Consider google’s (well stanford’s) PageRank patent. Recognizing that one could create a useful measure of a page’s importance by summing up the importance of the pages linking to it and realizing that this could be efficiently computed using tricks from linear algebra was anything but trivial. Indeed, this kind of non-trivial application of mathematics to an ill-defined problem (return the best search) is a prototypical example of the sort of discovery that benefits from patent protection. Society can derive great benefits from these kinds of discoveries and money will lure people with the expertise to solve these problems away from pure mathematics or the sciences but without the ability to patent the discovery the financial incentives wouldn’t exist². While most software patents are more like the 1-click patent than the PageRank patent there is no shortage of real world problems that are crying out for a similarly brilliant solution.

In the face of examples like google’s PageRank patent it’s tempting to say that software patents are just dandy and the real problem is obvious patents. Unfortunately, it’s not that simple. Consider a hypothetical patent on the use of a LRU (least recently used) cache for texture data in a MMORPG client³. It’s certainly obvious in the sense that any decently skilled software developer would consider that solution if he was asked to solve the problem but until you actually try this design it’s not clear that an LRU cache would work. Maybe players don’t backtrack much so an LRU cache would simply waste resources on rooms the player won’t see again for awhile. At least in this example it seems clear that simply noticing that a fairly obvious approach solved the problem shouldn’t warrant a patent. The cost of actually testing out the ‘discovery’ is quite low and usually there are only a few obvious approaches to try.

However, such a rule would be totally unworkable in another industry where there might be a vast array of potential approaches that experts in the field would agree seemed promising but the cost of investigating them are quite high. For instance in the pharmaceutical industry everyone might realize that a certain large class of compounds are promising candidates to treat depression but actually evaluating each of these compounds for efficacy and safety is very costly. Incentivizing drug development requires that we let the pharmaceutical company patent their discovery that compound 5043A1 actually works to treat depression.

Ultimately I think the real problem stems from the fact that we are lumping two very different kinds of invention into the patent system. There is the first type of invention, like the google PageRank system, that represents a flash of inspiration to try something that no one else thought of and then there is the second type of invention that consists of the discovery that some potential solution really works. Ideally the patent system would protect the first kind of discovery pretty broadly but only protect the second sort of discovery in industries where it requires considerable resources to ascertain which of many potential solutions succeeds.

To summarize briefly the google researchers pointed out that by comparing your friends on different social networking sites or data mining comments you or your associates leave on blogs it will frequently be possible to associate your pseudonymous identity to your official identity (name). While it says nothing particularly surprising the paper is interesting for vividly demonstrating how easy it is for people to have their pseudo-anonymity stripped. It is also interesting for the responses it suggests to these dangers.

To combat the risk of a friend’s trackback accidentally connecting your official and pseudonymous identities the researchers suggest automated link analysis to warn users when data mining might allow third parties to learn more about them or their friends than they intended. Presumably the idea is that some kind of automated warning would tell you before you added a trackback to your friends blog that might connect his blogging handle and real name. Similarly they suggest providing users with a tool to warn them when information they reveal on myspace might allow someone to associate their myspace and twitter accounts.

These suggested countermeasures are interesting not because they are workable but because they are so horribly flawed. Warnings about unintended information exposure are only as good as the current generation of data mining techniques but once published information can’t be put back in the bottle². When the Netflix dataset was published it was thought to be impractically difficult if not impossible to connect rental histories with individuals but researchers developed a new technique that allowed them to do just that. Moreover, this incident also demonstrates that even trivial pieces of information like what movies you like or your favorite TV show can help connect your pseudonymous and official identities. Each time you wanted to answer a question for an internet quiz or a compatibility test for online dating you would have to study the report warning of the information that could be inferred from this data and your friends would have to be just as cautious on your behalf as unmasking them would likely unmask you.

Indeed, even if you never set foot online it would be enough for someone to analyze the people who claim to be your friend and their answers to questions like “Do you have any gay friends?” to discover you are gay³. Even if your friends are willing and contentious enough to avoid ever mentioning their favorite movies on their livejournal because of the drunk post you made five years ago revealing you and doglover69 were friends you still aren’t safe. Complete strangers can unmask you by revealing trivial information about your friends. Separate posts on different sites revealing the favorite movies of your four friends favorite movies could be compared with your blog post about the day your supportive friends each brought over their favorite movie and watched them all with you after learning you were gay. And these are only the inferences that are simple enough for people to easily imagine. By integrating all sorts of statistical information from social networks comments by people who don’t even know your friends could unmask you. The situation becomes completely hopeless when you consider other tools like Stylometry that, with a proper search tool, might allow your employer to search for blogs with similar linguistic style to yours.

