Links February 2010

February 16, 2010 | etbe

Popular Mechanics has a good article about 911 [1]. Experts in all the relevant fields were consulted to debunk popular myths. It’s an old article but I hadn’t read it before and learned a lot.

Former CIA analyst Raw McGovern and former FBI attorney/special agent Coleen Rowley, a colleague in Veteran Intelligence Professionals for Sanity wrote an interesting article titled “Why Counter-Terrorism Is in Shambles” [2]. Such sanity from people who are associated with the intelligence industry is unusual.

Gizmodo has an amusing and informative poster about the true risks of airline travel post 911 [3].

Reuters has an interesting article about drug smugglers using Gulfstream and 727 aircraft to smuggle cocaine from South America to Africa [4]. They claim a link to al Quaeda, but such a link seems tenuous from the evidence provided, it does seem reasonable to claim that groups who claim affiliation to al Quaeda are involved in smuggling – anyone can claim anything really.

An 8yo boy is on the TSA terrorism “watch list”, he regularly gets frisked when traveling by air [5]. His mother had a security clearance to fly on Air Force 2 when Al Gore was the Vice President, any sane security system would look at the parents rather than an 8yo child – children of that age aren’t going to independently become terrorists.

The Dallas Observer has an interesting article by Kimberly Thorpe about how to beat debt collectors [6]. Apparently most debt collectors break the law in some way and can be sued for damages – with a typical settlement of $3,500. Some debtors are suing multiple debt collectors, after one debt collector is successfully sued the debt is passed to another collector who also breaks the law. What I really like about this is that the community of people who sue debt collectors keep the industry honest and protect the majority of the population who don’t have the time or interest for engaging in law suits.

Read Write Web has an informative article about SourceForge being forced to deny access to people in Cuba, Iran, North Korea, Sudan and Syria [7]. A problem for free software developers is that we often don’t know the location of the people we collaborate with so it’s best to be as open as possible. This means that the US is not a good place to host servers, probably some part of the EU would be better. Also this sort of thing makes the field of free software development less welcoming to US citizens. Did the congress people learn nothing in high-school? They should know that someone who starts a campaign of ostracism may end up being in the small group.

Google is developing a new Native Client (NaCl) system that seems to be like Microsoft ActiveX [8]. I can’t imagine this doing anything that couldn’t be done with Java, it seems most likely to just marginalise the less popular platforms which isn’t in the best interests of Google.

Kevin Kelly of the Technium wrote an interesting post about 1000 true fans [9]. The concept is that if you are doing creative work you only need 1000 dedicated fans who buy everything you sell to make a living. If you make $20 per year from each of the 1000 fans and you will earn enough to live. Make $100 per year from each of the 1000 fans and you will be earning more money than most people. The updates show that artists who try this aren’t having much success yet, but the Internet population is still increasing dramatically…

PaxStreamline offers an innovation in commercial air-conditioning, apparently a significant amount of electricity is wasted on heating the air after chilling it excessively to remove moisture [10]. So instead of cooling it they use a liquid dessicant to extract the moisture.

Ben Schwartz explains why you should never create files in H.264 or MPEG formats, unless you have a special commercial license then you (and your viewers) will all be liable for patent infringement for any type of commercial use [11]. Note that storing the data on a web site with Google adverts counts as commercial use. I wonder if all those digital cameras and mobile phones that create MPEG videos have appropriate licenses, maybe uploading a file created on your phone breaches the patent.

J. K. Rowling (author of Harry Potter) gave an inspiring speech for Harvard graduates [12]. I particularly liked the following reference to her work for Amnesty International “Choosing to live in narrow spaces leads to a form of mental agoraphobia, and that brings its own terrors. I think the willfully unimaginative see more monsters. They are often more afraid“.

Peter Eigen gave an interesting TED talk about the formation of Transparency International and the economic problems that are caused by corruption [13].

The Monthly Review has an interesting article about the failure of the US justice system [14]. The prison industrial complex has captured part of the US government, neo-liberalism is to blame.

59% of Americans agree that “homosexuals” ought to be able to serve in the U.S. military. But 70 percent believe that “gays and lesbians” ought to be able to serve in the military [15]. Apparently 11% of Americans think that gays and lesbians are better than “homosexuals”.

Will Aliens be Alien?

February 15, 2010 | etbe

The Telegraph has a silly article titled “Aliens are likely to look and behave like us” [1]. It’s based on the ideas of Professor Simon Conway Morris [2] who is a big fan of evolutionary convergence. He seems to believe that humans evolved in a way that is close to optimal and that aliens would have to evolve in a similar manner. The article’s claim that aliens will look and behave like us has three flaws, one is assuming that humans are the ideal form for space travel, another is the significant possibilities for vast objective differences between species, and the final one is the human tendency to regard small differences as being really significant.

The Arrogance of Assuming that Humans are Ideal.

It seems extremely arrogant to assume that humans have the ideal form for performing tasks that we have not yet performed – such as traveling to another star system.

