Category: News

  • Yes, Virginia, There is an Antivax Conspiracy

    Mentioned by the Bad Astronomer:

    Jamie Bernstein was kicked out of the Autism One conference in Austin, Texas because, well, the Antivaxers are a tad nuts.

    A police officer walked up to Ken and me and said, “Are you aware that you have been asked to leave?” We both replied that no one had previously mentioned kicking us out, but that we would cooperate and go if they wanted us to. From our point of view, it seemed like Teri must have told the police that she had asked us to leave and we refused. This never happened, though.

    At this point, Teri said she wanted my camera film… which is kind of a strange thing to ask since this is 2011 and most cameras don’t use film anymore. I told her I didn’t have film, but would be happy to delete the pictures I took. The police officer said that would be fine, but Teri would have none of it. With a shaking voice, she snapped “No, I demand the film!” I said (again) I didn’t have any film, it being a digital camera and all, but took my camera out and erased the two pictures that were on there. She seemed unhappy with this result, but was unable to overturn the police decision.

    Read Part One and Part Two

    I’ll say that she should not have volunteered to delete the photos. The only authority the security (or the police) had was to ask her to leave. I’m also troubled by her excessive cooperation as illustrated here:

    At this point, Teri and a police officer took Ken aside and I was questioned by the remaining Lombard police officers. They took down all my personal information and kept asking me paranoid questions like “Are you a journalist?” “Do you work for a magazine?” and “Who sent you here?” I answered all questions truthfully, though they weren’t happy with the answers. They seemed convinced I was some big-shot reporter for a magazine and kept harping on that point as I continued to deny such a thing. I kept asking the police if I was in trouble or if I’d done something wrong. They told me I wasn’t in trouble but that they just had to take down my information.

    She was under no obligation to answer any of those questions and I submit that the police were invading her privacy. If the conference organizers chose to kick her out, for whatever reason, that is of course their privilege, but the police had absolutely no right to interrogate her or her companion.

    By all means, leave quietly and with good cheer if you are asked to leave by a conference organizer, but do not surrender your rights while doing so!

  • Humans are Humans and Some aren't very Nice

    According to the AJC, a University of Alabama fan has poisoned Auburn’s famous Toomer’s Corner Live Oaks, a set of 130 year-old oak trees. Why?

    From the radio show where he made the claim:

    According to the Opelika-Auburn News, the caller said he poisoned the oaks because Auburn students rolled the trees to celebrate the death of Alabama coaching legend Paul “Bear” Bryant in 1983.

    The caller signed off with, “Roll Damn Tide.”

    Some days I’m just not happy to be a member of the same species as some other people.

    Sure, in the grand scheme of things, this isn’t murder, nor is it genocide, nor the deliberate torture of children nor the calling for the murder of doctors, but really? Killing trees because you’re angry? I don’t like you .

  • Jailbreak?

    Is it a jailbreak if—through inaction—you are released before your time is up?

    Apparently a woman was released from prison a year early due to a paperwork snafu. If she knew that she still had time left and was complicit in the early release by doing nothing to correct the issue, is she liable for the time-honored punishments for jailbreaking prisoners?

    Or, conversely, is the County liable for violating the constitution by subjecting the woman to cruel and unsusual punishment in the form of an early release followed by a return to prison?

    So many thick juicy questions!

  • Foot in Mouth Disease: "Runner" Definition

    A race commentator in New Zealand recently decided that the person who won a race wasn’t “a real runner”.

    You see, Morgan had won the race but because he’s a big guy the race announcer (Mr. Dark a local Radio DJ) felt he simply wasn’t a real runner.

    “What right does the announcer have to say I’m not a ‘real runner’? I train just as hard as any 75kg runner,” Morgan said after the race.

    “It was a throw-away comment … but he certainly doesn’t look like an elite runner, I stand by that.”

    However, he does not take the harsh words back. “I call it as I see it.”

    This guy needs a whack on the head. I acknowledge many different ways to define “runner” but one of the most primary is “wins the race”.

    Personally, my definition of a runner is easy: A signature on a race form. That’s it. If you run a 5k race in 45 minutes, I will still call you a runner.

  • Wikileaks, First Amendment, Espionage, Information Security

    I’ve been having some lively discussions surrounding Wikileaks’ release of United States diplomatic cables on November 28, 2010. I seem to be confusing some people with my arguments and statements. I intend to clear this up.

    For the record:

    • I support Wikileaks’ publication of the diplomatic cables. However that information came into their hands, their right to release the content falls squarely under the First Amendment1 (either Freedom of the Press or Freedom of Speech, take your pick) in my opinion.
    • I support the Government’s right, as designated by Congress under various acts, to prosecute any illegal activity that led to Wikileaks’ possession of the cables.

