Disqus - Latest Comments for Cog

Re: Hackery

Cog — Fri, 02 Dec 2005 15:44:51 -0000

Jim, your naivete is touching, and I can only hope it's feigned. It's consistent in the sense that both measures increase the nation's Gini coefficient, which is the real goal of ATR. Duh.

Re: Property is Property

Cog — Sat, 03 Dec 2005 15:05:08 -0000

I also find the assessment that there's not "too much damage" to be both shortsighted and premature.

It's shortsighted because opening an exploitable vulnerability on somebody's machine (and this has infected at least half a million machines) is already quite significant damage, even if there are no burning buildings. At a minimum, network administrators will have to spend a great deal of expensive labor to clean up this mess.

It's premature in the sense that this root vulnerability's not going to go away any time soon. The CDs will remain in circulation essentially forever, and (extrapolating from previous worm infections) there will be significant numbers of old unpatched and infected machines on the Internet for at least a decade. Any time a band of crackers wants to bootstrap a botnet, this will be one more pool of targets for them. The full damages from this rootkit are going to be felt by the Internet for years to come.

Re: Solveig Singleton is Making Sense

Cog — Sat, 03 Dec 2005 15:13:54 -0000

I've already commented on your other thread about how the damages from Sony's rootkit can in no way be characterized as small. Give your post above, I also want to comment that, from an economic perspective, it doesn't matter how the damage awards from the Sony lawsuit are divided between consumers and lawyers. That's a matter to be determined by the market in litigation services. The most important thing is that Sony (and the market) be sent a signal: you may not inflict this sort of nonconsensual externality on consumers. Sony took this action precisely because of the absence of signals such as this one, and if you fail to punish Sony and all who behave like Sony, then you'll only see more of the same.

Re: The Customer is Always Wrong

Cog — Mon, 03 Apr 2006 16:27:11 -0000

Tim: Your post is spot-on in general, but one minor technical FYI: the codec used on DVDs is MPEG-2, which is technology that was stable (i.e., not even cutting-edge) in 1994. Furthermore, many (most?) DVDs do not use the full 4GB capacity of the disc for the main feature. Therefore, it's actually plausible that, with modern video codecs, you could pack a DVD-quality feature film into 1GB or less. MPEG-4 Part 10 (a.k.a. H.264), for example, is about twice as space-efficient as MPEG-2 at DVD quality.

Re: Epstein’s New Paper

Cog — Thu, 20 Apr 2006 13:51:49 -0000

Ned, it's "not fair" because lawyers seldom know much except the law, and most of them do not consider it necessary to know more.

Well, OK, that's an exaggeration, but only a slight one. The legal profession regularly holds conferences on "technology law" wherein not one bona fide technologist is present. The editors of law review articles are overworked law students who have neither the time nor the resources to obtain peer review (or even basic sanity checking) by domain experts. As long as the article's properly footnoted and appears to exercise legal doctrines in a plausible fashion, grave errors about reality (that messy real world that exists beyond the boundaries of statutes and case law) can easily slip through. And, of course, if you're not a domain expert, then it's not necessarily even clear which facts need a backing citation.

Tim: you say that the people deciding the "core direction" of Linux are mostly volunteers. I'm a little skeptical of this. I believe the most prominent kernel hackers (Linus, Alan Cox, etc.) are mostly in the employ of companies that pay them specifically to work on the kernel. See, e.g., this article in WIRED (a little outdated, but I doubt that kernel hacking's grown less professionalized since 2001). Most successful large projects with which I'm familiar are similar. Most of the core KDE hackers, for example, are paid explicitly to hack on KDE.

This doesn't make Epstein any less wrong; it just makes him wrong in a different way.

Re: Google’s First Software Patent

Cog — Mon, 24 Apr 2006 21:42:21 -0000

In all likelihood, some variation of PageRank's key ideas are now standard subroutines in every major search engine. Yet I am unaware of any patent licensing fees paid to Google by Microsoft, Yahoo, or Amazon. This doesn't mean that no such fees are being paid; on the other hand, I suspect that the existence of such licensing agreements would have leaked to the public by now. (Certainly, if Yahoo's paying PageRank license fees to Google, then Yahoo would be criminally negligent not to state in their SEC filings that they are paying license fees on their core business to their most successful competitor.)