Even though the authors of the paper must realize how weak these techniques are they still can’t accept (or believe their audience can’t) that information technology fundamentally changes the nature of social interaction in a large society. I suppose this shouldn’t be surprising as we have seen the same kind of response when other technologies have fundamentally altered the social ‘economics.’ Just as before the invention of the printing press each copy of a book required substantial effort to produce so too did finding out about other parts of someone’s life require great cost or effort, e.g., hiring a private investigator. The printing press changed the equation so that one person’s labour in setting up the press could cheaply distribute that information to large populations and similarly data mining reduces the marginal cost of discovering public but obscure information (what you did at that party) to nearly zero. Only one person needs to come up with the clever algorithm to ferret out yet more information from our online activities and everyone can now mine that information.

It’s hopeless to imagine that we will stop revealing any personal information about ourselves or our friends online. We are evolutionarily hard wired signal our preferences, opinions, subcultural affinities (pot smoker, party girl, player, slacker, bear/twink⁴) and sexual daring as well as to gossip about the behavior and sexual couplings of our friends. The idea that teens or adults will avoid advertising their sexual attractiveness, social status, or scandalous behavior online makes the idea that people only have sex inside marriage sound plausible. I mean a major reason that people flash the bar during spring break, go streaking across campus, cross dress at a party or other scandalous public behavior with on vacation is to advertise ourselves as fun, sexually daring, brave or whatever else so it’s absurd to think we won’t distribute this advertisement in the social context in which we wish to project that image. The very point of sharing that information is to build social connections and portray who we are (or want to be) so inevitably enough information will be revealed to demask all but the most reclusive or paranoid individuals social networking accounts and blogs and what gets revealed will include drug use, sexual kinks, and how trashed we got at that party.. It’s time to accept the fact that the era of obscurity is coming to an end and to start working on how to deal with it. At least pot will probably finally be decriminalized.

At least this is (more or less) the notion of the Singularity as popularized by Vernor Vinge and Ray Kurzweil. For more details I recommend reading Vinge himself or checking out one Kurzweil’s many interviews and talks (audio) as well as his webpage. These are certainly two very smart individuals who have the rare ability to look beyond the specifics and take a fairly clear headed look at how technology will transform society. But smart doesn’t mean infallible and predicting the future is a notoriously difficult business.

While I used to find the arguments for the singularity convincing I’m now much more skeptical. In particular it seems the argument for the singularity rests on a misconception of intelligence. I mean it seems obvious to us that if someone was significantly smarter than us they would be significantly better at designing intelligent computers or human augmentation. But that’s because we both assume that intelligence is some kind of fully general ability to solve problems and conflate intelligence with technical skill and achievement. After all we rarely see people’s raw IQ scores so we tend to simply call people intelligent if they are especially capable in technical fields or other academic endeavors. However, while intelligence is certainly helpful much of what makes for a good scientist or engineer is their store of accumulated experience, both personal and distilled into formal education.

While it does seem that people’s ability at a wide range of reasoning tasks is substantially correlated this doesn’t mean talking about intelligence makes sense for anyone but biologically natural humans. It seems quite plausible that there is no such thing as general reasoning ability. Rather there are only heuristics applicable to certain types of problems, e.g., ability to do mental rotations, solve crosswords, recognize objects etc.. Yet if so there is no reason to believe that there is any good heuristic for designing good heuristics, in fact it seems downright unlikely. Thus just because we were able to find a collection of heuristics that give rise to something better at math and play chess than us doesn’t mean we should expect it to have a substantially easier time discovering better heuristics for the next generation. Sure, we will probably be able to create beings who can remember more numbers, do CAD drawings in their heads and so forth but the singularity requires an exponential (or at least super-linear) increase in capability over time so mere elimination of minor inefficiencies we have at AI design isn’t sufficient.

Even in mathematics people primarily reason inductively. We don’t blindly search for a formal proof, rather, we try the same techniques we’ve seen work in ’similar’ problems in the past and attempt minor modifications. In other words what makes someone a good mathematician is largely their mental collection of heuristics they use to approach problems. While continued miniaturization of computer chips might enable AI to reduce the time it takes to do mathematics pure increases in computational speed a may already be near the physically practical limit (though going 3D and using light should eventually give a few more orders of magnitude) and certainly this effect wouldn’t be sufficient to create the singularity. Thus it seems the singularity requires a sequence of exponentially increase sequence of better and better heuristics to guess the true theory based on limited data. In other words a more effective form of scientific induction.