To assume that it is certain that humans will colonise the stars is also extremely arrogant and foolish as well, I think that a significant amount of money should be devoted to existential risks that we face. People who believe that humans will inevitably colonise the stars (probably because God told them – there’s no other reason for such certainty) will tend to oppose taking prudent measures to reduce the probability of failure.

We should also consider the possibility that a human society that colonises another star system at some future time might be so different from us that we regard them as alien.

How Might Aliens be Different?

It seems to me that one problem with the theory of convergent evolution (as applied to different planets) is that evolution doesn’t seem to work in big steps. It seems to me that for an increasing portion of the jobs in our technological society there would be a benefit in having four arms and two legs, and maybe having more than four fingers on two of the hands. But evolving a bone structure that makes four arms useful is not a minor tweak so it seems unlikely to happen naturally – we might be able to genetically modify humans to have four arms and two legs with some future technology.

I can’t believe that four limbs is the optimal number for every mammal, amphibian and reptile (apart from the legless ones), that two legs plus two wings is the optimal number for every bird, and that six legs is the optimal number for every insect. I also can’t believe that two arms and two legs is the optimum number for every primate with the only significant difference in limbs being the primates that possess a prehensile tail. Evolution doesn’t produce perfect creatures, what it does is to produce creatures that tend to be slightly fitter than their ancestors. So even if there was an optimal form for a species that develops interstellar-craft, there would be no reason to assume that humans have such a form even if we had developed interstellar travel.

I think it’s relatively safe to assume that aliens would have two eyes (stereoscopic vision is a significant advantage), but apart from that I don’t think we can assume much about their appearance. For example I don’t think that there’s any inherent reason why creatures as intelligent as current humans could not evolve from octopuses – 8 arms would be quite useful for operating machines.

Aliens that spread beyond their own home planet don’t have to be optimal for such tasks, they only need to become the dominant species on their planet, develop decent technology, and then want to leave their planet. A species that took 100,000 years to achieve what humans have achieved in the past 100 years might not be considered optimal – but it might still be able to eventually launch interstellar craft. I don’t think it’s reasonable to assume that aliens would have to be as intelligent as humans to do that. But it does seem most likely that any aliens who manage to get here would be more intelligent than us.

Guns, Germs, and Steel: The Fates of Human Societies by Jared Diamond has a really interesting analysis of how human history was determined by geography and the availability of plants and animals suitable for domestication. Part of the explanation for the apparent lack of intelligent aliens could be planets where the dominant species was stuck in a situation like that of the people of New Guinea, the lack of plants and animals suitable for domestication prevented their society from developing. A stone-age human civilisation could potentially be stable for millions of years.

The article says “Extra-terrestrials might not only resemble us but have our foibles, such as greed, violence and a tendency to exploit others’ resources“. Well for starters a species that can displace all other contenders to become the dominant species in their planet would have to be capable of greed and violence. So that is probably correct but is not really going out on a limb.

Physorg.com has a short article describing the benefits of sexual reproduction in terms of the rate of accumulation of harmful mutations [3]. So it seems that sexual reproduction is most likely among intelligent aliens. But I don’t think that there is any reason to assume that aliens couldn’t be hermaphrodites. The Telegraph article claims that “Star Wars and Star Trek could be more accurate than they ever imagined in depicting alien life“, but given that Star Trek has avoided homosexuality even when demanded by the plot it seems that whatever aliens do in the bedroom would be way outside the range of activities alluded to in Star Trek. It seems that almost all sci-fi has aliens that are less “alien” than a significant portion of the human population. I think it’s safe to predict that if we should meet aliens they will not look like humans wearing cheap make-up or rubber suits – that has more to do with the budgets assigned to movie studios than any claim to potential realism.

It seems most likely that a society capable of developing space travel would need a great deal of training for it’s young before they become self-sufficient. Species of animal that abandon their eggs and hope for the best seem unlikely to succeed in doing that. I think that this implies that a pair-bonded species that spends an extended amount of time raising their young is most likely to succeed.

Perceptions of Aliens

Vulcans are widely regarded as being on the Autism spectrum. So it seems that having some similarities in personality to about 1% of the human population is enough to convince most human viewers that the character in question is an alien. A Google search for such things just turns up many references to people on the Autism spectrum who feel like aliens – which incidentally is the source of the alias ETBE [4] that I used for more than 10 years before being diagnosed as an Aspie. Star Trek aliens aren’t actually very alien by human standards!

Given the repeated demonstrations of the general human inability to recognise the psychological similarities in people from different countries or racial/ethnic/religious backgrounds it seems likely that few people would recognise aliens as being at all similar to us. As so many people are unable to recognise the fundamental similarities in people who happen to have a different skin color I can’t imagine many people immediately regarding beings that look like octopuses as having human traits.

Could an eusocial organism (such as bees or ants) develop space travel? It seems to me that most people wouldn’t regard humans who act in a manner that resembles ants (such as the Borg Collective) as being “like us”. The possibility of an eusocial race evolved from humans is explored in Coalescent: A Novel (Destiny’s Children, Bk. 1) by Stephen Baxter (and more briefly in the sequels).

