Friday Bread Baking

bread

A few folks have asked, so here’s my general bread recipe in bakers percentages. In bakers percentages everything is based on a ratio compared to the weight of the flour. The formula for my bread is:

100% Whole wheat flour (I’m a geek, I grind my own)
72% Water (or whey)
2% Salt
1% Yeast

So if I’m using 1000 grams of flour, I need 720 grams of liquid, 20 grams of salt and 10 grams of yeast.

Mix everything together in a bowl. I highly recommend putting the liquid in first; it makes it much easier to do the mixing. Knead the dough until it is elastic and the window pane test works. Cover and let rise until the dough doubles in volume.

Degas the dough, cut and preshape into rough loaves. Be very gentle here. Let rise again. Degas and shape into loaves. Let rise one more time. Preheat oven to between 400 and 450^F (lower temperature for larger loaves) with a cast iron skillet or metal pie plate on the floor of the oven. When the loaves are doubled in volume place them in the oven then pour a 1/4 cup of water into the cast iron skillet. Bake until the interior temperature of the bread is 195F or sounds hollow when you thump the bottom. This will take between 20 and 45 minutes depending on how large your loaves are.

What the FBI Was Doing on Beethoven’s Birthday

monkey-cat.jpg

This is unfair, but I can’t resist. Nine days before we found out again that PETN is hard to detonate, the FBI was keeping us safe:

FBI FINALLY MAKES AN ARREST OVER ‘WOLVERINE’ LEAK

The FBI has announced the capture of an individual connected with the leak of 20th Century Fox’s “X-Men Origins: Wolverine.”

“Wolverine” has raked in nearly $375 million in worldwide gross since its release. How much money the leak cost Fox will never be settled for certain.

I’m glad we’re spending money on things to keep us safe.

Observations on the Christmas Bomber

Since there’s been so much discussion about the Chrismas Bomber, I want to avoid going over the same ground everyone else is. So as much as I can, I’m going to try to stick to lightly-treaded ground.

This is a failure for the terrorists. A big one. Think about it; put yourself on the other side of the chessboard and read this movie-plot description. Yemeni Al Qaeda has a newly-radicalized, rich engineering student who wants to strike a blow against the evilness of George Clooney and Vera Farmiga. Despite being ratted out by his father, the student gets a visa, likely because he’s “wealthy, quiet, unassuming.” Using the very clever tactic of getting on a plane in Africa and transferring onto an American flight, he has one of the most powerful high explosives known sewn into his pants. Before landing in MoTown, he — fails to detonate it. Think about that again. An engineering student from one of the best universities in the world fails to set off a bomb in his lap. Worse, he ended up with a fire in his pants, leading to many humiliating jokes.

Fail, fail, fail. Epic fail. Face-palm-worthy epic fail. Worse, the US is sending counter-terrorism folks to Yemen to help find the people who planned this epic failure. For them, this is just bad, and about as bad as it gets. Supposedly, recruit these guys with promises of a half-gross of virgins, not with burning their nuts off. Ridicule is one of the most powerful forces there is, and this is deserved.

On top of this, now that the would-be bomber has been captured, he is singing like the proverbial canary. So that means that the planners really should be looking for new places to stay, because even their allies will want to purge losers from their ranks, or at least not take the fall for them.

Yet, all is not lost for the forces of terrorism. The world’s security services have panicked and instituted to security procedures that will actually make it easier for the next person by setting up rules that everyone’s supposed to stay in their seats in the last hour of flight. But that’s pretty slim pickings for them. It’s not even as good as the one-last-shocker in the traditional horror film.

Defense-in-Depth Works. The major problem in fighting terrorism is that the fraction of figure to ground is between six and nine orders of magnitude. If you look at it as a signal processing issue, that’s -60 to -90 decibels of signal in noise.

Any detection system has to deal with false positives and false negatives. In the counter-terrorism biz, that means you have to deal with the inevitability that for every terrorist, you’ll be stopping tens if not hundreds of thousands of innocents. And remember as well, the times that the terrorist is not actually on a terror mission, they’re innocents.

So yeah, the guy was on a watch list. So are a million other people. (And yes, this is a reason why we need to trim the watch list, but that’s a different issue and has a different set of problems.) (And yes, yes, those million other people are only the US citizens on the list.) This still leaves the problem of what they’re supposed to do when some rich guy complains that his son has fallen in with the wrong crowd.

Here are some hard questions: Do we search every kid who pissed off a relative? Do we search everyone who ever went to Yemen? Damascus? How about people who change planes? Travel in carry-on? Have funny underwear?

