Friday, December 31, 2004

Song to represent 2004

On KUOW's Weekday, yesterday, (at 51:20 into the 9:00 show) Knute Berger of Seattle Weekly was asked what song he would choose to stand for the year 2004.

His choice was the Imperial March from Star Wars. Perfect!

Thursday, December 30, 2004

"Let's keep voting until I win"

In the WA Governor's race, Rossi is calling for a new election - perhaps hoping to win this one.

Wednesday, December 29, 2004

A 50-year-old lesson for us today

Edward R. Murrow's commentary wrapping up his March 9, 1954 See It Now report on Senator Joseph R. McCarthy ends with a statement that impressed me as being perhaps as pertinent today as it was then.

You have to do some substitutions, of course. Instead of Communists, it's terrorists, for example. Instead of McCarthy, I have in mind some other, current politician who has been reelected based on ramping up fear in the voting population and on getting them to look to him to be the strong man who will face down the foreign devils.

Here's the quote that hit me so hard:

"No one familiar with the history of this country can deny that congressional committees are useful. It is necessary to investigate before legislating, but the line between investigating and persecuting is a very fine one and the junior Senator from Wisconsin has stepped over it repeatedly. His primary achievement has been in confusing the public mind, as between internal and the external threats of Communism. We must not confuse dissent with disloyalty. We must remember always that accusation is not proof and that conviction depends upon evidence and due process of law. We will not walk in fear, one of another. We will not be driven by fear into an age of unreason, if we dig deep in our history and our doctrine, and remember that we are not descended from fearful men -- not from men who feared to write, to speak, to associate and to defend causes that were, for the moment, unpopular.

"This is no time for men who oppose Senator McCarthy's methods to keep silent, or for those who approve. We can deny our heritage and our history, but we cannot escape responsibility for the result. There is no way for a citizen of a republic to abdicate his responsibilities. As a nation we have come into our full inheritance at a tender age. We proclaim ourselves, as indeed we are, the defenders of freedom, wherever it continues to exist in the world, but we cannot defend freedom abroad by deserting it at home.

"The actions of the junior Senator from Wisconsin have caused alarm and dismay amongst our allies abroad, and given considerable comfort to our enemies. And whose fault is that? Not really his. He didn't create this situation of fear; he merely exploited it -- and rather successfully. Cassius was right. 'The fault, dear Brutus, is not in our stars, but in ourselves.'"


Friday, December 24, 2004

Tonight's Newshour on WA Gov Race

As Joel Connelly from the Seattle PI said near the end of the segment - "The political right in this country has never managed to win with grace. Based on what I was listening to on talk radio coming down here to be on this program, they certainly aren't losing with grace." Look for lots of fun to come in this race....

The Fun Continues

Thursday, December 23, 2004

WA Gov Race is Over

Simple. 1 count, 2 recounts, and everybody is satisfied. So, we can all go back to normal lives while the new governor prepares her transition.

Right? Ha!

"[Conceding] isn't even on our radar screen right now," said Suzanne Tomlin, a spokeswoman for the [Republican] party. "Dino won the first two counts. If we stick with it, we can work it out."

Someplace between my civics lessons in grade school and today, elections stopped being a dry process interesting only to accountants and started being a fist fight, where the biggest bully might even win.

Maureen Dowd again

This column needs to be experienced from start to finish. I won't say more.

...except that I wish more people would start with Imperial Hubris and go on from there - but that assumes everyone would read it. Of course, I believe everyone should.

Coverage of the WA gov recount process

Wednesday, December 22, 2004

Dream Come True

The latest recount result in the WA governor race is almost perfect. It's what I was hoping for in my earlier post.

So, Rossi went from a lead in the hundreds, to a lead of 42 to losing by 8 - out of about 3 million votes cast. Note: this count (not official) does not include votes in the contested 700+ ballots that King County wants to count and the Republican party doesn't.

Back when I balanced my checkbook by hand, I used to do it twice - and if the counts disagreed, I would do it a third time - and keep doing it until I knew I was right. How about we keep recounting this election and fighting in court about the recount procedures (since it's obviously not standardized with everyone agreeing to it) until we get twice as many recount results all exactly the same as we got recount results that differ from that correct value? That might be a way to make sure we know what the count was. :-)

======================= late breaking news ========== 13:45 PST ============

I just heard on the radio that the WA supreme court has allowed King County to include the 700+ ballots that it had found uncounted in this recount. That will change the result yet again - and anger the Republican party (because King Co. is predominantly Democratic), so they might start some new legal action. It just keeps getting better! It might be years before this one is resolved.... LOL!

