Ken Kennedy's lifestream from Kenzoid's Autonomous Zone

Shared by Ken Kennedy
I'm going to check out all 3 services here. I've used muxtape, and it's pretty cool, but the others look interesting as well.

Mixtapes just 'aint what they used to be. One of the most democratic forms of art collecting is being made even easier by a handful of fun new websites.

Is it legal? Will it last? We don't know and we don't know if we care. These services are such a joy to use that they reinvigorate our appreciation for what the social web can do.

Muxtape

The elegant simplicity, combined with the tech success of its New York founders, has made Muxtape the mindshare leader in the online mixtape market. Users upload up to 12 MP3 files and then publish their collection. The interface is like one big button and it's a lot of fun to explore different peoples' collections of favorites.

All kinds of mashups have been built on top of Muxtape. See, for example, our coverage of Muxtape With Coverflow [Mac] (pictured below), MuxtapeStumbler, MuxSeek Search Engine and MuxScrobbler - a script to synch your Muxtape listening with your Last.fm user profile.

Favtape

The newest entrant into this field is much easier to use for publishing collections. Favtape creates a Muxtape-like interface for listening to the full-length version of your Pandora or Last.fm favorited songs.

It's simple, but it's very cool. There are tie ins to Lyric Wiki, a ringtone search, the ability to listen to more songs that are similar or by the artist and other features. It's powered by the Seeqpod API, which must be one of the most popular APIs on the web lately.

Favtape just launched this week, but we really like it already.

Mixwit

MixWit is a Flash mixtape creator with a very nice interface and the ability to embed your player on a web page. See my example below. This service can have songs added by URL or through Seeqpod or Skreemr MP3 search.

Hint - click the play button below, or if you're reading this by RSS - click here to see this embedded player in action.

It's a relatively full featured Flash authoring environment and exemplifies the design possibilities that emerge from a confined space. The cassette tape border around images users upload is really visually appealing. It's all pretty easy to use and it's a whole lot of fun. It's more fun to use as a publisher than either of the services above and it might be more fun for listeners too.

The Changing World of Mixtapes

Different mixtape services serve different purposes. The point though is that this art form is becoming easier than ever before.

Mixtapes used to be something you put a lot of time and effort into, typically making one copy to give to one other person. The loss of that art form is a little sad. These services are something very different, they are very public and considering the free music widely available online - scarcity is no longer an issue.

Are these services legal? That's unclear; they are riding a thin line and legal decisions may be made about services like this in the coming years. Streaming, as opposed to full, direct downloads, is a different animal. The original mixtapes were arguably illegal as well, though, and what a loss the world would have suffered if that medium had been strangled.

Where's Your Mixtape?

We find the new mixtape publishing scene pretty heartwarming, in fact. We hope you'll enjoy testing out the services above - and leave us a link in comments to your mixtapes so we can all know what kind of music the RWW community likes to listen to!

CC photos used above include the following from Flickr: radio:cassette drawing from my primary school days by Alicia Yeah, "The Tree" by helmet13, An intense morning break over the Angels Bay, French Riviera by mamjodh

I'm going to check out all 3 services here. I've used muxtape, and it's pretty cool, but the others look interesting as well.

(From Saturday Night Live, some years ago.)

Be afraid.

One of Django's core design philosophies is that of loose coupling. This is one of the best parts of Django, but its also something that takes some time and exposure before its value (and how to take advantage of it) really clicks. This short string of tutorials will begin by briefly examining what Django's loose coupling philosophy means and why its advantageous for those of us building with Django, and will then continue with a handful of small example projects that look at how to replace individual pieces of the Django stack.

What it Means

Loose coupling means that individual components of Django's feature stack are kept as separate as possible. For example, Django templating language makes it very pleasant to represent the contents of your models, but its equally easy to use Django's templating language to represent other kinds of Python objects as well. The Django ORM makes it easy to setup and access a database, but it possible to use SQLAlchemy instead.

This makes it easier to integrate Django applications with legacy apps, but more importantly it lets you use the tools you are familiar with, and the tools that are most suited for your specific problem. Often new developers who come to Django dislike part of the Django toolkit, and submit suggestions to make Django function more similarly to the frameworks and tools they are already familiar with. However, the Django solution is both extremely simple and extremely powerful: if you prefer other tools, use them.

Django isn't a monolithic tool that descends from the heavens to rule our project, it provides a handful of tools that are willing to cooperate with one another, but are equally willing to cooperate with tools of your own choosing. Developers coming from Ruby on Rails or other extremely opinionated frameworks may be used to following their framework's best practices to avoid fighting against a framework which feels that it knows your project better than you do, but with Django you'll be back in the driver's seat¹.

Now, lets start looking at examples of loose coupling in Django by using the Jinga2 template engine to render webpages.

Shared by Ken Kennedy
Oh crap...my wife SO does not need to see this. *grin* We already have a museum-grade replica of the skull profile (in situ)...it's quite the conversation piece for our living room wall.

A mere $100,000 gets you a STAN museum-grade T-Rex replica, a whopping 40' long and 12' high. They'll pose him for you, too.

Each STAN T. rex skeleton is constructed according to your creative needs, allowing you to fashion a more dynamic exhibit. Whether you want your skeleton walking, stalking, attacking, running, jumping or looking your visitors right in the eye, we welcome your input, so long as the pose requested is natural and anatomically possible. Constructed modularly with no section more than 6 feet long, this incredible specimen can be assembled by an experienced crew of six in just under an hour!

Link (via Geekologie)

Oh crap...my wife SO does not need to see this. *grin* We already have a museum-grade replica of the skull profile (in situ)...it's quite the conversation piece for our living room wall.

Put some propaganda on your wall.

The Iron Sky posters are here! Okay, they have been on pre-order since we sent the materials to print. A few preview versions later, the printing press started rolling and now, we’re the proud owners of many, many gorgeous posters. (You can become one too - and let’s not forget the Star Wreck posters, either.)

And did I mention they are gorgeous? I mean, we are so very good at finding things to tweak and fix, but these posters actually exceeded our expectations.