Furthermore, Google's revenue is clearly based on ad sales. Patent licensing fees, if Google's even collecting any, constitute an eyedropper-size trickle next to the firehose of ad revenue. Duffy's crazy to give the PageRank patent credit for Google's market valuation. The existence of the PageRank patent might make investors feel better, but its business utility to Google beyond psychological palliative is questionable.

Finally, as a technical matter, I have heard firsthand from a developer of Nutch (an open source search engine) that PageRank unadorned doesn't get you very far, and that you need to toss in a bunch of other tricks to make your results reasonable. PageRank gets a lot of attention from computer scientists because it's mathematically elegant, and from the public because the core idea captures the imagination. But its importance is probably overestimated.

Re: You Have Nothing to Lose But Your Options

Cog — Sat, 13 May 2006 22:30:02 -0000

Good grief, Tim, how big do you think the median technology employee's equity stake is, anyway?

Ask around. Superstars and people at startups get big equity, but I'd guess that the median technology worker's equity is worth about as much as a nice annual bonus. A couple hundred stock units at a large technology company grants the holder virtually no shareholder power and negligible dividend payouts (because most tech companies don't pay much in dividends). For some sectors (e.g., game development), a mixture of reduced working hours, saner work/life balance, and greater job security would benefit workers much more than a sprinkling of equity.

Note that Matt Cline's point about "too much" equity-based compensation is further evidence for my point. You can bet that if Matt's friends were receiving truly valuable cuts of equity, they wouldn't be complaining. Their problem is that their equity's not worth as much as, say, cash on the table (for one thing, it's less liquid, because it usually comes with a vesting period) or other benefits.

Now, I suppose it's possible that the returns to technology employees from equity could, on average, outweigh wage stagnation from outsourcing and other economic losses. However, that's a claim that requires empirical backing, and I'm pretty skeptical. Equity does not magically erase the line between management and labor. The returns from cost savings are still controlled by management, and may or may not trickle down to small shareholders. Managers may well eat up the savings from outsourcing by increasing their own compensation or plowing the money into foolish investments that don't increase the stock price. (And, as I said above, most technology companies don't pay out much in dividends.) Basically, Joe from TechDirt's saying: "Trust management and you'll get yours." Workers throughout history have been told exactly this shortly before getting shafted.

Really talented programmers may not need unions, but the median technology worker isn't a very talented programmer and doesn't need to be. It's not quite the same as an assembly line worker, but not as dissimilar as you'd think.

All that said, I'm planning to start at an industry job in the fall, and I don't want a union. But the position I've accepted is much sweeter than the median programming job.

Re: More King Kong

Cog — Tue, 16 May 2006 03:03:58 -0000

There's a folk maxim in the computer graphics industry that film-quality CGI costs roughly the same amount per minute of finished film from year to year. As performance improves, the studio simply increases the quality and sophistication of the rendering. Or, in other words, it's not that studios decide how much they want the film to look, and use enough render-hours to make the film look that way. Rather, they figure out how much time and money they have, and adjust their CGI production pipeline so that they can produce the best possible output on that schedule and budget.

It's not clear that this trend will hit any limits in the foreseeable future. Photorealistic rendering may be a solved problem, but various forms of procedural animation and physical simulation can eat up essentially arbitrary amounts of CPU. Meanwhile, audience's eyes grow more sophisticated at roughly the same rate that rendering technology improves, and this is not a coincidence.

Therefore, I'm skeptical of Levine's argument that the cheapness of effects technology will make big-budget special effects obsolete. It makes me wonder if he's actually familiar with the economics of filmmaking, or he's just making stuff up.

Re: Roadblocks to the “Fast Lane”

Cog — Fri, 23 Jun 2006 15:20:58 -0000

How can the same pundit be too stupid to see the structural anticompetitive features of the broadband Internet market, but at the same time be a cunning... oh, never mind, James, you're not very cunning.

As Ed Felten writes, if SBC wants to charge Google, rather than vice versa, this is ipso facto evidence that SBC has greater market power than Google. No network neutrality critic has ever rebutted Felten's analysis on this point; they find it much more convenient to repeat that broadband markets are Smithian. Perhaps if you repeat it enough times, it will become true.

