Monday, May 31, 2004

Psychology and atrocity.

In PSYCH 101, we talked about the Milgram Experiment, and we talked about Kitty Genovese. I later learned about the Stanford Prison Experiment. These all variously demonstrate how real people don't necessarily do the good things others expect.

In Milgram's experiment, ordinary people were made to kill another person. They didn't really kill anyone, but they didn't know that. The experiment was done at a time when the Nazis were saying, "just following orders." Milgram showed that people really do just follow orders.

The case of Kitty Genovese, as popularized, had a few dozen neighbors watching as a woman was murdered. Everyone thought someone else would call authorities, so no one did. In my psych class, we called this the "bystander effect" or "diffusion of responsibility." There's some dispute about whether the situation really was as popularized and so the bystander effect may not apply, but the effect is real. The more people there are to take responsibility, the less likely any of them are to do it.

In the Stanford Prison Experiment, ordinary students were put in the roles of guards and prisoners. In a short time, the guards had assumed their roles to the point of being sadistic. MTV News points out that the conditions at Abu Ghraib prison in Baghdad were similar to the Stanford Prison experiment in many ways.

In the situation at Abu Ghraib, the results follow from human nature. That's not to say that the soldiers who did it are "off the hook." We don't let toddlers play with matches just because it's their nature to be curious. It means that in the future, we must prevent the situation from happening again.

You don't keep matches laying around where the two-year-old can get them. You don't put young soldiers in charge of prisoners with no supervision.

Sunday, May 30, 2004

Fact checking Al Gore

I read through Al Gore's speech and liked a lot of it, but I noticed that he repeated a common misperception about Senator Max Cleland. Gore says he "lost three limbs in combat during the Vietnam War." According to Cleland's campaign manager, the Senator's limbs were lost in an accident, not in combat. As such, Cleland did not receive a Purple Heart.

Captain Cleland did receive a Silver Star, the third-highest valor decoration, along with a list of other medals. I have no doubt he's a hero.

It's easy to think that Gore has heard many others say Cleland lost his limbs in combat and never questioned it. It's easy to think he's not trying to mislead us. Still, other things in Gore's speech made me think to myself, "is that really true?" I hardly have time to check them all.

Crash Testing: MINI Cooper vs Ford F150

I found this through Blogdex:

Crash Testing: MINI Cooper vs Ford F150

The point of it is that large cars don't necessarily protect well in an accident. That's counterintuitive, but I have no qualm with it. What really stood out to me is that the car I'm driving is fourth from worst on the table they present.

I've been thinking more and more about what I'd want in a new car. My first thought was "hybrid" for the gas mileage. Then I saw something on slashdot which said they don't do as well as they claim. (The car makers are required by law to claim only what the EPA test says, and the EPA test is based only on emisions, which isn't a very good test for a hybrid car.) Then I was thinking of just doing whatever Consumer Reports says. Now I see this. Choosing a car was a lot easier before I started spending ten hours a week in one.

The other thing I really want in my car? Something that'll play Ogg and MP3.

Saturday, May 29, 2004

Cube 2: Hypercube.

Like, don't even bother. It's a lot like "Cube," except:
  • It has digital special effects.
  • Everyone in the cube is connected to something.
  • The one person who makes it out actually ends up somewhere.
  • The cube's origin is pretty much explained.
  • All the rooms are white, and the doors are more like "Star Trek"
  • No interesting number puzzles!
  • No interesting traps!

The design of the new cube is such that the writers didn't have any rules to work within at all. In the original, I was engaged, trying to figure out things. In this one, I figured out pretty quick that there just weren't any constraints to find.

Movie math

I have a TiVo with a huge pile of movies that have built up on it, and I have a wife on vacation leaving me with lots of time to clear out my inventory. I think the TiVo will outlast the vacation, so it's worthwhile to decide what to watch first.

I made a list of movies along with running times and IMDb ratings. Then I actually sat with a calculator and computed "bang for the buck" ratios for each. That's IMDb rating divided by hours.

This favors good movies and short movies. For instance "Taxi Driver" rates 8.4, much better than "Glengarry Glen Ross," which got 7.8. In "bang for buck" terms, however, "Glengarry Glen Ross" came out ahead because it's 15 minutes shorter. Likewise, I have "Magnolia" at 8.0, but, being over three hours long, it comes behind the lowest rated movie on my list.

I won't be a slave to the list, of course. Some of the movies on there, I've already seen. I'd like to see them again, but I won't as long as there are new movies to watch. I won't watch a stinker just because it's short. Still, it helps to have some order. I suppose it marks me as some kind of fanatic that I'm using computing machinery to determine the direction of my entertainment, but I use a CPU to help me with so many other things, it worked for me.

