Tuesday, July 30, 2002

Law professor Neal Katyal has an editorial in today's NYT. He bemoans cyber-lawlessness and suggests remedies:

"The federal government should develop programs to increase awareness of computer security issues... More research is also needed on solutions like palm and fingerprint recognition, which could reduce or even eliminate the need for passwords... Congress should ... increase financial and technical assistance to centers that train computer scientists in advanced techniques. The industry itself should also educate the general public about the proper use of computers and good password practices."

General education certainly seems like a good thing. I am appalled at the poor administration I have seen in systems that are supposed to be secure, like outsourced email services. Administrators choose extremely poor passwords for users (e.g. each user's social security number, or the same easily-guessed password for every person in the company who has an account).

However, I fail to see how computer scientists need to be trained in advanced techniques. Many of the advanced techniques we already have suffer from severe deployment problems, such as public/private key systems. The basic techniques deployed so far aren't so terrible, except that they're consistently used badly. It's not computer scientists that need training in basic techniques, it's users and particularly system administrators, who generally aren't computer scientists.

Also, it's not clear how to follow through on the suggestion that "the industry itself should also educate..". It seems any company using computers has in its own best interests to train its users about proper use of computers and passwords. These companies are far more likely to act in their own self-interest than have the software industry step up and do it for the general public.

Monday, July 29, 2002

I just found a wierd article on self-modifying protocols. It is inspired by self-modifying games such as Nomic. Vreeswijk justifies the need for protocols which may be modified in the fly by reference to human conversation, where we constantly modify the protocol in use. For example, I can say "I invented a game called Big Brother", and you will understand when I refer to "Big Brother", I'm referring to a game you may never have heard of before. The article also discusses the bootstrap problem and ensuring that the protocol doesn't go dead. Although there are some interesting ideas, the link between self-modifying games and protocols that are modifiable by the computers that use them seems rather tenuous.

More obviously useful (by which I mean lucrative) would be modifiable-rule computer games. I briefly played BattleTech or some such game, where you can design your mech warrior. The only part of the game that really held my interest was that it felt like I could customize the rules by which the next battle would be played. Of course that's a rather limited sense of rule changing, in that of course the real rules encompass all the possible mech designs. There's also the games where you can design the terrain before beginning the game played on the terrain, like Age of Empires. I can't think of any existing computer game that involves significantly more flexibility than these two types.

Friday, July 26, 2002

I gathered a list today of notification work related to various IETF applications area working groups, past and present. There's a lot.

For the purposes of this discussion, a notification is a message sent to a client from notification server, where the server initiates the connection. The notification was solicited, because the client previously requested a subscription for a specific kind of event from the server. The notification problem is not easy because to solve it properly it requires clients to either have a new kind of server, a notification management server, to manage and receive their notifications, or it requires clients to listen on a port and accept incoming requests (which is forbidden by many firewalls and corporate policies).

General: In Aug 1998 the NOTIFY BOF was held at IETF with much controversy and huge scope problems. GENA (Generic Event Notification Architecture) is one of the more concrete proposals that came out of this. It has received some unofficial discussion and review in the WebDAV WG (which I co-chair), where notifications would be useful to let users know when new documents show up in their folders, when documents they want to edit become unlocked, etc.

ENP (Event Notification Protocol, May 2000) is a notifications proposal based directly on WebDAV, but perhaps no less generic than GENA. This proposal was also discussed in the now-defunct SWAP (Simple Workflow Access Protocol) WG.

HTTP: In 1998 a workshop called WISEN (Workshop on Internet Scale Event Notification) discussed general notification, focusing on the Web. Many of those involved in 1998 were UC Irvine grad students, and UCI professor Richard Taylor advised at least some of those. The Institute for Software Research at UCI frequently works on notifications, distributed systems, event-based systems, etc. Adam Rifkin put together a somewhat-dated but very comprehensive survey of event systems. One of those UCI students, Rohit Khare, left to found KnowNow, which implements HTTP-based notification clients and servers.

SIP (Session Initiation Protocol) isn't applications area (it's transport area) but they recently came out with a reasonably extensible notifications RFC. A recent academic paper acknowledges debts to SIP in the design of a Group Event Notification Protocol.

SNAP ([Smart/Simple] Notification and Alarm Protocol) is another concrete proposal. It has been discussed most in the VPIM (Voice Profile for Internet Mail) WG, but it showed up at the Lemonade BOF at last week's IETF, proposed for use in "unified messaging", to notify mail clients of new types of messages in their unified mail inboxes. SNAP has also been proposed for use in MMS (Multimedia Messaging Service). There are also claims SNAP has been implemented by "major email vendors" and Comverse.

