[Recent Entries][Archive][Friends][User Info]
Below are the 34 most recent friends journal entries:
Mission Impossible 4|
So, I have no great love for the Mission Impossible movies: #1 was bad, #2 was a Hitchcock ripoff that sapped my desire to watch any more. But I caught up on Netflix with MI3 (not too bad as an action movie) and MI: Ghost Protocol. Let's discuss the latter, directed by Brad Bird.
The joy of Mission Impossible is that the team gets to plan ahead and be clever; even when it looks like something goes wrong, it's usually just part of the plan. Even better, they usually vanish without a trace. Ethan Hunt, on the other hand, belongs to an agency that likes shooting things.
MI4 abandons all pretense that there will be anything clever starting from the initial jailbreak, from then on the dictates of Plot ensure that our team doesn't have any time to come up with a decent plan, and need to engage in death-defying heroics instead. While there is a generous dose of attempted humorous quips, mainly this involves lots of chase scenes and heights. The moral of the story, I guess, is not to hire a good director and then give him Tom Cruise.
(Also: giant levitation magnet inside a data center. Good thing they went all-flash.)
Other non-recommended uses for your vagina|
Ladies, do not place drug paraphernalia in your vagina: "As if you need another reason not to hide a glass meth pipe in a body cavity, a North Dakota woman was discovered bleeding from her vagina Monday after she rear-ended a car on a Fargo roadway, police report."
Maybe she should have this person knit her a crack pipe cozy, for padding.
NSA Spying on Online Gaming Worlds|
The NSA is spying on chats in World of Warcraft and other games. There's lots of information -- and a good source document. While it's fun to joke about the NSA and elves and dwarves from World of Warcraft, this kind of surveillance makes perfect sense. If, as Dan Geer has pointed out, your assigned mission is to ensure that something never happens, the only way you can be sure that something never happens is to know everything that does happen. Which puts you in the impossible position of having to eavesdrop on every possible communications channel, including online gaming worlds.
One bit (on page 2) jumped out at me:
The NMDC engaged SNORT, an open source packet-sniffing software, which runs on all FORNSAT survey packet data, to filter out WoW packets. GCHQ provided several WoW protocol parsing scripts to process the traffic and produce Warcraft metadata from all NMDC FORNSAT survey.
NMDC is the New Mission Development Center, and FORNSAT stands for Foreign Satellite Collection. MHS, which also appears in the source document, stands for -- I think -- Menwith Hill Station, a satellite eavesdropping location in the UK.
Since the Snowden documents first started being released, I have been saying that while the US has a bigger intelligence budget than the rest of the world's countries combined, agencies like the NSA are not made of magic. They're constrained by the laws of mathematics, physics, and economics -- just like everyone else. Here's an example. The NSA is using Snort -- an open source product that anyone can download and use -- because that's a more cost-effective tool than anything they can develop in-house.
CA: I am back from a long road trip. The house is frigid (of course, it was cold in PHX and LV as well). I am starting to think I am not 100% polar bear. The head cold I brought back from the bridge tournament is not helping.
So for the first time since moving into the Redwood City townhouse, I have turned on the thermostats. They both need programming, ok. Both of them (two different models) do not seem to understand that for some people "sleep" time begins after midnight. Grr.
LV: I'm doing a refi and the appraisal came in above what I paid for the house back in 2009! Hooray, I am lifetime positive for Las Vegas house buying!
This is the best explanation of the Bitcoin protocol that I have read.
Puzzle o' the Day 357!|
Several recent PotDs have gone unanswered, sadly. But we soldier on! Here's a cute and straightforward puzzle to get us back on track. Enjoy!
Tom the Typist is trying to type the pangram* "amazingly few discotheques provide jukeboxes". His roommate Landau, however, has randomly rewired the 26 letters of his keyboard. Typing a letter key will still produce a unique letter, but, unsurprisingly, Tom's attempt to type the sentence yields a pangram of gibberish. Undeterred, Tom types in that gibberish, which leads to new gibberish. He types in the new gibberish, types in the gibberish that results, and so on, until he -- finally! -- succeeds in producing the correct sentence on the screen.
a. (The puzzle; medium-easy). What's the maximum number of attempts Tom will need? Do you think it's in the millions? The billions?
b. (Follow-up; medium-easy). What's the probability that Tom will need that maximum number of attempts?
*A pangram is a letter string that contains all twenty-six letters of the alphabet.