Friday, May 28, 2004

Sad news.

I went to replace the hamster bedding this evening and found one of the babies dead. I didn't see any marks on it, so I can only guess it died of some kind of deprivation.

Credit card social engineering scam

I got a broadcast email warning me about this scam, which I'd already heard of. I wish I could remember where I saw it before. Anyway, it's a real scam, it's been going on a long time, but we don't know how widespread it really is.

It's a good example of social engineering, which has always been an effective way to breach security. As (if) computers get more secure, this kind of attack will be all that's left.

Thursday, May 27, 2004

How raindrops are like proteins

My news alert had two worthwhile stories today. One is "Unexpected similarities between raindrops and proteins," and the other is old news about a future gene therapy for ALS.

I'm not sure what protein folding has to do with ALS, but it's there in the article. Their finding is that proteins come together the same way raindrops do. Specifically, a bunch of molecules have to come together at once for the drop to form. If there are not enough, they just fall apart and nothing happens.

BURN-proof is a beautiful, beautiful thing.

On a recent trip to visit my family, I got to witness my brother-in-law's BURN-Proof CD-RW in action. I was impressed. I want one.

I was worried that its method of handling a buffer under-run was to write junk to the CD. As it turns out, it actually stops writing and goes back to resynchronize with where it left off. Very cool.

Wednesday, May 26, 2004

Baby hamsters at two weeks old.

The hamsters will be two weeks old sometime between tomorrow night and the night after that. They grow faster than credit card debt. There's a noticeable difference in them every day.

As of now, their eyes are still not open, but they're mobile, and I saw one eating solid food. They've got a thin coat of black fur, and they have disproportionately large noses and feet. Sometimes I think I can tell the boys from the girls.

We got Baby a cage with a tube that runs straight up to a small area with a lid we can open, and she made her nest there. She's brought so much bedding up there that the tube is completely blocked. I thought I should scoop out some of that to get it out of her way until I saw how she was dealing with it. Baby has no trouble diving through the wood shavings to get down to the food and water, but the youngsters aren't big enough to make it. I think she wants it that way because on her way out, she scoots the bedding in around them, keeping the way blocked. When one got out and fell down the tube, Baby took it in her mouth and hauled it back up, climbing backwards the whole way.

She seems to be taking good care of them. They have fat little bellies, and all four seem energetic.

Cell phones with too many features.

A cell phone design entry on This Is Broken linked to something about fancy phones, which says that...
  • Most people want long battery life and good reception.
  • Phone makers pile on features to get us to buy more phones.
  • Features eat the battery faster.
  • Teeny antennas get lousy reception.

It stings a little since I recently got a Sanyo 8100, trading in a working older phone with fewer features.

Tuesday, May 25, 2004

More on maildrop

I've learned a few more things since my last entry on this subject. First, the big problem:

19:03:15 up 8 days, 3:51, 0 users, load average: 101.54, 100.08, 87.97

Why O why? Well, flock didn't work for me. I don't know why. It would appear to work for a while, but as the maildrop processes built up, it would just break, and I'd have 50 virus scanners all running at once. Processes were dropping dead as my memory was exhausted. The solution was the use dotlock instead.

The other important tidbit I've picked up is that I can't really test the results of backquotes and expect to be testing the exit status of the command. It's testing whether it output any text (I guess). To test the exit status of a command, you have to look at the $RETURNCODE variable that's set after executing the command. In my earlier entry, I had code that looks like this:
    flock "$PROCLOCK" {

if ( `/usr/bin/clamscan --quiet --mbox -` )
to "| /usr/bin/tmda-filter -I $HOME/.tmda/filters/always_hold"

That now looks like this:
    dotlock "$PROCLOCK" {

`/usr/bin/clamscan --quiet --mbox -`
if ( $RETURNCODE != 0 )
to "| /usr/bin/tmda-filter -I $HOME/.tmda/filters/always_hold"

The good news is that Linux 2.6 stood up to this. It was very very slow, even when I was using a nice -15 root shell, but it survived, and it worked well enough for me to fix the problem while it was happening.

Jack Ryan is harassing Barack Obama.

The Chicago Sun-Times story "Obama admits he dislikes his most loyal follower" reports that Senate candidate Jack Ryan has sent a staffer with a video camera to tail his opponent, Barack Obama every minute that he's in public. It's standard practice to record the opposition's speeches, but this guy follows Obama in his car, waits outside the bathroom for him, and heckles him at public appearances.