There is an explanation for this too - I don’t think we’ve ever received service this good. The CEO of the print company personally brought us the preview copies to see. Then he had the person responsible for the press call us to determine the best way to iron out the problems in the preview. He also promised to look over the first printed copies to make sure everything looked like it should. The end result was that the colors are just right and the posters look way better than anything we’ve ever printed (and better than the pictures above). Way to go, Eräsalon kirjapaino!

ShareThis

http://www.last.fm/music/The+Vines

Shared by Ken Kennedy
And people wonder why I think gov't transparency is a necessity? *sigh*

Seems that the city of St. Louis, like many cities, allows the police to confiscate the cars of people suspected (but not necessarily convicted) of certain crimes. They have a contract with a city towing firm, and said firm was allowing police officers and their families to "rent" confiscated cars free of charge, sometimes for months on end. Officers and their families could also sometimes purchase the confiscated cars at a fraction of the cars’ value.

All of that is pretty outrageous. But it gets better.  The St. Louis Post-Dispatch stumbled onto the story after investigating the daughter of the city’s police chief. She had been involved in a number of accidents with different cars. On several occasions she had wrecked a car, then simply gone down to the towing service to get a 60-80 percent discount on a new one. After one accident, her blood-alcohol concentration tested at .17. She wasn’t arrested or charged. The department says it has "no idea" why she was let go.

The police department hired a law firm, which concluded that the towing arrangement broke no rules or laws. The chief improbably claims he was oblivious to the deals his daughter was getting (her relationship with the towing service apparently goes back to 2002). The Post-Dispatch reports that the chief’s last public statement on the matter was that, "the absolute necessity in maintaining transparency in the eyes of the public."

He has since declined to comment.

(Via TheNewspaper.com)

And people wonder why I think gov't transparency is a necessity? *sigh*

Shared by Ken Kennedy
Good article.

The L.A. Times has published another article on DNA databases, this time focusing on a researcher in Arizona who has found some evidence that nine-loci DNA matches may be much more common than FBI experts often state in court. This has led to calls for broader searches to see if the phenomenon is true in larger databases, such as the FBI’s CODIS.

The FBI is stonewalling, even threatening to bar states who consent to similar statistical searches of their own databases from accessing the national CODIS system.

Good article.

http://www.last.fm/music/The+Police

http://www.last.fm/music/The+Rentals

Shared by Ken Kennedy
I never like seeing "overt default on our 'national' governmental debt" in a post...

Last week the default risk on U.S. Treasury bonds doubled. This week it has increased still more. This risk is measured by credit default swaps (CDS's), which insure investors against bond defaults. Of course this risk, contrary to a very stupid but very popular myth among U.S. economists, has never has been zero: there is no such thing as a "risk-free" investment. Anybody with a modicum of knowledge of economic history knows (in other words, alas, very few people know) that over historical timeframes government defaults on their debt, both overt and covert (through inflation), are common. Indeed over >20 year timeframes even stocks are less risky than government bonds, but for shorter timeframes bonds are, in nominal terms at least, normally far less volatile than stocks. Reuters observed,

The cost to insure Treasury debt with credit default swaps jumped to 16.5 basis points, or $16,500 per year for five years to insure $10 million in debt, from 8 basis points on Thursday, an analyst said....Debt protection costs on U.S. government debt are now higher than those for Germany, which trades at 9.5 basis points, and are trading at similar levels as Japan and the United Kingdom, which are around 16.5 basis points, the analyst said.

So far this week it has increased to 22 basis points for five years of default insurance. Bloomberg observes the probable cause of this increased risk:

Treasury Secretary Henry Paulson said July 13 the U.S. would seek authority from Congress to buy unlimited equity in so-called government-sponsored enterprises Fannie Mae and Freddie Mac and to extend them as much credit as needed. The move effectively put the weight of the treasury behind the companies, which own or guarantee almost half of the $12 trillion in U.S. home loans outstanding. The Federal Reserve also agreed to lend directly to Fannie Mae and Freddie Mac.

In other words, not only is the Federal Reserve now playing John Law by printing dollars to buy bad real estate investments, but now the federal government has declared its willingness to get in on the act in an even bigger way.

Note that default risks measured by CDS's do not include the risks of what are effectively ongoing de facto mini-defaults on all dollar-denominated debt due to inflation, risks that have been rising substantially over the past ten years, as reflected by the prices of the main insurance against inflation risk, commodities.

In the U.S. there have been a number of de facto inflationary defaults on U.S. federal debt -- the Revolutionary War (Continentals), Civil War (Greenbacks), Great Depression (resetting the gold conversion rate). The largest de facto default occured in the 1970s (float and inflation) and we are in the midst of one currently (float and inflation) that may turn out to be even larger. But the only overt default on "national" governmental debt in our 232-year history was that of the Confederate States of America in the throes of losing its war against the (rest of the) U.S.

Compared to the 1970s, oil is responding faster and more completely to Fed inflation, and oil remains a crucial part of our industries. As a result, the havoc caused by high oil prices may put a stronger limit this time on how quickly the Fed shredder can dispose of the real value of U.S. paper. If the degree covert default is thus limited, but the risk of default increases, the risk of overt default rises. The market last week seemed to be saying that the Fed may be starting to approach some such limit, perhaps a political limit due to hysteria over gas and food prices, on its practical ability to inflate the U.S. currency. In other words, markets may be saying the Fed cannot necessary resort to a Weimar- or Zimbabwe-style hyperinflation -- that if federal financing gets to that extreme U.S. politicians may choose to overtly default instead.

The city of Vacaville, California recently overtly defaulted on its debt, as have a number of other municipalities in the U.S. Worldwide overt defaults on government debt during the second half of the 20th century usually occured in Third and Second World governments (e.g. Russia in the 1990s), but there were a large number of overt government defaults in governments of all sorts early in the Great Depression (indeed these were a leading cause of that economic disaster), and in prior centuries government defaults wherever governments borrowed money, including leading nations in Western Europe, were common. Mature democracies with central banks that can engage in covert defaults (inflation) have had a far lower rate of overt defaults than other forms of government or democracies without central banks.