The answer is that we can’t do that, and even if we do, we merely teach the bad guys how to adapt. The point of defense-in-depth is that you stack a series of defenses, each of which is only a partial solution and the constellation of them works, not any given one. Airport screening worked some — he didn’t get in a good detonator. Passenger resistance worked some — once there was a firecracker-like explosion and a fire, they saved the plane. Defense-in-depth in toto worked.

This is not the reason to disband DHS. This is not the reason to sack Napolitano. Note that I did not say that DHS shouldn’t be disbanded. Nor did I say that Napolitano shouldn’t be sacked, merely that if you’re looking for a reason, this isn’t it.

If we look at what happened and think about what we could do better, DHS isn’t involved. The visa issue is the one to examine and DHS doesn’t give out visas, State does.

My criticism of DHS is that they flinched. They’ve put up these brain-dead stupid policies that are going to annoy travelers and are as likely to make us less safe, not more safe. They should have said that the system worked and there will be no changes so have a happy new year and stay calm.

I am willing to cut them a bit of slack, but if they don’t change their tune to “Keep Calm and Carry On,” then there will be a reason to start demanding heads. Sending people to Yemen was the right response. No headphones on the plane is the wrong one.

If DHS and TSA want to give people reason to call for firings and disbandings, they should keep doing what they’re doing now, not then.

Life is Risk. Keep calm and carry on is good advice for the rest of us, too. The vast majority of us are more likely to be struck by lightning while being eaten by a shark than we are to be a victim of a terrorist. Nonetheless, there are bad, crazy people out there. Sooner or later, no matter what we do, somethings’s going to happen. A plane will go down, a ship will have a bomb on it, a train will be attacked, or something will happen.

The actual risk of terrorism is so low that most adaptations are worse than the threat. More people died in traffic accidents as a result of shunning airplanes after 9/11 than in the actual attacks. After those attacks, the best terrorist second punch would have been a simple suicide bomber in the airport security lines.

When we wring our hands because we think that risk should be zero, we’re part of the problem, too. Schneier is right: we need more investigation and counter-terrorism and less security. Kudos to CNN and Maddow for airing a bit of reason.

So we should all thank our lucky stars that PETN isn’t as easy to detonate as we’re told. We should thank the same stars for passenger resistance. And we should breathe a sigh of relief for an incident that was botched so badly it’ll make others think twice or three times or more. And while you’re at it, don’t play with sharks in a thunderstorm.

St. Cajetan’s Revenge

For some time, I’ve watched the War on Bottled Water with amusement. I don’t disagree with figuring out how to reduce waste, and so on and so forth, but the railing against bottled water per se struck me as not thought out very well.

The major reason for my thinking is that I never heard any of the venomous railing against water extending to any other drinks that come in bottles. To my mind, it seemed that a Coke, hey, that’s okay, but if you start with one and take out the sugar, the caffeine, the artificial flavors, and CO2 you end up with water. Coke okay, water evil.

Me, sometimes all I want is a cool drink of water. More often, I want something a little more. I’m very fond of those fizzy waters with a bit of essential oils in them, as well as iced tea. But I don’t want the sugar. I want an artificial sweetener even less, and often when faced with decisions, water is what’s available. When I’m traveling nearly anywhere, I think I’d rather have it in a bottle, thanks.

The prejudice against water comes from thinking that it’s just water. Rarely is there such a thing as just water. The only just water there is is distilled (or in a pinch deionized) water, and that is itself special because it is unusual for something to be just water.

And now, I can’t help but think, “Uh huh” as I read, “Millions in U.S. Drink Dirty Water, Records Show.”

The summary is that more than 20% of US water treatment systems have violated key provisions of the Safe Drinking Water Act over the last five years. The violations include sewage bacteria, known poisons and carcinogens, parasites, and so on. Mid-level EPA investigators say that the government has been interested in other things and just not enforcing things, and they don’t think change will happen.

Security isn’t just going after terrorists, it’s basic thing. Like water.

Vista Didn’t Fail Because of Security

Bruce Schneier points in his blog to an article in The Telegraph in which Steve Ballmer blames the failure of Vista on security. Every security person around should clear their throat loudly. Security is not what made Vista unpalatable.

Many people liked Vista. My tech reporter friends not only adored it, but flat couldn’t understand why people didn’t adore it. I have a number of other friends who adored it. In assessing Vista, this is important to keep in mind. Despite its bad rep, many people liked it. So why did many people not like it?