============= 12-23-04 06:15 ===============

Yes, it gets better. NPR's Morning Edition did a segment on the governor vote.

RSS feeds from NYT and Washington Post

I suppose everyone else knew this long ago, but I just found RSS feeds for those papers this morning.

http://www.nytimes.com/services/xml/rss/index.html


http://www.washingtonpost.com/wp-adv/rss/front.htm


and while I'm at it, here's the RSS feed page for the Seattle Times

Monday, December 20, 2004

A Not So Wonderful Life

Thanks to Peg for e-mailing me a copy of this column by Maureen Dowd from the New York Times.

Sunday, December 19, 2004

NOW this week

NOW, this week (12/17/04), started with a discussion of the right-wing takeover of mass media and the abuses it engaged in. The segment was opened with a reference to Hitler, as is only appropriate, IMHO.

No more Dr. Who???

KBTC, the Seattle area station carrying Dr. Who, just announced that the distributor has decided to suspend broadcast rights of Dr. Who. So, they're showing the last episodes of the current story tonight in an extra-long broadcast - and hoping they will get the rights back, but no promises.

Does anyone know what goes on there?

Saturday, December 18, 2004

1933?

A relative of a relative wrote, in an e-mail from England where he lives, that he "just returned from a dinner party with half of the partners being Japanese.

"Anyway, I could sense that politics would be coming up shortly in the group discussion, and sure enough, somebody asked, 'What did you think of the election result?'

"I just looked at them and responded, 'This is Munich, 1933. We have seen it all before. Keep in mind that Hitler was elected!'

"Never seen anything like it. Some were cheering, others applauding and smiles everywhere!"

PDX rocks!

Preston reports that there's free 802.11 at PDX.

That's yet another reason I think it's my favorite airport.

The others are from food
.

PDX has Coffee People. It's my favorite espresso stand.

PDX also has the best restaurant I've ever been to in an airport. It's the Rose City Cafe. Their sushi bar is extremely good, even by non-airport standards. Their breakfast service is wonderful - good food, good wait staff - good experience.

As Preston says, if you ever find a choice of routing - and have a chance to stop over at PDX - do it, if only to eat and surf.

Look on the bright side

Thanks to Peg for sending me this one:

==============================

----- Original Message -----
From: Lynn
To: undisclosed-recipients:
Sent: Friday, December 17, 2004 12:57 PM
Subject: Look on the bright side



With the Blue States in hand, the Democrats have firm control of 80% of the country's fresh water, over 90% of our pineapple and lettuce, 92% of all fresh fruit production, 93% of the artichoke production, 95% of America's export quality wines, 90% of all cheese production, 90% of the high tech industry, most of the US low-sulfur coal, all living redwoods, sequoias and condors, all the Ivy and Seven Sister schools, plus Harvard, Yale, Amherst, Stanford, Berkeley, CalTech and MIT. We can live simply but well.

The Red States, on the other hand, now have to cope with 88% of all obese Americans (and their projected health care cost spike), 92% of all US mosquitoes, nearly 100% of all tornadoes, 90% of all hurricanes, 99% of all Southern Baptists, 100% of all Televangelists, Rush Limbaugh, Bob Jones University, Clemson and the University of Georgia. A high price to pay for controlling the presidency.

Additionally, 38% of those in the Red states believe Jonah was actually eaten by a whale, 62% believe life is sacred unless we're discussing the death penalty or gun laws, 44% believe that evolution is just a theory, 53% that Saddam Hussein was involved in 9/11 and most hard to grasp, 61% believe that Bush is a person of moral conviction.



Friday, December 17, 2004

FW: Letter from California

Thanks to Mark for this.

=========================

Dear President Bush:

Congratulations on your victory over all us non-evangelicals. Actually, we're a bit ticked off here in California, so we're leaving you. California will now be its own country. And we're taking all the Blue States with us. In case you are not aware, that includes Hawaii, Oregon, Washington, Minnesota, Wisconsin, Michigan, Illinois, all of the North East States, and the urban half of Ohio.

We spoke to God, and she agrees that this split will be beneficial to almost everybody, and especially to us in the new country of California. In fact, God is so excited about it, she's going to shift the whole country at 4:30 pm EST this Friday. Therefore, please let everyone know they need to be back in their states by then. God is going to give us the Pacific Ocean and Hollywood. In addition, we're getting San Diego. (Sorry, that's just how it goes.) But God is letting you have the KKK and country music (except the Dixie Chicks).