Probability

The universe is a large place. Making a specific prediction about the first alien species that we might encounter might make some sense. But given the potentially billions of species that might be out there we should assume that some of the more improbable forms are represented. Claiming that anything in particular is impossible seems very rash.

Also anyone who makes claims about what evolution “should” do seems to have missed the point. What evolution does is to give rise to species that tend to be a better fit for the environment. Different environments result in different creatures. We can try and predict what creatures might evolve, but we don’t get to say that things “should” happen.

I Just Bought a new Thinkpad and the Lenovo Web Site Sucks

February 15, 2010 | etbe

I’ve just bought a Thinkpad T61 at auction for $AU796. My Thinkpad T41p has cooling problems which I have previously described[1]. It’s also started to rattle a bit when I hold it upside down since I took it apart so I guess I didn’t do a great job at trying to fix it (probably the fan is getting obstructed). Now it has developed some screen problems where the screen back-light will periodically turn off and stay off until I press and release the lid-close button (to turn the screen off and on again), this is apparently the symptom of a broken inverter [2]. I was quoted $160 to fix the inverter and $250 to replace the entire screen by laptop.com.au (a very reliable laptop sales and repair company that I’ve dealt with before) [3]. Also the system has the red screen problem where intermittently the screen turns reddish so paying $250 for a replacement screen is worth considering. I decided not to do this as I have seen refurbished Thinkpad T41p systems on sale for about $400 and spending $160 now and possibly $250 later on a $400 system didn’t seem like a good idea. One thing that has annoyed me about my Thinkpad for a long time is the lack of PAE support in the Pentium-M CPU which makes it impossible to run Xen [4], so upgrading to a newer system will allow me to use virtualisation for the purpose of fixing bugs in Debian/Unstable among other things.

As I want a Trackpoint it seems that a Thinkpad is the best option (Thinkpads are also great in many other ways). So really all want is a new Thinkpad with an equal or higher resolution screen, more than 1.5G of RAM (what I’ve currently got) and at least PAE (but ideally hardware virtualisation for KVM) as rumor has it that ACPI doesn’t work well with Xen and also Xen has a history of being a little unreliable at the best of times. I’m after a portable desktop replacement system, so I’m not after an X series or anything else light either.

Even though the new prices on Thinkpads are generally more than I want to pay I first checked the Lenovo web site. It sucks in a magnificent way. First there were some basic site navigation issues, such as the fact that I often can’t click my middle mouse button on a link to open it in a new tab (I get some sort of Javascript error) – it seems that the Lenovo web team didn’t consider the possibility that I might want to have the details of different series of Thinkpad open in different tabs for the purpose of comparison. But the kicker is the fact that most Thinkpads don’t have the screen resolution displayed! It seems to me that one of the most important factors in purchasing a laptop is the screen resolution – and Lenovo generally don’t provide it!

The Ideapad is described as having a resolution of 1024*600 (a netbook not a laptop), the Thinkpad Edge has 1366*768 (not that good), and the R400 and R500 are WXGA which is anything between 1280*720 (sucky) and 1366*768 (slightly less sucky). So it seems that the low end models have technical details which could allow a potential customer to reject them, while the high end models don’t have technical details needed to justify the purchase price! Fortunately a friend who works for IBM was able to find me the necessary information, this site allows you to enter the part number of any Thinkpad and receive a reasonably complete set of specifications (including display resolution) [5]. With the information on that site I was able to successfully bid on the single Thinkpad in a Lenovo auction of refurbished systems that had a resolution that was satisfactory.

The fact that the Lenovo auctions of refurbished systems also lack the details is another think that Lenovo do wrong. In this case I started bidding one minute before the auction closed and had to push the price up by $125 to win it. Given the number of auctions that Lenovo runs world-wide they would probably benefit from fixing their web site just to get the occasional Thinkpad price increased by $125. Not to mention the number of people who are discouraged from buying new Thinkpads because they can’t get information on what they might be paying for.

Which People are Stupid on the Internet?

February 14, 2010 | etbe

I don’t think that the answer is “everyone” or even “everyone other than my geeky friends“, but obviously it is a large number of people.

Many people apparently type “facebook” into Google and try to login to the first thing that they see, if it happens to not be Facebook then they whine – this became known after a Google search for “facebook login” happened to not return the Facebook login page as the first link [1]. Â This blog post claims that they are not stupid [2] – the specific claim is that URLs etc are just too complex. Â I disagree, if my mother and my mother-in-law can both do better than that then I think that we should expect that a significant portion of retirees can do so and we should also expect that younger people will do better than older people.

In a more specific sense, when I was in primary school I was taught the Dewey Decimal System aka Dewey Decimal Classification. With the DDC a primary school student can look up the location of a book in the library index system (cardboard files when I was at school) and then know where to find it. After looking up a book on one occasion no-one would want to repeat the effort so the sensible thing to do is to write down the DDC index to any interesting book. The same mental processes can be used for dealing with URLs, someone might find Facebook etc through Google on the first occasion but they can then use browser bookmarks and written notes for traveling to track the URLs that interest them. I think we should expect that a typical adult nowadays should be able to complete any task that would be expected of a 10yo when I was young, and I don’t think it’s unreasonable to call an adult stupid if they can’t compare to a 10yo from the early 80’s! As a specific example, while 10yo children were given assignments to look up various books in the DDC I think that an adult can be expected to work out the value of an index on their own – young children should be expected to require a little more training than adults!