Open Interview with Scott|
http://dilbert.com/blog/entry/991/Next week (Dec 16 - 20) I'll be doing interviews on Skype and phone about my new book (How to Fail almost Every time and Still Win Big...).
But I'm adding a twist to the process, just to see what happens.
I'll do the interviews in the priority order of biggest reach. So if no one but a high school newspaper asks for an interview, I'll do it. For next week only, no media outlet is too small. I'll do as many as I can fit into my schedule.
If you're interested in talking to me next week (or sooner), just email me at email@example.com and tell me roughly how big your audience reach is. Send me your Skype ID and/or phone number. I'll either call you when I have a minute or email to arrange a time.
You don't even need to be a professional writer. You just need a way to distribute the interview within your company or organization.
My guess is that I'll end up talking to just about everyone who asks. I don't have an assistant answering my email. I'll read everything that comes in, but I might not be able to respond to all of it.
Perhaps I'll be speaking with you soon. This should be fun.
Friday Squid Blogging: Hoax Squid-Like Creature|
The weird squid-like creature floating around Bristol Harbour is a hoax.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Bruce Schneier Facts T-Shirts|
0-Day Clothing has taken 25 Bruce Schneier Facts and turned them into T-shirts just in time for Christmas.
New Book: Carry On|
I have a new book. It's Carry On: Sound Advice from Schneier on Security, and it's my second collection of essays. This book covers my writings from March 2008 to June 2013. (My first collection of essays, Schneier on Security, covered my writings from April 2002 to February 2008.)
There's nothing in this book that hasn't been published before, and nothing you can't get free off my website. But if you're looking for my recent writings in a convenient-to-carry hardcover-book format, this is the book for you.
I'm also happy with the cover.
The Kindle and Nook versions are available now, and they're 50% off for some limited amount of time.
Unfortunately, the paper book isn't due in stores -- either online or brick-and-mortar -- until 12/27, which makes it a pretty lousy Christmas gift, though Amazon and B&N both claim it'll be in stock there on December 16. And if you don't mind waiting until after the new year, I will sell you a signed copy of the book here.
Suggestions for a title of my third collection of essays, to be published in five-ish years, are appreciated.
Puzzle o' the Day 356!|
This one illustrates a classic result from biology and demographics. It also makes for a pretty neat puzzle!
The Probabilistic Amoebas from PotD 275! are back. And they've mutated! Each day, a Probabilistic Amoeba will split into a certain number of copies, with its behavior based on its idiosyncratic probability distribution.
a. (Warm-ups; mixed).
a.i. A certain breed of Probabilistic Amoeba will split into three with probability 1/4, and die otherwise. Given that it starts with one individual, what's the probability that the breed will eventually go extinct? Hint in white: What's the expected number of Amoebas in generation d? Can you use the inequality located here?
a.ii. Another breed will split into two with probability 2/3, and die otherwise. Given that it starts with one individual, what's the probability that the breed will eventually go extinct?
b. (The puzzle; medium without hints, easier with). Generalize! Consider a breed of Probabilistic Amoeba which produces n offspring on a given day with probability p_n, where n runs from 0 to infinity, and where the sum of the p_n is, of course, 1. How can you calculate d, the probability that the breed will eventually go extinct? Can you give conditions, based on the p_n, when d = 1?
Hint (in white): Let d_n be the probability that the breed goes extinct by generation n. Clearly 0 = d_0 <= d_1 <= d_2 <= . . . <= 1. Since the d_n are monotonic and bounded above, they must converge to their limit, which must be d. Also, let g(x) be the probability generating function for the Amoeba; i.e., g(x) = p_0 + p_1 x + p_2 x^2 + p_3 x^3 + . . .. These will be useful concepts.
Hint (in white): Find a way to write d_n as a function of d_(n-1), using the probability generating function. If one Amoeba will go extinct in n-1 generations with probability d_(n-1), what's the probability that two Amoebas will go extinct during the same time?
Hint (in white): It's pretty easy now if you got this far. The value of d must be where the graph of g(x) intersects a certain line (which line?). They will always intersect at x=1. Note that since g(x) is increasing and convex-up (since both g'(x) and g''(x) are always nonnegative), there is at most one other intersection point; if there is, it corresponds to d (why?). What conditions determine whether there's another intersection point?
Telepathwords: A New Password Strength Estimator|
Telepathwords is a pretty clever research project that tries to evaluate password strength. It's different from normal strength meters, and I think better.