The CalSched WG could use notification in order to let users know when an appointment is coming up.

The OPES WG and the recently-defunct WEBI WG discussed the requirements for a Web notification architecture. WEBI wants Web page cache servers to subscribe to Web content servers, so that rather than poll for new page versions, the content server could send a notification when the cache should be thrown out or updated. They also discussed using GENA.

The LDAP-EXT (Lightweight Directory Access Protocol) WG has discussed notifications and LDAP.

The IPP (Internet Printing Protocol) WG has discussed notifications and has a current Internet-Draft discussing requirements.

Instant messaging even enters the fray. It's long been understood (see the draft I wrote in 1998, or this or this other one) that finding out when somebody is online may best be done with subscriptions and notifications. Last week's Jabber BOF brought to light a protocol for which there exists an Event Notification Service.

Monday, July 22, 2002

For future reference: when emergencies involving many injuries arise, don't give blood. Instead, wait for a time when the blood banks need blood.

Clearly, blood banks could use a number of changes to even out the flow, some suggested by the New Republic article:

  • Turn away qualified donors when there are too many. Ask them to come back rather than waste time, money and blood, even though most don't come back.
  • Publish more information. Links from local daily web sites? Perhaps the local newspaper could be encouraged to print a daily "blood supply meter" showing when the pipeline is full, and when it's empty and more donors are needed.
  • Simplify the questionnaire. Some questions, as the New Republic article points out, are uselessly vague or even indeterminate. Those questions are useless as a supplement to the pathogen lab tests that already exist.
Wired has a breathy article on the Apt. club where guests can DJ with IPods. Isn't that pretty much a jukebox?
If you're interested in a huge mess of photos from the 54th IETF, I've got links to photo albums put up by various people.

Thursday, July 18, 2002

Thank-you, Queen's Square mall in Yokohama! I stopped at Starbucks there last night to fortify myself caffeine-wise before the long plenary. I must have left my wallet there. I didn't realize this until this morning putting stuff in my bag. I went to the hotel desk first where they put the words "lost black wallet" etc. on a piece of paper. I took it to Starbucks, where they seemed to say they had found it, and I should go to Information. The Information lady called around and told me to go to security. At security, they simply handed it to me and asked me to sign my name in their register! Not a single yen was missing.
Tech Central Station has an article today on wireless ubiquity. I am one of those who already takes it for granted. I am sitting in a large meeting room using wireless access to post this. However, what I am currently most grateful for is that the conference center did such a good job of putting power strips down every third row of chairs so I don't run out of battery juice - many conferences don't provide enough power outlets for geek groups like this one.

Power, network -- these are only two of the services provided free here. I also benefit from light, air conditioning (Tokyo is hot and muggy), snacks, water, and washroom facilities. These are all cheap services in the long run (except the snacks), and can all be included in the price of a venue rather than being charged separately. This is cool.

Wednesday, July 17, 2002

I attended a working group meeting this morning of possibly general interest. The geopriv working group is chartered with not only standardizing a format for geographical information, but also to deal with privacy issues around such information. For example, a user might publish their geographical information minute by minute to their friends, just like their instant messaging presence. Or a user might send their geographical position to a server that can respond with the nearest pharmacy or post office.

I found it quite amusing that most of the conversation I heard was about truth. Various presenters talked about how clients might want to lie about their position, or at least not be quite truthful. There was serious talk about how this affected the standard framework or protocols involved. I can't see how truth is anything but a philosophical issue, and definitely not an engineering issue. Truth may be conveyed in information and information may be conveyed in computer protocols, and protocols can't even guarantee that they are delivering information (the protocol may be given nonsense or garbage rather than information), let alone truth.

The Center for Democracy and Technology has somebody involved in geopriv, and discussed some of the basics in their one and only standards bulletin last May.

"Transparency" is on many tongues, in discussions of the media, big corporations, governments and any other organization and how they should operate. It came up tonight at the IESG Plenary here. I suspect transparency is overblown as a solution to all ills.

In the example tonight, an IETF participant felt that a proposal had been improperly blocked by an area director. The IETF participant felt that an opaque process allowed the improper behavior to remain unobvious for a long time. But really, in what way can transparency fix that? The same personality clashes and technical disagreements will still occur, and any sufficiently flexible and powerful process is subject to being affected by those who run it.

Tuesday, July 16, 2002

Here's me in a kimono! Last night at the IETF social, Ayako and Rei (and friends) were very kind to loan me a "yukata" or summer kimono, and dress me up in it. I loved it. Several people promised me pictures, shortly I should be able to post links to more, including the lovely Ayako and Rei.