Some people will claim that it’s not stupidity but ignorance. What exactly is supposed to have prevented these people from learning? Have the primary school libraries stopped teaching the DDC and most other things related to storing written knowledge? Is there supposed to be such an utter lack of computer skills in the general population that anyone who wants to learn will be unable to do so? I’m sure that there are plenty of retirees who could seek advice from my mother or my mother-in-law if they wanted to learn about such things. NB I’m not making any general comment about gender specific computer skills here, my father and my father-in-law don’t seem to use the Internet much and they aren’t the ones to complain to me when things break – so I can’t assess their skills. I am talking about four individuals and the only generalisation that I am making is that 2/4 retirees I know well seem to have good Internet skills and therefore I expect there to be a reasonable number of retirees who successfully use the Internet.

The Making Light analysis and discussion of the issue has a lot of good points (Making Light does in fact “make light”) [3]. But does have some claims that I find really strange, one example concerns a woman who misunderstood the way the up/down buttons work to call an elevator. Misunderstanding the buttons is one thing, but she also shared her “knowledge” of elevators with others, presumably she had more than a few people try to correct her and she ignored their advice. I think that someone who ignores advice from a variety of people, ignores advice that can easily be tested (just push the elevator buttons and observe what happens), and then goes around sharing their wrong ideas seems to have clearly crossed the line separating cluelessness from stupidity.

One of the Making Light comments references the Clients From Hell blog – a summary of strange, stupid, and amusing requests that clients have made to web design companies [4]. It seems to me that there are two noteworthy categories of anecdote on that site. One is requests that demonstrate ignorance of the work, such as requesting something significant and complex to be done in an hour. The other is requests that demonstrate contempt for the people doing the work, such as offering to pay $10 per hour. Misjudging the time taken to complete work is forgivable – if someone has the skill to accurately estimate the time required then they would be able to do the work and wouldn’t be asking for a quote for someone else to do it. Demonstrating contempt for someone that you are about to hire is stupid no matter how or why it’s done. Clients From Hell also documents people who have requests that are obviously silly, it’s understandable that someone might expect a blurry image to be sharpened as done on “CSI”, but wanting use image editing to reveal the face of a person who was facing away from the camera is simply assigning magical powers to the computer – the fact that this sort of thing is done in shows such as Star Trek says a lot about the shows in question and their viewers.

Often car metaphors are used for computers, you can be a good driver without knowing the details of how a car works – but you do have to know how the pedals, switches, and steering wheel work as well as the meanings of the various dials. You can be competent at using the Internet without knowing much about bits, bytes, assembler code, or how a CPU works – but you do need to know how the controls work and this means knowing how to type a URL.

The basic operations of browsing the web require considerably less skill than driving a car and less skill than is commonly used in operating the telephone system (including PABX systems, mobile phones, and international calls). Anyone who is unable (not unwilling) to drive a car or make any phone call other than a local direct call and yet is reasonably intelligent could be used as an example of how an intelligent person could be unable to understand some aspects of technology, I don’t think that there are many people in that situation – it’s difficult to find an adult in Australia who can’t drive a car.

Finally while it’s reasonable to be uninterested in some things, it’s not reasonable to be interested in doing something without wanting to learn how to do it properly. If typing “facebook.com” is so difficult that it exceeds someone’s level of interest in the service then they shouldn’t complain if they find that they can’t access the service. Really typing “facebook.com” into the address bar of a web browser is easier than starting the engine of a car with a manual transmission, it’s easier than filling the fuel tank of a car with the correct fuel, or figuring out when a car is due for service.

Now there are serious security issues revealed by this event. I’m sure that lots of people use similar methods to access their online banking etc. I just did a quick Google search for online banking with Australian banks, and I noticed that a few of the search results have adverts from rival banks. So it seems quite plausible that someone could trick Google into thinking that they run a bank (there are many thousands of banks in the world), run adverts competing against established banks, and phish the people who click on them.

I wonder whether the best solution would be for the banks to test the security of their customers. Then any customer who gets phished by the bank’s anti-fraud division would receive increased bank fees for the next few years and the rest of us who are less risk to the bank could receive lower fees. The current situation seems to be that my bank fees are partly determined by the need to recoup the money that the bank loses from customers who just use Google to find their bank’s web site. I would rather not pay for the stupidity of such people.

In the end all security comes down to people issues, technology just helps people do the right thing. I believe that one of the groups of stupid people on the Internet are those who believe that the Internet should be made safe for people who want to know nothing about it – not even the basic library skills that are taught to primary school students.

Web Site Validation

February 9, 2010 | etbe

Over the last few days I’ve got this blog and my documents blog to conform to valid XHTML according to the W3C validation service [1].