Telepathwords tries to predict the next character of your passwords by using knowledge of:
- common passwords, such as those made public as a result of security breaches
- common phrases, such as those that appear frequently on web pages or in common search queries
- common password-selection behaviors, such as the use of sequences of adjacent keys
Password-strength evaluators have generally been pretty poor, regularly assessing weak passwords as strong (and vice versa). I like seeing new research in this area.
Here's a new biometric I know nothing about:
The wristband relies on authenticating identity by matching the overall shape of the user's heartwave (captured via an electrocardiogram sensor). Unlike other biotech authentication methods -- like fingerprint scanning and iris-/facial-recognition tech -- the system doesn't require the user to authenticate every time they want to unlock something. Because it's a wearable device, the system sustains authentication so long as the wearer keeps the wristband on.
http://dilbert.com/blog/entry/990/ I've been designing in my mind what I call a pitch-in kitchen. It's a kitchen designed for multiple helpers to pitch in. The kitchen might be used for servicing large parties, or to efficiently feed the homeless, or to simplify food preparation for a collective of neighbors. Today I'm focusing on the design, not the ultimate use of it.
The idea is to make the kitchen so user-friendly that a stranger could walk in and know where everything is and how it works. Perhaps there are tablet computers at each food prep area of a central island that gives instructions for tasks that are auto-assigned to people from a master menu. Anyone can walk in and tap the tablet's "what's next" button and immediately see instructions for washing and prepping the carrots, for example, complete with a picture showing the quantity needed and how they should be sliced. The software would be in charge of sequencing the steps as each volunteer checks in. If a volunteer doesn't feel comfortable with a step that is assigned, he can choose another.
I imagine the plates and cookware are color-coded so anyone can tell which cupboard or drawer holds what. If you can't find a ladle, type its name into the search box on the tablet computer to see a map of the kitchen with an arrow to the correct drawer.
People enjoy helping in the kitchen as long as they know where everything is. Most adults like the feeling of being useful. And food prep can be fun if you get the right group together. The trick is to automate the thinking and planning part of the meal prepping and let the humans do the mindless chopping, stirring, washing, sautéing and other tasks.
The meal organizer would start off by choosing a recipe online. Then the organizer would enter the number of diners to size the ingredients and click one button to order it all for delivery at a set date and time. Another piece of software would send out email invitations for kitchen helpers from the list of your party-invitees or volunteers. As people reply for various kitchen roles, from prepping to cooking to clean-up, the software keeps track and reduces the available openings on the fly. The software then sends out a schedule to each helper telling them exactly when in the process their contributions are needed. Perhaps each helper has a companion app for their phone that buzzes them when it is time for their step. You might be chatting with other party-goers until your phone says, "Time to wash the broccoli."
On a smaller scale, I designed my current kitchen for pitching in. For example, I didn't put the garbage receptacle below the sink because someone is often standing in the way when you want access to it. And I recently added a block of cutting knives on top of the counter because "Where do you keep the knives?" is the first question every kitchen helper always asks. I also plan to standardize the Tupperware-like containers so they all have the same lid no matter their depth.
Had I been cleverer, I would have added a garbage bag storage area inside the garbage/recycling pull-out drawer so any helper could see where the replacement bags are when they help take out the trash.
My favorite kitchen-nerd innovation is the kitchen cart. It's a wheeled metal cart that is tucked under a counter until needed to help clear dishes after a meal. Just wheel the cart around and load the dirty dishes and glasses from every nook and corner of the house after a party. If I had been smarter with the cart idea, it would include an attached garbage bucket so I could scrape food into it as I do the pick-up.
Do you have any kitchen efficiency ideas to add?
The Problem with EULAs|
Some apps are being distributed with secret Bitcoin-mining software embedded in them. Coins found are sent back to the app owners, of course.
And to make it legal, it's part of the end-user license agreement (EULA):
COMPUTER CALCULATIONS, SECURITY: as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security. Any rewards or fees collected by WBT or our affiliates are the sole property of WBT and our affiliates.
This is a great example of why EULAs are bad. The stunt that resulted in 7,500 people giving Gamestation.co.uk their immortal souls a few years ago was funny, but hijacking users' computers for profit is actually bad.
Evading Airport Security|
The news is reporting about Evan Booth, who builds weaponry out of items you can buy after airport security. It's clever stuff.