In other words people currently use some heuristic to guess at a rule underlying a set of observations. We make some finite number of observations about disease occurring near wells near sick families and hypothesize that disease can be spread through the water. We observe some examples of current generated by metal exposed to various frequencies of light and hypothesize that light must come in quantized units. The singularity seems to require that not only is there a heuristic that lets us make equally effective guesses at the true theory based on less information but that there is an exponentially increasing sequence of such heuristics. Moreover, it would be necessary that each heuristic can discover the next in roughly the same amount of time despite the substantially greater performance each subsequent heuristic requires. Frankly, I find this somewhat implausible.

The problem with Solove’s arguments is that he tries to simultaneously argue for the value of privacy while seemingly rejecting the notion that there is any principled commonality to the values that we place under the rubric of privacy. While both of these notions are plausible on their own they are in significant tension with each other. If indeed privacy is a word like ‘game’, famously analyzed by Wittgenstein to be a hodgepodge of different concepts related only by a chain of analogies, then it’s at best pointless and confusing to defend it as a package and at worst a way to smuggle in values you can’t defend using the cover of an unprincipled linguistic grouping. Unless the values we term privacy have some important principled commonality then they should stand or fall on their own merits rather than riding the coat tails of the vague positive connotations we have with the word privacy.

To see that privacy isn’t really a monolithic notion compare the idea that other people shouldn’t be able to easily find out your social security number really doesn’t have much to do with the idea that the government shouldn’t be able to monitor your phone calls and reading habits. These two notions don’t really have very much in common. One of them is concerned with other people’s knowledge of your intimate affairs and private conversations while the other involves only a purely arbitrary identifying number. The reason we don’t want people to find out our social security number isn’t because it’s an intimate detail of our life but because it’s unfortunately used as an authentication method for certain financial transactions and we fear becoming the victims of credit fraud. Certainly it’s important that people not be able to buy a car in my name but arguments that defend my right to be free of government surveillance aren’t going to have much to say about who finds out my social security number and vice versa.

However, I do think there is a certain core concept that is shared by many, though far from all, things we conceptualize as a right to privacy. That is the notion that we should enjoy a certain autonomy or freedom of choice, both from the government and society, in how we conduct certain parts of our lives. Certainly this is no definition of even one kind of privacy but I think it’s the uncritical acceptance that it’s literally privacy that’s important that sidetracks so many people into silly issues like what facebook publishes by default on their friend feed¹. The reason I tend to be largely critical of privacy crusaders is that they tend to take the idea too literally and fight a lost cause trying to limit what other people are able to learn about you (endangering free speech….and privacy² along the way) rather than looking for the underlying value privacy provides for the culture and seeing how best to achieve that end in the information age

Ultimately what privacy provides is the freedom from judgment (be it legal, religious or social) about certain aspects of our lives. It does this both by making it practically difficult to enforce certain kinds of invasive laws (thus discouraging their enactment) as well as keeping your porn collection or wild spring break party a secret from your parents/priest/boss. Both of these mechanisms are endangered by the information age. The traditional protections of 4th amendment law border on uselessness in the face of fancy data mining programs to suggest likely offenders, the amount of information out there on the internet (your friends and neighbors gossip…and may take infrared pictures of your house even if the police can’t), and the huge amount of information we store on computers (police can subpoena your ISP’s buisness records or get access to your entire computer if they have probable cause to see even one document). Similarly search programs and the inevitable advent of facial recognition along with people’s tendency to post pictures to the internet will erase the anonymity you might have once had on spring break.

However, I think we can find replacements for these tools that provide the same benefits in the information age. Just as some other cultures have done we need to develop traditions of ignoring (or at least not scolding) based on certain aspects of people’s lives. This is the reason that unequal loss of privacy/anonymity is so much more dangerous than an equitable loss. Everyone has things that might embarrass them or present a less than professional image and if we all know that these can easily be found we are much more likely to let other people have their personal space as well. The legal aspect will be more difficult but it is also achievable. We will need to shift the focus of our protections away from the guarding of information and towards rules against intrusiveness. Perhaps in addition to rules requiring search warrants we could have rules barring unprompted investigation, i.e., rules that prevent tearing someone’s life up for a crime without a particularized identification of a victim who does/would have wanted an investigation. That’s just a shot in the dark but I suspect something better will be found.