That the risk of overt default has now substantially increased means that investors are are recognizing that the unprecedented revenue-generating combination created in 1913 -- IRS (which has been able to reliably collect $trillions per year) and the Federal Reserve (which has been reliably able to enage in covert gradual defaults by printing money to buy $trillions worth of Treasury debt per year) -- is not indestructible. U.S. Treasuries, like every other investment, have never been risk-free and they've just gotten quite a bit riskier. Nevertheless compared to historical averages for governments, the risk of overt default by that powerhouse 1913 duo is pretty low. With very high probability they will keep paying interest and principal on their debt while me and my fellow U.S. taxpayers will keep having to shell out substantial sums to the IRS every year, and see our dollars frittered away every year, that this dynamic duo may continue to uphold "the good faith and credit of the United States" while the discreditable activities, often done in rather poor faith, of the federal government in "redistributing" wealth, attacking foreign countries in very expensive ways, promising vast pensions that it cannot pay, promising health care that it cannot fund, and forcing private businesses to do bizarre things (like take on vast amounts of moral hazard by lending into "underserved communities", and to actually fund those government medical mandates) continues.

In related financial news, what I've been predicting for a long time would happen is starting to happen: the U.S. dollar inflation indices PPI and CPI, despite being under-reported compared to prior decades (due to a radical revision of the formulae), are starting to rise to 1970s rates of increase. Sticky prices in manufactured goods and services, as well as wages (the stickiest prices of all), are playing a very long-term game of catch-up to commodity prices, and especially to gold and oil, which are leading indicators of inflation. I continue to predict 5%-15%/year increases in the CPI and PPI, and probable "stagflation" (inflation plus recession, which according to Keynesians is not supposed to happen), until such time as they catch up to the commodity price increases. Commodity prices themselves, despite their stratospheric levels, may continue to increase as the Federal Reserve tries to deal with large government deficits and the fallout from the awful moral hazard in our housing markets, a moral hazard in no small part due to previous inflationary policy by the Fed itself combined with the outrageous pressures from U.S. politicians to relax lending standards in order to get people to buy houses in "under-served communities" and naive "real estate always goes up" bubble behavior on the part of the real estate industry and house buyers. The Fed-and-IRS-backed political franchises Freddie Mac and Fannie Mae have been moral hazard disasters waiting to happen. Inflation is still by far the largest problem these federal activities are causing; the doubling of the overt default risk is just an interesting related blip. My recommendation: keep only spending money, not savings or long-term investments, in dollars or dollar-denominated debt, and keep trying to unstick your own wages by frequently asking your boss for a big raise.

On the increase in Treasury default risk H/T to Alex Tabarrok.I never like seeing "overt default on our 'national' governmental debt" in a post...

Shared by Ken Kennedy
Full-length Star Wreck films now available on YouTube!

Good news everyone. YouTube upgraded our account so we can upload longer videos. That means that all the original Star Wreck films are now on YouTube. They also offer a playlist player, as the one below:

So, Star Wrecks have finally come to the largest video site in the world, now we just need to get the world to notice them. So, go and watch the classics once more, rate them and give some comments. And if you’ve got a site go ahead and embed them.

To embed the whole Star Wreck: Legacy playlist use the following code:

<object width="480" height="385"><param name="movie" value="http://www.youtube.com/p/CBA2610726132EBE" />
<embed src="http://www.youtube.com/p/CBA2610726132EBE" type="application/x-shockwave-flash" width="480" height="385"></embed></object>

The links to the individual episodes are:
Star Wreck I
Star Wreck II - The Old Shit
Star Wreck III - Wrath of the Romuclans
Star Wreck IV - The Kilpailu
Star Wreck V - Lost Contact
Star Wreck 4½ - Weak Performance

Coming up next is the YouTube premiere of Star Wreck: In the Pirkinning.

ShareThis

Full-length Star Wreck films now available on YouTube!

kkennedy posted a photo:

Safflower says hi.

kkennedy posted a photo:

kkennedy posted a photo:

kkennedy posted a photo:

kkennedy posted a photo:

kkennedy posted a photo:

kkennedy posted a photo:

kkennedy posted a photo:

kkennedy posted a photo:

Shared by Ken Kennedy
Keep reading. The $100 bet is the good part!

The major national cable providers are all to sign a troubling yet major censorship deal with a private anti-child porn organization. The deal would give the National Center for Missing and Exploited Children (NCMEC) carte blanche power to issue a takedown of any customer's content hosted on a cable provider's servers.

The group will provide each cable company with a list of Web site addresses that they believe contain child porn. The cable companies will then, per the agreement, scrub the content from their servers.

A press release describing the agreement states that:

The cable operators that have agreed to execute the (memo of understanding) within 30 days include: Comcast Corporation; Cox Communications; Charter Communications; Cablevision Systems Corporation...Time Warner Cable has already signed the MOU.

It is unclear what, if any, notification cable customers will receive before their Web sites are deleted, or what legal rights they will have to appeal the classification of their content as illegal child pornography.

The memo of understanding states that the private group will provide cable companies with a list of kiddie porn URLs, that "in NCMEC's good faith" appears to meet the federal definition of child pornography.

According to Cynthia Brumfield, the industry watcher who first broke the story:

"The identified URLs and content will be deleted (by the cable company) and the operator will provide NCMEC the customer's name and address in those instances where that information is available. NCMEC will then work with law enforcement authorities."

Thus, we have a private third-party group, who will be given the power to force the takedown of content, who will be given the names and addresses of the "violators." Is there anything else?

Oh yes--NCMEC wants its participation in the takedown to be kept secret. Brumfield cites the memo of understanding (which is not public)--which she said states that cable companies will:

"remove or limit the availability of apparent child pornography images or other content based on the List, and in taking such action replaces the offending page with a notice, such notice shall contain no reference to NCMEC."

I hope i am not the only one who is extremely troubled by this deal. Kiddie porn used to be one of the three major trump cards justifying censorship, invasion of privacy, and the general evisceration of civil liberties (the other two trump cards being illegal drugs and terrorism). However, with this deal and the recently successful child porn justified efforts of the NY AG to eradicate Usenet discussion groups, child porn seems to have outgrown its two fellow trump cards.

The threat of kiddie porn now seems to be capable of justifying any amount of censorship--something that no CEO accountable to his shareholders will dare stand up to.

This kind of takedown power should not be given to a private, unaccountable group. Both the FBI and DHS/US Customs already manage databases of enabling their agents to digitally fingerprint such content. As much as I dislike the FBI, they are at least (occasionally) held accountable. Journalists can submit Freedom Of Information Act requests, and the heads of the agency can be hauled in front of a congressional committee. NCMEC, on the other hand, is not subject to an FOIA request.

