One Flaw With Biometrics

Biometrics, the use of unique details about people’s bodies such as fingerprints or patterns on the retina, are hot in the security industry. Do they live up to the hype? Probably not:

Police in Malaysia are hunting for members of a violent gang who chopped off a car owner’s finger to get round the vehicle’s hi-tech security system.

Beating fingerprint systems doesn’t require violence; one researcher was able to do so by reproducing a latent fingerprint in gelatin. Still, this incident shows that security is a little more complex than fads allow.

Autopackage Considered Harmful

Via Slashdot, we learn of the advent of Autopackage, a project to make it easy to install third-party software onto Linux systems in a distribution-neutral fashion. What’s not to like?

Well, there’s plenty to like. The goal is certainly laudable; it is too difficult to get software installed that your distro vendor doesn’t support. Furthermore, the Autopackage team have wisely chosen not to fight the distros; they emphasize that their system is a complement, not a replacement, for the distro’s package manager. The file structure doesn’t look too bad. They seem to at least have a clue about security, even if their current security story isn’t all that great.

Unfortunately, they’ve yielded to the temptation towards short-term fixes. As a consequence of at least one short-term fix, I predict that distro vendors are going to start seeing support requests from Autopackage users tht may, in some cases, be tough to fix. Were I responsible for supporting a Linux distro, I would tell my users that use of Autopackage breaks the support contract, or (alternately) that such support would cost extra.

What’s the problem? The big one: Autopackage installs to /usr, according to a comment by someone involved with the project. If something is installed by Autopackage, and later that same thing is shipped by Debian, the two packages will barf all over each other, causing both packages to fail (despite their unsubstantiated claim otherwise). Telling users to just avoid the Debian package won’t work, because package dependencies change over time, and any popular package stands a very good chance of being added to a meta-package eventually. The same thing is likely just as true for Red Hat, Mandrake, and the like, though obviously the details may differ.

It’s particularly interesting that the software allows the option to install to other places, such as $HOME, /usr/local, and so on. Supposedly, /usr is supported because:

…there are many broken distributions that don’t setup paths for /usr/local correctly.

Yet, in their FAQ, they talk about cooperating with the various distributions to create something like a “Desktop LSB” for handling library dependencies that their tool isn’t good at handling yet. Of course, getting the distros to support /usr/local properly is a much easier task than getting the distros to agree to and implement a new standard. Why blow off the easy thing, and assume the hard thing?

This isn’t the only problem, but it is the biggest one. The other problems are probably easier to fix, especially if they keep their promise for full package-manager integration in the next version. I’m curious how they handle the conflicting library problem, or newer libraries with new symbols that don’t require soname upgrades, but I’m sure they’ve had to deal with those problems to get this far.

Ultimately, I think the Autopackage people would do well to include some traditional distro people in the conversation, and work to integrate well within the parameters the distros set. As they already acknowledge, they aren’t going to get anywhere without some buy-in from the distros. What I wonder about is why they didn’t get that buy-in from the beginning, or if they did, why they aren’t talking more about it.

UPDATE: Joey Hess takes a closer look at the technology; to say he doesn’t like it is an understatement. And Mike from Autopackage responds in the comments to both of us (sorta).

UPDATE (2005-03-31): After a little heat and a little light in the comments, Adam Williamson of Mandrake is bringing the issue up on the Cooker list. His initial message is also posted in our comments, and you should be able to read the full thread here.

UPDATE (2005-04-02): Ubuntu takes up the question, starting with this message. A bug has been filed and dismissed in Ubuntu’s BTS as well.

Site News: Languages, Look-n-Feel

[eo] Mi provas kvietigi la anglalingvulojn, kaj diskutas la aspekton de la sitejo. Oni trovas aliajn aspektojn ("themes") por WordPress en la sitejoj de Blogging Pro kaj la konkurso de Alex King. Bonvole proponu vian opinion en la komentoj.

English readers should not panic; the site has not been hijacked. I’ve just set the site up to better handle my Esperanto posts and readers, including integrating the bilingual plugin into the post page and translating the comment policy. Watch for the “other language summary” on the post page.