That’s the question that opponents of trusted computing want us to ask. But that’s just as misleading as the suggestions that trusted computing will eliminate piracy thereby bringing about a digital paradise. A better more accurate question to ask is:

Should you be able to offer proof that this result is the output of running that program?

Stated this way the issue of trusted computing becomes much clearer. Obviously, other things being equal, it would be desierable to be able to prove the information you are submitting really did result from the execution of a particular program. For instance this would allow you to purchase processor cycles without the fear of false results or to trust calculations performed by other clients in a distributed virtual world. Moreover, like other technologies it would surely offer benefits that we can’t yet imagine. Below the break I explain why DRM opponents and open source advocates should get behind this useful technology rather than leaving it to falsely identified with DRM and standardized in the worst possible way.

The worry that OS and hardware vendors will gang up with big content and leave you unable to trust your own computer is quite real. However, we need to carefully distingush the motivations some companies might have for pursuing this technology and the technology itself. Bashing the idea of trusted computing or demanding that it’s fundamental utility be compromised by allowing the user to tell their computer to lie just gives big media more influence over how trusted computing will work. A much better solution is to offer a vision of trusted computing that brings all the benefits while avoiding most of the pitfalls.

First of all though it’s important to dispose of the myth that trusted computing is about creating ‘unbreakable’ DRM. Really what makes strong hardware backed DRM possible is secure I/O which, though often represented as part of the trusted computing package, is really a separate technology¹ that is already being implemented². As far as the absurd suggestion that TC will stop you from playing your mp3s not only is this against the OS and hardware vendor’s interests it doesn’t require TC in the first place. It’s obviously impossible to prevent any unprotected content from getting out³ so all DRM really tries to do is make ‘unauthorized’ use sufficiently difficult, something that may require secure I/O but certainly not trusted computing.

So if DRM is only a reason to oppose secure I/O (which we seem to have failed at) that only leaves us with Stallman’s worry that it would rob us of control of our computers, e.g., be unable to run open source software, and Schneier’s concern that it will make life even easier for malware or vendors wishing to track your activities. These worries, however, can be solved with a proper trusted computing stack.

Any attempt to secure the full operating system from video card drivers to virtual filesystems to keyboard input is too absurd to even bother attempting. If code executing in a trusted enviornment depends on the entirety of a modern kernel to be secure it’s a lost cause. There is simply too much stuff going on in a modern OS and it is updated too frequently to be able to trust any signature resting on kernel security. A much more secure and less troublesome way to make everything work is to leave the standard kernel untrusted but run it under a minimal trusted hypervisor. When it becomes necessary to run some code in a trusted environment the kernel hands off the call to the hypervisor which hashes any necessary inputs and starts the program behind a memory curtain. It will be in everyone’s interest to make this hypervisor as small as possible and as broadly compatible as possible so not only is there no threat to open source software but I would expect such a hypervisor to be open source.

Armed with this conception of trusted computing it’s easy to see that most of the criticisms don’t apply. With such a simple environment for trusted programs they will never control the GUI or become a vendor controlled citadel telling users what they can and can’t do with their computers. The absurd worries of external control of our computers simply don’t make sense. It will only make sense to run simple computational engines and security modules as trusted applications so it won’t give the court or microsoft magical power over your whole software stack. Heck, if the public was willing to buy it MS could insert remote censorship software in word right now and only a small digital elite would be able to circumvent it. Worries about compatibility or vendor lock in are really moot since these can already be achieved quite effectively for 99% of users.

Trusted computing is not a magic wand that solves our digital security and ownership issues but nor is it a great menace. It’s simply a useful tool that will allow a new interesting class of applications to be created. So let’s object to the really troubling things like secure I/O (aka HDCP) and offer positive suggestions for a sane trusted computing platform⁴ instead of rejecting it out of hand. I want to be able to buy and sell CPU time like they are always doing in scifi novels and I think it’s a shame open source advocates and anti-DRM campaigners are pointlessly standing in the way.

This has been broken in the most recent nightly builds. I think I’ll wait till things settle down before I try and figure out how to do it again.

