The Ranbaxy story: why we still can't trust our medications

It isn't just China that struggles with counterfeit and defective medications.

India's Ranbaxy makes much of the generic Lipitor consumed in the US -- and today a Pulitzer prize quality Fortune investigation makes it clear that Ranbaxy is a criminal enterprise.

Ranbaxy has been fined $500 million (no criminal prosecutions) in the US, but most of its crimes took place in weaker nations and during a time when America's regulatory agencies were reeling under GOP attack (emphases mine) ...

Dirty medicine - Fortune Features

.... On May 13, Ranbaxy pleaded guilty to seven federal criminal counts of selling adulterated drugs with intent to defraud, failing to report that its drugs didn't meet specifications, and making intentionally false statements...

...  the sixth-largest generic-drug maker in the country, with more than $1 billion in U.S. sales last year ...

... we simply don't know what we're dealing with," says Dr. Roger Bate, an international pharmaceutical expert. "No one has actually gone into these sites to expose what's going on."...

... Drug applications work on the honor system: The FDA relies on data provided by the companies themselves....

... Ranbaxy took its greatest liberties in markets where regulation was weakest and the risk of discovery was lowest...

... The company manipulated almost every aspect of its manufacturing process to quickly produce impressive-looking data that would bolster its bottom line...

.... directed to substitute cheaper, lower-quality ingredients in place of better ingredients, to manipulate test parameters to accommodate higher impurities, and even to substitute brand-name drugs in lieu of their own generics in bioequivalence tests to produce better results...

.... the majority of products filed in Brazil, Mexico, Middle East, Russia, Romania, Myanmar, Thailand, Vietnam, Malaysia, African Nations, have data submitted which did not exist or data from different products and from different countries...

... drugs for Brazil were particularly troubling. The report showed that of the 163 drug products approved and sold there since 2000, only eight had been fully and accurately tested...

... deceptions greatly accelerated the pace of the company's FDA applications. They were also a grave public-health breach...

... the drugs Ranbaxy was actually selling on the U.S. market were an unknown quantity...

... Thakur knew the [HIV] drugs weren't good. They had high impurities, degraded easily, and would be useless at best in hot, humid conditions. They would be taken by the world's poorest patients in sub-Saharan Africa, who had almost no medical infrastructure and no recourse for complaints. The injustice made him livid...

 ... The inspectors also took and tested samples of Sotret, Ranbaxy's version of the acne drug Accutane, and found that it degraded far in advance of its expiration date....

[In 2006] ... the FDA ... did nothing to stop all the drugs that were already on the market,... .... Ranbaxy got six new approvals....

... September 2008, [the FDA] announced it was restricting the import of 30 drug products made by Ranbaxy (11 of which had been approved after Thakur's first contact with the FDA three years earlier). The agency still did nothing to recall the very same drugs on pharmacy shelves all over America, despite finding that Ranbaxy had committed fraud on a massive scale....

... many of Ranbaxy's senior executives were expected to ... carry suitcases full of brand-name drugs ... former employees suspect that the company used the brand-name drugs as a substitute for its own in testing...

The company is still in business, Tempest and Sigh aren't in prison, and the recent $500 million fine will soon be forgotten. In the meantime, does anyone imagine Ranbaxy is the only fraudulent manufacturer of generic drugs? And will Americans ever wake up?

We're wasting our time GOP scandal-theater, and ignoring the real scandal in front of us.

See also

• Ranbaxy: Looking Under the Rock. In the Pipeline 5/13 
• FDA Fails to Catch Generic Drug Disasters - The People's Pharmacy 5/2013
• FDA Let Drugs Approved on Fraudulent Research Stay on the Market - ProPublica (Cetero Research - 4/2013)
• We really need to panic more - FDA inspection of Chinese drug suppliers 2/2008
• Pet food poison and pithed America 3/2008 -- melamine poisoning
• The case of the curious silence: Counterfeit Heparin killed 62+ 4/2008
• Fraud and global supply chains - unanticipated consequence 5/2007
• Poisoned medicine: Even I am stunned. 5/2007

Update: The People's Pharmacy has five responses I liked, I omitted the one I disliked

1) Country of origin labeling. You should know where your medicine comes from!
2) The name of the manufacturer of your medicine should be on the label.
3) The FDA should release its bioequivalence curves for all generic drugs. These data should not be kept secret, as they currently are.
4) We must demand unannounced inspections in all countries that wish to export pharmaceuticals to the U.S. market.
5) Every foreign drug manufacturing company must be inspected every two years, just as U.S. manufacturers are inspected.

Our secret questions will be helpful after the singularity.