    Those two positions are distinct, and not necessarily contradictory, which seems to be the main point of contention in my conversations. Yes, it’s possible that persons within Wikileaks have committed acts which may qualify as illegal under our various espionage and security laws. But those persons and Wikileaks still remain separate.

    The devil is in the details, of course, and I have a sneaking suspicion that the details will be worked out in the courts for next several years. I’m a firm believer in our system of government so I have faith that things will work out for the best.

    I should add a further stipulation, though:

    • I do not support the government if it uses its position as big dog to suppress the release of information that, while embarrassing, may serve to better educate those of us in the Republic that pay attention and want to make informed decisions.

    The information is out. It is now ours, John and Jane Q. Public’s, to deal with and ingest. If the government doesn’t like that, it should have done a better job of hanging on to it. Advocating for Wikileaks to be designated a Terrorist Organization is not upholding the fundamentals our country was founded upon.

    This will Happen Again

    This incident may have marked a turning point for the government. This may be the final wakeup call that information security isn’t what it used to be. The revelation of these internal memos of the State Department are going to embarrass us internationally and there will be plenty of spadework by Secretary Clinton and whoever her successor ends up being2. The wakeup call, however, isn’t that the information needs to be secured even more tightly, until it screams and bleeds, but for it to be managed in a manner that allows for the balance of maximum security along with maximum utility3 acknowledging all the while that in the information era, this type of leak is impossible to prevent.

    I am not a government employee. I’ve never been in the military. I do not work in a high-security environment. I make these statements to display the breadth of my ignorance on how the government likely treats its classified and secret information on a day to day basis. I do know that secure communications are the foundation of any activity, be it governmental work, military action, or just chatting about your mother in law. However, the Wikileaks posting isn’t about communications so much as archival storage, access controls and trust.

    I don’t see how it’s possible to prevent the type of action that led to the release of the Afghan and Iraq war diaries as well as these diplomatic cables. The size of the releases strongly argues that whoever was responsible4 had access to a large database where these documents could be acquired. This wasn’t some random whistleblower who sent a stolen company memo to the newspaper; this was a person with access and means. If the person had been higher in the chain of responsibility and the government has similar controls and databases for its top secret and other communications, who knows what we’d be seeing right now.

    This is Hard to Prevent

    As I alluded to above, about the balance between security and utility, the easiest way to make sure that no unauthorized person gets access to these types of documents is to ensure that no one has access. That’s not practical of course. We send our diplomats far foreign to liaise with their counterparts and to report back to the government. Without the reports coming back and being read by the decision makers, there’s not much point in sending them in the first place. We aren’t in the grand age of sail anymore where diplomats often had plenipotentiary powers because of the time gap in communications. Today’s diplomats are hooked into the central government 24/7 and communiqués need to flow for useful decisions to be made.

    All of the communications could be encrypted, of course, but then the problem of access control rears its head. Who, precisely, gets to send and receive the messages? How are they stored and accessed? Encryption alone wouldn’t have prevented the release of the cables because the alleged leaker probably had the access required. Encryption and database management will help prevent outside agencies from taking the communications, but it seems we’re doing all right on that front already.

    An important point to remember is that while “encryption” is a nice buzzword, it’s not useful in a lot of applications. Last year there was a big flap in the media about the Taliban in Afghanistan being able to access the unencrypted video feed from Predator drones flying missions. This was a big yawn because that sort of real-time tactical information is of strictly limited utility to the adversary and the effort required to secure it is well in excess of the possible harm that could come of someone listening in. Encryption has costs, too. Some of them are excessive.

    It’s Within Your Power to Secure Your Email Communications

    If this stuff makes you a bit paranoid about people reading your emails and letters, good! It’s always good practice to envision what people would think if they received a copy of the email you are writing. The rule of thumb when I was in college was: “What would you think if this were printed on the front page of the newspaper.” This rule has changed a bit for me after I received my Professional Engineer’s license to: “What would you think if this were read into evidence in a court of law.” Those rules are excellent ones to follow but we can’t use them to rule our lives or else we’ll never have electronic communications that are candid and frank. You know, the ones that actually get to the point and get things done. Fortunately or unfortunately, electronic communications are becoming an important (perhaps key) part of our interpersonal and interbusiness relationships now, email being the prime means.

    Of course, email is one of the most unsecured communication methods that exist. There are numerous ways to tap into your email stream, the easiest of which is to steal your computer. Even if you maintain everything in the cloud, numerous servers process and copy (and archive) the emails that go through them. All of this is retrievable through legal and illegal means.

