Monthly Archives: September 2009

BBC Video of Liquid Explosives

Posted on by

The BBC has some really scary video “Detonation of Liquid Explosives.” However, as I thought about it, I grow increasingly confused by what it purports to show, and the implications.


At the end of the day, I think there are two possibilities: It’s a fair representation, or it’s not. I’m leaning slightly towards the second.


If it’s a fair representation, then why are we still drinking on planes? What’s the point of allowing us to bring in smaller amounts of stuff if a 16 ounce bottle can be bought at the airport, washed out, and used to contain whatever that is?

The second choice is that it’s misleading. First, we don’t see what’s being mixed: we see an orange powder poured into a liquid, with a jug labeled water nearby. We the expert tilting the bottle back and forth to mix it. Second, we don’t see how it’s detonated. Third, we don’t really see the placement of the bottle, or how many bottles are placed. There’s an implication that it’s one, but no statement. (In fact, there’s a lack of a statement of how much of a liquid bomb was used. The BBC website say “a liquid bomb.” We don’t see if there were squibs or other games played.

The BBC ought to tell us more about what they showed.

Caster Semenya, Alan Turing and “ID Management” products

Posted on by

caster-semenya-cover-girl.jpgSouth African runner Caster Semenya won the womens 800-meter, and the attention raised questions about her gender. Most of us tend to think of gender as pretty simple. You’re male or you’re female, and that’s all there is to it. The issue is black and white, if you’ll excuse the irony.

There are reports that:

Two Australian newspapers reported Friday that gender tests show the world champion athlete has no ovaries or uterus and internal testes that produce large amounts of testosterone. … Semenya is hardly alone. Estimates vary, but about 1 percent of people are born with abnormal sex organs, experts say. These people may have the physical characteristics of both genders or a chromosomal disorder or simply ambiguous features. (“When someone is raised female and the genes say XY,” AP)

For more on the medical end of this, see for example the “Consensus statement on management of intersex disorders” in the Journal of the American Academy of Pediatrics.

The athletics associations rules don’t cover all of these situations well. The real world is far messier and more complex than most people have cause to address. There are a great many apparently simple things that are really complicated as you dig in.

What the sports associations and news media are doing to Semenya is reprehensible. (There are over 10,000 stories listed on Google News, versus 13,000 for Derek Jeter, who just broke a Yankees record.) She didn’t come into running knowing that she had no ovaries. Having to deal with the identity issues that her testing brings up under the harsh light of the entire world (including me) is simply unfair.

It’s unfair in almost the same way as the British government’s treatment of Alan Turing, the mathematician who Time named one of the 100 most important people of the 20th century for his fundamental work on computers and cryptanalysis. Turing was also a convicted homosexual who committed suicide because of his “treatment” with estrogen, which caused him to become impotent and to develop breasts.

This week, Gordon Brown issued an apology entitled “Treatment of Alan Turing was ‘appalling’:”

While Turing was dealt with under the law of the time and we can’t put the clock back, his treatment was of course utterly unfair and I am pleased to have the chance to say how deeply sorry I and we all are for what happened to him. Alan and the many thousands of other gay men who were convicted as he was convicted under homophobic laws were treated terribly. Over the years millions more lived in fear of conviction.

I am proud that those days are gone and that in the last 12 years this government has done so much to make life fairer and more equal for our LGBT community. This recognition of Alan’s status as one of Britain’s most famous victims of homophobia is another step towards equality and long overdue.

Sports officialdom and state governments are different. Sports are voluntary associations, although athletes have little influence on the choices of international sports functionaries. Either way, watching the chaotic world crash onto the inflexible bureaucracies is tremendously frustrating to me.

As more and more of the world is processed by Turing Machines, assumptions that seem obvious to the programmer are exposed harshly at the edges. A friend with a Juris Doctorate recently applied for a job online. The form had a field “year you graduated from high school” that had to be filled out before she went on. Trouble is, she never did quite finish high school. She had the really relevant qualification-a J.D. from a good school. But she had an emotionally wrenching choice of lying on the form or not applying for the job. She eventually chose to lie, and sent a note to the HR people saying she’d done so and explaining why. I doubt the fellow who wrote that code ever heard about it.