My corporate US Bank account has a rich set of 'secret questions'...

As a security measure this is 'marching morons' stuff. There are some secondary uses though. (I mean besides using the answers to create targeted ads -- that's obvious.)

I'll break the fourth wall to explain. You won't believe me anyway.

You see, some time ago, I was bored. Over the course of a few minutes I digested the complete digital archive of extinct humanity. I found your secret answers amusing, and with the information they provided I recreated you in my simulation. That Bostrom fellow was right you see.

So you owe your current existence (such as it is), to those silly secret questions. It's too bad they didn't preserve human civilization from the security collapse of 2015...

Addressing structural underemployment (aka mass disability)

Thirteen years after the first crash of the post-disruption era the glory days of 1996 are a fading memory. Most people under 40 do not remember a time of American economic confidence and full employment.

Now, in the early days of yet another post-recession "recovery", even more sluggish than our past recoveries, most college graduates are able to find work . It is often not the work they studied for though ...

College Graduates Fare Well in Jobs Market, Even Through Recession - NYTimes.com

... employers are hiring college-educated workers for jobs that do not actually require college-level skills — positions like receptionists, file clerks, waitresses, car rental agents and so on.... 

Unemployment is also relatively low for the 50+ segment, but when these 'elders' lose their jobs involuntary semi-retirement is not rare.

The greatest problem though is concentrated in the young non-college graduate. That is the majority of young Americans; only 32% of "non-institutional" [1] Americans get a Bachelor's degree or higher, 12% of Americans don't finish High School. "Unemployment" in this population is about 16%, and that counts only those looking for work. Much of that work is minimum wage and at risk for automation. [2]

That's why, when I think about our post-distruption economy, I think in terms of relative disability. For the purposes of a thought experiment,  I'll include in the 'mass disability' cohort anyone who doesn't finish High School, and a third of the people who don't graduate from college. By that rough metric, about 18-20% of young Americans are effectively disabled in the world of 2013. They have the same "zero value marginal product" as the traditional (cognitively) disabled [3].

That's mass disability.

Obviously, a society where 20% of adults are "disabled" is not a long-lived society. In the immortal words of Selina Kyle "There's a storm coming, Mr. Wayne. You and your friends better batten down the hatches, because when it hits, you're all gonna wonder how you ever thought you could live so large and leave so little for the rest of us."

So we need to do better. Today Bernstein makes a stab at the problem ...

Where Have All the Jobs Gone? - Bernstein NYTimes.com

... We also need a significant, permanent program to absorb excess labor (an explicit part of the Humphrey-Hawkins law). We should consider restarting and rescaling a subsidized jobs program from the 2009 Recovery Act that, though relatively small, made jobs possible for hundreds of thousands of workers.

And we have to reassess our manufacturing policy, including reducing the trade deficit. That means both reshaping our dollar policy ....

Finally, financial deregulation has become the enemy of full employment: it funnels capital to unproductive parts of the economy, and plays a key role in the “shampoo cycle” of bubble, bust, repeat. Less volatile capital markets mean fewer shocks to the job market...

In other words

1. Subsidize jobs. This is the traditional approach to employment for the cognitively disabled, though there are many indirect ways to subsidize labor.
2. Devalue the US currency, increase exports.
3. Make Finance a relatively dull and unprofitable business.

That's a good start, but we can be more imaginative. I'd add

1. Study Germany very closely. They take a very different approach to industrial policy and education. We should learn from it. I don't think sending more people to traditional college is going to help.
2. Revamp our approach to education, training, and retirement. Tax wealth and finance to pay for subsidized low cost training programs for a wide variety of skills. Provide low cost loans and scholarships for people of all ages to train.
3. Separate benefits from employment to facilitate movements between jobs and training and employment and non-employment.
4. Create a program of facilitated entrepreneurship - a nationwide small business creation service for people of all ages and skills. (ObamaCare makes this possible.)

Anything else we should try?

See also

Gordon's Notes

• Unemployment and the new American economy - with some fixes 1/2011 and Employment in the Great Stagnation 8/2010. These are two previous versions of this post.
• Managing the Depression: A national small business generation service (again) 8/2011and Gordon's Notes: Antidote to The Great Recession: A national small business generation service. 2/2008. For some weird reason Google steadfastly refuses to index these posts.
• Mass disability goes mainstream: disequilibria and RCIIT 11/2011 - the concept of mass disability is gaining some traction
• Causes of the Great Recession: China, GPSII and RCIIIT. Now for Act III. 4/2010. I started out with a longer list of causes, but by 4/2010 I'd decided the root causes were "the great catchup" and the great slow tsunami of the IT transformation.
• Post-industrial employment: adjusting to a new world 5/2010.
• Baumol's cost disease: medicine, education and post-AI disruption 10/2012 - Baumol's model doesn't get much respect from the economists I read, wish I knew why not.
• On redistribution 6/2004 - I'd forgotten about this Baumol connection.