Public challenge
And so, I issue the following public challenge:

Comcast's anti-BitTorrent efforts were undone once the Associated Press was able to prove that the cable giant slowed down the file-sharing of a copy of the King James Bible.

Thus, I promise a bounty of 100 U.S. dollars to anyone who can somehow trick a cable company into taking down a copy of the King James Bible, under the mistaken belief that it's actually kiddie porn.

You may either work to trick the cable company directly, or instead go after the shadowy National Center for Missing and Exploited Children. It is highly unlikely that cable companies will verify the URLs given to them by NCMEC, and so this may actually prove to be easier.

I am not encouraging anyone to break the law. I am sure this can be done with social engineering, and a bit of smarts. Finally, if you opt to donate your $100 award to the Electronic Frontier Foundation, I will match it 100 percent.

Disclaimer: This challenge is made by a private individual, and does not reflect the policy of CNET.

Keep reading. The $100 bet is the good part!

Shared by Ken Kennedy
Very good; the linked post as well. I agree.

Very good; the linked post as well. I agree.

Shared by Ken Kennedy
This looks to be potentially interesting!

Ladyada and PT have kicked off the first episode of their Citizen Engineer video series in style. This episode explores GSM SIM card technology and the more retro tech found inside a retired Bell payphone. Ladyada shows how to create a SIM reader which you can use to do things like read deleted SMS messages or brute-force the card's secret key. In the second part, the team dismantles an old Bell payphone and hacks it to function as a home telephone, require quarters for use, and make Skype calls.

Citizen Engineer

This looks to be potentially interesting!

Shared by Ken Kennedy
Ugh. Realistic issues. And as much as I wish it didn't have to be constantly compared to an iPhone...that's valid as well. It doesn't have to equal, IMO...but it can't be heartrendingly inferior. Dang. Ah well...good news is that a) they can continue to iterate, and b) there's hopefully still Android!

Filed under: cellphones hacks, news

Ugh. Realistic issues. And as much as I wish it didn't have to be constantly compared to an iPhone...that's valid as well. It doesn't have to equal, IMO...but it can't be heartrendingly inferior. Dang. Ah well...good news is that a) they can continue to iterate, and b) there's hopefully still Android!

Shared by Ken Kennedy
SO cool.

Filed under: cons

While Defcon badges have taken on the habit of being hackable electronics, The Last Hope badge is taking a new shape this year. It's dubbed the Attendee Meta-Data project (AMD for short). Aside from the tombstonian dimensions, it features a trackable RFID tag that's going to be used to create a different sort of conference experience.

Sure, the creators might use the badges to make sure they meet all the lovely ladies in attendance, but the idea is to use the data to improve the conference experience for everyone. Attendees have the ability to add tags indicating their interests. Combine that data with actual location tracking and people can now network and interact based on what and who they're looking for. It's social networking coming full circle to include actual socializing.

Read | Permalink | Email this | Linking Blogs | Comments
SO cool.

Shared by Ken Kennedy
Awesome.

As a birthday present to me, the FBI's Terrorist Watch List database added its one millionth entry this week, according to the ACLU's estimate.

I've been waiting for this event, because the one millionth entry gives us a nice round number to do the calculations which demonstrate that the terrorist watch list is as close to completely useless as it's possible for a manmade artifact to get. (Note that the database doesn't actually contain a million identities; it's got a million records representing - at a guess - about 400,000 distinct individuals. But since it's my birthday we're gonna pretend that there are a million identities, in order to make all the math turn out nice and pretty.)

Let's assume that we know the names of 1,000 terrorists, and that there are another 9,000 people with terrorist intent whose names we don't know.

According to the Department of Commerce, about 46 million international travellers visited the United States in 2004; the number seems to be holding pretty steady at about 4 million visitors a month. For ease of calculation we'll round this up very slightly to 50 million a year.

When you add this to more than 25 million Americans travelling abroad each year (it's really more than that; 25 million is just for the summer), you've got in excess of 75 million people crossing the borders in a year.

Not a lot of them are terrorists; let's say we get 500 terrorists a year trying to get into the country, and that of these 500, 10% (50) are known bad guys and 450 are new recruits who we don't yet know are bad guys.

So to sum up, each year we expect to have:

• 1,000 known terrorists
• 9,000 unknown terrorists
• 10,000 total terrorists
• 1,000,000 watch list entries
• at least 1,000 and no more than 10,000 actual terrorists on the watch list
• at least 990,000 non-terrorists on the watch list
• 75,000,000 total border crossers
• 500 terrorist border crossers
• 50 known terrorist border crossers
• 450 unknown terrorist border crossers
• 74,999,500 total non-terrorist border crossers

IMPORTANT NOTE: If you don't like my numbers, I invite you to plug your own numbers into the calculations below. For any plausible set of numbers, the conclusion will remain the same. If you prefer an implausible set of numbers, there are lots of conspiracy theory blogs which will probably make you a happier person than you'll be if you keep reading here - or you could wait a week or two and catch the opening of "The X-Files: I Want To Believe".

Let's assume that all variables are independent and random, and let's assume that there's never any error in matching a person against a name on the watch list. There are six cases of interest at a border crossing:

1. Non-terrorist is checked and does not match an entry on the list. Since there are 990,000 non-terrorists on the watch list, there are (74,999,500) - (990,000) = 74,009,500 non-terrorists who are not on the watch list, and this event happens in (74,009,500) / (75,000,000) = 98.7 percent of the cases.
2. Non-terrorist is checked and matches an entry on the list. Since there are 990,000 non-terrorists on the list, this event happens in (990,000) / (75,000,000) = 1.3 percent of the cases.
3. Known terrorist is checked and does not match an entry on the list. We don't make matching mistakes, so this event doesn't ever happen.
4. Known terrorist is checked and matches an entry on the list. This happens every time a known bad guy tries to enter the country. On the other hand, only 500 bad guys enter the country, and only 50 of them are known bad guys, so this event happens (50) / (75,000,000) = .00007 percent of the cases.
5. Unknown terrorist is checked and matches an entry on the list. Since this guy is an unknown terrorist, the probability that his name is on the list is the same as the probability that an innocent civilian's name is on the list. That probability is 1 in 75 (1,000,000 names on the list; 75,000,000 total travellers). There are 450 unknown terrorists crossing the border, so (450) / (75) = 6 of their names are on the list. So this event happens in (6) / (75,000,000) = 0.000008 percent of the cases
6. Unknown terrorist is checked and does not match an entry on the list. 444 unknown terrorists who try to cross the border aren't on the list, so this happens in (444) / (75,000,000) = 0.0006 percent of the cases

Now let's have a look at the results in rank order.