So keeping track of the various comments I leave on blogs around the web has always been a challenge. For awhile I tried using the service coComment but It’s hard to believe how astonishingly bad supposedly professional web developers can be at creating simple javascript tools. I could either install their bloated extension that would run their code on every webpage I visited (which I think made a call back to coComment on any page that looked like it might be a blog) or run a crappy bookmarklet that didn’t work very well. I’m sure the service works for some people but it’s yet another example of a bad system created because the authors thought everyone would want to use it in exactly one way (or should use it that way). I’m much happier with co.mments but sometimes I just want to remember a page/post not place it in the list of discussions I’m following, keep track of several types of pages (discussions and neat products) or I just want these links to be conveniently accessible from my toolbar.

With Firefox 3’s places support I’ve finally found a great solution. Say I want a folder that lists the 15 most recent pages I bookmarked with the tag ‘comments’. First I need to have bookmarked at least one page with that tag at which point I find the id of the folder “comments” under the tag folder. I did this by using the sqlite manager plugin for firefox and opening the places.sqlite database in my profile folder. (I think it may also be possible to do this by opening bookmarks.postplaces.html). You’ll know that you’ve found the right entry if it has the same name as the tag you’re interested in and has a parent of 4 (it’s in the tags folder). Once you’ve found the id of the tag folder you are interested in create a new bookmark and enter the following for it’s location:

place:folder=ID&queryType=1&group=3&sort=4&applyOptionsToContainers=1&maxResults=15

Where you should replace ‘ID’ by the id of the folder for the tag in question. This will then create a smart folder that will display the 15 bookmarks that were most recently visited with the tag in question. You can investigate other options and work out other nifty queries to try using this post from the mozillazine forums. In partcular if you chage the sort from 4 to 12 it will instead list the 15 most recently bookmarked pages with the given tag.

Note that I found that I had to restart minefield in order for it to recognize any changes in the querystring. The list itself with update as you add new bookmarks with the appropriate tag but if you decide that it should display only the 10 most recent rather than 15 you may have to restart your browser for it to recognize the change.

What was surprising, however, was to see someone else who had a reasonable take on the whole ‘privacy’ issue, especially linked from slashdot.

While the author seems reluctant to make the leep the article flirts with the two critical points in the ‘privacy’ debate. First of all that true obscurity/freedom from recording is a lost cause and secondly that the real danger is from unequal erosion of our obscurity. So long as we only see footage of ‘crooks’ or the surveilance cameras are only placed in minority/poor neighborhoods it’s easy to use the substantial difference between what society officially designates as acceptable and how people actually behave against the most powerless parts of our society.

In the modern era most of what we do in one context (like hanging out with friends) won’t make it back to another (the office, our church). The net result of this has been to encourage endemic hypocrisy where we pretend to support the most puritanical standards while we wouldn’t dream of actually behaving that way. So long as obscurity protects our actual behavior from the prying eyes of our boss/mother/coworker/religious friend it’s much easier to affirm their moral judgments than it is to tell them we think sodomy/drugs/exhibitionism/swinging/bestiality is just fine. Thus so long as enough of us are protected from exposure those who lose their obscurity suffer greatly but if all of us are exposed then it becomes more important to avoid hypocrisy than to pretend to false virtue.

Of course the loss of obscurity only adds to the value of true privacy. When technology eliminates the difference between being on an empty street and center stage at a rock concert it will become even more important to have somewhere truly private we can retreat into. However, real privacy (actually being outside of the public view) is something that laws and technology can provide if we try hard enough.

While it may have been intellectually obvious before this sort of project really drives home the fact that increasing computational power and algorithmic advances in computer vision negate the need for any coordinated database. So long as their are enough pictures out there somewhere the right algorithm can sow them back together and extract whatever information you want out of them. Right now the best we might be able to hope for is a fancy version of google’s street view but the inevitable increase in the amount of online content (webcams, automated picture taking etc..) and the inexorable progress of the computer industry means that eventually we will be able to figure out who you are sleeping with¹, where you buy your groceries and even reveal certain health problems.

There is no way around it. Computational advances will eliminate obscurity. The only real question is whether we implement ultimately ineffective laws about ‘privacy’ that will give large organizations with massive computing power an informational advantage until computational power catches up. Anyway I’m repeating myself some I’m going to stop now.

Now I agree with Mr. Harper over at The Technology Liberation Front (TLF) when he observes that a ‘Do Not Track’ list isn’t really analogous to the ‘Do Not Call’ list. Targeted advertising is a practice which increases the efficiency of the voluntary exchange of your time/eyeballs for web content while telemarketing is a practice with a significant externality (your time/annoyance) that isn’t paid for by the advertiser. In short targeted advertising makes us better off while telemarketing makes us worse off.