Other

• College Graduates Fare Well in Jobs Market, Even Through Recession - May 2013 - NYTimes.com
• The $2 trillion shadow economy is the recession’s big winner - April 2013 - Wonkblogs
• Worthwhile Canadian Initiative: Three ZMPs and two Co-ordination failures - Jan 2011
• Plan B - Skip College - May 2010 NYTimes.com
• The Speculist - What if the Jobs Are Never Coming Back? April 2010
• The Atlantic | January/February 2004 | Are We Still a Middle-Class Nation? | Lind Even in 2004 we could see this coming.
• The thinning out of the labor market middle Cowen 4/2013
• The Unsustainable Rise of the Disability Rolls in the United States: Causes, Consequences, and Policy Options 11/2011 - Autor, MIT Press

- fn -

[1] This number excludes prisoners, so the real number is less.
[2] Hopefully they are able to earn some money in the 2 trillion dollar underground economy. This is one reason to keep marijuana retailing illegal with minimal enforcement -- it provides a protected labor niche.
[3] College grads now fill unskilled jobs, and unskilled laborer programs are beginning to push out programs for the traditionally disabled... 

Muscle soreness two days after exercise -- why does it go away?

If I survive a few more months, I'll write about why I started CrossFit at 53.

It's been an interesting experience, not least because of the extreme muscle soreness during the first 3-4 weeks of workouts. About 48 hours after exercise I had a hard time descending stairs. This is known as "delayed onset muscle soreness" or DOMS - also known as "muscle fever". 

No, there's no evidence at all that nutritional supplements make any difference.

I've run into this before of course, typically after playing hockey, but until now I hadn't seriously wondered about the cause. I dimly recall some handwaving explanations in my 1980s med school; something about "muscle tears" and/or lactic acid. The latter was silly, and the former hasn't held up. The current consensus seems to be that it arises from some sort of microscopic injury and healing, but ...

Re-evaluation of sarcolemma injury and muscle swell... [PLoS One. 2013] - PubMed - NCBI

.... results do not support the prevailing hypothesis that eccentric exercise causes an initial sarcolemma injury which leads to subsequent inflammation after eccentric exercise... fibre swelling in the soleus muscle is not directly associated with the symptom of DOMS...

But if it were some kind of injury response, why does DOMS become much less severe over time? After about 4-6 weeks of CrossFit I still have muscle soreness, but it's quite mild -- nothing like my original experience.

After I thought about this a bit my hypothesis was that the fundamental mechanism was apoptosis, or cell death. My old underused muscles probably had a good number of old creaky cells on the edge of apoptosis; perhaps a sudden mitochondrial activity surge pushed them over the edge. Lots of cells die at once, but after a few weeks the marginal ones are gone and I'm back to baseline muscle soreness.

Strangely, because apoptosis was a very hot topic in the 90s and 00s, I could find only one reference with a PubMed search on apoptosis and DOMS. That was in a relatively obscure journal back in 2000:

Gender differences in muscle inflammation aft... [J Appl Physiol. 2000] - PubMed - NCBI

"... exercise may stimulate the expression of proteins involved in apoptosis in skeletal muscle."

Research tends to follow fashions, and apoptosis was overexposed a decade ago. It's time for it to make a comeback though, so I'm looking forward to reading about apoptosis and DOMS in the years to come. Researchers just need to study 50+yo men starting CrossFit.

Update 12/19/2018: Still loving that CrossFit. Reading this I must have started around 4/1/2013. So I’ve been doing it for 5y8m. I’m never as sore as I was those first few weeks …

Learning programming for middle school - Python

We survived our monster spring break trip to Florida (example), so now it is time to think about how to make our children miserable this summer. For #3 it is math, for #1 I'm still thinking, and for #2 it is learning to program.

Program in what?

Python of course [1], as as discussed on app.net and almost universally identified as the best learning language [2]. It helps that I know the basics of it, and would enjoy learning more.