It's not new, though. People have been explaining how to evade airport security for years.
Back in 2006, I -- and others -- explained how to print your own boarding pass and evade the photo-ID check, a trick that still seems to work. In 2008, I demonstrated carrying two large bottles of liquid through airport security. Here's a paper about stabbing people with stuff you can take through airport security. And here's a German video of someone building a bomb out of components he snuck through a full-body scanner. There's lots more if you start poking around the Internet.
So, what's the moral here? It's not like the terrorists don't know about these tricks. They're no surprise to the TSA, either. If airport security is so porous, why aren't there more terrorist attacks? Why aren't the terrorists using these, and other, techniques to attack planes every month?
I think the answer is simple: airplane terrorism isn't a big risk. There are very few actual terrorists, and plots are much more difficult to execute than the tactics of the attack itself. It's the same reason why I don't care very much about the various TSA mistakes that are regularly reported.
http://dilbert.com/blog/entry/989/Let me know if I missed it, but I saw no comments to my post yesterday in which anyone was willing to take a side in a debate that allegedly represents 49% of America.
I realize this blog readership skews toward skeptics and science lovers. But still, not one person is willing to make a rational case against doctor-assisted suicide?
That is exactly what I predicted.
The 49% poll number was never real. No rational person prefers the government having veto power over the end-of-life decisions that they, their family, and their doctors prefer. And the irrational people don't want me shining a light on their argument.
This reminds me of the conspiracy theory that says gay activists exaggerated the risk of AIDS to the heterosexual community because it was the best way to get funding. I have no opinion on the validity of that conspiracy theory beyond the fact that it activated my pattern recognition for the doctor-assisted suicide topic. It looks as though a tiny percentage of the public (a subset of creationists perhaps) has been using misleading poll results to make it seem as though support for their position is strong when in fact it is nearly non-existent.
I'm still willing to say I'm wrong about the polls being bogus. But it seems mighty strange that 49% of the American public are suddenly hiding.
I submit that the traditional media is missing a big story here on the misleading nature of those polls.
My book's sales rank has dropped since I started hammering on this topic, so I will take that as my guide to back off and let the 1% of the public who are on the other side have their victory.
I will also take this opportunity to apologize to anyone who felt threatened by my choice of words on this topic.
Keeping Track of All the Snowden Documents|
As more and more media outlets from all over the world continue to report on the Snowden documents, it's harder and harder to keep track of what has been released. The EFF, ACLU, and Cryptome are all trying.
None of them is complete, I believe. Please post additions in the comments, and I will do my best to feed the information back to the compilers.
EDITED TO ADD (12/4): Here's another compilation. And this mind map of the NSA leaks is very comprehensive.
EDITED TO ADD (12/5): Wikipedia also has an exhaustive list.
Puzzle o' the Day 355!|
This one would make a terrific casino game, I think, if you added some bells and whistles. Maybe I should go into inventing casino games.
The player bets n units, where n ranges from 1 to 20; the casino bets n-1 units. On an electronic display, n fair coins are flipped for the player, and n-1 for the casino; if the player gets more heads, he wins the casino's n-1 units, while if the casino gets at least as many heads, it wins the player's n units. Note that the casino wins on ties, because of course it does.
a. (Medium-easy). Who has the advantage in this game? You can answer this without writing down a single number!
Hint (in white): What's the probability of the player getting more heads than the casino? It's very easy to come by if you look at it the right way.
b. (Easy with the above hint). For a given n, how much is the advantage in this game?
The TQP Patent|
One of the things I do is expert witness work in patent litigations. Often, it's defending companies against patent trolls. One of the patents I have worked on for several defendants is owned by a company called TQP Development. The patent owner claims that it covers SSL and RC4, which it does not. The patent owner claims that the patent is novel, which it is not. Despite this, TQP has managed to make $45 million off the patent, almost entirely as a result of private settlements. One company, Newegg, fought and lost -- although they're planning to appeal. The story is here.
There is legislation pending in the U.S. to help stop patent trolls. Help support it.
http://dilbert.com/blog/entry/988/ I'll start with a question.
If you, your doctors, and your family all agree on an end-of-life healthcare strategy to minimize your suffering, should the government be allowed to veto your choice?
Before you answer, keep in mind that the government's veto might devastate your family's psychological and economic health. Who is onboard with letting the government make those decisions over the wishes of you, your family, and your doctor?