Re: Response to Nick Gillespie on Cleanflicks

Cog — Wed, 12 Jul 2006 16:07:25 -0000

I find this sort of content-free post deeply annoying. There's a reason I subscribe to TLF's feed and not IPCentral's. If you're too cool to blog on TLF, then stay on IPCentral and let one of the other TLF contributors comment on your post, if indeed it is worthy of comment.

Re: Authorization = Identification or Alternatives + Authentication

Cog — Sat, 15 Jul 2006 09:14:33 -0000

You seem to be confusing the issue of authorization (i.e., matching an identity to its privileges) with the issue of an identity's value.

The Hotmail user foobar123@hotmail.com is a low-value identity, and accordingly one uses low-strength mechanisms (username and password) to authenticate that identity.

The "Jim Harper" account-holder at Bank X is a high-value identity, and accordingly one presumably uses high-strength mechanisms (principally, the various punishments available within the legal system) to authenticate that identity.

There is no hard distinction between foobar123@hotmail.com and "Jim Harper" at Bank X. Both identities persist between interaction sessions and have associated privileges. It is not the case that one is an "identity" and the other is not.

Also, ATM withdrawals and airplane flights do require identification, although not in precisely the way Tim means.

First, both writing a check and making an ATM withdrawal hinge on a spoofable authentication process, so I don't see the distinction you're trying to draw here. Presumably there are even circumstances (you break your hand and your wife takes care of writing the checks this month) when you would want the check-writing process to be spoofed. The reason ATMs use different authentication mechanisms than checks is simply a matter of engineering the right cost/benefit tradeoff for preventing these two kinds of crime.

Second, the process of riding on an airline flight does require identity, although not the high-value flesh-and-blood human identity that you're talking about. When I reserve a ticket online, pick up the boarding pass at an e-ticket machine, and present that pass to board my flight, the airline necessarily cares a great deal that the person or persons who do these three things are connected somehow. If someone else spoofs the process and picks up my ticket, then the airline will have an unhappy customer on their hands. The relevant identity here is "Passenger 123", which may represent one person or a group of people (maybe someone else makes my reservation for me and fetches my boarding pass), but it is nonetheless an identity that persists between interactions and possesses privileges.

Where you're getting tripped up is the fact that the airlines insist that you surrender a much longer-lived and higher-value identity, not just "Passenger 123", for no good reason.

Incidentally, a better discussion of the relationship between identity, authentication, and access control is found at the Wikipedia article on access control. To be blunt, you seem to be making up new definitions for words that have relatively standard meanings in computer security.

Re: Authorization = Identification or Alternatives + Authentication

Cog — Sat, 15 Jul 2006 09:25:05 -0000

Well, it's kind of early over here on the West Coast, so I'm less than fully coherent. Corrections...

Re: my first paragraph above: I phrased this in an odd way. I was trying to make two points. First, your definition of identification seems to focus on the matching between a token and its associated state and privileges. To me that just sounds like authorization. There's always an authentication step, even if that step's as simple as recognizing your sister's face. Second, your criteria for calling something an "identity" seems to be based on how valuable that thing is. But there's always an identity involved whenever two interactions need to be linked. The distinction between identities and non-identities is unclear.

The rest of my comment was an elaboration on these two ideas.

Re: my third paragraph above: legal punishments are not better authentication mechanisms, but they are ways that we dissuade spoofing of the authentication mechanisms that exist.

Re: Authorization = Identification or Alternatives + Authentication

Cog — Sun, 16 Jul 2006 11:14:13 -0000

The identity foobar123@hotmail.com persists between transactions, so I don't think I'm talking about the value of a transaction. Clearly the value of an identity can be characterized as some formula over the value of all transactions that identity will ever engage in.

Are we to understand that you make a distinction between an "identity" and an "identifier"?

Re: Study: VoIP Quality Getting Worse. Can We Prioritize Now?

Cog — Thu, 27 Jul 2006 21:22:12 -0000

And then there's the fact that increasing bandwidth could work as well as (or maybe better than) packet prioritization. I'm reasonably certain that South Korean ISPs don't do aggressive packet prioritization, but South Koreans' VOIP works pretty well, because their connections are orders of magnitude faster than the USA's. Overprovisioning is a pretty good engineering solution to scarcity.