Monday, July 15, 2002

What is it with us Canadians and navel-gazing surveys? Here's another, indicating Canadians are feeling insecure about health care, economic stability and unemployment.

It may be a good sign that Canadians survey themselves so much. If you're going to have a paternalistic, protective government, you'd better have data to do it as well as possible. However, this particular survey is by a group that I distrust because they very clearly and openly have a social development agenda. Yet, the Globe and Mail reports their survey results as if they were neutral. That's a mistake with "how do you feel about" surveys, where the exact wording of questions and the attitude of the questioner have a big effect on the response.

Sunday, July 14, 2002

I'm in Japan, and really noticing the big screens in major squares. E.g. across from Shibuya station. That's because one of the major brands is "Super Lisa"! The "lisa" stands for LED Informational System of Akami. Here is an example with the logo, and here's the one I saw yesterday in Akihabara.
Janis Ian wrote an article about music copying and downloading, now published on her Web site. The article is written from the point of view of a recording artist, but she does a good job of looking at larger issues. I like her point that it's the hypocrisy of the labels that she most objects to, that they're trying to protect artists and consumers, when mostly they're trying to protect their own asse(t)s. Janis puts her money where her mouth is, posting MP3s of her songs for downloading.

Wednesday, July 10, 2002

A New York Times opinion piece by Harvard/Penn professors claims to illustrate the problem of corporate morality by looking at history. Their claim is that we have much increased corporate law in the last century. This I have no trouble believing. However, they also say "With all this criminal law, we ought to have achieved a high level of corporate honesty by now. Needless to say, current events suggest otherwise." I have trouble believing either of these statements, and both require significant backing up.

In other words, it's not clear to me at all that current events prove corporate honesty has gone down. Current events only prove that our standards or expectations for corporate honesty are higher than reality. That could simply mean that our expectations have risen faster than corporate honesty has.

The National Post has a good article about why the LA shooting can be called a hate crime. It has a bunch of good points, some of which are related to my arguments below.

Does calling something a "hate crime" imply that it isn't "terrorism"? I thought yes, but my boyfriend thought no. Now I conclude that it's the whole definition of hate crime that is the problem.

Saturday, July 06, 2002

I understand it's "pick on the FBI" year (and they have much to answer for). However, caution in assigning motives to a sudden killer who had not been on their radar seems understandable. It even seems wise not to get embroiled in the discussion of defining "hate crime" and "terrorism" by not mentioning either.

The NYT's snide headline implies that while the FBI is unable to determine the LAX shooter's motives, any five-year-old should be able to -- based on an interview with a single man who had known Hadayet for one month. Instapundit extends that theme to scorn the FBI for their "duck and cover" act. However, early reports of eyewitnesses mentioned an argument that spun out of control, and in another NYT article, relatives of the shooter said it was probably an argument over limousine fare. While that theory seems wishful thinking at best, it's the mess of early theories that makes it appropriate for the FBI to be noncommittal until more thorough investigation of the shooter, his relatives and acquaintances.

It's true that when it suits the FBI's purposes they spout off with half-baked theories about investigations, and when it doesn't they're mum. However, it also seems that the FBI is criticized either way. And LA's mayor James Hahn said the same thing as the FBI, but is not criticized by Instapundit.

Wednesday, July 03, 2002

I've been influenced by Landsburg's argument that the most effective use of one's charitable $$ is to donate all of it to the most effective charity. This idea runs counter to most regular peoples' giving habits, where they give small to medium donations to a variety of organizations when reminded or canvassed. It's been a useful idea to me because it inspired me to do research into effective charities so that I could pick one I really liked, and give it most of my charitable funds.

However, the idea falls down if one takes into account the other reasons charities want donations, as Natasha pointed out to me this weekend. Charities regularly canvas people for extremely small amounts of money, hardly enough to cover the canvassing costs. Here are some reasons why charities want large amounts of small donors:

  • A large population of small donors shows enough popular support to attract a few much bigger donors.
  • Proof of popular support can help attract government funding
  • Proof of popular support can assist in advocacy, whether the advocacy is targetted at government, corporate, or other
  • Even small donations commit people. In Influence, Power of Persuasion, Cialdini describes how people who previously did not have a deep commitment to a cause become more committed after donating a small amount of money. This may lead to larger donations or other contributions later. Unlike the previous three points, this point may influence you not to donate small amounts.
  • Small donations may prove an interest in learning more. The charity may highly value a role of informing people who have already shown some interest, rather than simply extract more money from them. The small charitable donation may be just large enough to cover the cost of a member's newsletter.

Blog Archive

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License.