Outcome	Occurrences
Innocent non-match	74,009,500
Innocent match	990,000
Unknown terrorist non-match	444
Known terrorist match	50
Unknown terrorist match	6
Known terrorist non-match	0

We match (50 + 6) / (444 + 50 + 6) = 11.2% of terrorists using this scheme.

Of the people matched, (50 + 6) / (990,000 + 50 + 6) = 0.006% are terrorists. Put another way, 99.994% of all people matched are innocent.

It's bad enough that we're letting 90% of the terrorists cross our border without additional checks, and that we're putting 990,000 innocent people through unecessary additional checks.

What's worse is that we're probably arresting some of those 990,000 innocent people because they matched the list and "seem suspicious" (ask Brandon Mayfield about this!)

What's even worse than this is that we're training the people who operate the system to ignore the real terrorist matches when they happen. 9999 out of every 10,000 matches is a false match. After the first 5,000 or so false matches, normal humans start to assume that every match is a false match (this is called "habituation", or "the fallacy of induction"). When that one true match (a real terrorist) sets off the alarm, the operator's natural tendency is just to turn the alarm off and wave the guy through.

But what's worst of all is that this system is trivially easy for even the dumbest terrorist to circumvent. It doesn't take a genius to figure out that the thing to do to defeat this system is stop sending known terrorists through it. Catching a new recruit without a terrorist history happens only by accident, and it happens with very low probability.

We're spending God knows how many millions of dollars on this list, and it cannot possibly do the job for which it's intended. We could "fix" the system to the extent that we provide a way to take innocent people off it, but it will always be the case that the huge majority of people checked against the list are innocent. As long as this is the case, the base rate fallacy will make the system essentially worthless for catching bad guys. And this is even if the bad guys are dumb enough to enter the country at controlled border crossings and send known terrorists using papers issued under their real names.

I realize that it's bureaucratically impossible to dismantle a large government system which has been publicly criticized, so in a helpful and public-spirited gesture I'll offer the following alternative suggestion:

Put everybody on the list.

It's cheap, it's fast, it's inevitable eventually anyway as long as the list continues to grow at its current rate, and it makes checking people against the list really easy (you can do it even without a computer!).

After you've put everybody on the list, implement something that might actually work as your secondary screening process.

Bruce blogged about the absurdity of the watch list here.

Awesome.

Shared by Ken Kennedy
I always like it when Eliezer hits a "review and apply" post.

I always like it when Eliezer hits a "review and apply" post.

Shared by Ken Kennedy
I have to admit, I'm just sharing due to the photo. I had to go track down the Sagrada Família just to prove to myself that was real. Crazy.

… to give a talk about the UK debate over whether to build a successor to the Vanguard class of submarines. It’s part of a session on Evidence-based policy or policy-based evidence? Nuclear weapons decision making in Europe at The Euroscience Open Forum 2008.

Have a good weekend.

I have to admit, I'm just sharing due to the photo. I had to go track down the Sagrada Família just to prove to myself that was real. Crazy.

http://www.last.fm/music/the+knees

Light post today...I'm doing some Saturday stuff for work, so my SCOTUS post can wait until tomorrow. *grin* I did want to note, however, that a) my Disqus comments are live, fire away folks! *grin*, and b) leaf/lawnblowers make podcast listening impossible!

Let me explain. Podcast listening is something that happen in many environments...you can listen at a PC, pump it to the stereo, with an MP3 player, etc. People listen while working, at the gym, in the car, or wherever. Much like radio, it doesn't require full attention, unlike video podcasts or TV. I personally tend not to listen to podcasts while working...I'm too easily distracted. I usually listen to music while coding or working (watch me code on last.fm!). I listen to podcasts in the car, on mass transit, out doing errands, and running. I like the fact it's such a flexible medium, though!

Anyway...so I listen to a LOT of podcasts while running. I'm no marathoner, but I do 15-20 miles a week when there's nothing stopping me, and I've been doing it for 20 years. So since the beginning of podcasting, I've LOVED listening to podcasts while I run. In fact, I had started about a year before; in 2003, I started recording BBC news streams to listen to on a 64 meg CF card player. Ah, those were the days. *grin*. But now, it's podcasts...lots of podcasts.

And podcasts vs. lawnblowers don't fare NEARLY as well as music vs. lawnblowers. Not like this is a new phenomenon, but I've for some reason noticed it a lot more lately. I get a lot of lawn care types out near the park that I run at and the neighborhood nearby where I live. Music? Music survives 10-15 seconds of absolute overwhelming blower noise. After all, they're probably songs that I love and know completely by heart anyway. But a podcast, especially a technical one, or a presentation? Blam. Conversational thread lost. So lawnblowers suck. *grin*

So that is my rant for today. More fun tomorrow!

http://www.last.fm/music/10%2C000+Maniacs

http://www.last.fm/music/Drawing+Down+The+Sun

http://www.last.fm/music/The+Police

http://www.last.fm/music/Chinese+Whispers

Shared by Ken Kennedy
Definitely needs followup. This is one of those cases that it's important is CLEARLY dismissed, letting everyone know that nothing improper occurred. My Google News alert is already set up to keep track of this one.

Bernardo sez,

I read in Dispatches From the Culture Wars about Scott Conover, who was arrested for taking a picture of a policeman during a traffic stop.

Conover quotes the police officer as saying "... you took a picture of me. It's illegal to take a picture of a law enforcement officer... if you don't give it to me, you're going to jail".

The arrest was, technically, for pointing a laser at a police officer (the officer claims he thought Conover was pointing a laser at him, but he arrested Conover even after discovering that it was a cell phone, which, y'know, looks a lot like a laser, dunnit). A commenter on the Dispatches blog points out how "The law they charged him under is 39-13-605, which requires that 'the photograph... was taken for the purpose of sexual arousal or gratification of the defendant'."... Seems like a bit of a stretch.