I ask because I've never met anyone who would prefer the government to have veto control over their own healthcare decisions. That's why I think the debate over doctor-assisted suicide is a fake debate.
My hypothesis is that the alleged 49% of the country opposed to doctor-assisted suicide is more like 1% nut jobs and 48% people who got tricked by a poll question that was some form of "Should the government allow your doctor to kill you if it seems convenient?"
But I try to be open-minded. I really do. Can anyone point me to a rational person who would answer yes to the government having veto power over your end-of-life wishes, your doctor's advice, and your family's preferences?
It's no fair rewording my question into something you DO object to. I'm looking for someone willing to say proudly and loudly that the government should make their end-of-life decisions for them over their own wishes, the advice of doctors, and the wishes of their family. Any takers?
I submit that that person does not exist. If I am wrong, I'd like to debate you right here. Please show yourself. Maybe I'll learn something.
In the unlikely event such a person exists, and cannot be swayed with simple information such as the success stories of similar systems elsewhere, that brings us to the second topic on my list.
It turns out that having an outspoken opinion about anything important in this world is very bad for business. The folks who disagree with you on any sensitive topic will use it as a reason to take their business elsewhere.
That leaves no one but the nut jobs to dominate the debate. Sane people stay out of the line of fire.
Now here's the interesting part: I just became an orphan.
Living parents are a huge limiting force on a writer. I was always worried about embarrassing them. They trained me to be that way. I'm now freed from that restriction. (The rest of the family wouldn't much care.)
My remaining reason to self-censor is purely economic. In my unique case, 100% of the money I earn for the rest of my life will be spent for the benefit of others. I already have enough for my own needs. The main reason I keep working is because I am in a rare position to make an oversized contribution to the economy, and perhaps add value in other ways. Apparently I am genetically inclined to find that prospect satisfying if not necessary. I don't want my valuable business engine to clog up just because I was outspoken on an emotional topic. That wouldn't be fair to a lot of people in the value chain who were minding their own business.
So I'm going to offer you (the public) an arrangement. If my new book, How to Fail at Almost Everything..." hits #1 on the NYT non-fiction list I will be freed of my last remaining reason to self-censor. And I will drive a stake through the government's heart on this doctor-assisted suicide topic.
You haven't seen me uncensored. You might enjoy the show.
I'll even sweeten the deal. I guarantee that you know someone who would benefit from the book. That person might be you, or it might be someone in your life who is making suboptimal career and lifestyle decisions and doesn't want your advice. The book is designed like one of those soft dog treats inside of which you hide the dog's medicine. The reader won't even see the useful stuff coming.
If you're counting, that's three potential benefits from one book: The book might help you personally, or at least entertain you. It might help someone you care about (after you read it first, of course). And it might free me to jackhammer some rational thought into the end-of-life debate.
Or you could just buy clothes for everyone on your shopping list. Clothes are fun too.
How to Fail at Almost Everything and Still Win Big: Kind of the Story of My Life.
How Antivirus Companies Handle State-Sponsored Malware|
Since we learned that the NSA has surreptitiously weakened Internet security so it could more easily eavesdrop, we've been wondering if it's done anything to antivirus products. Given that it engages in offensive cyberattacks -- and launches cyberweapons like Stuxnet and Flame -- it's reasonable to assume that it's asked antivirus companies to ignore its malware. (We know that antivirus companies have previously done this for corporate malware.)
My guess is that the NSA has not done this, nor has any other government intelligence or law enforcement agency. My reasoning is that antivirus is a very international industry, and while a government might get its own companies to play along, it would not be able to influence international companies. So while the NSA could certainly pressure McAfee or Symantec -- both Silicon Valley companies -- to ignore NSA malware, it could not similarly pressure Kaspersky Labs (Russian), F-Secure (Finnish), or AVAST (Czech). And the governments of Russia, Finland, and the Czech Republic will have comparable problems.
Even so, I joined a group of security experts to ask antivirus companies explicitly if they were ignoring malware at the behest of a government. Understanding that the companies could certainly lie, this is the response so far: no one has admitted to doing so.
Up until this moment, only a handful of the vendors have replied ESET, F-Secure, Norman Shark, Kaspersky, Panda and Trend Micro. All of the responding companies have confirmed the detection of state sponsored malware, e.g. R2D2 and FinFisher. Furthermore, they claim they have never received a request to not detect malware. And if they were asked by any government to do so in the future, they said they would not comply. All the aforementioned companies believe there is no such thing as harmless malware.