Just so we're clear, the country of California will be pro-choice, pro-gay marriage, and anti-war. Speaking of war, we're going to need all Blue States citizens back from Iraq. If you need people to fight in Falujah, just ask your evangelical voters. They have tons of kids they're willing to send to their deaths for absolutely no purpose. And they don't care if you don't show pictures of their kids' caskets coming home.

So, you get Texas and all the former slave states, and we get the Governator and stem cell research. (We would love you to take Britney Spears off our hands, though. She IS from the south, right?)

Since we get New York, you'll have to come up with your own late night TV shows because we get MTV, Letterman, the Daily Show, and Conan O'Brien. You get... well, why don't you ask your people at Fox News to come up with something entertaining? (Maybe you should just watch Crossfire. That's a really funny show.)

We wish you all the best in the next four years and we hope, really hope, you find those missing weapons of mass destruction. Seriously.** Soon.

Sincerely,

California

Bill Hicks jokes & quotes

Tom sent me this link to quotes from Bill Hicks - some funny jokes among them.

Newshour - author of Imperial Hubris

PBS Newshour last night had the author of Imperial Hubris, Michael Scheuer, and Daniel Benjamin, a director for transnational threats at the National Security Council during the Clinton administration, discuss bin Laden and our war against him. It was especially interesting to me to see Scheuer and listen to him talk, after reading and being so impressed by his book.

The PBS Newshour page
offers streaming video. It's actually good quality, too, at least at broadband speed!

Monday, December 13, 2004

New STD - FW: from Chris

-----Original Message-----
From: Christine Scriabine
Sent: Saturday, December 11, 2004 10:12 PM
Subject: CDC Warning

The Centers for Disease Control has issued a warning about a virulent strain of sexually transmitted disease.

This disease is contracted through dangerous and high risk behavior. The disease is called Gonorrhea Lectim. Second generation patterns of the disease have produced an even more virulent strain called Diddreah Lectim.

Many victims have contracted it after having been screwed for 4 years, in spite of having taken measures to protect themselves from this especially troublesome disease.

Cognitive sequelae of individuals infected with Gonorrhea Lectim and Diddreah Lectim include, but are not limited to:

Antisocial personality disorder traits;
delusions of grandeur with a distinct messianic flavor;
chronic mangling of the English language;
extreme cognitive dissonance;
inability to incorporate new information;
pronounced xenophobia;
inability to accept responsibility for actions;
exceptional cowardice masked by acts of misplaced bravado;
uncontrolled facial smirking;
ignorance of geography and history;
tendencies toward creating evangelical theocracies;
a strong propensity for categorical, all-or nothing behavior.

The disease is sweeping Washington. Naturalists and epidemiologists are amazed and baffled that this malignant disease originated only a few years ago in a Texas Bush.

Sunday, December 12, 2004

Interactive Christmas lights

Slashdot has posted an article that is bound to be driving some neighborhood crazy. Back in UPnP days, we speculated about how even something as innocuous as a lighting controller would need strong access control.

Well, here's a real live lighting controller on the net - with no access control - on purpose. LOL!

Tuesday, December 07, 2004

Establishing identity in order to punish, threaten or intimidate

If some third party identity-establishment service were instead to guarantee that they would track down and prosecute the identified party in case that party committed fraud, then that kind of identity establishment would have meaning. The NRC report on authentication, "Who Goes There?", calls this Authenticating to Hold Accountable in Chapter 2.

If we lived in the old days when people stayed within a few miles of where they were born, just knowing who the fraudster was would have been good enough because he wouldn't get away without giving up his entire life. Today those conditions don't apply, so knowing precisely who the fraudster is has no meaning unless we have the ability (and money) to capture and prosecute the perpetrator.

And, of course, this all has no value if what is lost through that fraud can not be made whole. If lives or secrets are lost, no amount of prosecution after the fact would make up for the security breach.

Axioms of Identity

I'm inclined to state slightly different identity axioms but along the same lines.

I suspect that each individual has an inherent identity, but that it is irrelevant. Rather, I define the identity of person P as being a function not I(P) but rather I(P,O,t) - the identity of P from the point of view of observer O at time t.

This relies on one of the definitions of identity: "The quality or condition of being the same as something else."

In particular, in this case, the two things that are to be established as the same are:

1. characteristics C about P that O observes at time t

and

2. O's memories M at time t of P (built over a period of time)

These two sets of information are not matched exactly. O may remember P at an earlier time before P's hair turned white and that characteristic is not to be observed again.

Rather, those two sets of information are compared to find matches and non-matches. As long as the matches constitute enough entropy to rule out all other P' in the world, then O can conclude that s/he knows the identity of P -- assuming the non-matches do not rule out P.