I found out about this from a entry on Lawrence Lessig's blog, which points out that Jack Ryan probably doesn't feel about privacy the way I do. That, in turn, came from this entry on Talking Points Memo.


Saturday, May 22, 2004

Three trips for diapers.

When we run out of diapers, it's a crisis. There's a limited time, and we must get more. It's like toilet paper. Even if we don't need anything else, we have to make a trip to the store. Saturday was a day we had to make a trip to the store just for that--three times.

On the first trip, my wife went and had a few other things in mind. When she got to the diapers, the aisle was blocked, so she continued shopping. She forgot to go back.

On the second trip, I go, and I get the diapers and one other thing. I pay for them both, but I leave the diapers with the cashier. I notice my error when I get in the driveway. The diapers are on the receipt, but not in the bag. I didn't notice there had been a second bag.

On the third trip, I got it. Victory.

Friday, May 21, 2004

ALS Tag Day

I saw this thing talking about ALS Tag Day, and I thought that someone thought maybe it was a good idea to play tag to raise money for ALS. I see lots of "run for ALS" and "golf for ALS" and such, but "tag for ALS" just seemed ridiculous. I was all set to rant about what a bad idea I thought it was to be gamboling for people who are being slowly crippled, but it turns out they're not idiots after all.

I'm a doctor, not a PR man.

I was watching "The Man in the Gray Flannel Suit" last night. In it, Captain Tom Rath (Gregory Peck) accidentally kills a fellow soldier and friend during combat. Unwilling to believe what has happened, he carries the body to a medic. The medic tells him, "this man is dead, Captain."

I hit rewind. Was that DeForest Kelley? It's almost as if he was saying, "he's dead, Jim." I couldn't tell. The medic doesn't get much screen time, and the movie was made ten years before "Star Trek."

Today I whipped over to IMDb to check it out. He's listed in the extended credits, and marked "uncredited," so I guess it was him.

It's odd seeing people in movies when they were young (or, in this case, alive). I can see a young man in a recent movie, and he's a young man. When I see a young man in an old movie, I'm looking at an old man when he was young. It's hard to see him as simply a young man. I can't shake the feeling that I'm looking into the past, that the people I'm seeing are actually old.

Thursday, May 20, 2004

A Key Signing Policy

Marcus Frings posted to the GnuPG users list, his GnuPG Key Signing Policy (and other related stuff). It's a nice page full of not only his policy on signing keys, but links to other policy pages and various related tools.

I've thought about putting together some kind of official policy of my own. The problem is, if I thought about some of my signatures a little more before I made them, I might have made them different. Do I want to set in print a policy I've already violated?

Wednesday, May 19, 2004

War vets sickened by preventatives

Today, Google News gave me this:

Duke study suggests Gulf War vets sickened by preventatives

They gave animals the same chemicals that soldiers were exposed to, and the animals showed some signs of ALS. They also found that a combination of stress and chemicals caused more damage to the brain than chemicals alone.

I wonder if anyone has studied whether postal employees have a higher incidence of ALS.

Grand opening.

I opened this thing thinking I might not stick with it. So I didn't spread the word far.

As it turns out, that BlogThis! gizmo really is pretty easy, and it has prompted me to share a bit. Also, I tend not to write at such great lengths in this little box, as opposed to my email, where I can't seem to get anything out if it doesn't have close to 2000 words.

Whatever the reason, I think I'll keep at this. What I'll keep doing isn't completely clear to me, but I have a few thoughts.

It won't be too personal. I want to be comfortable if pretty much anyone finds this thing.

It won't be comments on things from sites where I could comment. That is, if I'm going to comment on some link I got from Slashdot, I might as well comment at that site. On the other hand, it might be nice to let my friends and family know which of those many things I find most interesting.

I'll keep posting news stories about ALS/Lou Gehrig's Disease.

Otherwise, it'll be whatever I find interesting. What I'm interested in tends to wax and wane. I'll get into cryptography for a while, be very interested, and then after a while I'll lose interest in whatever project I started. I'll move on to something else. Eventually I come back to where I was before.

Hopefully I'll keep this going, and it will be interesting to more than just me.

Tuesday, May 18, 2004


I came across someone describing a TiVo user's behavior as "passkilling." I predict that my three-year-old will be able to behave childishly with the TiVo remote in the next two years. I'm optimistic that she'll figure out the meaning of the prompts (by trial and error) before she can read. Or maybe that's pessimistic.

Migrating from procmail to maildrop.

I first used procmail over ten years ago. When I decided to make the leap to maildrop, I had over 70 procmail recipes (as counted by "grep -c '^:'") to translate.