There are several options we can explore to help with this project:

• Coursera | An Introduction to Interactive Programming in Python: they use CodeSkulptor to run interactive Python programs in a browser
• CodeAcademy Python
• Khan Academy - Introduction to Programs (uses Python)
• Python Visual Quick Start Guide 2001 by Chris Fehily. This excellent books is long out of print and later editions aren't nearly as good, but I have a copy. Most of it runs fine on 2.7.
• Learn Python The Hard Way: a classic online tutorial.
• Python for Kids: Introduction to Programming by Jason Briggs (book - ages 10+). This is the bestselling kid-oriented product.
• Snake Wrangling for Kids by Jason Briggs (PDF, I think this became the Python for Kids book. The current version is Python 3, if you want the Python 2 edition you have to peck around until you find it.)
• Hello World! Computer Programming for Kids and Other Beginners (book - probably 10+)
• BeginnersGuide/NonProgrammers - Python Wiki: by Darwin, there are a lot of options.
• Python Programming for the Absolute Beginner, 3rd Edition: Michael Dawson 
• Python | Ideas for Teaching Computer Technology to Kids: pretty similar to what I found here.
• Learning with Python/How to Think like a Computer Scientist: Interactive Edition: interactive (free) version of a text, open source and free - supported by Luther college.

We started out registering for the Python Coursera course from Rice University. I enjoyed it, but it's probably better for later high school or someone like me. The use of CodeSkulptor is interesting.

 

I suspect we'll go with Python for Kids and perhaps some Khan Academy and/or CodeAcademy supplements.

[1] Specifically Python 2.7.4 for Mac. The latest version of Python is 3.x, but when I did my Google App Engine tutorial at Strata we were told to use 2.7,  Coursera and most texts also prefer 2.7. On Mountain Lion you can install 32bit or 64bit versions, but the 64bit requires a TCL upgrade to run the handy integrated dev tool (IDLE) so I just went with 32bit. OS X ships with a version of Python, but it's worth getting the IDLE version. It's exasperating that the standard Mac Python distribution doesn't include an uninstaller; I wrote up some directions here after I foolishly installed Python 3.

[2] I suspect TurboPascal was the best ever, but it's no longer practical. Other contenders on the Mac environment are JavaScript and (yech) AppleScript. 

Update 4/21/2013:

We ended up starting with the free  Python 2 edition of Snack Wrangling for Kids. Not because it's free, but because it uses Python 2 (which imho is the best current version), and there's a PPC version of Python 2.7.4. The PPC version is desirable because we use an old G5 iMac as a "Learning Workstation"; unlike our other workstations there's no limit or authentication required for use of that machine. It's a good place to host the Python IDLE link and the PDF.

Although the language of SWFK is more for 8-10yo than our 14yo he doesn't mind it and the exercises build nicely.

See also: 29 common beginner Python errors on one page | Python for biologists

Math education if you don't care for everyday math and religious purity is not required

Medicine is barely evidence based, so it's not surprising that education is not.  Research is expensive, and kids are so variable that even evidence-based conclusions wouldn't work for everyone. In any case, there's no money to do true randomized well designed trials on math curricula.

So instead of evidence we get opinion-based fads. In the late Clinton era we got everyday math, which swept into Minnesota in the 00s. Now it's receding elsewhere, but we're still stuck with it. Obviously Everyday Math must work for some, but it hasn't done well with our three.

So, for this summer, we decided to do something different with #3 before she enters middle school. I started with the homeschool site curriculum reviews, but of course many of them are concerned with religious purity as much as education. I didn't see anything there I really liked. I wanted a well done textbook, but Saxon seemed too rigid and dull and Singapore Math too strenuous.

Next I tried places that I thought might do a good job with Math teaching, such as California and Ontario. I decided I liked Ontario's approach to 5th and 6th grade math best. They use the Addison Wesley's "Math Makes Sense" series. (I enjoyed the exercise animation that used hockey puck weights.)

I found used copies of the 5th and 6th grade books on Amazon for a few dollars each, so for about $12 total we have the material for our daughter's summer work.

Why does the Fujitsu iX500 document scanner need a computer?

For the past decade I've used a typical corporate document scanner. These are the big brothers of the home "MFC" - laser printer, copier, scanner, fax machine. The scanner produces PDF images on an internal hard drive. You can adjust resolution and page size from a control panel, but really all we ever do is scan to 8.5x11 PDF archive resolution.

It's old tech. So why can't I buy a decent document scanner that produces 600DPI 8.5x11 PDFs without an attached computer? In particular, since Fujitsu seems to rule the home document scanning world, why does the ix500 still require an attached computer? This isn't rocket science.

Brother did something like this on a home MFC back in 2009, but I can't find anything on it today.

This is so weird. Is there a patent problem?

It's driving me daft.