I’m slightly sympathetic to the concern that some people have about advertising companies like doubleclick/google tracking their visits to third party websites. However, despite the ridiculous claim that because mozilla developers get advertising revenue (from google for the default search box) they would never do anything about this problem their are a fuckton of privacy and anonymity extensions for people to use. If people don’t even care enough to go install a browser extension or to convince the firefox people to include such a feature by default (like the popup blocker) then the intrinsic cost of the legislation outweighs these minor benefits. Worse, ignorant of the benefits they get from the practice many people are likely to sign up as the result of scary sound bites about “being watched.”

While I think some of the more extreme worries presented over at the TLF are unrealistic I do think the concept of a ‘Do Not Track’ list raises free speech concerns. While I think it’s surely within the scope of congressional power to require corporations to have privacy policies and abide by them or to impose liability for data breaches requiring someone to delete or avoid recording freely given information is more troublesome. Surely the government could not pass a law preventing any unauthorized individual from retaining financial data on members of congress, that would bar any journalistic inquiry into fraud charges against congressmen but you might think a rule that applied only to normal buisness records avoided these problems. However, I think the recent revelations about who is editing wikipedia, e.g., congressional staffers editting their patron’s page, are a clear example of how user tracking data can be necessary to speak on matters of public concern.

More generally the first ammendment, if it is to have any force, must be read to protect the creation of notes and collection of data. Hell, the creation of a note is itself an act of speech. Simply because you might have lots and lots of data now as a result of the information revolution can’t change that. If I as a blogger have first ammendment protection for announcing that so-and-so visited my blog or that someone with cookie blah-blah-blah did so it’s hard to see how I couldn’t also have first ammendment protection for conveying that information in bulk to someone like google.

Now I admit that the supreme court’s analysis of this issue might be significantly different. I do tend to be a bit of a free speech absolutist. However, regardless of legality I think it’s damn important for us to retain the right to record what happens to us or to objects we control and analyze or pass on that information. If that means people have to go to a bit of trouble to remain anonymous that’s a small price to pay for information freedom. Ultimately technology will erase the obscurity we’ve enjoyed for the last 100 years or so since we moved into cities the only question is do we get democratic access to the analyzed data and the right to use the same tools to monitor the government they use against use or do we adopt a hierarchical model where the government knows everything and the rest of us are barred from accumulating information in databases.

Go into a library and ask a librarian for a book on the Spanish civil war and she’ll probably recommend one or two. Go back and tell her those weren’t what you were looking for and she’ll recommend a few more. Unless the librarian’s patience wears out you can keep doing this for a long time and the better the librarian the longer she will be able to keep suggesting more books. It’s not a feature of the librarian that we have to walk all the way back over to the reference desk to ask for more recommendations. It would be strictly better if we could hit the next page button and get the next set of results.

Of course a real librarian would incorporate feedback from our reactions to the previous recommendations (yah this is closer but not quite what I was looking for) and this is an obvious direction for search engines to explore but it’s not clear it would be good for the majority of searches (the overhead of feedback might overwhelm the cost of scanning output or changing your search in most cases). However, it’s just idiotic to think that merely offering the user the change to look at more pages means google’s algorithm is broken.

Now a clever worm designer could put in some countermeasures like making sure that commands arrive at infected machines along many paths making it tough to figure out what is ‘upstream’ from the recipient. However, by timing the arrival of these messages you could probably defeat most simple schemes of this kind so I got to wondering if it was possible to create a really robust solution to this sort of problem.

Now there is some pretty interesting work on public key steganography. That is systems that let someone embed information in some apparently random noise using a public key so that just detecting the presence of an encoded message is computationally infeasible without the private key. For instance if you needed to pass secret messages to an agent working for another countries embassy you might embed his instructions into random information that accompanies routine communications between the embassies (say the low order bits of timestamps on emails¹) and without his private key his superiors won’t be able to detect that any extra message even existed. However, this isn’t really what you want to run a botnet. It might help avoid detection of control messages through network monitoring but if security researchers find an infected machine they can extract any private keys it contains and figure out what network connections contain secret instructions to the machine.