I started by reading most of the manual. With that, I set to work. I intend to document here some of the things I learned in my few hours of tackling this task which I thought would be many hours more monumental. I was using procmail 3.22, and I went to maildrop 1.3.7. If anything I say here is inconsistent with your experience, check your versions against what I'm using before hollering too loudly.

The real impetus for the change was patterns that look like this:

* !^Delivered-To: kyle-virus@
* ! ? /usr/bin/clamscan --quiet --mbox -
| /usr/bin/tmda-filter -I $HOME/.tmda/filters/always_hold

This was a big problem for me in procmail because I don't see a way to lock that invocation of clamscan. I'd get a flood of mail, and there'd be 15 of the damn things running at once.

In maildrop, I can lock any block that it works on. It looks like this:

if ( ! /^Delivered-To: kyle-virus@/ )
flock "$PROCLOCK" {
if ( `/usr/bin/clamscan --quiet --mbox -` )
to "| /usr/bin/tmda-filter -I $HOME/.tmda/filters/always_hold"

Doing it that way, I get to lock the check for viruses and the delivery at the same time. I have no more clamscan rabbits. One gotcha here is that the test for clamscan is reversed. What's a test for falsehood ("!?") in procmail is a truth test in maildrop. I had to remember to reverse every test that I did that way.

Maildrop's syntax is not really free form. I read this in the docs, and I was careful of the example given. Still, I tripped. This works:

flock "filename" {

This does not:

flock "filename"

The error message pointed me to the right place, but it didn't really tell me what the problem was. It didn't take me long to figure it out, but someone with more faith in the language might have been stumped longer.

In my procmailrc, I used INCLUDERC many times. My recipes were spread over a half a dozen files. It's no problem doing the same thing in maildrop, but I didn't know right away that environment variables imported in the main file do not propagate to the children. Because I use TMDA, I need to import SENDER, RECIPIENT, and EXTENSION. I gave procmail the -p option, and that was the end of it. In maildrop, I need these lines at the top of every file that wants to call TMDA:

import SENDER
if ( ! $SENDER )
SENDER = "<>"

Moving patterns from one to the other is fairly straight forward. You have to replace '\/' with '!', and the corresponding $MATCH becomes $MATCH2. What is "* !^foo" in procmail is "! /^foo/" in maildrop. I didn't run into too many details that tripped me up, but YMMV.

Procmail's FROM_DAEMON internal pattern is really handy. I tried to just paste it into maildrop, and it didn't go so well. I wound up doing this:

foreach /^((Resent-)?(From|Sender)|X-Envelope-From): .*/
foreach ( getaddr $MATCH =~ /.+/ )
if ( $ADDR =~ /(Post(ma(st(er)?|n)|office)|(send)?Mail(er)?|daemon|mmdf|n?uucp|ops|r(esponse|oot)|(bbs\.)?smtp(error)?|s(erv(ices?|er)|ystem)|A(dmin(istrator)?|MMGR))/ )
if ( $FROMDAEMON ) ...

It looks bad, I'll grant you, but I think it's more reliable. Also, you can do this once and use the variable over and over without having to reprocess the pattern match. I did something similar for other places where I was paying close attention to how the email was addressed. I'm happier with the results because I no longer worry that my pattern will be foiled by some oddball use of RFC 2822. Maildrop takes care of it.

While debugging, it was worthwhile to do this:

tail -f /var/log/mail.log | grep 'temporary failure'

Note that I'm using Postfix (1.1.11), and it helpfully put the maildrop error messages in the log line with its temporary failure notes.

I tested with 'maildrop -V 1 < testmessage' quite a bit. It's convenient. I didn't notice any difference between '-V 1' and '-V 2', but maybe I just never hit a feature that shows the difference.

All in all it was quite a bit less painful than I thought (y'know, before I knew anything about maildrop).

Monday, May 17, 2004

Program helps ALS sufferers in N. Arizona

I got this through my news alert:

Program helps ALS sufferers in N. Arizona

Two things were interesting here.
  1. May is ALS Awareness Month. I'm not sure who decided this, but it doesn't seem to have caught on. I pay some attention to ALS, and I got half way through May without learning that it was ALS Awareness Month.

  2. ALS patients have trouble traveling great distances. This is obvious now that I see it, but I hadn't considered it before.

The article is really about a program to get registered nurses to help ALS patients. It's a good idea, and I wish it would spread out of Arizona.