First, there were the gamers. Before Vista came out, Microsoft did a lot of marketing Vista to gamers. There were kiosks at gaming conventions and other places touting Vista as a gaming platform.

Unfortunately, it wasn’t. Reliable tests at the time said that Vista ran games about 20% slower than XP. Compounding this was that among the drivers that were dodgy when it first came out were video drivers. Many gamers felt that they had been sold a pig in the poke, and there was merit to this claim. Hardcore gamers are people who will spend money on bleeding-edge kit, and it was precisely this bleeding-edge kit that didn’t work well at first. And whatever it was that made games run slower (even if it was security features), that’s not the point. Microsoft’s statements to the gamers was that their gaming experience would be better on Vista, and it was worse. Once the 4chan crowd starts making memes about suckage, you’re behind the eight-ball.

Second, there were the cheapies. Many machines were marked as Vista-capable that either weren’t, or could only run the basics of Vista and not the fancy new stuff. There is an aphorism that Intel giveth and Microsoft taketh away. The problem is that most of the PC makers will try to sell you the cheapest possible computer, and these cheapest possible computers just didn’t have enough oomph to do Aero and the cool features in Vista. Microsoft took more than Intel gave and the customers felt they’d been sold a pig the poke. There were even lawsuits over this, and it added to Vista’s bad rep.

Third, there were the people on laptops. For whatever reasons, when Vista first came out, it was slow on laptops. One of my co-workers bought a ThinkPad to run Vista on for testing alongside her existing XP laptop, and it was much slower than the XP laptop running side-by-side.

I will add another personal anecdote. My brother-in-law bought my sister a brand-new Vista laptop. It ran slower than his older XP laptop. It was so bad that he would turn the screen of his XP laptop away so that she wouldn’t see him running XP and mentally compare it to her new laptop.

On the other hand, to repeat, the people who had high-end machines but not bleeding-edge machines adored Vista. If you had lots of memory, a not-quite-bleeding-edge video card, and a fast processor, Vista was great from the getgo.

However, this was not the buying trend of most PC makers. Their trend was to push people to ever-cheaper machines. Sadly, at the time Vista came out as well, all but the most expensive laptops were dodgy for Vista in all its glory.

This is a matter of zigging when you should have zagged, for the most part. But there were two other trends that caught Microsoft by surprise.

The first trend was virtualization. Vista was virtualization-surly. One of its cool features that’s great if you’re on a high-end computer is that it did a lot of pre-caching and pre-loading. Most people with lots of memory on a computer just don’t use that memory, and Vista had ways to use it to make the experience snappier. If you’re on a VM, this is precisely what you don’t want. In an ironically saving grace, though, Vista had a virtualization-surly license, as well. Only the most expensive Vista package was licensed for VMs, which was just as well given that it was optimized for big tower computers in a way that it was pessimized for VMs.

The second trend was netbooks. Intel gave not in the form of faster CPUs, but lighter, smaller, cheaper, less power-hungry CPUs in the Atom. The Atom, however, didn’t have the oomph for Vista, and this meant it had to run XP, which further tarnished Vista’s rep.

All of this together — bad performance among gamers, bad performance on cheap computers and laptops, combined with the trends towards virtualization and netbooks were what gave Vista a bad rep. The people who bought a computer that was a high-end desktop but not a gaming machine loved Vista (and love it to this day). Unfortunately, this demographic is precisely the demographic that also tends to buy Macs. Vista’s problems were all from zigging when you should have zagged.

Some of Vista’s problems can be laid at the feet of “security” (which I intentionally put in scare quotes. UAC was rightly ridiculed for excessive dialogs, but is that a security failure or a UI failure? Yes, kernel improvements delayed getting drivers out (which is one of the things that made the gaming experience suboptimal) and some other bumps. But those were compounded by marketing that went opposite of reality. If the Vista marketing had said, “Hey, it’s going to be a bit slow, and there will be some rough edges. But you’ll really like how we’re sticking it to virus writers” then there may have been a different perception. It is also not fair to blame counter-factual marketing on security.

The bottom line is this. Vista was great for some people. It was bad for others. But the marketing said it was going to be great for everyone. Good marketing that took Vista’s plusses and minuses as facts could have made things better. It was bad timing that Vista came out when the prevailing trend of every-faster computers everywhere started to change. Facing that could have made the difference.

None of that has anything to do with security.

Today’s Privacy Loss – English Soldiers’ Details Published

Demonstrating that no one’s data is safe, the names, pay records, and other personal information of 90,000 English soldiers was placed on the Internet. These soldiers, who served with king Henry V at Agincourt now have their information listed at www.medievalsoldier.org, exposing them to the chance of identity theft after nearly 500 years. They soldiers served from the years 1369-1453. There is no word as to whether they will get credit card protection yet.