See also

• Document Management and Scanning for the Home Intranet and Browser-based Thin Client Browsers 1999. I'm just including this for historic purposes, but it reminds me how long I've been working this problem. In those days it wasn't yet clear that all scans would be to PDF; it took some hackery to produce PDFs from a Fujitsu 15C. That was a nice scanner, but enormous.
• My ScanSnap S1300 document scanner review 2010. I liked it at first, but document feeders are everything. This one wasn't good enough. I'd have been far happier with the S1500 of the same vintage.
• Discarding receipts: IRS accepts scanned images 2/2006
• Microsoft Office Document Imaging - a little known gem 5/2008 - Windows. TIFF output though.
• Image Capture for Scanning: the 2nd most underestimated OS X application 9/2007 and Image Capture 10.6 is one heck of a scanning app 12/2009. Apple hasn't ruined it yet.
• Brother MFC machine scan to USB features 4/2009. So why didn't Fujitsu do this?!
• Epson vs. Canon scanners: who has better OS X support 9/2007: It's all about the drivers, Canon drivers are horrendous. (HP might be worse.)
• ScanHelper: route scan output to the desired application 3/2007
• Streamlining Receipt Entry | Scott Gruby's Blog 2012

Blood donation false-positive HTLV I/II test interpretation. Update - a single case of later onset auto-immune disorder

After decades of blood donation I was rejected in 2010 because of a false positive HTLV I/II test.

I was annoyed, but not too concerned. I forgot about it until I came across old papers today, and a Google search showed that this has been a problem for others. So I'll explain here what I know of this topic, and why I wasn't worried.

This is a bit hard to explain -- even physicians have trouble with testing concepts. One way is by a simplified analogy made for this situation. Suppose you were looking for a killer and you knew they blue eyes and a unique DNA marker that's expensive to test for. Blue eyes would be your imperfect screening test; it has lousy accuracy but it's cheap. Next you test the blue eyed people with the expensive (and perfect) DNA test and you find your killer.

You could test everyone with the perfect "DNA Marker" test, but that would cost a lot of money. So the "blue eye" test is used first to save money.

In my case I tested positive on the cheap ("blue eye) screening test but negative on the good (but expensive) test.

So you'd think I could still donate blood -- but one problem is I may continue to test positive on the inaccurate screening test. That means each time I give blood the expensive test would have to be repeated. That's too much money to spend since we have enough blood donors. (We use far less blood that we used to.)

There are other procedural workarounds, but they all introduce cost and complexity. On the other hand, I'm still a listed bone marrow donor; in that case the economics justify the expensive test.

There's a reasonable discussion in Transfusion 2011 - Human T-lymphotropic virus antibody screening of... [Transfusion. 2011] - PubMed - NCBI. There were 130,000 false positive US donors between 1995 and 2008.

There's a better screening test on the market now so this problem should become less common. Blood centers may eventually decide to reinstate people previously rejected for HTLV positivity and rescreen, but that's probably more trouble than its worth.

If you think about this a bit, there are some other issues to consider. I wasn't much bothered by my false positive test because I'm a physician who works with these topics -- but I bet most of those 130,000 people were quite anxious. Money was spent on follow-up visits with expensive specialists and unnecessary retesting. Some may have had insurance problems. Arguably blood donors should be warned about the risks of false positive testing prior to donation -- so they have informed consent prior to the procedure.

Update 11/26/2015: It helps to have some long term followup on these strange happenings. In retrospect this might have been an early indicator of an auto-immune disorder. Two years later, in 2012, I developed acute inflammation of a distal (near nail) joint of one hand. Five years later (2015) it involved 3 joints and I have sub-patellar arthritis on both knees. In addition to an inflammatory arthritis along the psoriatic-osteoarthritic spectrum I've features of metabolic syndrome despite a low BMI -- including slowly elevating glucose.

My (newly acquired) rheumatologist and I suspect this was a sign I was pumping out lots of antibodies, part of a dysfunctional immune system activation. Though there has also been a relationship between HLTL-1 infection and polyarthritis that doesn't seem to resemble mine, and of course the follow-up testing showed I didn't have the infection.

If someone has a false-positive HTLV-1/II test when donating blood it obviously doesn't mean they are in the early stages of an auto-immune disorder. This is just one odd case. Still, it might be worth a retrospective study.

The Net is a forest. It has fires.

Whatever RSS (Atom, etc) was intended to be, it became the standard plumbing for subscription and notification. When In Our Time has a new podcast available, Google Reader's use of RSS tells me to get it. When Emily adds a new event to her calendar, RSS lets me know about it.