A year or two ago I decided to try to make a list of all of the theatre that I've seen in London. I combed my records, as well as lists of shows produced by various west end theatres. At present count I'm up to 49, but I can't actually swear that this list is accurate. I probably missed something that I've seen, or included something that I think I saw but actually didn't. There are a few regrettable and forgettable shows on the list, things like Fame, Witches of Eastwick, Loserville, and god help me Love Never Dies which I saw primarily for the trainwreck aspects, but also to put a checkmark on it. There are also some underrated ones like The Beautiful Game. In all honesty, I left Bog of Cats at intermission because it was slow and done in a barely-understandable brogue, and I was falling asleep.
Also, I was looking at lists of west end theatres last night trying to figure out which ones I'd been to and how many times. There was one that seemed like I should have been there, and I couldn't figure out why. "Oh, right. It's been running the Lion King for 15 years, and I've never been that desperate."
All That Fall
Eat, Pray, Laugh, the Barry Humphries Farewell Tour
Bog of Cats (the Holly Hunter Irish thing)
Cat on a Hot Tin Roof
Complete Works of William Shakespeare, Abridged
Crazy For You
Driving Miss Daisy
Glorious (Florence Foster Jenkins show)
Guys and Dolls
In The Next Room (The Vibrator Play)
Jerry Springer the Opera
Love Never Dies
Priscilla Queen of the Desert
Resistable Rise of of Arturo Ui
Rocky Horror Show
Saturday Night Fever
Streetcar Named Desire
Swimming With Sharks
Tell Me On a Sunday
Waiting For Godot
We Will Rock You
Whistle Down the Wind
Witches of Eastwick
Woman In White
Tags: london, theatre
Elementary blows it on the final leg|
Finished watching the first season of Elementary. I wish I'd stopped watching with the next-to-last DVD. The finale makes all the other crimes look stupider in retrospect.
( spoileryCollapse )
Nick Saban in the locker room after the game|
"You mean you can run back a missed field goal?? Who knew?"
Amazing hubris to try a field goal from 57 yards with a guy who has already missed three in the game, who can't even kick it that far, and then top it off by not telling his team if the kick is missed be sure to cover the runback.
via omgblog, a woman who knits with yarn from the inside of her vagina as performance art:
"When I'm menstruating it makes knitting a hell of a lot harder, because the wool is wet so you have to yank at it."
In the video description, "this is a period piece." I see what they did there...
Tags: knitting, wtf
Court Dress and Diplomatic Uniforms|
One of the things I love about reading the Economist is little historical tidbits that get brought to my attention. For example, a few weeks ago I learned about the British Honors Forfeiture Committee. And, of course, Wikipedia also has a category for persons stripped of their honors.
Today's gem is that in 1853, the United States asked its diplomats not to wear court dress any longer. Wikipedia's explanation is a bit more involved:
...In 1853, Secretary of State William L. Marcy issued a circular recommending that U.S. diplomats wear “the simple dress of an American citizen.”It goes on to state that modified Navy uniforms were in use for a while, but the practice was stopped by FDR in 1937, and codified in law in 1946.
In response to what was perceived as the excessive ostentatiousness of some of these individualized uniforms, Congress banned diplomatic uniforms altogether in 1867, by passing a resolution forbidding diplomatic officials to wear "any uniform or official costume not previously authorized by Congress". This caused some discomfort to American diplomats, who now had to appear "underdressed", in evening dress, to official functions. In 1910, Theodore Roosevelt attracted considerable attention when he was the only foreign official at the funeral of King Edward VII who was not in uniform.
Now... it's pretty clear the intent of the law is being followed. But a quick search of pictures of diplomatic staff suggests "black suit and tie" is a de facto uniform for males. (A few grey suits, I admit.) How much uniformity is too much? Are members of other departments also forbidden to wear uniforms unless authorized by Congress? Who would have standing to sue if the State Department violated this law?
Starfleet makes no sense (again)|
In our Deep Space Nine viewing we have made it through Sacrifice of Angels and the big battle.
One of my big annoyances is that Captain Sisko is running the show. Why does Starfleet even *have* admirals and commodores, if not to coordinate major fleet movements? (I guess they're occasionally antagonists and scene-setters.) Would it be too much to have Admiral Ross, who's been a recurring character, direct the fight? Is this "The Main Characters Do Everything" or were they just too cheap to build a flagship set?