Color on Chrome OS

New things resemble old things at first. Moreover, people interpret new things in terms of old things. Such it is with the new Google Chrome OS. Very little I’ve seen on it seems to understand it.

The main stream of commentary is comparisons to Windows and how this means that Google is in the OS business, and so on. This is also the stream that gets it the most wrong.

It’s just another Linux distribution, guys. It’s not like this is a new OS. It’s new packaging of existing software, with very little or even no new software. I have about ten smart friends who could do this in their sleep. Admittedly, a handful of those are actually working on the Chrome OS, so that somewhat weakens my comment. Nonetheless, you probably know someone who could do it, is doing it, or you’re one of the people who could do it.

Moreover, Chrome OS isn’t an OS in the way you think about it. Google isn’t going to provide any feature on Chrome OS that they aren’t going to provide on Windows, Mac OS, Ubuntu, Android, Windows Mobile, iPhone, Palm Pre, Blackberry, and so on.

Consider the differences between the business model of Microsoft and that of Google. Microsoft believes that it should be the only software company there is. Its actual historic mission statement says that its mission is to push its software everywhere. Its mission does not include “to the exclusion of everyone else,” it merely often acts that way. Google’s mission is to have you use its services that provide information.

To phrase this another way, Microsoft gets paid when you buy Windows or Office or an Xbox, etc. Their being paid does not require that you not run Mac OS, or Lotus, or PlayStation, but that helps. Google gets paid when you click on certain links. It doesn’t matter how you clicked on that link, all that matters is that you click. Google facilitates that clicking through its information business facilitated its software and services, but it’s those clicks that get them paid.

The key difference is this: Microsoft is helped by narrowing your choices, and Google is helped by broadening them. It doesn’t help Microsoft for you to do a mashup that includes their software as that means less Microsoft Everywhere, but it helps Google if you include a map in your mashup as there’s a chance a paid link will get clicked (no matter how small, the chance is zero if you don’t).

I don’t know whether it’s cause or effect but Microsoft really can’t stand to see someone else be successful. It’s a zero-ish sum company in product and outlook. Someone else’s success vaguely means that they’re doing something non-Microsoft. Google, in contrast, is helped by other people doing stuff, so long as they use Google’s services too.

If I shop for a new camera, for example, the odds are that Google will profit even if I buy it on eBay and pay for it with PayPal. Or if I buy it from B&H, Amazon, etc. So long as I am using Google to gather information, Google makes money.

Let me give another more pointed example. Suppose you want to get a new smartphone. Apple wins only if I get an iPhone. RIM wins when I get a BlackBerry. Palm wins if I get a Pre or a Treo. Nokia wins a little if I get any Symbian phone (most of which are Nokias, but a few aren’t). Microsoft wins if I get any Windows Mobile phone, of which there are many. But Google wins not only if I get an Android phone, but also if I get an iPhone (because the built-in Maps application uses Google), or if I install Google Maps on anything. One could even argue that it wins more if I get a non-Android phone and use their apps, because the margins are higher on the income.

This openness as a business model is why Microsoft created Bing. Partially it is because Microsoft can’t stand to see Google be successful, but also because Microsoft envies the way Google can win even when it loses, and who wouldn’t?

Interestingly, Bing is pretty good, too. One can complain, but one can always complain. Credible people give higher marks to Bing than Google, even. This puts Microsoft in the interesting position of being where Apple traditionally is with them. They’re going to learn that you can’t take customers from someone else just by being better.

But this is the whole reason for Chrome OS. Chrome OS isn’t going to make any money for Google. But it does let Google shoot at Microsoft where they live. When (not if, when) Chrome OS is an option on netbooks, it will cost Microsoft. Either directly, because someone picks Chrome OS over Windows, or indirectly because Microsoft is going to have to compete with free. The netbook manufacturers are going to be only too happy to use Chrome as a club against Microsoft to get better pricing on Windows. The winners on that are not going to be Google, it’s going to be the people who make and buy netbooks, especially the ones who get Windows. The existence of Chrome OS will save money for the people who buy Windows.

That’s gotta hurt, if you’re Microsoft.