Ed Felten covered this a long time ago, and repeated it in his summary white paper. The response of the anti-neutrality pundits seems to be to pretend that this argument doesn't exist.

Re: The Technology Liberation Front » Archive » Security Theater

Cog — Fri, 11 Aug 2006 17:36:22 -0000

Right, because if a group of terrorists causes a shootout on an airplane, that won't have any disruptive effects on air travel. Also, it's not like the random distribution of passenger behavior includes episodes of drunken air rage. Give me a break.

BTW Tim, the term "security theater" originates, as far as I know, with Bruce Schneier. Jim Harper was quoting him.

Re: Welcome Hance Haney!

Cog — Fri, 25 Aug 2006 22:41:06 -0000

The Discovery Institute ought to be shunned by all right-thinking people, simply as punishment for so shamelessly polluting our public discourse about science. Everybody associated with the Discovery Institute should know, and never be permitted to forget, that their affiliation with that institution tars their name and calls their integrity into question.

This isn't to say that we should pre-emptively dismiss everything Hance says, but that he should never forget the cost that this affiliation will have for his professional reputation and all the views that he professes to hold. The suspicion of Lippard and others (myself included) is entirely rational, and promotes the proper working of the information ecosystem, just an investor's skepticism about former Enron executives would be rational and promote the proper working of the market.

Re: Net neutrality regulation wouldn’t solve this problem

Cog — Sat, 02 Sep 2006 15:06:16 -0000

This has been discussed before. Ars Technica also had some interesting things to say.

If you read the previous TLF thread, you'll notice Richard makes some points about QoS that I will reply to here, since they're relevant to this post as well:

(1) Once again, ISPs in other nations have been able to roll out much faster connections at much lower prices without packet shaping. This objective fact flies in the face of any theorizing about the need for packet shaping to make high-bandwidth connections economical. There are certainly situations when overprovisioning isn't possible, but that's not what's holding back cheap high-bandwidth connections to homes in metropolitan areas (i.e., a large supermajority of homes in the USA).

(2) Re: bandwidth vs. jitter, in theory these are distinct. However, in practice, as Felten points out, the distinction can be a matter of degree rather than scale. Jitter on seconds-long scales matters for VoIP; jitter on minutes-long scales matters for web browsing. We appear to have largely solved the latter problem, however accidentally, without any real QoS mechanism... by overprovisioning bandwidth.

(3) Even if QoS solves the jitter problem in the short term, it's unclear that building such mechanisms into the fabric of the network will be better in the long term. QoS increases the complexity of the system and gives network providers power to discriminate among applications; both of these have costs that must be borne by future innovators of both the network layers and the applications layer. In the long run it might be better to keep the network simple, keep the applications layer decoupled, and just overprovision.

(4) Overlay networks may be able to solve many of the problems that network-layer QoS claims to solve. If the contention's in the interior of the network, an overlay network can route around it. If the contention's on the last hop, network-layer QoS wouldn't help you anyway. Overlay networks can also do caching and other smart stuff that Richard would like to build into the network fabric itself.

Now, I'm not saying that network-layer QoS is worthless. My point is only that the technical case in favor of network-layer QoS is far from a slam dunk.

In an ideal world, we would have robust competition and let everybody try whatever they want. We don't live in an ideal world. Truthfully, I don't know what to do, but for the moment I'm glad that the network companies are too scared of regulation to put their packet shaping schemes into practice. I don't want Qwest to choke down my Skype connection so they can offer me Qwest VoIP at $20 a month.

Re: The Ideal Voting Machine?

Cog — Sat, 21 Oct 2006 11:07:29 -0000

Two important reasons to use computerized ballot-marking machines are user interface and accessibility.

(1) You can do automated consistency checking, so that e.g. voters cannot mark more than one candidate for a given office.

(2) Disabled (blind, etc.) users can mark their ballots secretly using audio or other assistive interfaces. Currently many disabled voters rely on human assistance or special ballots, both of which can compromise ballot secrecy.

These may not overcome the cost or security objections completely, but they should not be ignored.