Anyway, that leads to my Star Trek trivia question: which officer (in canon) is responsible for the greatest loss, by number of starships, in Starfleet history?
I think it must be Sisko, given that the engagement was described as having about 600 ships and there were significant losses (though at least 200 survived.) Probably not all are capital ships. Wolf 359 was described as just 40 ships vs. the Borg Cube, so Admiral Hanson is probably off the hook.
Tags: star trek, television
Friday Squid Blogging: Squid Worm Discovered|
This squid-like worm -- Teuthidodrilus samae -- is new to science.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Kev introduced me to "Boomtown" at Thanksgiving, and we played it with my godkids. (We leanred that Rob has an unconventional bidding strategy.)
In each round you bid to get first choice of the available mines. Each mine has a production value (1 through 6 gold) and a number that specifies when it triggers, based on the roll of two dice each turn. Further, collecting a set of mines from the same town gives you the mayorship, which lets you collect additional gold from players who build mines in that town (or are forced to by the available options.)
Position is important because choice of mines proceeds clockwise from the winner, and bid payments are paid counterclockwise. (The player to the winner's right gets half, the next player gets 1/4, etc., with any remainder going back to the bank.)
So, each mine has value in a variety of different ways:
* Its "equity" value, the production value translates to points at the end of the game
* The expected stream of future payments from production (more important in a small game than a big one). Usually the mines with rarer numbers (2 and 12) do not have big enough production value to compensate for the low probability. This can be calculated exactly.
* Its contribution towards winning a mayor, or increasing the value of the mayor's office
The mayor has the same components:
* A 5-point value at the end of the game
* The expected stream of future payments from mines in the matching city. This is somewhat dependent on future bidding but the number of undiscovered mines in that city is known.
Both these need to be risk-weighted against the possibility of losing the mine (to a special card) or the mayor's office (due to somebody outbidding.) So valuation is complex enough to be interesting. I wonder if tools from conventional finance are worth using here, does it make sense to apply a discounting rate to future returns? I think they don't because there is no risk-free reward.
However, the bid payout mechanism (and the fact that you get one card every round no matter what) makes bidding nontrivial as well. Let's ignore coalitions for a moment--- they're hard anyway--- and just look at two players, A and B. Let's also ignore any + or - value to position (the winning bidder bids first the next round.)
mine X: value 3 to A, value 0 to B (a production-3 mine in A's city, assuming A has three mines in that city)
mine Y: value 3 to A, value 6 to B (a production-6 mine in B's city, mirrored assumption)
The global optimum is that B gets Y and A gets X. But because this is a competitive game, A prefers (AY,BX). So we can recast this in terms of A's utility:
X to B: +3
X to A: -3
B's utility is the opposite (in games with more players we can't make this simplification). But A can't bid 3, because 2 of those gold would go to B. Writing things out:
A bids 3 and wins: +3 -3 -2 = -2
A bids 2 and wins: +3 -2 -1 = 0
A bids 1 and wins: +3 -1 -1 = +1
Is A's win enough? Well, from B's perspective (more negative is better) he can bid 2 and get an improved result--- the payoffs are all reversed:
B bids 3 and wins: -3 +3 +2 = +2
B bids 2 and wins: -3 +2 +1 = 0
B bids 1 and wins: -3 +1 +1 = -1
So if A goes first he should bid 1, forcing B to bid 2--- or he can bid 2 himself and achieve the same payoff (but B might make a mistake either way.)
In a two-player game, is there always a way to force no net gain? No, because the mine values may be fractional due to the future revenue stream, and only whole-value bids are accepted. In that case, the winning strategy is to immediately bid the amount which produces a small (<1) positive result for the first bidder; the second player cannot improve his bid without going negative, since zero is not possible.
But this strategy suggests there is an advantage to bidding first, equal to the fractional payouts in future rounds. So, confusingly, it might be worth overpaying in round 1 if you could go first on all subsequent rounds. But the other player could compensate by overbidding in round 2. I don't know what the end effect of this line of reasoning would be (it might not even be feasible with limited bankrolls)--- it might make an interesting toy game to study all by itself.
Tags: finance, game theory, games
More on Stuxnet|
Ralph Langer has written the definitive analysis of Stuxnet: short, popular version, and long, technical version.