This is the way to look at Chrome OS. It’s Google’s statement that if Microsoft treads into Google’s yard, Google will tread back, and will do so in a way that does not so much help Google, but hurts Microsoft. It is a counterattack against Microsoft’s core business model that is also a judo move; it uses the weight of Microsoft against it. As Microsoft moves to compete against Google’s services by making a cloud version of Office, Google moves to cut at the base. When (not if) there are customers who use Microsoft apps on Google’s OS, Microsoft is cut twice by the very forces that make Google win when you use a Google service on Windows.

(Also, if you’re Microsoft you could argue that Google has been stepping on their toes with Google Docs, GMail, etc.)

Someday someone’s going to give Ballmer an aneurysm, and it might be Chrome.

Kindle Brouhaha Isn’t About DRM

In case you haven’t heard about it, there is a brouhaha about Amazon un-selling copies of two Orwell books, 1984 and Animal Farm. There has been much hand-wringing, particularly since it’s deliciously amusing that that it’s Orwell.

The root cause of the issue is that the version of the Orwell novels available on the Kindle weren’t authorized editions. When contacted by the owners of Orwell’s copyrights, they deleted the books and refunded customers’ money.

All things considered, Amazon did something approximating a right thing in this matter. They didn’t have the right to sell the novels, and so they pulled the novels from the store and customers, and gave the customers a refund. About the only thing they could have done righter was to give something to the people who thought they had the books. The best thing to give them would have been authorized copies of the books, but store credit would be nice, too.

You can find a New York Times article on it, as well as a CNET article, as well as a Tech Dirt article that brings up the very good point that deleting the books was very likely against the Kindle terms of service, which is why Amazon likely should offer those people something.

Among all the handwringing, there are a number of stupid people — or perhaps people who should just know better — who somehow mutter dark things about how this serves people right for getting a device that has DRM in it. (As if they’ve never owned a DVD.)

Some of these people who should know better might think that I’m somehow in favor of DRM, so let me say that I am not. I am against DRM. I am also against nuclear war, swine flu, totalitarian governments, and bad service in restaurants. I’m also against one or two other things. None of them had anything to do with this little contretemps.

The issue is caused not by DRM, but by cloud computing. The problem is that Amazon has a cloud service in which Kindle customers can keep their e-books on Amazon’s shelf, and shuffle them around to any Kindle-enable device they have (like a Kindle proper, or an iPhone running the Kindle app). Customers can even delete a book from their Kindle and get it back from the cloud at a later date.

The event is that Amazon removed the book from the cloud, not that it had DRM in it. If you are concerned by this, you should be concerned by the cloud service. The cloud service enabled Amazon to respond to a legal challenge by removing customers’ data from the cloud. They didn’t need DRM to do it. In contrast, if iTunes store or the Sony e-book store had improperly sold a book, they wouldn’t be able to revoke it because they don’t have a cloud service as part of the store. (eMusic, incidentally, regularly adds and removes music from their store with the waxing and waning of desire to sell it.)

This is why we need to look at it for what it is, a failure in a business model and in the cloud service. Interestingly, the newly-formed Cloud Security Alliance predicts similar issues in which outside parties cause a cloud provider to shaft its customers. Not bad.

Their prescience is a bit limited because the proposed solution to this problem is to encrypt the cloud data with some fancy key management. That wouldn’t work here for the same reason that DRM isn’t an issue. If I know you have a resource, it doesn’t matter if magic fairies protect it, if I can delete it. It’s still good advice, it just wouldn’t have worked here.

What’s needed is some sort of legal protection for the customers, not technical protection. There are many potential warts here. If the owners of Orwell’s copyrights do not desire any ebooks of his works, it’s hard for Amazon to go buy legal copies for their customers (which would have been the most right thing to do). And it’s hard to argue that the seller shouldn’t do everything in their power to undo a sale they shouldn’t have made.

The correct way to deal with this is through some sort of contract arrangement to protect the customer. (The Cloud Security Alliance is prescient on this, as well.) That contract should be the Terms Of Service between the cloud provider and its customers. As TechDirt pointed out, this was likely a breach of Amazon’s TOS. They’re not supposed to delete books. They said they wouldn’t. Because of this, they owe something to their customers who were on the losing end of this breach of contract beyond the refund. I think ten bucks store credit is fine, myself.

They really need to do something, however, because without doing something, then someday someone will violate their TOS with Amazon and defend it with this breach of the TOS.

However, if you want to cluck your tongue, it should not be about buying goods with DRM, it should be about goods stored in the cloud. Everyone who offers cloud services ought to be clarifying now what they will do to protect their customers against lawsuits from outside parties. It can be crypto or contracts, it doesn’t matter, it just needs to work. This may be the first major cloud-based customer service failure, but it won’t be the last.