The police officer's affidavit also makes for entertaining reading.

Link (Thanks, Bernardo!)

Definitely needs followup. This is one of those cases that it's important is CLEARLY dismissed, letting everyone know that nothing improper occurred. My Google News alert is already set up to keep track of this one.

http://www.last.fm/music/Pet+Shop+Boys

http://www.last.fm/music/Depeche+Mode

http://www.last.fm/music/The+Police

http://www.last.fm/music/Shlomo+Mintz

Shared by Ken Kennedy
Congrats, Cameron!

So while I was in France I was presented with the quite-prestigious “Legion Of Merit” award by the La Société Napoléonienne (aka the International Napoleonic Society) for my “contribution to the promotion of Napoleonic history” via the Napoleon podcast I produce on TPN.

As you can see, I’m the 97th person to receive the award. It’s quite a thrill for a long-time Napoleon enthusiast such as myself, especially considering I’m neither a scholar nor a historian.

On my first trip to France four years ago, I visited all of the Napoleonic sites and dreamed of one day making a contribution to Napoleonic history. That was before I’d even heard of podcasting. So to be presented with this award four years later is pretty cool. Let that be a lesson to all you kids out there - you too can wear big gold bling around your neck. No wait, wrong lesson. Hmmm, let me refer to “CAMERON’S BOOK OF LESSONS”… oh yeah, here it is - “What You Conceive and Believe You Can Achieve”.

I think there are some videos and photos of me receiving the award which I’ll post up when I get them. Currently I’m still sitting in Changi Airport on my way home. It’s a SEVEN HOUR stopover. Unbelievable.

Congrats, Cameron!

According to Andrew Fogg from kusiri, Google will start rolling out offline support for both Gmail and Google Calendar through Google Gears within the next six weeks. Google enabled offline access to Google Docs earlier this year, after they had already been using if for Google Reader for over a year. Fogg also found out that Google will start supporting SyncML for synchronizing contacts in Gmail around the same time.

As Google is trying to push more of its products into small businesses and enterprises, having offline access to email and calendar functions is becoming an absolute necessity for Google. Even as mobile Internet access is becoming more ubiquitous every day, few business users would want to risk being caught in a situation where they don't have access to their email or calendaring clients.

Some of Google's competitors such as Zimbra or Zoho are already offering some of these capabilities based on Google Gears. MySpace, too, is working on making its messaging platform available offline using Gears.

As Alex Chitu from the Google Operating System blog observes, Google's support for SyncML is also noteworthy. SyncML is an open standard for synchronizing information between different devices and, so far, has mostly been adopted by the mobile phone industry, with all the major companies such as Motorola, Nokia, Sony, LG, as well as IBM and Siemens supporting it in at least some of their products.

The latest version of SyncML has added support for push email. According to Andrew Fogg, Google is using SyncML for synchronizing its contacts database with the iPhone, but in the long run, it is probably worth speculating if Google might also start pushing email to the iPhone (or any other phone for that matter), using the SyncML push technology.

Shared by Ken Kennedy
This shouldn't surprise me, but it really boggles the mind.

I'd like to tell a story about one of the bands I have on Magnatune, and their experience with traditional record labels. I've anonymized the identities, to protect the innocent.

In 2003, when I was starting out Magnatune, I was approached by this band. They had previously released an album on a label, where it had sold well. Unfortunately, the label nonetheless went bankrupt, and the band were owed extensive royalties. However, they did get their rights back to the record, so they released it on Magnatune. When Magnatune released it, the album had been out for five years.

On Magnatune, the album did fairly well, making the band a bit over $1000 a year in royalties, which I thought was good on an already-five-year-old-album. The band both did no promotion for it, nor did they point to Magnatune from their web site.

For their second album (sometime around 2005), the band decided to go traditional again, and signed with a record label. The reason they did this, is because the label said they would heavily promote them.

At this point, the band contacted me, asking me to stop selling their first album, because their new label wanted to exclusively own all the rights to their first album, otherwise the label wouldn't be willing to reprint the first CD. The band wanted to do this, to give their rights away to the label, so that the 1st album would be reprinted and promoted.

I was feeling ornery at the time, and I thought the band was getting ripped off. I particularly don't like musicians giving their rights away, especially when they're getting nothing in return but a lot of promises.

So, I wrote back to the band "I'll take your first album off of Magnatune, *if* the new label pays you a yearly advance equal to what Magnatune has been paying you. You've been getting $1000 a year from me, and I think it's only fair that the label commit to make you at least that much if they're going to take the Magnatune revenue away from you."

Of course, I would have taken the album off Magnatune either way, but I wanted the band to go back to the label, and demand some sort of advance from this label, since after all the band would be losing actual pretty-much-guaranteed yearly revenue from me (never mind that they'd also be losing their rights to the album).

The label refused to guarantee the band any advance, and went ahead and re-released their first CD without having the exclusive rights, and without the band losing their rights to that first record. That had been my goal, so I was pleased.

Unfortunately, Magnatune wasn't able to release the band's second album, because the label had the exclusive rights to it. Damn.

Sadly, this new label didn't follow through on their promises.

Today, in response to sending out musician royalty statements, I get an email from the band leader:

Just between us, after ten (10!) months of negotiating and trying to be paid for past royalties due, I finally was able to terminate my licensing agreement with (the record label). It was so difficult and found out very disappointing things about the way they were handling our deal. False royalty reports, etc...and we still haven't received our royalties from 2 years ago! It's supposed to be in the mail. Anyway, I don't like to spread negative statements around but it has been very frustrating. I know all the labels are very desperate and are doing everything they can to stay in business. Yet if they don't change the basic paradigm of how their business is structured and how to make a win-win situation between them and the artist, I don't see how any of them are going to survive. I think the model you have set up with Magnatune is very wise. I hope you have seen overall success in such a challenging industry. As soon as I receive the signed agreement from (the label), I will officially have the rights back to the 2nd album as well. I have plans for setting up an independent catalog of our albums and will be able to license our music over to Magnatune. Lets be in touch about this.