So, if set-intersect(C,M) has enough entropy to specify P uniquely over the entire universe and set-intersect(C,anti(M)) is empty (or can be discounted), then identity has been established. [I'm not completely comfortable with the handling of anti(M) and welcome refinements, while I keep thinking about how to fix this formulation.]

So, I would replace the second axiom with one that says identity is a function of two entities - the oberver and the observed - rather than being defined only in a community. I would also claim that I(P,P,t) is an entity's intrinsic identity, but that's of no real use in the world, so I don't really fight the first axiom.

Note that because memories can fade over time and people's characteristics can change over time, the matching algorithm needs to take the passage of time into account and at the least require more elements in the set intersection.


Author of Imperial Hubris

According to amazon.com, the author of Imperial Hubris has been identified as Michael Scheuer.

I guess I can remove the gender neutral pronouns in my previous post.

I wonder if he is still at the CIA or has quit in the recent purge...

====================

From the lead amazon.com review, at the end:

"11/12/04 UPDATE -- Scheuer has resigned so he can freely pursue his mission of critiquing and holding accountable the failed and failing U.S. policy. He is specifically calling for the leadership of the CIA and FBI to be held accountable for their failures. Otherwise, nothing new -- Cheney & Bush are still in charge, and U.S. policy is still well designed to promote the growth of Al Qaeda's global insurgency."

Another take on the Iraq war

On my flight, Sunday night, from Baltimore to Chicago, I was talking with my seat neighbors about Imperial Hubris - the book I was reading and about to finish.

When we landed in Chicago and were disembarking, the man in the seat directly behind me handed me a short note he had written for me - recommending a book he thought I might be interested in, available from his local Islamic web site.

We had a pleasant enough but short discussion as I collected my bags and we left the plane. I've bookmarked the web site for future reference and have started reading the book online - with nothing to report so far.

Identity Theft

Following the thoughts of the previous post, it's obvious to me that identity theft isn't a problem of theft of identifying information.

We live in a world where information about me is not valid as an authenticator. If someone can buy my credit report, then all information contained in it is of ZERO value as an authenticator.

The problem with identity theft, IMHO, is that there are some companies who use information like that found in my credit report - information that a stranger can find out about me someplace on the Internet (or via private detectives, in the extreme) - and make the false assumption that if someone knows that information, that person must be me.

So far, that's just stupidity on that other entity's part. It becomes a problem for me if that other entity attempts to claim that I am financially responsible for their mistake.

IMHO, we can fix the identity theft problem by declaring that no entity (e.g., merchant) can expect to fix responsiblity on me unless that entity can prove that there is no way any imposter could have faked the authentication process. We must put the onus of proof where it belongs - on the merchant performing the stupid process - not on the victim. That done, there would be two effects, I predict:

1. identity theft would disappear

2. it would be nearly impossible to establish easy credit - with the result that the economy would slow down

Beyond Identity

This is a very big topic on which I've written a lot, but I felt the need to follow up the previous post with a positive message.

1. We should set "identity" aside as a non-issue.

2. The real issue is that we need to do one of two things:
a) make a security decision
b) track someone down to punish, after the fact

Most "identity" establishment is in support of 2)b) - and is of little interest to me. Making sure that people online are identified is an attempt to get good behavior by threatening to do 2)b).

I'm interested in 2)a) - making security decisions - like whether or not to offer personal information to a web site, whether to reply to some e-mail that could be real or could be phishing, whether to open some e-mail attachment, whether to install some code on my computer, whether to share intimate secrets with some e-mail correspondent. These are all security decisions. The ability to punish someone after the fact, if that person misrepresented him-/her-self so that I made a bad security decision is nonsense. Will I be able to find that person? Will I be able to extradite that person from the former Soviet Union (or wherever they're hiding)? Will I have the money to punish the person? Will any monetary damage award compensate me for loss of some secret?

When I make a security decision, I do two things:
i) authenticate the other party
ii) make an authorization decision based on that authenticated ID

An ID mechanism that doesn't include an authenticator that I can verify or one that can be spoofed is very lame.

As I alluded to in that previous post, an ID mechanism that doesn't give me information that I need to make my security decision is completely pointless. This is where X.509 falls apart.

To use X.509 terminology, there are three parties:

CA: the certificate authority - who does the name creation and presumably identification and authentication process prior to certification

EE: the end entity - the person being named and certified

RP: the relying party - me - the person who has to make a security decision

If there's an ID mechanism that binds a person to an ID only the CA considers really meaningful, that might be used for 2)b) but it's useless for 2)a) - and therefore useless to me. As I said above, 2)b) is nonsense in today's world - especially given the Internet.