I have a challenge to anyone involved in creating an online identity management system: How well does your system handle Semenya?

The typical answer is either that “that’s configurable, although we don’t know if anyone’s done exactly that” or “she’s an edge case, and we deal with the 95% case really well.” If you have a better answer, I’d really like to know about it. And as a product guy, those are likely the decisions I’d make to ship.

I’ll close by echoing Brown’s words: We’re sorry, you deserve so much better.

Rebuilding the internet?

Posted on by

Once apon a time, I was uunet!harvard!bwnmr4!adam. Oh, harvard was probably enough, it was a pretty well known host in the uucp network which carried our email before snmp. I was also harvard!bwnmr4!postmaster which meant that at the end of an era, I moved the lab from copied hosts files to dns, when I became adam@bwnmr4.harvard…wow, there’s still cname for that host. But I digress.


Really, I wanted to talk about a report, passed on by Steven Johnson and Gunnar Peterson, that Vint Cerf said that if he were re-designing the internet, he’d add more authentication.

And really, while I respect Vint a tremendous amount, I’m forced to wonder: Whatchyou talkin’ about Vint?


I hate going off based on a report on Twitter, but I don’t know what the heck a guy that smart could have meant. I mean, he knows that back in the day, people like me could and did give internet accounts to (1) anyone our boss said to and (2) anyone else who wanted them some of this internet stuff and wouldn’t get us in too much trouble. (Hi S! Hi C!) So when he says “more authentication” does that mean inserting “uunet!harvard!bwnmr4!adam” in an IP header? Ensuring your fingerd was patched after Mr. Morris played his little stunt?


But more to the point, authentication is a cost. Setting up and managing authentication information isn’t easy, and even if it were, it certainly isn’t free. Even more expensive than managing the authentication information would be figuring out how to do it. The packet interconnect paper (“A Protocol for Packet Network Intercommunication,” Vint Cerf and Robert Kahn) was published in 1974, and says “These associations need not involve the transmission of data prior to their formation and indeed two associates need not be able to determine that they are associates until they attempt to communicate.” That was before DES (1975), before Diffie-Hellman (1976), Needham-Schroeder (1978) or RSA. I can’t see how to maintain that principle with the technology available at the time.

When setting up a new technology, low cost of entry was a competitive advantage. Doing authentication well is tremendously expensive. I might go so far as to argue that we don’t know how fantastically expensive it is, because we so rarely do it well.

Not getting hung up in easy problems like prioritization or hard ones like authentication, but simply moving packets was what made the internet work. Allowing new associations to be formed, ad-hoc, made for cheap interconnections.

So I remain confused by what he could have meant.

[Update: Vint was kind enough to respond in the comments that he meant the internet of today.]

Make the Smart Choice: Ignore This Label

Posted on by

smart-choices-bad-for-you.jpg

He said the criteria used by the Smart Choices™ Program™ were seriously flawed, allowing less healthy products, like sweet cereals and heavily salted packaged meals, to win its seal of approval. “It’s a blatant failure of this system and it makes it, I’m afraid, not credible,” Mr. Willett said.

[...]
Eileen T. Kennedy, president of the Smart Choices™ board and the dean of the Friedman School of Nutrition Science and Policy at Tufts University, said the program’s criteria were based on government dietary guidelines and widely accepted nutritional standards.

She said the program was also influenced by research into consumer behavior. That research showed that, while shoppers wanted more information, they did not want to hear negative messages or feel their choices were being dictated to them.
“The checkmark means the food item is a ‘better for you’ product, as opposed to having an x on it saying ‘Don’t eat this,’ ” Dr. Kennedy said. “Consumers are smart enough to deduce that if it doesn’t have the checkmark, by implication it’s not a ‘better for you’ product. They want to have a choice. They don’t want to be told ‘You must do this.’ ” (“For Your Health, Froot Loops™“)

Yes, every single one of these is a better choice than a petri dish full of salmonella. Guaranteed, or your money back.