One significant change that I made was to use lower-case for HTML tags. For about 15 years I’ve been using capitals for tags to make them stand out from content and my blogs are the latest in a long line of web sites with that. Naturally I wasn’t going to correct 900 posts manually so I ran a series of SQL commands such as the following on my database server (where X is the WordPress table prefix):

update X_wp_posts set post_content = replace(post_content,'<PRE>','<pre>');

But make sure you have a good backup of your database before running SQL search and replace commands on your blog data.

After running such commands about 90% of my blog posts conformed, so I only needed to edit about 90 posts to correct things. This process gave some real benefits. One issue is that an apostrophe in a URL must be quoted, otherwise some browsers will link to the desired URL and some will link to a truncated URL. Fixing a couple of variations of this problem resulted in some broken links being fixed. Another issue is that you can’t have paragraphs (<p> tags) within list items, fixing this made some of my posts align correctly – it was a tricky fix, in some cases I had to use <br/> to break up text in a list item and sometimes I replaced lists with different sections delimited by <h3> headings (which apparently is rumored to give better SEO).

It would make a really nice WordPress feature to be able to do W3C validation as part of the publishing process, ideally an attempt to publish or schedule a post would result in a message saying “saved as a draft because it’s not valid XHTML” if the checks failed. The source to the W3C validation software is significantly larger than WordPress [2], but it seems to me that there are two main types of WordPress installations, small ones for personal use (which tend to be on fairly idle servers) and big ones that have so much traffic that the resource usage of validation would be nothing compared to the ongoing load.

As there seems to be no way of validating my posts before publication my best option is the W3C button I now have on my blog. This allows me to validate the page at a click so while I can’t entirely avoid the risk of publishing a post with invalid XHTML I can at least fix it rapidly enough that hardly anyone will notice.

It also seems like a useful feature to have aggregators like Venus [3] check for valid HTML and not display posts unless they are valid. It’s not a feature that could be enabled immediately (I’m sure that if you click on this link to the W3C validation service [1] from a Planet feed you will see lots of errors and warnings), but once bloggers have time to fix their installation it would allow preventing some of the common annoyances of Planet installations. It’s not uncommon on popular Planets to have unmatched tags in a post which results in significant amounts of the content being bold, underlined, in italics, or for the greatest annoyance struck-out. I know that this may be a controversial suggestion, but please consider why you are blogging – if you are blogging for the benefit of your readers (which seems to be the case for everyone other than sploggers) then it seems that the readers will benefit more by not having a broken post syndicated than they would benefit from having it syndicated and thus messing up the display of many following posts.

The next thing on my todo list in this regard is to do some tests of accessibility. The work that I have done to pass the XHTML validation tests has helped to some degree – if nothing else the images now all have alt= descriptions, but I expect that it will be a lot of work. The WordPress Codex has a page about accessibility, I haven’t read all of it yet [4].

Does anyone have any recommendations for free automated systems that check web sites for accessibility? What would be ideal is a service that allows different levels of warnings, so instead of trying to fix all problems at once I could start by quickly fixing the most serious problems on the most popular posts and finish the job at some later date.

Security and Hiring

February 8, 2010 | etbe

The main sources of information used when hiring someone are their CV, the interview, and references.

CV

The CV is written by the applicant or sometimes for the applicant. Naturally it says only good things, if a CV notes no skill in a particular area then it may be used to exclude an employee from consideration. But the trend is towards including a reference to anything that you touch, so someone who lists DBA experience may merely have done a couple of CREATE TABLE operations.

Interview

The interview is a good test of people skills but is often of little value in assessing technical skills. The interviewer asks questions such as “do you know technology X” and the applicant says “I know that really well“. If the company is hiring another person with similar skills to current employees then they can have their current employees sit in on the interview and ask difficult technical questions, but for unknown reasons managers often don’t take that option and get no advice from their technical people. Also if the company is hiring someone with specialised skills (EG they are about to implement a new application and want to hire their first employee to work on it) then it may be impossible for them to assess the technical merit of answers. Probably the best use of the interview is to match answers with the CV, if the applicant doesn’t appear to know the contents of their own CV then they should be rejected.

The biggest problem with interviews is when the questions are all of the form “do you know X“. Someone who really knows it will say “yes” as will someone who doesn’t know enough to realise the limits of their knowledge – and such ignorant people vastly outnumber the skillful people. The real problem is that the people who are moderately skillful will lose out. If someone asks me about my MySQL skills I will tell them that I’m not really good at it. Sure I’ve run replicated servers with tens of thousands of users running 24*7, but that doesn’t mean I’m really good at it – probably most people who will claim to be great at MySQL without qualification would have less experience than me.

References

Reference checks rely on an unknown person saying good things about the applicant. For starters there is the issue of the number of references which may not be representative of their employment history – EG the applicant could use as a reference the one manager who didn’t sack them.

The next issue is that there is little incentive for the referee to be honest, most people are aware of instances where someone once worked for a friend and can rely on good references for the rest of their career. If a reference is inaccurate then there is no realistic opportunity for redress.