What would be ideal here is something like reverse public key steganography. That is a system that works as follows. Imagine you have n channels , C1..Cn, each carrying symbols randomly distributed with distribution D1…Dn and that k << n of these channels are controlled by colluding agents who know some private key S. What we want is the property that anyone who knows public key P can apply some operation Decode(C1..Cn, P) to (with very high probability) recover a message that the k agents colluded to send but that it is computationally infeasible for anyone without knowledge of S to determine which channels are being modified by the colluding agents. In other words anyone (knowing P) can figure out what message is being sent but no one can figure out who is sending it.

I kinda suspect that some system like this must have been devised already and I just don’t know how to search for it. In either case not only would it allow for the creation of a nearly perfect botnet control system (you embed control messages in the random information that accompanies DNS requests or TCP connections) but it would also have some interesting applications for P2P systems and anonymous hosting. Basically it would be useful for any situation where you want to let individuals announce things without revealing their identity. Of course it would be even better if k could be reduced to one or if the system would allow some m<

Anyway if anyone knows if such systems are possible I’m curious. It also raises the interesting question about how one would deal with botnets built by really savvy individuals like governments. If something like this works it could be almost impossible to even identify the infected computers or track down the creators using technology (normal police work like following the money would still work).

I would feel a bit different if I thought apple had planned this move. I wouldn’t mind apple charging a scarcity fee during initial distribution or even merely setting a price floor and letting the actual price float according to demand but given the way they did the sales there was the strong implication that the price was not an early adopter surcharge. However, I don’t think apple had any such intention for several reasons.

• The iphone product launch was a huge risk for apple. If it hadn’t generated enough buzz they would eat a very large cost. I’m not sure the extra margins would be enough to make up for the risk. Though on the other some things are more desirable when more expensive (Rolex).
• Dropping the price like this is very risky for future product launches. Next time Steve Jobs announces a fancy new product many people may choose to wait to see if the price drops and that could mean the whole thing flops.

Still on it’s own these aren’t that compelling. Certainly a plausible story one can tell is that apple initially planned to release the iPhone at the start of the summer and a pre-christmass price drop was always planned but the late release forced a compacted schedule. Now the party about the delay is likely true as apple pulled developers off Leopard to work on the iPhone but I don’t think (though I could be wrong) that the rest of the story is true. After all why wouldn’t they push back the price reduction back closer to the Christmas shopping season? However, what really convinces me this wasn’t planned is the following.

• Apple eliminated the 4GB iPhone from their lineup. If this was planned from the beginning why would they pay all the fixed costs to set up a separate manufacturing line and distribution channels?

I think a much more plausible story goes like this. Apple had no idea how successful the iPhone was going to be. Sure they had some bullish predictions but it was quite possible that the iPhone would undersell other smart phones or that people wouldn’t think it was worth even $400. Apple priced the iPhone so that they wouldn’t be losing money even if it turned out to be only a minor success but retail electronics is all about economies of scale so once they realized they had a hit on their hands they had to decide whether to keep raking in massive profit margins on the iPhone or try to and increase sales with a lower price and introduce the iPod touch. After all if they undercut the iPhone with the iPod touch that wouldn’t be any good (and might not be allowed by they AT&T contract). Still my confidence in this conclusion isn’t super high. I wouldn’t put $200 on it :-)

Now I think it is very much in apple’s interest to give people who bought the iPhone at $600 some kind of rebate. They could give them something like credits on iTunes or more nefariously credits for apple software, e.g., a free copy of iLife or a dotmac account. It wouldn’t be too hard for them to give customers something that cost apple virtually zero but would deter the perception that buying an apple product right after launch is a bad move. A perception that Steve Jobs particularly needs to avoid. But while I think failing to do that would be a bad move on their part I still think my phone is worth the money I spent so it seems silly to get all worked up about it.

Personally I think this bug is a bit more annoying than the battery drain caused by a sleeping laptop. I didn’t have any particular reason to plug my phone into a closed laptop so it won’t be any difficulty to avoid doing so in the future. However, it’s quite common for people to unplug electronic devices to free up an outlet and those people might not always be me. I kinda doubt that this issue can be solved by a firmware update but hopefully apple can replace the power bricks with something that works around this problem. At the very least they should warn people about connecting an iphone to an unplugged power brick.

I still love my iphone and think it’s the most amazing handheld gadget I’ve ever seen but that’s no reason not to acknowledge its flaws. I really dislike the emotional fans who resist even the slightest suggestion that their favorite product isn’t perfect and I’m not going to become one no matter how cool the iphone may be.