At least this story ends somewhat happily, with the musician regaining the rights to their own music, albeit never getting paid by anyone who sold their music, except for getting paid by Magnatune...

This shouldn't surprise me, but it really boggles the mind.

http://www.last.fm/music/Ensemble+Mirable

http://www.last.fm/music/David+Bowie

Shared by Ken Kennedy
Excellent! Can't believe I just found this blog. Thanks to Michael Nygard for the link.

I’ve been working with several clients on their transitions to agile–or at least, more agile approaches to their projects. In each case, the managers decided to move towards agile because the technical staff were in their words, “naive” about the project goals. To be fair, none of the projects had a vision or release criteria, so it’s not surprising the technical folks didn’t understand the project goals.

But waterfall, with it’s emphases on understanding up front,  helps create that naivete. If you could understand requirements or design up front, then the project is just a SMOP (Simple Matter of Programming). And the testing is just a SMOT, and the writing is just a SMO (Testing and Writing). With a SMOP attitude, everyone assumes the predictive schedules are correct, creating a sense of naivete for the entire project–not just the technical staff. The managers are naive about what the milestones really mean, and everyone’s naive about the entire schedule.

But there’s an even more insidious  assumption in waterfall: that the time to finish the project doesn’t matter. This attitude arises even more if a senior manager or program manager or project manager says something like, “Quality is Job 1.” At some point, this project has to end and the product has to ship. Maybe not next month, maybe not even next year, maybe the year after. But at some point in time, the product will ship, regardless of the technical staff’s perception of quality. And that’s where waterfall lets down the entire project team.

I haven’t worked on a project or consulted with a company where they had endless time to get to release for at least 20 years. (I can only remember one project where we were not under time pressure back in the early 80’s. But maybe I can’t remember much Granted, I tend to work on or with projects in commercial organizations, so if you’re working on a government project, maybe you have more flexibility in time.

But a waterfall project organization, where you have milestones such as “requirements complete” or “feature freeze” or “feature complete” provide a disservice to the entire project and management team. We know the requirements are not complete. We know the features will change. Saying they are complete or frozen won’t change reality. But those complete or frozen milestones provide a sense of inevitability about the eventual ending of the project, and infer that since we’re “meeting” (ha!) the project milestones, that we will continue to. That’s the naive part. (See There is No Such Thing as Percent Complete and Showing Project Progress (NOT percent complete) for why.)

Waterfall is fine for a few weeks (4 or fewer), and a few people (4 or fewer) and where you’re sure the requirements are not going to change. Absolutely, positively sure. No surprises. But if you have a larger project or a longer project or you have a suspicion things might change, you want to work differently. I recommend you read my recent Cutter IT article, What Lifecycle? Selecting the Right Model for Your Project to see ways to organize your projects so they make more sense.

Naivete can be charming in people. But it makes for badly organized and executed projects and programs. Waterfall reinforces naivete. Any other lifecycle allows you to take a more empirical approach, rather than a more predictive approach. The agile lifecycles are all about empiricism, so they banish naivete–at least, about schedule–completely. Choose any other lifecycle, and you can take a mature, not a naive, approach to your projects.

 

 

 

 

 

 

 

 

Excellent! Can't believe I just found this blog. Thanks to Michael Nygard for the link.

Shared by Ken Kennedy
Crap.

The Transportation Security Administration is joining the 21st century. Just 5 years after security experts first outlined methods for faking boarding passes (and 2 years after the FBI raided my home for automating the process), TSA is finally testing out technology to neutralize this security threat. The only problem? The new authenticated boarding passes lay the groundwork for a surveillance state, enforceable all-points-bulletins, and most scary of all, data discrimination.

Can TSA be trusted to do the right thing?

For the last 4 months, Continental Airlines and TSA have been running a pilot project, which permits passengers to pass through security using mobile-phone based boarding passes. After the user checks in online 24 hours before travel, the airline will send a dense 2D bar code to the passenger's mobile phone. The program is open to anyone flying on a non-stop Continental Airlines flight out Houston.

The bar codes contain all of the information that would ordinarily appear on a boarding pass, plus one other important thing: a digital signature.

The system doesn't seem too bad, security wise. The airlines each create a PGP cryptographic key pair, a private key which they use to sign each boarding pass, and a public key which they give to TSA.

When a passenger shows up at a TSA checkpoint, the boarding pass is scanned by TSA agents with a handheld device. The device will verifies the cryptographic signature, and if the boarding pass hasn't been modified, it'll display the passenger's information, which the agent can then compare to the passenger's ID. (Click here to see a picture of the boarding pass being read by the handheld device.)

Privacy safeguards

The Department of Homeland Security released a detailed Privacy Impact Report on the boarding pass system in late 2007. The report reveals a number of interesting details, and surprisingly, that the system was designed with passenger privacy in mind. The report (pdf) notes that:

The [Boarding Pass Scanning System (BPSS)] equipment is a handheld 2-D Bar Code scanning device and should be considered standalone as it will not be connected to any network - via wireless or ethernet connection.....

When [the passenger's] information is collected, it is immediately displayed on the device screen, in order for TSA screeners to screen the passengers against their photo identification. Once this is completed, the information is immediately and permanently deleted from the system....

The BPSS device application does not maintain a transaction log with bar code scan content; the application does not save or store the bar code scan data to a file, database, etc.

As many of my readers may know, I caused a bit of a panic at TSA in 2006, when I created a website that made fake boarding passes. Once the FBI dropped their investigation, and TSA decided not to come after me, the Feds became a lot nicer to me. I've flown out to Washington DC a couple times since to meet with TSA officials, and I know for a fact that a number of people inside DHS have read my research paper. Thus, it's not terribly surprising that the system in trial at Houston airport closely follows the design I outlined.

The authors of the privacy report were even nice enough to give me props, and mention my boarding pass security research as a motivation for the technology in the second paragraph of the document.

The makings of a surveillance state

TSA has clearly done a good job in designing this system, and making sure to include privacy analysis at the early design stages. The main problem though, is that it creates the foundations of a surveillance state. A world where TSA agents will be able to read through your digital dossier in detail as they decide how strictly to prod and probe you. This system, essentially, sets the stage for data discrimination at checkpoints.