Finally every reference check that I am aware of (checks where I have been the referee or the applicant) has involved the applicant giving the phone number of the referee to the hiring manager! The phone could be owned by a friend or relative of the applicant, so logically a good reference that is based on trusting the applicant to supply the phone number only proves that the applicant is either good or really bad. To make a reference check prove something the recruiter would at a minimum have to phone the number listed in the white-pages for the corporation that used to employ the applicant, asks to speak to the manager of the relevant department, and then gets a reference. Calling a mobile phone number that is supplied by the applicant (which seems to be the standard practice) is essentially trusting the applicant – and trust is the root cause of most security problems!

Really most of this ends up as trusting the applicant to provide honest evidence that they are trustworthy and believing that the applicant’s technical knowledge is good enough to be correct when they say that their technical knowledge is good. It can fail spectacularly when someone isn’t trustworthy enough to provide honest evidence of their integrity or when someone doesn’t have the skills needed to know that their skills are lacking.

As an aside, even if the reference is given accurately and in good faith it may still be misinterpreted. The fact that telephone references are exclusively relied on exacerbates this problem. Ideally references would be in writing with some way of proving their authenticity (maybe using phone verification of the accuracy of the written document).

Solutions

So how can we solve this? Some people believe that career based social networking software will solve the problems, but as usual I think that software doesn’t magically solve human problems. The first challenge when trying to use social networking to solve the problem is to find someone on your friends list who has relevant knowledge, this may be viable in a small industry (EG when someone from bank A applies for work as bank B in the same city). The next issue is that of false “friends“. I’m sure that I’m not the only person who has been pressured to add people as friends on social networking sites, the non-computer social interactions really don’t prepare people for saying “no you are not my friend” (apart from high-school I guess). With professional social networking sites there are further issues, if you are working on a client site and a manager demands that they be listed as one of your friends then what are you going to do?

So it seems to me that the social networking sites are at best a helper for the gossip network. If you think that a friend of a friend from a social networking site might be able to help you then you first ask your friend if the person in question is really a friend, and if so are they one of the shifty pseudo-friends you only hang out with because their company pays good money. But the problem with the gossip network is that it’s mostly secret and is therefore subject to settling vendettas, I’ve heard of senior managers going out of their way to spread false stories about former employees to settle scores.

The best solution I can think of is for someone who has a reputation to publicly stake it on the accuracy of their references. If I’m going to give a reference then I would be happy to do so via a GPG signed email or a blog post. This doesn’t mean that my references will always be correct, but it would show that I try to give good references.

Michael Atkinson Lies

February 3, 2010 | etbe

The South Australian government wanted to force bloggers to disclose their name and post-code when commenting on an election [1]. According to Adelaide Now this included posts on Twitter and Facebook [2].

As expected there was a strong public reaction to this and Michael Atkinson (state Attorney General) stated that the law was not going to be enforced and that it would be retrospectively repealed after the election [3]. Which might have been the end of the issue, but he also said “All MPs and all parties voted for Electoral law. Hope Libs, Greens, Family First, Independents etc will join us to support repeal” which seems to be a clear claim that the Greens supported that legislation.

The Greens are pretty good about freedom of speech issues so I immediately enquired as to what was going on. The following is from a Greens media brief issued yesterday by the office of Mark Parnell MLC (the Greens MLC in SA) which was issued before the new law was retracted:

Attorney General Michael Atkinson must urgently clarify the scope of new electoral laws covering public comment on the internet, in the wake of concerns that the impact will be much wider than expected.
â€œWith only weeks to go before the election kicks off, there is an urgent need for the Attorney General to explain exactly what his laws are
intended to capture,â€ said Greens MLC Mark Parnell.
â€œWhen this was debated in Parliament last year, we were told that the law change would only affect â€˜electronic versions of a journalâ€™. Now there is
concern that the laws could extend further, restricting public commentary on media sites like AdelaideNow and ABC Online,â€ he said.
When the Bill was debated in the Lower House, Michael Atkinson originally wanted to include ALL material on the web. However, the Government
backed down on this by the time it got to the Upper House, with Minister Holloway saying:
“TheÂ intentionÂ isÂ toÂ limitÂ theÂ coverageÂ ofÂ sectionÂ 116Â asÂ itÂ appliesÂ toÂ theÂ internetÂ toÂ electronicÂ versionsÂ ofÂ aÂ journalÂ ratherÂ thanÂ anyÂ electronicÂ publicationÂ onÂ theÂ internet.â€
AÂ â€˜journalâ€™Â wasÂ narrowlyÂ definedÂ asÂ â€˜aÂ newspaper,Â magazineÂ orÂ otherÂ periodicalâ€™.

Now I don’t have a great objection to a law that demands that journalists identify themselves when commenting on an election, and I think that most people would not care about that. It seems that Michael Atkinson is repeatedly changing his claims to try and match popular sentiment.

He has got form for this sort of thing, his past “achievements” include censoring the censorship debate about an R18+ rating for computer games [4].

3G Broadband for Home Use

February 3, 2010 | etbe

I have just installed an old Three mobile phone with 3G broadband for my parents home network access for the reasons described in my cheap net access in Australia post [1].