Given women make up a minority of CS students the article needs to do a lot more than note the rarity of women in the IT profession to even suggest unfairness in the industry so it offers five personal experiences by women in the IT industry. But the worst activity mentioned wasn’t really even an allegation of unfair treatment.

As part of that coaching, she tells women to get past feeling defensive about the male-dominated IT world. Case in point: sports-centered small talk. “You go into a meeting, and it starts with a discussion of whatever sport was on TV that weekend, and instinctively I don’t have much interest in that,” Beck says. “But I remind myself all the time that it’s just the icebreaker. You have to peel back the onion and see what’s really going on.”

This is just a problem that everyone who isn’t into sports shares. Women may be statistically less into sports than men but they actually have it easier than guys like myself who hate sports. Of course it suggests that women might feel more comfortable if there were more women in IT but similarly nerd buisnessmen might feel better if there were more CEOs who played video games. All this says is that we should all be more careful about not always discussing a topic that leaves someone out whatever their gender or reason they aren’t interested.

The only other comments that might even possibly be interpreted as accusations of unfair treatment were mentions of the difficulty of finding a work/like or work/familty balance. But no allegation is made that it would be any easier for men to spend an equal amount of times with their families. While it’s probably true that relative to men (for whatever reasons) women tend to put more priority on family compared to business success this just represents a choice made by women (whatever the reason¹) and not an unfairness imposed on them by the company. Sure if the company purposefully rigged it’s leave policy in a way that arbitrarily catered to men rather than women that could be discriminatory but no such allegation is being made here.

If the article was just a nice human interest story this would be fine but it takes these anecdotes and frames them with the following unsupported allegations

So, what’s gone wrong here? Some blame lingering stereotypes of geeky programmers working in isolation; others point at societal messages that discourage women from pursuing math-and science-oriented careers. Once on the job, the peer pressure to put in punishing hours — the “last jacket on the chair wins” mentality that pervades some IT shops — can also be a turn-off, especially for women, says Jenny Slade, communications director at the NCWIT.

And problems for women in IT sometimes extend beyond work/life balance, says Eileen Trauth, professor of information sciences and technology at Pennsylvania State University. “I’ve heard women talk about pinups, not being invited to lunch and the kinds of jokes people tell,” she says, emphasizing that these are anecdotes from her research, not problems that all women have encountered.

Frankly I don’t whether women frequently experience unfair treatment in IT jobs. Obviously some women are going to be treated poorly because they are wrong. Of course people get treated badly for all sorts of reasons (height, religion, attractiveness) and I’m not sure how prevalent poor treatment based on gender is in IT and neither this suggestive but pretty contentless blob at the front nor the interview with these four women was going to change that. Unless someone was going to allege some industry standard practice or bite the hand that feeds this article was never going to give anyone a good reason to believe women in IT are treated unfairly (or that they aren’t).

Why does this bother me? Because it seems that the default narritive template the media uses for IT or any other industry with few women has become women’s struggle against an adverse industry. No doubt for some industries and some points in time this is the right narrative but it’s indiscriminate application does nothing but harden people’s views and deny any meaningful knowledge about what is actually going on. However, I choose to post about this article because of the irony of an article like this sugesting that being a woman in IT was such a big deal when fear of being the only woman or the responsibility of representing all women was the most frequently cited difficulty by the women they interviewed.

And Dickinson is quick to note that women software engineers do feel the impact of being in the minority.

It’s not unusual to be the only woman at a meeting, she says, and because of that, there’s often a tendency to remain silent unless you think you have something really remarkable to say. “As one member of a small group, you feel you have no right to be mediocre,” Dickinson says. “You’re not just representing yourself; you’re representing [females] with a capital F.”

Maybe it’s just me but publishing articles like this seems the best way to make women even more anxious about being the lone women in their IT department. Given the studies showing that women’s math performance falls when they are reminded of their gender it seems this sort of story just makes the problem worse. Obviously the media can’t refuse to pursue the truth because it causes some harm but this piece is hardly a hard hitting objective look at the state of women in IT.

---

1. I’m not arguing that this isn’t the result of some unfairness at home, e.g., guys aren’t willing to stay home to take care of the kids. Even if so it is an unfairness at home and it is hardly an unfairness of the industry not to rectify an unfairness imposed somewhere else. After all it isn’t unfair of the company to pay the programmer more than the janitor even if it was only discrimination or poverty that kept the janitor out of college. ↩

]]> http://www.infiniteinjury.org/blog/2007/08/08/media-coverage-of-women-in-it/feed/ 1