Big Brother on Ayers Island

This month's Crypto-Gram has a link to Wired News: Big Brother to Watch Over Island, which talks about an island which will be under total surveillance. They're going to have motion sensors and cameras everywhere, and an AI looking over it all to decide who should be watched more closely. I found this quote interesting: "Which is worse? Knowing that a computer is tracking your movements, or walking around looking over your shoulder, being afraid someone is going to attack you?" This is a false dilemma. You don't have to live in fear just because a computer is not tracking your movements. Most people do it daily.

Saturday, May 15, 2004

Hamster husbandry.

We bought a hamster a couple of weeks ago. We asked our three-year-old to name it, and she determined that the hamster's name is Baby. We asked several times if she was sure, and the name stuck.

Last night just before bed, I had a look at Baby in her cage and was shocked to find that she'd had babies. In her little nesting place, she had at least four of them, but there could have been more buried in all the bedding.

I called a 24-hour vet, and they said, "keep her away from drafts, and make sure she's nursing them." I'm not sure how to tell if she's nursing them or what to do if she stops, but she seems to be taking care of them.

The babies themselves are just what I'd expect. They're pink and hairless. They wriggle constantly. Baby carries them around in her mouth. They make me think of extra small piglets. The vet told us that they'd nurse for 2-3 weeks, after which they can be weaned. When their eyes open, they can go to solid food.

Hamsters are solitary. When they grow to adults, they won't want to be around each other. We have a good couple of weeks to learn how long they can stay together. If we can't find homes for them, we may have to scrounge up some extra cages before they start fighting each other.

Friday, May 14, 2004

Autoresponses gone bad.

This morning I got an auto-response from someone at User Group Network. It said, basically, "you can't email me; go to this URL instead." The fact that I got this means that their auto-responder automatically responded to my auto-responder, which is not supposed to happen.

So, I hit their contact URL to tell them their auto-responder needs more brains. I wrote a polite note:

I received an automatic response from for an email that I did not send. Normally I can filter such responses, but this one didn't have enough to identify it. I'd like to talk to an admin about how to improve the system you're using.

I submit to their form, and I get "internal server error." I tried it again as I was writing this, and it worked. At least, I guess it worked; it took me to their index page. I see it also sent me an automatic reply.

Software like this is what gives challenge/response a bad name. It's too bad. People see these things and think challenge/response is just a bad idea. It's like saying cars are worthless because the 1903 Fords lacked power steering.

Thursday, May 13, 2004

West Nile vs. Illinois roads

My wife told me this morning that West Nile has turned up. She heard that 54 people in Illinois were killed last year. I said that's almost as many as die in a week on the roads, but she didn't believe me.

With a teeny bit of searching, I found an Illinois Department of Transportation (IDOT) page called "Crash Reports" with a link to a PDF for 2002. According to that, "1,420 persons died in crashes in Illinois during 2002." That's 27.3 per week. OK, so it takes two weeks of auto deaths to beat West Nile's deaths from last year.

Bonus factoid: 127,719 persons were injured in crashes in Illinois in 2002. That's about 350 per day.

Wednesday, May 12, 2004

Just another day of spam

Yesterday, the TMDA that I run held 704 messages, challenged 93 messages, and delivered 11 messages. Procmail filters dumped 7992 mailer daemon messages that are the result of spammers using my domain in the headers of their junk. It appears to be the heaviest day I've had in a couple of weeks, but I'm sure in a few months I'll consider it light. It just astonishes me how much junk comes to my mailbox!

Acoustic cryptanalysis

Someone on the PGP users mailing list posted a link to a proof-of-concept of
acoustic cryptanalysis.

I can remember listening to my Apple II doing computations and having some idea what it was doing by the sounds it made. If I wasn't listening to the CPU, I was listening to the disks. There were things that I did so often, that I knew just what they sounded like and what to listen for to know when it was finished.

What these folks are doing is using the sounds the CPU makes to attack the security of the system. It seems obvious now that I read it, but I wouldn't have thought of it before. Very interesting stuff.

Tuesday, May 11, 2004

Knock Out Lou Gehrig's Disease

I got this through my daily news alert: - Health - Company: Development Could Help Knock Out Lou Gehrig's Disease

It seems as if I've heard of this before, but I can't remember. All the research I read about is starting to run together in my head. In any case, this is interesting. The down side is: (1) if you've already lost motor neurons, it seems this doesn't get them back (so you're just as paralyzed), and (2) it's for people who get it genetically, which is only about 10%.

This looks like a rewrite of a press release to me. I see CytRx pop up in my news alerts every once in a while, and it's typically "please invest money in us" kind of stuff.

So, anyone else see this error?

From: (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender


<>: Command died with status 1: "IFS='
'&&exec /home/bloggermail/processmail||exit 75 #bloggermail". Command
output: tee: ../pipedmessages: File too large