The first problem I had was that the pre-paid Three SIM just wouldn’t work at all. I ended up phoning the Three support line and had a guy guess at which version of Windows I was running, after guessing every version of Windows from the last 10 years and Mac OS/X he finally asked what OS I use and then told me that Linux isn’t supported. I said “I HAVE TWO SIMS FROM THREE, ONE WORKS AND THE OTHER DOESN’T, IT’S ON THE SAME PC WITH THE SAME 3G ACCESS DEVICE, THE PROBLEM IS WITH THE SIM OR THE SERVER NOT MY OS“. When the support guy discovered that one sim was pre-paid he said that there is a configuration difference, instead of an APN of “3netaccess” for post-paid (contract) you have to use “3services” for pre-paid.

There are a bunch of web pages describing how to get Three 3G broadband working on Linux in Australia, some say to use 3netaccess and some say 3services. None of the pages I read stated correctly that 3netaccess is for when you are on a contract and 3services is for pre-paid. I’ve submitted a suggestion for the Ross Barkman’s GPRS Info Page (which seems to be the best reference for such things) [2].

After getting the pre-paid 3G SIM working for net access from the Huawei E1553 USB 3G modem I was unable to get it working from my LG U890 mobile phone. I never figured out how to solve this problem, I left my parents with the SIM that is connected to my $15 per month contract plan for 3G net access and am now using the pre-paid SIM for my own use. Of course this means that as I’m using a SIM registered to my mother and she’s using one registered to me I’ll surely have some problems getting the support center to help me with problems in future.

I found that the 3G net access got better reception when the phone was higher than the computer, so I used a USB extension cable to allow it to be placed on a shelf above the computer. The extension cable also allows it to be easily unplugged and plugged in again – I’ve already seen one situation where Linux got confused about the state of the USB device and replugging it was necessary to solve the problem. I was using Debian/Lenny.

Here is my chatscript for connecting to Three with my 3G modem on a pre-paid SIM – which also allows roaming to Telstra (I haven’t tested whether pre-paid allows roaming, I’ve only tested Telstra roaming with a contract SIM):

ABORT 'BUSY'
ABORT 'NO CARRIER'
ABORT 'ERROR'
'' AT
OK ATQ0V1E1S0=0&C1&D2+FCLASS=0
OK 'AT+COPS=0,0,"3TELSTRA",2'
OK AT+CGATT=1
#OK AT+CGDCONT=1,"IP","3netaccess"
OK AT+CGDCONT=1,"IP","3services"
OK ATDT*99**3#

Here is the ppp configuration for connecting via the USB 3G modem. For use as a permanent connection you want to also include persist and “maxfail 0“:
/dev/ttyUSB0
230400
noauth
defaultroute
logfile /var/log/ppp.log
connect "/usr/sbin/chat -v -f /etc/chatscripts/three"

For connecting with an LG U890 mobile phone you need to use “ATDT*99***1#” as the dial command and the device is /dev/ttyACM0 .

Precision vs Accuracy in Identifying People

February 2, 2010 | etbe

Andrew Dowdell and Michael McGuire have an interesting article in the Adelaide Now about censorship in the South Australian election [1]. The South Australian government wants to force everyone who comments on the upcoming SA election to provide their name and postcode. Attorney-General Michael Atkinson said the law was “all about honesty“. However a law that forces someone to not comment as “Anonymous” and instead forces them to use a name that sounds like something that might appear on a birth certificate and a postcode is not going to increase honesty at all.

I think it’s much better to honestly say “I’m not telling you my name” than to lie and claim to be revealing your name. When the government forces people to give precise but totally inaccurate information it seems that it’s going to be bad for everyone. It’s even bad for the people who want to be identified, if most people who comment on a blog post are anonymous then I’d like to be distinguished as the person who uses their real name!

In the vast majority of cases the effort of determining who is using their real name will not be worth the effort. If someone comments on my blog under the name “John Howard from Bennelong” I will be very suspicious that they are using a fake name. But probably the vast majority of the English speaking population of the world wouldn’t immediately identify such a name as fake. If someone wants to comment on my blog and they don’t have a published phone number then I won’t have any good way of identifying their address. If their name and postcode match an entry in a phone book then they still might be faking it – they could take a random name from a phone book. If I was to demand that people who enter blog comments provide their phone numbers then I would have to pay the expense of phoning them as well as dealing with cases of people who are away from home, should I delay a blog comment for a month until the author returns from their European vacation?

I have had a moderate amount of experience in writing letters to the editors of newspapers, and I have only once had an editor phone me to verify my details. In all other cases I guess I could have fooled them if I wished.

I believe that there are already precedents regarding libel, if I approve a blog comment (or fail to unapprove it in a reasonable amount of time if it meats the automatic approval criteria) then I could be sued for libel if the contents of the comment are deemed to be suitably damaging. So if I was to try to get the real names of people who make comments on my blog then it wouldn’t make it any easier for an idiot who wants to sue – also anyone who wants to sue regarding an Australian political issue will probably find me a better target than most people who comment on my blog (a significant portion of whom are from the US and have much greater legal protections of their freedom of speech).