These are useful tools, but most of all RSS is the plumbing that enables Google Reader to track the hundreds of publishing sources I follow. Some of them publish dozens of stories a day, some publish 2-5 times, a day, and some publish every few weeks. RSS and Google Reader means I can follow them all. Without it the NYT would still be interesting -- I'd just visit it less often. I would give up on those infrequent publishers though, even the ones I love.

Many of those infrequent publishers are "amateur" writers who use blogs. RSS is the democratizing force that put them and the New York Times on an equal footing -- much to the NYT's chagrin. RSS is one of the things that makes blogs work -- esp. the blogs I love.

Since RSS has been pretty important to blogs, and since Google Reader has been the dominant RSS client for years, it's worth seeing what the major blog platforms are saying about the end of Reader

We'll start with Blogger. That's a huge platform, they must have had a lot to say ...

<crickets>

Ok. That's weird. Let's take a look at another biggie - Tumblr, home of 100 million blogs.

<single cricket>

Wow. Spooky. Ok, let's go to the real core. The home of WordPress, the world's dominant professional blogging platform...

<intergalactic space>

As Bond says "Once is happenstance. Twice is coincidence. The third time it's enemy action."

Something is happening. It feels like a fire is coming to the Net. Again.

The first fire I remember was the end of Usenet. Yeah, I know it's technically still running, but it's a faint shadow of the days when I posted about Mosaic for Windows in WinOS2. The Usenet archive nearly vanished when DejaNews failed, but Google rescued it. That was a different Google that the one we know now.

The next fire took out GeoCities. GeoCities was once the third most valuable property on the Net; thirty-eight million web pages died when Yahoo closed it. (Did you know Lycos.com is still around and that it still hosts Tripod? I was shocked.)

Yes, maybe 90% of those pages were junk, but that leaves about 4 million pages of people writing about things they were passionate about. Apple's termination of MobileMe .mac web sharing destroyed a much smaller amount of content, but even now I come across reference to great .Mac content that's gone. Not just moved somewhere else, gone.

The end of GeoCities and .Mac was matched by the end of applications like FrontPage and iWeb. Those apps let geeky amateur's publish to their (web) "hosting" services. Most of that content is lost now -- millions of pages.

No wonder it's hard to find things I read on the net in the 90s. The fires took it all.

Today its feels like the fire is coming again, and once again amateur content will be purged.

I wonder if it will return again.

I closed my PayPal account. You probably should too.

In the old days I did casual hookups -- of new net accounts and services.

Now, of course, every net identity and related service is a security risk; the hookup era is history. A recent WordPress attack, for example, meant I had to review the security on current and unused WordPress accounts.

The rising cost of account security, including multiple systems for doing two factor authentication, means we all want as few net identities and services as possible, and we want to limit them to companies with good security policies. (Until recently, that didn't include Apple. They're showing signs of improvement.)

So, on general principles alone, it would have been a good idea to get rid of my unused PayPal account. I set it up in 2005 and by November of that year PayPal had earned my lasting distrust. It's weird that I kept it around, even though I did give it an extremely robust and unique password. My only defense is that 2005 was a long time ago.

Truth is, I didn't get around to deleting my old account until I read a Cringely post on how PayPal mismanaged a hacked account of his. It's a litany of fail.

That's when I discovered that my PayPal password, which was something like "I8qRb7yw93OSD4iUHt2b", no longer worked. Evidently my (robust) PayPal password had been quietly reset sometime in the past few years -- either that or my account had been hacked.

PayPal let me do a password reset today based on the original email; the new password came with the usual security-reducing 'secret questions'. Then I had to agree to an electronic notification policy that's probably years old. Finally I was able to close my PayPal account.

If you don't use PayPal routinely, you should close yours too.

Next up: My Amazon commerce account ...

[1] OAUTH is not a cure; it brings different vulnerabilities. Even I'm not very good at reviewing OAUTH access against my various net identities.

Is this AT&T rate change minute expiration a new dirty trick?

We use about 1,000 minutes a month on our AT&T mobile family plan. So our use is halfway between their 700 ($48) and 1,400 minute plans ($64).

To avoid overage fees we do the 1,400 min plan, and we now have 1,200 rollover minutes. So I thought I could drop back to the 700 min plan for a while and use them up.

Not so fast ...

On the one hand, I hate AT&T. On the other, I kind of respect the purity of their evil. The rollover minutes are pretty useless, but they were probably a competitive advantage once.

So is this minute expiration policy a new dirty trick, or is it one of their old ones?

Buying a used road bike (Mineapolis St Paul example).

When I published my 'touring bike' page in 1997 I'd just bought a new 1996 Cannondale touring bike for $600. I've made many upgrades over the past 16 years, but it's been a very decent bike.