I’ve been evaluating themes for the look of the site as well. The WordPress 1.5 release and Alex King’s theme competition have spawned a multitude of themes; two good places for looking at them are the competition theme browser and Blogging Pro’s gallery.

If there’s one trend I don’t like, it’s the fixed-width fad. Most of these themes force the width of the content section to be so many pixels, which on a large monitor (like mine) means really wide margins with a tiny strip of content in the middle. Some of the themes combine this with fixed-size fonts, so the posts don’t end up one-word-per-line; again, on my monitor, these end up unreadable unless I increase the font size, which inevitably destroys the page’s layout. (Here’s a good example.)

Nevertheless, there are some very good themes in the list, one of which may replace Steam on this site. (Steam, by the way, is in the theme competition.) Suggestions are welcome in the comments.

UPDATE: Now the language summaries are on the main page as well.

Dua Lingvo Poŝtanta

[en] The bilingual plugin is now integrated into the site; summaries in the "other" language should be available after the main post when available. Also, an Esperanto version of the site comment policy is now available.

La sitejo nun havas dualingvajn poŝtojn, kun resumoj en la alia lingvo de la poŝto. Se la resumo ne ekzistas, la poŝto aperas sen ŝanjaĵo. Mi provos skribi resumojn Esperantajn iam ajn mi povas.

AnkaÅ­, mi tradukis Esperante la komentan politikon de la sitejo. Esperantaj komentoj estas bonvena, sed bonvole ne uzu “Latin-3” por skribi komentojn. Unikodo, eks-metodo, h-metodo, ^-metodo, ktp. estas ebla, kaj unikodo estas prefera.

NOVA: Tiu estis tia amuzo, ke mi decidis meti la resumon en la ĉefa paĝo por ĉiuj poŝtoj.

Komenta Politiko, Marto 2005

[en] Esperanto version of the March 2005 comment policy. Read the English version here.

Ĉi tiu komenta politiko anstataÅ­igas ĉiujn antaÅ­ajn komentajn politikojn, kaj efektiviĝas se pli nova politiko anstataÅ­igas ĝin. Por veni la nuna politiko, elektu la “Comment Policy” ligilo de la ĉefa paĝo.

Mi rajtas forigi aŭ redakti ion komenton ajn, kvankam mi informos vin pri redaktitaj komentoj Mi promesas ke mi redaktu aŭ forigu tiel malofte kiel mi povas. Oni farus komentoj pri malagrablaj temoj (kiel sekso aŭ perforto) respekteme kaj sen vulgaraĉe.

“Spamo,” malprecize, estas komentario en ĉi tiu sitejo kiu servas iun alian celon krom diskuti. Spamo, precize, estas iu ajn mi diras en tiu sitejo. Spamo blokiĝos kiam mi eblas trovi ĝin ĉe la fojo de poŝtado, kaj foriĝos en aliaj aferoj. Oftaj spamistoj eble perdiĝos ilian kapablon de komenti.

BedaÅ­rinde, spamistoj ofte rabokaptas aliajn komputilojn fari ilian malpuran laboron, kiu povas kaÅ­zi senkulpajn homojn perdi privilegiojn. Ĉar mi ne povas distingi viktimojn senkulpajn ekde konsentantaj partoprenatoj, mi ne eble promesas redoni ilin. Homoj kun tiu problemo instigiĝas malhelpi tiun, per uzi kontrolaĵo de “viruses” aÅ­ “spyware”, retlegi kun “Mozilla Firefox” anstataÅ­ “Internet Explorer”, komuti al Linux el Windows, aÅ­ aĉeti “Macintosh”.

En la celo de malhelpi spamo, mia sitejo eble prezentos al komentuloj literojn kaj numeralojn en stranga bildo kiu la komentulo devos tajpi kaj sendi antaŭ la komento akceptiĝas. La sitejo eble decidos ke iuj komentoj estas tia suspektinda, ke ili bezonos mian propran aprobo antaŭ ili aperos en la sitejo, do ili ne aperas tuj.

Mi esprimas badaŭron por la ĝeno, sed fidu al mi: verŝajne vi ne deziras vidi la rubaĉon kiu sendiĝas ĉi tie do homoj povas profiti.