Extending such a law to US based services such as Twitter is just silly. The stockholders and employees of a US based corporation can freely laugh at Australian censorship laws. Also it’s pretty stupid to have a global scope on such laws, as a Victorian why should I care about the South Australian state laws? Implementing laws that can be easily broken inadvertently and can never be enforced against anyone who cares is just pitiful and will result in the MPs who vote for such laws being the object of derision.

Vote for the small parties and independent candidates. Both Labour and Liberal want to censor us, put them in the second last two spots on your vote card!

Now this law doesn’t take affect until the writs for the March 20 election are issued. I encourage Australian bloggers to write bad things about the Liberal and Labour parties after the writs are released which are not libelous and which don’t include your postcode. If they try to apply the new law then your blog post gets wide attention. If you plan to be a professional blogger then you could consider the $5,000 fine to be an advertising fee. If you don’t want to be known then you can use a US based blogging service.

I’m going to continue to write political blog posts whenever I feel like it and I won’t be telling anyone where I live. I will rely on the Streisand effect to save me.

Update:
The politicians in SA have surrendered, the law in question won’t be enforced and will supposedly be repealed after the election [2]. It will be interesting to see whether they really do repeal that law.

Choosing an Australian Mobile Telco for use with Android

February 1, 2010 | etbe

Since playing with the IBM Seer augmented reality software [1] I’ve been lusting after a new mobile phone which can do such things. While the implementation of Seer that I tried was not of great practical use to me (not being a tennis fan I was only there to learn about computers) it was a demonstration of an exciting concept. It will surely be implemented by IBM in other venues that are of more immediate interest, and we can probably expect other vendors to write similar systems to compete with IBM.

So the question is how to get a phone that will run such things well. The answer is probably not to rely on a contract plan for this, currently Vodaphone [2] is currently the only Australian telco that sells a phone that can run Seer, it is offering a HTC Magic (which was released in April 2009) on a $29 per month plan. A phone that is 9 months old isn’t necessarily a bad thing, but the has been out for more than 6 months and has some significant benefits (such as a 5MP camera).

My current provider is Three [3] and their cheapest plan is $29 per month (with or without a phone) which allows 200 minutes ($160) of free calls to other Three phones every month as well as up to $150 of other calls per month and 1GB of data. Calls cost 40c per 30 seconds plus 35c connection fee. Currently I’m on a plan that gives me the same thing for the same price without data transfer but which includes a “free” phone. So it seems that the 1GB of data per month has an equal cost to a mobile handset (such as an LG Viewty).
Virgin [6] has a $25 per month plan that gives $60 worth of calls and 300MB of Internet data with unlimited talk and text between members with the added bonus of unused talk and text credit being rolled over to the next month. The cost for calls is 90c per minute plus 40c connection fee, video calls are the same cost as voice calls!
Vodaphone [2] has a $20 per month phone plan that allows up to $150 of calls per month with the option of either free calls to a single specified Vodaphone number or free calls in the evenings and weekends. They have a $4.95 special offer for 200MB of Internet data per month. Calls cost 44c per 30 seconds plus 35c connection fee.
Telstra [4] has a $20 per month plan that only includes $20 worth of calls and which has call fees of 47c per 30 seconds plus 27c connection fee. They clearly don’t compete on price, I think that there is no reason for using Telstra unless you live in some of the rural regions where they are the only provider to offer good service.
Savvytel [7] charges $3.07 for GPRS Internet data so they can’t be considered for an Internet enabled phone. But they do seem very economical for basic phone service.
Optus [5] has a hopelessly broken web site that wouldn’t give me any information on mobile phone pricing. My previous experience with Optus Internet makes me unlikely to do business with them again anyway.

So it seems that Three (my current provider) is probably the best option at this time. Virgin would save my $4 per month, but would only give me 300M of Internet data per month, and the Virgin limit of $60 per month of calls might not be enough for me. Vodaphone offers a deal for $25 that only includes 200MB of data, that might be enough for just phone use, but wouldn’t be enough for tethering for laptop net access.

I wonder how well tethering works on an Android phone, can you make a phone call while transmitting data from a tethered laptop? I find that with my Viewty when I receive an SMS or phone call it stops the net access. That makes a tethered Viewty impractical for some support tasks as it’s fairly common that I need to talk to someone while logging in to their server – I’m sure that most people who use mobile Internet services regularly need to phone someone while using them.

My current Three bill is $29 per month for the phone plan and $15 per month for Internet access. If I’m going to buy phones outright instead of getting them with the plan then I want to reduce the overall amount of money I spend on phone plans and using tethering instead of a 3G USB dongle would allow this. I think that I can get something that comes close to my ideal mobile phone [8] (apart from being able to connect a keyboard, mouse, and monitor) if I import it from overseas.

We really need more competition in the Australian mobile phone market. We have only two phone companies offering Android phones, Three is sold out of the obsolete model that they offer while Vodaphone has stock of an obsolete model.

etbe – Russell Coker

Linux, politics, and other interesting things