-security prison, from the Ultra-security prison to the routine prison, from the prison to the streets ...

Torture, history suggests, is habit forming. If humans were machines we might be able to manage torture as readily as we manage prison sentences. We're not though. Our culture fares badly when we make torture acceptable.

Our military knew that in 2005.

We should remember that now.

See also

Gordon's Notes

Others

Sunday, March 03, 2013

Does Edge Gel reduce the lifespan of disposable razors?

I tried searching on this, but couldn't find anything - even in shaveblog.com. So, for what it's worth, here's one article.

I've used Edge Gel for some time. During that time it seemed my disposable razor lifespan was reduced, but I didn't make the connection. Recently they increased the 'Aloe' component and my razor lifespan dropped down to a few days; I assume the shorter lifespan is related to the Aloe.

Then I found using plain soap (not too elegant :-), or cleaning the gunky gel from the razor with a toothpick, significantly increased razor lifespan.

Edge is made by Energizer Holdings, who also sell Schick and Wilkinson razors. So they don't have much incentive to increase razor lifespan. I suspect most customers don't care either way, but it will be interesting to see if I get any comments on this blog post. (I expect Gel's SEO operatives to bury it pretty deeply though :-).

For my part I'm going to go back to a brush and Williams Mug Shaving Soap. They seemed to be disappearing years ago, but I gather they're fashionable now. I expect that will save me enough to buy a coffee or two, and cut my waste output a bit.

PS. Researching this topic led me to a Wirecutter article on The Best Razors. I don't have the patience to do the Merkur thing, and I'm too cheap for the Gillette ProGlide, so I think I'll stick with the cheap Bic dual blades.

The canid domestication of homo sapiens brutalis

Eight years ago, I wondered if European Distemper killed the Native American dog and added a footnote on an old personal hypothesis ...

Humans and dogs have coexisted for a long time, it is extremely likely that we have altered each other's evolution (symbiotes and parasites always alter each other's genome). ... I thought I'd blogged on my wild speculation that it was the domestication of dogs that allowed humans to develop technology and agriculture (geeks and women can domesticate dogs and use a powerful and loyal ally to defend themselves against thuggish alphas) -- but I can't find that ...

 Happily, others have been pursuing this thought ....

We Didn’t Domesticate Dogs. They Domesticated Us Brian Hare and Vanessa Woods

...With this new ability, these protodogs were worth knowing. People who had dogs during a hunt would likely have had an advantage over those who didn't. Even today, tribes in Nicaragua depend on dogs to detect prey. Moose hunters in alpine regions bring home 56 percent more prey when they are accompanied by dogs. In the Congo, hunters believe they would starve without their dogs.

Dogs would also have served as a warning system, barking at hostile strangers from neighboring tribes. They could have defended their humans from predators.

And finally, though this is not a pleasant thought, when times were tough, dogs could have served as an emergency food supply. Thousands of years before refrigeration and with no crops to store, hunter-gatherers had no food reserves until the domestication of dogs. In tough times, dogs that were the least efficient hunters might have been sacrificed to save the group or the best hunting dogs. Once humans realized the usefulness of keeping dogs as an emergency food supply, it was not a huge jump to realize plants could be used in a similar way.

So, far from a benign human adopting a wolf puppy, it is more likely that a population of wolves adopted us. As the advantages of dog ownership became clear, we were as strongly affected by our relationship with them as they have been by their relationship with us....

The primary predators of humans, of course, are other humans. Women's need for protection against men is particularly acute. So which gender would be most interested in, and capable of, the domestication of a strong and loyal ally? What changes would a dog's presence make to a society and a species, and who would lose most when agriculture made dogs less useful?

What Evernote reminded me about my Cloud services - and my 2013 security policies

Evernote was hacked, and they mandated a global password reset.

It's not surprising Evernote was hacked. As Schneier wrote a few days ago about waterhole and precision phishing ...