Buying Consensus

The recent buzz has been about powerful moneyed interests buying laws banning the free speech of other powerful moneyed interests, and how that same law might be applicable to private citizens who oppose those same groups.

So now we learn of professional protesters who don’t know anything about the issue they’re protesting. That’s not hyperbole, either; it’s the phrase the protesters used to describe themselves. They even admitted to not knowing who the object of their protest was.

Short-term, these kinds of things work. But long-term, they only have an effect as long as people continue to have faith in the institutions being manipulated, and as time passes, the secret becomes harder and harder to keep under wraps. Once the secret does come out, the damage can be quite serious; just ask Dan Rather.

To use another example, can anyone claim to take The American Prospect seriously anymore, after learning that they allowed an entire issue to be bought by a special interest group without disclosure? How is this any better than the Armstrong Williams fiasco? (For extra irony, note that the previous condemnation of Williams comes from The American Prospect itself.)

Corrupting the Youth: Video Game Save Intervals

Is it just me, or are newer video games making it more difficult to save when you need to?

We had a little problem with this over the weekend. When we tell the kids to get off the GameCube, we generally give them a few minutes to wrap up what they’re doing and save. This has worked well in the past, but it’s built up an expectation in the kids that they have the right to save, however long that takes. This resulted in a half-hour of extra playing time for Jon on Sunday, followed by some hurt feelings when he was forced to lose all that playing time.

Some older games (especially level-based ones) wouldn’t allow saves at any time, but they generally compensated by having short levels. The new games, by contrast, don’t have anything about them that would preclude saving at any time, yet they often have save artifacts you have to manipulate in the game in order to save. Which is fine, as long as you provide them at the right times, such as right after a difficult portion of the game.

I don’t want to be unfair, but I also don’t want to give game makers a veto over the rules I set over my children. If the game manufacturers feel a need to force their players to play for long stretches before giving them a place to stop, then we may not be buying very many more games.

Major News Feed Competition

Until recently, I subscribed to two feeds from major news media: the BBC and CNN. The BBC is generally a good-quality feed, although its bias is now world-famous and a lot of its news is a bit too British for me (such as, for example, the gushing soccer and cricket headlines). But CNN’s feed is downright annoying.

To illustrate, here are four headlines CNN gave me this morning:

  • “Clinton to have surgery to remove scar tissue”
  • “Clinton to have follow-up to heart surgery”
  • “Clinton to have follow-up to heart surgery” (yes, twice)
  • “Clinton faces new surgery”

When I look at my CNN feed and see in the neighborhood of 20 to 30 new posts, and half of them are repeats of the same story, I tend to just skip the feed entirely. The BBC does this too, but much less often.

Also, I see from the headlines that our government is calling for the dissolution of the IRA in Northern Ireland. But when I click on the headline, here’s the summary I get:

Read full story for latest details.

They do this for what seems like nearly half of their stories. Again, the BBC is much better about this; the summaries they provide are always informative.

What to do? Enter Fox News. I must have missed the announcement of their RSS feeds, but I check the big news outlets regularly for alternatives to CNN, and today’s check revealed a RSS link that I hadn’t noticed before. It’s early to say, but Fox looks promising: no zero-content summaries, and very few stories in the first pull. Plus, Fox content acts as a much better counterbalance to the BBC.

Despite the accusations of bias, Fox is now the number one news channel in the US. Part of that success comes from addressing a vacancy in the news market for conservative bias, but part of that also comes from execution: they’ve been able to do the news better than anyone else. We’ll see if that extends to their Internet presence.

Site: Spam Karma, Bilingual Blogging

If you haven’t seen the new comment policy, check it out. Mainly, the changes have to do with switching from the timed auto-moderate plugins I was using to Spam Karma.

Speaking of which, Spam Karma seems to be doing a good job. Occasionally, a spam slips through the cracks, but generally it’s done an excellent job. Even better, it requires a lot less attention to the moderation queue. So, it’s the answer for the foreseeable future.