We have many mechanisms that allow us to authenticate (step (i) above), such as public key authentication. That's good. What we completely fail at is establishing identity in a way that makes sense to the RP (supporting step (ii) above).

My belief is that if we stick to the two steps of a security decision and determine how securely (accurately) we can do each of the two steps - assuming we are surrounded by active attackers looking for any way to defeat our system - then maybe we have a chance.

Identity vs. Identity Records

Identity (and Identity Theft) is a huge topic and seems to be getting even hotter.

I'm worried, however, that so many people focus in on identity records (digital bundles of bits that are supposed to represent a person) or ID cards, rather than identity. Sure, we can have lots of fun moving ID records around and we can design all sorts of competing protocols to do that - but it's all a pointless game unless we tie this to real identity. All ID mechanisms I've seen are based on false assumptions to tie them to real identity.

X.509 is based on the false assumptions not only that a Disgintuished Name (DN) identifies a person uniquely (false) but that any Relying Party (RP) encountering that DN will know to whom it refers (laughably false). Until those false assumptions are corrected, this is a totally pointless activity.

Government-issued, photo ID cards have a photograph to tie an identity to a person - an authenticator that the person examining the ID card can verify. Given that, we can ask about the probability of false positive (or false negative) from that biometric match - and ask about the difficulty of forgery.

But, let's not bury ourselves in discussions of ID cards or ID records or protocols for moving ID records around, as if the hard problems had been solved. Let's solve the hard problems first and then re-examine what we need in the way of cards or records or protocols. My guess is that once we solve the real identity problem, we will have discovered things that may improve on current ID record and ID card thinking enough to make current plans obsolete.

Monday, December 06, 2004

Finished Imperial Hubris

I finally finished Imperial Hubris and thoroughly enjoyed the experience, although not our prospects.

There were no simple answers, but there was a path to answers.  I didn't like some of his logical conclusions, but they all made sense.  In general, it was a well argued case written in a style that one doesn't see any more.  If that's the kind of thinking and presentation that our intelligence community expects and nurtures, then I am very pleased with it - while still lamenting our own educational system.  The clarity and organization of this text is remarkable.  Of course, he also argues that such thinking as he exhibited in this book doesn't get communicated to the policy makers - which is probably why he wrote the book in the first place.

I won't spoil the conclusion for those who want to read the book - but, in summary, his point is that we are shooting ourselves in the foot as a nation with our policies toward the Islamic world and toward al Qaeda.  We suffer from lack of doing our homework - from wishful thinking - and from hubris.  We are destined to pay a price for that hubris, in many more US deaths, much more US debt, and much more hatred of the US from the rest of the world - especially the Muslim world.

Not only did we fail to capture and kill bin Laden - we have followed policies that were designed to keep him alive, safe and prospering.  We have done much of his work for him - with our biggest blunder being the invasion of Iraq.  This was the very best thing we could have done for bin Laden.  It's all wins for al Qaeda and all losses for the US - now and in the future.  Prisoner torture is only icing on the cake after the invasion itself and the toppling of Saddam - a force al Qaeda hated and opposed.

His biggest point, perhaps, is that we have mislabeled al Qaeda as terrorist.  It isn't.  He claims it is an insurgent army, not a band of terrorists.  There is a huge difference.  We tend to think of terrorists as insane loners, driven by frenzy to do stupid, suicidal things.  Terrorists tend to be few in number - because they have to be fanatic.  Insurgents, called upon only to defend their own lands and families, are normal folks - many in number.  It is hundreds of thousands of insurgents we face, not a few thousand terrorists.  They hate us not because of what we are but because of what we have done against them.  Our policies continue to do these things against them, and more, so we continue to build hatred of us. The ranks of the insurgents continue to grow.

As the bumper sticker says, "We're making enemies faster than we can kill them."  What that said in one terse sentence, with no supporting evidence, Imperial Hubris says in a whole book with a huge amount of supporting evidence.

He gives us two choices in the end: be prepared to kill Islamists on a scale that will make us sick (because there will be much collateral damage) or change our policies so that we stop making so many enemies.  Actually, he offers only the one choice. He makes the case that we have already made enough enemies that we are going to have to do a huge amount of killing - at much cost to ourselves in US lives, US dollars and additional recruitment for al Qaeda.  That much is set in motion and we can't stop.  What we can do with a change in policy is reduce the eventual total cost in money and lives.

He doesn't spell out the policy that will get us to the minimum total cost. He offers his own suggestions but cautions that he's not a policy maker and these are things that need to be debated in open society among those far more capable.  The first step, however, is to educate ourselves - and this book is a good start.