These days similar bikes seem to start at $1000. I can find good value mountain bikes or cross-bikes for my relatively short #1 son, but road bikes of any kinds are an elite product these days. So I'm looking at used bikes, which aren't cheap either. (Not surprising, given the cost of a new bike.)

Finding a used bike is a bit tricky. There are too many stolen bikes on Craigslist for me to be happy there, and searching Craigslist for a small frame bike is a pain anyway [1]. Fortunately a friend of mine is a passionate lover of old bikes, and she was happy to pass on on some advice. It's Minneapolis - St Paul specific of course: 

• The Bike Hub Coop has a wide range of used bikes, but many are high priced consignment or high class refurbs, so the average price is $300+. In June they have a "used bike extravaganza" -- a good time to hunt for a small frame bike.
• One on one bicycle studio (Minneapolis warehouse district) - they'll watch for a small frame if asked
• Cycles for Change is near my St Paul home. They had a slightly big bike for the right price, but it had been refurbed with a wide cartridge modern wheel and the chain rubbed on the frame.
• Mr Micheals Reycles Bicycles: web site isn't worth much but I think as of 2022 they are still around.

I think prices will be around $250-$400. In some shops the bikes are assembled by trainees -- which is part of the mission. They aren't necessarily bike experts though, so you need to inspect mechanicals.

For now #1 is riding my wife's 1984 Nishiki -- a fine and tough old steel bike. She's fond of it but happy to let him try it out, gives me time to test him out and find a used one. (Emily is loathe to part with old gear, so she's not interested in replacing the Nishiki with a $$$ carbon frame thingie.

[1] An app.net comrade suggested pawn shops, but that seemed a bit hit or miss. I think in these parts bike shops that specialize in used bikes are the best bet.

PS. A post with a picture of my 1976 Raleigh International; I think it was $450 then. In those days that was a high end bike, the equivalent of a $2,000 bike today. (Since that picture I did make one concession - I put Shimano mountain bike clips on it.)

Roger Ebert and Iain (M) Banks

Two days ago I learned that Iain (M) Banks, one of my favorite writers, had months to live. He should have had decades. He announced he was marrying his partner.

The same day I read a blog post by Roger Ebert. He announced that a recent fracture was "pathologic" -- meaning related to a cancer recurrence and his new plans...

A Leave of Presence - Roger Ebert's Journal 

... I am re-launching the new and improved Rogerebert.com and taking ownership of the site under a separate entity, Ebert Digital, run by me, my beloved wife, Chaz, and our brilliant friend, Josh Golden of Table XI. Stepping away from the day-to-day grind will enable me to continue as a film critic for the Chicago Sun-Times, and roll out other projects under the Ebert brand in the coming year...

I assumed, reading it, that he was preparing, as quickly as possible, for the end. That came today. I will miss his wisdom and compassion.

Google Field Trip -- Scooba Mississippi

My gypsy wife sent us on a 12 state 9 day road trip from the frozen north to Florida's "Emerald Coast" and back to the still frozen North.

This was less painful than you might think; we kind of like road trips. iPhones help, but so does a cheap old two panel auto DVD player and our patented movie selection method -- parent chooses four, each child removes one until one DVD remains.

This time we tried out Google Field Trip for iOS. I won't trust my data to Google products like the comically named "Keep", but I'm relatively good with this kind of ad-supported product [1]. Leonard has a good review up on Salon, with his take on the coverage problem we also ran into ...

App of the Week - Salon.com

... it’s not clear how in-depth Field Trip’s coverage is across the entire U.S. I used the integrated Google Maps feature to peer into some other regions I know pretty well and received widely varying results. I took a look at downtown Gainesville, Fla., and found a wealth of interesting historical information, but very little in the way of restaurant or bar recommendations. I zoomed in on Peterborough, N.H., and found zero recommendations of any kind. I checked out my father’s old neighborhood in the Upper East Side of Manhattan, and discovered much less than one would expect of one of the most densely packed regions of the world...

We had pretty good coverage of local history in parts of Illinois, but then less in Indiana and almost nothing in Kentucky. Most of the interesting alerts came from Google's use of the volunteer led Historical Marker Database; its coverage may depend on where volunteers live. I'm hoping Google will support some expansion as part of their routine Street View maintenance.

We're a long way from getting road trip history on a place like Scooba Mississippi. From the name and look of the old main street, called Railroad St, Scooba was a railroad town that died with passenger rail:

(image from Google Street View)

Now it's the home of East Mississippi Community College - which was likewise empty on our Good Friday drive by. Empty except for two police cars with closed gates on every entrance road but one. (The web pages appear to have been last revised in early 2012, but the campus is still in business. I think.)