I’ve also grabbed another plugin to help with my Esperanto blogging: Bunny’s Basic Bilingual Plugin. After I play with it a little more, people should be able to switch between English and Esperanto versions of posts via a small link. The idea is that most posts will be written in one language or the other; the plugin provides a way to mark the post’s primary language, plus provide an excerpt in the other language. Hopefully, I’ll be disciplined enough to do this with every post from now on, which should help my Esperanto fluency tremendously.

Comment Policy, March 2005

This comment policy supercedes all previous comment policies, and is in effect unless a newer comment policy supercedes it. To see the current comment policy, choose the “Comment Policy” link on the main page.

I reserve the right to delete or edit any comment, though I will alert people to edited comments. I do promise to keep editing or deleting to a minimum, though. Discussions about unpleasant subjects (like sexuality or violence) should be done respectfully and without vulgarity.

Spam, loosely defined, is commentary on this site that serves some other purpose besides discussion. Spam, specifically defined, is whatever I say it is on this site. Spam will be disallowed when it can be detected at posting time, and deleted in other cases. Frequent spammers may find their commenting privileges revoked.

Unfortunately, spammers often hijack other computers to do their dirty work, which may cause innocent third parties to lose privileges. Since I cannot tell innocent victims from willing participants, I cannot promise to always restore them. People with this problem are encouraged to take steps to prevent this, such as installing virus checkers and spyware checkers, browsing with Mozilla Firefox instead of Internet Explorer, switching to Linux from Windows, or buying a Macintosh.

In the pursuit of preventing spam, my site may present commenters with a set of letters and numbers in a funny-looking image that the commenter must type in and submit before the comment is accepted. The site may also decide that some comments are suspicious enough that they require my personal approval before appearing on the site, and thus will not appear right away.

I apologize for all the hassle, but trust me: you probably would rather not see the vile trash that gets sent here just so people can make a buck.

UPDATE (2005-12-07): Someone is spamming this comment specifically in a way that defeats my spam traps, so I’ve disabled comments.

Buying Our Way Out of the Civil War

(It’s an old post, but I just noticed it, and I can’t let it pass.)

Could we have just bought and freed the slaves in 1860, and thus avoided war? Two very smart economists, Brad DeLong and Alex Tabarrok, think so, or are at least intrigued by the idea. But they shouldn’t be; while their theories may make great economics, they’re based on poor history, and at least some of it strikes me as just sloppy thinking.

First, the history. DeLong’s thesis is that the slaves would have cost $90 per capita to free, while just the direct costs of the war amounted to $140 per capita for Northerners and $340 per capita for Southerners. But would this have worked? Not in a society that frowns on free blacks. See, for example, this blurb for a book on manumission (freeing of slaves) in antebellum New Orleans:

Their success rate was so great that in 1857, facing pressure arising from the increase in the number of free people of color, the state legislature prohibited manumission.

Schafer also recounts numerous cases in which free people of color were forced to use the courts to prove their status, showing that remaining free was often as challenging as becoming free. She further documents seventeen free blacks who, when faced with deportation, amazingly sued to enslave themselves rather than leave family, friends, property, and home.

But couldn’t Northerners buy slaves, move them north, and free them there? In theory, yes; Frederick Douglass benefited from this procedure to legitimize his status as an escaped slave, for example. But Northern attitudes towards blacks were little improved over Southern attitudes. Consider that there was widespread opposition to the creation of black regiments even in places like Massachusetts and Ohio during the war itself. Even strong pressure from abolitionist groups could only push the Union to organize a few regiments as experiments; only the bravery of these first regiments caused public opposition to abate.

(For more examples of Northern attitudes towards blacks, look at the criticism President Lincoln received when he met with Douglass formally at the White House.)

DeLong uses the career of Stephen Douglas, the Senator from Illinois who debated Lincoln in the famous debates of 1858, as an example of unintended consequences, attributing to his “popular sovereignty” position the ills of “creat[ing] a low-leel [sic] guerilla war in Kansas, creat[ing] the Republican party, elect[ing] Lincoln president in 1860, and the South then secedes, and Lincoln says that he will fight.” Yet only the first of those ills can be credibly be laid at the feet of Douglas. The genesis of the Republican party was not, like the genesis of the Whig party that preceded it, the result of one personality, but of a confluence of events. Douglas played a part in some of those events, but others (such as the rise and fall of the Know-Nothings, the collapse of the Whig party between the 1852 and 1856 elections, and the Dred Scott decision) were far beyond Douglas’s power to control even had he supported them.