    I advocate that we all should encrypt our day to day emails5, especially between parties where disclosure of that information would lead to embarrassment, lawsuits, or worse. I’ve written about this in the past and even have a tutorial on how I went about it. If you want to exchange secure emails with me, it’s not difficult. Just click through the link and learn. I regularly apply an electronic signature to my emails7, which doesn’t do anything for security per se, but you can be sure that the email is from me, or from someone in possession of my passphrase. It’s only one more step, on your end, for you to receive encrypted emails from me, and to send them in return. Then we can discuss Aunt Gladys without worrying about Nephew Jim reading the emails while we’re stupefied on thanksgiving turkey.

    None of this prevents the legal system from requiring you to give up your passphrase and disclose those encrypted emails—subpoenas are a pain that way—but it will prevent unauthorized disclosure of information that you wish to remain private and/or secret.6

    The End

    How do I wrap up this essay? I’ve opined in several directions. Perhaps dangerously so. I think we’ll just throw this out there and see what happens. Enjoy. My email is at the top of the blog page but it would be better to respond on this posting.


    1: In the United States alone, of course.
    2: Yes, I think there will be fallout for at least 6 years
    3: Easiest way to secure these cables would be to never send them, or even write them, but then they would not be very useful. The balance of security/utility is something that individual organizations/people have to work out.
    4: Allegedly a U.S. Soldier named Bradley Manning
    5: This is also good practice for avoiding suspicion if you ever need to start protecting your communications from someone. If you are being watched and suddenly all the emails you’re exchanging with your friend Bob are encrypted, there might be some suspicion that “something is going on”. If you encrypt all your communications as a matter of course, this information tidbit is removed.
    6: Hard drive encryption programs such as Truecrypt say that you can securely hide a portion of your hard drive in such a manner that you would be able to give up a passphrase to “an adversary” (in this case, I envision a subpoena) yet still maintain a separate encrypted area that contains your real information, with a different passphrase, undetected. There are arguments about whether or not that would work. If you’re really really paranoid or want to apparently comply with the court order yet still maintain secret information, I recommend checking it out.
    7: Which may have caused you to click through to this link because you received some odd text in a message from me.

  • This is why I'll Never Use OnStar

    From Bruce Schneier:

    More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.
    […]

    Ramos-Lopez’s account had been closed when he was terminated from Texas Auto Center in a workforce reduction last month, but he allegedly got in through another employee’s account, Garcia says. At first, the intruder targeted vehicles by searching on the names of specific customers. Then he discovered he could pull up a database of all 1,100 Auto Center customers whose cars were equipped with the device. He started going down the list in alphabetical order, vandalizing the records, disabling the cars and setting off the horns.

    Reading the linked story, it turns out that this system is installed by the dealer for making reposession easier. It would not disable a moving car but it does allow someone to turn off your ability to start the vehicle and can honk the horn remotely. I wonder how many of the customers were aware this little device was installed?

    I for one was never a fan of the OnStar commercials that showed the cops tracking your car and disabling it remotely. Sure, that’s great if your car is stolen, but people are people and by that I mean, people lie, cheat and steal. Some of them even hack into computers they’re not supposed to be in.

    I’ll never allow a remote disconnect or control in my car beyond my keyless entry.

  • Good Reason to Use Credit Cards

    Jenn and I use a credit card almost exclusively for everyday transactions. This began as an effort to win Delta Skymiles (and is well worth the bookkeeping effort) but now seems like a good idea in general, unless we go back to cash.

    In the past, thieves used devices on the outside of gas pumps to get PIN numbers and information from cards. They installed tiny cameras and card skimmers to steal the information and then dip into a victim’s account. In this case, somebody had placed devices inside gas pumps. [ed. emphasis]

    There’s just no way to defend against something like that.

    If you use a credit card and there is a fraudulent transaction, the credit card issuer will refund you the money and go looking for the perpetrator. In my experience I’ve never had a credit card company question my declaration of fraud.

    I am more leary about debit cards because of the ability of a fraudster to remove actual money from your actual account, rather than just use the card to purchase things. Again, in my own experience, I’ve had Bank of America refund us approximately $100 due to someone swiping Jenn’s debit card info, but that was not a cash withdrawl.

    Scary. Not so much that I feel like I’d go bankrupt but who has the time to deal with this sort of crap?

  • Internet and Other Surveys

    I hate surveys.

    I hate them because you cannot trust them.

    Why can you not trust them? Because generally you only see the “results” through the lens of the medium that is reporting them. Be it Fox News or CNN or the Obama Administration or (I’m not trying to pick on politics here) Habitat for Humanity or Greenpeace or whomever, they all have their own axe to grind so rarely will you be able to review the survey questions or the actual results.