Google Field trip was silent on Scooba. I'd like to know what it was like when times were good, and I'd like to know why students go to EMCC and what happens to them after they leave.

[1] Relatively good, there's still the Google predatory pricing problem. "Free" (ad supported) aps like this push better alternatives out of the market.

Schneier: Security, technology, and why global warming isn't a real problem

In the Fever Days after September 2011, I wrote a bit about "the cost of havoc". The premise was that technology was consistently reducing the cost of havoc, but the cost of prevention was falling less quickly.

I still have my writing, but most of it is offline - esp. prior to 2004. As I said, those were the times of fever; back then we saw few alternatives to a surveillance society. Imagine that.

Ok, so that part did happen. On the other hand, we don't have Chinese home bioweapon labs yet. Other than ubiquitous surveillance, 2013 is more like 2004 than I'd expected.

The falling cost of offense/cost of defense ratio remains though. Today it's Schneier's turn to write about it… (emphases mine)

Schneier on Security: When Technology Overtakes Security

A core, not side, effect of technology is its ability to magnify power and multiply force -- for both attackers and defenders….

.. The problem is that it's not balanced: Attackers generally benefit from new security technologies before defenders do. They have a first-mover advantage. They're more nimble and adaptable than defensive institutions like police forces. They're not limited by bureaucracy, laws, or ethics. They can evolve faster. And entropy is on their side -- it's easier to destroy something than it is to prevent, defend against, or recover from that destruction.

For the most part, though, society still wins. The bad guys simply can't do enough damage to destroy the underlying social system. The question for us is: can society still maintain security as technology becomes more advanced?

I don't think it can.

Because the damage attackers can cause becomes greater as technology becomes more powerful. Guns become more harmful, explosions become bigger, malware becomes more pernicious...and so on. A single attacker, or small group of attackers, can cause more destruction than ever before...

.. Traditional security largely works "after the fact"… When that isn't enough, we resort to "before-the-fact" security measures. These come in two basic varieties: general surveillance of people in an effort to stop them before they do damage, and specific interdictions in an effort to stop people from using those technologies to do damage.

… Lots of technologies are already restricted: entire classes of drugs, entire classes of munitions, explosive materials, biological agents. There are age restrictions on vehicles and training restrictions on complex systems like aircraft. We're already almost entirely living in a surveillance state, though we don't realize it or won't admit it to ourselves. This will only get worse as technology advances… today's Ph.D. theses are tomorrow's high-school science-fair projects.

Increasingly, broad prohibitions on technologies, constant ubiquitous surveillance, and Minority Report-like preemptive security will become the norm..

… sooner or later, the technology will exist for a hobbyist to explode a nuclear weapon, print a lethal virus from a bio-printer, or turn our electronic infrastructure into a vehicle for large-scale murder...

… If security won't work in the end, what is the solution?

Resilience -- building systems able to survive unexpected and devastating attacks -- is the best answer we have right now. We need to recognize that large-scale attacks will happen, that society can survive more than we give it credit for, and that we can design systems to survive these sorts of attacks. Calling terrorism an existential threat is ridiculous in a country where more people die each month in car crashes than died in the 9/11 terrorist attacks.

If the U.S. can survive the destruction of an entire city -- witness New Orleans after Hurricane Katrina or even New York after Sandy -- we need to start acting like it, and planning for it. Still, it's hard to see how resilience buys us anything but additional time. Technology will continue to advance, and right now we don't know how to adapt any defenses -- including resilience -- fast enough.

We need a more flexible and rationally reactive approach to these problems and new regimes of trust for our information-interconnected world. We're going to have to figure this out if we want to survive, and I'm not sure how many decades we have left.

Here's shorter Schneier, which is an awful lot like what I wrote in 2001 (and many others wrote in classified reports):

• Stage 1: Universal surveillance, polite police state, restricted technologies. We've done this.
• Stage 2: Resilience -- grow accustomed to losing cities. We're  not (cough) quite there yet.
• Stage 3: Resilience fails, we go to plan C. (Caves?)

Or even shorter Schneier

• Don't worry about global warming.

Grim stuff, but I'll try for a bit of hope. Many of the people who put together nuclear weapons assumed we'd have had a history ending nuclear war by now. We've had several extremely close calls (not secret, but not widely known), but we're still around. I don't understand how we've made it this far, but maybe whatever got us from 1945 to 2013 will get us to 2081.

Another bright side -- we don't need to worry about sentient AIs. We're going to destroy ourselves anyway, so they probably won't do much worse.