Schneier on Security: Phishing Has Gotten Very Good

... Against a sufficiently skilled, funded, and motivated adversary, no network is secure. Period. Attack is much easier than defense, and the reason we've been doing so well for so long is that most attackers are content to attack the most insecure networks and leave the rest alone.

... If the attacker wants you specifically ...  relative security is irrelevant. What matters is whether or not your security is better than the attackers' skill. And so often it's not.

Schneier quotes former NSA Information Assurance Director Brian Snow: "... your cyber systems continue to function and serve you not due to the expertise of your security staff but solely due to the sufferance of your opponents".

It's likely some of Evernote's 50 million customers are of interest to major opponents, so it's not surprising their defenses were inadequate [1].

I don't make much use of Evernote, but I did a password reset anyway. Which is when I discovered ...

  • I was still using my non-robust 'evaluation period' password with Evernote. [2]
  • I was using said weak pw with test data that included photographs of the children's passports and my old PalmOS notes
  • I never purged my Evernote account when I decided not to use them (I went with Simplenote/Notational Velocity instead.)
Wow, by my standards that's quite a fail. When Cue.app failed a recent evaluation, I deleted my test data immediately. In the case of Evernote I may yet sign with them, so after I reset my password to something robust I merely deleted my old data [3]. 
 
All of which has led me to update my now laughably quaint 2010 lessons learned and security risks summary. Here's my current list. It's far from perfect; I'd like to say I avoid all services that use 'security questions' and high-risk reset procedures, but then I'd use nothing.
  1. If data is in the Cloud, and you do not personally hold the only encryption keys, it is 2/3 public. Treat it that way.
  2. Clean up your services. If you aren't using a Cloud service delete the account or your data.
  3. Obviously, don't reuse important credentials, use a password manager (ex: 1Password [4])
  4. Use Google two factor for your most critical Google credentials, even thought it has an longstanding egregiously stupid security hole and it's still a PITA to use.
  5. Use iOS for mobile and OS X Mountain Lion for desktop.
  6. On OS X desktop do not use Oracle Java plugin or runtime, Flash or Acrobat.
  7. On OS X desktop run as a non-admin user and enter your admin password with caution.
  8. Buy OS X software through the App Store unless you have exceptional trust in the vendor.
  9. Don't use OAUTH or OpenID on sites you really care about. For one thing, a password change doesn't repudiate OAUTH credentials on most sites. For another, it introduces too much complexity and side-effects and it's too hard to remember which OAUTH provider goes with which OAUTH service.
  10. Do not rely on encryption solutions that auto-open on login. (ex: iOS screen trivial bypass bug). I use encrypted disk images with no keychain pw storage on OS X desktop for my most critical data and I use 1Password on my iOS devices in addition to a (currently hackable) screen lock code.
  11. If something is really, really, secret, don't put it on a computer and especially don't put it on a networked computer. (I don't personally have anything that secret.) 
  12. Whether you're on the Net or on your own machine, remember Gordon's Five Levels of Information Affection [5] and manage accordingly:
Yeah, civilians can't do this stuff. I tell normal folk to use iOS and iCloud and treat everything they have as Public data. If they want something to be secret, don't put it on a computer.
 
 - fn -

[1] Among which antiviral software is worse than a snowball in Hell. At least the snowball will be transiently drinkable.

[2] An easy to remember and easy to break pw that I use for things I don't care about.

[3] The web UI doesn't support 'delete all notes', but if you create an empty notebook you can delete all non-empty notebooks, and associated notes, one at a time. Then empty trash. Of course the data will likely exist in Evernote backups for some time, possibly to be pillaged post-bankruptcy. Tags are not deleted.

[4] Note, however, the unanticipated consequences of strong security in cases of death, disability or disappearance

[5] aka Five tiers of data love, from Google's two factor authentication and why you need four OpenID accounts.

I: You want it? Take it.
II: I'd rather you didn't.
III: Help!! Help!!
IV: I'll fight you for it.
V: Kreegah bundolo! Kill!!

See also