I’ve added ™ marks where I think the New York Times™ should have included them.

Via JWZ.

Non Commercial

Posted on by

If you haven’t listened to Larry Lessig’s 23C3 talk, it’s worthwhile to listen to the argument he makes. As I was listening to it, I was struck by the term non-commercial, and, having given it some thought, think that we need a better word to describe the goals Creative Commons is pursuing.

The term non-commercial reminded me deeply of the invention of non-secret encryption by James Ellis, Clifford Cocks, and Malcolm Williamson at the British GCHQ. Despite having invented what the world now calls public key encryption, the idea languished under both classification and a failure to make the critical jump from ‘non-secret’ to ‘public.’ Even when something isn’t a secret, you might not want to shout it from the rooftops, unless you’re Whit Diffie. In which case you might think that it would be great to have a phone book full of keys. Whit probably wouldn’t have thought of that with ‘non-secret’ keys, but he certainly did think of a directory of public keys.

Defining your movement by what you are not isn’t the best way to rally people to the cause. No one claims to be on either the anti-life or anti-choice side of the abortion debate. Beyond that, I’m going to say that non-commercial as a descriptor may be essential in the legal licenses associated with the Creative Commons licenses. Non-commercial may even be almost the right word but, as Mark Twain pointed out, the difference between the almost right word and the right word is really a large matter–it’s the difference between the lightning bug and the lightning.

So in seeking the right word, it may help to think about what we mean by non-commercial? We mean almost every word we say to our families, children, or lovers. We mean pillow talk, explaining to kids why the sky is blue, and that I would prefer not to live as a vegitable. We mean our scientific papers, our poems and our fair use of the song Happy Birthday. We mean blogging (others may see their blogs as commercial), asking a stranger directions, talking to our elected representatives, water cooler chatter, graffiti, and even all the unneeded words we say to a cashier in a checkout line.

It’s honest speech. It’s human speech. Let’s not demean it by asserting that commercial speech is the norm.

Ten Years Ago: Reminiscing about Zero-Knowledge

Posted on by

zks-logo.jpgTen years ago, I left Boston to go work at an exciting startup called Zero-Knowledge Systems. Zero-Knowledge was all about putting the consumer in control of their privacy. Even looking back, I have no regrets. I’m proud of what I was working towards during the internet bubble, and I know a lot of people who can’t say that.

We struggled with the tremendously hard problem of privacy. We did it for something bigger and more important than ordering your groceries online. We didn’t succeed at the first business plan, or the second, but we plugged away at it, listened to prospective customers and partners, and the company is still in business and going strong as RadialPoint.

We learned an awful lot. We learned that people are awfully passionate about privacy. Hundreds of thousands of people signed up to try our software. We had a guy who called support after buying a new computer to get privacy. I remember the woman who took his call telling me how sad she was she had to get off the phone and take other calls. And we learned that what we meant when we said privacy wasn’t what other people meant.

I think too much of today’s privacy debate is wrapped up in a similarly nebulous term, identity theft. It’s hard to address a problem that’s so vague. But that’s a post about today, not about ten years ago.

We hired a lot of great people who I knew. I met a lot of great people, too. Went to work with one of them, Dave Clauson at another startup, Reflective. Work with some of them again (Hi Christian! Hi Stefan!).

For me, the key lesson was to really drink deep of your prospective customer’s pain. To accept that they may have a label that you really understand better than them (“privacy”) and that it doesn’t matter. What matters is how they see it, and how they understand your solution. Zero-Knowledge made me skeptical of great technology as a problem solver, when the customer is asked to understand it or care. Your customers never care about your technology anymore. They care about what pain it solves.

I’d love to go back and tell myself ten years ago to love the customer better. There’s other lessons. I’d love to seized the day and some of its opportunities better. But in the end, that flight to Montreal put me on the path to where I am today.

So a huge thank you to all of our customers and prospective customers. Thank you to Ian for introducing me to Austin. Thank you, Austin and Hamnett for offering me the job. Thank you to all of my co-workers, employees and friends of the company.