With the history out of the way, why do I suspect sloppy thinking? Simply because it seems dodgy to think that the government could have bought its way out of the slavery question. As noted before, it was not unheard of to re-enslave free blacks; providing a government bounty for each freed slave would certainly not have improved that condition. Further, certain parts of the Southern economy revolved around slaves, which implies that these parts would have to radically adjust to new conditions. What does the government say to the poor slave auctioneer, for example, whose job has just been legislated out of existence?

But for the most important refutation, we must turn back to history. Read, for example, John C. Calhoun’s speech on Clay’s Compromise of 1850, in which he ties slavery to the core of Southern character in his portrayal of Northern offenses.

Unless something decisive is done, I again ask, What is to stop this agitation before the great and final object at which it aims–the abolition of slavery in the States–is consummated? Is it, then, not certain that if something is not done to arrest it, the South will be forced to choose between abolition and secession? Indeed, as events are now moving, it will not require the South to secede in order to dissolve the Union. Agitation will of itself effect it, of which its past history furnishes abundant proof–as I shall next proceed to show.

Slavery was seen by Southerners like Calhoun to be a core part of Southern society, and almost definitive of it. Note how a single issue–slavery in the territories–is interpreted by Calhoun as an exclusion of the entire Southern way of life from those territories. With the battle lines thus drawn (and this was only the last of a very long line of speeches by Calhoun drawing the lines in this way), how can anyone think that the mere spending of money could alleviate all this hostility and defensiveness?

Spam Karma!

Well, the default WordPress spam system was working just peachy. Until yesterday, that is, when the nasty little spammers changed tactics.

The good news is that I’ve found a spam plugin that actually works with WordPress 1.5: Spam Karma. And what a plugin it is, too. It is amazingly cool-looking, especially from the admin point of view.

So, we’ll see if it lives up to its potential. Give us a few days, and if it works out, we’ll have a new comment policy.

How will this affect all three of my fans? Well, when you post a comment, you might be asked to read some funny-looking letters from a graphic into a box and submit it. The possibility exists that some people just might be denied access; if that happens, give me a buzz by E-mail. Here’s the address to use. (If you select the link, your computer should start an E-mail for you with the address filled in, so you don’t have to type it yourself or play with cut-n-paste.)

The stuff between the first plus sign and the at-sign means “Starting close to midnight on March 6, accept all mail from anyone for exactly two weeks.” That way, you guys can E-mail me, but by the time spam harvesters pick up the address, it will have expired. That also means that anyone else trying the address after about March 20 won’t get through, either; if we’re still having problems, check more recent blog posts for updated addresses to use.

An Example of Sloppy Journalism

Everyone with a special interest in a topic has probably experienced the same thing once that topic is covered in the news: excitement over the coverage, followed by disappointment when the piece makes mistakes. Some of this is inevitable; journalists are only human, and they are asked to cover subjects all over the map. Sometimes, however, the mistakes are too great to be chalked up to human frailty. This is bad enough for interests such as computer technology, chess, or stamp collecting; it’s much worse when the subject involves a potentially life-threatening illness.

Such is the case with a new story on Marfan syndrome (apparently part of some news conglomerate; see, for example, this version of the story). The story means well, and any attention is good attention to some degree. But the inaccuracies are annoying:

  • “…height is in no way a criteria for Marfan Syndrome.” True. Yet, given two equal groups, one with Marfan and one without, which group will have the higher average height? Being tall is not part of the criteria, but it can be an important warning sign, especially when coupled with lankiness, long fingers, etc. Will anyone read that and decide to ignore their own physical signs? I hope not.
  • “The Marfan Syndrome Web site,…” It would be nice for the National Marfan Foundation to get proper attribution. Besides it being a marvelous resource, it is responsible for helping reach many of the medical milestones that make the lives of Marfan patients better.
  • “…and the eyes may appear normal without a special exam until the lens dislocates.” Normal-looking eyes are a criterion for Marfan? I welcome training for optometrists and opthamologists in detecting ectopia lentis as a sign of Marfan, but I wouldn’t go so far as to say that everyone with normal-looking eyes should be tested in the absence of other signs.
  • The good doctor quoted often sounds like an idiot; this is a good sign that the quotes are getting mangled by the journalist. For example: “The aorta can expand silently for a long time, until the aorta tears or ruptures, which is deadly, or there can be tearing, which is life threatening and can lead to death.” (So how do we distinguish between tearing that is deadly and tearing that is life-threatening?) Even worse: “Most people who are referred to me and my colleague, who is one of the early discoverers of Marfan, don’t have the Marfan Syndrome.” (That colleague must be really old, given that Marfan was discovered in the 1890s!) I’ve seen domain experts misquoted often enough to believe that these quotes should reflect on the reporter or her editors, not the doctor.

Excessive criticism on our part tends to make journalists defensive, and can result in their avoiding complex and obscure topics, which punishes us rather than the journalist. So, there’s a question about how much of a fuss people should raise, especially since most of the objections here are minor (though I would not discount the discussion on height, which can serve as an excuse for those looking for reasons not to get checked out).

But it does make you wonder. If journalists are this bad when talking about subjects you know, are they really any better when talking about subject you don’t know?

One of the best resources outside of the NMF site itself is Jeanette Navia’s Marfan Life site. She has a quick post mentioning the article in the blog.

Perspective on Sin

This is a powerful “paraphrase” of a Gospel story. If you’re a Christian, or interested in Christianity, or if you feel alienated from the Church for some reason, go read it.

Sin is a paradox for the Church. In theory, we all affirm our own sinfulness. Yet in our honest place, we often feel superior to people who wear their sins on their sleeve. Indeed, sometimes we shame ourselves out of recognizing our common plight with these people, and for the ironic goal of “not sugar-coating sin”. As if the sins of the unbeliever were their worst problems!

By focusing on acts and not salvation, we focus on shoveling coal on their hellfire, and not on helping them out of the furnace.

Via Donald Sensing. Also see Brutally Honest, especially the comments, for a reaction.

Triumph and Nostalgia

I currently live in the Indianapolis area, but my heritage truly lies in the central Illinois landscape, where I spent most of my childhood and my early adult life.

Around here, sports craziness seems the norm. Indiana is famous for its sports fandom, and deservedly so from my point of view. But in Illinois, where the winning teams are less plentiful, there’s a bit of wistfulness about sports. This can best be seen in the mythical pathos of the Chicago Cubs fan, or in the near-demigod status of Michael Jordan, Phil Jackson, and the rest of the ’90s Bulls.

In central Illinois, the object of this hope is often the University of Illinois at Urbana-Champaign, by far the largest nexus of sports activity outside of the Chicago metropolitan area. “We” (for Champaign was my home for the longest stretches of time, and is the birthplace of my wife and oldest son) have some of the best sports facilities, the most money, and the most prestige, coming from such roots as “Red” Grange. Yet, as with most Illinois sports teams, we have always been ultimately disappointed when the time came for championships.

As college basketball fans have surely noted by now, that seems about to change.

Right now, Illinois stands at number one in every college basketball ranking. They are undefeated this season, even with a relatively tough schedule. The last time they were named, they won every vote unanimously. Sports commentators now think it “edgy” to predict that Illinois will not win the championship.

So, we recorded the Purdue game from a few days ago. I’ve only seen a few minutes of the game, but it’s a painful few minutes if you’re a Purdue fan. When Purdue covered the center, Illinois just passed outside the arc and made three-point shots; when they adjusted, Illinois started finding easy plays under the basket. I stopped watching when Illinois had built up something like a 25-12 lead.

I’m a Hoosier now, and this was one of Gene Keady’s last games to boot. Still, the Illinois boy in me can’t help but smile. Can my fellow Hoosiers forgive me?

UPDATE (2005-03-06): I swear I must have jinxed them!