    Peer-reviewed work is of slightly higher caliber, but even in peer-reviewed articles it depends on the quality of the reviewers. Do these people have any education in the ethics and preparation of survey questions? Sometimes that answer is a loud, “Hell No!”

    This post was prompted by two things, one lesser and one greater. First the lesser:

    I had seen a blog post that was a link to a link to a link to a link that finally let me to this “study” by retrevo.com that produced some (in my opinion) questionable statistics about iPhone users (In defense of retrevo, I’m sure they did their survey to generate content and buzz, not from any deep seated need to academically refine their audience database). As I mentioned in my twitter about it this morning, I couldn’t find anything blog-worthy in it and so decided to just let it be.

    That is until I read the latest posting on fivethirtyeight.com about the fabrication of poor performance by Oklahoma students by a polling research firm. This would be the greater thing.

    As an aside, I tend to read items that originate in Oklahoma because over half of my direct family lives out there. Same way I tend to read new stories that come from Northern California where another portion of the family tree is at root.

    As a further aside, I just discovered a bias in myself. While I will read news stories from Oklahoma and lump them in as “family affective” I will only pop up and read stories from the communities immediately surrounding Santa Cruz. Communities which do not include San Francisco, Oakland, etc. My geographic filters for “family affective” stories seems to have some skew.

    Asides over. The story out of Oklahoma is about how Strategic Vision LLC likely fabricated the survey results for how well Oklahoma High School students could do on a basic citizenship exam. I say likely because an Oklahoma Legislator duplicated the study as well as possible and got entirely different results. Fivethirtyeight covers it much better than I.

    Which brings me back to my original point. Survey reporting cannot be trusted, but Americans don’t think about this. How many people know that the “margin of error” reported on every poll during the political campaign season means absolutely nothing without also knowing the confidence interval used?1 How many people know that margin of error is not some “unknown voter factor” but actually a hard and fast number determined by the number of people polled and that confidence interval I just mentioned? Only people who have some background in statistics. News outlets have no incentive to educate the public, they merely want to report the polls in a way that garners the most viewers/readers/clickthroughs.

    Surveys and polls too often do not allow you to research their basis: The questions, who they surveyed, what statistical methods they used, how the random sampling was conducted. Even with the best of intentions, surveys can be skewed by the order of questions, placing people in a particular frame of mind.

    Do not trust survey results! At least, do not trust them over your own judgment unless you can see the guts of the work.

    That is all. Off to drink less coffee.


    1: I assume that most pollsters use a 95% confidence interval, but I have no real knowledge about that.

  • Cobb Police

    We get bulletins from our local constabulary. They talk about the crime trends in the area and what else might be going on. Occasionally they’ll send tidbits like the following.

    Something tells me there’s a lot of excitement hidden behind these dry words (this is not anywhere near our house).

    102309 0500 to 102409 0055 hrs- 1049 Powers Ferry Rd- (Signature Place Apts)- victim arrived home to find her front door unlocked and damaged. An interior locking mechanism was in place denying her entrance through the door. Responding officers gained entrance through a rear window. After securing the apartment, officers were approached by a witness advising that a subject from another apartment had attempted to sell her a digital camera and a Toshiba laptop computer. The victim advised those items matched the description of property taken from her apartment. Officers went to the suspect apartment where a female denied them permission to enter the apartment. When they stated that they wanted to check on the welfare of the small children inside the apartment a black male subject slammed the door and locked it. The female subject later walked out of the apartment closing the door behind her. She was detained in the front yard. Fearing for the safety of the small children known to be inside, officers made entry. After announcing Cobb Police, the black male subject yelled that they would have to come in and get him. Officers entered the apartment and confronted the male subject laying face down on the kitchen floor. There were small children in the apartment so the male subject was escorted outside. Once outside the subject became disorderly and attempted to flee. ECD device was deployed bringing the subject into compliance. Back inside the apartment, officers located a large hole in the ceiling of the front bedroom. Not knowing if there was another suspect in the attic, officers took a tactical position. They were advised that the subject had run out the back of the apartment upon the initial contact from the officers. A search warrant was obtained for the apartment where the stolen property was recovered from the attic. Charged with Burglary and Obstruction of Officers were one juvenile black female and one juvenile black male.

  • Promotion for Incompetency

    Everybody knows the Peter Principle, right? It goes something like, “in an organization, a person will tend to rise to their level of maximum incompetence.”

    Well, researchers from the Universita de Catiana have shown this to be the case in an agent-based system, leading to large reductions in efficiency.

    Any potential solutions? Yes, indeed. The same researchers analyzed a system based on random promotions and one based on alternating competent and incompetent individuals in promotion opportunities. Both of these methods either raised efficiency or at least did not increase it. the inefficiency.

    I’ll have to drag this out at my performance review in case it goes badly.