Re: Network Neutrality Is the Division of Labor

Cog — Sun, 12 Nov 2006 21:05:34 -0000

Good post, but you are likely to get a few dings from networking nerds.

First, a number of important Internet applications don't run on TCP/IP, but rather custom (non-TCP) transports built on raw IP datagrams. This includes most real-time applications, including streaming audio/video and online games. TCP is the "reliable" transport that you use when you want every byte to arrive at its destination in order; if it's more important to get a large fraction of bytes to the destination in a timely manner, you want something else. These other transports also respect the end-to-end principle, of course.

Second, it's not really accurate to say that TCP/IP doesn't need to be improved. The research literature on extensions to TCP/IP is legion. Just peek into a Google Scholar search for transport protocol. TCP has many warts. For example, TCP confuses congestion with random packet drops due to unreliable links, making it pretty bad for networks with wireless hops.

However, this doesn't really bolster the position of the anti-neutrality brigades. Proposed improvements to TCP/IP generally preserve the division of labor between the application and network provider.

And besides, it's kind of silly to compare the work of networking researchers with the crude extortion that Verizon and SBC have in mind. The scenarios that Brooke's speculating about are fantasies, for all the reasons you've already pointed out and more. What we'll see instead, if the telcos decide they're not afraid of regulation anymore, is much simpler: SBC will degrade service for non-SBC VoIP applications in order to drive customers to SBC's VoIP service. Comcast will degrade service for non-Comcast Video over Internet applications in order to drive customers to Comcast's own video offerings. You'll be able to pick your poison --- degraded audio, or degraded video? wheee --- but until competitors like wide area wireless and broadband over power lines actually come online in a serious way, you won't see reform.

I also want to say that in your previous posts, you've seemed overly sanguine about the prospects for wide area wireless and other new competitors to the DSL/cable duopoly. These are technologies that, as far as I can tell, have been in the "three to five years" range for, well, three to five years. Of course, all tech watchers know that "three to five years" is code for "we have no clue when it will happen". Frankly, if either one becomes a serious competitor nationwide before the decade's out, I'll be amazed.

Re: “Revered” Engineering Principles and Other Unpersuasive Arguments

Cog — Mon, 13 Nov 2006 23:07:50 -0000

Which is more imperfect and more debatable, the desirability of the end-to-end principle, or the competitiveness of the United States home broadband market?

James ignores the log in his own eye in his eagerness to point out the splinter in his brother's.

Re: The Technology Liberation Front » Archive » eMusic Spike

Cog — Thu, 07 Dec 2006 10:44:52 -0000

I'm going to make the conservative guess that Alexa just changed its traffic measurement methodology in some obscure way. Tom Waits may be popular but he's not that popular.

Another possibility is that emusic's decision to change its pricing plans attracted a lot of attention. It was linked (disparagingly) on BoingBoing, at least. People may be clicking through links like that, or people who were on the fence may have decided they want to sign up in order to lock in the old prices.

Re: What Is this animal? Anyone?

Cog — Wed, 24 Oct 2007 23:15:23 -0000

If Metafilter is to be believed, Mike Sullivan has it.

Disqus - Latest Comments for Cog

Re: Hackery

Re: Property is Property

Re: Solveig Singleton is Making Sense

Re: The Customer is Always Wrong

Re: Epstein’s New Paper

Re: Google’s First Software Patent

Re: You Have Nothing to Lose But Your Options

Re: More King Kong

Re: Roadblocks to the “Fast Lane”

Re: Response to Nick Gillespie on Cleanflicks

Re: Authorization = Identification or Alternatives + Authentication

Re: Authorization = Identification or Alternatives + Authentication

Re: Authorization = Identification or Alternatives + Authentication

Re: Study: VoIP Quality Getting Worse. Can We Prioritize Now?

Re: The Technology Liberation Front » Archive » Security Theater

Re: Welcome Hance Haney!

Re: Net neutrality regulation wouldn’t solve this problem

Re: The Ideal Voting Machine?

Re: Network Neutrality Is the Division of Labor

Re: “Revered” Engineering Principles and Other Unpersuasive Arguments

Re: The Technology Liberation Front » Archive » eMusic Spike

Re: What *Is* this animal? Anyone?

Re: What Is this animal? Anyone?