When a passenger goes through a TSA checkpoint right now, the agent only has a few bits of information in front of him or her: The passenger's reported name, ID documents and the the physical features of the passenger (race, gender, dress, accent). Yes, it is possible for an airline to flag a passenger (the dreaded SSSS on a boarding pass), if the passenger's name appears on one of the watchlists. However, this is still very little information.

Imagine if, when going through a TSA checkpoint, the agents had a full dossier on each passenger - detailing everywhere you'd ever flown, any past criminal records, credit history, parking tickets and heck, even which books you've been seen reading in the airport. It's not such a wild fantasy, as US Customs Officers already have this information, and look at it when you enter the country.

What if ....

While the pilot program that TSA is using in Houston is privacy preserving, passengers will have no way of knowing if a future administration decides to update the software or hardware of the handheld devices. It would be very easy to add a wireless card to the devices, and no passenger would ever be the wiser. Suddenly, TSA agents would have a wealth of information at their fingertips, information that could help agents "fight the war on terror."

Such a change, if it did happen, would probably not require that TSA notify the public. Moreover, I doubt if it'd even have to tell the entire Congress. It would simply hold a closed briefing for the Intelligence Committees -- including the same gutless "gang of 8" who knew about the NSA's Warrantless Spying program for years, and didn't do anything about it.

To be clear, I'm not accusing TSA of doing anything wrong. All I'm saying is that once agents start scanning in bar codes with hand held devices, we the public will have no way of knowing what happens to the data. TSA is, afterall, rather trigger-happy when it comes to pseudo-classifying data as Sensitive Security Information .

Remember the National Security Letter powers that the FBI was given by the Patriot Act? Congress and the public were assured that there would be safeguards, and that they would be used correctly. Fast forward a few years, and we find out that National Security Letters have been widely abused, time and again.

I don't have an easy solution to recommend here. The current boarding pass system is easy evade, and digitally signed bar codes do solve this problem. However, given that passengers can still refuse to show ID when they fly (and thus totally avoid the watchlists), I'm not really sure what is the main goal of this pilot. Why spend millions to beef up boarding passes, when passengers can still slip through the system with no ID?

Perhaps the real solution, as crazy as it may sound, is for TSA to do their job - and screen passengers. As experts have noted over and over, a valid ID and boarding pass are not proof that someone is not a terrorist. Instead of wasting money and time trying to verify documents and ID cards, why not reallocate these resources to searching bags and patting down old ladies?

Thanks to Adam Shostack for tipping me off to the NYT article on the TSA pilot.

Crap.

Shared by Ken Kennedy
Interesting!!

Socialized capitalism of the sort the Fed and the Treasury are now practicing, consisting of private gains and public losses, is untenable. On the other hand, it's also true that giant Wall Street investments banks as well as Fannie Mae and Freddie Mac are too big to fail. How to reconcile these conflicting principles?

Here's a modest proposal: When taxpayers insure a giant entity against loss -- as we now are with Freddie, Fannie, and Wall Street investment banks -- those entities must agree that:

(1) for the duration of the bailout, their top executives cannot receive total annual compensation higher than that received by the President of the United States, and

(2) the government gets five percent of their current valuation as shares of stock (roughly representing the benefit to their shareholders of the federal insurance) -- so that if and when the entities become profitable again, taxpayers are compensated for the risk they've taken on.Interesting!!

Shared by Ken Kennedy
These are ideas that we need to be dicussing, regardless of of political and ideological affiliations.

As we bail out Wall Street along with Freddie and Fannie and all the top financial executives who have been pocketing tens of millions a year, yet allow millions of homeowners and jobless Americans to sink, it's worth contemplating what's happening to the American economy and to our social safety nets.

What economists have called "The Great Moderation" - a period when the business cycle evened out, and neither inflation nor recession posed much of a threat- began in the mid-1980s, and now appears to be over. It was good when it lasted. But it led the nation to think we didn't need much by way of social insurance.

No one knows for sure what caused the Great Moderation. Some had credited increased sophistication of financial markets and the wisdom of the Federal Reserve Board. Hindsight suggests it was more luck than anything else.

Well, folks, it turns out the great moderation was something of a fluke, and now tens of millions of Americans are in trouble with no safety net to help them.

That's because the apparent end of the boom and bust cycles led us to assume the economy would no longer impose huge, unexpected, and arbitrary losses on large numbers of Americans. So we basically got rid of the safety nets. We abolished welfare, let unemployment insurance wither, and paid scant attention when corporations eliminated defined-benefit pensions and cut health insurance benefits. We even stopped worrying about the safety of small investors, allowing federal deposit insurance to shrink as a proportion of total savings (witness the recent bank run in California).

But now we have to rethink safety nets. Right now, nets are being spread for the wrong people. The giants of Wall Street along with Fannie and Freddie get bailed out but there's still no relief in sight for most homeowners who can't pay their mortgages. Corporations that don't deliver on their pension obligations are helped but there's nothing for retirees and small investors whose savings are drying up because of Wall
Street's decline. Small investors are losing their shirts but the Fed stands by to help the biggest.

Yet I have to believe the end of the Great Moderation will eventually result in a broader safety net. Maybe not the old forms of social insurance, but new ones like universal health insurance, earnings insurance, and savings accounts in which the dollars you put away are supplemented by government dollars.

The very rich, fattest investors, and the biggest corporations don't need safety nets. Now that the booms and busts are back, the rest of us do.These are ideas that we need to be dicussing, regardless of of political and ideological affiliations.

Shared by Ken Kennedy
GG does a great job of pointing out the pros AND cons of emerging tech like personal fabrication (which I personally believe will become a Very Big Deal in the next decade).

GG does a great job of pointing out the pros AND cons of emerging tech like personal fabrication (which I personally believe will become a Very Big Deal in the next decade).

Shared by Ken Kennedy
This is COMPLETELY crazy. I thought a Z-machine in the browser was hard-core.

DEFENDER of the Favicon implements the game of Defender using Javascript and the tinsy, teeny space afforded by a Favicon. Supposedly works in Firefox and Opera, though my Firefox just stalls on the splashscreen. Nevertheless: woah. 8-bit arcade game in a Favicon. Woah. Link (via Wonderland)

This is COMPLETELY crazy. I thought a Z-machine in the browser was hard-core.