Stuxnet is not really one weapon, but two. The vast majority of the attention has been paid to Stuxnet's smaller and simpler attack routine -- the one that changes the speeds of the rotors in a centrifuge, which is used to enrich uranium. But the second and "forgotten" routine is about an order of magnitude more complex and stealthy. It qualifies as a nightmare for those who understand industrial control system security. And strangely, this more sophisticated attack came first. The simpler, more familiar routine followed only years later -- and was discovered in comparatively short order.
Stuxnet also provided a useful blueprint to future attackers by highlighting the royal road to infiltration of hard targets. Rather than trying to infiltrate directly by crawling through 15 firewalls, three data diodes, and an intrusion detection system, the attackers acted indirectly by infecting soft targets with legitimate access to ground zero: contractors. However seriously these contractors took their cybersecurity, it certainly was not on par with the protections at the Natanz fuel-enrichment facility. Getting the malware on the contractors' mobile devices and USB sticks proved good enough, as sooner or later they physically carried those on-site and connected them to Natanz's most critical systems, unchallenged by any guards.
Any follow-up attacker will explore this infiltration method when thinking about hitting hard targets. The sober reality is that at a global scale, pretty much every single industrial or military facility that uses industrial control systems at some scale is dependent on its network of contractors, many of which are very good at narrowly defined engineering tasks, but lousy at cybersecurity. While experts in industrial control system security had discussed the insider threat for many years, insiders who unwittingly helped deploy a cyberweapon had been completely off the radar. Until Stuxnet.
And while Stuxnet was clearly the work of a nation-state -- requiring vast resources and considerable intelligence -- future attacks on industrial control and other so-called "cyber-physical" systems may not be. Stuxnet was particularly costly because of the attackers' self-imposed constraints. Damage was to be disguised as reliability problems. I estimate that well over 50 percent of Stuxnet's development cost went into efforts to hide the attack, with the bulk of that cost dedicated to the overpressure attack which represents the ultimate in disguise -- at the cost of having to build a fully-functional mockup IR-1 centrifuge cascade operating with real uranium hexafluoride. Stuxnet-inspired attackers will not necessarily place the same emphasis on disguise; they may want victims to know that they are under cyberattack and perhaps even want to publicly claim credit for it.
Related: earlier this month, Eugene Kaspersky said that Stuxnet also damaged a Russian nuclear power station and the International Space Station.
Safeplug is an easy-to-use Tor appliance. I like that it can also act as a Tor exit node.
EDITED TO ADD: I know nothing about this appliance, nor do I endorse it. In fact, I would like it to be independently audited before we start trusting it. But it's a fascinating proof-of-concept of encapsulating security so that normal Internet users can use it.
ObamaCare continues to look lousy:
Are Democrats in denial about ObamaCare's midterm consequences? Debbie Wasserman-Schulz is....
White House downplaying ObamaCare website fix; will work "better" on December 1st.
Mish: Jobs vs. Employment Analysis suggests huge ObamaCare Impact.
Chicago Tribune notes the obvious:
Abbott Laboratories chief executive Miles White said something last Tuesday that should jolt tens of millions of Americans who watch from a comfortable distance as the giant Obamacare blimp ignites and tumbles to the ground. These Americans are safely ensconced in employer-provided health care coverage — for now.
But there are “clear incentives for companies to drop their health care plans and move people onto the exchanges,” White told analysts at a luncheon, referring to the disastrously cranky and unreliable online insurance marketplaces created under Obamacare. …
If President Barack Obama and Democratic leaders think the outcry against Obamacare is fierce now, watch if millions more Americans get blindsided with the news that they’ll be forced into these dysfunctional government online marketplaces. Some will face higher premiums or higher deductibles…
And this WSJ story (pay link) notes that companies will be passing more helath costs to workers.
Current Mood: busy
Who will stop the rain?|
Who will stop the rain? We've received over 2 inches of rain since this storm began early yesterday. The annual average here is 4.3 inches. Yikes! It must be global warming....
Shock! HHS will begin direct enrollments in ObamaCare. The only problems: Possibly no subsidies, possibly violations of law, and other (similar issues). More popcorn for the GOP.
Meanwhile, ObamaCare approval is at 33% and falling....
Why ObamaCare isn't liked by employers (and there will be a lot more pain next year).
Did HHS drop the "Anonymous Shopper" feature of healthcare.gov because of issues with the feature? CNN says no--it was lying, and the GOP's criticism that it would produce rate estimates so high they would deter potential enrollees was likely right.
Current Mood: amused